From 879b97d00c9aadc91dcbf9dfcff6644c9a523504 Mon Sep 17 00:00:00 2001
From: jfmartel <jean-francois@jfmartel.ca>
Date: Tue, 27 May 2025 08:42:52 -0400
Subject: [PATCH] Config Clickhouse

Nouveaux certificats et scripts OVPN pour le VPN
---
 Clickhouse VM/Bck/config.xml                  | 1808 +++++++++++++++++
 Clickhouse VM/config.xml                      |   15 +-
 .../Config MQTT Droplet.PNG                   |  Bin 0 -> 20529 bytes
 Doc interne/Notes de développement.docx       |  Bin 44032 -> 43952 bytes
 .../Edgerouter_Station_Laval.ovpn             |    0
 OpenVPN/{ => -=Expired=-}/Otarcik202501.ovpn  |    0
 .../{ => -=Expired=-}/edgerouterchambly.ovpn  |    0
 OpenVPN/-=Expired=-/fred.ovpn                 |  268 +++
 OpenVPN/-=Expired=-/jf.ovpn                   |  268 +++
 OpenVPN/{ => -=Expired=-}/jf2.ovpn            |    0
 OpenVPN/{ => -=Expired=-}/jf_Yultek.ovpn      |    0
 OpenVPN/{ => -=Expired=-}/ka2501.ovpn         |    0
 OpenVPN/-=Expired=-/pascal.ovpn               |  268 +++
 OpenVPN/-=Expired=-/remoteclient.ovpn         |  269 +++
 OpenVPN/-=Expired=-/stationKA2401.ovpn        |  269 +++
 .../easy-rsa/pki/issued/DO_server.crt         |   73 -
 .../easy-rsa/pki/issued/Otarcik202501.crt     |   71 -
 .../easy-rsa/pki/issued/edgerouterchambly.crt |   71 -
 .../CA Server/easy-rsa/pki/issued/fred.crt    |   71 -
 OpenVPN/CA Server/easy-rsa/pki/issued/jf.crt  |   71 -
 .../CA Server/easy-rsa/pki/issued/pascal.crt  |   71 -
 .../easy-rsa/pki/issued/remoteclient.crt      |   71 -
 .../easy-rsa/pki/issued/stationKA2401.crt     |   71 -
 .../CA Server/easy-rsa/pki/reqs/DO_server.req |    8 -
 .../easy-rsa/pki/reqs/Otarcik202501.req       |    8 -
 .../easy-rsa/pki/reqs/edgerouterchambly.req   |    8 -
 OpenVPN/CA Server/easy-rsa/pki/reqs/fred.req  |    8 -
 OpenVPN/CA Server/easy-rsa/pki/reqs/jf.req    |    8 -
 .../CA Server/easy-rsa/pki/reqs/pascal.req    |    8 -
 .../easy-rsa/pki/reqs/remoteclient.req        |    8 -
 .../easy-rsa/pki/reqs/stationKA2401.req       |    8 -
 OpenVPN/Certificates/Certs/DO_server.crt      |   71 +
 OpenVPN/Certificates/Certs/DO_server.req      |    8 +
 OpenVPN/Certificates/Certs/fred.crt           |   71 +
 OpenVPN/Certificates/Certs/fred.req           |    8 +
 OpenVPN/Certificates/Certs/jf.crt             |   71 +
 OpenVPN/Certificates/Certs/jf.req             |    8 +
 OpenVPN/Certificates/Certs/pascal.crt         |   71 +
 OpenVPN/Certificates/Certs/pascal.req         |    8 +
 OpenVPN/Certificates/Certs/remoteclient.req   |    8 +
 OpenVPN/Certificates/Certs/stationKA2401.crt  |   71 +
 OpenVPN/Certificates/Certs/stationKA2401.req  |    8 +
 OpenVPN/Certificates/Certs/stationOT2301.crt  |   71 +
 OpenVPN/fred.ovpn                             |   95 +-
 OpenVPN/jf.ovpn                               |   97 +-
 OpenVPN/pascal.ovpn                           |   97 +-
 OpenVPN/remoteclient.ovpn                     |   94 +-
 OpenVPN/stationKA2401.ovpn                    |   94 +-
 PWD.txt                                       |   17 +-
 49 files changed, 3889 insertions(+), 878 deletions(-)
 create mode 100644 Clickhouse VM/Bck/config.xml
 create mode 100644 Config Stations/Station Otarcik OT2301/Config MQTT Droplet.PNG
 rename OpenVPN/{ => -=Expired=-}/Edgerouter_Station_Laval.ovpn (100%)
 rename OpenVPN/{ => -=Expired=-}/Otarcik202501.ovpn (100%)
 rename OpenVPN/{ => -=Expired=-}/edgerouterchambly.ovpn (100%)
 create mode 100644 OpenVPN/-=Expired=-/fred.ovpn
 create mode 100644 OpenVPN/-=Expired=-/jf.ovpn
 rename OpenVPN/{ => -=Expired=-}/jf2.ovpn (100%)
 rename OpenVPN/{ => -=Expired=-}/jf_Yultek.ovpn (100%)
 rename OpenVPN/{ => -=Expired=-}/ka2501.ovpn (100%)
 create mode 100644 OpenVPN/-=Expired=-/pascal.ovpn
 create mode 100644 OpenVPN/-=Expired=-/remoteclient.ovpn
 create mode 100644 OpenVPN/-=Expired=-/stationKA2401.ovpn
 delete mode 100644 OpenVPN/CA Server/easy-rsa/pki/issued/DO_server.crt
 delete mode 100644 OpenVPN/CA Server/easy-rsa/pki/issued/Otarcik202501.crt
 delete mode 100644 OpenVPN/CA Server/easy-rsa/pki/issued/edgerouterchambly.crt
 delete mode 100644 OpenVPN/CA Server/easy-rsa/pki/issued/fred.crt
 delete mode 100644 OpenVPN/CA Server/easy-rsa/pki/issued/jf.crt
 delete mode 100644 OpenVPN/CA Server/easy-rsa/pki/issued/pascal.crt
 delete mode 100644 OpenVPN/CA Server/easy-rsa/pki/issued/remoteclient.crt
 delete mode 100644 OpenVPN/CA Server/easy-rsa/pki/issued/stationKA2401.crt
 delete mode 100644 OpenVPN/CA Server/easy-rsa/pki/reqs/DO_server.req
 delete mode 100644 OpenVPN/CA Server/easy-rsa/pki/reqs/Otarcik202501.req
 delete mode 100644 OpenVPN/CA Server/easy-rsa/pki/reqs/edgerouterchambly.req
 delete mode 100644 OpenVPN/CA Server/easy-rsa/pki/reqs/fred.req
 delete mode 100644 OpenVPN/CA Server/easy-rsa/pki/reqs/jf.req
 delete mode 100644 OpenVPN/CA Server/easy-rsa/pki/reqs/pascal.req
 delete mode 100644 OpenVPN/CA Server/easy-rsa/pki/reqs/remoteclient.req
 delete mode 100644 OpenVPN/CA Server/easy-rsa/pki/reqs/stationKA2401.req
 create mode 100644 OpenVPN/Certificates/Certs/DO_server.crt
 create mode 100644 OpenVPN/Certificates/Certs/DO_server.req
 create mode 100644 OpenVPN/Certificates/Certs/fred.crt
 create mode 100644 OpenVPN/Certificates/Certs/fred.req
 create mode 100644 OpenVPN/Certificates/Certs/jf.crt
 create mode 100644 OpenVPN/Certificates/Certs/jf.req
 create mode 100644 OpenVPN/Certificates/Certs/pascal.crt
 create mode 100644 OpenVPN/Certificates/Certs/pascal.req
 create mode 100644 OpenVPN/Certificates/Certs/remoteclient.req
 create mode 100644 OpenVPN/Certificates/Certs/stationKA2401.crt
 create mode 100644 OpenVPN/Certificates/Certs/stationKA2401.req
 create mode 100644 OpenVPN/Certificates/Certs/stationOT2301.crt

diff --git a/Clickhouse VM/Bck/config.xml b/Clickhouse VM/Bck/config.xml
new file mode 100644
index 0000000..b68dcb4
--- /dev/null
+++ b/Clickhouse VM/Bck/config.xml	
@@ -0,0 +1,1808 @@
+<!--
+  NOTE: User and query level settings are set up in "users.xml" file.
+  If you have accidentally specified user-level settings here, server won't start.
+  You can either move the settings to the right place inside "users.xml" file
+   or add <skip_check_for_incorrect_settings>1</skip_check_for_incorrect_settings> here.
+-->
+<clickhouse>
+    <logger>
+        <!-- Possible levels [1]:
+
+          - none (turns off logging)
+          - fatal
+          - critical
+          - error
+          - warning
+          - notice
+          - information
+          - debug
+          - trace
+          - test (not for production usage)
+
+            [1]: https://github.com/pocoproject/poco/blob/poco-1.9.4-release/Foundation/include/Poco/Logger.h#L105-L114
+        -->
+        <level>trace</level>
+        <log>/var/log/clickhouse-server/clickhouse-server.log</log>
+        <errorlog>/var/log/clickhouse-server/clickhouse-server.err.log</errorlog>
+        <!-- Rotation policy
+             See https://github.com/pocoproject/poco/blob/poco-1.9.4-release/Foundation/include/Poco/FileChannel.h#L54-L85
+          -->
+        <size>10M</size>
+        <count>1</count>
+
+        <!-- <console>1</console> --> <!-- Default behavior is autodetection (log to console if not daemon mode and is tty) -->
+        <!-- <console_log_level>trace</console_log_level> -->
+
+        <!-- <use_syslog>0</use_syslog> -->
+        <!-- <syslog_level>trace</syslog_level> -->
+
+        <!-- <stream_compress>0</stream_compress> -->
+
+        <!-- Per level overrides (legacy):
+
+        For example to suppress logging of the ConfigReloader you can use:
+        NOTE: levels.logger is reserved, see below.
+        -->
+        <!--
+        <levels>
+          <ConfigReloader>none</ConfigReloader>
+        </levels>
+        -->
+
+        <!-- Per level overrides:
+
+        For example to suppress logging of the RBAC for default user you can use:
+        (But please note that the logger name maybe changed from version to version, even after minor upgrade)
+        -->
+        <!--
+        <levels>
+          <logger>
+            <name>ContextAccess (default)</name>
+            <level>none</level>
+          </logger>
+          <logger>
+            <name>DatabaseOrdinary (test)</name>
+            <level>none</level>
+          </logger>
+        </levels>
+        -->
+        <!-- Structured log formatting:
+        You can specify log format(for now, JSON only). In that case, the console log will be printed
+        in specified format like JSON.
+        For example, as below:
+
+        {"date_time":"1650918987.180175","thread_name":"#1","thread_id":"254545","level":"Trace","query_id":"","logger_name":"BaseDaemon","message":"Received signal 2","source_file":"../base/daemon/BaseDaemon.cpp; virtual void SignalListener::run()","source_line":"192"}
+        {"date_time_utc":"2024-11-06T09:06:09Z","thread_name":"#1","thread_id":"254545","level":"Trace","query_id":"","logger_name":"BaseDaemon","message":"Received signal 2","source_file":"../base/daemon/BaseDaemon.cpp; virtual void SignalListener::run()","source_line":"192"}
+        To enable JSON logging support, please uncomment the entire <formatting> tag below.
+
+        a) You can modify key names by changing values under tag values inside <names> tag.
+        For example, to change DATE_TIME to MY_DATE_TIME, you can do like:
+            <date_time>MY_DATE_TIME</date_time>
+            <date_time_utc>MY_UTC_DATE_TIME</date_time_utc>
+        b) You can stop unwanted log properties to appear in logs. To do so, you can simply comment out (recommended)
+        that property from this file.
+        For example, if you do not want your log to print query_id, you can comment out only <query_id> tag.
+        However, if you comment out all the tags under <names>, the program will print default values for as
+        below.
+        -->
+        <!-- <formatting>
+            <type>json</type>
+            <names>
+                <date_time>date_time</date_time>
+                <date_time_utc>date_time_utc</date_time_utc>
+                <thread_name>thread_name</thread_name>
+                <thread_id>thread_id</thread_id>
+                <level>level</level>
+                <query_id>query_id</query_id>
+                <logger_name>logger_name</logger_name>
+                <message>message</message>
+                <source_file>source_file</source_file>
+                <source_line>source_line</source_line>
+            </names>
+        </formatting> -->
+    </logger>
+
+    <url_scheme_mappers>
+        <s3>
+            <to>https://{bucket}.s3.amazonaws.com</to>
+        </s3>
+        <gs>
+            <to>https://storage.googleapis.com/{bucket}</to>
+        </gs>
+        <oss>
+            <to>https://{bucket}.oss.aliyuncs.com</to>
+        </oss>
+    </url_scheme_mappers>
+
+    <!-- Add headers to response in options request. OPTIONS method is used in CORS preflight requests. -->
+    <http_options_response>
+        <header>
+            <name>Access-Control-Allow-Origin</name>
+            <value>*</value>
+        </header>
+        <header>
+            <name>Access-Control-Allow-Headers</name>
+            <value>origin, x-requested-with, x-clickhouse-format, x-clickhouse-user, x-clickhouse-key, Authorization</value>
+        </header>
+        <header>
+            <name>Access-Control-Allow-Methods</name>
+            <value>POST, GET, OPTIONS</value>
+        </header>
+        <header>
+            <name>Access-Control-Max-Age</name>
+            <value>86400</value>
+        </header>
+    </http_options_response>
+
+    <!-- It is the name that will be shown in the clickhouse-client.
+         By default, anything with "production" will be highlighted in red in query prompt.
+    -->
+    <!--display_name>production</display_name-->
+
+    <!-- Port for HTTP API. See also 'https_port' for secure connections.
+         This interface is also used by ODBC and JDBC drivers (DataGrip, Dbeaver, ...)
+         and by most of the web interfaces (embedded UI, Grafana, Redash, ...).
+      -->
+    <http_port>8123</http_port>
+
+    <!-- Port for interaction by native protocol with:
+         - clickhouse-client and other native ClickHouse tools (clickhouse-benchmark);
+         - clickhouse-server with other clickhouse-servers for distributed query processing;
+         - ClickHouse drivers and applications supporting native protocol
+         (this protocol is also informally called as "the TCP protocol");
+         See also 'tcp_port_secure' for secure connections.
+    -->
+    <tcp_port>9000</tcp_port>
+
+    <!-- Chunked capabilities for native protocol by server.
+         Can be enabled separately for send and receive channels.
+         Supported modes:
+         - chunked - server requires from client to have chunked enabled;
+         - chunked_optional - server supports both chunked and notchunked protocol;
+         - notchunked - server requires from client notchunked protocol (current default);
+         - notchunked_optional - server supports both chunked and notchunked protocol.
+     -->
+    <!--
+    <proto_caps>
+        <send>notchunked_optional</send>
+        <recv>notchunked_optional</recv>
+    </proto_caps>
+    -->
+
+    <!-- Compatibility with MySQL protocol.
+         ClickHouse will pretend to be MySQL for applications connecting to this port.
+    -->
+    <mysql_port>9004</mysql_port>
+
+    <!-- Compatibility with PostgreSQL protocol.
+         ClickHouse will pretend to be PostgreSQL for applications connecting to this port.
+    -->
+    <postgresql_port>9005</postgresql_port>
+
+    <!-- HTTP API with TLS (HTTPS).
+         You have to configure certificate to enable this interface.
+         See the openSSL section below.
+    -->
+    <!-- <https_port>8443</https_port> -->
+
+    <!-- Native interface with TLS.
+         You have to configure certificate to enable this interface.
+         See the openSSL section below.
+    -->
+    <!-- <tcp_port_secure>9440</tcp_port_secure> -->
+
+    <!-- Native interface wrapped with PROXYv1 protocol
+         PROXYv1 header sent for every connection.
+         ClickHouse will extract information about proxy-forwarded client address from the header.
+    -->
+    <!-- <tcp_with_proxy_port>9011</tcp_with_proxy_port> -->
+
+    <!-- Port for communication between replicas. Used for data exchange.
+         It provides low-level data access between servers.
+         This port should not be accessible from untrusted networks.
+         See also 'interserver_http_credentials'.
+         Data transferred over connections to this port should not go through untrusted networks.
+         See also 'interserver_https_port'.
+      -->
+    <interserver_http_port>9009</interserver_http_port>
+
+    <!-- Port for communication between replicas with TLS.
+         You have to configure certificate to enable this interface.
+         See the openSSL section below.
+         See also 'interserver_http_credentials'.
+      -->
+    <!-- <interserver_https_port>9010</interserver_https_port> -->
+
+    <!-- Hostname that is used by other replicas to request this server.
+         If not specified, then it is determined analogous to 'hostname -f' command.
+         This setting could be used to switch replication to another network interface
+         (the server may be connected to multiple networks via multiple addresses)
+      -->
+
+    <!--
+    <interserver_http_host>example.clickhouse.com</interserver_http_host>
+    -->
+
+    <!-- Port for the SSH server which allows to connect and execute
+         queries in an interactive fashion using the embedded client over the PTY.
+    -->
+    <!-- <tcp_ssh_port>9022</tcp_ssh_port> -->
+
+    <ssh_server>
+        <!-- The public part of the host key will be written to the known_hosts file
+             on the SSH client side on the first connect.
+        -->
+        <!-- <host_rsa_key>path_to_the_ssh_key</host_rsa_key> -->
+        <!-- <host_ecdsa_key>path_to_the_ssh_key</host_ecdsa_key> -->
+        <!-- <host_ed25519_key>path_to_the_ssh_key</host_ed25519_key> -->
+
+        <!-- Unlocks the possibility to pass the client options as an environment
+             variables in a form of: ssh -o SetEnv="key1=value1 key2=value2".
+             This is considered unsafe and should be used with caution.
+        -->
+        <!-- <enable_client_options_passing>false</enable_client_options_passing>-->
+    </ssh_server>
+
+    <!-- You can specify credentials for authenthication between replicas.
+         This is required when interserver_https_port is accessible from untrusted networks,
+         and also recommended to avoid SSRF attacks from possibly compromised services in your network.
+      -->
+    <!--<interserver_http_credentials>
+        <user>interserver</user>
+        <password></password>
+    </interserver_http_credentials>-->
+
+    <!-- Listen specified address.
+         Use :: (wildcard IPv6 address), if you want to accept connections both with IPv4 and IPv6 from everywhere.
+         Notes:
+         If you open connections from wildcard address, make sure that at least one of the following measures applied:
+         - server is protected by firewall and not accessible from untrusted networks;
+         - all users are restricted to subset of network addresses (see users.xml);
+         - all users have strong passwords, only secure (TLS) interfaces are accessible, or connections are only made via TLS interfaces.
+         - users without password have readonly access.
+         See also: https://www.shodan.io/search?query=clickhouse
+      -->
+    <!--<listen_host>::</listen_host> -->
+
+
+    <!-- Same for hosts without support for IPv6: -->
+    <listen_host>10.118.0.3</listen_host>
+	<listen_host>127.0.0.1</listen_host>
+
+    <!-- Default values - try listen localhost on IPv4 and IPv6. -->
+    <!--
+    <listen_host>::1</listen_host>
+    <listen_host>127.0.0.1</listen_host>
+    -->
+
+    <!-- <interserver_listen_host>::</interserver_listen_host> -->
+    <!-- Listen host for communication between replicas. Used for data exchange -->
+    <!-- Default values - equal to listen_host -->
+
+    <!-- Don't exit if IPv6 or IPv4 networks are unavailable while trying to listen. -->
+    <!-- <listen_try>0</listen_try> -->
+
+    <!-- Allow multiple servers to listen on the same address:port. This is not recommended.
+      -->
+    <!-- <listen_reuse_port>0</listen_reuse_port> -->
+
+    <!-- <listen_backlog>4096</listen_backlog> -->
+
+    <!-- <max_connections>4096</max_connections> -->
+
+    <!-- For 'Connection: keep-alive' in HTTP 1.1 -->
+    <keep_alive_timeout>10</keep_alive_timeout>
+
+    <!-- gRPC protocol (see src/Server/grpc_protos/clickhouse_grpc.proto for the API) -->
+    <!-- <grpc_port>9100</grpc_port> -->
+    <grpc>
+        <enable_ssl>false</enable_ssl>
+
+        <!-- The following two files are used only if enable_ssl=1 -->
+        <ssl_cert_file>/path/to/ssl_cert_file</ssl_cert_file>
+        <ssl_key_file>/path/to/ssl_key_file</ssl_key_file>
+
+        <!-- Whether server will request client for a certificate -->
+        <ssl_require_client_auth>false</ssl_require_client_auth>
+
+        <!-- The following file is used only if ssl_require_client_auth=1 -->
+        <ssl_ca_cert_file>/path/to/ssl_ca_cert_file</ssl_ca_cert_file>
+
+        <!-- Default transport compression type (can be overridden by client, see the transport_compression_type field in QueryInfo).
+             Supported algorithms: none, deflate, gzip, stream_gzip -->
+        <transport_compression_type>none</transport_compression_type>
+
+        <!-- Default transport compression level. Supported levels: 0..3 -->
+        <transport_compression_level>0</transport_compression_level>
+
+        <!-- Send/receive message size limits in bytes. -1 means unlimited -->
+        <max_send_message_size>-1</max_send_message_size>
+        <max_receive_message_size>-1</max_receive_message_size>
+
+        <!-- Enable if you want very detailed logs -->
+        <verbose_logs>false</verbose_logs>
+    </grpc>
+
+    <!-- Used with https_port and tcp_port_secure. Full ssl options list: https://github.com/ClickHouse-Extras/poco/blob/master/NetSSL_OpenSSL/include/Poco/Net/SSLManager.h#L71
+         Note: ClickHouse Cloud https://clickhouse.com/cloud always has secure connections configured.
+    -->
+    <openSSL>
+        <server> <!-- Used for https server AND secure tcp port -->
+            <!-- openssl req -subj "/CN=localhost" -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout /etc/clickhouse-server/server.key -out /etc/clickhouse-server/server.crt -->
+            <!-- <certificateFile>/etc/clickhouse-server/server.crt</certificateFile>
+            <privateKeyFile>/etc/clickhouse-server/server.key</privateKeyFile> -->
+            <!-- dhparams are optional. You can delete the <dhParamsFile> element.
+                 To generate dhparams, use the following command:
+                  openssl dhparam -out /etc/clickhouse-server/dhparam.pem 4096
+                 Only file format with BEGIN DH PARAMETERS is supported.
+              -->
+            <!-- <dhParamsFile>/etc/clickhouse-server/dhparam.pem</dhParamsFile>-->
+            <verificationMode>none</verificationMode>
+            <loadDefaultCAFile>true</loadDefaultCAFile>
+            <cacheSessions>true</cacheSessions>
+            <disableProtocols>sslv2,sslv3</disableProtocols>
+            <preferServerCiphers>true</preferServerCiphers>
+
+            <invalidCertificateHandler>
+                <!-- The server, in contrast to the client, cannot ask about the certificate interactively.
+                     The only reasonable option is to reject.
+                -->
+                <name>RejectCertificateHandler</name>
+            </invalidCertificateHandler>
+        </server>
+
+        <client> <!-- Used for connecting to https dictionary source and secured Zookeeper communication -->
+            <loadDefaultCAFile>true</loadDefaultCAFile>
+            <cacheSessions>true</cacheSessions>
+            <disableProtocols>sslv2,sslv3</disableProtocols>
+            <preferServerCiphers>true</preferServerCiphers>
+            <!-- Use for self-signed: <verificationMode>none</verificationMode> -->
+            <invalidCertificateHandler>
+                <!-- Use for self-signed: <name>AcceptCertificateHandler</name> -->
+                <name>RejectCertificateHandler</name>
+            </invalidCertificateHandler>
+        </client>
+    </openSSL>
+
+    <!-- Default root page on http[s] server. -->
+    <!--
+    <http_server_default_response><![CDATA[Greetings from ClickHouse!]]></http_server_default_response>
+    -->
+
+    <!-- The maximum number of query processing threads, excluding threads for retrieving data from remote servers, allowed to run all queries.
+         This is not a hard limit. In case if the limit is reached the query will still get at least one thread to run.
+         Query can upscale to desired number of threads during execution if more threads become available.
+    -->
+    <concurrent_threads_soft_limit_num>0</concurrent_threads_soft_limit_num>
+    <concurrent_threads_soft_limit_ratio_to_cores>2</concurrent_threads_soft_limit_ratio_to_cores>
+    <concurrent_threads_scheduler>fair_round_robin</concurrent_threads_scheduler>
+
+    <!-- Maximum number of concurrent queries. -->
+    <max_concurrent_queries>1000</max_concurrent_queries>
+
+    <!-- Maximum memory usage (resident set size) for server process.
+         Zero value or unset means default. Default is "max_server_memory_usage_to_ram_ratio" of available physical RAM.
+         If the value is larger than "max_server_memory_usage_to_ram_ratio" of available physical RAM, it will be cut down.
+
+         The constraint is checked on query execution time.
+         If a query tries to allocate memory and the current memory usage plus allocation is greater
+          than specified threshold, exception will be thrown.
+
+         It is not practical to set this constraint to small values like just a few gigabytes,
+          because memory allocator will keep this amount of memory in caches and the server will deny service of queries.
+      -->
+    <max_server_memory_usage>0</max_server_memory_usage>
+	<!--max_memory_usage>1500000</max_memory_usage-->
+
+    <!-- Maximum number of threads in the Global thread pool.
+    This will default to a maximum of 10000 threads if not specified.
+    This setting will be useful in scenarios where there are a large number
+    of distributed queries that are running concurrently but are idling most
+    of the time, in which case a higher number of threads might be required.
+    -->
+
+    <max_thread_pool_size>10000</max_thread_pool_size>
+
+    <!-- Configure other thread pools: -->
+    <!--
+    <background_buffer_flush_schedule_pool_size>16</background_buffer_flush_schedule_pool_size>
+    <background_pool_size>16</background_pool_size>
+    <background_merges_mutations_concurrency_ratio>2</background_merges_mutations_concurrency_ratio>
+    <background_merges_mutations_scheduling_policy>round_robin</background_merges_mutations_scheduling_policy>
+    <background_move_pool_size>8</background_move_pool_size>
+    <background_fetches_pool_size>8</background_fetches_pool_size>
+    <background_common_pool_size>8</background_common_pool_size>
+    <background_schedule_pool_size>128</background_schedule_pool_size>
+    <background_message_broker_schedule_pool_size>16</background_message_broker_schedule_pool_size>
+    <background_distributed_schedule_pool_size>16</background_distributed_schedule_pool_size>
+    <tables_loader_foreground_pool_size>0</tables_loader_foreground_pool_size>
+    <tables_loader_background_pool_size>0</tables_loader_background_pool_size>
+    -->
+
+    <!-- Enables asynchronous loading of databases and tables to speedup server startup.
+         Queries to not yet loaded entity will be blocked until load is finished.
+      -->
+    <async_load_databases>true</async_load_databases>
+
+    <!-- On memory constrained environments you may have to set this to value larger than 1.
+      -->
+    <max_server_memory_usage_to_ram_ratio>2</max_server_memory_usage_to_ram_ratio>
+
+    <!-- Simple server-wide memory profiler. Collect a stack trace at every peak allocation step (in bytes).
+         Data will be stored in system.trace_log table with query_id = empty string.
+         Zero means disabled.
+      -->
+    <total_memory_profiler_step>4194304</total_memory_profiler_step>
+
+    <!-- Collect random allocations and deallocations and write them into system.trace_log with 'MemorySample' trace_type.
+         The probability is for every alloc/free regardless to the size of the allocation.
+         Note that sampling happens only when the amount of untracked memory exceeds the untracked memory limit,
+          which is 4 MiB by default but can be lowered if 'total_memory_profiler_step' is lowered.
+         You may want to set 'total_memory_profiler_step' to 1 for extra fine grained sampling.
+      -->
+    <total_memory_tracker_sample_probability>0</total_memory_tracker_sample_probability>
+
+    <!-- Set limit on number of open files (default: maximum). This setting makes sense on Mac OS X because getrlimit() fails to retrieve
+         correct maximum value. -->
+    <!-- <max_open_files>262144</max_open_files> -->
+
+    <!-- Size of cache of uncompressed blocks of data, used in tables of MergeTree family.
+         In bytes. Cache is single for server. Memory is allocated only on demand.
+         Cache is used when 'use_uncompressed_cache' user setting turned on (off by default).
+         Uncompressed cache is advantageous only for very short queries and in rare cases.
+
+         Note: uncompressed cache can be pointless for lz4, because memory bandwidth
+         is slower than multi-core decompression on some server configurations.
+         Enabling it can sometimes paradoxically make queries slower.
+      -->
+    <uncompressed_cache_size>8589934592</uncompressed_cache_size>
+
+    <!-- Approximate size of mark cache, used in tables of MergeTree family.
+         In bytes. Cache is single for server. Memory is allocated only on demand.
+         You should not lower this value. -->
+    <!-- <mark_cache_size>5368709120</mark_cache_size> -->
+
+    <!-- For marks of secondary indices. -->
+    <!-- <index_mark_cache_size>5368709120</index_mark_cache_size> -->
+
+    <!-- If you enable the `min_bytes_to_use_mmap_io` setting,
+         the data in MergeTree tables can be read with mmap to avoid copying from kernel to userspace.
+         It makes sense only for large files and helps only if data reside in page cache.
+         To avoid frequent open/mmap/munmap/close calls (which are very expensive due to consequent page faults)
+         and to reuse mappings from several threads and queries,
+         the cache of mapped files is maintained. Its size is the number of mapped regions (usually equal to the number of mapped files).
+         The amount of data in mapped files can be monitored
+         in system.metrics, system.metric_log by the MMappedFiles, MMappedFileBytes metrics
+         and in system.asynchronous_metrics, system.asynchronous_metrics_log by the MMapCacheCells metric,
+         and also in system.events, system.processes, system.query_log, system.query_thread_log, system.query_views_log by the
+         CreatedReadBufferMMap, CreatedReadBufferMMapFailed, MMappedFileCacheHits, MMappedFileCacheMisses events.
+         Note that the amount of data in mapped files does not consume memory directly and is not accounted
+         in query or server memory usage - because this memory can be discarded similar to OS page cache.
+         The cache is dropped (the files are closed) automatically on removal of old parts in MergeTree,
+         also it can be dropped manually by the SYSTEM DROP MMAP CACHE query.
+      -->
+    <!-- <mmap_cache_size>1024</mmap_cache_size> -->
+
+    <!-- Cache size in bytes for compiled expressions.-->
+    <!-- <compiled_expression_cache_size>134217728</compiled_expression_cache_size> -->
+
+    <!-- Cache size in elements for compiled expressions.-->
+    <!-- <compiled_expression_cache_elements_size>10000</compiled_expression_cache_elements_size> -->
+
+    <!-- Size of the query condition cache in bytes. -->
+    <query_condition_cache_size>106700800</query_condition_cache_size>
+
+    <!-- Configuration for the query cache -->
+    <!--
+    <query_cache>
+        <max_size_in_bytes>1073741824</max_size_in_bytes>
+        <max_entries>1024</max_entries>
+        <max_entry_size_in_bytes>1048576</max_entry_size_in_bytes>
+        <max_entry_size_in_rows>30000000</max_entry_size_in_rows>
+    </query_cache>
+    -->
+
+    <!-- Cache path for custom (created from SQL) cached disks -->
+    <custom_cached_disks_base_directory>/var/lib/clickhouse/caches/</custom_cached_disks_base_directory>
+
+    <validate_tcp_client_information>false</validate_tcp_client_information>
+
+    <!-- Path to data directory, with trailing slash. -->
+    <!--path>/var/lib/clickhouse/</path> -->
+	<path>/mnt/volume_tor1_01/yultek_db/</path>
+
+    <!-- Multi-disk configuration example: -->
+    <!--
+    <storage_configuration>
+        <disks>
+            <default>
+                <keep_free_space_bytes>0</keep_free_space_bytes>
+            </default>
+            <data>
+                <path>/data/</path>
+                <keep_free_space_bytes>0</keep_free_space_bytes>
+            </data>
+            <s3>
+                <type>s3</type>
+                <endpoint>http://path/to/endpoint</endpoint>
+                <access_key_id>your_access_key_id</access_key_id>
+                <secret_access_key>your_secret_access_key</secret_access_key>
+            </s3>
+            <blob_storage_disk>
+                <type>azure_blob_storage</type>
+                <storage_account_url>http://account.blob.core.windows.net</storage_account_url>
+                <container_name>container</container_name>
+                <account_name>account</account_name>
+                <account_key>pass123</account_key>
+                <metadata_path>/var/lib/clickhouse/disks/blob_storage_disk/</metadata_path>
+                <skip_access_check>false</skip_access_check>
+            </blob_storage_disk>
+        </disks>
+
+        <policies>
+            <all>
+                <volumes>
+                    <main>
+                        <disk>default</disk>
+                        <disk>data</disk>
+                        <disk>s3</disk>
+                        <disk>blob_storage_disk</disk>
+
+                        <max_data_part_size_bytes></max_data_part_size_bytes>
+                        <max_data_part_size_ratio></max_data_part_size_ratio>
+                        <perform_ttl_move_on_insert>true</perform_ttl_move_on_insert>
+                        <load_balancing>round_robin</load_balancing>
+                    </main>
+                </volumes>
+                <move_factor>0.2</move_factor>
+            </all>
+        </policies>
+    </storage_configuration>
+    -->
+
+    <!-- Path to temporary data for processing heavy queries. -->
+    <tmp_path>/var/lib/clickhouse/tmp/</tmp_path>
+
+    <!-- Disable AuthType plaintext_password and no_password for ACL. -->
+    <allow_plaintext_password>1</allow_plaintext_password>
+    <allow_no_password>1</allow_no_password>
+    <allow_implicit_no_password>1</allow_implicit_no_password>
+
+    <!-- When a user does not specify a password type in the CREATE USER query, the default password type is used.
+         Accepted values are: 'plaintext_password', 'sha256_password', 'double_sha1_password', 'bcrypt_password'.
+      -->
+    <default_password_type>sha256_password</default_password_type>
+
+    <!-- Work factor for bcrypt_password authentication type-->
+    <bcrypt_workfactor>12</bcrypt_workfactor>
+
+    <!-- Complexity requirements for user passwords.
+         Note: ClickHouse Cloud https://clickhouse.com/cloud is always configured for strong passwords.
+      -->
+    <!-- <password_complexity>
+        <rule>
+            <pattern>.{12}</pattern>
+            <message>be at least 12 characters long</message>
+        </rule>
+        <rule>
+            <pattern>\p{N}</pattern>
+            <message>contain at least 1 numeric character</message>
+        </rule>
+        <rule>
+            <pattern>\p{Ll}</pattern>
+            <message>contain at least 1 lowercase character</message>
+        </rule>
+        <rule>
+            <pattern>\p{Lu}</pattern>
+            <message>contain at least 1 uppercase character</message>
+        </rule>
+        <rule>
+            <pattern>[^\p{L}\p{N}]</pattern>
+            <message>contain at least 1 special character</message>
+        </rule>
+    </password_complexity> -->
+
+    <!-- Policy from the <storage_configuration> for the temporary files.
+         If not set <tmp_path> is used, otherwise <tmp_path> is ignored.
+
+         Notes:
+         - move_factor              is ignored
+         - keep_free_space_bytes    is ignored
+         - max_data_part_size_bytes is ignored
+         - you must have exactly one volume in that policy
+    -->
+    <!-- <tmp_policy>tmp</tmp_policy> -->
+
+    <!-- Directory with user provided files that are accessible by 'file' table function. -->
+    <user_files_path>/var/lib/clickhouse/user_files/</user_files_path>
+
+    <!-- LDAP server definitions. -->
+    <ldap_servers>
+        <!-- List LDAP servers with their connection parameters here to later 1) use them as authenticators for dedicated local users,
+              who have 'ldap' authentication mechanism specified instead of 'password', or to 2) use them as remote user directories.
+             Parameters:
+                host - LDAP server hostname or IP, this parameter is mandatory and cannot be empty.
+                port - LDAP server port, default is 636 if enable_tls is set to true, 389 otherwise.
+                bind_dn - template used to construct the DN to bind to.
+                        The resulting DN will be constructed by replacing all '{user_name}' substrings of the template with the actual
+                         user name during each authentication attempt.
+                user_dn_detection - section with LDAP search parameters for detecting the actual user DN of the bound user.
+                        This is mainly used in search filters for further role mapping when the server is Active Directory. The
+                         resulting user DN will be used when replacing '{user_dn}' substrings wherever they are allowed. By default,
+                         user DN is set equal to bind DN, but once search is performed, it will be updated with to the actual detected
+                         user DN value.
+                    base_dn - template used to construct the base DN for the LDAP search.
+                            The resulting DN will be constructed by replacing all '{user_name}' and '{bind_dn}' substrings
+                             of the template with the actual user name and bind DN during the LDAP search.
+                    scope - scope of the LDAP search.
+                            Accepted values are: 'base', 'one_level', 'children', 'subtree' (the default).
+                    search_filter - template used to construct the search filter for the LDAP search.
+                            The resulting filter will be constructed by replacing all '{user_name}', '{bind_dn}', and '{base_dn}'
+                             substrings of the template with the actual user name, bind DN, and base DN during the LDAP search.
+                            Note, that the special characters must be escaped properly in XML.
+                verification_cooldown - a period of time, in seconds, after a successful bind attempt, during which a user will be assumed
+                         to be successfully authenticated for all consecutive requests without contacting the LDAP server.
+                        Specify 0 (the default) to disable caching and force contacting the LDAP server for each authentication request.
+                enable_tls - flag to trigger use of secure connection to the LDAP server.
+                        Specify 'no' for plain text (ldap://) protocol (not recommended).
+                        Specify 'yes' for LDAP over SSL/TLS (ldaps://) protocol (recommended, the default).
+                        Specify 'starttls' for legacy StartTLS protocol (plain text (ldap://) protocol, upgraded to TLS).
+                tls_minimum_protocol_version - the minimum protocol version of SSL/TLS.
+                        Accepted values are: 'ssl2', 'ssl3', 'tls1.0', 'tls1.1', 'tls1.2' (the default).
+                tls_require_cert - SSL/TLS peer certificate verification behavior.
+                        Accepted values are: 'never', 'allow', 'try', 'demand' (the default).
+                tls_cert_file - path to certificate file.
+                tls_key_file - path to certificate key file.
+                tls_ca_cert_file - path to CA certificate file.
+                tls_ca_cert_dir - path to the directory containing CA certificates.
+                tls_cipher_suite - allowed cipher suite (in OpenSSL notation).
+             Example:
+                <my_ldap_server>
+                    <host>localhost</host>
+                    <port>636</port>
+                    <bind_dn>uid={user_name},ou=users,dc=example,dc=com</bind_dn>
+                    <verification_cooldown>300</verification_cooldown>
+                    <enable_tls>yes</enable_tls>
+                    <tls_minimum_protocol_version>tls1.2</tls_minimum_protocol_version>
+                    <tls_require_cert>demand</tls_require_cert>
+                    <tls_cert_file>/path/to/tls_cert_file</tls_cert_file>
+                    <tls_key_file>/path/to/tls_key_file</tls_key_file>
+                    <tls_ca_cert_file>/path/to/tls_ca_cert_file</tls_ca_cert_file>
+                    <tls_ca_cert_dir>/path/to/tls_ca_cert_dir</tls_ca_cert_dir>
+                    <tls_cipher_suite>ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:AES256-GCM-SHA384</tls_cipher_suite>
+                </my_ldap_server>
+             Example (typical Active Directory with configured user DN detection for further role mapping):
+                <my_ad_server>
+                    <host>localhost</host>
+                    <port>389</port>
+                    <bind_dn>EXAMPLE\{user_name}</bind_dn>
+                    <user_dn_detection>
+                        <base_dn>CN=Users,DC=example,DC=com</base_dn>
+                        <search_filter>(&amp;(objectClass=user)(sAMAccountName={user_name}))</search_filter>
+                    </user_dn_detection>
+                    <enable_tls>no</enable_tls>
+                </my_ad_server>
+        -->
+    </ldap_servers>
+
+    <!-- To enable Kerberos authentication support for HTTP requests (GSS-SPNEGO), for those users who are explicitly configured
+          to authenticate via Kerberos, define a single 'kerberos' section here.
+         Parameters:
+            principal - canonical service principal name, that will be acquired and used when accepting security contexts.
+                    This parameter is optional, if omitted, the default principal will be used.
+                    This parameter cannot be specified together with 'realm' parameter.
+            realm - a realm, that will be used to restrict authentication to only those requests whose initiator's realm matches it.
+                    This parameter is optional, if omitted, no additional filtering by realm will be applied.
+                    This parameter cannot be specified together with 'principal' parameter.
+         Example:
+            <kerberos />
+         Example:
+            <kerberos>
+                <principal>HTTP/clickhouse.example.com@EXAMPLE.COM</principal>
+            </kerberos>
+         Example:
+            <kerberos>
+                <realm>EXAMPLE.COM</realm>
+            </kerberos>
+    -->
+
+    <!-- Sources to read users, roles, access rights, profiles of settings, quotas. -->
+    <user_directories>
+        <users_xml>
+            <!-- Path to configuration file with predefined users. -->
+            <path>users.xml</path>
+        </users_xml>
+        <local_directory>
+            <!-- Path to folder where users created by SQL commands are stored. -->
+            <path>/var/lib/clickhouse/access/</path>
+        </local_directory>
+
+        <!-- To add an LDAP server as a remote user directory of users that are not defined locally, define a single 'ldap' section
+              with the following parameters:
+                server - one of LDAP server names defined in 'ldap_servers' config section above.
+                        This parameter is mandatory and cannot be empty.
+                roles - section with a list of locally defined roles that will be assigned to each user retrieved from the LDAP server.
+                        If no roles are specified here or assigned during role mapping (below), user will not be able to perform any
+                         actions after authentication.
+                role_mapping - section with LDAP search parameters and mapping rules.
+                        When a user authenticates, while still bound to LDAP, an LDAP search is performed using search_filter and the
+                         name of the logged in user. For each entry found during that search, the value of the specified attribute is
+                         extracted. For each attribute value that has the specified prefix, the prefix is removed, and the rest of the
+                         value becomes the name of a local role defined in ClickHouse, which is expected to be created beforehand by
+                         CREATE ROLE command.
+                        There can be multiple 'role_mapping' sections defined inside the same 'ldap' section. All of them will be
+                         applied.
+                    base_dn - template used to construct the base DN for the LDAP search.
+                            The resulting DN will be constructed by replacing all '{user_name}', '{bind_dn}', and '{user_dn}'
+                             substrings of the template with the actual user name, bind DN, and user DN during each LDAP search.
+                    scope - scope of the LDAP search.
+                            Accepted values are: 'base', 'one_level', 'children', 'subtree' (the default).
+                    search_filter - template used to construct the search filter for the LDAP search.
+                            The resulting filter will be constructed by replacing all '{user_name}', '{bind_dn}', '{user_dn}', and
+                             '{base_dn}' substrings of the template with the actual user name, bind DN, user DN, and base DN during
+                             each LDAP search.
+                            Note, that the special characters must be escaped properly in XML.
+                    attribute - attribute name whose values will be returned by the LDAP search. 'cn', by default.
+                    prefix - prefix, that will be expected to be in front of each string in the original list of strings returned by
+                             the LDAP search. Prefix will be removed from the original strings and resulting strings will be treated
+                             as local role names. Empty, by default.
+             Example:
+                <ldap>
+                    <server>my_ldap_server</server>
+                    <roles>
+                        <my_local_role1 />
+                        <my_local_role2 />
+                    </roles>
+                    <role_mapping>
+                        <base_dn>ou=groups,dc=example,dc=com</base_dn>
+                        <scope>subtree</scope>
+                        <search_filter>(&amp;(objectClass=groupOfNames)(member={bind_dn}))</search_filter>
+                        <attribute>cn</attribute>
+                        <prefix>clickhouse_</prefix>
+                    </role_mapping>
+                </ldap>
+             Example (typical Active Directory with role mapping that relies on the detected user DN):
+                <ldap>
+                    <server>my_ad_server</server>
+                    <role_mapping>
+                        <base_dn>CN=Users,DC=example,DC=com</base_dn>
+                        <attribute>CN</attribute>
+                        <scope>subtree</scope>
+                        <search_filter>(&amp;(objectClass=group)(member={user_dn}))</search_filter>
+                        <prefix>clickhouse_</prefix>
+                    </role_mapping>
+                </ldap>
+        -->
+    </user_directories>
+
+    <access_control_improvements>
+        <!-- Enables logic that users without permissive row policies can still read rows using a SELECT query.
+             For example, if there two users A, B and a row policy is defined only for A, then
+             if this setting is true the user B will see all rows, and if this setting is false the user B will see no rows.
+             By default this setting is true. -->
+        <users_without_row_policies_can_read_rows>true</users_without_row_policies_can_read_rows>
+
+        <!-- By default, for backward compatibility ON CLUSTER queries ignore CLUSTER grant,
+             however you can change this behaviour by setting this to true -->
+        <on_cluster_queries_require_cluster_grant>true</on_cluster_queries_require_cluster_grant>
+
+        <!-- By default, for backward compatibility "SELECT * FROM system.<table>" doesn't require any grants and can be executed
+             by any user. You can change this behaviour by setting this to true.
+             If it's set to true then this query requires "GRANT SELECT ON system.<table>" just like as for non-system tables.
+             Exceptions: a few system tables ("tables", "columns", "databases", and some constant tables like "one", "contributors")
+             are still accessible for everyone; and if there is a SHOW privilege (e.g. "SHOW USERS") granted the corresponding system
+             table (i.e. "system.users") will be accessible. -->
+        <select_from_system_db_requires_grant>true</select_from_system_db_requires_grant>
+
+        <!-- By default, for backward compatibility "SELECT * FROM information_schema.<table>" doesn't require any grants and can be
+             executed by any user. You can change this behaviour by setting this to true.
+             If it's set to true then this query requires "GRANT SELECT ON information_schema.<table>" just like as for ordinary tables. -->
+        <select_from_information_schema_requires_grant>true</select_from_information_schema_requires_grant>
+
+        <!-- By default, for backward compatibility a settings profile constraint for a specific setting inherit every not set field from
+             previous profile. You can change this behaviour by setting this to true.
+             If it's set to true then if settings profile has a constraint for a specific setting, then this constraint completely cancels all
+             actions of previous constraint (defined in other profiles) for the same specific setting, including fields that are not set by new constraint.
+             It also enables 'changeable_in_readonly' constraint type -->
+        <settings_constraints_replace_previous>true</settings_constraints_replace_previous>
+
+        <!-- By default, for backward compatibility creating table with a specific table engine ignores grant,
+             however you can change this behaviour by setting this to true -->
+        <table_engines_require_grant>false</table_engines_require_grant>
+
+        <!-- Number of seconds since last access a role is stored in the Role Cache -->
+        <role_cache_expiration_time_seconds>600</role_cache_expiration_time_seconds>
+    </access_control_improvements>
+
+    <!-- Default profile of settings. -->
+    <default_profile>default</default_profile>
+
+    <!-- Comma-separated list of prefixes for user-defined settings.
+         The server will allow to set these settings, and retrieve them with the getSetting function.
+         They are also logged in the query_log, similarly to other settings, but have no special effect.
+         The "SQL_" prefix is introduced for compatibility with MySQL - these settings are being set by Tableau.
+    -->
+    <custom_settings_prefixes>SQL_</custom_settings_prefixes>
+
+    <!-- System profile of settings. This settings are used by internal processes (Distributed DDL worker and so on). -->
+    <!-- <system_profile>default</system_profile> -->
+
+    <!-- Buffer profile of settings.
+         This settings are used by Buffer storage to flush data to the underlying table.
+         Default: used from system_profile directive.
+    -->
+    <!-- <buffer_profile>default</buffer_profile> -->
+
+    <!-- Default database. -->
+    <default_database>default</default_database>
+
+    <!-- Server time zone could be set here.
+
+         Time zone is used when converting between String and DateTime types,
+          when printing DateTime in text formats and parsing DateTime from text,
+          it is used in date and time related functions, if specific time zone was not passed as an argument.
+
+         Time zone is specified as identifier from IANA time zone database, like UTC or Africa/Abidjan.
+         If not specified, system time zone at server startup is used.
+
+         Please note, that server could display time zone alias instead of specified name.
+         Example: Zulu is an alias for UTC.
+    -->
+    <!-- <timezone>UTC</timezone> -->
+
+    <!-- You can specify umask here (see "man umask"). Server will apply it on startup.
+         Number is always parsed as octal. Default umask is 027 (other users cannot read logs, data files, etc; group can only read).
+    -->
+    <!-- <umask>022</umask> -->
+
+    <!-- Perform mlockall after startup to lower first queries latency
+          and to prevent clickhouse executable from being paged out under high IO load.
+         Enabling this option is recommended but will lead to increased startup time for up to a few seconds.
+    -->
+    <mlock_executable>true</mlock_executable>
+
+    <!-- Reallocate memory for machine code ("text") using huge pages. Highly experimental. -->
+    <remap_executable>false</remap_executable>
+
+    <![CDATA[
+         Uncomment below in order to use JDBC table engine and function.
+
+         To install and run JDBC bridge in background:
+         * [Debian/Ubuntu]
+           export MVN_URL=https://repo1.maven.org/maven2/com/clickhouse/clickhouse-jdbc-bridge/
+           export PKG_VER=$(curl -sL $MVN_URL/maven-metadata.xml | grep '<release>' | sed -e 's|.*>\(.*\)<.*|\1|')
+           wget https://github.com/ClickHouse/clickhouse-jdbc-bridge/releases/download/v$PKG_VER/clickhouse-jdbc-bridge_$PKG_VER-1_all.deb
+           apt install --no-install-recommends -f ./clickhouse-jdbc-bridge_$PKG_VER-1_all.deb
+           clickhouse-jdbc-bridge &
+
+         * [CentOS/RHEL]
+           export MVN_URL=https://repo1.maven.org/maven2/com/clickhouse/clickhouse-jdbc-bridge/
+           export PKG_VER=$(curl -sL $MVN_URL/maven-metadata.xml | grep '<release>' | sed -e 's|.*>\(.*\)<.*|\1|')
+           wget https://github.com/ClickHouse/clickhouse-jdbc-bridge/releases/download/v$PKG_VER/clickhouse-jdbc-bridge-$PKG_VER-1.noarch.rpm
+           yum localinstall -y clickhouse-jdbc-bridge-$PKG_VER-1.noarch.rpm
+           clickhouse-jdbc-bridge &
+
+         Please refer to https://github.com/ClickHouse/clickhouse-jdbc-bridge#usage for more information.
+    ]]>
+    <!--
+    <jdbc_bridge>
+        <host>127.0.0.1</host>
+        <port>9019</port>
+    </jdbc_bridge>
+    -->
+
+    <!-- Configuration of clusters that could be used in Distributed tables.
+         https://clickhouse.com/docs/en/operations/table_engines/distributed/
+         Note: ClickHouse Cloud https://clickhouse.com/cloud has the cluster preconfigured and dynamically scalable.
+      -->
+    <remote_servers>
+        <!-- Test only shard config for testing distributed storage -->
+        <default>
+            <!-- Inter-server per-cluster secret for Distributed queries
+                 default: no secret (no authentication will be performed)
+
+                 If set, then Distributed queries will be validated on shards, so at least:
+                 - such cluster should exist on the shard,
+                 - such cluster should have the same secret.
+
+                 And also (and which is more important), the initial_user will
+                 be used as current user for the query.
+
+                 Right now the protocol is pretty simple, and it only takes into account:
+                 - cluster name
+                 - query
+
+                 Also, it will be nice if the following will be implemented:
+                 - source hostname (see interserver_http_host), but then it will depend on DNS,
+                   it can use IP address instead, but then you need to get correct on the initiator node.
+                 - target hostname / ip address (same notes as for source hostname)
+                 - time-based security tokens
+            -->
+            <!-- <secret></secret> -->
+
+            <shard>
+                <!-- Optional. Whether to write data to just one of the replicas. Default: false (write data to all replicas). -->
+                <!-- <internal_replication>false</internal_replication> -->
+                <!-- Optional. Shard weight when writing data. Default: 1. -->
+                <!-- <weight>1</weight> -->
+                <replica>
+                    <host>localhost</host>
+                    <port>9000</port>
+                    <!-- Optional. Priority of the replica for load_balancing. Default: 1 (less value has more priority). -->
+                    <!-- <priority>1</priority> -->
+                    <!-- Use SSL? Default: no -->
+                    <!-- <secure>0</secure> -->
+                </replica>
+            </shard>
+        </default>
+    </remote_servers>
+
+    <!-- The list of hosts allowed to use in URL-related storage engines and table functions.
+        If this section is not present in configuration, all hosts are allowed.
+    -->
+    <!--<remote_url_allow_hosts>-->
+        <!-- Host should be specified exactly as in URL. The name is checked before DNS resolution.
+            Example: "clickhouse.com", "clickhouse.com." and "www.clickhouse.com" are different hosts.
+                    If port is explicitly specified in URL, the host:port is checked as a whole.
+                    If host specified here without port, any port with this host allowed.
+                    "clickhouse.com" -> "clickhouse.com:443", "clickhouse.com:80" etc. is allowed, but "clickhouse.com:80" -> only "clickhouse.com:80" is allowed.
+            If the host is specified as IP address, it is checked as specified in URL. Example: "[2a02:6b8:a::a]".
+            If there are redirects and support for redirects is enabled, every redirect (the Location field) is checked.
+            Host should be specified using the host xml tag:
+                    <host>clickhouse.com</host>
+        -->
+
+        <!-- Regular expression can be specified. RE2 engine is used for regexps.
+            Regexps are not aligned: don't forget to add ^ and $. Also don't forget to escape dot (.) metacharacter
+            (forgetting to do so is a common source of error).
+        -->
+    <!--</remote_url_allow_hosts>-->
+
+    <!-- The list of HTTP headers forbidden to use in HTTP-related storage engines and table functions.
+        If this section is not present in configuration, all headers are allowed.
+    -->
+    <!-- <http_forbid_headers>
+        <header>exact_header</header>
+        <header_regexp>(?i)(case_insensitive_header)</header_regexp>
+    </http_forbid_headers> -->
+
+    <!-- If element has 'incl' attribute, then for it's value will be used corresponding substitution from another file.
+         By default, path to file with substitutions is /etc/metrika.xml. It could be changed in config in 'include_from' element.
+         Values for substitutions are specified in /clickhouse/name_of_substitution elements in that file.
+      -->
+
+    <!-- ZooKeeper is used to store metadata about replicas, when using Replicated tables.
+         Optional. If you don't use replicated tables, you could omit that.
+
+         See https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/replication/
+
+         Note: ClickHouse Cloud https://clickhouse.com/cloud has ClickHouse Keeper automatically configured for every service.
+      -->
+
+    <!--
+    <zookeeper>
+        <node>
+            <host>example1</host>
+            <port>2181</port>
+        </node>
+        <node>
+            <host>example2</host>
+            <port>2181</port>
+        </node>
+        <node>
+            <host>example3</host>
+            <port>2181</port>
+        </node>
+    </zookeeper>
+    -->
+
+    <!-- Substitutions for parameters of replicated tables.
+          Optional. If you don't use replicated tables, you could omit that.
+
+         See https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/replication/#creating-replicated-tables
+      -->
+    <!--
+    <macros>
+        <shard>01</shard>
+        <replica>example01-01-1</replica>
+    </macros>
+    -->
+
+    <!--
+    <default_replica_path>/clickhouse/tables/{database}/{table}</default_replica_path>
+    <default_replica_name>{replica}</default_replica_name>
+    -->
+
+    <!-- Replica group name for database Replicated.
+          The cluster created by Replicated database will consist of replicas in the same group.
+          DDL queries will only wail for the replicas in the same group.
+          Empty by default.
+    -->
+    <!--
+    <replica_group_name><replica_group_name>
+    -->
+
+
+    <!-- Reloading interval for embedded dictionaries, in seconds. Default: 3600. -->
+    <builtin_dictionaries_reload_interval>3600</builtin_dictionaries_reload_interval>
+
+
+    <!-- Maximum session timeout, in seconds. Default: 3600. -->
+    <max_session_timeout>3600</max_session_timeout>
+
+    <!-- Default session timeout, in seconds. Default: 60. -->
+    <default_session_timeout>60</default_session_timeout>
+
+    <!-- Sending data to Graphite for monitoring. Several sections can be defined. -->
+    <!--
+        interval - send every X second
+        root_path - prefix for keys
+        hostname_in_path - append hostname to root_path (default = true)
+        metrics - send data from table system.metrics
+        events - send data from table system.events
+        asynchronous_metrics - send data from table system.asynchronous_metrics
+    -->
+    <!--
+    <graphite>
+        <host>localhost</host>
+        <port>42000</port>
+        <timeout>0.1</timeout>
+        <interval>60</interval>
+        <root_path>one_min</root_path>
+        <hostname_in_path>true</hostname_in_path>
+
+        <metrics>true</metrics>
+        <events>true</events>
+        <events_cumulative>false</events_cumulative>
+        <asynchronous_metrics>true</asynchronous_metrics>
+    </graphite>
+    <graphite>
+        <host>localhost</host>
+        <port>42000</port>
+        <timeout>0.1</timeout>
+        <interval>1</interval>
+        <root_path>one_sec</root_path>
+
+        <metrics>true</metrics>
+        <events>true</events>
+        <events_cumulative>false</events_cumulative>
+        <asynchronous_metrics>false</asynchronous_metrics>
+    </graphite>
+    -->
+
+    <!-- Serve endpoint for Prometheus monitoring. -->
+    <!--
+        endpoint - mertics path (relative to root, statring with "/")
+        port - port to setup server. If not defined or 0 than http_port used
+        metrics - send data from table system.metrics
+        events - send data from table system.events
+        asynchronous_metrics - send data from table system.asynchronous_metrics
+    -->
+    <!--
+    <prometheus>
+        <endpoint>/metrics</endpoint>
+        <port>9363</port>
+
+        <metrics>true</metrics>
+        <events>true</events>
+        <asynchronous_metrics>true</asynchronous_metrics>
+    </prometheus>
+    -->
+
+    <!-- Query log. Used only for queries with setting log_queries = 1. -->
+    <query_log>
+        <!-- What table to insert data. If table is not exist, it will be created.
+             When query log structure is changed after system update,
+              then old table will be renamed and new table will be created automatically.
+        -->
+        <database>system</database>
+        <table>query_log</table>
+        <!--
+            PARTITION BY expr: https://clickhouse.com/docs/en/table_engines/mergetree-family/custom_partitioning_key/
+            Example:
+                event_date
+                toMonday(event_date)
+                toYYYYMM(event_date)
+                toStartOfHour(event_time)
+        -->
+        <partition_by>toYYYYMM(event_date)</partition_by>
+        <!--
+            Table TTL specification: https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/mergetree/#mergetree-table-ttl
+            Example:
+                event_date + INTERVAL 1 WEEK
+                event_date + INTERVAL 7 DAY DELETE
+                event_date + INTERVAL 2 WEEK TO DISK 'bbb'
+
+        <ttl>event_date + INTERVAL 30 DAY DELETE</ttl>
+        -->
+		<ttl>event_date + INTERVAL 15 MINUTE DELETE</ttl>
+
+        <!--
+            ORDER BY expr: https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/mergetree#order_by
+            Example:
+                event_date, event_time
+                event_date, type, query_id
+                event_date, event_time, initial_query_id
+
+        <order_by>event_date, event_time, initial_query_id</order_by>
+        -->
+
+        <!-- Instead of partition_by, you can provide full engine expression (starting with ENGINE = ) with parameters,
+             Example: <engine>ENGINE = MergeTree PARTITION BY toYYYYMM(event_date) ORDER BY (event_date, event_time) SETTINGS index_granularity = 1024</engine>
+          -->
+
+        <!-- Interval of flushing data. -->
+        <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+        <!-- Maximal size in lines for the logs. When non-flushed logs amount reaches max_size, logs dumped to the disk. -->
+        <max_size_rows>1048576</max_size_rows>
+        <!-- Pre-allocated size in lines for the logs. -->
+        <reserved_size_rows>8192</reserved_size_rows>
+        <!-- Lines amount threshold, reaching it launches flushing logs to the disk in background. -->
+        <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
+        <!-- Indication whether logs should be dumped to the disk in case of a crash -->
+        <flush_on_crash>false</flush_on_crash>
+
+        <!-- example of using a different storage policy for a system table -->
+        <!-- storage_policy>local_ssd</storage_policy -->
+    </query_log>
+
+    <!-- Trace log. Stores stack traces collected by query profilers.
+         See query_profiler_real_time_period_ns and query_profiler_cpu_time_period_ns settings. -->
+    <trace_log>
+        <database>system</database>
+        <table>trace_log</table>
+
+        <partition_by>toYYYYMM(event_date)</partition_by>
+        <flush_interval_milliseconds>0</flush_interval_milliseconds>
+        <max_size_rows>1048576</max_size_rows>
+        <reserved_size_rows>8192</reserved_size_rows>
+        <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
+        <!-- Indication whether logs should be dumped to the disk in case of a crash -->
+        <flush_on_crash>false</flush_on_crash>
+        <symbolize>true</symbolize>
+    </trace_log>
+
+    <!-- Query thread log. Has information about all threads participated in query execution.
+         Used only for queries with setting log_query_threads = 1. -->
+    <query_thread_log>
+        <database>system</database>
+        <table>query_thread_log</table>
+        <partition_by>toYYYYMM(event_date)</partition_by>
+        <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+        <max_size_rows>1048576</max_size_rows>
+        <reserved_size_rows>8192</reserved_size_rows>
+        <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
+        <flush_on_crash>false</flush_on_crash>
+    </query_thread_log>
+
+    <!-- Query views log. Has information about all dependent views associated with a query.
+         Used only for queries with setting log_query_views = 1. -->
+    <query_views_log>
+        <database>system</database>
+        <table>query_views_log</table>
+        <partition_by>toYYYYMM(event_date)</partition_by>
+        <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+    </query_views_log>
+
+    <!-- Part log contains information about all actions with parts in MergeTree tables (creation, deletion, merges, downloads). -->
+    <part_log>
+        <database>system</database>
+        <table>part_log</table>
+        <partition_by>toYYYYMM(event_date)</partition_by>
+        <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+        <max_size_rows>1048576</max_size_rows>
+        <reserved_size_rows>8192</reserved_size_rows>
+        <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
+        <flush_on_crash>false</flush_on_crash>
+    </part_log>
+
+    <!-- Text log contains all information from usual server log but stores it in structured and efficient way.
+         The level of the messages that goes to the table can be limited (<level>), if not specified all messages will go to the table.
+    -->
+    <text_log>
+        <database>system</database>
+        <table>text_log</table>
+        <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+        <max_size_rows>1048576</max_size_rows>
+        <reserved_size_rows>8192</reserved_size_rows>
+        <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
+        <flush_on_crash>false</flush_on_crash>
+        <level>none</level>
+    </text_log>
+
+    <!-- Metric log contains rows with current values of ProfileEvents, CurrentMetrics collected with "collect_interval_milliseconds" interval. -->
+    <metric_log>
+        <database>system</database>
+        <table>metric_log</table>
+        <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+        <max_size_rows>1048576</max_size_rows>
+        <reserved_size_rows>8192</reserved_size_rows>
+        <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
+        <collect_interval_milliseconds>1000</collect_interval_milliseconds>
+        <flush_on_crash>false</flush_on_crash>
+    </metric_log>
+
+    <!-- Latency log contains rows with current values of latency buckets collected with "collect_interval_milliseconds" interval. -->
+    <latency_log>
+        <database>system</database>
+        <table>latency_log</table>
+        <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+        <max_size_rows>1048576</max_size_rows>
+        <reserved_size_rows>8192</reserved_size_rows>
+        <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
+        <collect_interval_milliseconds>1000</collect_interval_milliseconds>
+        <flush_on_crash>false</flush_on_crash>
+    </latency_log>
+
+    <!-- Error log contains rows with current values of errors collected with "collect_interval_milliseconds" interval. -->
+    <error_log>
+        <database>system</database>
+        <table>error_log</table>
+        <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+        <max_size_rows>1048576</max_size_rows>
+        <reserved_size_rows>8192</reserved_size_rows>
+        <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
+        <collect_interval_milliseconds>1000</collect_interval_milliseconds>
+        <flush_on_crash>false</flush_on_crash>
+    </error_log>
+
+    <!-- Query metric log contains rows Contains history of memory and metric values from table system.events for individual queries, periodically flushed to disk
+    every "collect_interval_milliseconds" interval-->
+    <query_metric_log>
+        <database>system</database>
+        <table>query_metric_log</table>
+        <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+        <max_size_rows>1048576</max_size_rows>
+        <reserved_size_rows>8192</reserved_size_rows>
+        <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
+        <collect_interval_milliseconds>1000</collect_interval_milliseconds>
+        <flush_on_crash>false</flush_on_crash>
+    </query_metric_log>
+
+    <!--
+        Asynchronous metric log contains values of metrics from
+        system.asynchronous_metrics.
+    -->
+    <asynchronous_metric_log>
+        <database>system</database>
+        <table>asynchronous_metric_log</table>
+        <flush_interval_milliseconds>7000</flush_interval_milliseconds>
+        <max_size_rows>1048576</max_size_rows>
+        <reserved_size_rows>8192</reserved_size_rows>
+        <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
+        <flush_on_crash>false</flush_on_crash>
+    </asynchronous_metric_log>
+
+    <!--
+        OpenTelemetry log contains OpenTelemetry trace spans.
+
+        NOTE: this table does not use standard schema with event_date and event_time!
+    -->
+    <opentelemetry_span_log>
+        <!--
+            The default table creation code is insufficient, this <engine> spec
+            is a workaround. There is no 'event_time' for this log, but two times,
+            start and finish. It is sorted by finish time, to avoid inserting
+            data too far away in the past (probably we can sometimes insert a span
+            that is seconds earlier than the last span in the table, due to a race
+            between several spans inserted in parallel). This gives the spans a
+            global order that we can use to e.g. retry insertion into some external
+            system.
+        -->
+        <engine>
+            engine MergeTree
+            partition by toYYYYMM(finish_date)
+            order by (finish_date, finish_time_us)
+        </engine>
+        <database>system</database>
+        <table>opentelemetry_span_log</table>
+        <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+        <max_size_rows>1048576</max_size_rows>
+        <reserved_size_rows>8192</reserved_size_rows>
+        <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
+        <flush_on_crash>false</flush_on_crash>
+    </opentelemetry_span_log>
+
+
+    <!-- Crash log. Stores stack traces for fatal errors.
+         This table is normally empty. -->
+    <crash_log>
+        <database>system</database>
+        <table>crash_log</table>
+
+        <partition_by />
+        <flush_interval_milliseconds>1000</flush_interval_milliseconds>
+        <max_size_rows>1024</max_size_rows>
+        <reserved_size_rows>1024</reserved_size_rows>
+        <buffer_size_rows_flush_threshold>512</buffer_size_rows_flush_threshold>
+        <flush_on_crash>true</flush_on_crash>
+    </crash_log>
+
+    <!-- Session log. Stores user log in (successful or not) and log out events.
+
+        Note: session log has known security issues and should not be used in production.
+    -->
+    <!-- <session_log>
+        <database>system</database>
+        <table>session_log</table>
+
+        <partition_by>toYYYYMM(event_date)</partition_by>
+        <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+        <max_size_rows>1048576</max_size_rows>
+        <reserved_size_rows>8192</reserved_size_rows>
+        <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
+        <flush_on_crash>false</flush_on_crash>
+    </session_log> -->
+
+    <!-- Profiling on Processors level. -->
+    <processors_profile_log>
+        <database>system</database>
+        <table>processors_profile_log</table>
+
+        <partition_by>toYYYYMM(event_date)</partition_by>
+        <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+        <max_size_rows>1048576</max_size_rows>
+        <reserved_size_rows>8192</reserved_size_rows>
+        <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
+        <flush_on_crash>false</flush_on_crash>
+        <ttl>event_date + INTERVAL 15 MINUTE DELETE</ttl>
+    </processors_profile_log>
+
+    <!-- Log of asynchronous inserts. It allows to check status
+         of insert query in fire-and-forget mode.
+    -->
+    <asynchronous_insert_log>
+        <database>system</database>
+        <table>asynchronous_insert_log</table>
+
+        <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+        <max_size_rows>1048576</max_size_rows>
+        <reserved_size_rows>8192</reserved_size_rows>
+        <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
+        <flush_on_crash>false</flush_on_crash>
+        <partition_by>event_date</partition_by>
+        <ttl>event_date + INTERVAL 15 MINUTE</ttl>
+    </asynchronous_insert_log>
+
+    <!-- Backup/restore log.
+    -->
+    <backup_log>
+        <database>system</database>
+        <table>backup_log</table>
+        <partition_by>toYYYYMM(event_date)</partition_by>
+        <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+    </backup_log>
+
+    <!-- Storage S3Queue log.
+    -->
+    <s3queue_log>
+        <database>system</database>
+        <table>s3queue_log</table>
+        <partition_by>toYYYYMM(event_date)</partition_by>
+        <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+    </s3queue_log>
+
+    <!-- Blob storage object operations log.
+    -->
+    <blob_storage_log>
+        <database>system</database>
+        <table>blob_storage_log</table>
+        <partition_by>toYYYYMM(event_date)</partition_by>
+        <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+        <ttl>event_date + INTERVAL 30 DAY</ttl>
+    </blob_storage_log>
+
+    <!-- Configure system.dashboards for dashboard.html.
+
+         Could have any query parameters, for which there will be an input on the page.
+         For instance an example from comments have the following:
+         - seconds
+         - rounding
+
+         NOTE: All default dashboards will be overwritten if it was set here. -->
+    <!-- Here is an example without merge() function, to make it work with readonly user -->
+    <!--
+    <dashboards>
+        <dashboard>
+            <dashboard>Overview</dashboard>
+            <title>Queries/second</title>
+            <query>
+                SELECT toStartOfInterval(event_time, INTERVAL {rounding:UInt32} SECOND)::INT AS t, avg(ProfileEvent_Query)
+                FROM system.metric_log
+                WHERE event_date >= toDate(now() - {seconds:UInt32}) AND event_time >= now() - {seconds:UInt32}
+                GROUP BY t
+                ORDER BY t WITH FILL STEP {rounding:UInt32}
+            </query>
+        </dashboard>
+    </dashboards>
+    -->
+
+    <!-- <top_level_domains_path>/var/lib/clickhouse/top_level_domains/</top_level_domains_path> -->
+    <!-- Custom TLD lists.
+         Format: <name>/path/to/file</name>
+
+         Changes will not be applied w/o server restart.
+         Path to the list is under top_level_domains_path (see above).
+    -->
+    <top_level_domains_lists>
+        <!--
+        <public_suffix_list>/path/to/public_suffix_list.dat</public_suffix_list>
+        -->
+    </top_level_domains_lists>
+
+    <!-- Configuration of external dictionaries. See:
+         https://clickhouse.com/docs/en/sql-reference/dictionaries/external-dictionaries/external-dicts
+    -->
+    <dictionaries_config>*_dictionary.*ml</dictionaries_config>
+
+    <!-- Load dictionaries lazily, i.e. a dictionary will be loaded when it's used for the first time.
+         "false" means ClickHouse will start loading dictionaries immediately at startup.
+    -->
+    <dictionaries_lazy_load>true</dictionaries_lazy_load>
+
+    <!-- Wait at startup until all the dictionaries finish their loading (successfully or not)
+         before receiving any connections. Affects dictionaries only if "dictionaries_lazy_load" is false.
+         Setting this to false can make ClickHouse start faster, however some queries can be executed slower.
+    -->
+    <wait_dictionaries_load_at_startup>true</wait_dictionaries_load_at_startup>
+
+    <!-- Configuration of user defined executable functions -->
+    <user_defined_executable_functions_config>*_function.*ml</user_defined_executable_functions_config>
+
+    <!-- Path in ZooKeeper to store user-defined SQL functions created by the command CREATE FUNCTION.
+     If not specified they will be stored locally. -->
+    <!-- <user_defined_zookeeper_path>/clickhouse/user_defined</user_defined_zookeeper_path> -->
+
+    <!-- Path in ZooKeeper to store workload and resource created by the command CREATE WORKLOAD and CREATE REESOURCE.
+     If not specified they will be stored locally. -->
+    <!-- <workload_zookeeper_path>/clickhouse/workload/definitions.sql</workload_zookeeper_path> -->
+
+    <!-- Uncomment if you want data to be compressed 30-100% better.
+         Don't do that if you just started using ClickHouse.
+         Note: ClickHouse Cloud https://clickhouse.com/cloud has a stronger compression by default.
+      -->
+    <!--
+    <compression>
+        <!- - Set of variants. Checked in order. Last matching case wins. If nothing matches, lz4 will be used. - ->
+        <case>
+
+            <!- - Conditions. All must be satisfied. Some conditions may be omitted. - ->
+            <min_part_size>10000000000</min_part_size>        <!- - Min part size in bytes. - ->
+            <min_part_size_ratio>0.01</min_part_size_ratio>   <!- - Min size of part relative to whole table size. - ->
+
+            <!- - What compression method to use. - ->
+            <method>zstd</method>
+        </case>
+    </compression>
+    -->
+
+    <!-- Configuration of encryption. The server executes a command to
+         obtain an encryption key at startup if such a command is
+         defined, or encryption codecs will be disabled otherwise. The
+         command is executed through /bin/sh and is expected to write
+         a Base64-encoded key to the stdout.
+
+         Note: ClickHouse Cloud https://clickhouse.com/cloud supports encryption with customer-managed keys.
+    -->
+    <encryption_codecs>
+        <!-- aes_128_gcm_siv -->
+            <!-- Example of getting hex key from env -->
+            <!-- the code should use this key and throw an exception if its length is not 16 bytes -->
+            <!--key_hex from_env="..."></key_hex -->
+
+            <!-- Example of multiple hex keys. They can be imported from env or be written down in config-->
+            <!-- the code should use these keys and throw an exception if their length is not 16 bytes -->
+            <!-- key_hex id="0">...</key_hex -->
+            <!-- key_hex id="1" from_env=".."></key_hex -->
+            <!-- key_hex id="2">...</key_hex -->
+            <!-- current_key_id>2</current_key_id -->
+
+            <!-- Example of getting hex key from config -->
+            <!-- the code should use this key and throw an exception if its length is not 16 bytes -->
+            <!-- key>...</key -->
+
+            <!-- example of adding nonce -->
+            <!-- nonce>...</nonce -->
+
+        <!-- /aes_128_gcm_siv -->
+    </encryption_codecs>
+
+    <!-- Allow to execute distributed DDL queries (CREATE, DROP, ALTER, RENAME) on cluster.
+         Works only if ZooKeeper is enabled. Comment it if such functionality isn't required.
+         Note: ClickHouse Cloud https://clickhouse.com/cloud always runs DDL queries on cluster.
+    -->
+    <distributed_ddl>
+        <!-- Path in ZooKeeper to queue with DDL queries -->
+        <path>/clickhouse/task_queue/ddl</path>
+        <!-- Path in ZooKeeper to store running DDL hosts -->
+        <replicas_path>/clickhouse/task_queue/replicas</replicas_path>
+
+        <!-- Settings from this profile will be used to execute DDL queries -->
+        <!-- <profile>default</profile> -->
+
+        <!-- Controls how much ON CLUSTER queries can be run simultaneously. -->
+        <!-- <pool_size>1</pool_size> -->
+
+        <!--
+             Cleanup settings (active tasks will not be removed)
+        -->
+
+        <!-- Controls task TTL (default 1 week) -->
+        <!-- <task_max_lifetime>604800</task_max_lifetime> -->
+
+        <!-- Controls how often cleanup should be performed (in seconds) -->
+        <!-- <cleanup_delay_period>60</cleanup_delay_period> -->
+
+        <!-- Controls how many tasks could be in the queue -->
+        <!-- <max_tasks_in_queue>1000</max_tasks_in_queue> -->
+
+        <!-- Host name of the current node. If specified, will only compare and not resolve hostnames inside the DDL tasks -->
+        <!-- <host_name>replica</host_name> -->
+    </distributed_ddl>
+
+    <!-- Used to regulate how resources are utilized and shared between merges, mutations and other workloads.
+         Specified value is used as `workload` setting value for background merge or mutation.
+    -->
+    <!--
+    <merge_workload>merges_and_mutations</merge_workload>
+    <mutation_workload>merges_and_mutations</mutation_workload>
+    <throw_on_unknown_workload>true</throw_on_unknown_workload>
+    -->
+
+    <!-- Settings to fine-tune MergeTree tables. See documentation in source code, in MergeTreeSettings.h -->
+    <!--
+    <merge_tree>
+        <max_suspicious_broken_parts>5</max_suspicious_broken_parts>
+    </merge_tree>
+    -->
+
+    <!-- Settings to fine-tune ReplicatedMergeTree tables. See documentation in source code, in MergeTreeSettings.h
+         Note: ClickHouse Cloud https://clickhouse.com/cloud has a SharedMergeTree engine that does not require fine-tuning.
+    -->
+    <!--
+    <replicated_merge_tree>
+        <max_replicated_fetches_network_bandwidth>1000000000</max_replicated_fetches_network_bandwidth>
+    </replicated_merge_tree>
+    -->
+
+    <!-- Settings to fine-tune Distributed tables. See documentation in source code, in DistributedSettings.h -->
+    <!--
+    <distributed>
+        <flush_on_detach>false</flush_on_detach>
+    </distributed>
+    -->
+
+    <!-- Protection from accidental DROP.
+         If size of a MergeTree table is greater than max_table_size_to_drop (in bytes) than table could not be dropped with any DROP query.
+         If you want do delete one table and don't want to change clickhouse-server config, you could create special file <clickhouse-path>/flags/force_drop_table and make DROP once.
+         By default max_table_size_to_drop is 50GB; max_table_size_to_drop=0 allows to DROP any tables.
+         The same for max_partition_size_to_drop.
+         Uncomment to disable protection.
+    -->
+    <!-- <max_table_size_to_drop>0</max_table_size_to_drop> -->
+    <!-- <max_partition_size_to_drop>0</max_partition_size_to_drop> -->
+
+    <!-- Example of parameters for GraphiteMergeTree table engine -->
+    <graphite_rollup_example>
+        <pattern>
+            <regexp>click_cost</regexp>
+            <function>any</function>
+            <retention>
+                <age>0</age>
+                <precision>3600</precision>
+            </retention>
+            <retention>
+                <age>86400</age>
+                <precision>60</precision>
+            </retention>
+        </pattern>
+        <default>
+            <function>max</function>
+            <retention>
+                <age>0</age>
+                <precision>60</precision>
+            </retention>
+            <retention>
+                <age>3600</age>
+                <precision>300</precision>
+            </retention>
+            <retention>
+                <age>86400</age>
+                <precision>3600</precision>
+            </retention>
+        </default>
+    </graphite_rollup_example>
+
+    <!-- Directory in <clickhouse-path> containing schema files for various input formats.
+         The directory will be created if it doesn't exist.
+      -->
+    <format_schema_path>/var/lib/clickhouse/format_schemas/</format_schema_path>
+
+    <!-- Directory containing the proto files for the well-known Protobuf types.
+      -->
+    <google_protos_path>/usr/share/clickhouse/protos/</google_protos_path>
+
+    <!-- Default query masking rules, matching lines would be replaced with something else in the logs
+        (both text logs and system.query_log).
+        name - name for the rule (optional)
+        regexp - RE2 compatible regular expression (mandatory)
+        replace - substitution string for sensitive data (optional, by default - six asterisks)
+    <query_masking_rules>
+        <rule>
+            <name>hide encrypt/decrypt arguments</name>
+            <regexp>((?:aes_)?(?:encrypt|decrypt)(?:_mysql)?)\s*\(\s*(?:'(?:\\'|.)+'|.*?)\s*\)</regexp>
+            <replace>\1(???)</replace>
+        </rule>
+    </query_masking_rules> -->
+
+    <!-- Uncomment to use custom http handlers.
+
+        rules are checked from top to bottom, first match runs the handler
+            url - to match request URL, you can use 'regex:' prefix to use regex match(optional)
+            empty_query_string - check that there is no query string in the URL
+            methods - to match request method, you can use commas to separate multiple method matches(optional)
+            headers - to match request headers, match each child element(child element name is header name), you can use 'regex:' prefix to use regex match(optional)
+
+        handler is request handler
+            type - supported types: static, dynamic_query_handler, predefined_query_handler, redirect
+            query - use with predefined_query_handler type, executes query when the handler is called
+            query_param_name - use with dynamic_query_handler type, extracts and executes the value corresponding to the <query_param_name> value in HTTP request params
+            status - use with static type, response status code
+            content_type - use with static type, response content-type
+            response_content - use with static type, Response content sent to client, when using the prefix 'file://' or 'config://', find the content from the file or configuration send to client.
+            url - a location for redirect
+
+        Along with a list of rules, you can specify <defaults/> which means - enable all the default handlers.
+
+    <http_handlers>
+        <rule>
+            <url>/</url>
+            <methods>POST,GET</methods>
+            <headers><pragma>no-cache</pragma></headers>
+            <handler>
+                <type>dynamic_query_handler</type>
+                <query_param_name>query</query_param_name>
+            </handler>
+        </rule>
+
+        <rule>
+            <url>/predefined_query</url>
+            <methods>POST,GET</methods>
+            <handler>
+                <type>predefined_query_handler</type>
+                <query>SELECT * FROM system.settings</query>
+            </handler>
+        </rule>
+
+        <rule>
+            <handler>
+                <type>static</type>
+                <status>200</status>
+                <content_type>text/plain; charset=UTF-8</content_type>
+                <response_content>config://http_server_default_response</response_content>
+            </handler>
+        </rule>
+    </http_handlers>
+    -->
+
+    <send_crash_reports>
+        <!-- Changing <enabled> to true allows sending crash reports to -->
+        <!-- the ClickHouse core developers team via Sentry https://sentry.io -->
+        <!-- Doing so at least in pre-production environments is highly appreciated -->
+        <enabled>false</enabled>
+        <!-- Change <anonymize> to true if you don't feel comfortable attaching the server hostname to the crash report -->
+        <anonymize>false</anonymize>
+        <!-- Default endpoint should be changed to different Sentry DSN only if you have -->
+        <!-- some in-house engineers or hired consultants who're going to debug ClickHouse issues for you -->
+        <endpoint>https://6f33034cfe684dd7a3ab9875e57b1c8d@o388870.ingest.sentry.io/5226277</endpoint>
+        <!-- Send LOGICAL_ERRORs as well (default: false) -->
+        <send_logical_errors>false</send_logical_errors>
+    </send_crash_reports>
+
+    <!-- Uncomment to disable ClickHouse internal DNS caching. -->
+    <!-- <disable_internal_dns_cache>1</disable_internal_dns_cache> -->
+
+    <!-- You can also configure rocksdb like this: -->
+    <!-- Full list of options:
+         - options:
+           - https://github.com/facebook/rocksdb/blob/4b013dcbed2df84fde3901d7655b9b91c557454d/include/rocksdb/options.h#L1452
+         - column_family_options:
+           - https://github.com/facebook/rocksdb/blob/4b013dcbed2df84fde3901d7655b9b91c557454d/include/rocksdb/options.h#L66
+         - block_based_table_options:
+           - https://github.com/facebook/rocksdb/blob/4b013dcbed2df84fde3901d7655b9b91c557454d/table/block_based/block_based_table_factory.cc#L228
+           - https://github.com/facebook/rocksdb/blob/4b013dcbed2df84fde3901d7655b9b91c557454d/include/rocksdb/table.h#L129
+    -->
+    <!--
+    <rocksdb>
+        <options>
+            <max_background_jobs>8</max_background_jobs>
+            <info_log_level>DEBUG_LEVEL</info_log_level>
+        </options>
+        <column_family_options>
+            <num_levels>2</num_levels>
+        </column_family_options>
+        <block_based_table_options>
+            <block_size>1024</block_size>
+        </block_based_table_options>
+        <tables>
+            <table>
+                <name>TABLE</name>
+                <options>
+                    <max_background_jobs>8</max_background_jobs>
+                </options>
+                <column_family_options>
+                    <num_levels>2</num_levels>
+                </column_family_options>
+                <block_based_table_options>
+                    <block_size>1024</block_size>
+                </block_based_table_options>
+            </table>
+        </tables>
+    </rocksdb>
+    -->
+
+    <!-- <kafka> -->
+        <!-- Global configuration properties -->
+        <!--
+        NOTE: statistics should be consumed, otherwise it creates too much
+              entries in the queue, that leads to memory leak and slow shutdown.
+        default value: 0
+        <statistics_interval_ms>3000</statistics_interval_ms>
+        -->
+
+        <!-- Topic configuration properties -->
+        <!--
+        <kafka_topic>
+              <name>football</name>
+              <request_timeout_ms>6000</request_timeout_ms>
+        </kafka_topic>
+        -->
+
+        <!-- Producer configuration -->
+        <!--
+        <producer>
+            <compression_codec>gzip</compression_codec>
+            <kafka_topic>
+                <name>football</name>
+                <request_timeout_ms>6000</request_timeout_ms>
+            </kafka_topic>
+        </producer>
+        -->
+
+        <!-- Consumer configuration -->
+        <!--
+        <consumer>
+            <enable_auto_commit>true</enable_auto_commit>
+        </consumer>
+        -->
+    <!-- </kafka> -->
+
+    <!-- Note: ClickHouse Cloud https://clickhouse.com/cloud provides automatic backups to object storage. -->
+    <backups>
+        <allowed_path>backups</allowed_path>
+
+        <!-- If the BACKUP command fails and this setting is true then the files
+             copied before the failure will be removed automatically.
+        -->
+        <remove_backup_files_after_failure>true</remove_backup_files_after_failure>
+    </backups>
+
+    <!-- This allows to disable exposing addresses in stack traces for security reasons.
+         Please be aware that it does not improve security much, but makes debugging much harder.
+         The addresses that are small offsets from zero will be displayed nevertheless to show nullptr dereferences.
+         Regardless of this configuration, the addresses are visible in the system.stack_trace and system.trace_log tables
+         if the user has access to these tables.
+         I don't recommend to change this setting.
+    <show_addresses_in_stack_traces>false</show_addresses_in_stack_traces>
+    -->
+
+    <!-- On Linux systems this can control the behavior of OOM killer.
+    <oom_score>-1000</oom_score>
+    -->
+
+    <!-- Delay (in seconds) to wait for unfinished queries before force exit -->
+    <!-- <shutdown_wait_unfinished>5</shutdown_wait_unfinished> -->
+
+    <!-- If set true ClickHouse will wait for running queries finish before shutdown. -->
+    <!-- <shutdown_wait_unfinished_queries>false</shutdown_wait_unfinished_queries> -->
+</clickhouse>
diff --git a/Clickhouse VM/config.xml b/Clickhouse VM/config.xml
index a4a9489..f88cf33 100644
--- a/Clickhouse VM/config.xml	
+++ b/Clickhouse VM/config.xml	
@@ -266,7 +266,8 @@
 
 
     <!-- Same for hosts without support for IPv6: -->
-    <listen_host>0.0.0.0</listen_host>
+    <listen_host>10.118.0.3</listen_host>
+	<listen_host>127.0.0.1</listen_host>
 
     <!-- Default values - try listen localhost on IPv4 and IPv6. -->
     <!--
@@ -391,6 +392,7 @@
           because memory allocator will keep this amount of memory in caches and the server will deny service of queries.
       -->
     <max_server_memory_usage>0</max_server_memory_usage>
+	<!--max_memory_usage>1500000</max_memory_usage-->
 
     <!-- Maximum number of threads in the Global thread pool.
     This will default to a maximum of 10000 threads if not specified.
@@ -424,7 +426,7 @@
 
     <!-- On memory constrained environments you may have to set this to value larger than 1.
       -->
-    <max_server_memory_usage_to_ram_ratio>0.9</max_server_memory_usage_to_ram_ratio>
+    <max_server_memory_usage_to_ram_ratio>5</max_server_memory_usage_to_ram_ratio>
 
     <!-- Simple server-wide memory profiler. Collect a stack trace at every peak allocation step (in bytes).
          Data will be stored in system.trace_log table with query_id = empty string.
@@ -1113,6 +1115,7 @@
 
         <ttl>event_date + INTERVAL 30 DAY DELETE</ttl>
         -->
+		<ttl>event_date + INTERVAL 15 MINUTE DELETE</ttl>
 
         <!--
             ORDER BY expr: https://clickhouse.com/docs/en/engines/table-engines/mergetree-family/mergetree#order_by
@@ -1150,7 +1153,7 @@
         <table>trace_log</table>
 
         <partition_by>toYYYYMM(event_date)</partition_by>
-        <flush_interval_milliseconds>7500</flush_interval_milliseconds>
+        <flush_interval_milliseconds>0</flush_interval_milliseconds>
         <max_size_rows>1048576</max_size_rows>
         <reserved_size_rows>8192</reserved_size_rows>
         <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
@@ -1204,7 +1207,7 @@
         <reserved_size_rows>8192</reserved_size_rows>
         <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
         <flush_on_crash>false</flush_on_crash>
-        <level>trace</level>
+        <level>none</level>
     </text_log>
 
     <!-- Metric log contains rows with current values of ProfileEvents, CurrentMetrics collected with "collect_interval_milliseconds" interval. -->
@@ -1342,7 +1345,7 @@
         <reserved_size_rows>8192</reserved_size_rows>
         <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
         <flush_on_crash>false</flush_on_crash>
-        <ttl>event_date + INTERVAL 30 DAY DELETE</ttl>
+        <ttl>event_date + INTERVAL 15 MINUTE DELETE</ttl>
     </processors_profile_log>
 
     <!-- Log of asynchronous inserts. It allows to check status
@@ -1358,7 +1361,7 @@
         <buffer_size_rows_flush_threshold>524288</buffer_size_rows_flush_threshold>
         <flush_on_crash>false</flush_on_crash>
         <partition_by>event_date</partition_by>
-        <ttl>event_date + INTERVAL 3 DAY</ttl>
+        <ttl>event_date + INTERVAL 15 MINUTE</ttl>
     </asynchronous_insert_log>
 
     <!-- Backup/restore log.
diff --git a/Config Stations/Station Otarcik OT2301/Config MQTT Droplet.PNG b/Config Stations/Station Otarcik OT2301/Config MQTT Droplet.PNG
new file mode 100644
index 0000000000000000000000000000000000000000..b412e928f5ac6f9545d19784415ee96556ece903
GIT binary patch
literal 20529
zcmeIacUV*1wmup~MMOlgpd!VBC{+PLY6R@kED$LH1(6yM2qlDo1+XBXBE7_@fD%Zg
z1qoI81R<12q=q6wLP7`#0YV6Y-vakn+~0oA+2?o9J@@=^pU0A{tToG+V~qKZcZ|6n
zTAH5`+pv2B2m}&4clP8Z5NI_N_^ZEu9dL!DDDxHgZ<YV0GsYlX%N{21WsR$mnGpz7
z5GT5DeJ$`^<kndme-LO>?egDM^*(QIfIt>?=S~`333g!j!QLI{L=A8;R~ypaC|V)n
z=gbzgtbBDYdRe@VX+*?7$L=XJetU@!e`uI|UhDes6$wdF)d8rlqLb#!&*fcb2|H6H
zM0egj`DU-Y&0f_t-|tu`rV+OZ@7s9z^$y9J)pEDxPmBqPD8IWpc5canTRk$(q!<|Z
zTcGs}ID*TvGt(4iW{Q7#cxgG;2|hC`-pm~!-gGFN5qJet>`|m-?S3tKUCBfmtJ5c0
zcJW7cL-viw2wtNS{V6`IIdo}0z+X?Qb%#dKji|>JHm09PTR4ub4*iV|E*j&#N7ZiP
zy<J4<MJ|I*Pt1b(E!6IPpB`;HbrJZZXZy-=VFsVfRH(X<UCn#IqakH9W%*44dYl?m
z3tTb#2r=31+T`C_<&_yqv*CE6k-eexMSPmDjNlosMWeN=>B{gy=l({Cc9xB8dBWO!
zJ)dMd$MS2ZCw8WMIlJ(H_tr7^W5rAd+pD0oFyKatmrD6m#@JGS;RnwlBK%9bRECD6
zTEpk3I*wJ@haSB=^r$Cux4=S@P7fE<qqQfNew#?G=1QS8mN-8Bt}=XzYg57m^k|YA
z*f|r$e1xFUCQ{0m2Ewl!&SZg)#D(&d=)+SkQiO=gHhCAvUQIe?Nk!ClDUp{yaTCGl
zk+OLo(h~aJb;*hoFDoD%?bdW2*AC~@FQ)Pm!V%O^Zi$zssDrsuj<T`jihQUxuehyM
z*TNR#(Hawi8Dw)fZ_*+a%~Mz^wON>?(1*(;o8m3N&Z>^6hTbZ_+Jz32xa9J<YOlp_
zN{$*yXjDhtftd3WRbytgrMR^41@z;lr8$IiSg=5tUPARr?sR$UGvLyHY+i?BWkc_9
zZ64Sq;M4b8G@P~0dH>l;?ayHZnT5A6xKd0wX!9JpkNtuR$8lkPE$6qbNlnpe6*n?N
z=({+*qH4(y^=eLnaFZZTaEI3jsrJZhFowLrInLjwE1X{Xyx{LoS@_m0o2uPkl^|SH
zTIFuIIJ8v8%NlZ22W#w30fXl|n;9AVIj_Lsj#`{pUL&&qV(+7-bnvrdg^faAd7P0#
z=19@ew-@N&bt+*x>b#fU<SEB;_Odc<JCy;A2^)Q7!ypEKSeS9-KR|SX1*bTrhCESv
zYn32}-g9995K5U>6>=(_w-_^#0!9ql(e+xx>-FbL)Y4ot%kA?VzOt!x6_eRV!~M`a
z?9$|tchyYdQSBxconT+rxHwUwhflUx9R6%N-kMm+dBK}F1HNv!SbVh8yFrNOlOokg
zGkkT$Kr=&0&5m}*QwO(w1C&=dtg@_IF9}(v!2)cxQ`r2_eY$Jd(0;m4ALlx!h%4C7
znX6tPAb9-NG*>mSOD1w^m%pF{OYg~mG;<xp+x4fj&NNe!(1)#)i17oiO&{B_1B<tL
zO0UA*s=U3sYvhN+>G@!FS$<r<i{a!m<=GdA2?joSiFKGa5^Gb*%SH&&B$FV-yO8|C
zLh&ZncD2$`49osV`X7Q@q=N<9Ii+BP+ak7GEoF(m!~-`W!$(Z$a|IL0k~nZeB<=z|
z<$?k|GAUCVUol%)Hd!a$BqVNd!$(h*75keaUvj^<D=BnL;S4>TXP{TR4kw%3*-RZU
zY+6kTcO9>m4-frr#3_0ut0AjbmZ>rsg%Gs$(bXP@5!YY#iySS+D2dwJNcCF3UN%IJ
zG>_>)i`J&WiC)(*_J`KAXzqY>7%wQiS$T2JqKVY$sNM?Z=IQWS&?zIC;T@q9?Gq_d
zcmX+d^68moQ3!4u_QG}uaV&mXEu~a;QSYYad^ugbuwca7z_Tf4Ksz4H9chXa#N$(`
zNqCnnV=^4h61}_$AId-M?4uZV*luw^z_;mb%$;ck=lLU#A_Fq9&=n<vS;TnTmwV^2
zMxz9;-gM&oj^L{ovk|PAv~HFsJxdawECmj3)}PA4r(!$9E%Q_p<Z-2izsZN^u$spL
zW~Vx;kAL>rUNw|K&zM-~Y#QLRNm}s@=&PvaUiE4|_;FLU`us)Ct8hNIDa}Xlwroy&
zF(#DfKhn(0R)P|ylx#wj3I#^<-!XiDNtcLawK_Cv>N(A*jY~cw6Vjz`AM#tsAr9k}
zqn6`hTT;`0aj=(6=#OanQ?Jn3w-#v=3n^(42i#n|&(A5IMk5a)4~IW>@Ybi7%D5!1
z!I!$2F4~_Y^g7c$yQA|Q!gOUXtxTHj7K5vpeukKglx!9qK<$kea|}Mb-(==4f|;d6
zr%hBk;p};th>N)3zPURHKD)H2_qlvd6I<D?GR5WauJa8=_CDv{hwyJE5*&(FUD$Wk
zffs)1!OGx0&>mMdavC+Ryc^eSA-#lX8IZ0eJUe@EX<$(ye5}#-lc$ZL^OBswibMPw
z3pob=sk0X=w_&1JT2M6FLR@j)FD3rPrLSif$4n?oKW}(*{8$LE1JPp>KIMT{Z1T|P
zw2KL3J<wDjzCV;>2CCV$3tAr7ym3o=r7>D|mJ%bS4Fb8|c!G(RE6C(lPM|(8yTF}z
zM`2L<Q=>)JCvwA@=J6`Nw^YTOFvaN<A1oQz^`F#z!@<Sa2TH{>;gR&g={c`eAn0b|
zEC_>j46Op)R$UK8-nJyG89IVaNJijfnickIq&D5-T-vv7I=WR7ME>M`ANT3&<1;ot
z4x2UU7u&}j2sWd)Xm;mJepOC)nb&%3c|<#YOfNUoTF8j88U!!c2z5BI%R-XGgc=)<
z(RSxa6MJFJ3OAo0|M4|_O5o%4%2JNcoEHA#Dwi8cp*)%B?&CJL*F~np7P*fHSyprw
zwz7(22ex8FLF7|gh{KAtU8a({`=vU!T6M--01c)q!n?UCj%-`g`j&@f!4sdRE|;mi
z_bYpt^0`4T%`in$!H-YuN>m=g=O`>V&CdxY@G!NC%u-p;urR6nszG|6!eIP_Hw*r`
z4qwtO(kG|N{pXQG#olO*<t`()5_1)D(<LRcqemOUPbI%ef5#54tQ?)S)-z)i@?~_N
zHYRKlNhu5^IL3T<S!h4m&$ik=QUV*`>-PzMI6?@W?=qp@I+YUpbRS3%7u-KpjSRRH
zfIlthpQMi=JyRV#>qQOjFxi8b=aVR>Z|A8A%yD_`IQl4;W$xbrGhP<q#eRokaTMuc
zo}bb|O5l{c?l~T-xY>@<gTd<iA{ChA3UXDxt?G1-V}0(r_#UFJjJ?IjWJ+D?%SfF1
zHah>+hlX_+OSksTJ(`tA)4g{ZR`LSO4=Hi?BB9=$Wz9@e(bAHWD;<SDaWFsach_e=
zW+1aG-E#AB-?g3YsioN^CJ;9}^}g!deIy<!$Oh;tgYIdot?5u?Gxtb_Xw2`^gw|2B
z%TebB>?qS#69WUWcy-4f#VWfXVwFRC;yv<O5aXo`QF-M2y>R0VkxvMnSbF|pTZUhD
zQmHg`w%on!8%uxBb4Z|lp(&%NWOoNCG3|M&6J)@cb4nDd+l*Ei+MT$-G$Y;5=5qwh
ztn44OHE$cI?P(o1KJ+_H6BI~h+1T0Z510GdCl2*%^Yu|8D(pq{ZI)=<EMeQCvsX*C
z^v)rS(&c{hgsl@do~cP*4Ws$N@X<5MIZ#;9?3mq9$ZqvVGaaEjRLvQFLf4P&>6w7|
zs1aF=U<w?ckrl=44#9qOmC4H$C{>H4fGw`NQz`|_adcRJf_w9NC}28|l%PD3xB6d@
z5YfgbPcnYo-Fx7jeb|&;WxDq(Y>BaCUW^H3Qb4P?eK}<!0;c_Dxn&gFJ0~DyOVkE4
zK|LF3eQ2|7o5O6?qRq8TepBa$2vxue#Y!bhB{80;h`V8vywxD09Gtz%*r<9g^mogB
z@zZioYkk_7XY8}4S#z7^vTqCsJoa7*2n9eU#ny}!fAr|37It|lb%BdL`2thOn=Qbn
z;-T}BAkc}`Kxd%aYk-*mA;D%M@UMg%d=&_E-~^x=ptH9D(Sn|U0Gj~Gtup@01CPih
zM<|n@P3ff0S6@Cq&WUdPxYAPdHjJnD!B-DcNG#rOj}LN2i&rl{d`+W-d<@Olu3Gl}
zm=@)e-}U9TYHlXB!W*{Zp7vV9altV;H!&QIpN;&GGguy53;WZ;AWt!q2@K@{hIhWx
z$)j%e&OA-?=hL>{YEvsWDyv|k!MlJ_Z@$3NfG+r60j6}^76)(NvOFOz4Zul!N>C|F
zU^q<X_S<gz*~jC9`%za7#qDV-rxuSZ0^MoaFxr%C7ptv@jY5D1uKtwC4U8ubzn!)6
z<>(K*B+v^Wp&9d~Q*JYO{=}v-6==0$>f?ox++ohlV!Ray<dv2$0_8mHZ-YOszp0)9
zSzJq#6VutLOuwo71+4T;3Q{GxJbtKG5aUum8n^Q`@3*LX4ZY}~I!xB5DWCVp-WlBo
z#C}53jw6SXA?B8T+rjxBkvh2)f3n>9f=SXshL&Kg=tR*ipBU90Hw~MO4*(Lr-EtQ~
zoX)-6xHRi@2yPQHHP9VDsuiW$m!o<;X{EIUvQ@vi$MHKE=NN7A9=_2RXMOG0+<m6+
ztcj1hS79Ks`jgeJaxa;U#FD|NhhqUe`*{7<E6SzGY3I6QHTqnVe0?Zo)GznPP`ofg
z<^6V;TGCs?_=HOC7#~&%#iGl~^G^?wOP)~Qj=Sn-Cc6&>6{jaE8A?{mM)gm;p0i)J
z6_up>s+Fn5-@D%yt%rtfZb}mM$2Ynm+ixYHzm=C1RP=0BPf_(jS!b8Gdg+uhLV1D2
z2;2|k)jq<Q$z?vqm9)nb3eCHZBe;I(Wz#3{&WvZ9M@p=gcO0*>?<qL)L%eDLqY!f8
zQM`xe*&n#5hGO-rF-2Uuqk-t#5@1gn*DxD5jL8VMIZVMSgp28SBmM9{o<r)VHN+hc
zOEgbloT)8_Dz)&icCVf(gom3g%JX6{-_b!HJ5HVQx2tL$$6Ofjnb9bPBLO9<Nu(AE
zGi#@W2}vZ?F_ogR1BNn5t3KyO;>aQfrNo%*BUeoE(Cx~1@0hEtwm70}P0!x|y~8D!
zu)mkAN$BxYG2cq;>1am~2QmN`VR-k$BVeI+K435DK@&!9@5mp_vtx|*)G>`AR28iR
z;rJO72$zrqc`&BQ)2E&PlB*OB+nbY3T;dsa`fRmxS>IGmp-;ToO<Z_qy)2TAC!HA^
zGB)$Yp<)W2S=V1|6p!{eF)BgSE&Z}BYLwatb7nLqc7i9am0}JwSyS^4`D|HdSe-h$
zSQ-|$JUbbGW5`VIS;m^64h)tzY$tAvT}>L*O8sbwvMcjowB7!)+dD6tT^#YO1=iV)
zHW2-S^80A_YIKn`B4yjUG?rG)@nB5V+O7rE^9X1*y>z4Prv|9GQ^|>^)I_osD!GT}
zzriyC*A7cphbQdSLR$2r&woZM*g3!y2g)U1ruLh35+tWG3y*y7H&>Q*bKHJOGu>rD
z%XaCw2O=Sl=z|ev-WxbouoOro#)-k!C9MTr6BSd1tJFr}gLhV$Fh=|9+)W^LBC30L
z6E#DXX;iN;@sv%lPHKJ&zJ%#+H?ScRx1D80u!}m}`d;QWksVFZ0)gy)%cLZ2&AomA
zt~4@c0y(I6QEf@?t$k!lD(|ICgssqp9Ibs3ss*33Js*(S+rtmR%hL6GCzSVx@7tHw
zKQHrJBOya6I5%0=OYOD06s`U3kC7XAFCDb+P@vMlsU4w3KZ?n%ZK9WE8#4$wB#&GB
z0dGr4mL#s$sNCv~Uh$QXk|^Bf6&E+}#VBlT{OX;sU8B-YYsGKPblV@3);2gJ-`ai)
z2{`g^#Z%EXG2$L1p|<uDr<a}fRawZ2AAg5YT0&YZw&NDiWBhQfyUVWpU6nq(;q14#
zD^ZKV2Uj{nk;v^^etueM|L0cl@Za1DzCG?mar?UV?HK?~$B@^iZ_)WuzQj~Xm*yEB
zuUf^B!iXN<znf^xd9n#3dO~qO^0mz?;}~Fs7$uxpqhQnP1+7(b*(Esmst5PU+dB_p
zfUR6k-WWpeH9hUD0ga%aA|$8!29lG6mV$}v)%+Dj21r_|7Gth@DZ+HvJ||=Z?tQ8;
z<--S~Tfhdn>a4qxaZ*(5ld!v=72n=%{AgOAqjM*yyOrP)wdb=rzu)4+I@-gO`}F)f
z<n53{n&-Y<TGR(D<w;v2l-ZNG`H2Vkl9#KUA*IW@8vhCIbvhn#tKYp@A!jM_Ht@h@
zH$M{k%<}CgjFU|94y)`Oq^CN+OfD$4x#=Ghh1K`(_Rzh^r~aVYw|G{mTX`XIr5kA;
z4+d~J$1z78XcC)PRa6-zXc9V8(4<+daxn4w2fOO`0oKrJ7h-8;PZ*C1?|Hi}@fcMk
zERY!c%%!*WbY7Wb%!J;4NO^CSRqsLXajAf246CbYQ(V(SJqL$^l$0R`C8+kN+_J7a
zFmrqRCp&%XIr08s`x2OD3a5f}cKLYhm-4ABdG7N{Vmefbi=xa#%UxP`&nt8vdmGGp
z^_6QVDy~$m(3~>e(fWy+oiP%}Dr6D1hD@wVaB1JocX7PmUm8ma)8j-F%%zCtv70!S
z!x6Zl?mH>cdK}mKi#Zb;c>3DQa%{Y94DtP_%=BB-?GN_dmqF<B@UtK!QclAhWF$T+
zbY=?%ZVhzWRPT_uLe*NB5t_gTgiuD>2xdN^LxBqj8Ih!tiSm2{p9&^QZ+M3@b-}84
zYuKlTr#i|eN%k3jxbq1dCo{D=VQ*eh!7g_IUcT_TN37ggCDHEpUAd#Qb@qz+SY~6p
z>|pWWfRkc`1z`p@LeU!Fwy-+;?|D$8v|EvQ8giqVkHEf%z>M+fjRm*vXJ;OSHw05g
zE*_63TgBF=;)eJas)dXtZ&!)!hj+(2njEqX_^yn5ZCbc>_%wv*LG|9+wL}@?>;7!?
z^fhEI6U72#mjz4fpQ~ffarE29-A$5|-k~FK?80-t$So(%*RF?ZSstgbMJ(&FrTi(Z
zEe6pRNIBP*Cg~QA$T~+j`gY>g_O7K46gLUnJkJYLy?0v6!I08kEH)C*f#b`t18Lob
z+01<O1*(={(v14FQw5XLYY`M;hwKj?;&-^XRA&URxnB#xt9l(Cd&ZLiWdEe?S|+ox
z_KGjoRsF51>%FsvKKdCuI18H#?Nx)F;5~0j9Miv%croI{``l{8fSvig6y8zUH7SAH
zPY_!wDH?BN-a*htz7wbcp@P6f^aaNG6v;<<s(j4QR8MzKqu(xY#LNz2@RKU6nK2Nl
zoj7l|gLpgG>yRfgEA%`{kfACS)d*(2*n19lDRS|vNglI&@3zz_ZYpO)1Q74@!l4*G
zwF1l3k-BzhLCNN67uGgsiRV_)78#=%c~HdOc2OU=ZQJlw=QwRlN==Jfc~-^42kb4x
z?;fINW*h)eTzcXh^IQy?;2L$_p1FGdB;(Nq!&Wm!kQ}X41a$Os!D&TNsGsQR)rtDS
z_G?tiP;Hc=BOt$V5!sxg1s7k9wy5U=s-WLCuZK?Edgsu$K|oRi9c>W5?xx!kbp?RS
z>4{s3iK{MnYtUPBmG513a{=X?fjLH2DS(cvD8Q{;KZ7Ij0<(Pp#PoW7bQv_uWq#9u
zV%7qm-jy{b;Alnmz;6#4%G<1#6uvHGEF*2oP|6D6&c%=xONWO?ttat2Xy5?#%+$zI
z3E=LIp$HspfSGDBZE@;H{Y9WDr$Z*46;qN-k!6T})XH0}QTAj)c;(e7Rc|%G+n*dX
zII9LB%q2wwKNldDJvj*VCQ7v|<EjJgyT>wQS2kxn6J{dZWI&)7;tq`OxjTT1vWlgW
zJfGzjrfbXFXyDdQ8Y>-Kk$o);{H&IXiC&ro=5|6Yo%|_$d8c`y=EC@1UAg|7<}i4_
z)-pX1A`fAdJ3MuC?S4YRiC@D5gPR&~ShFrKRR7!9;+DrUCXMcgjW=LKYfc1<w@rKq
zM?SrGFfd`Dv~(~jdmGq?<uz2yubmXCIUJ1f+?iY5jI6f7w~ZKG?ny*Vc^7n1Ra>-Z
z6PPkSI8(Kd8TJi2U%C_;98%Tqr`P3QQdJpx<3-QNBc*O2_-CS(lG2jTeE}<QTpU%x
zXNxDwSqN0f!Xg*I5Du->IC86}OQloFcfoVg{1B~}hIHpE=TdKFyQj^9)987Qs?@fF
zw=1oqaI`zkd?eI$@^Re;CGk912Q*BY0MmJ)W+B5X_AN6*s=xIDFI6b5%5|6J_Xc?x
z@UFv#xN#wlN@uS=K?CFv3mH>gd?it7zF11LQOTWj%eB*=TN@7TcBl;rETc{HeiK*b
zwVKNRV1^J?f<nq1j+$}7QflD+dVK?>wD(YRaCDC$p)&5rh}8Td$V>L{(g;_xxcTBP
z2}R+}JhOK2w~WfhJ6{cs-k|Uo%}Qppe>m|FgvU{b_>W0fN)MyiQ@1DZogsy8X|a_r
zz<Fja{4?G6D;IaAN{(7!6Gba$I}28Wea1bd#c@f(nT2AGZ>0O;$Z%<Kvv}X`mfV0o
z+5$=`r))J$7f3%Wjvj-nh<k@IHbg{dSR2$>nOw$KzqRfVSy+c-xg)*x#>vonkFGG6
zltgBisFFAcCa4qR6Vt0hlW4~HKKH8Z0F$9(yw+PPp~p%nSpu^9c&kS}ZCFwXsV}0!
z!fj36bZv8p7<BL&E%J`a7X9P%!tcrNWi$ms2%YBb$2V(dta)Bkfr?eK>sY6i;oxbp
zh4`-Lt#Oh@rQd~SXcfutLnp8G6hkW&dYVt@tXkA>|H&axO{(V_LP+ij0(e+#Ba;@g
z%SYCu`f&ounyXTrzVLViQk*t$ro;?n(&ov?6@Iv|w+j|}wLI)r(`+BOCbBMrX3kCX
z2zvq(h}oAyQXC9y)^v)-;8SBO-}y2c8EUJX^izgOYZD#I?5Qj#1Cl$0`c;_O$Byiz
zpz%(X<fESrcUv}f3YxO1x3(oa;5v)Z<46%z){-(wofp<45G|4N*jjUKdN<KSIHpN!
zo$5uMC(PQ45+VDr6OZT9Jhb}frGjCyqZC#(N|?}x$!LU+MH+4b9LT#c6Ua3>Avda)
z?DJx6N(Zr*SpAkxVyTx{?(Vr?1Lv0de&G>LQs8520SNipgwb;>;!xfl0Q@mG69dUp
zyHab49BwaDGr;%T1^{Bb4POtfkpXb%3Ec?QYjHr#EGKO&`K}&tu*<Nm%Nf9hXI)23
zlEyZ^Q+jPI2)&FdeyF>IT=Nb|+;gE^wR98A-_y90-_JF?_Tx490uQyIIe#4V!rai6
z8z(8$r84E;PrKUV$#^EoT7N9iwhfp5?vMvVUSM;-;B)JlF|CUV=pvcqRb$zz^=*c+
zWj*xIOJ=A9OXr+ZjF*8~ufeP%JB%T_fw6G|bP{I)IH{3#HZmK%0~6ho@N6-!7Kqf{
zfw}Z`(ypFojAB)xnj@!2nm%3l6kMpQKGNCmog46m@_gD=y3Uw!9+>%9m1_MZ<IcL0
zd`xX09>+h+*lm0+yyLoZ1WvO>8J@8xrM7mzzeH+j>{T|rWPDbuyZY;dh#sC)@SI%Y
zyM+jJcVWJ0lQUBr-rW3pRu(F5W_Q23>Tz5XfCHoJTw3}aB5=uj>tI+stiIP#jzYUi
z%)wySZ#?5CdSq!Nb0ls!_L~mhHr<~RQEByNNpm`sK*+-n?XoFz<18Qm?BHwCAn!lf
z>nB}){#L5BAzq!$sMwWJp4>c14XmFj*_Z?y;U`<ME6?&+dZcn%9&-HqDc6kAii$ph
zAV=#kvsL%8i?(rR*W>yb_XwP6-nB1~AMW1??VSYYakVE*Kjpq5azdn#7)WBB*ONov
zZ%d1>mDpwAs61k()?*)aEGSIogrbr8dBWBW+P3`*uQ<D%jHw-y*`1gAgV~j9?q0Gf
zZ1QuEv6LdbVrz|qOU|uG&sB!F<FZB~`V`47(C~1!<iTo>Y-iU{&7=M>pUe`C6k)<%
zd|$xno9dmgZ6vcKDnJh>uzP&_WbyefdRQKYHOwII*|TTcrsgl_wECiMr=&=aP77)1
zd8dq*4n=Lt$fiW!_SKAc*YLNuYf0&NFOHdwMpXwo#ij>riZgHIrjkZjVUFd2UN;NJ
zwKD=Ey>ogUUi6V?`viKKDmk9z-h3J{g}}X$vmG5R&mW5wvVz8DA@>k%KR(cND7$<4
zUBmT0EzRF_tcszc&MxPq%;%Kw5+$&5W`MO)KdH>}$k%59N|3kd1Usr2`;SRW5vMj^
zj*^rLJaE<p58LVA*_>E{Y4q{eF+{&-6G_Lt%0Fp6V#jIbxr6c^vkFC}<{CF!r<A73
z5)}^|Xo`)Fuh_c7EBLedR6ZqX@3-KCc=?^j2Tvz{**s*<O)MIOwHtQb{=PQOkI2<M
zIgrEeaXeEmMTK=$>A^=JnxR@M6U^hHZ)sEGi$be_=|rg7sSKIjIecCU!GtxFt>jV^
zjLzOi{G3JpguJNzNTI-uxUEDT9y#C`y!6)W{E8-n;W|bYSJv#)zM(^+Znj?YV!r(V
z*ivVx&B6JIs8@BqN_fSN!l}(2Gae8Xc=xSuP+wp3S)QN7x<b&fqgWeL0rB7v{*p+w
zn6yvoc<cqeMR>UEm|sg+ITfGJvWrSnZ;F^TDSbr|bYj>^l#JGoBZQ$??UKW!<3_At
zdc;M!7t6-wf`wJAKTuNh&RhzhKQnBjB=FKwfh}nq8#!Ctc;C9`)ZhexSY_g~$yx5c
zQcw~{K<M#S)2gWUTS_xgXwP4E6^V-`Nm5P~?h?-w#cPm8b!E*8Q%soAxsIgHaZLof
z|KRk<u@YJgl7Fc$r(F?4${fzv`W`tIWb&brOpBE?`rz~GEt?$dCa`4WHU$+oD-B=w
z+*Ng#Kj@RgEWsv+<w3?4crEJr)ZC}kv_gEhp|+~fFyIG8pakp3R3)934}`Na5|)WW
z&>nljQ~bW`=W^T+O?JkAf=ii~u`*kY&C1LJ1fzyGw}+~Y>mpu=8orzGDiRolz&cw#
zQ#o9;ZTZSHG{m815MrZyq+fU9wbvxGgGvMp3GYUd#+MXj0u;LWx7iK{#;_X1#@ZB}
z&}x3}_!Bv6u^TZkNh6hDWWjYi-t=h5_QJ==tOi-N9G%us1ZfSow9vG6HiIVL6-o7(
z^XlopT+r*KC90pZ?h4>p$K4sbttUac@++P>-JMa0&%j!GziV)S$T%fYk+Zp1t6J2P
zdDPGN#Dvn#Y?zU2RbNy&DyWa(JCTBGa?<rpgh520yF}K7D6uTf8M`$fxhL4!n^B_Q
zy`YdR<&4hdl)*e7Tucarc#)t3j&<&kfzGKrL4A;{!CN}bQRtWX*@FC1J1@JhiLKzI
zZ-x<uQYkVXmpdn^pxtntL<u6Ha*VAbb0TL7EiPT>M*xU@{qh9Iy)!~_=J*ynfaNVF
zC*V!xua=Qqd$HF_0?Hq=7H=q)o~H6JN^d0g=$cNL3{cyYTrr568eqmigM>#^zi}0P
z5B%>Q9Z25!@id@=h#K;;Ow1U&r5D2MOqZmiHVW%KU);kVi6AGO&LOY8Mg~@$dl1fi
zD7teWv$_rKyp+C~*!HAVM^n0HoB{aQH1c-cr>ji%33O&#MKDTYk6zBcG6pZ<Dn+2K
z;aMz%|Be15LC}rO)GM+uTw#OO<@}=Z_ibxIwWZn^CHTGztUP1L7@NorfFa{i4=M+0
z6@IoP3To?4BbQV|h)zD8FuW%<ZOmj$AfpA)C^bLWW{fEdrxEnKv?kWWk!a?phl^E7
zr0VDZ=9e7ZCS+r8Kvr^c`xn%wKvg2CYAoVGMgA*={?GK@BO{eAS&dpij(T1Ed8syB
zQ&4Uwdf&hZEl{1?cZA+ZqNfjdyVyHw7elG{$@4Z=vsvUhgw+U*O<-4R!0w+7Pn_b<
z0UI$$E(4fhGlaPM&Iya&*^>j;Gt<XB_wI9aF!@k+M*f-=H8)BDoEOlSLuQ#0ED-#D
zcv9(r#7Pe7N2hy_In^(v#}L?K&Lz6@D^>&h%hLEDkgC`?&>w;8d1z|h<#H^&SEJeJ
zw-ktdq)pTtCtF%>ba_>0BGeJTfu;-V%z%uUWO>QG#aAETq+>7A7Ux;-hs^LAO0$EP
zcDz?aKgF^+9x(0VrSfz0Mb8K7EmpwLm>DD2o|zl5r)<7$^FGDWcRh646jsB0GfN(R
zZ0z!jnDpwfgt4MEd!^|VK|n9C8K!igKCgz%>XbvW6?+Wvb%ANK;oMtUqM#@rA7cpZ
zz(Gja^co)vhWCS8xVkImvoKC#qQX)rLd-?IlK03qpnIGeK%GofiX_k;UqC{<lV7O^
zZ&0)B!QLGYG{y&1pkxo2s*dnsB`60>payO6zDc+0(?w+(caj2dT_<#rK$5Z*PQ!e(
zmcKQ;S1!E90Iwcg+>Gtbg_|$7Oq1_T^H_JqF58Y*wDYg1+PUw?e$RcjCW97?q6UT)
zcr~CbEN-ALE_)*nYIpHB!}qLh=t{B5{wmEd2Q#)VJ7K8&A&^Nr5(;!=tWZb{kz;D%
zEd)M62&Ju5(|P|f^wwpBS)`4@hGbzIWTI4&NbgeF69a33VEpzVHI1C5fU`0YIX=j1
zrD7t`KNhN@P%!Rcz2|l*Y|_!*M9lO^7gzxRUBmu$KYkS5>6&Lidgy^r=F2yCl9u7x
z$A|J_y!11#wyZl@r5&cVSqeytue;QS4%jIQn3EV3gXl7hP@Rq>pSmct0(v6J3F|N{
zFRx4ELGl0xkbYXW-X0bY{JiC-c@KeZ>vB)V!nK&x@t~51`4ef&c=I68?7qb14%_Ni
zfda-K?qO=qu<zZw_YFQ61~Fp^rHu|HV__1+LyAr-NC&kCM4<EngwWe`(+fjyZPp|~
zPxb6hWA4*bYchDcKf`h$u_kK)@lk*?W(nndsXq##9)MrG^4khn1)#B4PKYItle(#y
zqDO+CV(fmDUBylWw*t3w?ob$i@9VPMA(iZ#d64qq5_>^mFYVC`U3bZ~=|&#uVMAf%
zj`4>Tqdz&pSTulLr_MKFbaZWwLOaxQTyNHYf<G{uC-9-LLPK(PoHLGaj`8x%gB2e?
z?F;HMp8*ncH!uwj%x8%G8Yz+-`c|oIIxVEzFTw8V9Z>0A<UWYPnfnM!MU&2lI=b-H
z?UQ-Qotg&W270R5eA0)o@iaL&My;*diL3OhsNZEg`Z3&Q7oG5=#9mAMI_CCv1-Omh
zTI^wX0w*<Fa!9^x^q59{36uYJ3hHyBrz;LE_WC3+wmU0Oz0eVZ-FxU9V3ZBE$;>%r
z<D^?Yl0-;;YPP6|i+V=Qc2SHdYA^ia*ApuUW-r`@KtJDk%wJ#ckhkOxquk)rSoe^G
zH5%S(M6JWz@@G@jHRiAW#q?oDhsAA%nEPb$1{9z;szu|P^m~P=4chQ_T*&s)?bY2!
z3^wBu2RAy!SFyt&X?fzs%)c)X<q`HWc5&uqX{Nw`Yhd?fpbq0axzT5DBIX>u+b+tC
zLc6|@5+wRe35xp<*5X74AZuE+gL0Rpi%^2O|LQ9gI4|ij4UY5U8KbCzivK{RUbHML
zUUrqroeL!NNEiget8t(9ZEDvNfo|Jgu!1On@bQhm#qimjd>`#*|7vWu%Wbone|^gt
zL$29oB3Y8@Sin#CRbiF~d1m(%0v%QSp>>_p{=ck1)?T!~n=U~LEcGDf7n3~Jy8(r+
z$zBiLcI?SN0=DJQ@=s$1cC^1P<w_*_X!qHlK^YKz-v3K;D}n1F54jZ$UfykhVD*&P
z>z`rbO2qrS3IWlciJ>c~JfBoh%<^NA|4A0{tvb`_)K%}KhDR!v(dS>BNK_P#tPd*3
z{L|%iKs1b6LD_!{4yOqO&*LmVW%<7f0wBW!9h007|7D6wVn9sIUjd50OJQCN>aVdY
zrWsz~(KC*{kK5`G55Bf(lluKL^x@&pdm34fQgk|)Mb55$p7h{EGta9&ffe?fPU!yg
z2u3kjIn24*_>K2Ct~UdN-D1sq-R}?1+(`enHvQppsQbHo5&=-jc__9&tD)D%TL-1i
z?Lb>JceSJ?mzk%jQg>TOeh9n^<FR!3#a=o69fcX~=90wNrpb#t3S-U3G|L)~>3P_+
zW*o$mu-8uADx%z^zqcRhYEm2mX?+0#d<dhkKAGHfupr2|A$BwI4fN1*9GVp;RC8&I
zN2+nB@!fbmaGI-0Cy<vh|5iXc_r7hWh^&#BdMc~gD|H>AaVpc&E@39M$DNwfKDNr&
zilJEhRMA_l2V}Koe-I+*syoEwxny>_3+xsJd%eD>hkXIW0wm7{>=9rJ{^8ToQH%}t
zM|0Pv>i-xf<+~O6>R0O~P!P}#r8+yVdx<#)yCXB5*X_yQ1KCmMb=3pfD&mHbQ}`K(
z^b*&+D_CYB;>sdaA3eIdyw#9WqEvTrfnjVO8t{XU1h^NetKtRJnDL72nTp8{l&#8X
z04X2SEXnWG!XFTyl7!UmPFnRY_7}keL5Za4*!KO}UB|uNr6iYa67Ujb9~)B^-VGCI
zs?@^%#=s8BPU7&R%XTMhk5y_p;{2HTCftC&hA)_u=9{!4Cy;s0U$rr7fE>`=q|ko<
zizH=o3X!M$`HIYyq!Tws5Um#7GY7?t4r?~=;+kZNS?Kl`I>0JmXlrZ~PJbh<l%IZ|
zsx1a}u`@@G`;CW|s_3;M=%O`mR{-|!b~P<c)XZbB-_Khq1ZBzwrz2?hIAKRNm|<h7
zFLKzX2U{v;XFd*LP`3HIiJ-BU|1?+0HUF-mtayyueSrF$|HJbylQb{i2;PuetE2y7
zl>ZgGU*WWVH?yBS)_>$|P<#Bd%#8j}p%n;QWt_BJz4sFr00mjgEZM)=BH#x#ZufNn
zCJ|5;;Fk7>CS8yf27PT9(cc{d8au?(nfNECfx#$gir07pk;7ko35-74-kR3H0Bcsy
zozcF_LH&aV1JKAneBkR1P>D<Z9P^213vuCH%DAYcfk1$=TOqmru>9v3lKA1c@L;dg
z6N{lPWf%ZK{#c2Ces3k+g+ZJ=bD1N%@Y|BRO!+*u1bYq4?WPgIb7M$Fj^-O4C4ATw
z>>V~(e}>+BUskD8uuzU2@+QZ#m$HHu9zeO$6LS}6Rm`fe;ZnnAt>Gi#FvIX;=<)HK
z@)pIv4I1d~*@<n$Hu>vr`l($n_T!hP;udJ<<wCefF!gw!m=&>k5@~p;zwSBg{0j;w
zYp`YAaj<<^DHv~PEduYEJ&0k=$5;D=@q}bGg@uJX2A00{(bMn_`T0eMs|C?q*)%o#
zIZK^!V(?N{%~X<?9>fuvTn?TSZ)D0Y)SPJ+vT!IRg^!t3?+QTQfs+5Kf6vt6?U_u!
z)k$DS{61#;A#P)mTdH^M<t>S0EH9~gSyUX1BzE5W^RpQ^fA{Bw6SQ?k&_zuQ>s3&n
zPo`>5$c*^JG1-bAk$wxB2M!79?i=2$eHuG}oB*qh@Tofr1<0i%;+Es{Qz3yzu#s3x
zDbRZ8pH$|hC|vfFmv?fQiqFEO3j6{Z(^Oei{EP|0;90y!gI^nAjY3(5&AP&xguHC>
z_6_a@#z|7%nZzaM5~T~o$H?|`#?OjhLEgZ-vtPWnUYm`DptZOIrx>f3J@lU@Rw#z?
z%s4TmCY73bKYu{A7P9L%L%zSuJ5d-X4+lR--T-AjQ?eB1hVG|!P-bUeIK)VV$@x+B
zs}#g<7UER#)@u(2Rmo0I6ZT_7*Z;Elbw`oq@6@3TFRXsr@9?~H{N9g{lF@?J#nKN<
zKic_B*6uj$lKQ2)$)*(SjopRDdzFjv#0uQR_$yUPoj6dRbH)4HhGyhcn@P!&AvJ{s
z*IF;Pc!c?!hp4GUVXs}h8E1ILKr%dzyf*lkt(34AF2V<e`lkKJm_P-U<wZ$n<QV0+
z6N}|nHHG(+stakVBlv-0JR!yjIc`WKX-=9z4$XBjW$pVfeWj%uLoNsVl|Z*}k~}xq
z2UZ19pOV*p{lz>0Bje-zfyzY|tUkv9r5KF7=q)ItL=^j8pPgxZPrd0z4NToS`<#Ef
zQn|MJ>YAQko(6aUh6M2>Pv4sUy^s5x)Sx@gKDlHRGPthTFO_qoYCVjK3U-86EVUN8
z$R3g9)d)Aba~B7(r=-Mhz&@*7T)p$#=&x=eYcNU`RQ~p_Tf$24^KSx_{~dl8@QnWr
zAn(88n*ZC7<^R4;m4Hxr)ffRlFE~=Z$*%z?kc%1l;<o16nTA%xKf}`HFd7tS^3Rw5
zhF1TYWcd?eZ@6mO{65&+SsxmaWCIid{1ZNwk_M$)O8609sB6c60ZO<r2(uf~KH$2`
zMe9||mkV@&kdrlckbfDdtN9f%lbGTlU*iVmSMK$r(rI6Aj4M;Dz!N}W<j?HQ9~+y4
z35512x!km%1%9c?A0NwOH@qi26<PPT#_%(N-HvnWx97Sz(P_G*K#r0f&kE;f7ia@3
zPabhFN+T`CB~iWp2G%cxW0b^?(O|k#mK8OxR^_f&Lr8fePmvGbv(_>c>C?)as11F|
z+D^^w^=_i7+{+ZZKVDS^Yv(FBssZGPRH5|W#84TDJO5e2`>e>?v>JV>sMWB}VU`-+
z(*0W-!a*wGiTu=&_6nbt;DT{@Gd1aNdnJ%1Tn$P3_#ykcgUb73?p^n@5d^5(YZu)}
z++&nO9wkg=%kSB*-xmhRYCiJI!s5y8U%lN1(kGqJ2WjjJP~5*7nyOwO!aG+2UJ<Z+
zga)b6LS$o64*fWOj>-<oxq`>lp{Vf0K}$zGkShFjiI(N$jNiay>w!NrrpXnFF83fw
zwzC-D%ua8Fl4db#7gy+7_ItB3ucBRl6A8efSbK_|D+emReqGVO<of=^IDi8M5KH+=
z3hwtfjpk+Cx%l)Cy7jN1Da+{M*RU&$5n$*0T_XQA2=_nZC;q=MS@p-{W53&CEl}kB
z>ynbJBbU#46kXdlc+!ln-YNz?y1MI;7JaLa><u0{Ea2~E+7W@<$GB2!x+4%U>IY$2
z*bB&U_5P_-$M;xBwoI`X$N_?e0qy(3!t@ung5l3v^>ozl0|D;qtGK7-_MHJ8a6kCf
z@c}<si>5Dwezvfxv1o8JA;{}y%k;f&-)r+td-SMkBitYTw+(*@P`u7C09xq1%5TMM
z<n&~StF4r^p$;XD)Yj50%4wkd973Sw%l6)^i~21)fYnP5m}!p$DxFYGdomac%2(ai
zcOQVy)U3mu=Od2WM!hk0lZ^#J=e(i9mg|d#N)-9`G)kPSFb!Vbto~RB6Gx7`^9wBR
zenfV`??GU)UmgY_t~V228J$fe8Mgy`J|2dA>7F*eFkZS#Kt3kw(Eirp)U(@{D|@c2
z*%@Beio%7oW9_TDPH%~gExi4Tr7UFmU~6J8GwieNu7$+GTwQ2S5{h#DsKM9%Mi_|t
z3SchqWS6+3m=rUoiHK*?083JCxg3=OvBd2XtJN3Jnt*cilkUHp_rJFI9;|kweM%ix
zM3#@8IK29aze~M`=&t%AAUo(sV=Z`GVK+W)3c8nAOxbZ`Hy2}a)~}uJdG)JS#jM9r
ziWL<^IGg0`4lt%F0AX-Sc_oRAG=|u%_gH_TUueQ(JqCMV)n_rsu+L9?Q}FQ2^7N`r
zxU|S*GCZia^LTg$S)LSy^D6@iv$|9OiUK9$|0nm9zaE+fl(Ws-C&)hE-SZ|t$67i3
zkt=aD{oP>HMg)7EWO(LMPlh$F+KAz?!8C*Fes$m}m_&=rvqUO!w|B|>LU~ZP5Y;o5
zW?u4%G97@6GO?VZUJXddbx+%cbit_{=qSTnSfqWA?CwnB^j+JFH(8~88S&oWeR@Q4
z6gArW)?~eqBDHXe05Lr4!^O(HH;=v9QtWcb6Zxcn^c}v2@asyalI0&A**|!)-Di8q
zsyFK`X}VgkkExXIaRjnWx_7Wv{V-A&aF%YgJ*QbxHPj73B8wiDIC+D(W)BKh?^<*o
zbU2AMCx_Z)ue)xS)ZIoxy6eX)FQmhzuis1UKdqunZLGC7>?<4H?uI3xu91G#aVtj8
zb#KP%cWJ+1U0@^ja%K48)ysO&^{Y1naps@E9*CWt^-LshC;#&kpGWopr8Ysov=2Dd
z7l%B+iqo8leScxE{@?R`=74g!U*7x&kG@=3l7lD9|H<C`Cw$)jKGgN^GnXz9<D`nX
zfU%Fr(@;jaw+Z-!2WndHFO+$A!q&KoxG!#B8=BL!gT5QQiVeFB>-<~tAbqVtcNCp>
zyn9@AeiZ@ww+zRv9fa>UkbXBdiN`gabL+R!$xOL-PslTHPja<0;ic^KbxIX2d<oeh
zOSt$io+V~_(QZ(J3lp~5`5N~yemlT&oO_9woHg^`uUV}&E>h;_XQ)+l&%__jOGH&)
zDs}Mhpc+B>cdkkk&6~bl?+_<OWYkT_J&T!7ToM3Bkt@B!8AFw0Wq-@Fd{c(&bbCDU
z5QF+T75Nttr{0tWPhRBo;f!2fZFOF=80gchSxPH01;6hMCG~1)`vkMb-lz&r<Zpy(
z-3o2&MNYm%On=%w;7$qprdImaY`H(59$BaAB!hn?Gwu!SU}FZJq8q7d@ZocQvW3A-
z@9Mcz{(JebCAWjD)}{hgI|9>`GQ)<Y1CzT1oxLYJ_XhE;fkj{D8Srvfdf@4Mq<6rg
zUrOs);2aq6G6{%%%;7q<&~g7y2@gm8GH@MZpi<eqLPdB((5<-|fBIzWp5$^F#1|1o
z>1rW<W%)pUp5!Rl9PB>2mEhCoY3P5n!kpKaIJC$GYoOl%scL3%6pB2nNb#pxeLJtW
zt6bnD<1v4n?(qwSbi3$VrWfg6_(9G7-NbYk_QSK@pF+7tdIF8O0ZnaoMv6}gvS_kf
z+dGxo-IZ`gE%hG1%EcjmMjn3dZ2Z;^&%z%=-G$vODedMAy>3QyTxxmPj1gz-;Q(EQ
zlUfSa_CC+DG4OTlSRCp;2L_k5#yXM`9Xj$!;>qQzh90=j59~9_Ss48}7wVy$3+xZ=
z8-O{t$q<K&3^m2|gQ&e>W0&dQaA%sMwSBfx%EN^R=B~_2gD-}bO8n+J(9{vX7|#{q
zi&2$w<B~@*8~Kj!EV`-?Nr>T3c64jPGqyi5mLGk0_5+!_^u2br5oWj;Q8w|-ffHlJ
zzeT(5j~S!1z?tzjb^|CC@u2ylC#CT)XYu)-?0+REv{&DYEO>vT5;V};di>#=WN-AH
zr?gG7ngaoKYI{QK^e;vf-J80Rn4!sTC?v`*eKX-E*V7Kr3A=hEgDOSE)0Em42Zauj
zR<#GftJx0;gC*42O&q>aS_fGkogv7hS*NdwE}yb{Oq-4!xU(kT0(?EmAk)gEf~xSk
zwRlzproplb!IEcnpl7OwvIXm#S%u<6^IIVu3NA!$k!AP6f3>=sb-RfQ+k)mB$yS+1
zhHtRa9~djBNhi@BVOPho64Zih%1`AugckQ?lL$!}FVIssnK}NTDxQ+&P)?e7X9;#|
z+X0*z3-S*#n15NubhNn?gXTZfA^vdZ{Fd*N+CBKREL2I<%=`iVxr5aPl;dL1;URN0
z*0ghyth-p@L~%J*(mAd1W3IAWZOt8~Zfxqmuw2ayFF}pG?tRs=^Lwj5b(%-<RJND3
z?;Dz3qtY6tLqc)-h5RQ6NeM1^$8ra660q^Z{S+-8@T|nBRnS=-PE8~&P>Dnmx!U75
zP%D!ON}D%2>(2o4WnrU7r4SrN@0`kD&RgY^`IFK&IOegc$w)BA-G7i#Smu&r#ka_c
z$)3P=WK%}q<+_zjKK^k~uduYw!l$95oWqqHcG}7w0|?y`vp-PGatgxc33so;7u?+m
z8}psr58V&}uYy&T;F0GtlYA5TQTpNXr7?}PShl~TWcA$h(y=?dZ;@)r3Tg&lL;Q3X
zzxwfNyPNFavz{*Kq{Is=!kD#9#0t~{J8EC;)@#LKmgSL$_MY-Nikp<)#%{>3@#!PF
zcvD9{-mopPcrH%RMmdHJG$n?gpYP4@Y-$h+N}ym-pFHte{nusT6>N`*$x4z|MERb7
zr48@SMfMad=~pGAA(KanOt}^Z5?oA3G;urXR+v_w;aU8QHNo_a*?rWe>Nixsj~y;b
zROmV(=;ExD&y^%tcO9<#wJ|#atj#lwcFpbJZHj>QBaT$1)1NC3%%UO_)#wRJjD1*J
z$4PFjtXfBrJSVlo-Sfi0d%+o5iz~BYR)117<q||tdW`c(>)Gd!`#zOB>~}2xX8L=M
zE{Eojpn{*@_uzkqvj1~j%OK+aE<d;rEDO2~pFbXZ0XVS#kJLVJg!an(2I)BMWlSQo
zoLXK5+6;6yiUAUgn?a!EEW!Wd%LM@d)i1sCWmT9t2vl2ag^AuE30WdwJ9vi1f;}gK
zzS8CEbIGocii)f-SZq;$*!d9BF-;%4A1DxmWGL<E^!;i{#(Jn-EV%@F{K+bJHf2)&
zV5}AOA-ROM9!iZA+V!O4zxTEd8AqVDQ^unCBiaz1{Kf5t8NI(E;<z;|r*8vv%ES^L
zcr;V>Bk2=)T1c{cJPNmbkbk0KX`=<F?BJaF@)%)(q3)QGhYc0#C_|AwaXpO5Y`@-=
zv<5e?Y*E*$YKMJ$umsAcNY$Jo)_bnWv6FgI#IaTGP6wU2dU{!FgmpIEIAJR#?bs6$
zYY^BITsd@x5xk#rdaFiIPR15s>hAT%kQYUK@J?Ot`&0KyE7WhQtt~Z2r@md#IzV-I
zb5&QvePe_Wn_uQX<=R<xXO5#?Ats$psnXxFMfp@0#HmYaBo^0-*ZZjTESUQ;gElwi
zFG*;=96D~cGJ3yIcdI=@^iN06W;gh{sRzWWBskyqPk&?D`g!UUQWUw#k1qIxR$p>>
zS9!etrPZ=zq&Gl6(XKPUj&H|J34fF-1+QuG(VdMz2P||j9iB{43rM<nc3|a^t2V9f
z_z&Jusv>6>N3JwcT62!yW{&LN+Z=|cg@z+0W)6e72lsrwUEBe#%CnSFc;p;`^g5Iy
z9Ba@&-FWm9ZiFD+6>G}r)caK6wtZO?ImVENDD=M2GVq#@>>uNB{=KJb?}T^whP=rj
zd+utix^f)M=yAB0u@RcUbqKB6?bp}ZEC?MN**VwS>$@~_*zh0S8CK<e-y<|F86Xu3
zCx$<MSN|;0IZn@D+BV8yPqg(Qpo4)LaGOs)l413M;hPnutLn)#Tuy2>GVmz8dtguH
zJxfG%0n<NzGQcFMJl!L;e~YlXTz){Dni8*GL<jetA^=Lux2BG($%e4;z;kCl7I^5f
zfx{}B_7L+AnFuhAU0cH#!bU#+0U6^2Jmnr<zId(bUOxL+S0y<CjI`qE_u4%cL)+12
zof!PD0VG5Yzc=lcoKTzX#9W&Z<><Bcf-~W()NqZ$t@0l_1-}nk0ge#Al+<eN!Wk1k
za})(s@=HT?L(B4Rg;Cv8#}{ui-s@GeOQ_k^4$&E+&<|Ypo~GSkZ8f*;6w*Xda!#q}
zsCb)e$J{@<V$HRkq8xouTaXh9m%pr&^qzIBQk6=YW6j)lZV&9ikV~?&Hw|#aKN15~
z;rZVkW_pa57xSfz<LvtST=q%EsIK7gm<6Lz?L#@_Q0a<{j@Ks%YL|uK!`S^mAOfwe
zxwG-CCpuQ`sBd16c?3@745LSNxs_SwoWxe370oWPyk3=B)MntV43$_wW0_;rpFZJC
zmE>EaNLA)p{=sP-uW0h(IFUR8lB*)O$`VCU*~j(nZCpP0V`B0jpZ5onsDHd5;0alN
z<*Py4zJKRc0e^iIAo2e5cMJUg5B%?z(lz)@kJT%j&EVSQqus!}9e^$Pk9SBs$9P(O
zlUTXZ91J0T6g|9hlKE!35_E8_{m<(^6!rt!B(W1(9@2jGPKx2rJ5KY2rWGrmtmu^2
z!Rj_3YY74|5`wa@2EjjH<nUJ=Js}4_CJek0Z22`3r#p+DWc930TG1}A?2S<D@1N_U
zaH@AM0IUM=8i@Ev+>ggU&sE?2yNUtD4PMLdT>*79G3IAjA9n5iIo9QZPLSLkWw`J1
zhZjDl7^6EXRvu5=yRuB*fD`N=qE`-A?*b}t0rjp)Sdm8sxn1TTcMh(cq+5N8v7vSP
z=T!ca!4LzFA@{D<0FwQHWSf7E;g|Ps{Cxr|FYI9S9pfwsrF(~Pg~|37z^p;%PMM#?
J8DG2me*k049dG~u

literal 0
HcmV?d00001

diff --git a/Doc interne/Notes de développement.docx b/Doc interne/Notes de développement.docx
index cb6e7aaba4ca50f4c2476d23ae1440a5d3662c59..5044ded3f1a2f52c8ed846ade17be98ff6ca1539 100644
GIT binary patch
delta 30928
zcmV(;K-<57*aEQE0<g^n3OMSQ7gKBi0O;S7*9Ieh2=&BFmM2MKU$UoEfwf!Rxu{ag
z>bBjE3JAQUkO=}TEK;f`JW+49pXaF~?1*}s*7yq?{Z{&u`VyaW0g?a+N&q)8GgXU7
zV!6w?XTRs1`%m9|oCM4ji4#8xzdqvn>=8pkFB<yc`0Jy0=T1*OVv^Jihi(vs<m;mw
zk{o@1bNnCw!#`cW7)D+;Az{iu6Jhe=dg^_BbeX2p7lT3KU6P5L^e4U-M@ckF`(88|
zM5B@Kk->Eo4+lKUvGm(Cjy#ei(4XmsS8j4tH0OP6*V-_4ui<5EP#k!dZk&>ji#E8<
zjYtD+pe{GWuh9_9kmr`05;`{}4{%gV4T)=iH3XwtYDrqJrH0AL>$Su$x1_AslCa#8
zx?W35=rmbI@MuaxxH*dAiJQXDcs!W6@rP{MgNCPW>R<SQpWZ;5tUPPR^}`Qqj0oPE
zw=fZgom)@_lW0f+VK{3g`uZq~!xzQ-z4`k%^cVU2#mD>&613|Uy3+>aV;Uss?A^G3
z4eavQt%9*os10Hg034$*x%8)V?l4)mHMn^>Yvk%a09;Li*>l%Zt|h6hVr^Ew42uTa
z48K^rNsy2H{uVj5#cE;`^EcWIq1xwcBon~kMaOG_rUYEBCG(jzz%Ml*d!(hXn6;r6
zZ4A5xbz?hzOR}1^ldlT4<1YZqwd8?+^}&=H7-pTC;Dy;Z@B?2jwUrFh;bphxW@|LS
zciq&zbdx#J<SmX`GJ;u)VyVR(!Gg$}^D}IdbOV|+Z}4VPTEpphGeZ4M9A(o*YyM`f
zoh(@PH7ZXX+A0XX%!HE726J}lPJxq8ycZ|qFpAxa07eAl%K!y3bOrD)AToY`(68hp
zy^i=(d>IA!WtcI@5|55S3A~7gH~2Y)8{&(p8@ne!LyF>Profv=^eTwZ6t4=pr5TzG
z8s+s1P&kKgzdmAFh35oOoL{oY$jyQj@7SuyO2+KYDPA%R#gSOr@$@vtk7Vk4FgbY0
z9i;?>42v%WK7yMU=Re+NI9oS=OQWL!zV_aO8&@u1u?M1o#QD{@X!Fmro4lIeNd9al
z^=pAkyQSAganIE8@}OvBFdtw%o7pK2ZZ@gy_ICXuJ%0V>+&*J0o3ZZx*LU{IH>aoe
zEBp01W4&We-@dWlot!go&h@wE$?x&CG=DiC=<@oBmaeOg##Psk7bISPu}r11e$`d_
z+}5udJe=gPg26jg@F>MU74Q@@ZU9g9&UV350HQ65wtWTg2DuR(74$caNkZZ)a&(L$
zsK;_WR{r^?7fcHT<89q>Bn2l>W)PeTD8}(E5$w~1;IaNb%2H-Xn80NM{~~t%*eA@X
zslV<SZsL2)&<ztNAPn$-?)N0^w*aRiafZz~b`_kmCfWk4R>AqXA>^?c-`!FJff@et
z<6p9{02_1n6BED%*9S<$f8VBz851{+Vn*!qeXh?i?@}<%lHy(Zgw*HoW*dkrx?=Mb
zwk3#jvLdsRuD67^YRjDV=|S8=`~*NJQI_-o`co38kskw?vjX^k&lxY8`XmM{P8iTi
zF5!DZQJi9Ue;5SM8K!^9z&iDT2HHSeR85gpb-9M)jwG;Fjb&8fT1Z}1V0lGqT!zXW
zx(vmo(lSiX(i@=30xmE8Bt3<JjbnFunFBn`Ci#<oa23p+W9RoyhO=v20nhmh`&r>e
zXmnZjxBmDN%*nui_dYO5hHE<`HTciFjQqrpnV<jf&p%Zb69y1R(a4T*0O`#XrjSfY
z5S*oMoE8(=cxd`?*s4=I9B!%0W;s|DeS4WYl_2rWo~M8O^G`qjtqs-koFVW6r&Xy|
zFgV3fj0K545$G1y!~`0w;X(eV<@;;XZ<kK&j{w2Y4LTx!Y=<tkMVeh^wH_6A=>Z9@
z1-)^KZR@&&Mo8H-aU|VhsXhKgZ|kT$XLq*&@laC?L91CPGO+Hsy1sL|**S)-Ae)gN
zke0Y7X%5GkT1_WbL{oBP3H7!o+*?cCzPt4z?-KCtr5|P=QQLaude7%77ii)zq7Uwv
zFxE}zPJFL_#ahXls`6lL)a0^m8?tFVtyOugW)ojqE-x1FakOLiP_*M;e*E8HqyL{r
z(2|pEH1a<l1{6k7{0I;jl8bD77yu~3O_-nmMlHv{{~@alEdSGTW(8fn1|HVdDp5qk
z;5fPFOW-U)<5=qT-WvBiJaO{f-EHiT&^hx%MyP{-Ch*50d_-Z&+});kw~UJ(%DY>*
zHgiSx0ae-nmeVxO;!WJ*dB`(f1MCi*G`~H6_3|_(`F>+cC|0irH20$TeLq>G$Jc%+
z@Gt7v{16>^Q4rxnw11Puf7?;gMjfdvJW}uI_~nUlc6j4YkN@%OLmXA_<=_3?4i@3`
z4_1eNK@85KEcQq;K)YmckYK7kyMep|OK5I>wQ98xXM;w5#p)8v@^z>3-uM+TmZbQc
ztw2CVDZVw0lCO_6PR`-6>H$s_`1_yW6|vaxT=j$?%i{e{h*FNCtDlfW?SYZXBKN>Z
z6=AkDyXpy*7atfY0PKO0axAMn1XNbj9vCZs$7$>XgXMS_?gNhqiullQMKqmr{GDOT
zW;#XefS||Sa5wRMA4ndU2WkVa$u+)7+$7Z#-~IaN+@F930GFA!(Zmh$=A|Ac%ddDz
z^%Cu^v<Y8Kv9bwYTq^|cqEiyC&~lpTSI|{n;$`cowvWu2ipt^s{1g2?(eD%e9svD+
z&a{NRPGW_swY}NVMJ;~Qc`*-YTc6Ryk568kFW*`Aseb<3u1e=)fMKEAZWRn$GR;0Q
zvc}1EH_4us{WDnh?iTOo#PqtD=AZ5wS6m8}`L58zIl&TD9rfjMaF)UfjxH?p>n*6<
zYbsBEh}%f0nt`G^gT<3Zb&xc+g0&uhDsSBj+W|Gper-LeT2HFh)3QIQT2HFhm#b=V
zw$AH1UyHKh9a&L1Ymq0juBt^xUQ_N^+fsO|)}zF060h@HjTI_@vbV^bQvf~P2EY3^
zm%)sEKOoN;Ob4kWUYAxQKh3w$0cC#WhhC5k3G??s`s-Sw+YJ!B1{F8DPWqRBt$JB6
z2=(vB>932J0DxEECJ6!X`AkMLX-Mo=a+><9s25kuHh5mn6J1*NzDg}T&HMz{(EH`b
zzmO!wc(`ehjs5UB;|B~NV7gLN;6OxEly$8W+T_VCdzoE8m~w_qLjYM*zg5EMKA2<k
z#h<=S;lDf~>QBYT1PrfhMfhHS7XOq(IDt=>CUhs;g$50Go=2Ym2B#FyJmBs=mYl)N
zF7om2*2_{%WM(`!MzVF83z9@WP3QVyMi9dwsA6I>Ulkn1w({toO5`*ra(O1~Vm`9U
z0jp`^a@9Lq;Bw7l<qXXc6{pR%HK*~S)|fuI^|8*DzU30<Nuzv^yAO4Lis5%@m*$|p
zA|ypOfqO+f<`lF6H(=b1Nixh=8iMGb0-AuPaQ71vlSza*#CYEeqO8jMn-@UR9LaFZ
z+5(7zX|SA9-FIBQ0M$EtUw~$gLq#G`6euH95++D#0G@CNAcI>Y7x~Z}W@(fmi6%_q
zk3%>6h&g~o!ryK)E`}F>ox(r10h&32^cm(&$b^KsLQy|;6PkMJUb$iFjtNDou^SHo
z1RgMM*T?8OKg{FMu#(LzH`PZFhBR+7h{nF>lYmKbo|nu){G1s^p@&QI*}=15=R?pN
z5|RakRue<woFNnH74UNo_ZE~X@~q*=d@bROR}@K?g(_>@BOC931g?v?_(@+Wj~G;Z
zT~+BIHiA55y})@jWR-dh<eCyM&GHo9&S<vT2#*2vL6ulHHhG(1nJXNvu}#)hT{cuq
z_$~`#Rj@5p!>E*{K{jAp_0ECF0bp>LvH<@hx4QfHG{#_I)T|R`e0Lk(-NqnNr%{sl
zsDM$~fJOnZw=~XwXsT3E;{bl6B!2bn`FZge1{V9H5i~(i22Y|P5Pt$(^#u4ISP{Tf
zFMuyl%gnoU@gsi*c`cY63AXK~E{-e<ak=Pa=q~56z=WYOlcXtLj6?tKuW^liHZP~b
za;(X7W(&RQ6I;%c!V<#u@rMX`D&<qKWIT+*Ct;ES6WF<bn3=jaLF9JLN7<aRpY3#3
zzXOci_msZs*LFmjQJT{fQC0-B3Ck!gE1YffRd>-RhSD$R=u3@$pZalrnllWNB$yHh
zdMuXu2zRVKkt^RLd&lZ20g`q>3ympb_DL2evzaGt<QFeHhON@_I%VvzbwQ9N@jmRB
z`P_I>ZLDp7azDz<#doEdd!}lC>@SrT>Y|%0_jCLP9`pPU9T)AM1_#hF$~~5QFbIGC
zR<XdB{`fM$`WiDNxPeY1>TNEg83w+;TbZ8Gupk@uSD!~WU2wZ&Id$U?B(D3&H(0Qa
zpg8&N{QFnQ`1`jc0TloKU5i!d-pfi~$W|A!nHMO3hNbGFQgeWboTxgAUM<zJT2fTk
z{6HiHaDUK!>MG#pA_G9BrYdtT2e2*^*wQm8@EkPl1YHiGh+jn1*?`^~tZY2awRZaM
zG`k4UWkU_1Srb&cwvr->#3~w18!y}3n#yr{9+I<)CmcHFtSff9;LUn+s7nte!DJu~
z(BD~q+J-4es-;?5JwZxPO-B*As)757E$z$C)Y3t1m|Ed}n%&*bisJ2bsu$U4w6q_#
z`<d=^PLE;IQHLlA-7sDDtAmXmfO^kBlkm}ka#=@JI7etxq_iXD&UKK+tn1?K0w(zr
zrFe-VF{ctQQCw?9`puISG~Q%c8vf96vbkb^#cHywqR;p-A<)3(8b`Tivk2fMeM`b2
ziOKL3lmjCs?g#o7*5yJ;*9NZ)PS;ho=JFI&Ted}0co@_Nfou<gdRf!%2I}<qpO4UD
zm{|+l_h&arN+#a}|A^wFr4j)fbi~%%+VV`AdDZh)&L>s3ge8-Lw*&($iUqlS@wifd
zLzP#=O|qD7hkaT2!b*~$SvoT8625S@t;s5_Zv2EVP55G7x?xCyPY_p*pSQpYQ878q
zUUE{hwkYx96IR?$cQsUbW1bzo;93!*q#HVrUVU$~wNCZL5Myf^Nsn<cPOOza#QdSo
zPQcD1Ze$UA=(yk9?-G~6Kh04PPaJfA9S$mRB5Si+Ej^EuZD65Kde|zg*eV{>OCW81
z>`TPEL0f$Pkd;JDmnB=R1!-`y?%0-fFEY2r+xu8J#gSLZ*o-nz&mTaR^jK;Q$Q3a8
z@2vt?WKop0I)U@7?r3?D*Ah&0#cGavtKL~b%f$k=b<@^noA=PR9h~+XjOwO;5s(<^
z6Zi?n^xT8$>v`TVvdE7yE{V)NZZvclJH4VVHzp?2`0h3VqYVBsBxLk6^W>x+g;AO_
z&RCWeN9s1?yC0b_!q{3G{xlCD%|`(vjQlH%lgvZ1;2ZoMXMTX;lWBrkEEAkf%#e>{
zG6lAqh0H}11$Vb3?6*KAkvCO;))baDb0pOgoT`7Pm|O!YRqt#El{Q}FS)vHt+zRF~
zW#}-+2-7Hw(epaY81(K^Oj!6|pCcGCLnw|We!{q(N2Yn|LB0Zk%V3fQq5gIfdhQhX
zLVmOidT#UVqJVt#N4_^dafY5xQ;xpGp)3cz;Z>N#Gzt^i<2=p{a3q<3$Jf=c@H6m+
z(_lgB2rn%}yQn9H6GX|7Yf-?G#oIPtVt$C1mZ<Q;0<TL*T)ne*BtEu~>s3(!lVFAz
zbWXyn=ms}zvpf>AIFN+~t^zh=MD;vFYv;A;Ef~SeXguEk9uQ3vdRFFkJDsShzka;A
z=JWt;sKA9?&(z53NnLw?iD}Hkb_>+?K;mLrVM+Gydg2(T{3;Kg*!v0-noWWs&>;8`
z4EdZfU1UzpV-N>;4h7A_8Fq?Q*JWE2Yqgm<M`JZi-!AjS)!Sj!J6qt1&0~cDiGqe_
zW|zk*>YAgO+@p<k8*7|ry$L-|W`6ncUzt~XpymJKk1xpM1Sai&c4DB5C(-`-Fc4h|
z!Ui)SP-|;Ndw_V3rPN&5oGodFPOpBl`22FNn|zKqywf?IMPW1=?R`$DPR=r7!H~Hm
zSn|I}%=r@NmD*EDHl0QZOnd}N_Uv3IYVqfo#-kcQwGjpeIF4Pks_{iH8p2y({fE(z
z^xr2t&Ma}`9R>z}Zj@M}2$En5^}T(}faVRhngacav9#aOV`G^#j<PFQYtXodv3~{l
zaS{8&G08L8P<X@hK23s))0}|3U56M);W*eK7d&nk0wh`rYbf+g+w#)0y3H%4b65Ai
z^p`OG7|+6D;uk)QC_Wj|iZhp>MMv=so*+dVosA}UN{XU?A{+T>_C<Gb^%#*^t2sO$
zgyChHPLmgd!S(fZKk)<iBI$e4WH2OGB#5A?WRN8ny)^1&fCRl9r+Qc3w3lO9@=fYq
zd>z5JE1z7~S7ScKm20Cok}TCTQU#7xO+~6!VtjNhUr;T<(#<*^@rq$uYE>&Tbx|_W
z<-au6>Ybf`jaA}RjR!TZI#yY6WR0s?BzqidNAjK<9}4APCzEM_H4AcoWX61V`nnC{
z*LcO@6%4#6`_?3hl^lAa`zHX26}qfDKbwl{b8F?ocUcV^2>&fD6SX^zzCtCURjHQh
zB5ikiZ>A)yW7Iz8#`k&ZCk;ui<)K#|Yjo^%vT2Zi^t||Hn(lkL59~j&oGcmE(Z=0S
zUo>uV#AK4E(|eauLS0jNMVMLjEt+pI9n#H-b?k}F27f&A<H@xfch!-00kY+7%5pEf
z#cTW)df5=f-G@Qh)|+|~Y8L=+Yw8c6e&=pz#L>#$3ah{mlhh3YunU5PwAjWH%r50h
z>6+_*vX(g6!C+QUg#EVn#{vH7ojIoi`?U8~#-AMf#|=`uw+TaMbM~=Y2ww4hwy*Ur
zqjcnd?8}vL4jR=pR*`j{uNOpOMZ;7D8r->Z=p}Wndgp;~nbKre?Zl(8JdCbG%#b5-
zLyBdCDMu@f-fzlTykxRY8O-;Xa^-a|+iaPCpWAE2@CF3vYT|yRpE0GcUiBo|K?}1?
z&{Riajam&=))F+{F{-9cBLZ2Hz{-so*VQ|8X^Km96!{FR5qO&%!YmY^o4+t)p7hZR
zGohbtRrbb7uGi{HWIM?@_T0*$m)F^v*zRE0)Q|T8F&a(q-7DtZMHZ%6zXg+_0eKF8
zR}azGG~Q5avEmzIavSzpLa?^4;0y~1pJe`(PjfF())%#`Xk=KvCp&e=r0yqcu`p{c
zMZKG?x7fgG>4I&M({^;44gIkX6dQTO4Jj+en6@nR)0;t>!I*qENCubDHTuvJlJ>G`
z&kct?FA7KgIExAV>P0|YSJSXZCmr{HqOg}yWbW~7j}<$!Z$(#lg{}KM8gn5I7Qa{S
z-_7cEB8F2KmboO|EOE0df)y<>pL|x6w^Wt5Gbimrm5=2{C?cwUb8=o~fSnq@-=vtA
zA4hnCW`Xspz@{G2I1j9Vx2RxU6gx(v+QsP3)X#%I3Y^b{TXgsTuw*L@n!#;<i}D)H
zHu%D5lCv^sg2p1^V&`fNhM!;&Wm>u%-=84{-4~;ky~km@I(nkTabmqbv7kt*pv%?0
zp+hB?`*Njs9#H4g1=%~wa~j|0WVO$+eU{-RsXzOl#W*|M4W+@w?+Nv-xmT{AP|sQ#
zM^lP?6A+MjoyZdEJ;xVlsH@L^VC?MOPYlmY1L!<?&UCLZ)dh|u-C<GNHL7EEX}yqO
zpX~TO?-6RBq)!O-m<W|?Tb~_X0p~lNu{ji+E}k%uf#42kwQ7F13ee8iZIuFq%1E3t
z6J+xj5hx>gO3DNi7O=dogKEk94C7O4Lz|llD6(}<mO1&T(+Xe06LkB30AZW>^gtGR
zs7k(@gPJO>8az*?XjSV{v`twR>84{ju|?EDsh}l)7lSrA*^!#}Eh~2pP>0{Qdj1$}
zo+5)6#W78a8Nw84g?M^0$XuHR6n#n4ZYE$H?idJ<q_3fEM)msqZ~?O8aNEbS#IRyv
zZlLTuKry=r$=<hc={8b-p1qT!aD*q^<fhsJ%Mr&5Dld+NptK%FsBwEBo`6eUVLjm4
zc~%KhNnu$6Ike!AGH2Uzeu!#0vcqI$$u_HAj)JW>a7ag$Oq!hgNM1Y>GdMvgxy;=y
zMz*H$-CvXZB#Bv&Uhc)4+0c2_`jQ#F@P4!lhf@sMwk^3<wT4xHElqZ`Y7ylsaCQu~
z2G1Tfrys|&SEw<4Ah3l)uLsCo9DheXPJvPT;kcJxl3wD$^Sx+9f1o2Tje5mVYCU&2
z^l_owpf_=WAVQL$gOB*|Y)oIs38@#wGyh*s*h>X3AN2dlnk|WnQ=<r0<7|a3opZPM
zrR_u!pss=vm1h%w2btds?yBC4=BY~>XE<g(WkKc?)8NhOj@4shHH}nsL+>&I4Bi7C
z9WD{&Uh%=N_5g&=w4^w&^fFtkQJ`>^?WlG&vAl**4{d=qU|Dgggk^`i1-f1XE0qbe
zBFZX@)KOdNHk!?~!)?r-dhPc(>5XG<wzQYrZ^6)IQ8H|QQLgP_agJ_qvd~sdQCNYs
z<~7$2#QvQfZd16Q?|x$57rPyW-9YueygoW;(Gx%PC)orQzwh`yJ+f{SlzDJ*){IHq
z7%UIP$MLeUjWbH0(U7DK<F`7G<v0(4T9fRyIe$j}stxtYf)2z}qdw6Q6hTmHc^Rsx
zmn!L&^D-)bcMgR5OnMqFQrlh*e#CPTQ<5ts{pc|qqfI`xL2g3s*7XfMuG8tx&6vmu
zCM(G-Mwpf501vvpA}#bQL@th%1anbgvxJG&I|qV^?}}rncZ-03@WV6nbnjS4Wf+#k
zz+6?Y*sjl}c?4yN`uZ)Hk!a|mAW<u>;;}GHUM&@WbXpep2d@gykcxRE(5LPYJzfNW
zP=6Jcf1wzVM6lpzXTN2hMHyqhJoyTd0Z&sbwoPVk?}SFPxo|yc=gZ<$R>1n)HOvq=
z%gk$nEil8<WxnJUEJtos?(E;;@n35zG8g-Www({J)Z#s-D7ENLKR>r$pP#&W&FJqK
z^UdjhiT!q9zIpl5e*2u!fA{X}+<wcvw9lAR{jL7$?th-Yh3|G9Yc@yymC9c0S$j8b
z*mBP2@7{j<?#;=Wy}>k&|62=$WO-S2M6MP%-57aSlUDh(bzPC!#qsU;i?Bk!Dq(5W
zYw+9iS1(Uvl2>0#$&8{qU~=;$CC-r?SwSOztn7HV3`6IgS}uK6Im{<1o2+Uzx<(o_
z#*HR<L4V|SX#<ru4(ox}S0ePBjkgIolLg1rO|zEf(1<4o48j#OU~-0|%C&GhP82!O
zp?cgGi5>}vJbHrq2t&y>4d-t?m^I@uwmNm@D$PQ+&~tht+}fHMAZR0Oc5GuK8(o%v
z9_0bwBTLGV+sJflCJkQYB;F8eK^>nO**}rSwn+n2UoZBj)Cv9%g`SS}4H&o^lHea&
zNEFfGRoSs?Lix)<tz$GI{H1-KCiTUVG+9+^^6B%Cy`s(<rc+Pcdtxvtjgj!zsd%(5
zK89}B(46gZmKdwtNw7-I+{L7FEosGnT6o?tcv@lS38|itDo3gy8slNTSmL_{3h|t5
zv5HnJzxISeUo;9uS$Yv=;jlMX{&IDw1wP5PsW_^H>t41oEkibh+7U5N`1GaVQyx~t
zxWggbU9ux;-EPH1oTs3z>Z<|Qw%C1@Qg$=NhtAe%k0=9vDU-R$d!(wi%8FlqtR3@2
z*$tG9oiP&^&qImbVH<@*vOpH-W<7lGi$SCI=CCMfhU3sphtJL&mMsg6VY)|LnwzY!
zrlUC3YC>NaGa30YxpspfPfWXE&fdIxYuewxee>?z&IymJ8IEb}jz+%6jN)i=FtXLK
zd7T~_zxD3<Jxp<{vXx1rTzzhTW6}$nsp-5?tGmncoUYW5SbQRkWx_a6P4kHw@|Id^
znu;PS2CV`7WvU3R(Y?5rpCDJoz-G{Ly1{Zb4b%Q|L0j6=O0NCXyDUD~1<-wZJXRg<
zEdZ==s-W;<Eh@4-fLF(v>=MB3<EI)&yI!lElwnCXMO!e}M%;sjYx9(UMO)?#wyq-|
z;*?t=PgjF@W9&-Yt4`Sx&FdgYvM5+qO&p25B(sKNR@PyUQLZc4kIu=OCfD4rGG{8f
zO^IhQR)?1)TF!N8tkpY*k{&=jAJx00hvBK=5DSa7TH8-7iN9PttFA7UC<GTp&=k$7
z(8rp6Vgz`|WEk=u0z<xkyIt?B&&|eG3G3+y_6>W+vSgJWn~95+plP`tKPMQb$eBWw
zAv?C>=nLLZCa(O>G9_(IZpfBm2&_~aCaV~hZ3$K1if###RJTiN7fWL=?ktaeP3>XP
zT-%j;dv`m!yNyYR%3G-<L(8yqU}TzTEQwS@6FI@DMnJ9sg|#$)s)juD{2Z9AW`=hZ
zoaHjAZW_3K&mDl~oK5EiQD@oQSP<3!A@ftew<v7=@xBTP1xc?X(P<gX8Bb^e9MyIX
z0dRr)=Nor8@xy)?3@)Py>47Y{j^YpH^51Skv*>eBb}uTSu&h+L6&}(L_k+yM!{jW<
z)C9SWHUF5y6m5fl7kR4BZ9L544%M7QOHn1hJo2hyeeS0LDa2R@X1ap)vxdysN=^L}
z1y$g5t)qn6!z7l7vm_i_N`!mTx5jt3A<7DR*!9{urJD}$csl{g94Ix=bDL1FVzH_N
zuU#xHclFMS<=z}Mc~RmVofh6GD^CimiKbCK?rSw_HjH(Dr9QPc%Y-7^v~+g-0`Y3=
zK1Zf);`&T;Z_!sHN|XlBQP@rC>96&EyU<2Et&O)#+c2D3?5x1q9B0!^_%*rO#;CI!
z=5@AQdt`GY#Ud52KJ_%#mbs^ns)-Ig`s5*2*+>^QFUw-16Q>mpweg$b^7wSJ7kCSx
z!m*SG=0Ej+ERBjsP>Y4@?g$jd`BU^)?IGH(A7XW(fQ(?c3SSf*>Q3A%QM>?6snx3T
zoJJo=k^0$@mn@b4e6Z(k9jx$t{LA_|PTLvRF>#ZdUYxic$!4pgm>n;0+&>6#JTf#|
z=0)!vG-DF>V)DZwf+p7l9vwnq1OrJPosu4H{@(O|iEbLy)DQlnf@O_*{M&{=>|eQ^
z3rl}?P@qhz|AE{bB9;8hpm3=^Hkk4R@JHpMfGn^|$&yR7$!%wFw#o4|k5{v@FG`}>
zTx<GM*6a6WtRA1oZkW*Bmr9kkjaBG1hLS7IwSMzIEnDcUVs>eKx8>Wq%d^87JLs=n
zIm-cm0X`QX-F5H|ove@!^b|Sj!pRTQWX2@H=<kponqE1Gt<@nWticI7Yu69jY+{?H
zA}P&>m{b`mWt+vrw8Mh$bmLN8)&m`7IXK!mh6El4r)o7nA}^^TCzL8eKOifXCtX}B
zP5LvF6^r>5?Np_?7X=Z%LYrk-gLR5tAJ#R0hFcIHI~(0rTr;~G-u8Spy9MB(!fzF)
z^(S~Z)TUba?qIs92Wa2$tPM8*vt5w%s}gUIi%}=NUChoZ4v??wO^-IoPD<6b2GP9N
zxGxZ_q4RzARQKTS?{+%cM9%GC*6WG1$6EJC0a4<Q*V(Ap8;pwM(e{bIP0g=4dibY*
zM@z=%Cl=n2CArYPkNb}m&$|Lp?Ysas?%G^O@%~SMe74hR#SuKR!$}>tIWR)eRe`hU
zA!8+@mlG_O<K=2X@oG!IdS`{D|KuQja*(!c{K-MOs&zj}GO~9@I4E43UYzExMtWv5
z9$k5GA!E&4j@3DiHS6aMH2O1HOHlNG#z@%eojffvzeGDM*u;LB%2SA7w;o#N0ZFVS
zS#q0fVqOq5qn;vV$h@O2@@-2vBsjdjD78;<sJK+Zp-&-1@IhQIVDP}}xD?(LWZ>M5
zQRX%CP48mUxnbM4)bB&f@!(MAwj}jC*Sg+)ul>Qq{Xo9YJM1TyO(sY)zKW86V#u0S
z3uzTN!7+Kenu1&#Y6&%~cPMHWmrAJFk-fEjWhK*jxu@g43Z#3KgT7`*NPA$m!3RC}
zYu#XvE^}TllA}ux13WXJ)rO<Osj8u~wY@ivGbF(@s>c8;2FEs=A=Nt+gNsWg4Bl2|
zQhPWAZj!zw;gG~+c<PRc5fk@+LqYR2Ib`CG<E5iLD-1?gd7anjG+M*n3!-qj)y>fr
zfM@E=8UBiyXZZ%}S5z&;Q=`Hty8?V6pewXkcC31!%Jq`&tike}sxJiS7M6W?jO+Ln
zNz({u_J{13AO8}C4CuuvCFVS}j6%enANG#B@c=)1&e|dqh@Pgk*rQ*69LP1IJNO>)
z{Fd1blB1crRm)T46k0f}YR_+#kTyB#n5rIw<&%#0CS@#o)S_EP-Xd}U79vbi7q0DC
z0Ijo`yn>aQhU}>Igjxv<AjMXyVGNIg0fnM@9|kPewjGeu;|F%XN@GutvtiT)%J(+5
zN~BNI-k6q>qR7M4V{40lQRAAgg;nYCc2I@a6j7`n2*z8YD2QCO-oa<XELN`NMjXV<
z*?q8amEZ0II*!TgeAsQF^=1k}esFCQ#<ymM4Aw+ohA<@$Yc*g68Z32izmjBHqRwrj
z-c52dxrhS)hm1_>wPse(k;Ix3C)KKQN}MVw5??)a`A}JIS325%uJoIHfVJ+3y_>J|
z8lLw~SiCinE*cKcn@+tPvZYC&Csz+{JbaOUpJ)z3rk60AZirN+ebN=N?rCh0T)HtC
z(3RchAUBPIs}Ax%0cIcg5L+-+*^*_;Fl+T|M4okI$*Q^pWL;7C#+2;pokP}RtI#UO
zokPpJoJ3vsd{#Gqw}KfeEW62`!SNC^y>CX_z|Km8TVb=TEX%CERCS)SY+01=#kk6d
z+M!`-_y?{dmqxmgygdp1)OQ0v*}Tq9_aSX1*mzrzV4k_2N2ar5)b|ezJlmasev5VT
zIznXg$qxw={PN>p{24m9^qd0sig-=oN*m9$O%#l%n5JWY(wesqZTLM3k#C}4Z4GJR
zpZeky*o50<>#_8_fvs?F&So{uw%VK=^9iis0}HWcwCg4Ts#}dIO^=cMdmTe@RxG@u
zN}wv%ck5+A;EY<{){}(3m&DCz>Vr%oDRX!0#V!i!2Km%_yes>;yAAGc(YKN?N#<X<
z_+?0@nV(R9$>4^bPr~_z$+MxKOry}hz_H}cCBppX<b1ad`Tq=vK|ZWOC)<=ul4%-(
z!Y)N;nw%jB)!m#!<!PN!dt>Z+NoW9c;S=3)+`u*%m>`;(s%f=dPzjcvw@P6|pVcaF
z%D`ZilUZm;vOzKOwfo0P$4L_O3W3`9!qM)S#R}1X3yk{8jjJkiGm7!1D6)M0usA`J
zMNMW80L2b+Tlm||4TsG8++1;e+>1}2)8JQny4vnHgg440S`(*6QRo$=15)M!<nVK5
z;(}oI0~E+EGbLHtyZiSPIBN)60!fltjRAzxLT|`?#?6w%#}J4~gu<Q~LaTST%(HL4
z`KFD3@Z&|<k;Qr_1FtHArO4G?m0h@Fc86^!p=QdBsRQV)Vg&ZYjlD|%9Ugi^z#ay*
zsNVuiief4nC%36*`Pg7;o&akD53-gHB>|gUHuc2;HQ0SMeD;CBTHO|$qRP;EOS++q
zsHS$6r%{Zo+J0%cZSja_d7;OOz5CAr>E7^v3fAz;kN?WNA|%DQW9qIsZ5yD<i6CV(
zx#n5rSWPf(TAXPmY|7QsD|c2b@h2&Mj?eJ$1mvM9Nm5|3A(%OMaBu?h-E)_`bSr?&
zNs3`nf-M1=)g@j74)Iw6dAlOl0YPTDWD<ona$3t9C2ESv)<OaVnbR#rs_rFlmTWYC
zGhovaY;H~-bTNvDON+5Pv}|Sr-`(BD{s{d9G=?z`P@HQGYX-q|S*B|@^)83exXU7K
zW8%!E8xOBtRCco6&QSm8N0W};hh{VsY*SP<p=Metx}i&|RC6HMd~P5t>j9NJdq=}#
zrvb$h=49}u1yhtX%anMv%_-S60OV4Cc{Oov9V*QekS)Q`Y|6jO6F|Gova4F~YOd~Z
zGH+K?*B+md<l2ke;{>W%?3AK_NPHJir*rw=jc18ceWz11_18wW%Pfw53o_$4O|p5r
zrr-gQn2uRG*?1Wj4<1YPDLqEay^8#J7S9VtEC{(%v+zc{3>t7?)1`DP^EvZ>KKB<4
z@BW7Mq6%MkE*XblAxA@Zj23gkU@Z(c`v{gYljrv_C-7j<XPCSH;e!4*xd>)vI6O;F
z5Aoa>?CFp(Pv2qQ5bB9T><(;4KP6t80js2qFn?5K<{8-B-fr<P@Y6Kt8hW}pS?zRA
zgtCi$&*>}X?%!O%1?mkz<SE>LEPz!bKnc*XF&hys<xVJA`ypr~3@`vD1QZ}4;3&bY
zK`I|FZqm|z$pxTH6c1wp4Vl;o%2eu=ad)iDJPs_GS5X>ag^lMsKMC~0Pm@c3wEwd}
z?|x#2aRgLPIRIu~K?~?q+O>X~;CmOfgPHduOLJFQSr^Qs#3?QpuF5cf3IWSca)%{6
zJ&lqCcMqw79sAVDMpFDm5AjA*1}Oxdr0e*c@d)!n=Fc2*c@s3h4PMCEEqq1#DmtWh
zk)K~=qY(~?FnmFOQN~PzEJ2E$kz^7f&o1b4;$~Oa1f@;7^9n2grb%lMc@eOD|A*}E
zwv7yCMMrlWwswS;%=3bOC8*VGj+zX9NYy<^!Tb^gWE5mHcnCx=LYW~W%%6kh^N=4V
zbd7TZ71z#>QHIlXs`AEs)iB8bND3L{MM~kH6+Dw-!vg2ZC|7uE6Q6d80@<hU;R(5j
zt9W+oll<*Er(Mg8W8e=o>F-<I&~fK$yWYXZT{`~3iKEF&x@5V3O|rvDQrv^}N*VIe
zo#88BIIx(4aeWIc50%FxLA4PXBKlU4AHvm7dWBad=AqjfNFKE3=LPB3#?YaYdlI{w
zyT>p`WDcmiqjrvLg>tF8+xM_8WXFoi6Q@|C1Jnl6bm4xYs<unDY*Yk5;*d1gHfX+f
zfGP%vZImY=J$%}KPtZo&4`VU>@vgZ_^CDALL)9Rf1@8x7DqoQ}Atk-1P;M4-6u|Z-
zq#Mde0SOwwetuv#jS*i+=DCao@Z<L^1f__oWiEQ5u__fhrE${~$QuX@Rs#50MFuA~
zNqYC!WqN-ivBww2m9__s%B^Tire&%%<+jm}>sX4YHy7uBuiVLt^XHdnhxvHgj2g#S
zJl$oY)Z@vqJx-$@&tlgvLr;<)4zmP|6B01L;@iMOk~DVd*lbCWSWT!o_BDy)`NmE2
z>YcsAqZyfhM;Q1K4lyJYZ8>T(Wx3BE_3J5q{zL;ufyOD%nMBmR280ig+$k-LfXVKi
zx)U!(wX6+)nXs10>XuYbWY84dcEoBdMGY--8?Y0uC@jYs_Z@6O+@T+i`2rBTqbm!f
z2Pn8cR;2j@P*QZAFz=?r`k7|UAme1+;VtT<E`dxGO<OZ-$+ew0i^d7OT!GFus*rAs
zO*8m#EMp_pOk)tXR1>`-H0EojA_FP8SGgyWYNtqle;Ea8Ld7)&_}wi@3R?oqs0r}{
zbU>jU5&Cz3&25UJgiT?QqsYdl#&HD9Z>PjMjRN26beh`=UTbTz&04iBI8ibbUaW1w
z-E+Y7rWg`C5yr`1zi<=J_s=iEocsD{;=YgK-|AuFW6PKLrSXoJq)V5Z5v<A&O5$J-
z!&r%bw5RYbVc^|4d4C``%s(=3@mk2>LT;KxxA&PIkEdklr~OIdb(AOvxkL=c%6dR>
zADB14?=M-^k2~i3E1CZ$V$z5)!D`D;jWB6lye!W1690aj{+iK;6F>ApKXXyYFy~}4
z4Jad|cV{?>Ekq$rYpGn%MbW1P6D!It0@BNW7jy;@!eGhJ2>`(>CY2oOtd7q}K)jT(
z!2E`Z3_-zOOk=n_4>T>2zaZ~@UczO4It^~<?>E0kEE(qQRd|s*Z!DLO%!s(S58Fmz
z6BQN=8?L5(NV35@vbJ!>m&8RCzO{>Gg{^YuKm<;EMW=C^k2^YC%px2B9T_u?1~=Y+
zF6vb9_#>q|6+UQcB_#|jqyj~$-Q;FqI{9HzY&3(C_Z}~!vgb1Nu_4wiL@V{#Y_>rZ
zj=ySy*@^*n2rt&OCSK4jK^CfMnW83%%0g?(mt2I`Y5e38W>+8Iy(!W-uD0#0<gi7_
zuvP36yW$kVvKQge+wFfjOmpLj9%spa{Uy3~I-&J7z%35#_zkr0`CACx<at&U_5aV_
z*Dbk;qzk?ZGiPJZbgW$_lgtEqV|)S<==K@^9os#9=4?kyP!d(eSQ2W1T<wXy=(~M@
zz1<Vhu@`5@vyZTMQ*Sa)viT)Qf)px&1S(aPBD!rCP>}ik=l6>h507a%+_ijvD0bec
z87fM^wB&G)+myi8bZ%9Ut%OoM=|s58MRxZk0DZw;iw3Ntg)csX1c}?a({=FeWDt%P
z=jgO3dy-x(S?e674O_W7fskslUwcJ>B2y2{m0(;)a{*SJ8QhcI-c_nVgqHf!<?;Od
zQX8r$+YX434aP&qv{G!UTYP<gcbm+*4Yu7b;}+rB<5#PscvqY6L!=)LbDwu<7I3t1
zt`|qd;mq>XHX9T<#5Qp?y{L9K%Efysj#_yrJD{w$;abZ2cEagJp<b)Y==SyP=eykv
z7}msPr>{Sl80-Z$JJ`N=w$@)Y5P8@z#37a_(KOvReaCWC=S(Y+S7Vod-xmw47i_$k
z4C6smWYYF*okQBM%nXIOl2J2T-0%(8XI$-+&XMg|N;&8Kql6w%zEz~XjWTT#j-#*l
zjoa+Cw&zJ#r*-5aofA{><C<VGF~2&3=|mt35_p__*3OgJ<ZF#zh2!&4HD+56aGmLa
z;7Fz7%y3K>>p?XrTMKZ1A2U{8EO{RQUaY=LjvQRYqv2JO47Eu-_z1kI?aiEfEwel3
zq?{0eQpFXmBbQKt?Fy|_&mvn+DGj~OMg{k~Y26Y9HhGU^t1IzDo<}JI<U-@Ak>>o5
zhVM(p(?#Gw#zWP2mBAQT44Yn?<!-QiBdD+_!gg{iqvSG{37#^4<o4sdNs138*f#=0
z@uVS24MdbqLdC*s@L#=?C(EsN*;Fj--5H}hv#z_BN@|k>GiEYXZ+P=%9L@k?0)3FN
zH`_b^xq}r>qHH?4j{n?7o^-v4&Dqmun)a$xjRvJ(*?!5&9e`}#CYZe)h%2e)X%c6-
zNYc`1K8j?Wi!APcf(|-jxzkxJM=YiS$U!t4D}L5`p+Rg*_b^g~hT%KZ_4vxIei9m8
zBlo=&@}RlWWWGap^oPa*jq>9$HFd{dixxV8YjIS~kGB~?SdF$T7t7{w<xU<#%rBit
z_@wumE}~Fz{>6ph_WkP%J6O>&9=ylksowM(kPReL$kL^Mwd8D=Gddf_P2>XM)Nr_Z
zOs=h)*(?H1TC6<^-^@SF;+Zy!E+NYo1VTPV^yZhp{i2+!>oJG8ZrKDYBaxe6Zkt5E
zC+OUOHz9J1Ox+*8{hj}ZKfZj!otJ-n<?wG`y!L;1|0ekGz4Olh;Z;1CC24Yz{ZOQ7
zDqIfitpf0WHjaF){(ioe4?i?OC3TP&5Eo9GW$&@a5chC3lS45jcR=M1%6V^u%!SgM
zWWSHZB9ciJB25K*29+to?(3rYA{7u|hV%lKStqc#p)1|4YvGN3irvRy&sR6z-fgqU
zvq~V9ba8wQ_j5FjBDIxzg;@*iw0PqNmVTejpq1@^@57PeMQXR+TU7W?oX`|Z1zCP4
zKKMEuAH3*zRq{QKGDsipb+f&X<2b9lyI!skgYm#cN;ggHINY)nKcXT+w#k+1orh&%
z?J7cq7^tx5!8i(XZm!$sqqO+aF>usw$r^3G&?Lpe#18i@Q|ZsjI5iDZsjY0uQZ;^y
zN6Auu3W9r4r7GL1-`x8H6*<uDj-Kx%R`&cR)SpR@^~<&vZwLDYF$2xcpkQ0dnVVlU
z)PPrM;4|bfwU;uoO`AK_o)aha*Bl@3qVpsv+QYu(xdMPW0F9y)m{VbY$T4@@yaf9n
zEgQzWC3u_de*v=k&FP-y*~C`PafI3d!+te?1j9X{E>=}BrF~TI99QFtWkqT(I)!+V
zv&+&boHxL|?pn5wZDl}CE$$WY<hbtxX5Hc5aUJAJESGVQ9L~t?<%364DY#y=x|{MV
zQOVAFYS$G#pGD(D>7&wILv;%W&5P2HSuzFXwXA17JVer~aCRgB8O|%C4#g_|6ji%_
z^42pKLgLJ7$azT}`<830?*2HgeshLr7}QbQwNRJ)G%%DNNT;ahZo#u6x*<D>CnN1`
zIEhBuQ`z<6{bymiR8JlCcp?<*I8bK>Fpo0NwUi9b6P`K@P07x;GKe_297X%hG3<br
z-tD4cx?RE(2;C17+4}YfBKFQ`l&Ix@R>u&Pe)NR00WMCO3Yh|P+W!9Yf8@vOiFOsv
z8_jPth~;z3Ry)Axl$pp?N=s^Wu`90DTJiTpHr5D1WrwRpw|wOm5eOqz@}|ByX)O%Q
zCwp6!`>gnRE{IyvdG8>Tf>BB)Ek6@LV)i75Uka^}vMXiDyAT1qAWmia>wJxW*O!}w
zEn=`Nai?3ny&FsW4>obe{l6wM!gL%TbEJ6QsPE|rBc&BYRUB-U5tTb9`>6?;e2~sL
z+4o7Zz)v7ST1$*>>F8*6V<A!-X+qO-JQgV7Ro%2Xvz2mN6Ps>nrfG?wt9MQWt<cG;
zEl$~SF!=h1SD{kTQ;#Fvpu}>2Wyxy^M+Uc$?)cTi^$ABi;z;Z>3orA4KnY6?u!E7u
z5Ro375_XU$OiWMui8o>=*Ar$yOnc>Ay?-cM$4y()tpLFe-vsRBevy`9xWff(5W<U2
zl>(s=%q!7g)bVvV8f|F-S75zM@=iaG#oY_>mf!wbEb9_ne<{$_;3^b<-wbqL(!-_&
z^#GhrAlRQ8oGsAZ>*d2waNz83@oM_Zy~f1*gKs9vGN9}egFV+?OwN<}WT?HHLp!`(
z9FCpx&CQo{S)|iw6^E44Su($4*sRHuy9WvszuYNI#9{B~fbzHh8^prUg0|FeXR#c9
z@?LPa;Pk=)Sy}P3T3eBSV&dC`g7=_o$zuxzgjNIW^|s>4yx+~dFWd(ZfC&c!Ib0gX
zKaYf6cGduIrppob*NPh&$8I;{ZTHx%M8R^4d&F*uPaNCPm6R4{nqGiOl_)p2H?7_|
zs*Ilv2_DN%9nb;m8WK0Bxm#5xgH7_G&RH@(htkrXrv#>>D4Mo^k$4+0No>o*Cb(_N
zWQq+}C%Eb;XobmAQ_M#%Nn{kGN-)DY_#|aeehNYPCosogS)iN~nl=@0hQ997LT#cd
z1k3|!Kr&$2t-x#(#@#$DT-G41DnHwIWi6wuTrLg)l>#GSewrKR*i^W0m*sD^9Ts^1
z`_KR00QK1AoKqQphb#+Z<|0eT>4%Q`PQCbLGI)RU1;&%)Bh1?f+peiWK)fIb?e9PT
zuW#eaEA4GGyMS4oGMwFnMkv>PC%{UZOcNQzbW1JP9;$fg5+72c3q*YP-W7O}B=SjM
zXf8-V*!m^b?KR$1rqsbz5~r<Qnw`?<VunuxQq(abfiCTTi}InyqaN|RJ?zKFr>SnI
zPk|C)M10<f5IbDt^SpqiC2{r+rLt7L`9;%nGal6ahxu%xB^MVkM+yL_g%_%KVOK_t
zW&#^$4R{19>xgeCmbuQEhb>wicv&2qYIvl2=g^t;rB5|^&t`Hi4GtacJwmYks-6$R
z!Igl?UIg5K6)@oJu;%n{vza&*rmc8Oqq-%-B_1=ChRP;%Z*|zJNU3uo>_bo=%ugVt
zZ#Cyy#n+ys(KdLnKhd@3xi%E(MW5o<KJESY^eUV{{JsGj7})Y%M@^@oh<XO&)so7`
z$OhGO5{T$wA!L9Pgc0&l^JYSNH*#W_u1}bp=v+2`4Q&_cfuZC^R6$+grIQ%yw0>ZF
zG7JoHjui|af{9`J{It|NRIL&4Cvp&IubaP~#rq`n9ivFz&EnaAQ^kDOUiUWaS>5Da
z6dTAoWLccjph;D@ZWv6q-&j8eSMJ<NDIY<WA*8b+vvtpNiSI&Zyp8+FWp;oF4r-hH
z*KDqTxYWbuu2s9NSXUd=FJnZZb}_s8B9!1{AoQS+!o@^aVZFcp@U{VQU^Ac==4u-U
zN_1{01t+yYHHF5cwZ(XQ1GPJ!NoCgV>dY+eL}8jaX&lzxyn=t!-q{$X86=|w&@0yk
zed+Vd>7N(ZaIv}c&m2}(y0(>03Q*ts4FXMnz79Xdmq4hpR3w6k_b9mr7s)itu9^(t
zAvR?uH<kQw#C(@KdIM?DBjL86qkW>uBcRE;2BLp>|G|ItL($T*IBdU<vLD_HLjq=0
z{qVhkKg8qc2l(UdEcp}<qgndH>ukzLvG|n+glr;=xT%)&FzVS3CnpJfqV`^>z1}c?
zeivU}Wlsm<ko9qA8~Nc1h<dKxZqz?ABGNuapJg^;9<$V5N7tHc2H}1G=AEbg#=uX{
z<Ls-ve_N9SjOkJfM$1+uB(V+4w`9kNlY~4;$O92KG}o1KaU!VtQ(Xtb$1EY=PoqH`
zj@}Au{skl=i^oo~vVct!Nv9h&u>z`p4rpN1W%P~@H77~;a7oik=I5iRu=}dQ4fJ><
zYYO1{FiPWDG}JP2+R@U_lfl(2nZ$n%W!nr{dLVvFlcTo=$z*uzm<7ZMp{tae$6_1_
z^T%Z7SDPU7IOQH>q3E_cFc&kE*j&z8KFPh4-0Pk+xfFPBekY~eV3ee}X*Y|1F5@(t
zeb!)DPtvFk2aD4P_2q2mG67R$SdNnQs)QkSAmCEK;6%WuBg&c+CraV4AxU{r>ksZp
z4erMS>2nXK)6r-7#6X6U(neFLaKK&1!^#vYZ0I^SW&hB-6Vs~CUHotn&(iE=Jc&+T
z`1?-M;n|jU0F24T;E&6cd^9$HWc~i%ihrd`3HQ6`v-V%Ke=R#6c`_d7Rnag%S^JHg
zvGA2bO7)V?&<SO>nlqvMf#q86-MSo4lJ0?6pXX=VhtJd8<XpwS2L;i>|3K@h=EJ%A
zYjGyev=kbiUmIASzyEVMp8nV3GU)r_dIRcahOaZER{K+G+BUVSA;(&OYjtxbP4&*n
zTHQtu-Q^5DsC{pg`R}1mLYm6)2ax(JYin|=7Sb@w=5F44H_f#3IGR8mv>cmo^971<
z6wTSzW&iM@FJ}^s!z@;3H@5TNKUOk@zD7UJ1+B&-ZI;YOjl!IWGnW&lNaZGZnmMpr
zC2y|V9L0|INYK<BY+yToP%>Gl!yRs-YEu0}pVIPTB6PAG@w}&~*<mD!Gx-dCR@*S{
z1|t|@m-(_%woH)74J__d>t}5rc@pt!_^jT^`~T#ZHsbR%lOegDjFJ#~GYUZx?@mjd
zt`!Jt*a=|~-wwE?dP{X~Gt)T{R*!^L9x=9G`9lZf^xY)PGUz~my2otQz5t~;g8`hq
z!cWoQ2tYO6dkAfBfI5N+DSHpE?O+YRYS?IxILvV{RvNY;otd8RtO^QywUJ6PXYuki
zV<Rh>Fwlu?2$hwyR1@O!W20hL<U7d0p3)|YnAFsLS>n3dD06j(fZ4mY(dr$!(c;p^
zjUKm*ufn^um!8>w^t)+cPwd~=ppQjApGCEe&9`&$T><ncq4)>EHc?wScxMnymEI7G
zKYIS`NDkJ$W0mFn6er`BxY{6R10iHB*?6y9K7yE~dv3KSn<8f`2wz-$$invk)KylR
zh0X+jqd-;`&(sN>Z=>*|#=|=w7n3)}*rTYvgEgF0zFtp%>cp{Z*U{DXgBA_}tT<E0
zEM!(m{aF1=#VqBf@7ZjJ2~rv-!?{@Gzr~m5QG{Rp%ZCpQV2C}7n7Y?w*emg<q1Q@=
z>KzHg;!+8QZQxYDR@35+ljn$*O-StMoXEjItF?NTZsFRQR*lx$A->z7w$gDb)Fw$5
zU&Mnvn-+?>qn~cRe+=gG$7llhhTfp#Mx%L<%Y7^Gls1gaM*&0b%Ae8!p8MATeSrQ$
zI4xRteCKc(Dw17f1Qz5x0Bs0qfY9D!0BO&H*`moDdVY-8rv=m_fHKc;UD>9(OuW8M
zsjWK0A0q;ap~2q?#kp{{6!o=DsN0|hvA7}`1iX2GWl8u(f8gd~_%TAf-eCD=6sLd!
zv7NzumPT{gQ~W$k!E6EccpZUss^Fxhg|d|tUW45G+~^a#cS>o(vK}@tL27!VZ&;Qs
zo6~Kfs#Z#<c(_DW9VkrK@&Z$~3M<PTj%{jL)joQg4Wz<EDX;Zd8s;muP?}t1*WnDT
zqDanf&7|sVe}HL|ST=SX1yH)r0@Jo{wJdT>W0yMm3ZNzExmdUH(!C|2S6tc%y*}he
zn$6;mk$iqPL$%o94zC2@mj(-lgF!N%4Px0s3v0r@xr)JnJv$GZbVop@AuLv=@}$5M
zr>tu8S3!TmR3l6UA)G{ko3dmsY@M`{NAvfe|EKmYe@~>zv}|cIwblk*t~k9CFaKJm
zyv<vUrs#Mb4V4NusO2E4Bt<}{K@0g{o^K@J6Rj!`7ssXPNZ2pA^j}Jrv@qS<&c{TS
zqZ76^YaJ8jTXq#QiWJ!<TB>*M6S_*j-CW2=;^aF2Bp5ByvYY=62PT*)B95}+eiIJy
zIrgccf6g#+kim4TdQz&z!{%J;W5dHb!1rhtAP}(sX!!E`ZVB+d6Pi4kj6Q4ESK@Rq
zhXaFPyHRp^84bmag@#x>dL3t1+Esih)JdjIXYr?a6kSGX(-5hRk%h5hoMBU7las0y
zd*aJFF$vP}!z>oanLW|MKP7W0-v-<`8Q@Goe^?{>+4X4WOnN-mZ6H`6&xWLC+75N~
zH9rEw9wJ@?(Q_g-L28a{$*dK#K|l`|Mt)NpUpHvr`s&CS>KLx>$QI2fENsUDPbR}y
zj{SO)&kkKSC~m?Bi0TA$rSFJ1WjTg=9)55txV1)<;C^3B-zk9IT8M7`D9og-L0k`-
zf4$2^r{Vmf@AXO*26a-hWGV~Ok5I}yleURAjG%0)soXc1@0q%CD65Tv89qg9m6N)S
z-m8yGdM_@O=zSYe)-Rd`0Sz3t$*j-gS+t3DL~V5j6ZH)b2dJ6`rYw5L_3d^rExoR(
z)Wtd`Pj&nhQRyam6-9EykIWc-8>R!LfA!S{@OYMEo3@%IM;yun3oPKf0#6%AIACIe
z6Lva>Q-Soy&L%N<`NqN~XaEN67!EddRsXmI*;w)N?Fohl6uOaMhuCCmIo<}j*I_oe
z8YYMD(f@5Y8-jO#k%PU;edu++-DPH($P0x1s`9pP=-8Ak-X1qmFX&f>ZiLN~f90cH
z<OQglgR19A)To0pWr$&4QH+=|$3T1)q?6_-H4#}IDawXw<&Fe&acOTrOQ7B%p#90G
zB+jP;Odze{$N9})VMag%Rk4%kCxH4@mQ5k#dzmDcqv&i9!Vh5DM!7_%MN79RJ=3(8
zp>(y1vxay}5@%XC%TwK=iH4UCe`;wwN#uaLQ9Nl>0ZAz~4O{gD8otXYRgU9*SUA10
z(F$*S+1Qd{TFT+guiG@~Mv_UlXM@kFbQSh~peb5bi{EMDcQ%P3j=YB2Y_rau7GEZI
zb84$TE~%}!BsZpJY8krcP{sREyA0Q6M2>1~wv6iI<z?Is-t$=@KsG_nfAC2VSaNaw
zEP31dmJ~A$FQbLH+l*)KIFu->HMl`2wyM3^6g)RVX-R<eCc{Tzn!STkxmh%PE4J*;
zqVS`nrR@35&)Nk9asT#9ld%~Bh8{E2nqKNrC%~v$dRa^KzCnX}Ut1#x^>3*_*kJ^1
z>=zGS&Z20NzhJksVX@^df4;F%biEi)M>k)_d8buj4}F@2F$}iL7HwXxqPZ}IrTM#m
z2~W2>dOlsR3ELvv>uHne$aY*cAZv0$kZDwX1$#2;{WO@}SenaeILU6l<n4A<1G$81
z*tsxab<#mQ17Y(ukS)|@uI~}W*MktTiRD!Vt)dogS6U^daG&k)e{Gzf=Y7BV-9I$~
zwt-wu3`=#aA&(NrtsZ(FBe0+QY4&sw$tFR6f~G+-3@Vcq@XcSePd8s?an)g64`ve~
zO1P^8qmd^LhJo}~J#sKZrzJSXho6L00_g<Ni%|$21{MNpaRU6OCRB|B=q{p`eE19t
z(NZm2IGHDhGf$STe;T29Kw8~=$!4*vql_oRIfMkFQJ#f$n>MOF3v_IYG%SNcw!yKD
z)Uo#tfh8(tuz0Z4+%{jeg^aSfT&A<i;}3|=iY*_2&J-GIYu$Fc&|MwihX)?;=W&59
zAA#Gpu=EZfm(FG0%IxM#8in&Fii&t9p)Oa(Pu99X9AxNxf0a*Kk`>iEQdSg~<Oka;
z@A|beM6n@G{nfQnSD5RzbboDJYY`l^DA#M9=7D8Wr&>%~Tq<p#J7H%WOxP7$?urql
zToWeIdF2EL{{jLO#0P3CSD@T^-GKZI&$isaSLfH8h}vGs{#nP-38lTFbZPUpz@^T7
z+vHR!aiP>Re=T3ua-DG5FD`GfMFfH&k|pfjP-ZxkSa(lV+c7zIp=u8SRYldFX__+>
zH&X!eFK~Fgh$qk~qp0Z6zWMIOSpy!To{bqb)N>;;Or3E>9(vd<<&>1!rE(`{m;6$R
zUD~MQ0t-!kWh21eCIGO!?QwiLDVhTaa0$Uvp~wPaf9Lay3qiHwp~B?>g^}Xawur9J
zwHF?wev5yA=n`*D2C?}4u;)CIoIqRB=ibm;f~6rHAxgPP0;R=>fn5g$%DK?v2(i`B
zi4q-E?;M<tp1+xB6G0c(;Z&Q3a`$if6QGDsp`@hw6aovfG0jkj`*1R77M*8y;83+|
zyg`WWe{)pzI36!-^2|JdgxD4o5(^-FJHMO@hMG!F6QuIuLlbbArf%w3E$lNrZn%b0
z*mqcPRE2uSN4kYp91EEpUPjVzRhW9Y0Qfu$5O-BC-9gTD5}jEzp5A<!g&9Q8gvjG>
zzY{k1d=!Dhy$O~LPMJ$&^r=krh8ZxMRUMMbe^yIauHNYb%Z8(4k{=tpz;d-u>@=BW
zGB4!Cvp1096Hlh|40Om~7DApn)OnwOhKwTdj5L*`f|8Fl$^K*}<P&f(RLh)1beD2j
zqrZYN@eR*Whej$FOMtK5k$^8Ql>pzJ0n9cSz`NnJw9=;1?Ol`#G(hGS{G&<b2Meg@
ze_>N`gx2~oTG4lLX?OZ=vu%DA4L%AwTu5+;@JOQl-gzyXu1T5Igx!(uIGoF(qY^l9
zpa+C2U3-of9PTV0UKZ^aa%nwEK<VX)v|vikGa(KIi3n~UBp?~#;vk!cqZn+-aTur2
z11622dNY~9#RkCB17-$XSB!9M2!+TUe??XbsmfO5wFP+j!zJM5Gmvf>d(;P5-^(<%
zCOX4+ZO`?U#9!>#j8eTS&u)Q3<<15;?58t!t$C<`pd}Eg`pbK->FGYp(K}zy25SUL
zMD|%|IazvHZC^CJfwSB1-@a}@nSxDBZehi1O)ZlVU#1e=6=m)X;Foan&7@3|e;KS<
zJc^6HR^yw$7Q-*W(<%T}n1-w5<^ql>7&jw$XqZeU5YOHv5w;Ch)A{*&2G0Qw#qq_3
zu!@BV47S4HDjduw(V3>@zJ_%IdjbH-0G5+v43J#*TKb)XiH_vqGWSo&kxUN}X2`~8
zLKK`Kbf!PU<g5X=3G>Z%@-T7Pf3|YC?wGh**L=^o?ZrqF3(SBl2GEx>zKC;PTX31=
zF!4v;TQ1D)kUV{HaL?)E`4c$$EDWni%Vyz4JXoe?4n{HXm0*;yu%s$%(nLU;)X{yt
zNisOHA>4B}rbF@V(tFM&9M5?w|K5$NprOpdzX?Q>&urV*(Z26mpC_NDf0LHvbO>m{
z!6t8YQR#kHO#*L4+A{BdE6)#>z1<dV9(rZx9iZRh^&3F@<2=si3JOi9!n4eSp3N+~
z5;57jpKx&;&1Ga-6k!eEN^ZvqMZAD@(EwNqnmh_Mg*r%aQJl%ZWjUIs+Le^V;O8Dd
zIo4nfzAafSFZKE5&6f!%fBOo`-iYr&tvnQS<yyU<rd7gZtmQ_OkYWSqMV!hxqphTw
zVI#wIT_v*FQkqrobRf+(tktp{%4GA{vT4j2@erxDz_`mp+n%!IwnCCuQjag%PtVI1
zvszoy36u3DsNUyB?C)RoE110aGS0%$n?V%zD4>M3QMRuZ{QIoef2~DX+p(W*-rn!p
zlW8>RRb{NLzoHS=`E$F$3S>KL50y?ndj>{U8(=-Fm7df#kj1gurqwb%hoWlh<UOV5
z{Vd&)J%gaRJm`9;kj{_Qi{@;L6H>R7wL$K}Jd)yM7S4Yv4lL`L+k1cL>sw8yuC_Cs
zr&morw78V3(Oc%ofA2oS<nKTK`yN1io}ZD+eg+Lwdbap~&Fy*|o2-`y#KQ!;>MUd3
zHM#HmN-1C6(l-l<M&{sy781)aSI)Ul^JB6w(Tdv*DX1QC*fY6Di5l<rnPVZP6VIMF
z>JgCd!}+J^GMp6y?+T;otikq~?)wON%JwM^Oy4gR8y)z>f6{XMMPuHRxp*Ar;;!~x
zn~w|zd(4Jyu!WWff1P5kJ6ug^_Jm}~6UgoX8{M82EQIk$hC9-E45g1yte<BZ7CZ;?
zxL1_Nbr$1c;~=fIi^*-Q`$$QzV0vIURQ3qmViwQ<+4YS>s&{TDmU9V<Mjn$A>C~=d
zx3@|mU8Go*e;wZGb({^Znl<t;4BfM-p%x}{)1!`F^;dNRwS%$P`#jlMW}ksKvhRT6
zMLZirqq&2#QW@zoavj1@zjz{3;h_mgB(Nfg1E1+<cE2#VO0tXir-MU)H6V1|aER#z
zO8Xv$nNNJ#T<_izx&!%Gy`uFxp1kL8`$OyVC)yyHe}aWsGB)$RauB(zm<?wT$&t~c
zn=jf_{581wGK|JDSh1MBm-E7tx`7_rv;3v~+EL*=yXp~KRYOWbqyYz*I;Pl^Wtk-o
zASQP#%c$lNY~}#lH9R>E@|ZZluZ?d(=qg9{Qa#GRn5-S@J0-^-UPkYvjdy5im=9%`
z6k#_=e?Nk99<h5Fo?G!(uiL+qaBC#D+UvfKAZw@rrz2N40-J-wyv*rNK#@^uTe{BA
zy>j}7wIb7Z4POnI8rUc0(TMPQ%R`8*5?@Pet=>5jsq{LTjl;Y|<Vndw8%EHTE!z;X
ze<=jl!j+ys35qS8r)jK(pM(aJy@x)<X?z~%e_7T=CFDaV`)8N{gU6#K0H=v8lP*%G
z%ISs@&}R)8MK>(h;c~wHw#<S95?}pVO&(yOtQDq)VWTFIMK4X(s#C<3N|s*Fx5f8%
zdn=%C*_|AUF@P^twedjsQFcX|9drpZErwKI66OxIb!X)uSO?Os;5(R{;YC`_EE<I{
ze*|2b!f8C7j*5zmg|De7!6HKL2z$Bb({MN%ori-~{m(m*8L;CeiNFC^CLuvbvA#Rp
z$A1oIeY#JZ2sA=m3?q1|RIUe3K#bB%$a_fTi(EFbQwUW-<&o@HE5rcI6AiOWki8sn
z51g>D`^B9PZ@w#fqKu$g_woTy!V@6`e+Q$vwC#bs^VSF2i?^_~m(J^=W%|wk386w6
z()>ahrUysCQm39FIgM4u`rt(Ht6%-90fCveg&Z3z5m{zq9}~s2yk`XFK@$36`dF{@
z@qN$q(J)bNftXF2ddp|h&tq}-La^d*fBk(txrEW(Dd2Q)6^b_ox-SFa%g=Sbe}Qh1
z@-hhzj}kW&zc>(pYa-jR&OI-X(epCv8IBbYs~S{3TGo5cSL6LE#t1lT@`(>C0}mc(
zI*AJ#;taVq9+^Owa$3zdI9}Mi4CB1eMVtYXX<kYuHVBE@QuY1D`<A~2p&balcP$L8
zuVnSS9P-xx49+)`(cy=1_PV3&e@dAub%-5F>b?+HwfLfEA6(Xc_}`IZOjvxQw8sdW
zbe=Ym#ZZvo5$PT)pC(CQx&gf>W{}dJ1MJ4-j4asa_~tLd%1*UU$sFoKev`~KDDIC&
z=~qvRCl^U(D+{y<@EG$v!wS}$UV1pd)hyp*2Hs)B?#C#aJ}f4Veu`6=e{uM*b_G>W
zJ!+FYtdqu2oHZ#NK1Ek9vBNP0bkZoBPn+<c=@QJat+>Jn;g(J9YGVn7|0+j?BV@{(
z{}C?T!{cxU9Qya4|Dyp&h-Y%k@W2na%@KUSvaR~H>YnKk!&FjssDTZl4*Nu0_q<w1
zaP`jNF_pIfv7hQ#_O$p;fA*4-<zmT2Cg(LSg7=d|IV;yg#UPI9yQY$IOQ>%!-BiXi
z9V=8e6{5v?H>P}^VVViczmo1%wC@m4q~fm>p1z1D;pj>4aiM>UFVCaHXFP>kG=~Vj
z_|p04<}YJtI`J~n(!ngAX4+La%0K`}N1z}N`9qo)whAMq*$^6?e-MTOPl>kF*PK?#
zsZuo2jK+#f>oj&QA=Wko(;UFJ)N$5>UO;)#vJV{X(QGFBoK$mGwNY{@voPXpr}WiY
zNbUv|__Fv`(%H<wotDtBu<78C;fau~LQ-T$2_FsONAu~OL#efs;2^-cYp4v8*=#<|
zqE=4R4YJlD0b-6Se`^s7TvJ!4sN5^n{ZeS>WHis?QqcK8MrHF{MG&7C;0UT@Ju1-L
zinXnH`ZH)~JpM7uo(U5x+`T?{=M@ZAQs$32OP~Eo7%Ckz)sAcgEv#XfG1v*YTROKQ
z&MM2Rr(0xszGJAp9_q74Feas=RXKYkzq2EeZeXY&z?e5`fB(~HVG8g|ccdXtpX%a2
zCJp&lQ3PjuEmR3Pe;T|-dGF)~@HLUCQ-`W)Y`$YUs5HI+mK0Ef61B`@^WKWbZ{OSb
ziWZy9hh>(<5M#;#gozVzWfscrt1XMR(gq5usn)7~8-);$Lkpo>P}au1-qz5=n<YYM
zWvN!Qs?gSZe^t~&gg83)k=<mzZ)XsZYgSH%f$kAYzNoYeWD-nWRxNQ+meCdm?bJ)R
zM=_|@96}02G&*=t<8QwdwZtj3OL3;t6y$2ZM^8SA2OqDJd9UGs`oyyAd{q2ZJa;~-
zFyDvpd=z~%i;FLc+uw^@*Meq%e)2_y^DJ53ewid6e;2>3liYzOyVAZ(uAz2ZD;N}h
zTHWNrvKUWF_ZJuBBa`G?H=KYn$bb5M{?kGtlot<6g@0a(zr{Q9wIbb=gIJWy7+H(?
zET!MfmXf8yD`l0WQx}<r+U8!71s^2eml!J><bM`x9Tb2xFqMp(!*cjjxLWD^X*gNH
z5-(O-fBe1@Pe<H00z+|wqQG~2A}iPLNG`OZP-if>`Aez^ny;qk=CmsJp8u6UzZFl|
zV1{X-EjCS4JV_!_@w5>k1lg1kPsuI9oCcO}+@YXug^-uYWn8Bm3sh_bm1L~Oph7Nj
ze5&?_);S`!6;wlL#|x_Nh}NSvrH(>4hap;qf3RgchGL}ZoDzadL6UoJT?m^!y;dFZ
zTXbz7bk96jcWgt+Z>1jh3}oLInH><JtFOY@Wz}@4qki}+w>H#TKAky^oVr*Rm4+2?
zs?_ow5DxhcmP<YvNE-|!)6{KMhLOM$haFd)UQ#Q=sBbt<{{|8bSiq>916ekZEFI~t
ze-36-&5qWHta?WhS!wwPGms!W-&)ty;mL#<Uar%~K-!L{cDe?8LiqVIthDVweY^-c
zjDe)P%nocden%N++~(D?!h?dUTebXIEHr9WW3wySQwvc>Nu%>y*JO`$q9Y<D&QX#5
z!!)sUO1NRkDTO6y6RcCiBvn7=@d_D!e?^3O^)8&o!`+Q6igXKd6}zUplaX}@Bg^)g
zzo=7M8d<LCxu&}%Fmg~M3lU5Vgq0=f!p2~_S9N+UceF-i)jNl0H~-bY{HqoY$G0i=
z4a%ktO_<n*?-F(5$w8Ejp$8ta*_Lk~IX(_!W0@8wrbE_RDw)*fYMY6p1yy%cf2(88
zO|mWA)eqHD+ogdkM^qmb)jmuU$)J|aeOK`}QjQU#QfeIm;ZKsc02T@4t$=+a5Hg6>
zgG4Lb)D;g`c?kZhGqZ?i(m?mOcyA>%4O>{It7dH_Xjbo>%&czAEG&fk7BkCd#6gA3
zTk?m^ZO@P$NRGzL3Vamk>Huc!e>jduSk;%c+|e45Rqx!9nYA%}rpj$i@I;VfQ*IVV
z{ljW3-RC+XGQDpb*B>uJ4&=+y1K*}-&G+JZR-nX1H-n0D=9|Z?+|??#I_honzVlHs
zSCG@jRA|9QhUM6v>2@UUTKdLp!rj1bl7o0qHhQ3jpMZ<dZHmC80k$ZXe^YCYKxnlx
z{9YyVG>d<nM=v9O6=smkxmlbQECGMj*>Q&F8iu2G*xH{IPj=kic3cB@*-}50?E{Na
z-CSHfj+ms2EKJqb@4}ArIa1Ossv56nUD!&TNjvVJgRPv_1V@JF*?}v24jkTwLppbT
z-bDEvFES2e!!bPwC{i1<e+dKJV4mVDJ1D5S)zkkRyz-(?6<~H?bJdYO@)1RZcI3%#
zneydZ9@QoGkBaOcsLkb5=5VB@?<2!^bo;(Y{Flin?7+lgNcR|T<SJ_gi<60U2ouZT
zY)Qvu$GxR*Q=tbnu?)=2z*5B<<4kvLyQ->|J6a>M>YXDLZ-=NKf7v*&MS^Lo6lg*}
zm~l&I+h$|;l#XTyliT&S1iTJUD6Qz=Fy^0O6B2mp><vbJVHYZ?l$$|C2re}<JUpnn
zq+4->L)hT{UC=GVE_HNo%aQ563%H|6+2_73l!p>|xo1+Mi<Etnc*JZ3hm-AgbhaDD
zI4}zFz0!Y<Z|L?>f4Rp@&vjj@ngf(m#FcEa<&M^fta|5UyOnLXMjt#}I(PSbsuO8V
zm;q6QT;$)4Lg$uCEY>9Z>7Z2K3i$^zL>XhIZz-T+m~w1#DRm!$fas?#qK@ntp@w0~
zlG{75W5o-7S@w8TWdAVjSSn!6gp{d5n^H?hYL}{e4DI?%f4~lP&_0QR1|~XbbZ%>f
zfo?2lB{b$C6nIQI@KfaDfZ-~&v`T6$E|u0=ZT#~xPP4aS4VSZUdX-~mG9Twp#-mSQ
z@#ZG^^4^Q#;@ZNFUj9OV+HS)ntJ%$$<)lui*gQ6Ks~*=FTL=@?{4iYG@N}%4a5v(*
zCLMSOTpt=^f3I%-I*wr4sDN7bq?kF{H{R0uFzHc1oz)1ab=B)SM$jk(*eV0OXO!1(
zhPVMY*T#kFIN(f|B?TKdllSTJF=GS_|9*FPE`P`yRIbzVb`q;y^p^MUNNziRs-IS$
z&376Ohii564|cO%Nq>X*wu#gXOzdz*iN7idJ#o)Ne<vtlopI83h*-CqeR?=q@y+AF
z>f@o`&dg!vV3RfKQgR0ZaUt{S*RC_0xdw*#LRpw|>gt}nx}#lJTx!0|<2<%Kf02)$
z5Eee<uvTcL9-tIEp26jO>P`*i9RPX@`QJ_y#G#gF8A_ao>CE*!eUB3Te)iB_M3mNX
ztBAO*e@XE5W$XFyyDegqn7qoeY5MiEXV=%)XVLh_pUwu!_*pc0HcYN3qa+-r;)g7n
zO=seK`i!30XZkaE?CI+2Q+f62{Cqyi=9rx6<Y_n_GIBPI&Kpp=!727lssunNwM|d#
z?D0@Z2P$)4S_r3^Rt(C~&N@c3Ngb0Q2BDG?f0_vdT^;w<rUyG{w{CFXp)0v|FS~vA
z0LInfqP$(h<#U=v<3Uy}^F0#aq_FQh2N7^}8|c(?GbNN625U0r>7H?O{eE>Fk-$_#
zhRk9%VKR~BIQDxmd9{_yet+|27GHGk6WfvXew@PyxRIPCBT$;f4HOo(oj@GO6boD@
zf0k}r`blB66wD`ub^jFBodYKev-y5Q#2zSQ+A8roflIwurIxFk#8*5;57%-ajuCKT
ztHYQO@jR@9a#`({A>A}rIS!?*Rqq_eNKh!ISVGhH03E!KV4~$^R1CV5)!Qk|yHQ9t
z|6?BoA8FG>*w)C>E#pc5^QtG|_~03|e=reL_T1}vf72b(##(*?wlbZckK)0ZrtvHB
zcs|Q-oXDYau!88Ufhf_jM_szDf6URb)`ra(wuSkkee}`|#ta90el_vwmd*HjU@ga(
z$jua&N}FjZ2KJ`h_rUTYOt|WmaPKa;{fRc1-F(Su_!zUVT7ID6<ad+$zQdHHe?o>l
z-8M)y;!~x{g+8fXY)r(eT3X%NfSpz7r8QbMe`<GXyXBoiE;ax>^%1j$RZ#`J5EH~;
zToDvI!nk1lcmlC9Szq)ro`|iOxQL?_v{E*b)+NUt@V({z0H3{2lZ`*M*-`%VGRn01
zbQorJrEP26!m-7u+O4`)Rk^;fe->AG%onU&EMc;GM`E(L)Ey=j=#}2T1yTQ?72Kx@
z;LV~R=W!Zmpy3A}!^^08wA%nU;&RUlnv|#<A>i7wKy%3M%>s=-wS@&1@uH`n<)v&U
zOnorMpUS|ZHVB^%qFEMS!~?-8;^+Bnw67p;4yDV<e0tdiO!Y*FuxWahf1Hy2h`6^N
z@&BNCMPyjZuA;-CQYzeU_g1+3lKnStztKKMg4P92(kz)pS`0iOVIi*1;z^a>HV~A<
znM3iG2C@%M9Z2TiH`T8B=PuIsFYlCC{&A69u~2wtgQeLh^DJi5@v~8uKAT0;L{6E9
ze~gD`;&o?&n*LGy?}uZse>>MG2ixgoJDt$^MxP#z1%^>L8z=ik;r8BcqCGp<hUe*l
zHv9ZpdKJ#1XNAyD54XjY40&37{H!HKKdV(rCJu<hw~d;9fM=9%gc%F^I}gTb;cRdv
zPAP+IK5KHc!-46$%x_X%`H;ZoyyM^g_CNjRaFT5L@vf!zRPb8%f3!><Up1f)iUNU>
zZI$ki<?!GPALqFN47)TI2ZqmDmdHfQG?~u^jeH<TcP$+^>KFHrBuq58O0-`OqjT-Q
zrSat?8a_S${Qudzw%)dpEBsf8MbYk}u}u!|UBm#d*%X@#Z0|!K3W1i!78^-acya43
z3gmC>Tc3*E{)0aIf1l)+bY@6d<cO3=4oNEx6U31zY35w!d~;^zoHH*+PvWRNiO%f=
zqwCAx{S(hF|N84=aC+7H2@j4a#wE76rRT4{`Ks1SF@ys;)-aw9Wex}(hvO@Q;nRg5
z#iwjZhz(eL0uv`3HsSBAd@^z@O_2{3Z+nKTgrCS+51G0%e>mc>MC(l8s%!GLp;IX?
zyyiH%s1y^Ss*mi35YID4%f?4`imMB#(-!NxL6ufvr6NE}Qj<!q7cEoL9C8iMaS;Di
zjJVth*%QG2Q;Oh({LdVCalCAwpP(M$s;sm#ZIO}&1k0!utfs2CI{D+Hl&0#q*W$;C
znP!g&6)ntkf6OCj8u*O=_ovL;8qD(P$N-q>*jRpqS*>9mXl4SYB-bg)C}^^ryLt4G
zbre5NtRs6ws7MKJZvz#^F6*kHl6rMHc7Sf$x=yZ~s${1n<?Uj+bIsLh2WxQ~t{ZV{
z7%u%N@`F``3(w6${|<6=zD8{-@wbxodhzhv5+SPRf7jZ4mu;YGj!L1bsHngO_7+0B
z6Li@`P$^&C0-9mAHzN;!yg8QSx^6;GM>xygd)Mc~9ms>;`)H)-d_!~AN=K|xL~zQy
zYgC`zCFL9S#_i6QN|)Nd!^QOBBo0Dh!V5KENs)mr%JkY%0wyo=7L_|%BrTuMRCuQk
z{NI&8e>?Zb_*;;~cvATM>6f&WC0b%9%zl4!^4bN*_ahX}OSs!GNY>0=VGB9z;8l|^
zxAGw?48gEmpsI9TC=F<is}%Pk057WA_7amreqD)mWG&>Z<5{eF_LUDB^Qx<}^!lwS
z*jhCGmKv-fn_eprez7CwNLJ2ADxI!s914PKe~Fq>=k$o04|337d?!uW+)j}#9HVkt
zCC9>dv(S6!iYiFL_By$tY0YF`=PQ-N3D=8H(-qMRw2F@dwA#k0w~dEc15(a$fb+H2
zg;$|Ej^r3Fbz767>ZU2W#hm(5ucDE<7`=*J{WUe-907aU$1+`hnE7l$E4BNoz$w<1
ze`Nz+8CRC|dpavF|Au2R1>MQ4SYEG3MhpFvo1Sb4uE5)Mf`oZpveJuUh5*GwOdo`&
zH^I!m@l#m5@uzeAvU^=0B!e~1rbU;{xopyUYsacdC)s(!*)&+)__sKJhU)B5O1Y8Q
zq=S07*@~>_yg;gh<pVt&UK9nMDuZ0Me<f9IGR1d@$>g}$%q&M!8@ZINCh~s2Pk*J8
zdh<@o=dd6NxsM6NB`aE6e}_c2a+`*f7xp1ht1vC?12@M&#iN|hpZ>#5H%CVvx4`kd
zw0PT)oS(|-Al;o8o-O?A_PE|3ZOjYM{x!YEwy_R;Toaf>a2q}98|(K8)QOzHf6lzK
z{>WtY<9ZZefg+6Ggs$RZ%TRQn)A>!ZA!`80+epPjL~b5_xpNw`{k+HK(|CL~==Lcu
z_zjY~5T;=PK^RBe!@tRK5E?EpT)`Jy9HLL;(LYN3I}afV2V*XTF`6XE^f3*Vn@J<Z
z8!{K;njxXLeE2m+kE6hkId2;Ke>b?2SQYGaWFo&`#NW5Zl#Xb?amH{pnFq}RxO))B
zZTvldO8#QGur80DmtbmOsR9&W$>cyQzj38llFswgjfaYWK3xWz#dmt!{uFqL7c`Z=
z61{At|Kzmtq9GcxOU+TDpjxVH7uQ{Tb|o~?Qj52SKK)kh1)L!-+6yr{e>S$Z2EDg*
zKP!g0Y8#er?_6FZiK<AhcFnmA1)*o=NIl%IqwG;mM?>$=ZVA}aK9(u-X>IMU`Z-2w
zz-cFSty$ScuP`sevE9)jV*L)YeXl}q<u)lhhAV3#1?RG2nn1BAn*_WpY*F)|O%^`B
zgPZMzjqflIW7ZRmTzkD+e?=c7ph=Q}tXaIVbA_D1i?$A^8)?gxTzt4+$=M@9MGN4q
zJ&88f$Cj?<-FB%%RyxY`zWLFn!8*ggd|ZiWOerc)`K_V_R7(KGJG#opRpo(eiG$c;
zT=n3NowqM-Qm*`i9k#5z&DLwhn0U##QWRTrFTACVppg*k6i5+ye}gymTIDUCJSIfd
zHB}UyI(aJ8q9`?lMk}T4QM18U=qFV|8t%b_W%>3hhD@?*S^Rnr<z0mx$-s6kL7~(p
zJC3Gl<mSP?)Yf8NEP<^`3GMlMrJ}40$GCF1pDvw?4t2Gkk}l%18QJDu+s@mo*Y0b_
z=FGove;ADQcc_i2e?JiK=S99M09REMlb7ohqh_~;4221~bZof8o3cd3*9i_VEz8`V
zjF&hS^%oz_aX-@!)AYHCuk$$D#F=r8$65ml$ocTX`_RF*jRXWilK@qz444j3HKBOP
z-O(zfkTUmZMTc#u&fy9HPD;#_p|bk?^;W3e@?{%WhG|?Le+6fQuk~7;&6b-FZ`z`!
zE7T%M(0M~wouZTR#o}37YwO$fB8j*gZ|dXoe~4a@_+fm>Q?F3B3SzkSdc2ybVvxd^
zn+9v2#FyclMCz<+fUAp^LxR5YVCqPQovt6Yqk%e-NJq9T@v5=Skjf2_;yYxBWRG@-
zNST|E8yTfte;)XH^(aXlO9UoAI;?hGo0N`%WEolK=*@zb&0mM)aaAwq&tP&*_nsy`
zTMiYgTrXo>mGH$-(v6XoPlxVwIF*Lbi{WhIu^pDP>U1!EZN%-B-}tJ&w%rXjVAkF}
zxqsu&m+#&V(dT!Z^Y+#2w+{DmINiO0;Vrxh;XukOe`oyL@3?mtwsV0u44$o(p4SOn
zku1p(fI}TDNv44QihEBFYx%Z>GHQ1~5P+y!ls8?vNnu!$WtX~2#dmt!6$YjVM8lxU
z{TwH)f+4B0!BbnI0&qoBceh*Xxclnl`{Fx&B=9u8`h8!P{Ez<9C-o^jZkFJ+3|h2A
z_-<Mpf2K$yX#Fm$AX<>QrN2sI7}d-gab=+LJ0(?JN984|S`?*{f~*+zR0a<X)YAx9
zy#-cBx|n1H*4mV0F)61@h}^sB1ZkfMUl}F9EpfUTb4AGd+{eA%F@Kof!5D>ic-^v7
z<aKC%|HzRv34|RvJfI_qTlPuZHO4lM&@#Ibe-1uKr)mx|v^C<yh!Z1DJWrhPqWjf!
z9tNu*i6&h&I=UB6!tV$hBWw%=8w;fS)%3or=0>O(p<;xJ=Lr>Yh?p9IqOJ5spcsMT
z>i~+62@LPYHOPn;BVLr?#dQ#TSbE_HB0JQckE89rK`&O`5|K3dVevuGHGJ!XqV&P(
zf3w&W4TC9+q9BYW=;e*S82yqFXPyzxY%szhxi%?6un;pkEc=H>7zT7o*@z$`f_%XU
zG6DrrSsyE#5hz+RJOahh0R{S57Q-d!y2SH1e(z8SU`FHSQLS(-!UUCWWSOpDk`ltX
z9(kY(ij})T8aJY-yq>#fI@e?IojwBjf3hCxwo|E^_hE3oc=&Zm5{@p6H!ahRSc&VZ
zI7o}0i;!GC3`Ijz6h)v4p#k6mLpF;koYbHwkTuXqVICCkR-DJd1lJx|KaP*!;eXA?
z#UMj~nO|=8`O_~Czr~&(b0i0E>aB@)FhkG1#Ue=XovR+P4^licf)N+OkIBP-e-VzI
zavUx}8hfkw1?Mlgd(OMVEy2|^2q7oDGB>uhp5I44F1$JOqjj+IQ5WdTuNNE|4)L~-
zbD=8d@TR!*{xKnf2`5Xq48r?K5_z|{6z~L5h5p5U({gL<8X~ZiyFy@wOPb=M^r=F?
zX;Dz+W~`cuZ93!v)0`PAnjlC#e<;>7?8aitX2}MSUNx)ZBB6D(gv)0FQc<+-r)vmN
zmUUfl4Jw_zbV}x3QPWC`n-$+_FT`>Z6-y9BQ>XMS>yl=>VzFKqMdBg2?uzam<!24o
zQ2soQ*U_KO&TxT(pZ)czADmqy|NSfq7I*L@)$YjxhvuJ<-Gu1GTg^_8e?h|8NwPk{
z3kM%YC;kf8!72mXjZ7mrjo&|#c}Q4<|J%!-(VKtAi4Q;`1~o^oWlhR9jn=nsJOUEI
z8a<cNkA(j1Jl_6#9mH|4-2T3RH@SD`(3?Tjuga5ah;M=*&i#6u#N^kkyJ@h9(9;Y}
z@Mp;5SulMS`glKU;jiF(8$X`TaV;+LrLzs+<mGiRyC*NuSCS=irO*Elvy*eI3V%4c
zFm!td004Fy000pH004Jya%3-aWps3DZfA2Ycx`O7Sy_+UMiPEsVE==l=N*fElS0M;
z&$R<j5=36?bBk<^h#}cTlbR#J{`W0jBY9jCcoG;etX6+rM^}AS-Rk+_$H%%_-5b}H
zwz*!Dciwtsn%ov;b9=r1&*$vQUw^N<UN?oVY-6t1Po`V{`2L^&_~BvOnZAc*-3nAR
z-L}rJ*T=qZx0_9uA5E>hceXVRfCuYp-NRRRyQ#IiJGEE2ty|rf`?4zgrw#Qyxt`V7
z>-EVs+gZg`UFObq_RtR^TYET^xtTu}3HL2_Cy~VFr`k0AXmR6A1wPoOJAamKw`i;X
zsx|<Ri<0|4+r)icE$beL_YK>9u&#KP_!jpDf!5jFbR8t9t`-N&=4_aMrRdrAJFq=(
zaa0B3#2ZJKo{P6BpkFDFxp{n>4u96M0m(}}W$`vW@>x%L4lI#>&6x`Y#pz8dC|mp(
zJ_hj%U0u-^$G53la<my_b$_pqx_f5ir14O_O(Vb1I1#L}`Q4>X^R}RgXN6DoIfvcX
zZXv9mpikxAX*czZnbLK>{dn70r}q`O1JqstJ6EH3!~c-v;bR<{$8mm$?L0VC!vI46
z9$MP(*4C?sZEIW(bq)QHdh5*qKsDLJuGc+i+;*+0s<A=lmC?<#qJJ<4eX9D;dcW&!
z3#;xm>`E;P@}qV-?~U8FItSU<HoddevaYZ{+dhV-=%8k2iLphVN4u%rf<&Wh*yk55
z^u`v@4<EKCSAKg!27%E!5tk-k8nSRaxUw*xhxqRLr^;mD{I2}ngiZ0&sq0J7I5yJ1
z;lZCdV4A`5FTjY;Pk*h+jP6emrtf5I%tTg|?M>;Nbsw7onDE_<m4}0IV4wtM-2i<`
zXCKBme=xd$Q~5jDJ$2^4uow!GeFj?IMYiv4{o$!SLahH@CP%(+F6j$*i=tZwzggQq
zFZEKNdm@@V9ndoZO<F_=icsNki6V?iHShZcB1jz0mG}aYEPqaL#OGnmP$b}Cn7x9;
z{wp$4`T>e0OobFhQbE1BG+!VY^L;cr#1kw|UqN`_qX^|vaTMV~P}BpWSdyYUCB6_6
z-46*U572CrfT^Vky+C3wNzk~Fm<Ab|1rl>E(43NlkPP=Akr74X1_zDu(EU)4DLkhX
z@<vb(D5V)g<9|k}j3h3@SP-E*r9u&oBR-22$`Bff(8H001{6ntiFh?KNhC$9k@+I_
zP~TX<e1>ZaRFI(+%tE-0pmAfdj0u_rmPkQD6iEe<Xf3dehB&J@rwnHm51?0|+IS$i
zicuuyGDN-RiC`Y;HBXc;P$u$}C3t@m+*2W1SwaeEmwzY{%T%Erh>QdR-H#-mQfLgM
z0A8bZq*R%}5jFHn6!D2iahXslyn<!qg&f_Fj6FZWy-vN%M|+}7p}J9y%8bMjs!ajN
z(QGT|%MrR$HS}eaiOOSMg6>pN!Z_-+qAF6j2M}wHG6do&V|+h834I)i;G97jqEZ6Q
z7ez9z@PCs@Wl{#HZ~kyaK(zruq>omKPZ%Yr9iPI<ght0_KsVe2M!ApHoFA$L=co_o
zkHqbyMB#DsQ%+OdPAW-&A_43aub+S@AKy<P2%JqQA~~U`Z$ZS81ntT}1VShigP8gu
zdIkq6N$~C;q)>He1&4%r_$@6Y63!+R@o7lWEPsTd7pCaR6ow>-P*#PZl6XG|V;(1H
ztiyx}fyO#aS;o=Yj)pFe%0$!)C>qg7(hR?kMoPjz6!C>8P_H8(0>gcapp&Caj1q7h
zmw}AFvY(U(_<0%=nc-CuEAdMG#32_kjwCE4XmsL)hXl=OoTyZwyiT~H_|0xO(DB<w
zqJKOUpsY$1qaJR@hjxV{0sO>3BbtPg#%M=MV(3U{wo~XJI1^JQGW-UaN{Ab3=k;HD
zX#_W4lsg&WG($be;L@3*amy(DVnJ&=<ATR1<1@hoegbB2hxJkJWWJ>M{W^pG8saj6
zibFIySwdgA`)7&bA?|gmvdPY7g5WoHy?-5Ep?`JDXn3eu)ssZ5>%A-W>SlPS-V7`D
z?k*~u1>c*4b><S;o%RcObu|H9t*a_?I$wa%>3Um~U7MK0IIeEAyFKfjS2%RGFo&O>
zbq#NB#{JvbQ#+v#PPfwo%(8@VK1-HO|Ea8(`R=seEmDnkPZ!XsDSo+kW1P<6d4JgU
zM^ldvS)cUyFfy(+%~d=fGkN89!=s0}(QP}uo$PPP^|~r=k3AWlJ9_w5Xm>Y$+27I`
zqa#KqZ2Y40VP~*<9-QasGIz0#EpzNV$Co*No)gQQIM2ytP7ZU&r`EWtZ0@et&%<H<
zV5`bLnBv13|7vOqLU+`yNv4-gpnsR0Cg!KkZgsykk3B@KDEsxQYs;e6kB}p8`aw9a
zuJn^V^<S(VuwilgrH0|ndVaXtd?7qi{Dm*Wi)&s29d}Rl{``>oZgRXTyMAX{?R0P5
zg8gg62;UYq{|J=?qj6rwDTQNV>i0y9Z?*mSE(Ur3%^V`#nPSEkQ89`B5hcOz1WrYA
z6~vLc;(p*?!ObVSf^L^(F=I4Q!T;tWUH)M9{{H~8&V@-G1je<!TC*FYH35HPbCj+F
zl|6_9!HMEqOs-qBO+s?D?%$iXTW3XlyB{Z~w>Qa`UsaiWf)Co71>qw`5-`##ZMF;Y
zuvw*Zk^~e+iP9QakUa#lEY8nz=`v|O+<EK3qlS<~lL?u03$jCW8Kpt)pb}ve2@{*I
z)>i^!>bKMh`7X9V$BfNr1t@=%KtUT}>UtwND3$D$?!%X@KuHQERA4YrKH~JmBKRu&
zd7$n5AS;b~2Y;f+W>0?w-Gg;qkLpQ_#`!sYTHoHcznW^(>`DSDawRj=SVEE0Qy8Q0
z@$v=|yK<kzSb7j>eQ^WAq$?jaR)=IQJVM#RN1$2#JM3%gRfw8F7BPPXL3-^lUTF7`
zK_Swm2)K?n{Hj4+?u(mM>-be|Ko6g~c^3s|^Oorg`C-l7OrVmuo~&EuvGX{&y56iv
zF=pdQ%6Q6V8$QdXvy8FlW~{;aldw9B@V{}IvT4fa8_u)I#n5;ZbekDI(c&8b0RR63
z08mQ<1QY-U00;m803ikd9sD7(^t02YF#!dX6g!OrlL@CCe^6AX*@uS1-I4h9b7!&x
zgs7ce<>jo%GqB1v+U{2Qef{a|GS4DP+eqUqtnwqo{93$!$2Y-w2&f@uL}BA9-y`}f
z#-iFoC*zFDmMX0aokR-5j=8qg3T~Ww>cAqaisFL7GlFfPIrAf7J}_P#@Lx$Ar;@(-
zP#-<<30_0ze~m;CU(=gr);R1q8?(H2C{3+95Q}BCq{<lcjod*L<ppO0;*TygQJkMI
zD$WMX*LxYHLK>qemu2yRvq^@3^xkMCkwz@OXcb&^EoOJU?kq8IHf`Z_mo2ELpz$aQ
z&ZZ&%tZh=WAdLegeL?Pm^!q60^CWT%`Bq5-YZ`=Tf2E1Q*{=k@1(}w-kvd5{;MD;X
zx{yWvgVsFHvu`p&8s92E$e^Xgd}tej9vdGqh+3l|?lJD+v~7y@T$FtSfxkA6+~GfP
z_d$O@!lyUy)yKP*=7w(!qM8n(*D#D>BIgCZnLIi8x1-js^U~5z*@$SR-{ZZn-A!`k
z%hFDhK@+b%YTR$VROEuHnwN{I>n1h6r7SdLqtOOqg5T1`f=MUPyLJc7YtNsB<l~3o
zPeGr<te~ei?rV;`H-5t6CjgV<sE`Uc>X#Q&Yybf0-;;f*PXR%b&8bNO)OM2?swW&c
zxiEBl2LJ$e8vp<i0000000000000000NH($TdF+*gN2jug%p#nswx4kli8{~0%M(%
z(47{OEvqU43X@o?B?QK`y;_rjs}=&dqLZ1cBLyA&A+q$7!K)PkZ<E)nBL<nM00000
DS^QC4

delta 30985
zcmV(`K-0gl*8+gp0<g^n3N@<XlB;Y00Alu&*9Iehi0p}(YEP2HzT`})18cXsGb>e@
z%IdZ~jtU68q)-V0EG$y0Cp=Mawx8#zBkYKJo7VUX9R1e(lll^$a{-b72#NqVQCX@*
zB(dD(+_T?v&i%(<eVPQ!4T%#!3cq~8_1PB;3B73OhvP3_e7JOa>I)`G-EimzQAoag
zaYvGW7r#3DkN@ExZ(j`~FPo4sWuS>Ld38JWzI<_=rqfr0LE>GLiJSB%z86PHG)ntk
zG#Nyrk?)bgZ4?g&Jj=24+cb_mk|fZd>4rCM@}g+Y`_!(rVeH<*%h;ee@UGoBC7+gU
zaGe{G2HHSfZHV8ZA($c0tu`feZb}~Ds8$+(61QpyMzzwCv|URLlase=iC=9=*{&sF
zwIy}CmR8VdvWno*l!S0|6vY!ag`e?wFmdCL*|Y}@Pu<kN@&iA;gEm=t-i+&qAGa70
zytQayA`CmXpbRF_kOabT-b(c4i!2Ub74P>J@8i&4<?k0Ci#JHnu3P9%8<0<Fkfif}
zcjGp&%U`z&#zLVsh)Do&jKbvFpDwt=WZTx@=JmXhn}+~!GYRI;-A=idq_&Q=S@|+7
z8*DTDV(lhDKJtfK<k%LgiA^ltXfuRrpYxGS0E3quZv~nXaJiPuXWjt6(tzxdmcnA*
zhFY{S@Rrn#?f5OpYTi!1D%g&{1T5Eok_XlYQ)*zCb!vha=HtK*e7)3GGE9fp-I|-P
z(E#6dQ}^0U7DSV`IBLlV<}He)7IOp(B5%RZuuakpXwss=yGdycr{moS_1AHfO_#0t
zyR~+{WZAc<JauTRAowy9N_HE}`)hX!oP6TFIv<Bo>|O;hA|PJ|D3GBmfPVphk@16m
zC7<YZ#Gm5JD8Mhnj6s(8;tZ6)t7v$KpHsLYzM8tRdk!?DD2`?dy!nD&1reI!RYA8j
zLz6+HynO`<=kVQ^FIZOLIYAT`mn<@JvmnJgwkoocF~4(xmkdL3B$jqOy@>H6nYtcK
z4jytxDFGqF;tPR~;O51}k9Qe=&eqM+=*0kE`_6+KH!fhY2cm(*`PH~+^N;hJyqe!g
z{%9ukYk^C<rPoGr&(!hqplD>U7+^e~*#!=6KB@iocKa$l`|9nb{hqOG#+v=FZ|v7^
zFD~pi_E(pT^?|u~_tyGwe#yMO)Zdxszr)wk{N;S0tLrCPx~@7JS6x4UUXXajGL_2u
zRafbATfb)TaFW9c2JckCqZI#Cz*Ee)0X)?^`vp${h_)!&_7%Vz<VJK<(BCvB35jpW
zi!&5KJ(laS@?U>^#k4>$-qsyQQg8xg2EnO-VjSNR!JZ}r&-Cx2EM<m-30x-duVUAa
zeZpLr`d2-}O?;0Tx?#e91cU+J{T)gBEx@TroMCg0T?MDCiMGJ1Rd9Z82zh44vwLbF
zFvFjI_)``ZU}I)KG67t0eSkFl_jSscF>%u<X2d?<=lTruAqC?sDc+?|NPP}(wt={!
zD>hGITY@+zD>5tTdP|6_w#;dt2@9|gX#x64lqEe_k|~MP$d3Vk_F1taFBvbI`XmO_
zP8d*CuHk!9Wfm}=IEqGgj8Zebn?euc*qyvj!45B`)de+>rYK4Ehe7a?VX6zerZYPn
zZqd~>11Q%Aa&Ch>qH2n)s>?NUbtHkcYTU1iB83v63M{WkjTlwALouqjRKlp~`}7Xj
zOEI0-ev)3mz+mow)9ZZZVK&L1^n;sV{v5lwcRrk7;|ee=UN{c2HbSGzYQ6Kv*I*e3
zzW0$yGQ`L^*MR@L>&Q?1nEC7f{p*jL5GI+DASk2f&O_6O!&aRx(R9}?o9THYVeWtG
zR2as0N1p!KUw{1TU)oSD&lv(Qa9WjW1%p!z#aNQ)GlA}ZVNFb+!5SXqe_Fo3HT`z!
z#Qp>j4Ben3!glClU!>V(R@+fwmmZMdTF@J(*tV`aXit@`EJxBUmbw<6>1`W*`TguZ
zARa2cA?RXD6$#cow>%C`HwVYCHDojL1JV-rB+cPCQ>&@>ifBrXETP`^jC<SQo;ADo
zBJUdT?zJC(W}i^odgFR87b+Ln4=|#S?wByvUFc4Huf<x)nyT_(H`U~_ZX2>`J+D=H
zt>zQoS}rda@Nu+b_f)jwpMLn?!=HZmKaZd#C)sG^e>x2)jH37vATT6X+4wX7P(;o!
zfBg%!90ULRtTwRxPs^DVboCYRu(no-A{qwA$u(bp0%r*t$5IFW-nifCiIZ<;_pv`h
zm(uqcp>CzXABXS}g()+;PiOaxi_X^BJzSf6Rr`P{Z2-$@8fWn)?pAGb^49=+04L3F
zF5kSqh)KS6ni7iD+X2nJDt<pq7U|io9}4`dIyP^jBQFXfe2DgMviNU1O4_L-m4!#@
z9i6>@J~!T<-uTnAzyI<SN7Z}%H-B@0MY#CA)nO2W_fZymBpIMxGB`;v)t=o!-hm~w
zFuz*0T8OhjBfnyGiDmh^Q~7B83K&aLe9l)OAfpuDnnuZ&FEmch;j!)kP8IlvpWqd-
z*t=c#gdoe}!%v7(j-u<IkVI|6NM(`RFj7T-nC~*LdqU;K4I>4BZ5S!XvdSi)vYNJG
ztQ@DY8wShqFx(A~2#UCAxFVX)IsVSEWjCE7c0kbM#=e_)z7Hf1%mcN7ugERFN!%pW
z6W{&v#ic(14FE1P@1ltt;>~M4Ojcj<lIkVeTPdEPm|`WKptx2D-espGT%+YQ)32a^
ztGvX^){EMfIA<y<hoJ_~^!rS|&-8l&^gGuQjyj1os@DEyM;EpDP3OgI(6&CKiJzT+
zWxoDk*%$idZ@Ma-j{%0IZo5}7?8!8HVq}ez>u!=gFZ*Y(?A<Ni&xz@EG0mUu8dqEj
zmHDpG!#TkcRUP%^a&VTy3XU!;_3J%<sN7pBPkxBoNT`~DqB@7gvqp82G`5Ddo+@uW
z3floS%l^uGR<)j0t><NbR<)j0t)H)|#o0Qq>wGQBig#p1<*a4O&$g--9eGW;V{J>}
zty+%~uSvYl?=@Da0LsxKb1ne%bQ^s3Z!Uwy2mFA%WH7U(j(A;Kjr=s<LI;$8`Gp^P
zK{h1J-v;SF)EeDyfZ#2txY2FWzi!pbc0s6rJ5K+hhzS6A1#XfM0H4ofG%1M0ZY4dd
zzm9rwwQPgu<veGnW$)|M!i&sLa1Fhme)tnfQjCY22HDsTUow8c00O3KMFkE-G(}n0
zI-yOTl5>>V1%xT*1vLbaHT7G6C5-NaIWu4V)7L5dm*;l<Q}HnY!|PTNzLmv)$|0P<
zr%Q9wll?-2hC45!PXL2cif0~hcOR?gV3Hd7G`sh*6mzl}&yA66UFM1;kxw(zzMm7s
zFbJxc*vwZ2N3pFu`lk{(&52x|)VrLIta89=nz&r`&K|g2^H@1Ub40~|X|rw3X}qX4
zW`gd0tn;OBxx{(?E8pWDLY-pxI}_4sj%@>Htf$TGHjuM7grq<*ZF*gex!dRD8TW>G
z%mwH~Zos%1lVq5+H3S7{3d92X((FejCX)!0!tuTrL|Ih=Hlv}WIg;U+H8d0j(_lHJ
zy8F5w4XbyKj)u(;qly84@D)(Ws6LP&zX9-sLjW1v8o9`g7cfhs3>j6zB>p&bvrm}6
zStM&7Ht%G3)hP&OAD~$vNS|TehD=D98&r6vZbEa3-5WPd-7%p^HFo16fWQOs<@y+7
z=!bbU9+oDWCmZ_+!jR^?2GQ8}d=fB8&iRuCh+i_pDD-eiK0A1S7D8<Z+EYTZfY9=A
zNSt$ILhTBEF5upRGDV&>9GS1B-SLVd>9SB25JwbdoxpV!7eDDM<q?CSqpK<%#7>Z>
z0tn=fhO$AAfm~DKrCFYS-5Jex8{rwC{<wv(SQDYWPp~Z1uGZKl>#8mrDrWGP)e%*&
zEmgzVoRvW~U|aQO&WXqYU~rhY0skYnn*DnkW5_hx7YQ?--G{UL7)0tcN)jK{P%0bH
zGy?XP#u-f*D~eXYZ``(c^Y!Ir@fe0z`=b#wK~M%yq9G7}0$lYR_#fC(z*Mh*FHrl`
zyLRy-e+GFi7+#Z`5*mMh_UE|9KAV?QVL8_1IkSa!`NWp<ys!sxef%Lpo=W)?>^To}
z5lEP1zyuC1W~T045V>8ma(1WeFAh4Z-vUM+drH6T*Y<^)QJT{fQC0-BjLRr3E1Yff
zRj1h#L+RHG^rfy3pL(-?TrdohB$yZodMws%2@kA2ksIG5N5_BaDFKppK?{v3WA;fF
zC-a#nZR8g(JBF>&dP!yMuysL@CGjEbn0p?1QEe<%vjJt=8laVKa#-7+`k=OKf_1ZP
zx!T;J%2|{K{1zVb{Er>6<ADYT&@l>FmfM)~uz0J$q-%eC9bh?=Ikw$FrxA7Tm+=|%
z3_h&QhG|&&9s7T)&!d~tx!<u|xba64*S92gSg?+uIREDI+c(Mh+jk@ZTKe`wi&f~}
z%UajdUKg^N=_rP!>Y`HfH;SC7I*MMcjIv%NRoDDPL=uP@P_pW}=I0`8KzFCQc`k6U
zco!J$b8+($RQd#c8=&!DMbxW-ZX&FSJ<iPo`tCHl3ebNyL@lj(6I6`15?6}EDjLnw
zFB|uo%5i!g0kw`NoI2*@LhZ14vz;93(nCow8HfY)cb2wc3X*E6mR8S46I9btM6PN{
zKe45K{h69nsCH9x-%qpI{k)vwL8p3^jYccmkB6V>LFe=swj=etlF$v)RR=yv;b#^z
z&?J1cpj>~}Q5DV++LX8LNVy9gq%q08c)Nf}{zNG}rO1P-gr^kOT9JP9WCe{kS(Zkd
zbewFiSh1QctLU75ObD!UxsLW&F^es`#RW*xcO)E=m<%sKc`#z)exz@0VcxC5N`upN
zm92SZ1=W^q(G)f>)JdS~>O$2PVpUJ?wh-yrKfixKdt+{EaNoYaOHwlV7GNF4FIMU~
z?9dTgZ)?vpY36h<TlvUT-4a#|65bLFut%1}`m@KC8mhb@Zj!}x*Y4+qFRUa9nx!MV
zFX0Pk+nTJ>s@l)^(u6POwHt;cc!Icc_Ob<5h>FQ+_KGi+wMB^+pRwX$x~rkeTl4*k
zS6qK9Vw7}42hyu=!M4`Oem2C|nnuzyT#R#Ttp_rHsIv>P^N1T+#1T5~H}|{3W$;gP
zu*Ne7-G+k-oXFa&R?DU2WE)uMvmUk%D{3pZ{npxE$#l!cHrC5(xv#fn_baSrhqn0s
zDXXxWE=#sri*(^+-LWm}K~if?RSyXmiot(xlCc?OU_2~Pc^$`>S_5(oO#XYT=pR`W
zWv$MBcvg3`yk2k#Cc0uZhYnWntl>1p0=9KQ*Jhjd(6$|%_FGI4pkbsKE*1C*21Y%A
z>f3o0F+9tUF}RB?yooga8autA?nEXg(|C5DfXN7d84@!3d-MFf9?DXhGtO9+6-R&S
zG~?z0&VFFR2&0y1VA&!xHy;`dJMwQZ0yPhIgKzM6ocRF;rl#GGp4n{%XI?a!AVgz^
zd?J%+uyMn0eKh^P;D;M_S5Xwq?n&5hK~N%Zs;nujY}ZMuB{)?dTrtE3f~wxx4?*n=
ziFxJ~-M$PK;fc5<g2BpB7Nc){m@$92G?X5e9`=_AMohVjqlup|uIG_yp39S?T;MX8
z^+f273JE=T3fwV2b_#v-dAeReKKUcxTbxEk&#o#5^5Rfd<0tVdOkx^^3GHzaG6_VH
zEJ8ImVcOH%@1Sv~bgQGZ5bXl!6iyH&L#_psOBQe2d`Sc#URt8U3roB%A#s28&e4(h
z%tGE@MFq?%8)E(f32&l1+>+1opxWYuBN_t@*o?vXi<HNMANF9u2wq3y@$q;0Xx`ly
zC4PHYGBEY89&fHWJpdajaN*E1HL`k^<iV$i;jwuHc!9be=pC4+Thf3IJ#h?qf0KvD
z9DRieO-#aQdeC$b4EdZf^JsrT&0`P;c(4mi=^A!Qd(dTD6l=xKIY(nPtcOtMiR(8!
zt9SOm6Pw2h0}=&|t*7egnxmQAqm6YRYn-Q%3O!C{e){2GnKwtE<^ST3ugK$so*i~#
zV38!z@%b<iT?)bmlW9<EYejp2c#fsiwi!5E(hQwmeX{ucdZC+qjyQjO&^f)2!e}%)
z`kYXmoF`X<A#+Xe42>ek>*qkP)SgPR=`>1U;v-P9=Le-xzekQ~JgNay8)0C8Xr)i`
z7rkf*Z;_A*qao>kmmD}r$&C*f`ngk%k|IcgDb(XHFqxh=*lITY6Ju$=rAJCLX&hxY
zu-2e)4`crZ@Z&1>hhu+|Cq<(0hUa~nPZ_5<0eOcGB9FrHW}ngyvB32puI8l|Erm4{
zdfs(;=~><8mC`}RM_>ADn0}0h%Q5jQA4U|P4`~UfYtW*j_zsU`qm9l-le=a`QIQQX
zzf<&DJ(p+RY7WnhFuYFFY4U0?xV^pYCw|~wC4DcN42I-}1QCBUl?<}vs+UH+43MCg
z<5cg)oAz=nOMaEQS6@c(?Zzj!_0?ERaqZeDjwDO<<Ys|mRa23wrA;4Q%NJBjuynJI
zN4#Q~mRi+{OkI>r-1t}-YxT~-#wziu#)BGH9jmN3vc}ack|U0_BY7{34~6ot^T{;8
z@)x;3GGo5E_^N*m<JWk_;S~&yDf`wWiIp7Xi9lkFF6%B1d*k}tR%I2stcDGQ|BlvO
zI~+$}qY}|FZ!3ky_B*||QxeuO>KJq5`#klNh9uYW&?}GSUJg3hG)Q`0d^b&xJ>3nv
za4aWFhV^3SZm2IBH#uT5$tyE>*HJ=UQ+aWrc{w|pQ8IrW(#?r&?1|k5e>U>t$*miA
z)sYSXvenJnaxc8aYy2L1*%8Fuhe6ra+j^RD7Xa^T>KjnMb2l_9Y;A9aRp5t7>IMPW
z1;J8U>|+V$mvW_a%XQgGoE%^<Ybe5g*Zac&|McEF7X$mE_fE#29Q%hYvM3J$LuYsP
zaaai6@O^)_ul25@bmV{P%aw5s8r3yck#(N0*VbZ1!&C(tfV+0+C3UTOXG73XX|n5f
z;@h}}9}a;lcLH|tZHVcVB;K*e#O9&bhuvUv(i+1L+ng3JnXFUBhX-uVGJ=+k%goOW
z%VP2a0t{f{exjc-WdyzI8PbCm_M@Pwj>H<Z>dAksC1|{3RBf_GOt&O~l^c`)t9K|4
z6_@BJ@)=gcId?gJT_`}ecwx@v>7!R>LO<Ku7LAkKuGO`ub)Jisg*iqqZ?lK8-@$IF
z$R7h@H0<G<H_V5tEKIY03vNi`CmpVy@1beDq1F-)cEsd1e7=NWZC}9|7OF^+`8PgI
z14e(Pq^RFU1NrjJ<Ec9)tNd`|!fd$|^=|gwVgsk83${m2+tIr>^v6C>Y~&F)q^uaj
z|FY0e?*?fGWAfb~8C*xV=<G{K+RLUrHyrl7C>;6YEGF=)7XfkIOv4_Xbli)=UPh6*
z$Fn_F?99FuUEvkB?wn~%tT|cyUc1pauTg)C7*1hW=8|+*$IWgCR&mAB2J>p%rF!I@
zIcXQFd@O%Q5&HG(^UEp&?9}+fw$I|=0fZ-L7FeSVjQ<f0NWrR)%i8rtnRB%MT?~Xx
z{X9yg!1-LbMYI2hWr}HZ5ALs&*J!>I8Ag+wl|d6UXc8AYS8Fg%2Fs_@LksZzIbwg%
z4Ln-Ye;l@}9VuEIC)O*I3yP!)x?J7FI#qIcC@p`R$iIzxco&-R>4J45i46+-?gYbW
ze4mrmKF9W1hL@!N{C^h1331bxMsa^fs0-1(as7lk5YsrCQq-M*c+D%TmJs(PzCa^-
zeFj5>XFoDLGYz2g<R#O+R9Y7(lk|UpWuUhx^VX&HLjFD3@q6AQ6!A%)5$Z7!D%aIM
zJG=tUcQI#kD0W>unIr?TAJF>l{9)CngRk2<^$As(IAtct=C2}9W$<*R3Fc*BL23t;
zn(s0U!>tW%VQ8Sh*Ew0{<QJV*_!^#|yCewP#HR;2(ZiVXO)J!MX`Ssw&Pac&>ae11
z%Bo2BR?GQ2q7EtvEt0()w8_bi)Vw`gxpRURz_FG4$6)gm8N4WtY3|Purby3JpeG6~
zbYVcz*EG9m0;c7Gfv}A>w+A?&Wk;=o{5TGB;Hcuqvg5GyW^UdbJPtFv3dzxTs_AZ7
zo}`qcaD*pg<%Zr8%Mr&5DldNyQK7URMyPRnAfA9r-e3jo`8jwAQb}Q#0y(tckTPf6
za(?)7Ie^7vWyv<HK9Yj1H*iQtl}wt6{YXAQ6Vr7;D7nn+9s_vOc=qQcKYL{!i<tWW
z=N5Q=&O^xvU;0kkMg1v;Y}=MxE1<-xmL@w|wd{BmI0pt>gI|yu<Bxyi7cA76J`mW_
z9oPfpE{@G4pQga5{czk%uSqZQ;Q3xOqCe0Lm`1(g2*#c}9QwFWZqS>!KoB8G&^<_e
zcs8al<b>3V;<@)QC+wBVtsA|DvSv%7;?yXD)i_&WOXp)AeQEdVivV>t@i#HOeft{n
zr1c>4d%>*gifLX6N#lPE$E+uc$edytyjk6Tdu$@3@u6<$T}MDrM?mY-rRm(oKlsHF
zfY6z=6$h4HW^45^6wb08)vl)V*AQycer^Mn6_-j_cB=ci+cmJ3&drKs-Na-bQr^0a
zW_M+EAG4=h5J#N!&XG=g+8FP*VCb?a8MY|bHsm-*H#k{nt2KWqtiW1}YJ?|Zj?Yi0
zD!k#dADQopt((G(p=xM;?f@wD6F>AP*#z~_Z}>hvb8;7y*|<1cMuP4PmQ7KKylm{_
zsO2wcAlQykbDhU>mIt0~Np}03KO_IL4fV-_4#ZQVKG6{rK~QViFsi7RYD|~2VJde{
zg!)W+s5esEwkLnL?p3+QgHKbED=qz~vmf{1dU%t=aFE->hxOwFhwOC3eKQ_&g2_rU
zi@|nfDZ+!Lph!#Y3{jI~CBa-)t}Wql_0Eal@rTq8{N&I+z2E!cd-I|r+u9xLs073^
zCYWFB6_E?sG!IoR(Qdy5D-#V}6eMZ`R@^U!$*ZLzT&sWT!pSQVG`eIF6!p}-yJyQ-
z80vh(l06gyk_Z<3{rlfAUql&WzCQmYA_E?#TI>PMefS9t>~rCI(#|o*sjPr??`xPL
zaF&_Zaa&@BrOSND#aRwwsoXifKl8uVR%D?x6uNpoyi$t~oNd;kJN@#~{_67l?N^Nc
zfid4+oZElz2Ikw>ukCj)8U42(-e219nAi4u=0bm`znT5d%XjeIu4B#asJ~WKY&~o5
z&JA16`SQcNuRpv!e{b(FjkEvO0wGymRvnS6#gI1!A=ac-K5boBWEKkxv=L#2c2>gD
zs?Xs!mv3HQ#3Zknmy$U}cfjQ4NlKg}IkJK#TzP*N!7>b;cWU(ys;Xr^N!esotI@I2
zpl|Lp$t(IJw`v=xv~gG)USEsQ3pU;+`c4)cQ#Z|8YDy!XoG=L2(16Jqjw;t83pr8b
zM2G5eKTGsTK;-!-@kSUIw`*oY>%nXpT(Z}xGdF1#vW1@08{t0P+yFrvVYkCn8`<cp
z^eBH1_yJi`hTKkuT{CI$Dkt%VP>WD`YGnUR8v7;<P<_4FpHdh4-xYc~)}&zIZb*W^
zYavlYhgW6Ct_kIz4{Ff@)c(pYQIq;&Nt&#xHTm>;$X-!r4b!RTFg`Pwlm>kG+f=FA
z79T^mYn;)3IZKR{2_;yiX6|BAxt6qIEj)j37(A_t^o&%`NR=bireQps!`^<zK{RgD
z)uARl^l9b!7F5D>vc)P|tt#L%l{{0)5vU}}(yJ&7hrNX!{g^~UmD(00Bip9ps1l-f
z*;8N{vLVzC(0V4B^=SNgkxU+1#<;^F++DE-Yu)a}&|hRluIsA-*Y?<bl~N8f#Z7-_
zd$mWD0l$)(-{b>SRa<4npRG0eOxX>Tjh!7$B2HX9@hEnOT_j;MGD{XnB;BkBlKyOv
zxxH&elr+O}=myqj=US01%Q1KwZ%~?>tgxn|IMr%mKQop#@?&!A20@;&dB?ne`{A8w
zfBWw3hf6yrf3D_)NMm<2@;zo0N0Wb(k?@Ai>%wyTa*y5fN0{PXB|MWxxf0*TJtSzR
zrt?Ov?l#MFx>7#|_n9zO3FAcd-DhgZTWYEADvGEWv<CRkQ$=Wv?!~?Q1j#A}HiMSa
z4VJTM!obfLw59FQ<knBU>*9l50^O&_<JIBb0>BEV3JNdQB5d0Oczw*$Apw8fIu@^^
zg;C6AyI$8Q%WDSlu+gELqAi$Pqy0&*O7oOOTjmY6u3?|zl($8_&WQ+n#?8dN*<(qv
z=2a9VSrja*CJIGfl3BwsE30_KXzewuPv>M!lWPuWnKKpLrlhwVtHVnYEhW7&*6N*8
zNs=L+kE&(T!!YY`h_wP+t^9uztE^G3XjfO&O7w$^B4~={RH$dmJ~5LaWU@A?8xI|_
z-hDi0A;^~5eFxccC=hIQu=0+RFUR9`#IqfH#^Q*T9-FxdD?!t8J@8d9Op!B%s{C?n
z#nG3{u*^;JJGAu*>)4x^l`X{(SgAHlRxvEw5~_|Y-4Z0JZUojYmd1Zx+*uuaTejEO
zQJ0l^H@hFr?qd?7rd%ov(=wj~IJYJmD;kKQiJah6LzlOJ!WJvoSbicubZf5#Av)?2
z<x<dY8n}JW9e|mVO&3L-=S3W_sI&il=BIvdS)BjVLv>mTlI{+(+q{(ToF_B^jw*+z
z0Jy;Y<DEO4_+dW`2G@Vlg!Djo-bV4q@(~7ZLW^hQpzL1SMqyd0@ZoGyr;mfo&BNp@
z$<ze7jqBtwhbh_yFY;7@-FcYB9jYpdmZD00dE`|)<kC+AQi!n*%ybRwXAPONm72aQ
z3aY^AT1N?Wgh{LrXGu7=ln4*xU5;n>A<7C&Q`|b0eCGk4?I(Y;fCHrldTtY=Su9p{
z;I)gT<*wdYv)sF*CND~yqtkjjW#vg>HPJMxXDhBp&4#hA)u)bTicw^PX)@#!nM{Ew
zmWWqd_XRTT6W7<6DouSgqC{x`9fjSL9<^QXw+n5w)7p5;v<<_l1-%QL&2cs@fUzZ4
z+ZlBZ!@S<FmK=ZD9Z9h^&6}s5f8H`_+)*{rp~p9EVwH__Ve_&qHhQgE;ZPelBQB3m
zCwqmr04f|yd0_ri&(f%P1hrVW?v6lVTs%d8)gGel`XLq-3&;qDtMEmwvF^mZMDdOe
z%mQ?!UaQJ=8hs>1PIpIMv$;s|LjkX=<LcJ^8ZXJeY@dJHxSw&I5jVN(#fjUI==M5_
z`2j0u{gVL4BSWKQIfSEwW=z6fOuj!w(Byi=qeCc+U?9n(Q_`c&-<v+uO@osAabsoO
zgMwv?Ge!0df!M!sI~T|Q?4UrIRR1HnJ4Gt_mqFo>eQYr0bsrv;ivqI1DkUop)h4H(
z!PzFq*ZhBF&8C7ViDq-X{HJUc9Lv-_yNum1p?f!#(vCZ;&|3^8SDI`6=6_nY&{@Uo
z()eMkHg=b1r!#iYU%PUa69RlLK)UPT9XeSf9q2il)B%(qC(MjVf`R&>i^W1KM^Uyq
zh>0~gL1*pyQNvAa(^Mp-`5>k$L#1r9c$jur@ST5dT&l}@pqniRM?1HYz{B8Ft>%T~
zB~|2vQW^OTvSM}8#ii1upSY~(=rbzKzv!nb?Y$_7@D<uE%NndxjB2wkvXjr~VB<QJ
zGwE=E+>4j#P{Z4w`{}R%JXQFu!$*IDXZ7uBP#g}XyE?Ou4bR$O^FR9qNxv$*kGL3h
z(mQ{|?5yZE#QM^874Xp}*-1a#*C3iVU5^EVE!5Y~p6WJkgYT!KUF6&WX1$$Ad#rVT
z6c8o;c$+<!qrs>+t@4=o+tmD)qlbTb^w5j^0NFdTA{W~CF{iDEx&lxgyo5h)K;1_1
z@ekzv;-J%tBY5P1lR9g2V2+}z0%y@PA4`AsJ11By$II0;_VrGS>YX)Ci)UZ&v#+;h
z<Ild{b*=kJl98h`!a?Ds_2M-5nv(fR!Y3Cy*UaTuo#R-uequ_aYnHVHMQ;oVuHMPh
zY4c08!-7p5m#I9*N_Oj^WkQt1T9PHV$wKD^K{M*PVus8+>M~EeghPVE>&wGJC=P!W
zmr6MF6k;Ve;&K6l4X@);cvFyp3pYlY*DUt$i~aM49qdxSo0enaP!_hNH(c%d@V)j2
z6Za$eHt(>XTsN5@&G;%xiXm%SEw)$S1jpp<YVvt)s3p{_-l3>jTq>bvNA}kCm9<Rg
z^@$vJSRmyI9(3q3v-@;*&v;<;!3Tdm_i)>&mo5<5E~KSP4+A_irPa=>!l|mEv$ah~
zjx!{|G^&TFD+b3l8!^>86#t7$CH&u4f>(Pu1a6YPBjJ$5WO(6@i4ha`W5F?Kj?Kg$
z$14XTSJ;!T@;a~4X|#sD7ewJ|tGlBs0MFE!_xLMjzQ}i)e@T@}JT)(jvKxQE7Xq3_
zi)F`Z8LC`A(t<Tuo>TRu_}#;@ACB#vy&-8D0nL7&{q)11qL2ZtI;F&%XXsIgxY<JA
z9#Z(xb0(JwRrEB$Ww65XK*A9XW$=jSw@ea|9L?0NTDm8v&|-I0Z@^v&X_s^2sp2wN
zJtzKXGRmSy&AMgeEkY<@A;Nzob>Z594W(_iqSvre(~upto|i0v`J~uNHJ;;9FrZLV
zAHsm;+O`97dbVNjtTguYEE`5$p!{HC>qPoA?Tu;qGm1P+J;=BiHLm$qSe2gb2UU1Y
z5ykp}h`c3=g2+|NMtnBRV(nV)#6irQ-3L3@$L>C$vzW}!$KDrO@1}ns<Og>*VSH<5
z$Y5y+W(ZUAu;c|+F2aft4=YKgCF<NhiUcKhldCB3zt6~|Ub1Hm9Z9SyaZ;_4ti-93
zBJtHT>ra*CcBP}^8gG-2fD7HQ``~8V7GD2OG_W^?Kr|elH=TL`a7&Xw%dQ@Kd-@8&
zLxMdBnO?%|x*1c|6_S6BX!lTKgXG$c$$+lxJ_osL1YUKJ{|PYr#D~~|CCip9TZUOH
zA|&#xBTH7*p&;vu!Z+r{SMQv%7F>l^G432%-t{Evy5F?Exi!pCSv@nV6SrGorVq_%
zAJ|!Ga4&3@m1UXLSI$}BEL#@k2QjWPqIPIl8vcoE*rk!~ByWGuLqGN1z)yBBcGP`H
zdkJ*j7bKW3T+buZv~U|89~fQ~CIqx&ELPYNBD+t1NSNTKAO7Ue(ZQuBbGSFeYYLUx
zd9H0Da74v49h25+-n7~HC`7)Cg0(lKg@5XcQ(zNr)osVp^9J_9y*ZoJG}~%(R?-t#
z!)^=F%2eAXKDU2`4Yo_b?OtPK(=%i#y^f(pYmmuNB~U->(Fd|1a7Hbq?pf+T$TrMq
z>VupkDKoqGVi$#fgUo9^-nISA?t|GqdV3Nk$^07^zYNJV^Ajp<+|ct$xY)w^V(2H+
zDD<yzEV;XjFuy*(JnR<1e+I-LAGe^Beabq?Gz~#vSE7GSP0kR6>i*KH^2yGqy)$;b
zCN!YC@X{VQ)OsHbOb|^?)wJ5atOQHXTcxn5&uW!-Wni$%$vo60*`dn(*8O7%>m&(!
zg+T3l;plM8VvXnpMt$SPRW-aB#duQ`S-yVcqM*s5CbK7iVkfy#{dMMsL*~2O1af_h
z4oF|pU|xTEM&aSNsCUYY+7hQmQRo#_9a82B<nT*o;(}oI0~E+EGbLHtoBewVoHYb3
zfh5Vi`~yO1sW)Uk<7P?XV^GE<LSfGgq1D+v^Tn@z^{Y0*j~8V}7VE(kys8M6B3Ji$
z4&mZC9JZl^nkzS^4xqb<5!e$q_O1bRcr+9N8ykPrqJ9f7DT=9RoZO~R>0^Vbc>=5r
zJjhx(UI*-a+0>T@HDUMFaNrGr!n!RuMFFVomUKrMQB74VPoo%Fwf)j?+u{+=@<NXl
zdk>#z)4ky}tl_60{&lCLY_^!;8$wb)9JlFp)e*SY$y1-#McW8tP6V;4$u;*h$7+IU
z(?Wk?YmuRR4nXD38k~NT^7iaK9s`0xBPB@+G9?7N4o^K#K%w#66<6mPAajypSd>GR
zfXwO=uK`Q^EP=dV9m4_1ZMkF;g_{VhjZ06|6qBt*We75-TZ&ZOkl`%ZXqGspCD`18
zJm_K+50@6>aA?^~`rpj%V}FE>5gJCC$B2I})TAxrkh(0>t($t+!)PNH+`BG#?Z(4f
z7qz?Wurt&@`O&1KyQLWo1=|!=O{m$@if-tVD%CtDHlJHWtBOzM&e75E%xOTeggGC)
zZNU^J%`zoktyy}_>R=TBxf-&bIQI^f<_XA_U}!ew-{lFQp=#MxwSPTVcQ~21tGR!N
zkIzVQbxrPZLMv5jCyD|h@m)Zj&ZVe#o+V24gHFxVzcR8zCerj<kQv8mlFi#S1rLbC
zbj;F$=&QJR@>r@*>4A9eP2|V(kZQ2nLC9U0h5OxQ&|(E6Hl_Q)FPZOh2gz{u7cBTy
zIQMhOIGo*k(a;^Eiy&dJn2DQxV%&d>$rCi0b9gZ5GtBINxS;<{u7bJW0iLDj;COD#
zfQG`D7auTn3-!byb_d3?pAs+4fK}2)m_Mj8^TiOj=3((K@Y6Kt8vVOFSsipvgtCic
z&*_)U?B86#1?v7l<SG10fK?+v3DB`IofIzRUN>0#A!sBFFaRb56d)nsD8YZUPbwd;
z?$Xi*(G{Rf6c1wp4Vl;o%2euxau2M`JPs_GH&Gg4iIkTIKg9RSPm^nZbo^s{XFoE-
zI0CAt8~_vGpat}z9a=w4@V%?e=d~X|mgc^}vM!hh>Qh`Ue6wK`0+yfW9$I*M8YKyC
zmr?^e_NiBqr1)zR4RcclDFlC>r0e*S@d)#M=FdHlc@s3n5MJ2q=iVjOJYPskyKTDJ
zPM{ZHqH{tibd`-p2uQ;41=ol&W*TG(@|ig!Ng|Xq1vi<v*$p;9ISSn%2gU`9LrY(I
z5eO>(`)qdKMsr|AM|T{yc7&bG^MWO))ij`*=CDaYKS_1sHHh^n$Y_7u7$^=1WrmC}
z@e+{ELoS|B%*@Sd#5g}j&4aE}m80jYhS@2=2#~#Br4;^I!RaXuFDa!=D1}o!@oAT+
zM)>qSJfRvX49{+U)*8Cb>Clqy47eK27X2Fc-Q306Zg;SFmyW-8;%M@kE?I6#9dMEq
z_h7wJhJ148_zD;fET(^8TwepDMwK^7P}xN`jvgW8;&Amzukb_8b|87s`Ck^KTN^`%
zP9CTT(A+&nxFT~vivw*6WGj?Q&F;U0bs+~<ubw%@RwCXbX}WZpQ3JuHwgIXbAaO{V
z>qs=wKS0F@#5T&4kRJZ-Cumt7hp`y`_|ROXd66lrp=uB<pWuH7VBp`7I3Xpyr%-N|
zaumS!Hl+LhNC63&?ZA_Am=&62E}0iH7Qm0+vk;Ubs!Y1*JI7*Z=t{@EZ6I$TFjxuT
zXB8Qo+$HJk&#UzQOk$5Oj4N#q8kJkomQ2f3Yszh-_t~)&QExupqH-rc-Xgz5JIu$^
zX4E*w;^{6ErG9@}j_q+8_0tx6l^OcK{BW2hU{aBQ`32tw9+IT7E63JLio|L{Z977f
zIG%5eZK&QkIy{<@`L~3DAK?%qchLf+CR3L0RG@x6#m^sUd@s;A<vEjxIt7970g?x$
zg%L2>qf>X{#i*9GArsazS>2NAIV_r@+m2Wbd8wgAZUcXI!WD((SmU9iVTe2Q!!cg~
z;&60jf%E_c*T+&uzXwW+ZWHFibXY$Xuo+~WtUJ6#UF#)~iK1z1W-YI}6KBylftM@L
z*+=o)ov~>SAC6^gq?&0A!j@{HH-v`f%~fO|CHE%xpHl4<=`W)|O{lo00H58Hq_8Ex
zjG7QXK(~Jx+7Y2Y`*Utn6t#~EiyTGvCJNfc?}Nh}$5A$I)5(*O!P6-4y-r6vHY2-e
zYqHH+wLMT#G8A5{?SVdUR{gHX9y<|cX57AV6VLZAufa0?^2NmcE{cDnhl!6ZU*ng?
zJ6@8mTyCb7Dr+lAwj&H<EuLJ!w}gRr7o6%NxnqC+o_UAYLIxMIJ1RZ$OwYzsGW65_
zB=NeS=&3FdgVEU@5Zp)R?eF?44uZ!W^TTHW{5oRNh%vzc%}^sUX>G_X&a-R(cAWkL
zqYo#3=!2^1qP%1-$z&Q(o=)%1aS~gILYhcbxt>earv(!$%B}*^%NKMG5yD{6-3b7}
zD<*%HJgr&1Cjs$N#_|&vW;X-_VmY_r>g3RLMyAtM^gcFcK>_j-39_3wKTW=pqo6*W
z26vRly!{<g>o8x!icD}9>zAus%!s%ckkJ4C?0wsg<3^U?udru<MH^d{#ki96VsgN1
zyQb?lRb_j6V4%U2n3?R7L|LRNU4HW0e!zde?f}L<^mg@r!oGF>iN9py1SyFOQ7KX)
zmC7suc4a0hkrC&9PMk{x3>$R3p$lIbDF!X$4i31rI^QX&?JBgCi)A06a_2}Ce{<Wp
zcANLRIzVQT7Xz`eg^>&=&=;ySy7!fC3TlhR#=;{g8T)Oe%>5%_J}Ee@ot!yRoaBFD
zk#Me!lX#LA*)PI}`wLtKUoO<7R2f1)TL?n^enEMoWODUY6Deaj9wV44o&+YgM>we#
z$5V?@W93QY>_^4dWm5N=l&OBa|42jax|%*`BMORElDq0#SPC+T=dWryx?SITZu#DT
zIG?9$tsNWc>E5@yyHC~O(#~It=MR744zkfP)+x2I68<$z+jUGI8dhx7@fCG$m~!CM
zUFv*mg^DWvR-!DPbfTu^BD;GNfWBbPMO*LD;-D^roUgljo_6r=WDt%PLAJCgU6mnj
z*{>o>8#V~H10fUT43UcXMTQ<2E3vwc<^rrbC$1+akf>CFC@Xb4&69odOKpFsqHF~s
zN;jB+9n(s&sc!N0?Itm~4Yu7bV_mc!V)Io}ysypoA<_?rxlg+^d^uV;*NY=+yWI5D
zR!I!m)G}~2_po+1%EbpNj#|b1JD{vL;aU~WcEagJq28#===SmLXO7+v7}msPr;k6F
z80-Z$JJ`PWw$|S@5P6so;R1hC<)~fv4c|6xHO$sZ<ki^a55)rO1sl&N!*~!CY4$x^
z=TONY)5c-ean#HfCq8j}?yB=QTx5BsQlb9vD4_?GZxv~8qD-5F<LK*sPeS)v+j-KJ
zw~id7yVOu3@&;H;+^>!WJQ0Y31UJq;X&1?C^0nq(hvSP;H4CC1;5vWT1Hq9>5iPL|
z2kSvK&7l_HKIXi>{`(;SyjXpg967j-N5ktR8SZ(2xYyFoC-L9|$OTQcvs#@7_5hxJ
z<<x#)=}b;Bmr_C9N=#oz4rPMyD{NDB%eFXd4a4`O!Unq;ASGsO@*F8)uEi(vd~=z7
zBb2|I#*+Wj@OjC2niYSEsWRC@eO4KafyuGqwOQ^40*s&%tvLRdTNx!+u}p-Q=g2?K
zo1{WAihU9gC8&rPBZw-E@rs4l;J<n&PbyyRvZ;jJyYEqV7H)SBmDDCDQq5#a^YHfb
zIGh2(1o|MedA4_*NCzvNMA>w76aU;so^-v4%~d96n)b3(YYcxSve|w`9UXvd-=5CB
z#Re)RIcXASxk%E|Xg-Q$J)kUth5l$_xzkxJXBejf$U!t4D<S84p+PNE_b^g~2Jvm?
zc<$<i;UqM=M(#T)<Uw<#$$W<aB9Dy)8r2bDX6UxRc5rG3j_IOm9g)Q;!fM)ra<S|g
zRPN-bsrjW737>!TUeiSsD$c*W6x_al9d-vRS{{wJ9ii9hGB)TpAREX!ktLpMMJzDL
zdp3-l$OY;$V!LX@ptinnvj{k8vGyo@J^wh1XWA^ff)WA{2>F=q+h70js}ldK#~gBX
z)1nyKleEO#Hi`Z~(76F`LgW@@06%>5NB>WMe(~D1U;KahrR{$6{FVR1yVt?{@9nq#
z4=>}vEJ>5g?1v)vSmAPDZxw)dapWuY`}tbl|Ih%H%tl^79q=^Efpm`}*TdDM7R8j@
z0hK!_=e-d!7fNrEeHV#EB$FycnhN#|D)@xm*F|exCLq9x42YIlCoo;2E5jRV;f;NU
zoiD?luWo<5eb{D^a+W|&?!tWy_X{+QB6TuIg;@*iw0PnMmVTGbV)4cA!jTe1YPa4y
zRQOJu&=gDsS$->C_$nM9yg9?FHO4r~AP>9O&GtTB>a6nYdbvUgcLN70y^^tQyQZnc
z5fu@#O|De$JT41sR}mt_K!rsQ#!--dbkjaHr^SDpj)9|g%Ufylh9=o22DV+_G?eb!
z++_wal)~+nEL9V?_##<KL2xgsRApQBoqNBaA_uzN(fLkdWzTm)9jlC3zi4amcCcR%
zGtd+g8e2#?bNj1?8t^I$e2#3ccFISVVYzm-H_u7^HOI%>=pspq=HGAJTmit8mqw=)
z*kymh{*Y5!w?zr|cP$&9cT4a#+y4S&^_$Z@)3d0h_;Hk30mpvz2*&k<x>ywmmG)7+
zb6gF6mX+<f=oI2bj^a$CaNYp-x?@^Cwv>5qwYXQnljFV*n01GH+p&=&v0TPIvRzK^
zuERW<lFRi<?A?@KiAr|XQ@gI{d=`z9?bUz78#Gk6aL~Lc{g5S7P+rUK$A^bVdL7P=
z1R%qCWpb}r#b2Uo&-HrdLP+?mM2`RKIJR74b@#_{^_wFeA<R~LK{3bmSwNItai>$y
z-44%+(+xQ%A{l9K!bvpJp30Uw?>-6BrRsIm<B2k?<3ODV!#&15$5fJ8Pk8F^Xi9%}
z2$zS5ldDm*-&o!bXzA@P8m8MNJb|P8K_Xj(AHj*eJsKry<=HWuN`LW$vH>o3nhKc$
zQ#gP7<*&JWJ<+bid82W}gqpr<T54M(opA#>N|jBmE_TG#S}Xp6$i^BWsO)gH=$4P%
zA_8H6R^I$PC#{8n`DAaaa-S8S=YoHzC7t&UGAS6PWYTh<01~q&Is8)S_my2MOWuVD
z-~n+e(_iOnyuREdY!QQHi96lmnt!$D3!4Pv{$CRrVc52hU8F?bnD6NbBc&@wRUB-U
z5tTb9`>6?;yqCc_+00C`z)v7ST1$*>>F8*6V<A!-X+p!aJsv2>tGZ#i+){rkj}2@%
zrHR!gg09{<5wt=ls}4csz`@|_A6|w^MNd7Bbi%0V$m-t`j)-d_-S(@_^$ABi;z;Z>
z3$OA6ffAM)U<V_QBPt^}CF~$in3$f76K}*$t|yFu8rCYf`tVS;j+?foTLFR{-U-;r
z<037^aEA-nAcPm~R|P^NnCpL}!65saa5UP|E3d$Mm*ky(8jHJ^;wk_9PhweD5c*4j
zt_IhkcxRydk{&iKs0ZL|0>S>&U~hr$UJoCB1c$S~#jEKr4;mBi4!)Tv%Yd>^40f(P
zpIjvK$xwScht7bz1ROi%o7>M9vPh@VDh?^7vt)kHuvwEQ_YV{(ez|{Fm<VU@=z#K%
z{~N@@(1Kp;Z)UL^67^1Sx8U?509je_vszn`Vd`6yLG++($zu}*lvNMd>utr8dB2-^
zUxW|f045v^phbE(*DjNhu*=RG;LUJcg#ESRhQ?>NoAI{$*{wvua*KPM-BO?0maQu(
zE!;4?0MjZ_ZtnD2y>ow589y5mJeHk0pc&XrgFKHr8qIH|zho*ywoP8qVRCbx*EW$2
z$b_aFUqF>?&x2vpQ4~$v2=5I<NiEaE21KCB9EXXcQ(TRCv?9t<tJ5!DD9Qtwoc0U)
zgyfb%lIIspA-~`W%o$nMTIW2YO~sR;*S|Ejn`k`&^MDb^Yb<|9NVsLdSg^;1%NnFD
zHj}G@_Put?C@WXK!`V=QkuY~mhdDMC?%QSgn?=e3@4x->pAArt9oKc4JW?&|7VaQZ
zsGP@+`c4ld%4G2F_A^Xul9P{nET!L04Fci?L1@4I^1r@`udcN>(d-h&FUynpCN#oa
z-M0g*G(R;Ep@x4`YMl32#Y30)kP=-W;@fwQz>6f2j{-w;K?1^UDY0&^M`vY99b6}I
z+B!PhDUB}1nl&Ir9U~g((!MDBXCCvY=j~w%e|ehfZu%4`5k|zPod~hRMV{xiI4y~@
zcPN#m>g}(Zo}2NY?%&U66D_&CggI{jKrOsf10}mMYBYZn*f?vzBTytreWF<Ay30Lm
zvg(ZE!UL?~k?Ng87YUSJ)#N#w$+<KudbIbb)%L48AB2Nz0h7H5xGP|Q@33}$(PlGo
zDok7Pltv|3#GxKHls4H0^yIbqs@|$|BJ4v@A1ve{rEfKTT*cR(q|x>qWPhS-&2w!i
z(u+REt;2uw`|s&xIDu4z25dmE={vTX8Nv|r2zRU1p<f~!RQ)6n(ZfQ>04E3|<b&qT
zg!FC{#4sG6a#KkeCYFQrfGBAmRZv%W=_H0aErr;g*8{`uV+F&9VB(?D230M0@F#Lm
zZ?BubnZ^6$Cmy3n-p%6Ke^U)dUhlQHVbAI&ZwP<cK-MACbQuep6u9ezaM?*@-3_kX
zxtFR$icBJ;vm&!~&vU5nK$E|X`^aT>fG7@XM>o`LuDI00=5AEGtXNkY)Gv>_LhW*P
z`&lT#$w25qA%%;f;KF);_5Mu*;=o40Ozf&1DHzpVqSVgR0@V;2lhxK0?hVxLVkVWj
z%PW7MS=@=jG_%t<ti5>+ztrB@cuF%!MhT!-t_xc1=a<u;7uRsHx%6ijR#v*Ul}-v!
zKllv-O}+|0##cb7vg##*!~0Qk10j-Wm|Zs+twb%x4cAao-4XX4*VY?IgB}UD{ha#~
zO&$SF*7ZXD)4TWn%O8sFoQ1RfF3Ns*Ck%fHm^}8w_XNL>$I%b)&zo8DF&;*<^oLj3
z)E&j*D-8(QKp44(TA9R|XW1@2N#GN;_d@OUhVk3@>N<Nm5Kh*Ioo(dDD<JB*db?5o
zg%OeVA^Ic}EAul;?NxN6$-Wle_pjf2+V2T|dJ$(|<*n$NI5398Oc)qkm5|gTrf+}B
z<`*Xkd6JL^B5vptEal=vQ1!>UW{O|3gnT!R25~rgBdq!7kW(!_c9N9^Y???qomkWi
zm^y2MGl#Q#c4|(N?(veQm&`9lQDOI0g&XMcNR~&y^<k98vuLPg!rRf(Pm{s*ESbbV
zhq42RtfCO#(&QAeK{6TMIWYpcl(K(S%FUNz90~Ks;Ko;*AoFF)J;*}QEp-es<_5J~
zIX(L%_fB%Jd(w2Jz<d2iDdh&EB+X5`S#%Yr+3b@BbBB^fB}G_xBg~f*yUPU35HW2f
z>s2|1*nxmc2L>ksKDj7sL7XTBXG4<mqHO_$CpEYq4`j?eoK8od<R=F5C@Ft!G*Al%
zu48*x8K{McuDgb8g?fKtT8+7jKQ7~0n!Si8(J2c5&`CNx+tS&9bJ^qk%Q7Xu7#p&F
z|8K-^=~BY|G5VzaH|^icfk!tPkMja=7zM5UUXF|SN+G3sNk??bxTWSy=zd^2rgOg`
z$CIRcB-ZD}nfCtEG&ea{=ih&Wf@tA?p!HPq!LR;W_~e<ELhtq)f~EicU&HbAzZaK5
z-xt>#P&X&O&XL-<fHA|em{~n?thH7*XVO&foUGMt^w3?-(4*S-Mw$N(T0W$yoa6wh
zzp}O_w`w5`vuy6>U4+w2yNII+)IrM$5VxP92uIPJZA12tANq2<(l~$2Vs#8<yZHT=
zN~X}F>BqUC)p(@MlKH67F(-1l<5I3j<tBNWIj~zLZ?4-M#g6t!(9~^AuoWnoEX;Oo
z*Fe>z`o}(S=J`bEWI3&RPf@eObQOE@30lUsVcZQyFv1S^Wu<JHAdwT8u3fF4wS44B
z#INDAdM9sXlwaD2&(nW+iR5N7N<wHeDFjKpJ1up(Rv@flCxk_PD{xIUTB^GiH|!H(
z^+;G%ol|!vO4O}m+w9or*tTukw%^#cZQDu5wr$(S+2^}Bs2@<HF4h{g#xv)vI<~a@
zOyPGCklU3Tpbavs^p1|WhE>Sq#qz&J_lt%Q2dX^Zd35mxT|$QQUiU_@hqQjv9n1|_
zI%$n*Snx(T-@5bhR#jN5icv}Aj0&s6#?>4T4k)z(2$xr9mt-R45#XRV5$}qzy(F_K
zE*XU0OroqVi**!jqD}3z#Hihl#bBhd**&$J`k?QW^gK<K?#jV>8~u(z_|ks(U@X5_
z?9L3og3lENALM~;ir60S^$0SkdI{71oWHk_aFV>`s-}J`XGd!vSOsOn2gkFT9`-oB
zLmiX?Za9~7Z6dR42z?yy8DV!p71T8?F}P3<Vn8%Cd6dIqdLsr9GjVr5kFvTMNB)RD
z<5%xjKfHJ;m9<)Ow$`>1us9kJ7fD@=;^<S42(kOlm~qR*FK}Sb3={v7^mc|5e?9E(
z{IdrVzRFmd>mhfxt{4s1qrt9pCx!b@O2ujg1So%N!7sL4^N2Uw2pMU+S7bXjYgL(F
zkk{hRE?d;#A9TT6(cqT}*(RFYoAQh`Sr(*of1JNO8qohnll$AB!E@QMm_l*Z+C$_n
zgeH7a?u}^<D|7WZ|Kj8$&iz9y6TOVJw^jdxK2FaB0_)Tqz!uCRU~$Xn-)!D*GjD<b
z;N>5=3_`p>?rRsv6L;I9N3E-4Hmm5r`-==b{B>v_a-ajI9r>|Az9frPP+BDc0c_9S
z*GTF^;^55qMJCj}WAHvmDF+O0#2xfb8*|cF_9mJhxDIl4PYrUe(l03uYf3}a4bt&i
zF;C-mo4gQg$}7VlYUNcVFSD39ecq}7P^BSL@o5)P#ix`ReF70~g`t_m!_=N)sq%ed
z!<7h$P|~|>c=}PdDPZZCvKzqG5KX`n&5~SR2U>(+rL)<D$#=<v3^m=h)I3TbL1=nL
z7m%KFuD9Da^^g{-Yi~yO@*Rs~$r>gget+MFTQ&;g=0Wk-&rHBVfEf2-3pa%Y&{ac!
zo^U~czFZO8EZ_rUi)d8q97_gJq}^9e>w|woE5|UP2k%9Iu$zwStZ`YA#htY2|CGJ3
z$rq0|+gLKSEJIimD1_O&bQC>lb$?lBps?Gsb{Y+Gv5QW;XqyVB1Vc014kahUoGDun
z6GVT;903Ylzz+u2Gh>6FlP+TcB|1{Dga5Ac6-+j`j;)1H8IOA{RT+!M@@)evyiSP<
zs-CV-sEJYhZoi5Q1|=r#e%af#84^S|1`hmC5$<)bm<th{8<F=rHJ_WT?&~>~KiBT+
z5$<@k;Gw|AZc?tnj__x@4n5v#>Om97&yw7n>3pI%+i?T0#m1LaS<u)47$2th^I05S
zE47C-1<_2lTv7ZZMQ7AfS%2!aurjb{O7Ypi*mSj80_1%(DaZwJdh>=sIGZT6-qK7E
zhIjpOxk0n3psYpsySPGMipA?3K>I;F*+^Lj8#9XPM2R?Fke+eEb5Sdxm6}Y2&1=$W
zLA=@>kTboYxC{dht3b^G>9Tm+sqne-8f&rtDH(9aoGe$8d?K#vJMGW}gr&+?)Vk8a
zab~E?S$;0m?JZ)-dw%LuH&p)HTH$tnRB)#?f;xzqJ(Hqk`(KT>&r;|Rs%njU)Ub<)
z3Q)XBtr2X|`Dc|CTNGQbaJr5YR<m>Avq<`;&2~kv7o%i7m}ydgr`{OKOU&sYfAH2t
zle6=C+KoOgqg1Z`i1(pE;7alYs;C`D-!9J5lF@5Z9|QcwGA_T!^yqGz!|<*m%4<y5
zAErnFT2{|na<MBIG|!XkECzf^x*;~CNb`+U!;1CLB{MsNz`qXq!3z*yY*?E}Q@Jz!
z{E3d&>!hI;=NcLSari!eTO(s(b=C&qgpd@A^IQWD5pe^QD~FM;n48xJQ@a5h2VNNj
z{>!~A2ex44L{a)r>agO~Z@094Gs3?}sofKseDe)N+Q+`@B0c%~o?ztF|7ZykNd5|d
z6RX6@7mDSSV~gW`Mn?E^wn00ohvfiqPr-?(&#11O)NLgI{OReh;Vqz-yuq6J-_wWQ
zlS813!@fBFeREG~h39vApnQWV{F`Z{!pqSo8(*g6!VSKI#ClhxpVyqn`71TcaxF?3
zG&69CA}@I$18eR%VZbtf_YkCoBagyK>3}AWqngMR3U5@wsCdAg%}B;DA6B!9i(7No
zn$|{yU0Q+%*!gOQH)5wqvg;|9uYk*Zx!FLk`8VvIDY6GI75pf_R9fPi8{)y-lBuly
ze3-ZqDeYuzHG(_On?>cAzhTOOQRZ}H+GMK2uctS%z1NeD4q}3O6fPgsmmGCzKEAoq
zR-A6>flfEHZN}5pI$hqVb$~KauX*iQw%36yB@I#xV8`ZzS-hf4#+xbJ$89h*#|R-H
zr87Nk`)85nfb|onpA}7j%<#maXkC;sdIeNu1#L|?{}~MatT-x$bg`=x0Gf^*4XWXD
zXN4h}^ab4IIX;})<uNKY|LntqzwP(u6yG|8_sJ1sgn^JjyLqxB_GADp_2l-aL}B~p
z%%@Wi@E?0=UtJ_$O)%xYm~Y-!iiA^&$-EjbM_e>;GqR*F+b8Y%&TgYqgFiy4G&~&$
zUbcj^B?_Ki6=-D$<L(ttDaRCADlAn;Z;sSz*S1Va9uRIFY;*L><^TPN`(1!q1LLG8
zE5$Jq`BT)Y?CRAkVvzS~`Qm~!ZYB)~IFWt;2xyer?rr|FB(Ue7J+M0K{WAq26x|u?
zL>tGmj|IV`_Z$+0&7~HAOW=p51YL}peHbltwp5R#0E>91pQ*r#kS`sj#dYXRD<a+U
zb!d`{H^ZYDY889{Z0Y*RnKj(_hcy@O)PVyf=E0}At68z;?_2}jLVY%z=Fl)k;BfL8
zK&Fj~R*~_)7{0V@;G=3*c=GfyQ;sU%Pxx8&+5_;JOhG~GiftS0HY<>y#~v`?59Zl}
z;(#rz%Pp|exsKW0lpTMWB8PopdAYg5N&5uW>;_VJO!!SLleKhXp_lkX<Uyj3q4%-w
zKebpa@`1~`+7!+Koi>v<>qD)mCdH%<fS2tY4+FfJdQ@VRbP2o*#no7Uux`U~EtcQ}
zt09W63J=E{Jd^?wL3xc%K<7&p#F049qzj0?V@gCo`f<uto-1CC!Um008k;?=&c#+6
zTpCr0P_$?0`DA80D*fm1F@9^f07JG3v^RS)HUinow(_!@OssDChOmIDVvBhuzzlJC
z8qNQUh9fTR9*iq?=?%s9F}xGJUZd$H%s!7@bJ1{bv-}zAk#-7O@!L`aE~hIp_pV-f
zqJ=6dVIoH-`Y7!PmZsaUzI{Cl42sIW3SVC~@&q+7I#{6A!Ag<LmGOU*U0Obs;K2Ml
zHIJsK>Y$F7t)K&-d)RQ7`y~?qQq*l2@9FAM^k$;{>wmEj+Q8zhIb@?LR*U@RdZM)k
z#r(I)+$bb{cvh-;#s8vh=VxEfB3V$K?a*Z#EXiGfLq6chH!LZsO!@sjQ8qpt7*;Gf
zi0MX*cJwuw94P_HWnWBHl7>;(EFNQILZVjikP8r~-Kn~hz=G1mMX(A04`3GzFSG!c
zOHG;|ewGYDQHmcCHnx)CW^Gwl1J<};a-d2A=LtsnFD6jkDX<ehtCuH|zIq{Z)X3uI
zY!gF}vMABR7W*!Yz6oFC9$_JLYQ$u_@NtDs##sciLzFsb%Y>S=M(xfy=;Y7}<Mj6V
z4xyH<9FMG7hD@R7&lM}+NO(BuoCkE6DLq7Cr@l^g@jP_q6!rQ*xmERh%W@eHXb2^L
z0V<7JZ=hLHkCB~Fc^DkCoHnZbhC$tJUPF=UIl{ckST`k#Y@uc+p;%joI>FAp7X5Eu
z^JRkEb!#RcWZxH?RLC?KXTY6w(gpP&hS|YT6r;MB_?ASZ;Sv-;y0=QyjVsF=VY*uZ
z=>C<0)7$F{%{qpn)HgW@>UryRXJdUG7y{lIuxm=M)+j83IR;`~Bm`AQFD{t@+Y!}<
zLG&zhfdW_r)I7U{KwICiARD4MqsHMOgIs~MGLB$~3sX=Oynh+w7L<;zqcH<Ad5AU5
zhS(WdFL51R-y}ak2Sksr<SMq`#Ml2hM<(6|2=ahC_4G|jinEn&CS5PZ+`X^B$s82#
zWwG;G+T#JG5C%#MB%wlo$6HqZRWo+y-HWY!Br~!~4VJEK|1Y-|8eK)-=l9KY6+|-C
z+K_{6b#@rT;@(o4B=xIkhBxRN_|Si}bJ4`k1tadD@No<9_HsMyp%uOlD}X-oOl{li
zZw!;V2gS!CLykI@yhb+M39q*JKI~<;20Q?Be_V1$6O0PnI<UuuH$^d@QF=U|=?dZv
z0yGYknq&eOuj3~CSrk(dTkM@H?r}8NJPO5Zvd>HeGlRsnm}ls<;=dXEZno|TBDCJx
zsJqSP(Bcm013hd#C6T3N0Byt)I9+>Vn(?&lH%%NI;`e+VWoQ$A7+UKGEsJ}k*rT9_
ztCE;B+c)LWApb@XW4uc-NN%VvrnXrS5x|{V@$He!0B+nPy!Vp{JJ>Ec)sf)PYp?j~
zD2n3i`tA-#0-ZlnMt|iUSa+{E9Una}Cga2h(b@y79bKDHe^XT*gV#uCt0mhUzxOwO
z9u%fX)m?RiK56s#fm#5vN8gX+3(i$MQa$II+AURQB3o}LblQtLqGh5UdVzJuuQ>|B
zG3)8IT%-k)^6cdb2Gn%W_^`oz#UE9=QWLS{U?3FE*wckw6xfR6KfW$r9>J1*!A<Li
zz4HMC;K|S@T0Qxts?>JX$70FxMxbXHxf7CoHO1HsNQ`*moXqxA)0OUA@n*OyR+(&v
zjXlomEN-07NHwh)9r9(i@|sTS5ew24qnPjqr>0SwHCh+J;~yw0w@xH4U1{Gi<bQi3
zn;f3JkV1H2C=G3sudBd+`7T|p6<6FC?6Ux6uU#)DII>=<*w&YI7QwDRTXyvz>oXg|
zB}uEf0SU_x8nad<6irY}y47q-Z1A&Y<r`Z*^5^diQ3EFW^jN<@oqw!uo!h+TfgJaV
zT%|Q}kLYFKsCk+kew6p?t5?CUz6<MaS#mlzW?XXh*gfYDlxoGKT_=VQxzm}RHva;C
zJ0Ou}oe4Vd%;y-4&7*!-2Wm$f#=SfRcx4)j<ZxH<2cLcQsZeUPKg@{c$MAfXgp53=
zQk-uVw`4KMwH&*Mz?Vr7yhAS;E6w2Ew%8ID4lU*Jo}tFv_rHu?&}SkOl0)WQRt!FM
zUVVdkOh4fuLvPb2))1~5nz#Jszdisa^nb!S+N*q5PsoD$|14(V+7y%=)-hjQv{sQ%
zdJ8okQF$Qx$K1@YV-9$b#&Iur!il!bK@iU_(|RBrIo46eUDA#W<_0yd(1%(ZZi`EK
zfv<uZF|UU?M``wfm@KyySL}3TY0#6>;)u#f6)SfoZs&F)cSe!6@IW-dx48pO^RK%G
z9*L`cP|brb$)(rPes;WxroB#(3cWE%tPp`#@6v13K|QwP=le}&x_AJ3C-g!dt+%Kv
zlOAlLxv`LGbhgmF)1_`@C*QB&4Ub4-l_RK{0-!ZP#DWHaqxTtpX3tSGm!w_M04@$D
zPte@u2wC{Q3YmV6Q@$6Iso4O;RCC+0mP_;+_WPrp&yzU|-$M9As&+K8TVi`fXz><w
z?t8e{n<K~lYjay_KR7#n#G(eCoQ(>nYIv8AQ&-@~%yqeqCOow7%+GzE&CZ6IE8mDw
zh$)-1bVK2llC<;;oLbw=;>?@Ij10Ok52xBYM#d(6Z#Y<rYR*PXh)sY(?(W3FcrWwl
z*S_kLS|@Q>D$u)6uB0OuoTigP8-?3n`2=;Pg4OF?X*B`TwvEf)Si+7P;4%_%ih$#R
z4!MlQYkwl8i_Pwt*&e5l&=%rB_wc&hOVq2yhiF}oo^zrh_4oCX7PVWv2o<lCsS!gx
z*q5V#%LQ3%Ib@f$DK@}=j!GmZ4@Zv_019oCLvCpUh9BC5#!JE{R@uF1_9`oy>UCUB
zP@W-7BlRCTU=CT6$tWJl26H7%GQ?LKKn`oX3Kt{(rfYIy@&;Tns1x8nn!w&Spruqy
z9SzT3P8)08sFp*dUg2@cilEkQ-&O|lk^0D(Zvorxxts&O#tN9IwQPDrJPsXCz;Pa_
zou=K^14mg6Xr_5XAV1qC{<g!23C?*}l=7jA8C_IV>}Uy>#B{Auk&xaud&VP$5ig2z
zn6m;A$Lx#$&u0S#rfkwk{M3BqJtFnx%yIdcUJ@ZtwA9alP$zZlWdNC+e8S8xK&^k&
z9hozbz@|bu5eqmMg6lK6W0(Y64@v`He`V-4Qk?nzd2SO`uSI?mZTEUhuBUoJk%uVi
zcxv}Qd5q=Rcx12N#eAtUN*ulZg)R^TJAw*h8igcQlz!ZU8#laUQZ(3vcwq$VgZ$dQ
z^;<nccPCH9PK~gErHLTj8sIC9th(<z+YZ{u7&chY8wWgpdK0b2NNQ%mh0)bX^2ZEs
zOA}%Lyyx}CQK$=JIYM*b>x3Od1l&x1<s4sf?FzI>cqRmgiASJD{zU-W%PhyK?#jg+
zE6!uOMBaoe*PIUF)LP+oS5E@av?7DuJ|Iibc%$;oxkylu51m?l;t3hrKvtDX;{UbL
z3wG4YqX6KYn`El@MZydDMl22ed+l}H_3wlV#_2_V*->v4j?Dhu`1QD1O`6|7b$;zE
zy3)dK@(9P5yy!(!Z+UAxO}AO`qrXcqmchy|Y94iVz?QKmjw*<qC}Psla<j8E-~jd}
zG>cydgr;3No|9NReS5JVIFoOQ8^@d2@XMQGJp)Lh#4Ob1qUGrvjnvxglJ^~MJ%(df
zy9c~D_*V@>kHU2ihHoP(viR!A;C-W&$wDCVSL;p>YkMt`zccFN2+N)qhx4OfV+|vW
zI`pN9t@~^Q|H6eC#nO>6iC0)_O;x@OD!$bnP~#CP@BG9$U>g&JG4IXo`n_9&#w*M^
z$N~-oHJr3{KKz$UpRJd92TO+(P%g3hgDV&75~{rQY;`)lPVdquxG^>5U1_!NeQ2`6
zC#YACn36!FF~{+eMD9~A3xvvT-(m|?U=&VJYjG#K2ZV)67Aa@CJZV42ZIhUF3BHbt
zLKbD-@Qy=~M73Z<e3kD>LWXrmk{q6jUjfEFzu|TCg@fiIp;|0qIw<$0QS;ZkBXcFE
zqQxaanmp6Zmk!ARX9>uPg6R)&EVp2UQ$=QvdoEI(Fg(X=6}=Mwq{dRHo6MGUb+pQE
zV4)jY%@wDCeZ=>@dC$O;F?Eghhlnz#O^nN}692JD)tc}rWM3!W>cft2=Y!Z|+ybPy
zaCf^FQ7#NUf8!ldiIzi($6`_VaPW$!%U%&mR`w%;fKGc0m?X@a-dUowLaf=xw6Y+=
zH!G_}c^u$$@h#knOP3%VshXXcGEX60=BUN~$e(uf67u~e0#hBwQOoZ@x7NOYVz#j0
z`C**Qg+8R;>M0nQp~0#yp2~Ah<pX?1F{p5vRpPHhm6D5u<itY`Inx|eH+Fk<ik6=K
zM^a;z^TdJ}={Q}FSu($7VnsRw3Ic(Q+Z6vbi@_@U>vxjqLcOS9{yLrubw?A2Q(F{B
zjlGu<>7}$?+5_o>VskZRWGb9*hQ>%G1sg~LlSEg#I%d79`F!2<=vG@aj04Ku>@x8j
zYuovB-VRb4OuFh?X*Z;BH9R;{4u0$lk>o(;h0ZXNTO8}$T?HP@B9OE+E75y=o1ahk
zo{<V#Z$8G9E;Ovh>zTvHSZVky^Szgn5vl1wvC){r)TQ^5O`C@Wxt|wmXdsTSg~z}n
z#31?Q-bd?1A4AYSq}LZM>j3A;&(=tR-TL~g_`^YntK;3*<Kpgy0goTS|E`Qwz9{+J
z87s#EU-yS8KL%;(cPQ-uf9<xRP#~OUR?%jfOgukD6MZy%G|N0m72VJQSz7|Ph&Az;
zcdHkrG;lfh#V!CxK|hm3pTl6(IoWsp-D3b9n2P6py~^9O)EC<97+^KhML5<%ncmoh
zp1dukH-ipbH^g-kN68$4DV*y}6j}DR1dICKlWpvmZiR~yNRlDRi8So^uFRoj!F|!8
z(VtAOy7{d)QNv#+4@@KivZ$}kmzq0nD=FPdwBW_S;j>Kzl~iB$WyVtVhW9rC;760o
zus_5wkAYf6l}n0T0r1!eM~b8!sVF1WG)x08mA_H6Zx$MhI-;&!Tn49R3zT9~Ggcr9
z+u&37{=B3wOvP52MY&ZUzCnG_CAsJ_{hT4aWsG9fCh8iD=Mi6Pwkg!u>YSt;E@>)-
zw4;WGB<)e0Wo|vY=W7r3j<wSk8P_t)y+k(QMT;O%C^)Yh1gxtr(^eMwy(Mf?TSZjQ
z*lNo;)5B^RLC`BpnIJ-i`9MyR<xN$=pQIR`rBV-C7{JU<E1Ih>PcWRIZr<#68v!G7
zBt4c)o}^TeY|r<fRj$wDB&gm>5Yy288l0e;aM~QVl6x>2K$IG@Gu5>oR^-(7=OX#_
z@{nv|;B)8&1Mo(=7x3-CQ@yap+b4A=Yt%0Pps8ptJC(hxQZyu#o0=~7LTKSHGN3Zf
zSdi>CSeFWNEhDEqT$HDuIO14v711*uNAICDQ>|b#TCf&-cN0(aln!us<H{ZG-;m=7
zcS1uK=`L=Mi*N@=n7wc5qeaolvW(v04X!(hxhSB*0~BST2PP6-3=15#s~~hzxwS|d
zFLDN(vVI?Se{^BP4!foT;U`KFWYe{V+{?M>E(s?>&jP||dylupW8(%jEJDwf21~8!
zHsMa%t!~qV11pt5ZE`AK+3PPX^hRr~=WI_yzvp<G@Gv;+P(|JUh5MjEU>KGjf5f6(
zn$U}d10*xt!BET+yMgN^2<^eItOMc&tGTFZ9F%Ji>JEwC6wQkjXAJ^w>?81`El{M_
zTB_6%$t=`vv!k2sqFHEF1~EvcPnX0(rnDczj<x<I@Y=?XNWl7_ory>~_qW=5C#xS?
zOybudYd+8LVq4-q##e5wfXSn+V>rhUD>!Jx07^b<<tnC<wnm;uqvAn_=b!r8u(YDK
zIC8NmDLS(RhjngnA=PejG99gmjPYIDJa>jEGwj=7yJ9AnVWbyZc?QoVG+Lu4HJ4mL
zswAn;1T*duGGjpKg_x-iQo+|uG~~3oK@wIcY<x1N7HNMR|MY}!T`~k^Z%hx=8$iD)
z0?fftW{HN>xO=bVBPnPc>}l!+%k3(3Cssnn)9q+$|BPBz2FXk<C6EokJn0sbMyfoU
z&So~Ja3rbi{e#fvtbvXVKh+E%$&$m{0TJoEe6vG6cJ3bIhz1{fCNz++MWdW@AK)dE
zb5~Gstt$Iv^*9$Lpy{(ID$$PTeLxmY2DrLJ&M|3Dv-6fpUlE|M^DAXdns2!!Xo&`d
z+h48-C%pYlR9p*)7*4oxY*WmyL8p}?Um=pAJ$N9)PaFIx?UfDrvou7UjvG)B$$sOs
z-B4XwsdZx!Ggj#ytI&O|rMh@RhWmLY&0w1XB6|kuyt>rUG<<$Rl@JS+w0Yl(2S~%u
zRnVI6H=N=(QpEANVE8lRV~9yDnV%&nN=5J5#M5iM!PU8Q7m2Z=U$Z0vJTUZp8+5_x
zmR{qnjaM5+|0k|grT>|(z$;lf50c!tlTwwTTs%h1fkV?z-2B}z8dM4DH|3?-w@_Og
zU5A-x)G^&kh9QkeeLP6}e@+Q-mrK=Of3SWU5H787?<wO-SP8~P5*`!$`KEMPbtxau
zGSS0NzR)K66)>Yc-MW(nSHWY(#H~&46sIQq<HIX~zvwUl#b}c8$g9zR5YS7D!Ao80
znXSfvT7M!WrdlwaUP02LxDFcX=8Iq)hGUb5CLUNJhwJHE!!Q@~U4sXh^n?QcqaFwk
z_s+4`E=5<f!1x~rY*F*(?+IVLiqQx{vR%By<4$_#_%-4AfO>JVoBMmqOF&;sSABPk
z`LURSTiQ8o$NzT}LOAEL;lIb9+DFzz(kn+`9cd5FHSXis4?4*cJRx-maE$-j|MJBe
zJT>@hy%b~lZ?W$zyfd5w6a{jYp~_vCFV{#dT)x(*-FwWFSM5W&0<5d2=~o>0oOCgS
zZMI}~DyK)Yl^t+Dw)aE6NNyE7<t8^JtKH_cbN`WaT)$QNb@s6BT5{mkx?*}XXI)Eu
zpk8Q0C^hjnTsw(<t5RJ>c>m!R1ip+;YDK;3+`d{I9FOGp!PfW&IGwdIJEw21?ZtR?
zZ3PMFjCFssTy7m8^gD1VVw})ByU6Qp&)3q>v+AEXcG{lKK0=cY41|5H!_+K+CL3;&
z)MhX5R1|cB3fvO@c0~kkOg+gIW}`UfaOalY&S&Q5@it>3m$+_G5#L;(`Z}ZA%5t?U
z%dqJVku!Scm@Ym6F3o4{?CfR=@8kG$;1lngEFNsqw`9a5Ib?<jG+DA{f&m}VIhy7l
z%x`Op%gbdC7yr>9pTucK-o^7p2cDxR8!TOxe3t{JD_j{)KEo*{o`$BsVNzTQ8J`P6
z9MjE4YKd+ujG6FexM+?X7E}cp0|_<PTkBVbkk>2lH;5j9VCAmW?bH@rvgKL__Qfj)
ziYZ;;YvoMQLqRn<d%MYCUSNt4-(Bu-0rKVmxgJ`BWJe*7Bu+y_8H}Y{^;KkexaYov
ztgS*F@_D>bKW=W0O)(ek@vE-?*yLN|WB5jF_3I&?8C2{M1989ttzG_2y(#2Cj`Edz
zPG+a+1%)f14P24J^|hp`%NtS-!|d_fY>iiGteF+~2Auv`C?g}*PC-9HiC3>HXoJ+D
zqGSd{c<Heoq0+KNKh|YX<5)epRjtPv3stxv-3VGX57gz3J}{tCU6IjTRjsCs!A_EB
z`zz0PDo7%We1J*3)Gm?Y8__B+_%P`7XFxz}eY75M`Yr1&p=tdNvo_)4#~2A|o_V4d
z6?a-hIvSB}2}Kh=gA<N|?>%L>`Ei1WZ*98<*C2C6ujTev*dcpu?XgNy-Q8wn71Wut
zRm`rmU1dW?nz5e!xEC}P(XdaeF4!Aj`7YnwfA!)VG*#f67z+N*I&NRSG3RZ6ZK#fy
z{rdu#)W;n|wqn?A>qyKRPbkw4RzsYrglkoZS&oW%S6r^I;>N9S;Oe)EN=@A{@TBTu
zUcsM5qs|8>TP=!t57!>(t}K)tla^|)l9<A0R2l2@0D(+x6uA=RLAGXga7@=!*a-P5
zs#=U>im>tH6R^Ksj2x-k@X@+|qMm4ecfkUfxh_Xocb^y~F}J9C)y%m07_!yfrT^9F
z&=@dzjvX>_tl*ZRo}=Lfz!v^Qsom9*`?E*+Wsh2B2UIY>A?b;#61aozl^=SU%@t3a
zK>@F(f@cc5*<)CIRnpPcb2NK@Na{_P4V(hk9aZpbFGK7v3bITdOnMM<9RD`C*K`45
z4%OaNgU<__g6vSX|7wu>lTKz(orIdah%2H65Hq*pY(88hih2RRuzuA2i+tfck$sVr
zQgWi5Pn3;F%ywh}omy*@&Al8Iez-&Gl^@`|<O1nQE}b-CtsyCOB0&?8#XWy({lGlx
zIgb3rXP;<2?eKv3P$v5myUT<)T5SdZyuT-QLC&od$Q5!x0iTi(^fmg=3IjBo+hBs2
zY?oDrc%Q@K>^S;nW;1UkcDHq1zJKyZ9=vk)8~@zN^_1nKP;>=X4X^XW&Ir}R7?AEC
zU`CBo+1#LMEn43Yd~>e#izn}J<gDPLYMDP3^JAt1vFm`@WMxcUL2PN-!%+Yf<)`$r
zMVZ;b%(2hJzZ=^7<CCf%7c((@)wn1v4>Z`Wech`G_VJEULK`f;<lM<P*`LfDQV)hD
zC74@KM>CBp5T=n=jZv~ZP5<%!-hBSV+qeQOmh=SmqvRh>?n4Lo&<x>J8|$|Eq%(NZ
zlhQct1p;)B2B8N@Fd;cMSz!Q)b46O9$R5(CqLqOGqrnV)S>Rh$(Cx=Rc<+m3>DgO+
zxrhlvO_8Kpuc*Pbr@P<yG4#J*lZ(&+mG7ubv6Nz}3+*A7fAxFH-<9A5;sRL1dwREk
z3ylFjrVKt@uSIXk*Q6Hk7>IiZ>4RKfIVp%@u{Bi_y&vA<9MW&lx6gpR0`4FZ1j%GG
zpw$r!ekS;XY~(ubSfYyIMT=!^H{bBn@cG7<|Lmb`U~85^p1O5XRd-5~!OBWe<qm}F
zsny(Xe@agUzoP2fw-DBW4SwT^Ir@LuDe0bS>U|wSyul_LGoOmZCpszD$W>QzOA8*J
z<l~ewD^dNU^hfP7c?SS0EDnqN9Af|856=L*#(HRmsd~~kgEFHy?8HOVA@==_vdtzT
zrIn@mG*UMko4&oOUtBLWSIDKrWbGZ0ssbTK7Nw!m2q$aE@YW_+ZzGLTZa7Liw5)uq
zc(U9QQCZce;o1QX`{D@%v?MCr4k#ap{v>fd3d#|FDb;F^b-w^@0UkHs$`Wr=Qmf7)
z<aFAKOb!%rTp&C7InzOj5+8W&CE2PD+>W!$=LXVMSA4HEh4$f{%^h7k!9Pb6l60b{
zxS0(YRYobq!OADB6kcwaA|}h&ZQ8I*wpPEu+oeEu2ZU&L9swY!Dxxf;A=#c2g~QU_
zvUq!RiK+Y;YHxsI*stAGfu_6BFYEXr3x&7qRY1wI#6B3WVJ_<uMV+RRAG^^0R&Z9R
zV53ni4DOgAY~96IyCR(CK2#|$25SuMbxBkwvszRY7V%%pj}we6Uq{^tcN4m!?nBY3
z3^&zq9E3LZ{K~Mx#2C><+Zsujbr-F`hpd)#bEaFr(glEJ)mRB(w5_DNrCV+IJSn>a
z8o%W1v>n76grO>DO`~y9mG9WIw<@ZMp>vwyZnIfq*}G&3X8|neg7fU%Fifx`(CNk5
zm$NN%mEZ)pRBf;8X1FBFXac^ojLu7mRj8@tp^;(GLV9s(Czf%d?f0_l4jwS~hB%Y%
zmb_1EFgD<#m)arHRZlBOeZ-T>SKfSh+!#Pxn(xg_wW59%KQF|8Tw9htps^>;0zJ`9
zw0SNo=<9#LSNb}z_@B#k_nnG%=Y0pR$3}nEd)#39-g3^=m;SPOhoio7QL<Ir@dSL5
z8xT2jgOtN7NoAhl%0(z2lja>(Sq|}c55)eR6crGbMjAkIVUR{=q1q*Lk9x(#Nxwoe
z*+dnqJE4Z}3D_z5w;<T#M{#Vd5g)uY3oYO(jN=W65@CbM`bfr%Br>cbtf>QA$&wh3
z$=~(+Mm()y&(*Pub&8O@XCva|Po5{-4#Lfy{@y%k-@&(?LY=!|?Gfs2fbmg5%M5bB
z<prGMp1%TJ1PdBi&uhAyG>$mp!_*5P57^77J2skDhFZj%SD`7-iz=?0NZyb*ecx^3
zFQ$K=GCSpMyl56}3hyA|lOhsHB*6qS#J1P{j$}#B=?Jug@jEy|{Yw!4rMxH52`9x1
z??4)Ii0>N=!=zma5{qQ_pcQ+T5^}$P{s&<6!2|c3>d?E|EpW0^tzS%x`ttkpyN0E#
zRS0~{5p+CFTb{<V6Tnb<ANNJ|6LmDe#mhzCuV7F?U0GPOcU}KAkYY6nF^j6MR|)dv
zhHZnve{S=xyl1L6$7+;N<5CK6(DEElmNAuyR!q!a-|$e$cE8q0nIqGt(ZltAD*<fK
zFa#(z;}W}6U)!>J*<<;srFXC~*%~*ydMD6YqV#UEV=|!y=XQ|XJG8|%igV&W_waQQ
z8Hj&Mlun)BE$O;8#i#@=szpXMHNxr>>3tY?mB@;GAT+tw3E3a>RdAeW%#(r4pf5Ly
zER*{v9ibZrWqSKI-aXT8+0fg#L;!rTnr<wPHZHelI_v$pAo0+)Po`_Q!NB!!u!$YX
z96J)D5Z!4wy@M+(fV!80&h&h3d=1?j<zjC>Od8JGlV_x04N4lPtX6(mEaOK!Cu)=e
zF)FNhke{Vm%hv-nx({l$sA<})r3WS<)Yb(V+!ebhVOx;Xa7Xn5Gtt${SODv0EUFqy
zob0JZYq=f!$u9L;)cI6!B=_X@*ea&H2)S{E*q!8(2-DEGMnb8biZz;AFX0m|&_@&B
zEHg^77uegeFVr&Rng=k))g+z)53NeMXpStc;3*1O2OOQXht_|)l(d5wJHVc($(j#O
zQz9Gd@E)TEzg@0%TFR@olL5^MiZf$uuXaa1Uk`R)GuVzRdF`t`4L{JW`|rH>eu_s`
zAP%gmEgm7IQ0!goCY0H+Cd243i~Dq<<W8Sp|Ct6iH?Ahqf=QoH^FG@1&ciI<bWUG7
zw#J0aKdd&j;9>4|p0;}I4aX%gzy;Gp3x%>QI15W*hq+PmYJ_0Iz5%)27XJ|EZLSRV
zNQY!Ns4t@f?EZ5B>XST1S!S%x1~zRx`mJDV75VNvz3$f}6ys7e4x_;Bu&|V2nfNq$
zq^@9n`mxFr-^@JwBzptx(PVc;+r3|)U8D-aso90OE30Brg>(MZc;{$?-~K1WT!lOu
zYQoL2Pm5R@YZJThJ_s1W3BQhCYDCXiotj>+&5l6h?<Y^>-C#>-WFRufF44Vt_iRZi
z4j=<ddPS(xS58_`3Zy5w#Oqj^tAF1_;;+2`|2dbfJ)c;PnRWAvQmtKOtQ>h0)?bJz
zNb~k}-^h~^-WxG+I&8FEYPx7<_Y;rb{Ofn!g_GsBn$=&uB@Xbp9V4jY_q{5bWzT-R
zf7lie<F2de%G?Bb8u$Skpn5|I>`m@+r}JFp11TEq-sjVe$);(xactIb6in(Q*=!^U
zM`&mv*9Q5bx!&S0iL6(Sq9fl+Z!AscX>g##X|=IDJW!H+Ci*;}(8X(6=hN<FPxZU~
z>!V{ka7+#zc?&QkBq)IOR@@+rpk~FX^`{fu$M|825ESu@G_DTE`KPMqdS%fqv*bq%
zrXLSg#5NJ#5{fcm>nmOo;I!Z2TwLyQF$@LN%u?GVE{6#OA-n_M3`>ref73SLgK=hn
z<-9H7bz?kIjjiVAZH&f~PYI|(v)TRn2^fULA*?)#4+KoT+pbX{*kNsYgyyctI?R=_
zC~C(S)BsaJWMerTa5xUc{7KuPg-aDg*=}AwL(;<w-UViZSUZDeJ5hL*zHO*Efhfny
zH}a1>436XomVp<TSMdT>fD^c9@;^8Q3yvGaGwF*0{wsBNzy@`LY3C7V3c2~HXtzQ0
zW^_(ZC<$P<KYa}>DB8qVX@QlCGg4%M<3SP?#M<slbN}%PmxjpZB+k|}4i1tpEr#kB
znnJ3-VvAvb8w1q<4TOVwfF~IPLentSow9+*w-~zvLYqaP-1}#`uG?rh#uJCYc*Px%
zKCdD5_CciThIv8@qWASK3G=xz8Z2M;3&H<&`~^rMjAY6cpWd?;O=}9bWc}VV@`R*$
z(~<j!^0BDd?dgp><XFGfofp)#RmQw02Xv)=c(3d2E{JrxBbS8rZ@Tj_&=V}rY(ikS
zKaL{69s7eaJ?m5YZauCCoBG2a;L>`6`>z|GJnjwrOR~}5&E*~d1O)W^3kswl4GM+^
z1d;Tw5VA?$IUNR?nnN1h1ri8|E9uS`2e4^(D2C#zZ}2NP_h>cLn<T^oT*r+XokaLx
zlt<NQicG#PlGIoY_Iaz_t=U+H7mW&sG*rW<n^w!Ex_$M&KU!9)!(+9HQQE7Sh&ba^
za5;4(>I-Q4n$>M|N{echzT}~kt+7uv-=+tAz0Cr?95$LeFAX%ifY4pLDjKtn0R@+t
z(_Y(Vkh&$;kc($HeLW4T8~yU$|7w*!9c<JxDl(gC+(b29PFY>?I<lA2vySIivLuHq
zshO;`nr^)kV%Be?WaI&6(4TZ};t69Wqf)Ee29CC_(0u8gylArA)>S{1Y(R)jiKG0R
zL&mBzmvTezq1U<5(|KgQ!##TWfClnKTUhAIiS_=%UaS*+DzDaWU>kXDJe2?r$I$tf
z(*s|aGj$k~(!8Cr!5o)r!3Qn*gn#mJJ}b&PAks(r&L>iWem-e16K4D${5@|ewQRQ!
zgP%*&oLaAqmT7+$UNRDjMttA-V!osfCF&PU5LdaLKLg2g(Q~V$5jN|#0YVzQLi&+8
zve#?O<WlPECy&0iHk~y6`1vm&YaLkKm%oUTH@|Sg-z-zF4LJ~>jRXQ`{6f;7+v!%0
z8!Q`U3afL76-_#?Kq^V=_Fc`OF<GtirkpHe)k{<y4jWsW&4DXyvv5ouJ7uGdUDEEG
zGc5IIj3K_2nx<|NwwbOQ0J|&}P}_nEZtDq8T{}NET`1cHA#`~Z;l=LgR%1|z2(B7~
z)4!P)HRG<g>+=}9xrKTL^>RZk<Ex=?cv!7t&$<Nnw(j(<AT#z+yDj>s{P>%-KrzDB
z-?)FiGC(_T=zc-)I=I=n<}KZW8GI>>g~<~eE$m>eW4?7x`(kd*0M%=^E#RQw4%ZlG
z${Nl%2Vat9oY{-J<2Mb<zahg4g;xj`??~yj%*$oY&i)#|Ju(PB`udBQcDSD0h<?na
z-g*~9^zI@IUK>T2U>mJa#ApQr`zWGVNmd)LG$QeHdDQpl#F|+9;gjF-1>vK<{GOoD
z+w3OAF8>Jw=?_$qfT2JxWy@ZXa1srye*q4&qR0~^2b2RL`R(|_g;?8&jv?{ot3yRw
z!p>4Wr6+2SFwi-aLPf$t7i1RIl4BhL%;LmCC|f}i5NI*DcnlMQufq7HcT<XE2!g!%
z$>eY`xFt;S?Qq6={x``mq8zd9v?>-Ua{_M&u_8-F93Vb}0P9#uVk#}?DfEJ%j}e{|
zCY`LZZm=5VlR-ML7+hFWi8<PO37CT-3EFTG>j1K)QO#jaQ;w>3NPOVs5#D~)aAKk~
zz6;hkFlU82&tjbbri4-2fv)tu*oXNE6eR&=kpzVim}ddfA=EQJQpaQ=V?yvdoEDN2
zDX`e~p#qKr08Pkh1sq;pk>2E-Bgt0Vnxszi<2aTTmT94k1XlhAnm^ujMc@r?zG~se
zP1J)d=TyX84z(1Pc#oP2ILxa+KXmW|&;gaO4?q3AE*|tAi=bz|5eOZIC`#?!qd1w8
zSGm0%V5?}upKw9cx}Pi>WhqvA|4XpwkSQPc2DoSoAWAd&tQzdR6rwD4;AT{K*WSTc
z#%M>8IwXvY=tixm<|)$g=Eozr2PT9(4lU~Y2!bJMar+E{B$RO$vh+Nkv=Sv5{Oa*H
zv{IO6jbf_bUWYHi0i+;Y+Bedy{}rEKY?fe`LeIZ(;x%RHGk}1RXfFJNQJO=mUvRfU
zF~gq=@JI9zLn3pJeM~^|4N+8QA1WCVxHxOS7kn;7u@@YfBX&|?XJ<`*iucO~E<)x`
z3o6B<NJ=O#3Q3$81C@o#aL6~%j6Pb0R^dfVNAW9lg<$4wnn)@3LE%OuQW3K4P)K<I
z8IccWE?lg)m}tYj5a|OU^BU^|Y-T7u0_-0=U<BnLbi?y=lNMnQBg%<_D4V<-5?Y7Q
zn8gk{qz<t;5S88|oQV%vX75x7<W&*#Snfb7ayJF_tdNiXuwqWUC`sfg#@h#l>gG^y
zlp6cGS{$l3vP$+h@vACF{Cjbt5Ql7_d1IYeck9J|`qFQBh7U}X_mI1XT}_{4^Uw|g
zpk9S+QPoU~`Zksq(0^`~glUU<{>?yduj~z&=dP(gv#EXM=e@kxoo@baV;waUk!Q0V
zp-A$C-uFqQy||H9oPNA^Y|AORSjw%-H_rKeun6PO9dO=ofz*YUm)Bp|r!v;4x>V)B
zC)c!W`(_U5mCZ8qxnA2&$}-j5BH&s8@GH37(a2v9-Wj{gQ$!<R;WzAyXFhWWEidjd
ziJx{<x!U9!r*ZPl-cM$ypAMPI%{VvaacAS&P8RyLYw{s}zV}c`J1@MK!Tu~SVFka$
zvvJ|<5(ns+WvBn4*c?6-<99`B={`%1YNdLh_6@}2JRIF_?v$B5S?kf*H2yvSoRozA
zY<qfHY5ha`L-{k2_7lTG;~%@}+|tG4>xYH^H>!2>g1p7j{3`m}x({mii2M^S1+2(W
zFO)IF*y!q21g@@X`z{gO^H=sZsCoH4c)HLC?VH5E4p>gK`C&kyrv0*mrhONT=FCkJ
zg-ML$_}iX(;hms|?}y-juIHw}5D|PZF@jLHrinsUV1To#l)9iP;(>re;TuNMWpt~g
zMD5DA_oCZnb-4ZO;nC9z`S82CE?M4QP^+2XTW|tcbhA{}bl_H9+Bvo)2uzWPDLm~M
z1_<ZhxHy<|CrjQfugkuo(0Gv~=nfayhsZN0sUV*atzbz~8Jk`Wec0%VT?LAxt~H<>
zrqp>H1psA0VC%pVyjY_$H7DhESRGeDA{uphzd^pwz<Ge^o$K49!0Nl;3QilskI3tE
zzz>WUP*!OMOA|uOqw`05XUC-<>vHLK3YZdx)Jb_mU}Jt5gV_GzJ3Q&jF;PUr6XD#)
z15U7H8lP1)!nl-2aAnY|K-Y)+8rw=05^E8y5dbFeX~VF4?uVpEsF()X0p0#hG^lee
zb#-#)zG@@z51;ENz0^!&EH=!r-SoFieqwuWxBf}*BSTlW)?Z0Z(?!h*kBLUs*$2;5
z=9i^dRxSY2N*D4E`;0Q1{QG(4>;ozv+YR`)*@%4e7sUTJ9|1xAH!l%E0AUv4dOtP=
zmM{W?H=C@w!Y8$t;scOG%GSd|2e%X6j*YDwNrKCBbWev(GR+NAs#><|9yc#0hnZ%H
zrL?6FX{#SmhrX1$0i$jGo>1jPW+H}%T>OL|=*Eip`6-S<rqU@RA!@`ShO;`07U1e~
zyv+s)DU0WU{Um`k1-*BmhC9r)v2R)n8x_TWcT_3leFD|zyZ|J~L$6Pz8A}M-GoiF~
zcv8ye7(+gaQ{_xUJ~XdLq78f1;$J%<T#=d`+0HA*y_{o&=nGh)4PP1<*)dFCO|N1!
z5iCacvQ>M9)(l<eF6I#dO^&c-T~`9UU@;Vo$2NEmbsOZY1QK$HlKSzVgx^Gw@3awk
zLcPiheW4IUH~>pxhZl<eI>Ayh`w}^nxOT2UA<V{dz<lPZ=ZmnI#G&@7ICgV$`m3$)
zoZ%q}grX(O5bqE^URz8<Zd9Q);oa^?0CzXAJEqGkiI3l-oNu?Kh27f#;lw>57yLJt
zm{aav)Ob_SFPGJ!)?d2oWcYBk59XbZ30*REKDuijPJxGwo{_;BX;FI0DETO-t4_t3
zTS{2gb&LA`_`Ow^27?9Yr`m1d@2y9BqW8DjU*)+|hKz+p>{m|l9b7)cd)%a?^7#Mv
z>tVVIdEksB-wH_(TKA+oH_W8n3M9P$GZ*6m0U`fa4F7jA`X#|u@&Yd<NmlX$|0G3J
z@_;nwBmr_TlC~?UfwhyMs>uGQg_9VoFhHP-k|e80!2hR?k{qkhf%}resz@Nt%m4R&
F{|h@%v2y?b

diff --git a/OpenVPN/Edgerouter_Station_Laval.ovpn b/OpenVPN/-=Expired=-/Edgerouter_Station_Laval.ovpn
similarity index 100%
rename from OpenVPN/Edgerouter_Station_Laval.ovpn
rename to OpenVPN/-=Expired=-/Edgerouter_Station_Laval.ovpn
diff --git a/OpenVPN/Otarcik202501.ovpn b/OpenVPN/-=Expired=-/Otarcik202501.ovpn
similarity index 100%
rename from OpenVPN/Otarcik202501.ovpn
rename to OpenVPN/-=Expired=-/Otarcik202501.ovpn
diff --git a/OpenVPN/edgerouterchambly.ovpn b/OpenVPN/-=Expired=-/edgerouterchambly.ovpn
similarity index 100%
rename from OpenVPN/edgerouterchambly.ovpn
rename to OpenVPN/-=Expired=-/edgerouterchambly.ovpn
diff --git a/OpenVPN/-=Expired=-/fred.ovpn b/OpenVPN/-=Expired=-/fred.ovpn
new file mode 100644
index 0000000..744125c
--- /dev/null
+++ b/OpenVPN/-=Expired=-/fred.ovpn
@@ -0,0 +1,268 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.yultek.dev 1194
+;remote my-server-2 1194
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+;user nobody
+;group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certificate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+#   digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+#   serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the data-ciphers option in the manpage
+cipher AES-256-GCM
+auth SHA256
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+key-direction 1
+
+
+; script-security 2
+; up /etc/openvpn/update-resolv-conf
+; down /etc/openvpn/update-resolv-conf
+
+
+; script-security 2
+; up /etc/openvpn/update-systemd-resolved
+; down /etc/openvpn/update-systemd-resolved
+; down-pre
+; dhcp-option DOMAIN-ROUTE .
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDRTCCAi2gAwIBAgIUXe37kz2yqgyL2xXfvaGRzlz7ywYwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDIyMDIyMDkyMVoXDTMzMDIx
+NzIyMDkyMVowFDESMBAGA1UEAwwJSkZfc2VydmVyMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAnLdVAj0W31TtWGxwdBeqsdIHyUdVAEG8bX+CcNZDP3M3
+R/gJOmenjqsqHYBe5gZcky1hkqWaD7l/LNmyzZDZ1lVEWpcAZqxbsUZKiHU30bxq
+84L5qtaAOpwTsumidq2hBqoDBMdBmh18e0QEW624mui7ckXTRRG3PA0ccXtXcTYU
+ntmhYtQ2oaPauSmfJZIUfZTfVZbB8FkCgu+zJtCx5hq46vIHm8KX0m1zLIeUtGsI
+hkly+5v52f3sEMlddyoZZkfjRddETk2co09q3oNaP1LYxN5G+TvZDhpdE+PrDsNT
+wO4uU2d9hVIP3T49heLieZ6KVxyp1FsDYzo0CNlIDwIDAQABo4GOMIGLMB0GA1Ud
+DgQWBBSKeJDl8FDnjHXkuMCh6OmbshqdMjBPBgNVHSMESDBGgBSKeJDl8FDnjHXk
+uMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJSkZfc2VydmVyghRd7fuTPbKqDIvb
+Fd+9oZHOXPvLBjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
+AQsFAAOCAQEARIg2x4Tit/6ZydMlle6ku32t75OMCVQoe7fUkRjNe8pCkZjZXLy9
+QIRwoqW3FRT8+mQjctZk3NsyLStF8Rc/fFvpjGY/hiEQ/RV1K2/IZ9hcswp/LRzQ
+ElDwXhe4zlcDT10GjHYYx221SR+ijgicZcaXgb9f3uZKIrPgyb8qB4KCQS8gPtCV
+1VmPM5/svVCI93G+xT92XBHa47fgV5GEn7Snah2UgFol5h7/KX/Sa2q0pfBlzqmt
+CutfEbYcwSxkoLsEUIW8KMoEAIsO+KIsraS6EXlRdT82Ui+UZWVPZABlzifCl+AV
+LzBrLwt2OeoEI1h65EyzzE7gDsjrE3JR/Q==
+-----END CERTIFICATE-----
+</ca>
+<cert>
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            ab:ba:55:27:aa:06:49:7b:13:dd:f2:5b:ae:27:08:fe
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=JF_server
+        Validity
+            Not Before: Jun  1 18:17:32 2023 GMT
+            Not After : Sep  3 18:17:32 2025 GMT
+        Subject: CN=fred
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (384 bit)
+                pub:
+                    04:3e:78:ef:26:d9:87:bb:8b:08:47:fe:15:ad:96:
+                    ae:f4:93:f1:d8:ce:e3:05:d2:96:46:fc:f6:47:c9:
+                    ac:41:f5:01:1b:e3:25:61:f4:ee:6f:8d:13:dd:ab:
+                    1b:d8:02:85:a3:fb:52:3d:02:d8:ad:0b:ed:e3:02:
+                    88:c7:eb:06:52:ca:25:ac:8b:ac:eb:52:4c:43:52:
+                    f9:c0:8c:f4:48:ea:72:a6:26:f7:5f:02:96:97:ad:
+                    10:ac:6d:c8:d3:b1:28
+                ASN1 OID: secp384r1
+                NIST CURVE: P-384
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                3C:F6:00:C3:CF:A4:BB:8D:F1:1B:AB:A1:6F:24:44:2A:73:95:EB:46
+            X509v3 Authority Key Identifier: 
+                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
+                DirName:/CN=JF_server
+                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        10:9c:49:d0:09:dc:52:df:2b:e1:ce:59:ef:f7:a0:96:13:05:
+        7e:30:ba:4b:6d:17:62:ed:89:39:cb:0e:c5:cc:df:0c:5a:68:
+        e7:0f:bc:c2:67:e0:b2:72:b6:9f:e7:9f:1f:4c:e5:da:d9:5c:
+        d8:53:44:ef:47:ea:47:9d:d7:1d:12:ab:75:c3:1f:c4:d8:ae:
+        65:7e:39:9d:98:f1:02:df:03:77:1e:7b:88:24:5f:7e:51:5c:
+        f2:9c:b8:1f:84:71:4b:f9:5a:6d:06:63:4d:e9:ab:27:f5:99:
+        fa:ac:25:7a:e2:a7:ba:94:a7:44:8b:2f:21:73:c1:db:1a:37:
+        38:d6:46:4a:a5:65:f7:24:35:08:40:9a:8e:d6:22:56:20:c9:
+        7b:52:b3:8f:ea:53:bf:00:bd:6a:23:bd:07:fe:af:2e:20:ee:
+        71:69:f8:66:b0:f3:00:5e:8d:2f:2a:37:b9:14:a6:bf:c8:25:
+        2e:1b:f4:86:58:94:33:2b:85:f9:08:3a:48:9e:49:42:66:5a:
+        37:10:10:5b:50:2e:f6:06:d0:fe:86:17:0d:9d:f5:dd:cb:ab:
+        92:39:de:d8:57:9d:0d:7e:14:b7:61:e5:bc:dc:62:00:22:8c:
+        23:df:90:d4:38:01:18:23:96:c6:7e:e8:c8:5e:c8:fd:a4:b2:
+        47:87:02:4f
+-----BEGIN CERTIFICATE-----
+MIICoTCCAYmgAwIBAgIRAKu6VSeqBkl7E93yW64nCP4wDQYJKoZIhvcNAQELBQAw
+FDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDYwMTE4MTczMloXDTI1MDkwMzE4
+MTczMlowDzENMAsGA1UEAwwEZnJlZDB2MBAGByqGSM49AgEGBSuBBAAiA2IABD54
+7ybZh7uLCEf+Fa2WrvST8djO4wXSlkb89kfJrEH1ARvjJWH07m+NE92rG9gChaP7
+Uj0C2K0L7eMCiMfrBlLKJayLrOtSTENS+cCM9EjqcqYm918ClpetEKxtyNOxKKOB
+oDCBnTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQ89gDDz6S7jfEbq6FvJEQqc5XrRjBP
+BgNVHSMESDBGgBSKeJDl8FDnjHXkuMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJ
+SkZfc2VydmVyghRd7fuTPbKqDIvbFd+9oZHOXPvLBjATBgNVHSUEDDAKBggrBgEF
+BQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBABCcSdAJ3FLfK+HO
+We/3oJYTBX4wukttF2LtiTnLDsXM3wxaaOcPvMJn4LJytp/nnx9M5drZXNhTRO9H
+6ked1x0Sq3XDH8TYrmV+OZ2Y8QLfA3cee4gkX35RXPKcuB+EcUv5Wm0GY03pqyf1
+mfqsJXrip7qUp0SLLyFzwdsaNzjWRkqlZfckNQhAmo7WIlYgyXtSs4/qU78AvWoj
+vQf+ry4g7nFp+Gaw8wBejS8qN7kUpr/IJS4b9IZYlDMrhfkIOkieSUJmWjcQEFtQ
+LvYG0P6GFw2d9d3Lq5I53thXnQ1+FLdh5bzcYgAijCPfkNQ4ARgjlsZ+6MheyP2k
+skeHAk8=
+-----END CERTIFICATE-----
+</cert>
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBQw+Cfj2TA0I9LNukC
+i6neLisJywxfhODlvipRtpifAMhKh1mgf3U5mcknDT4N3A6hZANiAAQ+eO8m2Ye7
+iwhH/hWtlq70k/HYzuMF0pZG/PZHyaxB9QEb4yVh9O5vjRPdqxvYAoWj+1I9Atit
+C+3jAojH6wZSyiWsi6zrUkxDUvnAjPRI6nKmJvdfApaXrRCsbcjTsSg=
+-----END PRIVATE KEY-----
+</key>
+<tls-crypt>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+4c828cbf0e58f927758e9471c1b6f03b
+2e77b2c634bad76df0570dd8f47184d6
+3921e25c6e6cbe4af4b64aad89d12425
+a9fca69ae08802b5ed583632c26678b0
+cc28c481c3831d1b2204dc30cd466395
+ccb8cd82cd2259c956b510c9a56e842a
+8693c44dca462f0ab7be3856abe9bbe1
+95a6ffd3b0237225b9497c7a0df05ad8
+2f2e0a8bff97c927d2890906d0105947
+fa3430fc779583772382534fb880add6
+8d5592fa4ff384d3e96c560019b5835f
+095da9b2fb33dbfbc1ffce9560908271
+ee96e02ccecc9d51b9dda79a77704a1d
+4407d7c805e6950854fe232adee02a12
+b09af2d9bfe04868a9e2e942dc64eb81
+9e062ab9f781e52d263195a58db72ebe
+-----END OpenVPN Static key V1-----
+</tls-crypt>
diff --git a/OpenVPN/-=Expired=-/jf.ovpn b/OpenVPN/-=Expired=-/jf.ovpn
new file mode 100644
index 0000000..4555f0c
--- /dev/null
+++ b/OpenVPN/-=Expired=-/jf.ovpn
@@ -0,0 +1,268 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote 138.197.151.172 1194
+;remote my-server-2 1194
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+;user nobody
+;group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certificate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+#   digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+#   serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the data-ciphers option in the manpage
+cipher AES-256-GCM
+auth SHA256
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+key-direction 1
+
+
+; script-security 2
+; up /etc/openvpn/update-resolv-conf
+; down /etc/openvpn/update-resolv-conf
+
+
+; script-security 2
+; up /etc/openvpn/update-systemd-resolved
+; down /etc/openvpn/update-systemd-resolved
+; down-pre
+; dhcp-option DOMAIN-ROUTE .
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDRTCCAi2gAwIBAgIUXe37kz2yqgyL2xXfvaGRzlz7ywYwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDIyMDIyMDkyMVoXDTMzMDIx
+NzIyMDkyMVowFDESMBAGA1UEAwwJSkZfc2VydmVyMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAnLdVAj0W31TtWGxwdBeqsdIHyUdVAEG8bX+CcNZDP3M3
+R/gJOmenjqsqHYBe5gZcky1hkqWaD7l/LNmyzZDZ1lVEWpcAZqxbsUZKiHU30bxq
+84L5qtaAOpwTsumidq2hBqoDBMdBmh18e0QEW624mui7ckXTRRG3PA0ccXtXcTYU
+ntmhYtQ2oaPauSmfJZIUfZTfVZbB8FkCgu+zJtCx5hq46vIHm8KX0m1zLIeUtGsI
+hkly+5v52f3sEMlddyoZZkfjRddETk2co09q3oNaP1LYxN5G+TvZDhpdE+PrDsNT
+wO4uU2d9hVIP3T49heLieZ6KVxyp1FsDYzo0CNlIDwIDAQABo4GOMIGLMB0GA1Ud
+DgQWBBSKeJDl8FDnjHXkuMCh6OmbshqdMjBPBgNVHSMESDBGgBSKeJDl8FDnjHXk
+uMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJSkZfc2VydmVyghRd7fuTPbKqDIvb
+Fd+9oZHOXPvLBjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
+AQsFAAOCAQEARIg2x4Tit/6ZydMlle6ku32t75OMCVQoe7fUkRjNe8pCkZjZXLy9
+QIRwoqW3FRT8+mQjctZk3NsyLStF8Rc/fFvpjGY/hiEQ/RV1K2/IZ9hcswp/LRzQ
+ElDwXhe4zlcDT10GjHYYx221SR+ijgicZcaXgb9f3uZKIrPgyb8qB4KCQS8gPtCV
+1VmPM5/svVCI93G+xT92XBHa47fgV5GEn7Snah2UgFol5h7/KX/Sa2q0pfBlzqmt
+CutfEbYcwSxkoLsEUIW8KMoEAIsO+KIsraS6EXlRdT82Ui+UZWVPZABlzifCl+AV
+LzBrLwt2OeoEI1h65EyzzE7gDsjrE3JR/Q==
+-----END CERTIFICATE-----
+</ca>
+<cert>
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            22:7a:b3:cb:88:05:00:8c:df:af:02:be:af:63:f9:59
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=JF_server
+        Validity
+            Not Before: Feb 20 22:37:46 2023 GMT
+            Not After : May 25 22:37:46 2025 GMT
+        Subject: CN=jf
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (384 bit)
+                pub:
+                    04:8d:38:ea:4f:29:bd:83:a9:33:a3:1c:33:8a:60:
+                    8f:fa:19:81:00:73:44:81:98:1e:76:05:ee:f6:46:
+                    d5:25:a8:c5:3b:bd:d6:fa:cf:c6:79:e0:b4:42:27:
+                    80:e2:96:2d:30:50:c2:f6:9c:2c:13:f8:b9:46:b3:
+                    0d:96:6c:9b:d2:45:15:a3:f0:4c:bc:6b:51:45:f8:
+                    cb:59:04:b1:d0:47:b9:90:06:71:c7:eb:34:32:e2:
+                    72:14:84:94:58:e3:34
+                ASN1 OID: secp384r1
+                NIST CURVE: P-384
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                C5:CE:72:8F:A3:8E:13:57:DD:0E:02:A1:24:F1:56:C3:AE:2F:65:8F
+            X509v3 Authority Key Identifier: 
+                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
+                DirName:/CN=JF_server
+                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        3b:e8:1a:3e:ac:17:17:49:7c:4d:73:55:39:e9:1b:e4:d6:7f:
+        6d:6d:43:6c:e2:79:41:f4:26:a4:2d:18:59:24:a0:b1:e0:db:
+        03:07:f9:fb:24:f6:be:ed:8c:31:3e:c7:bb:74:b6:87:ba:43:
+        fc:d6:fb:2f:9f:1c:eb:d1:27:ad:60:eb:ab:87:c7:46:fe:22:
+        75:c1:bb:fb:23:ad:ba:1d:ab:41:45:29:d6:c4:89:99:94:40:
+        06:c7:3a:08:fe:d3:b5:f4:e7:52:57:aa:d1:a8:ec:74:e6:c9:
+        ec:9e:80:e0:ba:92:92:95:55:2e:d7:b2:d8:09:ee:72:fd:12:
+        ac:0a:0d:dc:ba:ac:4e:34:8c:37:19:76:60:7c:bd:ba:99:b7:
+        e5:47:c3:4b:67:2f:a9:5c:89:95:70:2d:2c:97:45:04:64:15:
+        47:04:d1:48:7d:d8:40:63:6c:05:8b:dc:ed:0f:a3:ae:3a:e8:
+        6f:49:34:54:de:99:4b:aa:28:6d:c9:3d:db:43:60:14:40:d5:
+        09:87:a8:b2:88:11:4c:8c:00:71:b1:38:25:91:5f:2f:93:7b:
+        42:64:38:db:d2:59:48:e8:ed:2e:92:69:4e:d4:2a:3b:e3:03:
+        94:2c:fc:ac:bc:ff:a9:b4:1e:ca:d3:d2:b5:fd:bf:33:bd:55:
+        12:75:db:f1
+-----BEGIN CERTIFICATE-----
+MIICnjCCAYagAwIBAgIQInqzy4gFAIzfrwK+r2P5WTANBgkqhkiG9w0BAQsFADAU
+MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjMwMjIwMjIzNzQ2WhcNMjUwNTI1MjIz
+NzQ2WjANMQswCQYDVQQDDAJqZjB2MBAGByqGSM49AgEGBSuBBAAiA2IABI046k8p
+vYOpM6McM4pgj/oZgQBzRIGYHnYF7vZG1SWoxTu91vrPxnngtEIngOKWLTBQwvac
+LBP4uUazDZZsm9JFFaPwTLxrUUX4y1kEsdBHuZAGccfrNDLichSElFjjNKOBoDCB
+nTAJBgNVHRMEAjAAMB0GA1UdDgQWBBTFznKPo44TV90OAqEk8VbDri9ljzBPBgNV
+HSMESDBGgBSKeJDl8FDnjHXkuMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJSkZf
+c2VydmVyghRd7fuTPbKqDIvbFd+9oZHOXPvLBjATBgNVHSUEDDAKBggrBgEFBQcD
+AjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBADvoGj6sFxdJfE1zVTnp
+G+TWf21tQ2zieUH0JqQtGFkkoLHg2wMH+fsk9r7tjDE+x7t0toe6Q/zW+y+fHOvR
+J61g66uHx0b+InXBu/sjrbodq0FFKdbEiZmUQAbHOgj+07X051JXqtGo7HTmyeye
+gOC6kpKVVS7XstgJ7nL9EqwKDdy6rE40jDcZdmB8vbqZt+VHw0tnL6lciZVwLSyX
+RQRkFUcE0Uh92EBjbAWL3O0Po6466G9JNFTemUuqKG3JPdtDYBRA1QmHqLKIEUyM
+AHGxOCWRXy+Te0JkONvSWUjo7S6SaU7UKjvjA5Qs/Ky8/6m0HsrT0rX9vzO9VRJ1
+2/E=
+-----END CERTIFICATE-----
+</cert>
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBI4JXNyv7EeAsIFaPn
+JBe0cJDvuYM+AGWJYcMtfQj8Sg5z+K0+Ur1IjRxj6vkyXa2hZANiAASNOOpPKb2D
+qTOjHDOKYI/6GYEAc0SBmB52Be72RtUlqMU7vdb6z8Z54LRCJ4Dili0wUML2nCwT
++LlGsw2WbJvSRRWj8Ey8a1FF+MtZBLHQR7mQBnHH6zQy4nIUhJRY4zQ=
+-----END PRIVATE KEY-----
+</key>
+<tls-crypt>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+4c828cbf0e58f927758e9471c1b6f03b
+2e77b2c634bad76df0570dd8f47184d6
+3921e25c6e6cbe4af4b64aad89d12425
+a9fca69ae08802b5ed583632c26678b0
+cc28c481c3831d1b2204dc30cd466395
+ccb8cd82cd2259c956b510c9a56e842a
+8693c44dca462f0ab7be3856abe9bbe1
+95a6ffd3b0237225b9497c7a0df05ad8
+2f2e0a8bff97c927d2890906d0105947
+fa3430fc779583772382534fb880add6
+8d5592fa4ff384d3e96c560019b5835f
+095da9b2fb33dbfbc1ffce9560908271
+ee96e02ccecc9d51b9dda79a77704a1d
+4407d7c805e6950854fe232adee02a12
+b09af2d9bfe04868a9e2e942dc64eb81
+9e062ab9f781e52d263195a58db72ebe
+-----END OpenVPN Static key V1-----
+</tls-crypt>
diff --git a/OpenVPN/jf2.ovpn b/OpenVPN/-=Expired=-/jf2.ovpn
similarity index 100%
rename from OpenVPN/jf2.ovpn
rename to OpenVPN/-=Expired=-/jf2.ovpn
diff --git a/OpenVPN/jf_Yultek.ovpn b/OpenVPN/-=Expired=-/jf_Yultek.ovpn
similarity index 100%
rename from OpenVPN/jf_Yultek.ovpn
rename to OpenVPN/-=Expired=-/jf_Yultek.ovpn
diff --git a/OpenVPN/ka2501.ovpn b/OpenVPN/-=Expired=-/ka2501.ovpn
similarity index 100%
rename from OpenVPN/ka2501.ovpn
rename to OpenVPN/-=Expired=-/ka2501.ovpn
diff --git a/OpenVPN/-=Expired=-/pascal.ovpn b/OpenVPN/-=Expired=-/pascal.ovpn
new file mode 100644
index 0000000..cd74e16
--- /dev/null
+++ b/OpenVPN/-=Expired=-/pascal.ovpn
@@ -0,0 +1,268 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote 138.197.151.172 1194
+;remote my-server-2 1194
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+;user nobody
+;group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certificate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+#   digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+#   serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the data-ciphers option in the manpage
+cipher AES-256-GCM
+auth SHA256
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+key-direction 1
+
+
+; script-security 2
+; up /etc/openvpn/update-resolv-conf
+; down /etc/openvpn/update-resolv-conf
+
+
+; script-security 2
+; up /etc/openvpn/update-systemd-resolved
+; down /etc/openvpn/update-systemd-resolved
+; down-pre
+; dhcp-option DOMAIN-ROUTE .
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDRTCCAi2gAwIBAgIUXe37kz2yqgyL2xXfvaGRzlz7ywYwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDIyMDIyMDkyMVoXDTMzMDIx
+NzIyMDkyMVowFDESMBAGA1UEAwwJSkZfc2VydmVyMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAnLdVAj0W31TtWGxwdBeqsdIHyUdVAEG8bX+CcNZDP3M3
+R/gJOmenjqsqHYBe5gZcky1hkqWaD7l/LNmyzZDZ1lVEWpcAZqxbsUZKiHU30bxq
+84L5qtaAOpwTsumidq2hBqoDBMdBmh18e0QEW624mui7ckXTRRG3PA0ccXtXcTYU
+ntmhYtQ2oaPauSmfJZIUfZTfVZbB8FkCgu+zJtCx5hq46vIHm8KX0m1zLIeUtGsI
+hkly+5v52f3sEMlddyoZZkfjRddETk2co09q3oNaP1LYxN5G+TvZDhpdE+PrDsNT
+wO4uU2d9hVIP3T49heLieZ6KVxyp1FsDYzo0CNlIDwIDAQABo4GOMIGLMB0GA1Ud
+DgQWBBSKeJDl8FDnjHXkuMCh6OmbshqdMjBPBgNVHSMESDBGgBSKeJDl8FDnjHXk
+uMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJSkZfc2VydmVyghRd7fuTPbKqDIvb
+Fd+9oZHOXPvLBjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
+AQsFAAOCAQEARIg2x4Tit/6ZydMlle6ku32t75OMCVQoe7fUkRjNe8pCkZjZXLy9
+QIRwoqW3FRT8+mQjctZk3NsyLStF8Rc/fFvpjGY/hiEQ/RV1K2/IZ9hcswp/LRzQ
+ElDwXhe4zlcDT10GjHYYx221SR+ijgicZcaXgb9f3uZKIrPgyb8qB4KCQS8gPtCV
+1VmPM5/svVCI93G+xT92XBHa47fgV5GEn7Snah2UgFol5h7/KX/Sa2q0pfBlzqmt
+CutfEbYcwSxkoLsEUIW8KMoEAIsO+KIsraS6EXlRdT82Ui+UZWVPZABlzifCl+AV
+LzBrLwt2OeoEI1h65EyzzE7gDsjrE3JR/Q==
+-----END CERTIFICATE-----
+</ca>
+<cert>
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            a6:7f:64:22:94:22:4a:39:b9:48:25:9b:99:9d:ae:a7
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=JF_server
+        Validity
+            Not Before: Mar 17 19:30:32 2023 GMT
+            Not After : Jun 19 19:30:32 2025 GMT
+        Subject: CN=pascal
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (384 bit)
+                pub:
+                    04:6e:d7:fc:29:a8:23:70:28:49:70:82:f4:1a:4f:
+                    fc:e8:5a:d3:10:84:ef:0a:59:d9:3e:31:2e:5f:91:
+                    8b:97:7e:32:c5:e4:9a:b1:df:8b:66:82:f7:a5:5a:
+                    6d:90:ba:4d:4b:75:4e:1b:09:37:3b:23:5b:df:b8:
+                    08:89:c7:a0:d6:3b:fa:3e:f8:b1:08:18:a6:ee:25:
+                    02:25:b2:c5:43:ee:f5:03:82:9e:39:a0:82:d0:23:
+                    49:eb:fe:be:3e:8f:7a
+                ASN1 OID: secp384r1
+                NIST CURVE: P-384
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                8E:E1:F2:13:12:D0:E0:C4:29:EA:29:E4:3D:94:2B:EC:0D:04:8F:BC
+            X509v3 Authority Key Identifier: 
+                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
+                DirName:/CN=JF_server
+                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        7d:0b:3f:f6:58:09:f2:8a:8d:0e:1e:50:c9:e8:31:f0:8f:0a:
+        f5:65:66:55:d3:dd:2c:5d:42:d4:0f:a5:02:ed:6a:77:e1:1d:
+        39:c5:46:1c:a5:38:17:89:13:f1:cd:eb:ff:b8:a5:3d:e9:85:
+        6f:d2:96:9b:f4:a1:09:6c:1b:84:40:70:19:2b:e1:ac:91:c2:
+        df:bf:09:a4:4f:c4:31:44:fe:2b:a5:60:38:97:a8:b3:01:aa:
+        39:43:74:90:b5:c6:fc:85:63:26:9f:7f:54:ba:de:4a:b1:ae:
+        6d:85:00:35:4d:15:9f:9d:10:f4:bf:bb:67:45:7e:c6:ab:ee:
+        7e:ad:92:4a:b4:e8:76:65:be:94:40:5a:67:83:ab:6c:d9:f9:
+        7d:40:bd:70:87:1f:14:4d:eb:56:50:a5:c3:7e:4a:b3:42:b5:
+        95:fe:f8:7f:9b:c6:c0:81:04:62:fd:94:ef:da:dd:17:01:a0:
+        93:14:80:31:5a:a2:fa:c7:8c:2d:7c:df:8b:40:d5:5c:ce:5f:
+        a8:9f:9f:48:4f:49:49:dc:cc:37:7e:f7:55:84:74:8a:cd:68:
+        15:60:8b:e8:4a:75:3e:83:cb:33:be:45:e1:a1:76:52:1a:b9:
+        09:34:38:af:6e:af:98:e3:6d:ed:c2:24:97:de:08:83:6b:d5:
+        45:9e:91:3a
+-----BEGIN CERTIFICATE-----
+MIICozCCAYugAwIBAgIRAKZ/ZCKUIko5uUglm5mdrqcwDQYJKoZIhvcNAQELBQAw
+FDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDMxNzE5MzAzMloXDTI1MDYxOTE5
+MzAzMlowETEPMA0GA1UEAwwGcGFzY2FsMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE
+btf8KagjcChJcIL0Gk/86FrTEITvClnZPjEuX5GLl34yxeSasd+LZoL3pVptkLpN
+S3VOGwk3OyNb37gIiceg1jv6PvixCBim7iUCJbLFQ+71A4KeOaCC0CNJ6/6+Po96
+o4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFI7h8hMS0ODEKeop5D2UK+wNBI+8
+ME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIwEAYDVQQD
+DAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQMMAoGCCsG
+AQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAfQs/9lgJ8oqN
+Dh5Qyegx8I8K9WVmVdPdLF1C1A+lAu1qd+EdOcVGHKU4F4kT8c3r/7ilPemFb9KW
+m/ShCWwbhEBwGSvhrJHC378JpE/EMUT+K6VgOJeoswGqOUN0kLXG/IVjJp9/VLre
+SrGubYUANU0Vn50Q9L+7Z0V+xqvufq2SSrTodmW+lEBaZ4OrbNn5fUC9cIcfFE3r
+VlClw35Ks0K1lf74f5vGwIEEYv2U79rdFwGgkxSAMVqi+seMLXzfi0DVXM5fqJ+f
+SE9JSdzMN373VYR0is1oFWCL6Ep1PoPLM75F4aF2Uhq5CTQ4r26vmONt7cIkl94I
+g2vVRZ6ROg==
+-----END CERTIFICATE-----
+</cert>
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBaXJvFX1ve+n9RXR/s
+FyOJij1AEAhcbzj6Vg0PXekMwOSAkRsAltTXYM3nAaRK93OhZANiAARu1/wpqCNw
+KElwgvQaT/zoWtMQhO8KWdk+MS5fkYuXfjLF5Jqx34tmgvelWm2Quk1LdU4bCTc7
+I1vfuAiJx6DWO/o++LEIGKbuJQIlssVD7vUDgp45oILQI0nr/r4+j3o=
+-----END PRIVATE KEY-----
+</key>
+<tls-crypt>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+4c828cbf0e58f927758e9471c1b6f03b
+2e77b2c634bad76df0570dd8f47184d6
+3921e25c6e6cbe4af4b64aad89d12425
+a9fca69ae08802b5ed583632c26678b0
+cc28c481c3831d1b2204dc30cd466395
+ccb8cd82cd2259c956b510c9a56e842a
+8693c44dca462f0ab7be3856abe9bbe1
+95a6ffd3b0237225b9497c7a0df05ad8
+2f2e0a8bff97c927d2890906d0105947
+fa3430fc779583772382534fb880add6
+8d5592fa4ff384d3e96c560019b5835f
+095da9b2fb33dbfbc1ffce9560908271
+ee96e02ccecc9d51b9dda79a77704a1d
+4407d7c805e6950854fe232adee02a12
+b09af2d9bfe04868a9e2e942dc64eb81
+9e062ab9f781e52d263195a58db72ebe
+-----END OpenVPN Static key V1-----
+</tls-crypt>
diff --git a/OpenVPN/-=Expired=-/remoteclient.ovpn b/OpenVPN/-=Expired=-/remoteclient.ovpn
new file mode 100644
index 0000000..99d7139
--- /dev/null
+++ b/OpenVPN/-=Expired=-/remoteclient.ovpn
@@ -0,0 +1,269 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.yultek.dev 1194
+;remote 138.197.151.172 1194
+;remote my-server-2 1194
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+;user nobody
+;group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certificate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+#   digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+#   serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the data-ciphers option in the manpage
+cipher AES-256-GCM
+auth SHA256
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+key-direction 1
+
+
+; script-security 2
+; up /etc/openvpn/update-resolv-conf
+; down /etc/openvpn/update-resolv-conf
+
+
+; script-security 2
+; up /etc/openvpn/update-systemd-resolved
+; down /etc/openvpn/update-systemd-resolved
+; down-pre
+; dhcp-option DOMAIN-ROUTE .
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDRTCCAi2gAwIBAgIUXe37kz2yqgyL2xXfvaGRzlz7ywYwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDIyMDIyMDkyMVoXDTMzMDIx
+NzIyMDkyMVowFDESMBAGA1UEAwwJSkZfc2VydmVyMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAnLdVAj0W31TtWGxwdBeqsdIHyUdVAEG8bX+CcNZDP3M3
+R/gJOmenjqsqHYBe5gZcky1hkqWaD7l/LNmyzZDZ1lVEWpcAZqxbsUZKiHU30bxq
+84L5qtaAOpwTsumidq2hBqoDBMdBmh18e0QEW624mui7ckXTRRG3PA0ccXtXcTYU
+ntmhYtQ2oaPauSmfJZIUfZTfVZbB8FkCgu+zJtCx5hq46vIHm8KX0m1zLIeUtGsI
+hkly+5v52f3sEMlddyoZZkfjRddETk2co09q3oNaP1LYxN5G+TvZDhpdE+PrDsNT
+wO4uU2d9hVIP3T49heLieZ6KVxyp1FsDYzo0CNlIDwIDAQABo4GOMIGLMB0GA1Ud
+DgQWBBSKeJDl8FDnjHXkuMCh6OmbshqdMjBPBgNVHSMESDBGgBSKeJDl8FDnjHXk
+uMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJSkZfc2VydmVyghRd7fuTPbKqDIvb
+Fd+9oZHOXPvLBjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
+AQsFAAOCAQEARIg2x4Tit/6ZydMlle6ku32t75OMCVQoe7fUkRjNe8pCkZjZXLy9
+QIRwoqW3FRT8+mQjctZk3NsyLStF8Rc/fFvpjGY/hiEQ/RV1K2/IZ9hcswp/LRzQ
+ElDwXhe4zlcDT10GjHYYx221SR+ijgicZcaXgb9f3uZKIrPgyb8qB4KCQS8gPtCV
+1VmPM5/svVCI93G+xT92XBHa47fgV5GEn7Snah2UgFol5h7/KX/Sa2q0pfBlzqmt
+CutfEbYcwSxkoLsEUIW8KMoEAIsO+KIsraS6EXlRdT82Ui+UZWVPZABlzifCl+AV
+LzBrLwt2OeoEI1h65EyzzE7gDsjrE3JR/Q==
+-----END CERTIFICATE-----
+</ca>
+<cert>
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            d1:ae:61:45:8e:84:e3:8e:5b:92:3f:aa:bb:81:9d:59
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=JF_server
+        Validity
+            Not Before: Feb 23 20:30:31 2023 GMT
+            Not After : May 28 20:30:31 2025 GMT
+        Subject: CN=remoteclient
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (384 bit)
+                pub:
+                    04:65:e9:86:35:01:c3:d7:0e:16:3d:89:90:3c:cb:
+                    a0:5f:d2:04:f7:b6:32:84:1e:a0:dc:6a:1d:16:a0:
+                    6f:47:a3:b5:7d:4c:39:bd:d0:70:18:34:e8:16:67:
+                    d4:5b:4c:ca:ce:ea:f0:75:5f:55:72:09:4b:f5:dd:
+                    80:f1:d5:db:e6:26:09:e4:34:3b:ca:89:f3:3a:40:
+                    91:31:14:c6:ff:06:8d:8e:f9:ba:8f:47:df:40:41:
+                    f4:6b:84:f8:e5:e8:70
+                ASN1 OID: secp384r1
+                NIST CURVE: P-384
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                23:F8:BF:EB:8E:A3:77:B3:2B:6A:FA:16:7A:39:B2:C2:47:31:9F:76
+            X509v3 Authority Key Identifier: 
+                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
+                DirName:/CN=JF_server
+                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        27:af:ff:e0:98:8e:d1:6c:39:d7:40:97:df:ea:5a:fc:57:31:
+        a2:92:0c:d3:4c:4b:74:22:9e:47:01:9b:0f:e0:a4:6c:dc:ef:
+        14:b7:93:0f:99:93:ec:c9:96:dc:51:58:d3:ac:eb:f1:10:48:
+        ba:96:54:25:32:2a:89:66:cb:ca:13:b4:75:cc:4e:2a:5d:7c:
+        bb:b9:15:28:c0:32:59:f0:66:e5:fe:d8:14:14:2c:fb:df:6e:
+        1e:b6:53:c9:f0:77:68:54:b9:21:4b:0c:a4:d6:bc:4d:c2:a3:
+        de:d0:9f:ef:67:68:3e:c6:d4:da:d5:6c:92:80:cf:2e:8d:04:
+        59:c8:39:9f:22:4a:04:28:3e:e8:cf:02:73:73:a6:59:d4:e5:
+        9c:77:55:41:00:5c:c2:23:61:df:44:5c:ad:a8:bc:15:57:2d:
+        ae:89:99:a7:33:8f:d3:75:02:21:91:f6:38:34:23:68:70:8f:
+        99:0f:53:27:6d:52:9a:9b:f3:62:cf:20:bc:f5:91:41:78:fc:
+        92:09:2f:3e:bb:2d:9b:69:39:7f:c4:b1:a8:62:64:27:3f:27:
+        2d:16:c4:3e:0d:51:c9:f7:4f:40:f0:fd:55:a9:44:36:31:59:
+        b7:08:6a:3c:28:31:8a:43:c0:b9:05:44:75:48:6d:94:24:c6:
+        b2:fc:f7:33
+-----BEGIN CERTIFICATE-----
+MIICqTCCAZGgAwIBAgIRANGuYUWOhOOOW5I/qruBnVkwDQYJKoZIhvcNAQELBQAw
+FDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDIyMzIwMzAzMVoXDTI1MDUyODIw
+MzAzMVowFzEVMBMGA1UEAwwMcmVtb3RlY2xpZW50MHYwEAYHKoZIzj0CAQYFK4EE
+ACIDYgAEZemGNQHD1w4WPYmQPMugX9IE97YyhB6g3GodFqBvR6O1fUw5vdBwGDTo
+FmfUW0zKzurwdV9VcglL9d2A8dXb5iYJ5DQ7yonzOkCRMRTG/waNjvm6j0ffQEH0
+a4T45ehwo4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFCP4v+uOo3ezK2r6Fno5
+ssJHMZ92ME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIw
+EAYDVQQDDAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQM
+MAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAJ6//
+4JiO0Ww510CX3+pa/FcxopIM00xLdCKeRwGbD+CkbNzvFLeTD5mT7MmW3FFY06zr
+8RBIupZUJTIqiWbLyhO0dcxOKl18u7kVKMAyWfBm5f7YFBQs+99uHrZTyfB3aFS5
+IUsMpNa8TcKj3tCf72doPsbU2tVskoDPLo0EWcg5nyJKBCg+6M8Cc3OmWdTlnHdV
+QQBcwiNh30Rcrai8FVctromZpzOP03UCIZH2ODQjaHCPmQ9TJ21SmpvzYs8gvPWR
+QXj8kgkvPrstm2k5f8SxqGJkJz8nLRbEPg1RyfdPQPD9ValENjFZtwhqPCgxikPA
+uQVEdUhtlCTGsvz3Mw==
+-----END CERTIFICATE-----
+</cert>
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBTe+pBwBZIEMj0jszW
+fZEx67ft6630EHlFhaCHTXW9Nw25eDC2kfm2xwbjb093E++hZANiAARl6YY1AcPX
+DhY9iZA8y6Bf0gT3tjKEHqDcah0WoG9Ho7V9TDm90HAYNOgWZ9RbTMrO6vB1X1Vy
+CUv13YDx1dvmJgnkNDvKifM6QJExFMb/Bo2O+bqPR99AQfRrhPjl6HA=
+-----END PRIVATE KEY-----
+</key>
+<tls-crypt>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+4c828cbf0e58f927758e9471c1b6f03b
+2e77b2c634bad76df0570dd8f47184d6
+3921e25c6e6cbe4af4b64aad89d12425
+a9fca69ae08802b5ed583632c26678b0
+cc28c481c3831d1b2204dc30cd466395
+ccb8cd82cd2259c956b510c9a56e842a
+8693c44dca462f0ab7be3856abe9bbe1
+95a6ffd3b0237225b9497c7a0df05ad8
+2f2e0a8bff97c927d2890906d0105947
+fa3430fc779583772382534fb880add6
+8d5592fa4ff384d3e96c560019b5835f
+095da9b2fb33dbfbc1ffce9560908271
+ee96e02ccecc9d51b9dda79a77704a1d
+4407d7c805e6950854fe232adee02a12
+b09af2d9bfe04868a9e2e942dc64eb81
+9e062ab9f781e52d263195a58db72ebe
+-----END OpenVPN Static key V1-----
+</tls-crypt>
diff --git a/OpenVPN/-=Expired=-/stationKA2401.ovpn b/OpenVPN/-=Expired=-/stationKA2401.ovpn
new file mode 100644
index 0000000..a5dd8f2
--- /dev/null
+++ b/OpenVPN/-=Expired=-/stationKA2401.ovpn
@@ -0,0 +1,269 @@
+##############################################
+# Sample client-side OpenVPN 2.0 config file #
+# for connecting to multi-client server.     #
+#                                            #
+# This configuration can be used by multiple #
+# clients, however each client should have   #
+# its own cert and key files.                #
+#                                            #
+# On Windows, you might want to rename this  #
+# file so it has a .ovpn extension           #
+##############################################
+
+# Specify that we are a client and that we
+# will be pulling certain config file directives
+# from the server.
+client
+
+# Use the same setting as you are using on
+# the server.
+# On most systems, the VPN will not function
+# unless you partially or fully disable
+# the firewall for the TUN/TAP interface.
+;dev tap
+dev tun
+
+# Windows needs the TAP-Win32 adapter name
+# from the Network Connections panel
+# if you have more than one.  On XP SP2,
+# you may need to disable the firewall
+# for the TAP adapter.
+;dev-node MyTap
+
+# Are we connecting to a TCP or
+# UDP server?  Use the same setting as
+# on the server.
+;proto tcp
+proto udp
+
+# The hostname/IP and port of the server.
+# You can have multiple remote entries
+# to load balance between the servers.
+remote vpn.yultek.dev 1194
+;remote 138.197.151.172 1194
+;remote my-server-2 1194
+
+# Choose a random host from the remote
+# list for load-balancing.  Otherwise
+# try hosts in the order specified.
+;remote-random
+
+# Keep trying indefinitely to resolve the
+# host name of the OpenVPN server.  Very useful
+# on machines which are not permanently connected
+# to the internet such as laptops.
+resolv-retry infinite
+
+# Most clients don't need to bind to
+# a specific local port number.
+nobind
+
+# Downgrade privileges after initialization (non-Windows only)
+;user nobody
+;group nobody
+
+# Try to preserve some state across restarts.
+persist-key
+persist-tun
+
+# If you are connecting through an
+# HTTP proxy to reach the actual OpenVPN
+# server, put the proxy server/IP and
+# port number here.  See the man page
+# if your proxy server requires
+# authentication.
+;http-proxy-retry # retry on connection failures
+;http-proxy [proxy server] [proxy port #]
+
+# Wireless networks often produce a lot
+# of duplicate packets.  Set this flag
+# to silence duplicate packet warnings.
+;mute-replay-warnings
+
+# SSL/TLS parms.
+# See the server config file for more
+# description.  It's best to use
+# a separate .crt/.key file pair
+# for each client.  A single ca
+# file can be used for all clients.
+;ca ca.crt
+;cert client.crt
+;key client.key
+
+# Verify server certificate by checking that the
+# certificate has the correct key usage set.
+# This is an important precaution to protect against
+# a potential attack discussed here:
+#  http://openvpn.net/howto.html#mitm
+#
+# To use this feature, you will need to generate
+# your server certificates with the keyUsage set to
+#   digitalSignature, keyEncipherment
+# and the extendedKeyUsage to
+#   serverAuth
+# EasyRSA can do this for you.
+remote-cert-tls server
+
+# If a tls-auth key is used on the server
+# then every client must also have the key.
+;tls-auth ta.key 1
+
+# Select a cryptographic cipher.
+# If the cipher option is used on the server
+# then you must also specify it here.
+# Note that v2.4 client/server will automatically
+# negotiate AES-256-GCM in TLS mode.
+# See also the data-ciphers option in the manpage
+cipher AES-256-GCM
+auth SHA256
+
+# Enable compression on the VPN link.
+# Don't enable this unless it is also
+# enabled in the server config file.
+#comp-lzo
+
+# Set log file verbosity.
+verb 3
+
+# Silence repeating messages
+;mute 20
+
+key-direction 1
+
+
+; script-security 2
+; up /etc/openvpn/update-resolv-conf
+; down /etc/openvpn/update-resolv-conf
+
+
+; script-security 2
+; up /etc/openvpn/update-systemd-resolved
+; down /etc/openvpn/update-systemd-resolved
+; down-pre
+; dhcp-option DOMAIN-ROUTE .
+<ca>
+-----BEGIN CERTIFICATE-----
+MIIDRTCCAi2gAwIBAgIUXe37kz2yqgyL2xXfvaGRzlz7ywYwDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDIyMDIyMDkyMVoXDTMzMDIx
+NzIyMDkyMVowFDESMBAGA1UEAwwJSkZfc2VydmVyMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAnLdVAj0W31TtWGxwdBeqsdIHyUdVAEG8bX+CcNZDP3M3
+R/gJOmenjqsqHYBe5gZcky1hkqWaD7l/LNmyzZDZ1lVEWpcAZqxbsUZKiHU30bxq
+84L5qtaAOpwTsumidq2hBqoDBMdBmh18e0QEW624mui7ckXTRRG3PA0ccXtXcTYU
+ntmhYtQ2oaPauSmfJZIUfZTfVZbB8FkCgu+zJtCx5hq46vIHm8KX0m1zLIeUtGsI
+hkly+5v52f3sEMlddyoZZkfjRddETk2co09q3oNaP1LYxN5G+TvZDhpdE+PrDsNT
+wO4uU2d9hVIP3T49heLieZ6KVxyp1FsDYzo0CNlIDwIDAQABo4GOMIGLMB0GA1Ud
+DgQWBBSKeJDl8FDnjHXkuMCh6OmbshqdMjBPBgNVHSMESDBGgBSKeJDl8FDnjHXk
+uMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJSkZfc2VydmVyghRd7fuTPbKqDIvb
+Fd+9oZHOXPvLBjAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0B
+AQsFAAOCAQEARIg2x4Tit/6ZydMlle6ku32t75OMCVQoe7fUkRjNe8pCkZjZXLy9
+QIRwoqW3FRT8+mQjctZk3NsyLStF8Rc/fFvpjGY/hiEQ/RV1K2/IZ9hcswp/LRzQ
+ElDwXhe4zlcDT10GjHYYx221SR+ijgicZcaXgb9f3uZKIrPgyb8qB4KCQS8gPtCV
+1VmPM5/svVCI93G+xT92XBHa47fgV5GEn7Snah2UgFol5h7/KX/Sa2q0pfBlzqmt
+CutfEbYcwSxkoLsEUIW8KMoEAIsO+KIsraS6EXlRdT82Ui+UZWVPZABlzifCl+AV
+LzBrLwt2OeoEI1h65EyzzE7gDsjrE3JR/Q==
+-----END CERTIFICATE-----
+</ca>
+<cert>
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            78:5e:57:99:93:be:f2:47:da:cc:6c:8e:0d:71:3d:f8
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: CN=JF_server
+        Validity
+            Not Before: May  5 13:33:22 2024 GMT
+            Not After : Aug  8 13:33:22 2026 GMT
+        Subject: CN=stationKA2401
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (384 bit)
+                pub:
+                    04:8f:4f:26:6b:af:cb:49:0b:74:3e:65:aa:0e:9a:
+                    9a:57:99:b1:f6:bf:dc:74:ae:d6:72:ed:d3:a8:04:
+                    2f:a8:a0:43:63:f6:c8:e2:cd:dc:d8:fd:bf:69:93:
+                    09:d7:bd:11:ab:d9:c5:ae:20:bc:00:ac:d7:ad:ea:
+                    fb:c0:1e:44:6f:ba:20:63:9d:32:f7:38:8f:c0:d7:
+                    bf:b4:23:15:16:4d:84:59:13:d5:4b:de:9e:7b:46:
+                    d3:ce:ba:5d:d9:53:c4
+                ASN1 OID: secp384r1
+                NIST CURVE: P-384
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                68:18:F5:54:75:30:27:4D:B5:96:D3:34:8E:1C:3B:58:1E:BC:1B:78
+            X509v3 Authority Key Identifier: 
+                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
+                DirName:/CN=JF_server
+                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        67:97:34:79:07:29:c3:cd:a6:7c:86:82:aa:94:0b:ca:69:ef:
+        79:5e:a6:35:97:c3:31:07:9f:cd:aa:89:95:e3:b1:26:4b:e9:
+        88:50:1f:3e:10:eb:d2:82:c5:6e:56:18:1e:ff:72:60:c1:de:
+        11:af:b8:e6:b6:bb:de:7d:52:f5:ba:1b:9b:4e:49:b2:05:25:
+        0a:e9:8a:f8:85:f7:0e:c8:db:fd:c4:b9:e9:a9:6f:85:0a:cb:
+        63:a3:d0:a7:77:e0:7f:ff:34:29:90:80:66:a7:8d:80:6a:bf:
+        23:74:80:77:ad:53:2d:5e:f6:02:d1:05:3f:9f:fa:17:11:8f:
+        7f:b4:a5:44:74:2b:57:1e:4b:7e:29:c8:95:48:a6:3a:fc:ae:
+        82:c2:7b:b2:26:4f:92:d5:af:73:71:30:8e:b6:b9:6a:f2:b0:
+        00:df:44:a2:3f:cd:4a:45:7e:ed:43:4b:d4:0e:07:25:94:37:
+        e0:5d:8d:0b:1b:fb:76:07:d0:41:da:c9:f3:19:fa:28:8b:46:
+        df:5a:19:82:ee:1e:e0:1a:be:39:c1:a9:65:b1:02:92:32:96:
+        2c:7e:3f:4e:ce:9e:b0:66:57:b4:74:2c:98:de:13:da:b2:27:
+        e5:7a:5b:30:df:3e:46:1b:6c:92:53:6f:c6:0e:88:6f:0d:ae:
+        89:ca:ea:ea
+-----BEGIN CERTIFICATE-----
+MIICqTCCAZGgAwIBAgIQeF5XmZO+8kfazGyODXE9+DANBgkqhkiG9w0BAQsFADAU
+MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjQwNTA1MTMzMzIyWhcNMjYwODA4MTMz
+MzIyWjAYMRYwFAYDVQQDDA1zdGF0aW9uS0EyNDAxMHYwEAYHKoZIzj0CAQYFK4EE
+ACIDYgAEj08ma6/LSQt0PmWqDpqaV5mx9r/cdK7Wcu3TqAQvqKBDY/bI4s3c2P2/
+aZMJ170Rq9nFriC8AKzXrer7wB5Eb7ogY50y9ziPwNe/tCMVFk2EWRPVS96ee0bT
+zrpd2VPEo4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFGgY9VR1MCdNtZbTNI4c
+O1gevBt4ME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIw
+EAYDVQQDDAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQM
+MAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAZ5c0
+eQcpw82mfIaCqpQLymnveV6mNZfDMQefzaqJleOxJkvpiFAfPhDr0oLFblYYHv9y
+YMHeEa+45ra73n1S9bobm05JsgUlCumK+IX3Dsjb/cS56alvhQrLY6PQp3fgf/80
+KZCAZqeNgGq/I3SAd61TLV72AtEFP5/6FxGPf7SlRHQrVx5LfinIlUimOvyugsJ7
+siZPktWvc3Ewjra5avKwAN9Eoj/NSkV+7UNL1A4HJZQ34F2NCxv7dgfQQdrJ8xn6
+KItG31oZgu4e4Bq+OcGpZbECkjKWLH4/Ts6esGZXtHQsmN4T2rIn5XpbMN8+Rhts
+klNvxg6Ibw2uicrq6g==
+-----END CERTIFICATE-----
+</cert>
+<key>
+-----BEGIN PRIVATE KEY-----
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCqirzGpSX6ei53uFLm
+GTcOHVuwJL0ut2FF+GghDE9CAc/up9n1u8xmfvI0/KEueYehZANiAASPTyZrr8tJ
+C3Q+ZaoOmppXmbH2v9x0rtZy7dOoBC+ooENj9sjizdzY/b9pkwnXvRGr2cWuILwA
+rNet6vvAHkRvuiBjnTL3OI/A17+0IxUWTYRZE9VL3p57RtPOul3ZU8Q=
+-----END PRIVATE KEY-----
+</key>
+<tls-crypt>
+#
+# 2048 bit OpenVPN static key
+#
+-----BEGIN OpenVPN Static key V1-----
+4c828cbf0e58f927758e9471c1b6f03b
+2e77b2c634bad76df0570dd8f47184d6
+3921e25c6e6cbe4af4b64aad89d12425
+a9fca69ae08802b5ed583632c26678b0
+cc28c481c3831d1b2204dc30cd466395
+ccb8cd82cd2259c956b510c9a56e842a
+8693c44dca462f0ab7be3856abe9bbe1
+95a6ffd3b0237225b9497c7a0df05ad8
+2f2e0a8bff97c927d2890906d0105947
+fa3430fc779583772382534fb880add6
+8d5592fa4ff384d3e96c560019b5835f
+095da9b2fb33dbfbc1ffce9560908271
+ee96e02ccecc9d51b9dda79a77704a1d
+4407d7c805e6950854fe232adee02a12
+b09af2d9bfe04868a9e2e942dc64eb81
+9e062ab9f781e52d263195a58db72ebe
+-----END OpenVPN Static key V1-----
+</tls-crypt>
diff --git a/OpenVPN/CA Server/easy-rsa/pki/issued/DO_server.crt b/OpenVPN/CA Server/easy-rsa/pki/issued/DO_server.crt
deleted file mode 100644
index c923f63..0000000
--- a/OpenVPN/CA Server/easy-rsa/pki/issued/DO_server.crt	
+++ /dev/null
@@ -1,73 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            7a:06:6f:b2:ed:70:56:f4:94:70:7b:b1:7b:dc:be:73
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=JF_server
-        Validity
-            Not Before: Feb 20 22:27:55 2023 GMT
-            Not After : May 25 22:27:55 2025 GMT
-        Subject: CN=DO_server
-        Subject Public Key Info:
-            Public Key Algorithm: id-ecPublicKey
-                Public-Key: (384 bit)
-                pub:
-                    04:2e:0a:88:e2:03:ad:14:3a:ee:00:51:96:3e:f5:
-                    ec:24:cb:d6:5b:8d:d6:5d:0f:df:92:08:97:19:db:
-                    b0:8d:c2:9d:d6:c6:a2:59:2e:94:d4:d9:d0:10:f8:
-                    cd:d9:3c:90:80:e8:61:88:9a:be:ac:f8:ce:d2:44:
-                    7f:21:98:ff:d7:53:48:26:d6:18:6f:8f:0d:61:d3:
-                    36:f6:20:30:18:67:66:61:f7:25:da:ee:76:f5:ab:
-                    16:cb:fd:40:52:95:3c
-                ASN1 OID: secp384r1
-                NIST CURVE: P-384
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                DF:EE:7B:FF:0B:6D:D0:D9:44:84:A9:FA:00:F6:A6:AB:D9:A4:D2:4F
-            X509v3 Authority Key Identifier: 
-                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
-                DirName:/CN=JF_server
-                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
-            X509v3 Extended Key Usage: 
-                TLS Web Server Authentication
-            X509v3 Key Usage: 
-                Digital Signature, Key Encipherment
-            X509v3 Subject Alternative Name: 
-                DNS:DO_server
-    Signature Algorithm: sha256WithRSAEncryption
-    Signature Value:
-        2f:00:b3:78:70:fe:01:fc:cb:49:5d:8c:94:0a:fa:ed:91:63:
-        28:cc:a0:27:09:11:fd:ed:31:50:ef:d4:01:ba:1c:29:77:60:
-        01:2d:dd:7a:cd:ee:26:a1:1d:35:c9:08:b6:39:73:64:30:f7:
-        c0:21:8d:d3:36:28:7d:47:e4:92:8a:c4:23:a1:50:97:e3:2e:
-        5b:6c:a5:ce:87:80:c5:6e:a3:d0:56:79:2e:e8:c1:50:e2:28:
-        ec:31:14:fc:a4:82:29:9a:78:56:d2:07:7f:f9:7f:78:59:01:
-        74:ce:0e:49:cc:cb:8b:43:6b:50:d4:79:b2:9b:8d:d7:49:ac:
-        a4:63:e1:3b:2f:e7:41:89:b8:fe:65:84:f7:f3:bf:77:55:78:
-        c1:66:ac:27:d5:42:54:3b:a2:c3:ff:5d:1a:f5:db:8b:f0:3b:
-        23:05:23:c5:79:d7:00:db:60:03:51:60:79:4d:72:81:78:55:
-        11:55:95:9b:44:a0:21:b9:f4:85:2f:83:ce:03:67:ba:d3:80:
-        45:7e:cd:c5:0c:51:f4:03:56:30:cf:d7:e6:1f:ec:1f:8c:38:
-        29:cf:94:39:f7:c2:f6:21:0b:cf:33:3b:ba:05:5f:74:34:20:
-        da:e3:ec:50:f9:d4:3a:55:7e:cd:91:f2:bf:4e:fd:50:40:f3:
-        89:10:37:20
------BEGIN CERTIFICATE-----
-MIICuzCCAaOgAwIBAgIQegZvsu1wVvSUcHuxe9y+czANBgkqhkiG9w0BAQsFADAU
-MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjMwMjIwMjIyNzU1WhcNMjUwNTI1MjIy
-NzU1WjAUMRIwEAYDVQQDDAlET19zZXJ2ZXIwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
-AAQuCojiA60UOu4AUZY+9ewky9ZbjdZdD9+SCJcZ27CNwp3WxqJZLpTU2dAQ+M3Z
-PJCA6GGImr6s+M7SRH8hmP/XU0gm1hhvjw1h0zb2IDAYZ2Zh9yXa7nb1qxbL/UBS
-lTyjgbYwgbMwCQYDVR0TBAIwADAdBgNVHQ4EFgQU3+57/wtt0NlEhKn6APamq9mk
-0k8wTwYDVR0jBEgwRoAUiniQ5fBQ54x15LjAoejpm7IanTKhGKQWMBQxEjAQBgNV
-BAMMCUpGX3NlcnZlcoIUXe37kz2yqgyL2xXfvaGRzlz7ywYwEwYDVR0lBAwwCgYI
-KwYBBQUHAwEwCwYDVR0PBAQDAgWgMBQGA1UdEQQNMAuCCURPX3NlcnZlcjANBgkq
-hkiG9w0BAQsFAAOCAQEALwCzeHD+AfzLSV2MlAr67ZFjKMygJwkR/e0xUO/UAboc
-KXdgAS3des3uJqEdNckItjlzZDD3wCGN0zYofUfkkorEI6FQl+MuW2ylzoeAxW6j
-0FZ5LujBUOIo7DEU/KSCKZp4VtIHf/l/eFkBdM4OSczLi0NrUNR5spuN10mspGPh
-Oy/nQYm4/mWE9/O/d1V4wWasJ9VCVDuiw/9dGvXbi/A7IwUjxXnXANtgA1FgeU1y
-gXhVEVWVm0SgIbn0hS+DzgNnutOARX7NxQxR9ANWMM/X5h/sH4w4Kc+UOffC9iEL
-zzM7ugVfdDQg2uPsUPnUOlV+zZHyv079UEDziRA3IA==
------END CERTIFICATE-----
diff --git a/OpenVPN/CA Server/easy-rsa/pki/issued/Otarcik202501.crt b/OpenVPN/CA Server/easy-rsa/pki/issued/Otarcik202501.crt
deleted file mode 100644
index 7c28581..0000000
--- a/OpenVPN/CA Server/easy-rsa/pki/issued/Otarcik202501.crt	
+++ /dev/null
@@ -1,71 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            44:e3:12:88:c3:8e:16:32:f4:1e:bb:13:ca:4d:4c:8d
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=JF_server
-        Validity
-            Not Before: Jan 18 20:53:00 2025 GMT
-            Not After : Apr 23 20:53:00 2027 GMT
-        Subject: CN=Otarcik202501
-        Subject Public Key Info:
-            Public Key Algorithm: id-ecPublicKey
-                Public-Key: (384 bit)
-                pub:
-                    04:40:90:47:89:d8:ec:72:20:95:c0:fb:8d:b7:10:
-                    fc:52:1d:9b:ad:c1:65:91:e4:45:d5:0f:02:b0:31:
-                    8e:55:b7:fa:31:9a:a6:5a:1f:e0:85:cd:e2:21:9d:
-                    3c:95:7f:ad:80:f2:d1:63:e7:41:7d:e4:87:97:7e:
-                    a4:d1:e7:d2:c9:3d:3b:66:9f:52:fe:11:72:d3:d7:
-                    de:b9:f7:41:d5:7b:32:2b:01:94:4c:71:cb:ff:65:
-                    76:67:3e:ae:1a:4e:4f
-                ASN1 OID: secp384r1
-                NIST CURVE: P-384
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                27:9B:8A:B2:AB:54:28:C6:F2:23:81:99:3D:AB:D5:4C:25:8D:95:0B
-            X509v3 Authority Key Identifier: 
-                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
-                DirName:/CN=JF_server
-                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature
-    Signature Algorithm: sha256WithRSAEncryption
-    Signature Value:
-        5a:57:76:c3:9d:0e:55:d1:61:1d:43:2b:21:7c:ec:59:c0:07:
-        bf:76:f1:e6:c4:1b:3d:19:82:b0:b2:02:74:4c:d5:f2:7c:ba:
-        33:f4:24:d8:68:6f:29:fe:85:f9:be:ee:90:42:04:c5:25:15:
-        78:7e:8f:86:ef:ea:4d:15:d1:a5:dc:29:a4:50:99:74:a4:74:
-        53:ee:3f:6c:c3:a9:b9:af:e0:a3:e2:33:6a:4a:aa:20:21:92:
-        bc:e5:57:86:5b:53:c7:68:b8:05:43:c8:10:d7:06:68:58:9f:
-        c4:2a:51:50:f5:dd:7c:ae:e4:80:59:5a:55:83:e4:88:58:be:
-        be:8d:68:fe:7a:7a:95:fe:7d:67:f6:03:d5:09:4d:3d:11:24:
-        6d:03:33:40:5e:65:a2:c6:77:28:a0:60:aa:ea:df:08:31:7f:
-        d8:1f:94:8a:4e:2c:80:bc:8f:70:40:d3:14:72:a9:cd:9c:1f:
-        ef:b4:5d:a9:e6:65:49:fb:f7:e2:b3:ea:ce:59:c3:45:7d:05:
-        ca:16:fc:2b:ff:d9:fc:2d:c9:75:36:d4:60:a3:b7:03:5b:92:
-        85:0a:3a:e1:50:8a:39:6b:d3:d5:4b:61:58:c6:2d:fe:96:b0:
-        9d:26:6b:6d:d7:20:af:91:47:27:1f:13:61:34:33:f7:8a:16:
-        bd:da:ee:44
------BEGIN CERTIFICATE-----
-MIICqTCCAZGgAwIBAgIQROMSiMOOFjL0HrsTyk1MjTANBgkqhkiG9w0BAQsFADAU
-MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjUwMTE4MjA1MzAwWhcNMjcwNDIzMjA1
-MzAwWjAYMRYwFAYDVQQDDA1PdGFyY2lrMjAyNTAxMHYwEAYHKoZIzj0CAQYFK4EE
-ACIDYgAEQJBHidjsciCVwPuNtxD8Uh2brcFlkeRF1Q8CsDGOVbf6MZqmWh/ghc3i
-IZ08lX+tgPLRY+dBfeSHl36k0efSyT07Zp9S/hFy09feufdB1XsyKwGUTHHL/2V2
-Zz6uGk5Po4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFCebirKrVCjG8iOBmT2r
-1UwljZULME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIw
-EAYDVQQDDAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQM
-MAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAWld2
-w50OVdFhHUMrIXzsWcAHv3bx5sQbPRmCsLICdEzV8ny6M/Qk2GhvKf6F+b7ukEIE
-xSUVeH6Phu/qTRXRpdwppFCZdKR0U+4/bMOpua/go+IzakqqICGSvOVXhltTx2i4
-BUPIENcGaFifxCpRUPXdfK7kgFlaVYPkiFi+vo1o/np6lf59Z/YD1QlNPREkbQMz
-QF5losZ3KKBgqurfCDF/2B+Uik4sgLyPcEDTFHKpzZwf77RdqeZlSfv34rPqzlnD
-RX0Fyhb8K//Z/C3JdTbUYKO3A1uShQo64VCKOWvT1UthWMYt/pawnSZrbdcgr5FH
-Jx8TYTQz94oWvdruRA==
------END CERTIFICATE-----
diff --git a/OpenVPN/CA Server/easy-rsa/pki/issued/edgerouterchambly.crt b/OpenVPN/CA Server/easy-rsa/pki/issued/edgerouterchambly.crt
deleted file mode 100644
index 76e8338..0000000
--- a/OpenVPN/CA Server/easy-rsa/pki/issued/edgerouterchambly.crt	
+++ /dev/null
@@ -1,71 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            35:09:16:22:41:a8:78:05:b5:72:26:31:6e:c3:94:02
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=JF_server
-        Validity
-            Not Before: Jul  3 19:11:30 2023 GMT
-            Not After : Oct  5 19:11:30 2025 GMT
-        Subject: CN=edgerouterchambly
-        Subject Public Key Info:
-            Public Key Algorithm: id-ecPublicKey
-                Public-Key: (384 bit)
-                pub:
-                    04:0e:fd:1c:60:83:5f:a7:64:79:a0:35:74:df:c0:
-                    63:68:c5:3c:b1:02:95:a9:73:58:a9:a3:74:cc:d8:
-                    5b:d8:7a:ab:aa:d3:1f:41:2d:68:86:bd:2f:e3:6c:
-                    73:b5:e8:01:73:b4:12:f4:71:dd:dd:cb:9b:4e:b0:
-                    f1:d4:04:00:d1:60:cf:fe:ea:3c:a5:f2:ae:ee:aa:
-                    45:a3:21:71:e5:d2:b7:f0:22:30:c4:d4:27:58:79:
-                    96:6c:f0:5c:ba:96:19
-                ASN1 OID: secp384r1
-                NIST CURVE: P-384
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                C1:2A:D4:21:E9:F3:08:CB:87:23:CC:2D:52:A3:DF:8F:BB:CF:BB:5A
-            X509v3 Authority Key Identifier: 
-                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
-                DirName:/CN=JF_server
-                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature
-    Signature Algorithm: sha256WithRSAEncryption
-    Signature Value:
-        2e:c6:3c:76:fd:64:a8:ab:c7:02:86:e8:80:d5:a6:8b:2f:ed:
-        be:70:cd:96:23:a5:86:1f:19:0c:72:7b:0b:ec:d2:58:ad:39:
-        1d:ee:63:52:55:a3:f2:47:87:12:56:ad:cd:a1:ed:0d:ed:27:
-        55:4c:9b:47:cf:e8:d7:a2:70:d7:8a:d2:60:7e:57:b4:02:0d:
-        96:46:57:9d:f9:05:cf:f1:91:5c:1e:e2:a7:79:e1:5b:fe:46:
-        7a:1b:ab:bb:c0:0a:a5:70:68:83:88:1a:62:8a:36:4c:98:9c:
-        85:31:40:6b:ad:a7:11:d3:a3:cb:d9:8a:f3:e8:d4:2c:bd:8a:
-        66:57:ca:bb:ad:d9:b1:cf:6a:83:88:e3:5e:a4:2e:5b:7e:50:
-        26:16:5c:34:cd:6c:9b:35:d9:61:ef:63:87:7c:2a:2d:f0:dd:
-        ce:ab:9d:7e:14:46:98:d9:cb:9a:68:91:fb:a3:59:85:91:d5:
-        4f:0c:ee:e3:47:df:7c:93:f8:05:ec:0a:d1:84:dc:21:0f:8e:
-        6d:b5:14:e8:a3:bd:ea:21:1c:d1:5a:95:36:95:98:20:f0:0e:
-        07:54:56:27:d9:6d:cc:c6:09:f1:98:1c:69:d7:1b:52:0c:54:
-        38:32:fe:c6:50:07:74:ef:8c:05:03:bf:55:e0:c7:3b:e5:20:
-        f2:84:3e:9f
------BEGIN CERTIFICATE-----
-MIICrTCCAZWgAwIBAgIQNQkWIkGoeAW1ciYxbsOUAjANBgkqhkiG9w0BAQsFADAU
-MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjMwNzAzMTkxMTMwWhcNMjUxMDA1MTkx
-MTMwWjAcMRowGAYDVQQDDBFlZGdlcm91dGVyY2hhbWJseTB2MBAGByqGSM49AgEG
-BSuBBAAiA2IABA79HGCDX6dkeaA1dN/AY2jFPLEClalzWKmjdMzYW9h6q6rTH0Et
-aIa9L+Nsc7XoAXO0EvRx3d3Lm06w8dQEANFgz/7qPKXyru6qRaMhceXSt/AiMMTU
-J1h5lmzwXLqWGaOBoDCBnTAJBgNVHRMEAjAAMB0GA1UdDgQWBBTBKtQh6fMIy4cj
-zC1So9+Pu8+7WjBPBgNVHSMESDBGgBSKeJDl8FDnjHXkuMCh6OmbshqdMqEYpBYw
-FDESMBAGA1UEAwwJSkZfc2VydmVyghRd7fuTPbKqDIvbFd+9oZHOXPvLBjATBgNV
-HSUEDDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEB
-AC7GPHb9ZKirxwKG6IDVposv7b5wzZYjpYYfGQxyewvs0litOR3uY1JVo/JHhxJW
-rc2h7Q3tJ1VMm0fP6NeicNeK0mB+V7QCDZZGV535Bc/xkVwe4qd54Vv+Rnobq7vA
-CqVwaIOIGmKKNkyYnIUxQGutpxHTo8vZivPo1Cy9imZXyrut2bHPaoOI416kLlt+
-UCYWXDTNbJs12WHvY4d8Ki3w3c6rnX4URpjZy5pokfujWYWR1U8M7uNH33yT+AXs
-CtGE3CEPjm21FOijveohHNFalTaVmCDwDgdUVifZbczGCfGYHGnXG1IMVDgy/sZQ
-B3TvjAUDv1XgxzvlIPKEPp8=
------END CERTIFICATE-----
diff --git a/OpenVPN/CA Server/easy-rsa/pki/issued/fred.crt b/OpenVPN/CA Server/easy-rsa/pki/issued/fred.crt
deleted file mode 100644
index 96b815d..0000000
--- a/OpenVPN/CA Server/easy-rsa/pki/issued/fred.crt	
+++ /dev/null
@@ -1,71 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            ab:ba:55:27:aa:06:49:7b:13:dd:f2:5b:ae:27:08:fe
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=JF_server
-        Validity
-            Not Before: Jun  1 18:17:32 2023 GMT
-            Not After : Sep  3 18:17:32 2025 GMT
-        Subject: CN=fred
-        Subject Public Key Info:
-            Public Key Algorithm: id-ecPublicKey
-                Public-Key: (384 bit)
-                pub:
-                    04:3e:78:ef:26:d9:87:bb:8b:08:47:fe:15:ad:96:
-                    ae:f4:93:f1:d8:ce:e3:05:d2:96:46:fc:f6:47:c9:
-                    ac:41:f5:01:1b:e3:25:61:f4:ee:6f:8d:13:dd:ab:
-                    1b:d8:02:85:a3:fb:52:3d:02:d8:ad:0b:ed:e3:02:
-                    88:c7:eb:06:52:ca:25:ac:8b:ac:eb:52:4c:43:52:
-                    f9:c0:8c:f4:48:ea:72:a6:26:f7:5f:02:96:97:ad:
-                    10:ac:6d:c8:d3:b1:28
-                ASN1 OID: secp384r1
-                NIST CURVE: P-384
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                3C:F6:00:C3:CF:A4:BB:8D:F1:1B:AB:A1:6F:24:44:2A:73:95:EB:46
-            X509v3 Authority Key Identifier: 
-                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
-                DirName:/CN=JF_server
-                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature
-    Signature Algorithm: sha256WithRSAEncryption
-    Signature Value:
-        10:9c:49:d0:09:dc:52:df:2b:e1:ce:59:ef:f7:a0:96:13:05:
-        7e:30:ba:4b:6d:17:62:ed:89:39:cb:0e:c5:cc:df:0c:5a:68:
-        e7:0f:bc:c2:67:e0:b2:72:b6:9f:e7:9f:1f:4c:e5:da:d9:5c:
-        d8:53:44:ef:47:ea:47:9d:d7:1d:12:ab:75:c3:1f:c4:d8:ae:
-        65:7e:39:9d:98:f1:02:df:03:77:1e:7b:88:24:5f:7e:51:5c:
-        f2:9c:b8:1f:84:71:4b:f9:5a:6d:06:63:4d:e9:ab:27:f5:99:
-        fa:ac:25:7a:e2:a7:ba:94:a7:44:8b:2f:21:73:c1:db:1a:37:
-        38:d6:46:4a:a5:65:f7:24:35:08:40:9a:8e:d6:22:56:20:c9:
-        7b:52:b3:8f:ea:53:bf:00:bd:6a:23:bd:07:fe:af:2e:20:ee:
-        71:69:f8:66:b0:f3:00:5e:8d:2f:2a:37:b9:14:a6:bf:c8:25:
-        2e:1b:f4:86:58:94:33:2b:85:f9:08:3a:48:9e:49:42:66:5a:
-        37:10:10:5b:50:2e:f6:06:d0:fe:86:17:0d:9d:f5:dd:cb:ab:
-        92:39:de:d8:57:9d:0d:7e:14:b7:61:e5:bc:dc:62:00:22:8c:
-        23:df:90:d4:38:01:18:23:96:c6:7e:e8:c8:5e:c8:fd:a4:b2:
-        47:87:02:4f
------BEGIN CERTIFICATE-----
-MIICoTCCAYmgAwIBAgIRAKu6VSeqBkl7E93yW64nCP4wDQYJKoZIhvcNAQELBQAw
-FDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDYwMTE4MTczMloXDTI1MDkwMzE4
-MTczMlowDzENMAsGA1UEAwwEZnJlZDB2MBAGByqGSM49AgEGBSuBBAAiA2IABD54
-7ybZh7uLCEf+Fa2WrvST8djO4wXSlkb89kfJrEH1ARvjJWH07m+NE92rG9gChaP7
-Uj0C2K0L7eMCiMfrBlLKJayLrOtSTENS+cCM9EjqcqYm918ClpetEKxtyNOxKKOB
-oDCBnTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQ89gDDz6S7jfEbq6FvJEQqc5XrRjBP
-BgNVHSMESDBGgBSKeJDl8FDnjHXkuMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJ
-SkZfc2VydmVyghRd7fuTPbKqDIvbFd+9oZHOXPvLBjATBgNVHSUEDDAKBggrBgEF
-BQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBABCcSdAJ3FLfK+HO
-We/3oJYTBX4wukttF2LtiTnLDsXM3wxaaOcPvMJn4LJytp/nnx9M5drZXNhTRO9H
-6ked1x0Sq3XDH8TYrmV+OZ2Y8QLfA3cee4gkX35RXPKcuB+EcUv5Wm0GY03pqyf1
-mfqsJXrip7qUp0SLLyFzwdsaNzjWRkqlZfckNQhAmo7WIlYgyXtSs4/qU78AvWoj
-vQf+ry4g7nFp+Gaw8wBejS8qN7kUpr/IJS4b9IZYlDMrhfkIOkieSUJmWjcQEFtQ
-LvYG0P6GFw2d9d3Lq5I53thXnQ1+FLdh5bzcYgAijCPfkNQ4ARgjlsZ+6MheyP2k
-skeHAk8=
------END CERTIFICATE-----
diff --git a/OpenVPN/CA Server/easy-rsa/pki/issued/jf.crt b/OpenVPN/CA Server/easy-rsa/pki/issued/jf.crt
deleted file mode 100644
index 7c6e620..0000000
--- a/OpenVPN/CA Server/easy-rsa/pki/issued/jf.crt	
+++ /dev/null
@@ -1,71 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            22:7a:b3:cb:88:05:00:8c:df:af:02:be:af:63:f9:59
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=JF_server
-        Validity
-            Not Before: Feb 20 22:37:46 2023 GMT
-            Not After : May 25 22:37:46 2025 GMT
-        Subject: CN=jf
-        Subject Public Key Info:
-            Public Key Algorithm: id-ecPublicKey
-                Public-Key: (384 bit)
-                pub:
-                    04:8d:38:ea:4f:29:bd:83:a9:33:a3:1c:33:8a:60:
-                    8f:fa:19:81:00:73:44:81:98:1e:76:05:ee:f6:46:
-                    d5:25:a8:c5:3b:bd:d6:fa:cf:c6:79:e0:b4:42:27:
-                    80:e2:96:2d:30:50:c2:f6:9c:2c:13:f8:b9:46:b3:
-                    0d:96:6c:9b:d2:45:15:a3:f0:4c:bc:6b:51:45:f8:
-                    cb:59:04:b1:d0:47:b9:90:06:71:c7:eb:34:32:e2:
-                    72:14:84:94:58:e3:34
-                ASN1 OID: secp384r1
-                NIST CURVE: P-384
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                C5:CE:72:8F:A3:8E:13:57:DD:0E:02:A1:24:F1:56:C3:AE:2F:65:8F
-            X509v3 Authority Key Identifier: 
-                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
-                DirName:/CN=JF_server
-                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature
-    Signature Algorithm: sha256WithRSAEncryption
-    Signature Value:
-        3b:e8:1a:3e:ac:17:17:49:7c:4d:73:55:39:e9:1b:e4:d6:7f:
-        6d:6d:43:6c:e2:79:41:f4:26:a4:2d:18:59:24:a0:b1:e0:db:
-        03:07:f9:fb:24:f6:be:ed:8c:31:3e:c7:bb:74:b6:87:ba:43:
-        fc:d6:fb:2f:9f:1c:eb:d1:27:ad:60:eb:ab:87:c7:46:fe:22:
-        75:c1:bb:fb:23:ad:ba:1d:ab:41:45:29:d6:c4:89:99:94:40:
-        06:c7:3a:08:fe:d3:b5:f4:e7:52:57:aa:d1:a8:ec:74:e6:c9:
-        ec:9e:80:e0:ba:92:92:95:55:2e:d7:b2:d8:09:ee:72:fd:12:
-        ac:0a:0d:dc:ba:ac:4e:34:8c:37:19:76:60:7c:bd:ba:99:b7:
-        e5:47:c3:4b:67:2f:a9:5c:89:95:70:2d:2c:97:45:04:64:15:
-        47:04:d1:48:7d:d8:40:63:6c:05:8b:dc:ed:0f:a3:ae:3a:e8:
-        6f:49:34:54:de:99:4b:aa:28:6d:c9:3d:db:43:60:14:40:d5:
-        09:87:a8:b2:88:11:4c:8c:00:71:b1:38:25:91:5f:2f:93:7b:
-        42:64:38:db:d2:59:48:e8:ed:2e:92:69:4e:d4:2a:3b:e3:03:
-        94:2c:fc:ac:bc:ff:a9:b4:1e:ca:d3:d2:b5:fd:bf:33:bd:55:
-        12:75:db:f1
------BEGIN CERTIFICATE-----
-MIICnjCCAYagAwIBAgIQInqzy4gFAIzfrwK+r2P5WTANBgkqhkiG9w0BAQsFADAU
-MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjMwMjIwMjIzNzQ2WhcNMjUwNTI1MjIz
-NzQ2WjANMQswCQYDVQQDDAJqZjB2MBAGByqGSM49AgEGBSuBBAAiA2IABI046k8p
-vYOpM6McM4pgj/oZgQBzRIGYHnYF7vZG1SWoxTu91vrPxnngtEIngOKWLTBQwvac
-LBP4uUazDZZsm9JFFaPwTLxrUUX4y1kEsdBHuZAGccfrNDLichSElFjjNKOBoDCB
-nTAJBgNVHRMEAjAAMB0GA1UdDgQWBBTFznKPo44TV90OAqEk8VbDri9ljzBPBgNV
-HSMESDBGgBSKeJDl8FDnjHXkuMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJSkZf
-c2VydmVyghRd7fuTPbKqDIvbFd+9oZHOXPvLBjATBgNVHSUEDDAKBggrBgEFBQcD
-AjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBADvoGj6sFxdJfE1zVTnp
-G+TWf21tQ2zieUH0JqQtGFkkoLHg2wMH+fsk9r7tjDE+x7t0toe6Q/zW+y+fHOvR
-J61g66uHx0b+InXBu/sjrbodq0FFKdbEiZmUQAbHOgj+07X051JXqtGo7HTmyeye
-gOC6kpKVVS7XstgJ7nL9EqwKDdy6rE40jDcZdmB8vbqZt+VHw0tnL6lciZVwLSyX
-RQRkFUcE0Uh92EBjbAWL3O0Po6466G9JNFTemUuqKG3JPdtDYBRA1QmHqLKIEUyM
-AHGxOCWRXy+Te0JkONvSWUjo7S6SaU7UKjvjA5Qs/Ky8/6m0HsrT0rX9vzO9VRJ1
-2/E=
------END CERTIFICATE-----
diff --git a/OpenVPN/CA Server/easy-rsa/pki/issued/pascal.crt b/OpenVPN/CA Server/easy-rsa/pki/issued/pascal.crt
deleted file mode 100644
index 5730b5c..0000000
--- a/OpenVPN/CA Server/easy-rsa/pki/issued/pascal.crt	
+++ /dev/null
@@ -1,71 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            a6:7f:64:22:94:22:4a:39:b9:48:25:9b:99:9d:ae:a7
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=JF_server
-        Validity
-            Not Before: Mar 17 19:30:32 2023 GMT
-            Not After : Jun 19 19:30:32 2025 GMT
-        Subject: CN=pascal
-        Subject Public Key Info:
-            Public Key Algorithm: id-ecPublicKey
-                Public-Key: (384 bit)
-                pub:
-                    04:6e:d7:fc:29:a8:23:70:28:49:70:82:f4:1a:4f:
-                    fc:e8:5a:d3:10:84:ef:0a:59:d9:3e:31:2e:5f:91:
-                    8b:97:7e:32:c5:e4:9a:b1:df:8b:66:82:f7:a5:5a:
-                    6d:90:ba:4d:4b:75:4e:1b:09:37:3b:23:5b:df:b8:
-                    08:89:c7:a0:d6:3b:fa:3e:f8:b1:08:18:a6:ee:25:
-                    02:25:b2:c5:43:ee:f5:03:82:9e:39:a0:82:d0:23:
-                    49:eb:fe:be:3e:8f:7a
-                ASN1 OID: secp384r1
-                NIST CURVE: P-384
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                8E:E1:F2:13:12:D0:E0:C4:29:EA:29:E4:3D:94:2B:EC:0D:04:8F:BC
-            X509v3 Authority Key Identifier: 
-                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
-                DirName:/CN=JF_server
-                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature
-    Signature Algorithm: sha256WithRSAEncryption
-    Signature Value:
-        7d:0b:3f:f6:58:09:f2:8a:8d:0e:1e:50:c9:e8:31:f0:8f:0a:
-        f5:65:66:55:d3:dd:2c:5d:42:d4:0f:a5:02:ed:6a:77:e1:1d:
-        39:c5:46:1c:a5:38:17:89:13:f1:cd:eb:ff:b8:a5:3d:e9:85:
-        6f:d2:96:9b:f4:a1:09:6c:1b:84:40:70:19:2b:e1:ac:91:c2:
-        df:bf:09:a4:4f:c4:31:44:fe:2b:a5:60:38:97:a8:b3:01:aa:
-        39:43:74:90:b5:c6:fc:85:63:26:9f:7f:54:ba:de:4a:b1:ae:
-        6d:85:00:35:4d:15:9f:9d:10:f4:bf:bb:67:45:7e:c6:ab:ee:
-        7e:ad:92:4a:b4:e8:76:65:be:94:40:5a:67:83:ab:6c:d9:f9:
-        7d:40:bd:70:87:1f:14:4d:eb:56:50:a5:c3:7e:4a:b3:42:b5:
-        95:fe:f8:7f:9b:c6:c0:81:04:62:fd:94:ef:da:dd:17:01:a0:
-        93:14:80:31:5a:a2:fa:c7:8c:2d:7c:df:8b:40:d5:5c:ce:5f:
-        a8:9f:9f:48:4f:49:49:dc:cc:37:7e:f7:55:84:74:8a:cd:68:
-        15:60:8b:e8:4a:75:3e:83:cb:33:be:45:e1:a1:76:52:1a:b9:
-        09:34:38:af:6e:af:98:e3:6d:ed:c2:24:97:de:08:83:6b:d5:
-        45:9e:91:3a
------BEGIN CERTIFICATE-----
-MIICozCCAYugAwIBAgIRAKZ/ZCKUIko5uUglm5mdrqcwDQYJKoZIhvcNAQELBQAw
-FDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDMxNzE5MzAzMloXDTI1MDYxOTE5
-MzAzMlowETEPMA0GA1UEAwwGcGFzY2FsMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE
-btf8KagjcChJcIL0Gk/86FrTEITvClnZPjEuX5GLl34yxeSasd+LZoL3pVptkLpN
-S3VOGwk3OyNb37gIiceg1jv6PvixCBim7iUCJbLFQ+71A4KeOaCC0CNJ6/6+Po96
-o4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFI7h8hMS0ODEKeop5D2UK+wNBI+8
-ME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIwEAYDVQQD
-DAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQMMAoGCCsG
-AQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAfQs/9lgJ8oqN
-Dh5Qyegx8I8K9WVmVdPdLF1C1A+lAu1qd+EdOcVGHKU4F4kT8c3r/7ilPemFb9KW
-m/ShCWwbhEBwGSvhrJHC378JpE/EMUT+K6VgOJeoswGqOUN0kLXG/IVjJp9/VLre
-SrGubYUANU0Vn50Q9L+7Z0V+xqvufq2SSrTodmW+lEBaZ4OrbNn5fUC9cIcfFE3r
-VlClw35Ks0K1lf74f5vGwIEEYv2U79rdFwGgkxSAMVqi+seMLXzfi0DVXM5fqJ+f
-SE9JSdzMN373VYR0is1oFWCL6Ep1PoPLM75F4aF2Uhq5CTQ4r26vmONt7cIkl94I
-g2vVRZ6ROg==
------END CERTIFICATE-----
diff --git a/OpenVPN/CA Server/easy-rsa/pki/issued/remoteclient.crt b/OpenVPN/CA Server/easy-rsa/pki/issued/remoteclient.crt
deleted file mode 100644
index ed70cba..0000000
--- a/OpenVPN/CA Server/easy-rsa/pki/issued/remoteclient.crt	
+++ /dev/null
@@ -1,71 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            d1:ae:61:45:8e:84:e3:8e:5b:92:3f:aa:bb:81:9d:59
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=JF_server
-        Validity
-            Not Before: Feb 23 20:30:31 2023 GMT
-            Not After : May 28 20:30:31 2025 GMT
-        Subject: CN=remoteclient
-        Subject Public Key Info:
-            Public Key Algorithm: id-ecPublicKey
-                Public-Key: (384 bit)
-                pub:
-                    04:65:e9:86:35:01:c3:d7:0e:16:3d:89:90:3c:cb:
-                    a0:5f:d2:04:f7:b6:32:84:1e:a0:dc:6a:1d:16:a0:
-                    6f:47:a3:b5:7d:4c:39:bd:d0:70:18:34:e8:16:67:
-                    d4:5b:4c:ca:ce:ea:f0:75:5f:55:72:09:4b:f5:dd:
-                    80:f1:d5:db:e6:26:09:e4:34:3b:ca:89:f3:3a:40:
-                    91:31:14:c6:ff:06:8d:8e:f9:ba:8f:47:df:40:41:
-                    f4:6b:84:f8:e5:e8:70
-                ASN1 OID: secp384r1
-                NIST CURVE: P-384
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                23:F8:BF:EB:8E:A3:77:B3:2B:6A:FA:16:7A:39:B2:C2:47:31:9F:76
-            X509v3 Authority Key Identifier: 
-                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
-                DirName:/CN=JF_server
-                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature
-    Signature Algorithm: sha256WithRSAEncryption
-    Signature Value:
-        27:af:ff:e0:98:8e:d1:6c:39:d7:40:97:df:ea:5a:fc:57:31:
-        a2:92:0c:d3:4c:4b:74:22:9e:47:01:9b:0f:e0:a4:6c:dc:ef:
-        14:b7:93:0f:99:93:ec:c9:96:dc:51:58:d3:ac:eb:f1:10:48:
-        ba:96:54:25:32:2a:89:66:cb:ca:13:b4:75:cc:4e:2a:5d:7c:
-        bb:b9:15:28:c0:32:59:f0:66:e5:fe:d8:14:14:2c:fb:df:6e:
-        1e:b6:53:c9:f0:77:68:54:b9:21:4b:0c:a4:d6:bc:4d:c2:a3:
-        de:d0:9f:ef:67:68:3e:c6:d4:da:d5:6c:92:80:cf:2e:8d:04:
-        59:c8:39:9f:22:4a:04:28:3e:e8:cf:02:73:73:a6:59:d4:e5:
-        9c:77:55:41:00:5c:c2:23:61:df:44:5c:ad:a8:bc:15:57:2d:
-        ae:89:99:a7:33:8f:d3:75:02:21:91:f6:38:34:23:68:70:8f:
-        99:0f:53:27:6d:52:9a:9b:f3:62:cf:20:bc:f5:91:41:78:fc:
-        92:09:2f:3e:bb:2d:9b:69:39:7f:c4:b1:a8:62:64:27:3f:27:
-        2d:16:c4:3e:0d:51:c9:f7:4f:40:f0:fd:55:a9:44:36:31:59:
-        b7:08:6a:3c:28:31:8a:43:c0:b9:05:44:75:48:6d:94:24:c6:
-        b2:fc:f7:33
------BEGIN CERTIFICATE-----
-MIICqTCCAZGgAwIBAgIRANGuYUWOhOOOW5I/qruBnVkwDQYJKoZIhvcNAQELBQAw
-FDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDIyMzIwMzAzMVoXDTI1MDUyODIw
-MzAzMVowFzEVMBMGA1UEAwwMcmVtb3RlY2xpZW50MHYwEAYHKoZIzj0CAQYFK4EE
-ACIDYgAEZemGNQHD1w4WPYmQPMugX9IE97YyhB6g3GodFqBvR6O1fUw5vdBwGDTo
-FmfUW0zKzurwdV9VcglL9d2A8dXb5iYJ5DQ7yonzOkCRMRTG/waNjvm6j0ffQEH0
-a4T45ehwo4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFCP4v+uOo3ezK2r6Fno5
-ssJHMZ92ME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIw
-EAYDVQQDDAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQM
-MAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAJ6//
-4JiO0Ww510CX3+pa/FcxopIM00xLdCKeRwGbD+CkbNzvFLeTD5mT7MmW3FFY06zr
-8RBIupZUJTIqiWbLyhO0dcxOKl18u7kVKMAyWfBm5f7YFBQs+99uHrZTyfB3aFS5
-IUsMpNa8TcKj3tCf72doPsbU2tVskoDPLo0EWcg5nyJKBCg+6M8Cc3OmWdTlnHdV
-QQBcwiNh30Rcrai8FVctromZpzOP03UCIZH2ODQjaHCPmQ9TJ21SmpvzYs8gvPWR
-QXj8kgkvPrstm2k5f8SxqGJkJz8nLRbEPg1RyfdPQPD9ValENjFZtwhqPCgxikPA
-uQVEdUhtlCTGsvz3Mw==
------END CERTIFICATE-----
diff --git a/OpenVPN/CA Server/easy-rsa/pki/issued/stationKA2401.crt b/OpenVPN/CA Server/easy-rsa/pki/issued/stationKA2401.crt
deleted file mode 100644
index 2260c91..0000000
--- a/OpenVPN/CA Server/easy-rsa/pki/issued/stationKA2401.crt	
+++ /dev/null
@@ -1,71 +0,0 @@
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            78:5e:57:99:93:be:f2:47:da:cc:6c:8e:0d:71:3d:f8
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: CN=JF_server
-        Validity
-            Not Before: May  5 13:33:22 2024 GMT
-            Not After : Aug  8 13:33:22 2026 GMT
-        Subject: CN=stationKA2401
-        Subject Public Key Info:
-            Public Key Algorithm: id-ecPublicKey
-                Public-Key: (384 bit)
-                pub:
-                    04:8f:4f:26:6b:af:cb:49:0b:74:3e:65:aa:0e:9a:
-                    9a:57:99:b1:f6:bf:dc:74:ae:d6:72:ed:d3:a8:04:
-                    2f:a8:a0:43:63:f6:c8:e2:cd:dc:d8:fd:bf:69:93:
-                    09:d7:bd:11:ab:d9:c5:ae:20:bc:00:ac:d7:ad:ea:
-                    fb:c0:1e:44:6f:ba:20:63:9d:32:f7:38:8f:c0:d7:
-                    bf:b4:23:15:16:4d:84:59:13:d5:4b:de:9e:7b:46:
-                    d3:ce:ba:5d:d9:53:c4
-                ASN1 OID: secp384r1
-                NIST CURVE: P-384
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:FALSE
-            X509v3 Subject Key Identifier: 
-                68:18:F5:54:75:30:27:4D:B5:96:D3:34:8E:1C:3B:58:1E:BC:1B:78
-            X509v3 Authority Key Identifier: 
-                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
-                DirName:/CN=JF_server
-                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
-            X509v3 Extended Key Usage: 
-                TLS Web Client Authentication
-            X509v3 Key Usage: 
-                Digital Signature
-    Signature Algorithm: sha256WithRSAEncryption
-    Signature Value:
-        67:97:34:79:07:29:c3:cd:a6:7c:86:82:aa:94:0b:ca:69:ef:
-        79:5e:a6:35:97:c3:31:07:9f:cd:aa:89:95:e3:b1:26:4b:e9:
-        88:50:1f:3e:10:eb:d2:82:c5:6e:56:18:1e:ff:72:60:c1:de:
-        11:af:b8:e6:b6:bb:de:7d:52:f5:ba:1b:9b:4e:49:b2:05:25:
-        0a:e9:8a:f8:85:f7:0e:c8:db:fd:c4:b9:e9:a9:6f:85:0a:cb:
-        63:a3:d0:a7:77:e0:7f:ff:34:29:90:80:66:a7:8d:80:6a:bf:
-        23:74:80:77:ad:53:2d:5e:f6:02:d1:05:3f:9f:fa:17:11:8f:
-        7f:b4:a5:44:74:2b:57:1e:4b:7e:29:c8:95:48:a6:3a:fc:ae:
-        82:c2:7b:b2:26:4f:92:d5:af:73:71:30:8e:b6:b9:6a:f2:b0:
-        00:df:44:a2:3f:cd:4a:45:7e:ed:43:4b:d4:0e:07:25:94:37:
-        e0:5d:8d:0b:1b:fb:76:07:d0:41:da:c9:f3:19:fa:28:8b:46:
-        df:5a:19:82:ee:1e:e0:1a:be:39:c1:a9:65:b1:02:92:32:96:
-        2c:7e:3f:4e:ce:9e:b0:66:57:b4:74:2c:98:de:13:da:b2:27:
-        e5:7a:5b:30:df:3e:46:1b:6c:92:53:6f:c6:0e:88:6f:0d:ae:
-        89:ca:ea:ea
------BEGIN CERTIFICATE-----
-MIICqTCCAZGgAwIBAgIQeF5XmZO+8kfazGyODXE9+DANBgkqhkiG9w0BAQsFADAU
-MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjQwNTA1MTMzMzIyWhcNMjYwODA4MTMz
-MzIyWjAYMRYwFAYDVQQDDA1zdGF0aW9uS0EyNDAxMHYwEAYHKoZIzj0CAQYFK4EE
-ACIDYgAEj08ma6/LSQt0PmWqDpqaV5mx9r/cdK7Wcu3TqAQvqKBDY/bI4s3c2P2/
-aZMJ170Rq9nFriC8AKzXrer7wB5Eb7ogY50y9ziPwNe/tCMVFk2EWRPVS96ee0bT
-zrpd2VPEo4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFGgY9VR1MCdNtZbTNI4c
-O1gevBt4ME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIw
-EAYDVQQDDAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQM
-MAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAZ5c0
-eQcpw82mfIaCqpQLymnveV6mNZfDMQefzaqJleOxJkvpiFAfPhDr0oLFblYYHv9y
-YMHeEa+45ra73n1S9bobm05JsgUlCumK+IX3Dsjb/cS56alvhQrLY6PQp3fgf/80
-KZCAZqeNgGq/I3SAd61TLV72AtEFP5/6FxGPf7SlRHQrVx5LfinIlUimOvyugsJ7
-siZPktWvc3Ewjra5avKwAN9Eoj/NSkV+7UNL1A4HJZQ34F2NCxv7dgfQQdrJ8xn6
-KItG31oZgu4e4Bq+OcGpZbECkjKWLH4/Ts6esGZXtHQsmN4T2rIn5XpbMN8+Rhts
-klNvxg6Ibw2uicrq6g==
------END CERTIFICATE-----
diff --git a/OpenVPN/CA Server/easy-rsa/pki/reqs/DO_server.req b/OpenVPN/CA Server/easy-rsa/pki/reqs/DO_server.req
deleted file mode 100644
index 1d0b0f9..0000000
--- a/OpenVPN/CA Server/easy-rsa/pki/reqs/DO_server.req	
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBDDCBkwIBADAUMRIwEAYDVQQDDAlET19zZXJ2ZXIwdjAQBgcqhkjOPQIBBgUr
-gQQAIgNiAAQuCojiA60UOu4AUZY+9ewky9ZbjdZdD9+SCJcZ27CNwp3WxqJZLpTU
-2dAQ+M3ZPJCA6GGImr6s+M7SRH8hmP/XU0gm1hhvjw1h0zb2IDAYZ2Zh9yXa7nb1
-qxbL/UBSlTygADAKBggqhkjOPQQDBANoADBlAjBre9V6PcQqQZs3zymemhYWPiJp
-CCXGC4I8MOnjVlSdeCgl2SKvxRx+87Ywvr1o8hQCMQCPuQ+ntCc1yCGOJ9JlDCE0
-rxa71Os35Ma78TK+vuW/bv1zrTSoHxgJpCrnJS0V21o=
------END CERTIFICATE REQUEST-----
diff --git a/OpenVPN/CA Server/easy-rsa/pki/reqs/Otarcik202501.req b/OpenVPN/CA Server/easy-rsa/pki/reqs/Otarcik202501.req
deleted file mode 100644
index ba6deff..0000000
--- a/OpenVPN/CA Server/easy-rsa/pki/reqs/Otarcik202501.req	
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBEDCBlwIBADAYMRYwFAYDVQQDDA1PdGFyY2lrMjAyNTAxMHYwEAYHKoZIzj0C
-AQYFK4EEACIDYgAEQJBHidjsciCVwPuNtxD8Uh2brcFlkeRF1Q8CsDGOVbf6MZqm
-Wh/ghc3iIZ08lX+tgPLRY+dBfeSHl36k0efSyT07Zp9S/hFy09feufdB1XsyKwGU
-THHL/2V2Zz6uGk5PoAAwCgYIKoZIzj0EAwQDaAAwZQIwRKy3o/Z419Oh8JHDBhEM
-x4EAhdueoKp+PK5nKQ1FdI+TbwYSGEgoCpc5bjQB0TkVAjEAnV9R90TWM+kSr+R3
-XUkUyfdkukpHyRMmH7HINp/hDf2idPQHdpm+y4CgtNpmTShp
------END CERTIFICATE REQUEST-----
diff --git a/OpenVPN/CA Server/easy-rsa/pki/reqs/edgerouterchambly.req b/OpenVPN/CA Server/easy-rsa/pki/reqs/edgerouterchambly.req
deleted file mode 100644
index 2622351..0000000
--- a/OpenVPN/CA Server/easy-rsa/pki/reqs/edgerouterchambly.req	
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBFDCBmwIBADAcMRowGAYDVQQDDBFlZGdlcm91dGVyY2hhbWJseTB2MBAGByqG
-SM49AgEGBSuBBAAiA2IABA79HGCDX6dkeaA1dN/AY2jFPLEClalzWKmjdMzYW9h6
-q6rTH0EtaIa9L+Nsc7XoAXO0EvRx3d3Lm06w8dQEANFgz/7qPKXyru6qRaMhceXS
-t/AiMMTUJ1h5lmzwXLqWGaAAMAoGCCqGSM49BAMEA2gAMGUCMCvrCc8hUdJ+NdGi
-64TnDwHJ9Kl1HDBmW3fxYJzjXzBAY8ZhgLuw2Bn4GqIUYtdhqgIxAM5GStvPR0iy
-Qp7iXmjAhg15YQL2hm/qckmm3S7SwMGMKqZkQvBk/XafYZe8VajM0Q==
------END CERTIFICATE REQUEST-----
diff --git a/OpenVPN/CA Server/easy-rsa/pki/reqs/fred.req b/OpenVPN/CA Server/easy-rsa/pki/reqs/fred.req
deleted file mode 100644
index 0518ab2..0000000
--- a/OpenVPN/CA Server/easy-rsa/pki/reqs/fred.req	
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBCDCBjgIBADAPMQ0wCwYDVQQDDARmcmVkMHYwEAYHKoZIzj0CAQYFK4EEACID
-YgAEPnjvJtmHu4sIR/4VrZau9JPx2M7jBdKWRvz2R8msQfUBG+MlYfTub40T3asb
-2AKFo/tSPQLYrQvt4wKIx+sGUsolrIus61JMQ1L5wIz0SOpypib3XwKWl60QrG3I
-07EooAAwCgYIKoZIzj0EAwQDaQAwZgIxAJmONNtX7d0nhO1ExxBRWzyjsripBfo2
-pzMXN/wL70YmZ/JiVDB9FcZGKCGkqxGPUAIxAJQ766zGfSReyVeBWWkzZJQvhU7o
-RNP2pIhWmCneLhb0hkiIxkgNm/ZQmHD1WCuT3w==
------END CERTIFICATE REQUEST-----
diff --git a/OpenVPN/CA Server/easy-rsa/pki/reqs/jf.req b/OpenVPN/CA Server/easy-rsa/pki/reqs/jf.req
deleted file mode 100644
index 0583972..0000000
--- a/OpenVPN/CA Server/easy-rsa/pki/reqs/jf.req	
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBBjCBjAIBADANMQswCQYDVQQDDAJqZjB2MBAGByqGSM49AgEGBSuBBAAiA2IA
-BI046k8pvYOpM6McM4pgj/oZgQBzRIGYHnYF7vZG1SWoxTu91vrPxnngtEIngOKW
-LTBQwvacLBP4uUazDZZsm9JFFaPwTLxrUUX4y1kEsdBHuZAGccfrNDLichSElFjj
-NKAAMAoGCCqGSM49BAMEA2kAMGYCMQCavWzeG/WWhQ6wkIJC72oie/5xCwYGrlSP
-b4ijDgJlmyQfy920wbDcTLWFJ26lpeYCMQC2FDVLQ+AjZnsWvVkPWl2j10VfRQxF
-lPJnbb+ajusWy7qLdOFeLWVKeQCYL2s1aMc=
------END CERTIFICATE REQUEST-----
diff --git a/OpenVPN/CA Server/easy-rsa/pki/reqs/pascal.req b/OpenVPN/CA Server/easy-rsa/pki/reqs/pascal.req
deleted file mode 100644
index 6369a0e..0000000
--- a/OpenVPN/CA Server/easy-rsa/pki/reqs/pascal.req	
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBCTCBkAIBADARMQ8wDQYDVQQDDAZwYXNjYWwwdjAQBgcqhkjOPQIBBgUrgQQA
-IgNiAARu1/wpqCNwKElwgvQaT/zoWtMQhO8KWdk+MS5fkYuXfjLF5Jqx34tmgvel
-Wm2Quk1LdU4bCTc7I1vfuAiJx6DWO/o++LEIGKbuJQIlssVD7vUDgp45oILQI0nr
-/r4+j3qgADAKBggqhkjOPQQDBANoADBlAjEA4IhMIxWjsYamRn2jr0X0Z2ilUyC6
-IaPo9mE7gLQNxvvNlksKBlrIcOMoqp4RX58mAjAqGNEb63KjrKwaCVzbjiF4h4dg
-c3PYjObVjwTwWQKSNHReGrqhgjCcrcAbK5pdofs=
------END CERTIFICATE REQUEST-----
diff --git a/OpenVPN/CA Server/easy-rsa/pki/reqs/remoteclient.req b/OpenVPN/CA Server/easy-rsa/pki/reqs/remoteclient.req
deleted file mode 100644
index 1815e88..0000000
--- a/OpenVPN/CA Server/easy-rsa/pki/reqs/remoteclient.req	
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBEDCBlgIBADAXMRUwEwYDVQQDDAxyZW1vdGVjbGllbnQwdjAQBgcqhkjOPQIB
-BgUrgQQAIgNiAARl6YY1AcPXDhY9iZA8y6Bf0gT3tjKEHqDcah0WoG9Ho7V9TDm9
-0HAYNOgWZ9RbTMrO6vB1X1VyCUv13YDx1dvmJgnkNDvKifM6QJExFMb/Bo2O+bqP
-R99AQfRrhPjl6HCgADAKBggqhkjOPQQDBANpADBmAjEAorG1junRTCsKjo5zCAi/
-VCT/LtoDyb3xpxDaTFX33WCB77AFc5m4PZ8w43sldxHQAjEAutGviIFXdGI/HM0g
-Q7lGg4ch2v0y6SbZA7Fphp5FX1w/8uR7lvMBOSCE3KbnS5on
------END CERTIFICATE REQUEST-----
diff --git a/OpenVPN/CA Server/easy-rsa/pki/reqs/stationKA2401.req b/OpenVPN/CA Server/easy-rsa/pki/reqs/stationKA2401.req
deleted file mode 100644
index fef23ab..0000000
--- a/OpenVPN/CA Server/easy-rsa/pki/reqs/stationKA2401.req	
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBDzCBlwIBADAYMRYwFAYDVQQDDA1zdGF0aW9uS0EyNDAxMHYwEAYHKoZIzj0C
-AQYFK4EEACIDYgAEj08ma6/LSQt0PmWqDpqaV5mx9r/cdK7Wcu3TqAQvqKBDY/bI
-4s3c2P2/aZMJ170Rq9nFriC8AKzXrer7wB5Eb7ogY50y9ziPwNe/tCMVFk2EWRPV
-S96ee0bTzrpd2VPEoAAwCgYIKoZIzj0EAwQDZwAwZAIwMhPuY2cvcd/nxcmEJjqV
-5H+FLyOW+xTOFIF2EIptJqMw2fUt8xFg1A6S/m7FNG/nAjAVTYLqYdy7xw/o7Lz8
-v5nTfxE1n2YsApc9ZmnrZOMiDPdWLMV5U8t+b3Vn574Tetc=
------END CERTIFICATE REQUEST-----
diff --git a/OpenVPN/Certificates/Certs/DO_server.crt b/OpenVPN/Certificates/Certs/DO_server.crt
new file mode 100644
index 0000000..b9d64bd
--- /dev/null
+++ b/OpenVPN/Certificates/Certs/DO_server.crt
@@ -0,0 +1,71 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            c6:8a:f6:d0:0c:af:91:e6:de:c9:7c:69:ab:c7:51:61
+        Signature Algorithm: sha512WithRSAEncryption
+        Issuer: CN=JF_server
+        Validity
+            Not Before: May 26 19:03:32 2025 GMT
+            Not After : May 19 19:03:32 2055 GMT
+        Subject: CN=DO_server
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (384 bit)
+                pub:
+                    04:ed:69:aa:97:e7:07:67:8a:59:7f:70:79:ff:34:
+                    89:5d:ce:41:2e:94:7a:00:cc:73:38:70:09:b3:b1:
+                    84:63:83:c2:74:73:b5:16:26:13:8d:67:1e:27:25:
+                    ec:8f:52:81:b9:55:a2:e4:68:11:5f:e5:04:16:11:
+                    18:b1:f9:9f:cc:96:28:fa:98:01:8e:2d:a6:cb:f8:
+                    92:27:e7:e7:a5:68:05:26:e9:0a:3c:b3:ef:0c:c1:
+                    40:1c:10:60:40:0d:5d
+                ASN1 OID: secp384r1
+                NIST CURVE: P-384
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                CA:37:30:A5:B6:6B:08:68:52:55:72:A2:44:E6:9A:53:38:5F:38:B7
+            X509v3 Authority Key Identifier: 
+                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
+                DirName:/CN=JF_server
+                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
+            X509v3 Extended Key Usage: 
+                TLS Web Server Authentication
+            X509v3 Key Usage: 
+                Digital Signature, Key Encipherment
+    Signature Algorithm: sha512WithRSAEncryption
+    Signature Value:
+        7b:e0:43:5f:e8:b1:dc:90:2b:b9:05:f2:25:87:22:f4:6b:54:
+        c6:2c:f1:e7:bd:a5:7a:1c:96:3e:63:1e:a9:6d:de:b8:3f:62:
+        10:43:ce:a5:99:01:a1:f0:17:c9:31:a8:d8:de:45:95:d6:c3:
+        c2:c1:5a:b0:19:d3:94:4b:35:0e:fa:95:41:72:f1:c1:3a:15:
+        d7:d4:c8:3e:86:68:e8:cb:d2:86:c1:bd:0f:79:76:ce:4a:18:
+        0f:49:68:ee:73:4f:e4:f9:ca:0c:f3:7e:e6:0d:ca:04:5a:89:
+        73:94:fb:79:22:b8:c5:ef:05:fe:e3:b3:35:cf:47:55:e2:c5:
+        54:03:f1:b2:e5:14:96:72:a0:6b:48:fc:5a:f8:04:83:52:8d:
+        08:dc:ad:c7:63:94:4a:6b:ca:39:ad:44:5d:08:5a:96:d5:3a:
+        76:ff:53:a9:19:9a:64:ae:6b:d7:10:a9:71:bb:90:ea:19:48:
+        4b:3a:99:4c:a1:64:33:8f:5e:58:f1:9a:3c:a4:43:19:0c:a9:
+        ff:d2:23:26:1e:b7:b4:0a:f7:3c:25:c7:3c:c7:b8:b5:4e:d5:
+        e1:59:74:ad:b4:8b:63:b9:d4:c2:24:cb:03:ac:34:07:6e:80:
+        30:a3:07:dd:ef:7a:c2:1a:98:58:66:02:a7:ab:d7:ee:64:95:
+        74:e9:aa:75
+-----BEGIN CERTIFICATE-----
+MIICqDCCAZCgAwIBAgIRAMaK9tAMr5Hm3sl8aavHUWEwDQYJKoZIhvcNAQENBQAw
+FDESMBAGA1UEAwwJSkZfc2VydmVyMCAXDTI1MDUyNjE5MDMzMloYDzIwNTUwNTE5
+MTkwMzMyWjAUMRIwEAYDVQQDDAlET19zZXJ2ZXIwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAATtaaqX5wdnill/cHn/NIldzkEulHoAzHM4cAmzsYRjg8J0c7UWJhONZx4n
+JeyPUoG5VaLkaBFf5QQWERix+Z/Mlij6mAGOLabL+JIn5+elaAUm6Qo8s+8MwUAc
+EGBADV2jgaAwgZ0wCQYDVR0TBAIwADAdBgNVHQ4EFgQUyjcwpbZrCGhSVXKiROaa
+UzhfOLcwTwYDVR0jBEgwRoAUiniQ5fBQ54x15LjAoejpm7IanTKhGKQWMBQxEjAQ
+BgNVBAMMCUpGX3NlcnZlcoIUXe37kz2yqgyL2xXfvaGRzlz7ywYwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwCwYDVR0PBAQDAgWgMA0GCSqGSIb3DQEBDQUAA4IBAQB74ENf
+6LHckCu5BfIlhyL0a1TGLPHnvaV6HJY+Yx6pbd64P2IQQ86lmQGh8BfJMajY3kWV
+1sPCwVqwGdOUSzUO+pVBcvHBOhXX1Mg+hmjoy9KGwb0PeXbOShgPSWjuc0/k+coM
+837mDcoEWolzlPt5IrjF7wX+47M1z0dV4sVUA/Gy5RSWcqBrSPxa+ASDUo0I3K3H
+Y5RKa8o5rURdCFqW1Tp2/1OpGZpkrmvXEKlxu5DqGUhLOplMoWQzj15Y8Zo8pEMZ
+DKn/0iMmHre0Cvc8Jcc8x7i1TtXhWXSttItjudTCJMsDrDQHboAwowfd73rCGphY
+ZgKnq9fuZJV06ap1
+-----END CERTIFICATE-----
diff --git a/OpenVPN/Certificates/Certs/DO_server.req b/OpenVPN/Certificates/Certs/DO_server.req
new file mode 100644
index 0000000..1217e31
--- /dev/null
+++ b/OpenVPN/Certificates/Certs/DO_server.req
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBDDCBkwIBADAUMRIwEAYDVQQDDAlET19zZXJ2ZXIwdjAQBgcqhkjOPQIBBgUr
+gQQAIgNiAATtaaqX5wdnill/cHn/NIldzkEulHoAzHM4cAmzsYRjg8J0c7UWJhON
+Zx4nJeyPUoG5VaLkaBFf5QQWERix+Z/Mlij6mAGOLabL+JIn5+elaAUm6Qo8s+8M
+wUAcEGBADV2gADAKBggqhkjOPQQDBANoADBlAjBjt6J7Dqsy4PiBBx1YqrVn5gWZ
+3ON0zZtMdkmRoVikydg2G6vMULEEIVRljqvo1xgCMQDdGO3UljUiWxRWHViFycUG
+QUwYhY/wasubzOv7Fnx6ZcBg29FXEh9txFcUlVHVpis=
+-----END CERTIFICATE REQUEST-----
diff --git a/OpenVPN/Certificates/Certs/fred.crt b/OpenVPN/Certificates/Certs/fred.crt
new file mode 100644
index 0000000..19e33e1
--- /dev/null
+++ b/OpenVPN/Certificates/Certs/fred.crt
@@ -0,0 +1,71 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            ab:57:22:69:00:94:7d:2d:f2:86:c1:7c:f6:84:a4:d1
+        Signature Algorithm: sha512WithRSAEncryption
+        Issuer: CN=JF_server
+        Validity
+            Not Before: May 26 19:26:43 2025 GMT
+            Not After : May 19 19:26:43 2055 GMT
+        Subject: CN=fred
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (384 bit)
+                pub:
+                    04:52:a0:c4:e8:7b:31:2c:fe:6a:e1:55:f0:94:5e:
+                    70:d0:6e:43:6d:72:7b:7d:a2:f5:61:cf:68:e7:ef:
+                    b7:e5:f0:2f:bd:76:26:4c:ce:f0:4e:bb:99:03:cf:
+                    17:05:a9:3f:a2:0d:ed:6e:6f:3f:0f:08:f2:1b:68:
+                    9e:e0:4d:38:5f:55:99:51:1b:ae:39:2e:1d:9f:78:
+                    b1:58:52:5c:b5:1f:54:d6:c9:09:6d:4e:b5:9c:00:
+                    c2:01:89:c7:27:94:ea
+                ASN1 OID: secp384r1
+                NIST CURVE: P-384
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                0F:E2:50:A5:9A:17:2B:87:71:11:CB:52:15:48:08:5B:72:F6:92:5E
+            X509v3 Authority Key Identifier: 
+                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
+                DirName:/CN=JF_server
+                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha512WithRSAEncryption
+    Signature Value:
+        1d:9a:07:1e:b0:5f:56:08:c3:a8:25:6a:54:2c:50:4d:98:b3:
+        f0:ab:39:ae:93:87:35:44:04:2c:ac:92:ea:a4:96:d3:10:77:
+        01:16:93:1e:b5:1d:5d:7f:98:c9:5d:2b:6d:03:97:e4:6b:38:
+        2e:3b:a9:00:5f:d4:34:11:fe:24:51:47:27:31:a3:60:b0:ce:
+        af:b3:87:95:eb:dd:4f:c5:88:18:db:60:9b:22:09:3d:73:53:
+        83:f6:31:a6:61:0f:60:e3:76:77:d7:be:a8:fa:01:5b:7d:53:
+        97:7e:25:9b:30:e6:34:52:ae:e7:0b:d1:0e:3a:69:8d:55:f8:
+        40:a4:4d:3c:2e:7b:40:06:8e:bf:ba:e5:46:30:d7:26:fa:49:
+        aa:bc:7d:3c:a8:89:84:28:0a:b4:7b:a8:51:f6:df:04:f8:63:
+        e8:a7:72:4e:d0:ae:45:23:91:7e:d3:a6:20:16:86:93:08:8f:
+        c0:83:ff:17:96:ff:63:9a:c9:0b:b8:cd:ff:05:ea:ef:33:2e:
+        78:e7:1e:86:23:0d:de:66:9d:74:d7:17:2e:9c:e2:a0:42:03:
+        9a:ed:ae:44:da:f5:a5:c1:36:56:9c:7d:eb:ca:dc:76:eb:62:
+        6e:fe:8f:dc:f5:eb:a1:72:9e:64:bd:2e:64:1b:62:e0:52:d0:
+        f9:ab:52:cf
+-----BEGIN CERTIFICATE-----
+MIICozCCAYugAwIBAgIRAKtXImkAlH0t8obBfPaEpNEwDQYJKoZIhvcNAQENBQAw
+FDESMBAGA1UEAwwJSkZfc2VydmVyMCAXDTI1MDUyNjE5MjY0M1oYDzIwNTUwNTE5
+MTkyNjQzWjAPMQ0wCwYDVQQDDARmcmVkMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE
+UqDE6HsxLP5q4VXwlF5w0G5DbXJ7faL1Yc9o5++35fAvvXYmTM7wTruZA88XBak/
+og3tbm8/DwjyG2ie4E04X1WZURuuOS4dn3ixWFJctR9U1skJbU61nADCAYnHJ5Tq
+o4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFA/iUKWaFyuHcRHLUhVICFty9pJe
+ME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIwEAYDVQQD
+DAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQMMAoGCCsG
+AQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQ0FAAOCAQEAHZoHHrBfVgjD
+qCVqVCxQTZiz8Ks5rpOHNUQELKyS6qSW0xB3ARaTHrUdXX+YyV0rbQOX5Gs4Ljup
+AF/UNBH+JFFHJzGjYLDOr7OHlevdT8WIGNtgmyIJPXNTg/YxpmEPYON2d9e+qPoB
+W31Tl34lmzDmNFKu5wvRDjppjVX4QKRNPC57QAaOv7rlRjDXJvpJqrx9PKiJhCgK
+tHuoUfbfBPhj6KdyTtCuRSORftOmIBaGkwiPwIP/F5b/Y5rJC7jN/wXq7zMueOce
+hiMN3maddNcXLpzioEIDmu2uRNr1pcE2Vpx968rcdutibv6P3PXroXKeZL0uZBti
+4FLQ+atSzw==
+-----END CERTIFICATE-----
diff --git a/OpenVPN/Certificates/Certs/fred.req b/OpenVPN/Certificates/Certs/fred.req
new file mode 100644
index 0000000..38c04be
--- /dev/null
+++ b/OpenVPN/Certificates/Certs/fred.req
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBBzCBjgIBADAPMQ0wCwYDVQQDDARmcmVkMHYwEAYHKoZIzj0CAQYFK4EEACID
+YgAEUqDE6HsxLP5q4VXwlF5w0G5DbXJ7faL1Yc9o5++35fAvvXYmTM7wTruZA88X
+Bak/og3tbm8/DwjyG2ie4E04X1WZURuuOS4dn3ixWFJctR9U1skJbU61nADCAYnH
+J5TqoAAwCgYIKoZIzj0EAwQDaAAwZQIxAJm/Uds5rhrtrPD3t7789IcI2lEuzo8g
+4hS86a/rDSZ5FI+IdRNJDqPYQRTuc2vtMQIwbWHqs/cEMIG6WIoJ3AzvVTfaP7NJ
+68CzzVuC/g5ie/yZc5FbLWchBUiRNPxLSXzq
+-----END CERTIFICATE REQUEST-----
diff --git a/OpenVPN/Certificates/Certs/jf.crt b/OpenVPN/Certificates/Certs/jf.crt
new file mode 100644
index 0000000..eb31d5c
--- /dev/null
+++ b/OpenVPN/Certificates/Certs/jf.crt
@@ -0,0 +1,71 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            b7:43:9e:5a:80:04:ad:6f:3c:d2:82:9f:99:b4:55:0c
+        Signature Algorithm: sha512WithRSAEncryption
+        Issuer: CN=JF_server
+        Validity
+            Not Before: May 26 19:26:08 2025 GMT
+            Not After : May 19 19:26:08 2055 GMT
+        Subject: CN=jf
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (384 bit)
+                pub:
+                    04:cb:cf:fb:cd:5a:b5:1c:e2:f6:1c:35:36:e4:6b:
+                    29:06:48:0f:aa:e9:5b:2e:e3:f7:ca:5d:f4:01:97:
+                    8c:09:fc:cb:5c:b9:96:3f:44:0b:7b:6b:6f:39:f3:
+                    62:92:43:8d:31:15:ca:b3:80:f5:c3:1a:7b:7e:de:
+                    ac:ba:5c:9f:26:f4:1c:d6:91:d0:59:4a:b2:5e:dc:
+                    dc:94:0a:9d:24:29:b0:42:26:57:93:5e:e9:02:44:
+                    ca:60:aa:86:99:2d:d1
+                ASN1 OID: secp384r1
+                NIST CURVE: P-384
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                D9:70:4D:CC:BF:72:8F:F4:6D:DD:20:85:2C:19:3B:6F:1E:97:EC:88
+            X509v3 Authority Key Identifier: 
+                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
+                DirName:/CN=JF_server
+                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha512WithRSAEncryption
+    Signature Value:
+        8e:56:20:a2:64:1f:bb:3c:fc:f4:4d:6a:30:f7:90:c0:84:03:
+        00:a1:d7:f4:57:93:b0:a2:78:fc:79:f4:29:46:22:79:f1:90:
+        80:e9:65:6d:c8:c7:54:c3:4f:38:fc:c4:b5:df:b5:7f:fd:20:
+        95:a3:be:d7:7c:89:58:a8:f0:84:b7:d4:17:4d:81:1c:fa:30:
+        bb:e7:6e:ce:1e:4c:da:5f:d4:ff:66:1e:c3:e5:cb:42:5e:dd:
+        02:a8:95:af:81:62:dd:9a:a1:48:1c:f1:1d:ae:4e:07:78:9d:
+        e0:5e:6b:2c:92:27:2a:53:3f:c3:eb:cb:62:24:f9:43:05:0f:
+        25:14:6f:2f:3f:ee:92:47:29:84:a4:76:c1:fb:c6:35:a6:eb:
+        cb:2b:a3:bc:1e:85:33:c3:0e:7e:5e:45:32:24:61:83:64:aa:
+        6b:23:a6:43:54:b6:6e:85:1c:14:09:f3:09:94:e9:af:49:5f:
+        86:99:93:de:e7:63:f7:30:a9:d6:74:7e:40:0c:6c:4d:51:f1:
+        ff:a0:41:b6:6f:db:1b:f2:03:36:22:7c:94:c5:b2:30:0d:66:
+        00:4e:0d:09:50:3e:02:8b:38:a5:30:e6:1b:76:29:58:2b:f9:
+        5e:b1:99:55:78:9e:65:93:fa:54:72:48:f4:3b:92:d2:c0:07:
+        68:01:bc:b1
+-----BEGIN CERTIFICATE-----
+MIICoTCCAYmgAwIBAgIRALdDnlqABK1vPNKCn5m0VQwwDQYJKoZIhvcNAQENBQAw
+FDESMBAGA1UEAwwJSkZfc2VydmVyMCAXDTI1MDUyNjE5MjYwOFoYDzIwNTUwNTE5
+MTkyNjA4WjANMQswCQYDVQQDDAJqZjB2MBAGByqGSM49AgEGBSuBBAAiA2IABMvP
++81atRzi9hw1NuRrKQZID6rpWy7j98pd9AGXjAn8y1y5lj9EC3trbznzYpJDjTEV
+yrOA9cMae37erLpcnyb0HNaR0FlKsl7c3JQKnSQpsEImV5Ne6QJEymCqhpkt0aOB
+oDCBnTAJBgNVHRMEAjAAMB0GA1UdDgQWBBTZcE3Mv3KP9G3dIIUsGTtvHpfsiDBP
+BgNVHSMESDBGgBSKeJDl8FDnjHXkuMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJ
+SkZfc2VydmVyghRd7fuTPbKqDIvbFd+9oZHOXPvLBjATBgNVHSUEDDAKBggrBgEF
+BQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQENBQADggEBAI5WIKJkH7s8/PRN
+ajD3kMCEAwCh1/RXk7CiePx59ClGInnxkIDpZW3Ix1TDTzj8xLXftX/9IJWjvtd8
+iVio8IS31BdNgRz6MLvnbs4eTNpf1P9mHsPly0Je3QKola+BYt2aoUgc8R2uTgd4
+neBeayySJypTP8Pry2Ik+UMFDyUUby8/7pJHKYSkdsH7xjWm68sro7wehTPDDn5e
+RTIkYYNkqmsjpkNUtm6FHBQJ8wmU6a9JX4aZk97nY/cwqdZ0fkAMbE1R8f+gQbZv
+2xvyAzYifJTFsjANZgBODQlQPgKLOKUw5ht2KVgr+V6xmVV4nmWT+lRySPQ7ktLA
+B2gBvLE=
+-----END CERTIFICATE-----
diff --git a/OpenVPN/Certificates/Certs/jf.req b/OpenVPN/Certificates/Certs/jf.req
new file mode 100644
index 0000000..d8dcfcb
--- /dev/null
+++ b/OpenVPN/Certificates/Certs/jf.req
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBBTCBjAIBADANMQswCQYDVQQDDAJqZjB2MBAGByqGSM49AgEGBSuBBAAiA2IA
+BMvP+81atRzi9hw1NuRrKQZID6rpWy7j98pd9AGXjAn8y1y5lj9EC3trbznzYpJD
+jTEVyrOA9cMae37erLpcnyb0HNaR0FlKsl7c3JQKnSQpsEImV5Ne6QJEymCqhpkt
+0aAAMAoGCCqGSM49BAMEA2gAMGUCMBAXAOJq9GamxmFoEgJTK5/LCoG9iOJYFMd7
+/SvurAL593D6ke+JJAy8Ft8xWujXAAIxAPGOwqpNf5T3U92CWu2iYkDrNpQOx0Lv
+AU+VnOYr67yUL6mziR8H38TIC5YqlBk3Rw==
+-----END CERTIFICATE REQUEST-----
diff --git a/OpenVPN/Certificates/Certs/pascal.crt b/OpenVPN/Certificates/Certs/pascal.crt
new file mode 100644
index 0000000..cc4d06c
--- /dev/null
+++ b/OpenVPN/Certificates/Certs/pascal.crt
@@ -0,0 +1,71 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            b7:78:f3:d4:2a:58:b2:3b:23:0c:a9:70:43:45:de:fa
+        Signature Algorithm: sha512WithRSAEncryption
+        Issuer: CN=JF_server
+        Validity
+            Not Before: May 26 19:26:26 2025 GMT
+            Not After : May 19 19:26:26 2055 GMT
+        Subject: CN=pascal
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (384 bit)
+                pub:
+                    04:03:0b:f5:f3:3a:02:fb:22:42:b1:5c:ab:74:8f:
+                    43:78:3a:d0:b1:3d:97:8d:c0:9a:07:11:ee:d3:03:
+                    22:d3:da:f3:04:a9:c0:bd:8f:ac:41:7d:91:09:07:
+                    49:fc:1c:32:a5:9a:7d:fd:85:51:01:64:cb:3e:00:
+                    d6:bc:c0:c8:ed:e9:47:64:5d:24:a4:4f:37:30:b2:
+                    e8:c8:ed:75:55:87:7c:cb:01:52:ea:ac:a1:21:96:
+                    06:a7:8f:86:b5:19:52
+                ASN1 OID: secp384r1
+                NIST CURVE: P-384
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                EC:EE:95:98:8B:6A:1F:DB:AB:49:CB:88:40:65:67:D6:3B:F3:F7:D7
+            X509v3 Authority Key Identifier: 
+                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
+                DirName:/CN=JF_server
+                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha512WithRSAEncryption
+    Signature Value:
+        4b:18:4a:f9:45:fb:ad:34:73:f2:4d:4f:f1:b9:fd:4a:c7:2a:
+        eb:a7:2c:e4:c5:3f:f0:e7:55:d6:d9:61:b9:2f:92:bb:f2:3e:
+        49:a8:ad:27:33:88:c1:ca:32:7a:33:4e:53:d0:4e:6f:30:c5:
+        59:c2:b7:1b:ef:36:48:06:80:a3:cf:da:b2:d1:46:3e:30:10:
+        a4:e8:7a:0d:e0:e0:fe:9d:24:fc:b0:b9:21:64:0b:c0:11:55:
+        6f:5e:75:d2:0a:18:15:7b:dd:40:00:a7:1c:bb:f4:90:29:1e:
+        6e:b1:3d:8e:14:d0:65:48:12:e6:7e:40:24:f9:72:5a:f4:70:
+        df:89:a9:1a:d2:12:21:9d:b0:00:d1:f7:35:20:f4:6e:3a:ad:
+        c1:72:29:06:a7:c8:4d:86:3d:a5:b5:a0:f5:9f:1f:44:4c:84:
+        ad:69:81:d8:f1:11:62:6f:0f:67:6e:4d:ef:1a:59:0c:6f:b3:
+        9d:95:b3:ef:3b:07:54:81:90:15:14:ce:0f:71:2c:b7:f8:39:
+        96:11:94:77:db:ce:55:96:c2:4a:cc:fe:c6:38:6e:58:0a:83:
+        8a:e6:ab:26:b4:ad:90:78:cc:0a:90:31:6b:66:ce:eb:ea:1d:
+        19:71:34:eb:25:61:a2:3f:5d:a0:0b:d3:4e:56:73:b6:14:5a:
+        09:0c:1d:1c
+-----BEGIN CERTIFICATE-----
+MIICpTCCAY2gAwIBAgIRALd489QqWLI7IwypcENF3vowDQYJKoZIhvcNAQENBQAw
+FDESMBAGA1UEAwwJSkZfc2VydmVyMCAXDTI1MDUyNjE5MjYyNloYDzIwNTUwNTE5
+MTkyNjI2WjARMQ8wDQYDVQQDDAZwYXNjYWwwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AAQDC/XzOgL7IkKxXKt0j0N4OtCxPZeNwJoHEe7TAyLT2vMEqcC9j6xBfZEJB0n8
+HDKlmn39hVEBZMs+ANa8wMjt6UdkXSSkTzcwsujI7XVVh3zLAVLqrKEhlganj4a1
+GVKjgaAwgZ0wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7O6VmItqH9urScuIQGVn1jvz
+99cwTwYDVR0jBEgwRoAUiniQ5fBQ54x15LjAoejpm7IanTKhGKQWMBQxEjAQBgNV
+BAMMCUpGX3NlcnZlcoIUXe37kz2yqgyL2xXfvaGRzlz7ywYwEwYDVR0lBAwwCgYI
+KwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBDQUAA4IBAQBLGEr5Rfut
+NHPyTU/xuf1KxyrrpyzkxT/w51XW2WG5L5K78j5JqK0nM4jByjJ6M05T0E5vMMVZ
+wrcb7zZIBoCjz9qy0UY+MBCk6HoN4OD+nST8sLkhZAvAEVVvXnXSChgVe91AAKcc
+u/SQKR5usT2OFNBlSBLmfkAk+XJa9HDfiaka0hIhnbAA0fc1IPRuOq3BcikGp8hN
+hj2ltaD1nx9ETIStaYHY8RFibw9nbk3vGlkMb7OdlbPvOwdUgZAVFM4PcSy3+DmW
+EZR3285VlsJKzP7GOG5YCoOK5qsmtK2QeMwKkDFrZs7r6h0ZcTTrJWGiP12gC9NO
+VnO2FFoJDB0c
+-----END CERTIFICATE-----
diff --git a/OpenVPN/Certificates/Certs/pascal.req b/OpenVPN/Certificates/Certs/pascal.req
new file mode 100644
index 0000000..f840d77
--- /dev/null
+++ b/OpenVPN/Certificates/Certs/pascal.req
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBCjCBkAIBADARMQ8wDQYDVQQDDAZwYXNjYWwwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAQDC/XzOgL7IkKxXKt0j0N4OtCxPZeNwJoHEe7TAyLT2vMEqcC9j6xBfZEJ
+B0n8HDKlmn39hVEBZMs+ANa8wMjt6UdkXSSkTzcwsujI7XVVh3zLAVLqrKEhlgan
+j4a1GVKgADAKBggqhkjOPQQDBANpADBmAjEA2FJFlVFqiHn5kb+IrxFkn8fCGC3v
+QVlO01hca2mf5diyyUmmMTUtEtg3o7cf89pWAjEA0bKPNzw6v2F7a1B6c/ZcbPy2
+uAYgUARFP38JYc0KyWNz/uT62JCFBrlwCw9Zitoh
+-----END CERTIFICATE REQUEST-----
diff --git a/OpenVPN/Certificates/Certs/remoteclient.req b/OpenVPN/Certificates/Certs/remoteclient.req
new file mode 100644
index 0000000..6347b4b
--- /dev/null
+++ b/OpenVPN/Certificates/Certs/remoteclient.req
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBDjCBlgIBADAXMRUwEwYDVQQDDAxyZW1vdGVjbGllbnQwdjAQBgcqhkjOPQIB
+BgUrgQQAIgNiAASEnkviXj+VqmKiq7/31fePisZ4muC/1d7/oTEmEsMpJswWz3Lu
+KvxyUuCbPg+9Fjgs20Og/jkKYf5ivt8645z5MjKetZvPMkVJAO18DkScYDaWJbhM
+TMjD5HtU6PvnnvagADAKBggqhkjOPQQDBANnADBkAjAFNQm1L5teW52NHEm5Js8v
+oVOG8mpk+2qvvdRg7h/HUR3Yzvzzz8txZVpRS/A9IfICMGHVE0yxgDz5YUlGCQH6
+US5q3LixPUtDFNi2VlJt4X5WEM4Ofv6HSWLZcZsgldqNiQ==
+-----END CERTIFICATE REQUEST-----
diff --git a/OpenVPN/Certificates/Certs/stationKA2401.crt b/OpenVPN/Certificates/Certs/stationKA2401.crt
new file mode 100644
index 0000000..d373322
--- /dev/null
+++ b/OpenVPN/Certificates/Certs/stationKA2401.crt
@@ -0,0 +1,71 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            66:08:5b:1b:f8:f4:1a:91:25:8d:57:e4:d1:eb:c9:02
+        Signature Algorithm: sha512WithRSAEncryption
+        Issuer: CN=JF_server
+        Validity
+            Not Before: May 26 19:53:27 2025 GMT
+            Not After : May 19 19:53:27 2055 GMT
+        Subject: CN=stationKA2401
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (384 bit)
+                pub:
+                    04:82:a2:c4:54:2e:5f:18:b0:09:38:2e:88:52:6e:
+                    23:10:f1:a3:d1:12:8c:33:e6:24:00:e8:03:18:12:
+                    ff:11:d3:fb:38:7c:e7:85:12:94:11:ad:d4:41:67:
+                    97:29:8e:07:fb:b6:b9:b2:80:ca:cc:d5:14:4d:a3:
+                    2e:55:29:60:8a:9f:7d:50:a4:21:dc:e2:17:05:5c:
+                    ca:c6:5d:8f:c4:a2:99:e2:2b:18:a7:69:a4:e4:26:
+                    11:1c:f5:0e:a1:5e:a5
+                ASN1 OID: secp384r1
+                NIST CURVE: P-384
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                43:48:E4:77:19:BA:6E:C7:4A:98:98:A5:05:8B:DB:19:62:8B:47:33
+            X509v3 Authority Key Identifier: 
+                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
+                DirName:/CN=JF_server
+                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha512WithRSAEncryption
+    Signature Value:
+        66:0e:a7:15:99:98:0b:a7:bf:be:fa:c5:c6:c9:6e:d4:d0:18:
+        84:fd:ef:bc:33:98:db:8e:56:44:25:c9:7e:7d:d9:1b:00:95:
+        39:59:36:2e:b0:d1:2e:8f:cf:c8:c4:0e:47:7f:c9:21:01:18:
+        7f:8b:5a:16:30:97:c3:a3:bb:70:54:58:e2:55:97:71:e0:f7:
+        b3:47:bb:88:11:30:a4:b9:41:65:2b:b5:d7:1b:df:5e:df:66:
+        33:32:52:a7:92:83:2e:87:57:11:65:52:28:f5:16:06:92:ec:
+        39:24:20:c0:fb:b2:21:30:a6:87:b4:08:b9:7c:32:3c:3b:09:
+        36:2d:9c:e8:8b:47:f3:d8:58:10:44:b0:10:f4:dc:e1:d5:e7:
+        e6:7b:c6:51:0b:de:fc:ef:aa:d7:ee:3b:ec:55:11:2b:43:52:
+        24:4e:b4:56:0d:cf:25:33:05:67:ad:0a:3e:b4:b2:55:db:b9:
+        43:bf:24:87:8e:02:8e:50:7e:6a:35:ef:fb:89:b9:16:1f:6f:
+        c0:46:6a:7f:6c:8a:ea:94:2d:a5:62:04:f9:ee:fe:31:51:d9:
+        73:f9:b8:5c:83:3a:46:00:fa:4f:e7:44:e3:60:da:c8:cc:cd:
+        6b:18:55:27:6e:c9:38:e7:3b:7d:c8:a3:67:13:08:6a:67:18:
+        92:7d:7e:c9
+-----BEGIN CERTIFICATE-----
+MIICqzCCAZOgAwIBAgIQZghbG/j0GpEljVfk0evJAjANBgkqhkiG9w0BAQ0FADAU
+MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwIBcNMjUwNTI2MTk1MzI3WhgPMjA1NTA1MTkx
+OTUzMjdaMBgxFjAUBgNVBAMMDXN0YXRpb25LQTI0MDEwdjAQBgcqhkjOPQIBBgUr
+gQQAIgNiAASCosRULl8YsAk4LohSbiMQ8aPREowz5iQA6AMYEv8R0/s4fOeFEpQR
+rdRBZ5cpjgf7trmygMrM1RRNoy5VKWCKn31QpCHc4hcFXMrGXY/EopniKxinaaTk
+JhEc9Q6hXqWjgaAwgZ0wCQYDVR0TBAIwADAdBgNVHQ4EFgQUQ0jkdxm6bsdKmJil
+BYvbGWKLRzMwTwYDVR0jBEgwRoAUiniQ5fBQ54x15LjAoejpm7IanTKhGKQWMBQx
+EjAQBgNVBAMMCUpGX3NlcnZlcoIUXe37kz2yqgyL2xXfvaGRzlz7ywYwEwYDVR0l
+BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBDQUAA4IBAQBm
+DqcVmZgLp7+++sXGyW7U0BiE/e+8M5jbjlZEJcl+fdkbAJU5WTYusNEuj8/IxA5H
+f8khARh/i1oWMJfDo7twVFjiVZdx4PezR7uIETCkuUFlK7XXG99e32YzMlKnkoMu
+h1cRZVIo9RYGkuw5JCDA+7IhMKaHtAi5fDI8Owk2LZzoi0fz2FgQRLAQ9Nzh1efm
+e8ZRC97876rX7jvsVRErQ1IkTrRWDc8lMwVnrQo+tLJV27lDvySHjgKOUH5qNe/7
+ibkWH2/ARmp/bIrqlC2lYgT57v4xUdlz+bhcgzpGAPpP50TjYNrIzM1rGFUnbsk4
+5zt9yKNnEwhqZxiSfX7J
+-----END CERTIFICATE-----
diff --git a/OpenVPN/Certificates/Certs/stationKA2401.req b/OpenVPN/Certificates/Certs/stationKA2401.req
new file mode 100644
index 0000000..c7685c7
--- /dev/null
+++ b/OpenVPN/Certificates/Certs/stationKA2401.req
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBETCBlwIBADAYMRYwFAYDVQQDDA1zdGF0aW9uS0EyNDAxMHYwEAYHKoZIzj0C
+AQYFK4EEACIDYgAEgqLEVC5fGLAJOC6IUm4jEPGj0RKMM+YkAOgDGBL/EdP7OHzn
+hRKUEa3UQWeXKY4H+7a5soDKzNUUTaMuVSlgip99UKQh3OIXBVzKxl2PxKKZ4isY
+p2mk5CYRHPUOoV6loAAwCgYIKoZIzj0EAwQDaQAwZgIxAO+GCyXJVu6aQS7T72qX
+7nkgj5HyOKzLSo1AcO+BaUiVUTEeMAuoVejbXRBO/VYxzgIxAK/yU2EupeCv51hR
+vbIih0lu5siEzKOGR1LtB/JtPjDwj/64cTwn1HsijWhPGrmXmA==
+-----END CERTIFICATE REQUEST-----
diff --git a/OpenVPN/Certificates/Certs/stationOT2301.crt b/OpenVPN/Certificates/Certs/stationOT2301.crt
new file mode 100644
index 0000000..e6ee2dc
--- /dev/null
+++ b/OpenVPN/Certificates/Certs/stationOT2301.crt
@@ -0,0 +1,71 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number:
+            57:8f:49:9e:03:dd:fb:c9:41:7c:9a:36:9f:15:fa:17
+        Signature Algorithm: sha512WithRSAEncryption
+        Issuer: CN=JF_server
+        Validity
+            Not Before: May 26 19:53:18 2025 GMT
+            Not After : May 19 19:53:18 2055 GMT
+        Subject: CN=remoteclient
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (384 bit)
+                pub:
+                    04:84:9e:4b:e2:5e:3f:95:aa:62:a2:ab:bf:f7:d5:
+                    f7:8f:8a:c6:78:9a:e0:bf:d5:de:ff:a1:31:26:12:
+                    c3:29:26:cc:16:cf:72:ee:2a:fc:72:52:e0:9b:3e:
+                    0f:bd:16:38:2c:db:43:a0:fe:39:0a:61:fe:62:be:
+                    df:3a:e3:9c:f9:32:32:9e:b5:9b:cf:32:45:49:00:
+                    ed:7c:0e:44:9c:60:36:96:25:b8:4c:4c:c8:c3:e4:
+                    7b:54:e8:fb:e7:9e:f6
+                ASN1 OID: secp384r1
+                NIST CURVE: P-384
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            X509v3 Subject Key Identifier: 
+                DE:16:FC:5F:F9:D9:20:5A:ED:F6:62:49:91:1C:BE:D2:38:0D:ED:23
+            X509v3 Authority Key Identifier: 
+                keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
+                DirName:/CN=JF_server
+                serial:5D:ED:FB:93:3D:B2:AA:0C:8B:DB:15:DF:BD:A1:91:CE:5C:FB:CB:06
+            X509v3 Extended Key Usage: 
+                TLS Web Client Authentication
+            X509v3 Key Usage: 
+                Digital Signature
+    Signature Algorithm: sha512WithRSAEncryption
+    Signature Value:
+        40:83:8d:27:36:cc:75:97:2f:15:56:f2:5c:f2:0b:21:54:db:
+        f5:35:5e:42:92:44:84:b6:c7:b4:0d:4d:8d:8d:5b:d8:31:d2:
+        43:f3:7b:20:58:13:be:25:02:6e:a4:a2:9a:19:97:1e:35:50:
+        aa:0a:0c:e9:08:d7:2a:cf:3f:3d:ba:0b:0b:fa:36:e0:29:64:
+        3d:5f:a1:bb:17:12:13:33:cd:27:25:c5:92:e5:76:14:21:b5:
+        98:4c:33:99:f9:b2:4d:50:b7:5c:d9:dc:19:26:9c:12:19:95:
+        1c:01:04:4f:fa:b0:5a:ba:84:73:b5:84:86:78:3a:b2:99:38:
+        aa:a0:41:a8:8a:6d:f2:05:ce:8e:6b:f6:95:a8:06:f0:92:d7:
+        6b:1f:91:62:58:31:2f:0f:38:e1:67:f7:e0:62:35:c8:e8:12:
+        10:69:c7:08:5b:be:71:7e:c7:69:4e:0e:16:8b:7a:03:73:09:
+        d6:ed:ac:98:e5:4b:97:09:ce:d4:c9:78:53:03:8a:b5:da:60:
+        dc:e5:3d:9e:39:09:4f:6d:3d:55:6e:33:79:e7:dc:55:33:14:
+        e3:99:4d:4e:b3:67:7b:e5:6d:c4:d4:dd:81:85:36:e2:ed:b8:
+        d8:ea:90:a8:29:c8:04:6f:ed:a0:6b:50:ea:d4:3e:20:d9:de:
+        fe:db:79:a4
+-----BEGIN CERTIFICATE-----
+MIICqjCCAZKgAwIBAgIQV49JngPd+8lBfJo2nxX6FzANBgkqhkiG9w0BAQ0FADAU
+MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwIBcNMjUwNTI2MTk1MzE4WhgPMjA1NTA1MTkx
+OTUzMThaMBcxFTATBgNVBAMMDHJlbW90ZWNsaWVudDB2MBAGByqGSM49AgEGBSuB
+BAAiA2IABISeS+JeP5WqYqKrv/fV94+Kxnia4L/V3v+hMSYSwykmzBbPcu4q/HJS
+4Js+D70WOCzbQ6D+OQph/mK+3zrjnPkyMp61m88yRUkA7XwORJxgNpYluExMyMPk
+e1To++ee9qOBoDCBnTAJBgNVHRMEAjAAMB0GA1UdDgQWBBTeFvxf+dkgWu32YkmR
+HL7SOA3tIzBPBgNVHSMESDBGgBSKeJDl8FDnjHXkuMCh6OmbshqdMqEYpBYwFDES
+MBAGA1UEAwwJSkZfc2VydmVyghRd7fuTPbKqDIvbFd+9oZHOXPvLBjATBgNVHSUE
+DDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQENBQADggEBAECD
+jSc2zHWXLxVW8lzyCyFU2/U1XkKSRIS2x7QNTY2NW9gx0kPzeyBYE74lAm6kopoZ
+lx41UKoKDOkI1yrPPz26Cwv6NuApZD1fobsXEhMzzSclxZLldhQhtZhMM5n5sk1Q
+t1zZ3BkmnBIZlRwBBE/6sFq6hHO1hIZ4OrKZOKqgQaiKbfIFzo5r9pWoBvCS12sf
+kWJYMS8POOFn9+BiNcjoEhBpxwhbvnF+x2lODhaLegNzCdbtrJjlS5cJztTJeFMD
+irXaYNzlPZ45CU9tPVVuM3nn3FUzFOOZTU6zZ3vlbcTU3YGFNuLtuNjqkKgpyARv
+7aBrUOrUPiDZ3v7beaQ=
+-----END CERTIFICATE-----
diff --git a/OpenVPN/fred.ovpn b/OpenVPN/fred.ovpn
index 744125c..e88adaf 100644
--- a/OpenVPN/fred.ovpn
+++ b/OpenVPN/fred.ovpn
@@ -40,6 +40,7 @@ proto udp
 # You can have multiple remote entries
 # to load balance between the servers.
 remote vpn.yultek.dev 1194
+;remote 138.197.151.172 1194
 ;remote my-server-2 1194
 
 # Choose a random host from the remote
@@ -167,31 +168,31 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            ab:ba:55:27:aa:06:49:7b:13:dd:f2:5b:ae:27:08:fe
-        Signature Algorithm: sha256WithRSAEncryption
+            ab:57:22:69:00:94:7d:2d:f2:86:c1:7c:f6:84:a4:d1
+        Signature Algorithm: sha512WithRSAEncryption
         Issuer: CN=JF_server
         Validity
-            Not Before: Jun  1 18:17:32 2023 GMT
-            Not After : Sep  3 18:17:32 2025 GMT
+            Not Before: May 26 19:26:43 2025 GMT
+            Not After : May 19 19:26:43 2055 GMT
         Subject: CN=fred
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (384 bit)
                 pub:
-                    04:3e:78:ef:26:d9:87:bb:8b:08:47:fe:15:ad:96:
-                    ae:f4:93:f1:d8:ce:e3:05:d2:96:46:fc:f6:47:c9:
-                    ac:41:f5:01:1b:e3:25:61:f4:ee:6f:8d:13:dd:ab:
-                    1b:d8:02:85:a3:fb:52:3d:02:d8:ad:0b:ed:e3:02:
-                    88:c7:eb:06:52:ca:25:ac:8b:ac:eb:52:4c:43:52:
-                    f9:c0:8c:f4:48:ea:72:a6:26:f7:5f:02:96:97:ad:
-                    10:ac:6d:c8:d3:b1:28
+                    04:52:a0:c4:e8:7b:31:2c:fe:6a:e1:55:f0:94:5e:
+                    70:d0:6e:43:6d:72:7b:7d:a2:f5:61:cf:68:e7:ef:
+                    b7:e5:f0:2f:bd:76:26:4c:ce:f0:4e:bb:99:03:cf:
+                    17:05:a9:3f:a2:0d:ed:6e:6f:3f:0f:08:f2:1b:68:
+                    9e:e0:4d:38:5f:55:99:51:1b:ae:39:2e:1d:9f:78:
+                    b1:58:52:5c:b5:1f:54:d6:c9:09:6d:4e:b5:9c:00:
+                    c2:01:89:c7:27:94:ea
                 ASN1 OID: secp384r1
                 NIST CURVE: P-384
         X509v3 extensions:
             X509v3 Basic Constraints: 
                 CA:FALSE
             X509v3 Subject Key Identifier: 
-                3C:F6:00:C3:CF:A4:BB:8D:F1:1B:AB:A1:6F:24:44:2A:73:95:EB:46
+                0F:E2:50:A5:9A:17:2B:87:71:11:CB:52:15:48:08:5B:72:F6:92:5E
             X509v3 Authority Key Identifier: 
                 keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
                 DirName:/CN=JF_server
@@ -200,47 +201,47 @@ Certificate:
                 TLS Web Client Authentication
             X509v3 Key Usage: 
                 Digital Signature
-    Signature Algorithm: sha256WithRSAEncryption
+    Signature Algorithm: sha512WithRSAEncryption
     Signature Value:
-        10:9c:49:d0:09:dc:52:df:2b:e1:ce:59:ef:f7:a0:96:13:05:
-        7e:30:ba:4b:6d:17:62:ed:89:39:cb:0e:c5:cc:df:0c:5a:68:
-        e7:0f:bc:c2:67:e0:b2:72:b6:9f:e7:9f:1f:4c:e5:da:d9:5c:
-        d8:53:44:ef:47:ea:47:9d:d7:1d:12:ab:75:c3:1f:c4:d8:ae:
-        65:7e:39:9d:98:f1:02:df:03:77:1e:7b:88:24:5f:7e:51:5c:
-        f2:9c:b8:1f:84:71:4b:f9:5a:6d:06:63:4d:e9:ab:27:f5:99:
-        fa:ac:25:7a:e2:a7:ba:94:a7:44:8b:2f:21:73:c1:db:1a:37:
-        38:d6:46:4a:a5:65:f7:24:35:08:40:9a:8e:d6:22:56:20:c9:
-        7b:52:b3:8f:ea:53:bf:00:bd:6a:23:bd:07:fe:af:2e:20:ee:
-        71:69:f8:66:b0:f3:00:5e:8d:2f:2a:37:b9:14:a6:bf:c8:25:
-        2e:1b:f4:86:58:94:33:2b:85:f9:08:3a:48:9e:49:42:66:5a:
-        37:10:10:5b:50:2e:f6:06:d0:fe:86:17:0d:9d:f5:dd:cb:ab:
-        92:39:de:d8:57:9d:0d:7e:14:b7:61:e5:bc:dc:62:00:22:8c:
-        23:df:90:d4:38:01:18:23:96:c6:7e:e8:c8:5e:c8:fd:a4:b2:
-        47:87:02:4f
+        1d:9a:07:1e:b0:5f:56:08:c3:a8:25:6a:54:2c:50:4d:98:b3:
+        f0:ab:39:ae:93:87:35:44:04:2c:ac:92:ea:a4:96:d3:10:77:
+        01:16:93:1e:b5:1d:5d:7f:98:c9:5d:2b:6d:03:97:e4:6b:38:
+        2e:3b:a9:00:5f:d4:34:11:fe:24:51:47:27:31:a3:60:b0:ce:
+        af:b3:87:95:eb:dd:4f:c5:88:18:db:60:9b:22:09:3d:73:53:
+        83:f6:31:a6:61:0f:60:e3:76:77:d7:be:a8:fa:01:5b:7d:53:
+        97:7e:25:9b:30:e6:34:52:ae:e7:0b:d1:0e:3a:69:8d:55:f8:
+        40:a4:4d:3c:2e:7b:40:06:8e:bf:ba:e5:46:30:d7:26:fa:49:
+        aa:bc:7d:3c:a8:89:84:28:0a:b4:7b:a8:51:f6:df:04:f8:63:
+        e8:a7:72:4e:d0:ae:45:23:91:7e:d3:a6:20:16:86:93:08:8f:
+        c0:83:ff:17:96:ff:63:9a:c9:0b:b8:cd:ff:05:ea:ef:33:2e:
+        78:e7:1e:86:23:0d:de:66:9d:74:d7:17:2e:9c:e2:a0:42:03:
+        9a:ed:ae:44:da:f5:a5:c1:36:56:9c:7d:eb:ca:dc:76:eb:62:
+        6e:fe:8f:dc:f5:eb:a1:72:9e:64:bd:2e:64:1b:62:e0:52:d0:
+        f9:ab:52:cf
 -----BEGIN CERTIFICATE-----
-MIICoTCCAYmgAwIBAgIRAKu6VSeqBkl7E93yW64nCP4wDQYJKoZIhvcNAQELBQAw
-FDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDYwMTE4MTczMloXDTI1MDkwMzE4
-MTczMlowDzENMAsGA1UEAwwEZnJlZDB2MBAGByqGSM49AgEGBSuBBAAiA2IABD54
-7ybZh7uLCEf+Fa2WrvST8djO4wXSlkb89kfJrEH1ARvjJWH07m+NE92rG9gChaP7
-Uj0C2K0L7eMCiMfrBlLKJayLrOtSTENS+cCM9EjqcqYm918ClpetEKxtyNOxKKOB
-oDCBnTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQ89gDDz6S7jfEbq6FvJEQqc5XrRjBP
-BgNVHSMESDBGgBSKeJDl8FDnjHXkuMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJ
-SkZfc2VydmVyghRd7fuTPbKqDIvbFd+9oZHOXPvLBjATBgNVHSUEDDAKBggrBgEF
-BQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBABCcSdAJ3FLfK+HO
-We/3oJYTBX4wukttF2LtiTnLDsXM3wxaaOcPvMJn4LJytp/nnx9M5drZXNhTRO9H
-6ked1x0Sq3XDH8TYrmV+OZ2Y8QLfA3cee4gkX35RXPKcuB+EcUv5Wm0GY03pqyf1
-mfqsJXrip7qUp0SLLyFzwdsaNzjWRkqlZfckNQhAmo7WIlYgyXtSs4/qU78AvWoj
-vQf+ry4g7nFp+Gaw8wBejS8qN7kUpr/IJS4b9IZYlDMrhfkIOkieSUJmWjcQEFtQ
-LvYG0P6GFw2d9d3Lq5I53thXnQ1+FLdh5bzcYgAijCPfkNQ4ARgjlsZ+6MheyP2k
-skeHAk8=
+MIICozCCAYugAwIBAgIRAKtXImkAlH0t8obBfPaEpNEwDQYJKoZIhvcNAQENBQAw
+FDESMBAGA1UEAwwJSkZfc2VydmVyMCAXDTI1MDUyNjE5MjY0M1oYDzIwNTUwNTE5
+MTkyNjQzWjAPMQ0wCwYDVQQDDARmcmVkMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE
+UqDE6HsxLP5q4VXwlF5w0G5DbXJ7faL1Yc9o5++35fAvvXYmTM7wTruZA88XBak/
+og3tbm8/DwjyG2ie4E04X1WZURuuOS4dn3ixWFJctR9U1skJbU61nADCAYnHJ5Tq
+o4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFA/iUKWaFyuHcRHLUhVICFty9pJe
+ME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIwEAYDVQQD
+DAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQMMAoGCCsG
+AQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQ0FAAOCAQEAHZoHHrBfVgjD
+qCVqVCxQTZiz8Ks5rpOHNUQELKyS6qSW0xB3ARaTHrUdXX+YyV0rbQOX5Gs4Ljup
+AF/UNBH+JFFHJzGjYLDOr7OHlevdT8WIGNtgmyIJPXNTg/YxpmEPYON2d9e+qPoB
+W31Tl34lmzDmNFKu5wvRDjppjVX4QKRNPC57QAaOv7rlRjDXJvpJqrx9PKiJhCgK
+tHuoUfbfBPhj6KdyTtCuRSORftOmIBaGkwiPwIP/F5b/Y5rJC7jN/wXq7zMueOce
+hiMN3maddNcXLpzioEIDmu2uRNr1pcE2Vpx968rcdutibv6P3PXroXKeZL0uZBti
+4FLQ+atSzw==
 -----END CERTIFICATE-----
 </cert>
 <key>
 -----BEGIN PRIVATE KEY-----
-MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBQw+Cfj2TA0I9LNukC
-i6neLisJywxfhODlvipRtpifAMhKh1mgf3U5mcknDT4N3A6hZANiAAQ+eO8m2Ye7
-iwhH/hWtlq70k/HYzuMF0pZG/PZHyaxB9QEb4yVh9O5vjRPdqxvYAoWj+1I9Atit
-C+3jAojH6wZSyiWsi6zrUkxDUvnAjPRI6nKmJvdfApaXrRCsbcjTsSg=
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBWcN+8Dvwua4D5eX5O
+7ur9tcu7we995i8cwa5S12vPvmKukUwENyzmm8O3xNYjtX2hZANiAARSoMToezEs
+/mrhVfCUXnDQbkNtcnt9ovVhz2jn77fl8C+9diZMzvBOu5kDzxcFqT+iDe1ubz8P
+CPIbaJ7gTThfVZlRG645Lh2feLFYUly1H1TWyQltTrWcAMIBiccnlOo=
 -----END PRIVATE KEY-----
 </key>
 <tls-crypt>
diff --git a/OpenVPN/jf.ovpn b/OpenVPN/jf.ovpn
index 4555f0c..d3d8235 100644
--- a/OpenVPN/jf.ovpn
+++ b/OpenVPN/jf.ovpn
@@ -39,7 +39,8 @@ proto udp
 # The hostname/IP and port of the server.
 # You can have multiple remote entries
 # to load balance between the servers.
-remote 138.197.151.172 1194
+remote vpn.yultek.dev 1194
+;remote 138.197.151.172 1194
 ;remote my-server-2 1194
 
 # Choose a random host from the remote
@@ -167,31 +168,31 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            22:7a:b3:cb:88:05:00:8c:df:af:02:be:af:63:f9:59
-        Signature Algorithm: sha256WithRSAEncryption
+            b7:43:9e:5a:80:04:ad:6f:3c:d2:82:9f:99:b4:55:0c
+        Signature Algorithm: sha512WithRSAEncryption
         Issuer: CN=JF_server
         Validity
-            Not Before: Feb 20 22:37:46 2023 GMT
-            Not After : May 25 22:37:46 2025 GMT
+            Not Before: May 26 19:26:08 2025 GMT
+            Not After : May 19 19:26:08 2055 GMT
         Subject: CN=jf
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (384 bit)
                 pub:
-                    04:8d:38:ea:4f:29:bd:83:a9:33:a3:1c:33:8a:60:
-                    8f:fa:19:81:00:73:44:81:98:1e:76:05:ee:f6:46:
-                    d5:25:a8:c5:3b:bd:d6:fa:cf:c6:79:e0:b4:42:27:
-                    80:e2:96:2d:30:50:c2:f6:9c:2c:13:f8:b9:46:b3:
-                    0d:96:6c:9b:d2:45:15:a3:f0:4c:bc:6b:51:45:f8:
-                    cb:59:04:b1:d0:47:b9:90:06:71:c7:eb:34:32:e2:
-                    72:14:84:94:58:e3:34
+                    04:cb:cf:fb:cd:5a:b5:1c:e2:f6:1c:35:36:e4:6b:
+                    29:06:48:0f:aa:e9:5b:2e:e3:f7:ca:5d:f4:01:97:
+                    8c:09:fc:cb:5c:b9:96:3f:44:0b:7b:6b:6f:39:f3:
+                    62:92:43:8d:31:15:ca:b3:80:f5:c3:1a:7b:7e:de:
+                    ac:ba:5c:9f:26:f4:1c:d6:91:d0:59:4a:b2:5e:dc:
+                    dc:94:0a:9d:24:29:b0:42:26:57:93:5e:e9:02:44:
+                    ca:60:aa:86:99:2d:d1
                 ASN1 OID: secp384r1
                 NIST CURVE: P-384
         X509v3 extensions:
             X509v3 Basic Constraints: 
                 CA:FALSE
             X509v3 Subject Key Identifier: 
-                C5:CE:72:8F:A3:8E:13:57:DD:0E:02:A1:24:F1:56:C3:AE:2F:65:8F
+                D9:70:4D:CC:BF:72:8F:F4:6D:DD:20:85:2C:19:3B:6F:1E:97:EC:88
             X509v3 Authority Key Identifier: 
                 keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
                 DirName:/CN=JF_server
@@ -200,47 +201,47 @@ Certificate:
                 TLS Web Client Authentication
             X509v3 Key Usage: 
                 Digital Signature
-    Signature Algorithm: sha256WithRSAEncryption
+    Signature Algorithm: sha512WithRSAEncryption
     Signature Value:
-        3b:e8:1a:3e:ac:17:17:49:7c:4d:73:55:39:e9:1b:e4:d6:7f:
-        6d:6d:43:6c:e2:79:41:f4:26:a4:2d:18:59:24:a0:b1:e0:db:
-        03:07:f9:fb:24:f6:be:ed:8c:31:3e:c7:bb:74:b6:87:ba:43:
-        fc:d6:fb:2f:9f:1c:eb:d1:27:ad:60:eb:ab:87:c7:46:fe:22:
-        75:c1:bb:fb:23:ad:ba:1d:ab:41:45:29:d6:c4:89:99:94:40:
-        06:c7:3a:08:fe:d3:b5:f4:e7:52:57:aa:d1:a8:ec:74:e6:c9:
-        ec:9e:80:e0:ba:92:92:95:55:2e:d7:b2:d8:09:ee:72:fd:12:
-        ac:0a:0d:dc:ba:ac:4e:34:8c:37:19:76:60:7c:bd:ba:99:b7:
-        e5:47:c3:4b:67:2f:a9:5c:89:95:70:2d:2c:97:45:04:64:15:
-        47:04:d1:48:7d:d8:40:63:6c:05:8b:dc:ed:0f:a3:ae:3a:e8:
-        6f:49:34:54:de:99:4b:aa:28:6d:c9:3d:db:43:60:14:40:d5:
-        09:87:a8:b2:88:11:4c:8c:00:71:b1:38:25:91:5f:2f:93:7b:
-        42:64:38:db:d2:59:48:e8:ed:2e:92:69:4e:d4:2a:3b:e3:03:
-        94:2c:fc:ac:bc:ff:a9:b4:1e:ca:d3:d2:b5:fd:bf:33:bd:55:
-        12:75:db:f1
+        8e:56:20:a2:64:1f:bb:3c:fc:f4:4d:6a:30:f7:90:c0:84:03:
+        00:a1:d7:f4:57:93:b0:a2:78:fc:79:f4:29:46:22:79:f1:90:
+        80:e9:65:6d:c8:c7:54:c3:4f:38:fc:c4:b5:df:b5:7f:fd:20:
+        95:a3:be:d7:7c:89:58:a8:f0:84:b7:d4:17:4d:81:1c:fa:30:
+        bb:e7:6e:ce:1e:4c:da:5f:d4:ff:66:1e:c3:e5:cb:42:5e:dd:
+        02:a8:95:af:81:62:dd:9a:a1:48:1c:f1:1d:ae:4e:07:78:9d:
+        e0:5e:6b:2c:92:27:2a:53:3f:c3:eb:cb:62:24:f9:43:05:0f:
+        25:14:6f:2f:3f:ee:92:47:29:84:a4:76:c1:fb:c6:35:a6:eb:
+        cb:2b:a3:bc:1e:85:33:c3:0e:7e:5e:45:32:24:61:83:64:aa:
+        6b:23:a6:43:54:b6:6e:85:1c:14:09:f3:09:94:e9:af:49:5f:
+        86:99:93:de:e7:63:f7:30:a9:d6:74:7e:40:0c:6c:4d:51:f1:
+        ff:a0:41:b6:6f:db:1b:f2:03:36:22:7c:94:c5:b2:30:0d:66:
+        00:4e:0d:09:50:3e:02:8b:38:a5:30:e6:1b:76:29:58:2b:f9:
+        5e:b1:99:55:78:9e:65:93:fa:54:72:48:f4:3b:92:d2:c0:07:
+        68:01:bc:b1
 -----BEGIN CERTIFICATE-----
-MIICnjCCAYagAwIBAgIQInqzy4gFAIzfrwK+r2P5WTANBgkqhkiG9w0BAQsFADAU
-MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjMwMjIwMjIzNzQ2WhcNMjUwNTI1MjIz
-NzQ2WjANMQswCQYDVQQDDAJqZjB2MBAGByqGSM49AgEGBSuBBAAiA2IABI046k8p
-vYOpM6McM4pgj/oZgQBzRIGYHnYF7vZG1SWoxTu91vrPxnngtEIngOKWLTBQwvac
-LBP4uUazDZZsm9JFFaPwTLxrUUX4y1kEsdBHuZAGccfrNDLichSElFjjNKOBoDCB
-nTAJBgNVHRMEAjAAMB0GA1UdDgQWBBTFznKPo44TV90OAqEk8VbDri9ljzBPBgNV
-HSMESDBGgBSKeJDl8FDnjHXkuMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJSkZf
-c2VydmVyghRd7fuTPbKqDIvbFd+9oZHOXPvLBjATBgNVHSUEDDAKBggrBgEFBQcD
-AjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBADvoGj6sFxdJfE1zVTnp
-G+TWf21tQ2zieUH0JqQtGFkkoLHg2wMH+fsk9r7tjDE+x7t0toe6Q/zW+y+fHOvR
-J61g66uHx0b+InXBu/sjrbodq0FFKdbEiZmUQAbHOgj+07X051JXqtGo7HTmyeye
-gOC6kpKVVS7XstgJ7nL9EqwKDdy6rE40jDcZdmB8vbqZt+VHw0tnL6lciZVwLSyX
-RQRkFUcE0Uh92EBjbAWL3O0Po6466G9JNFTemUuqKG3JPdtDYBRA1QmHqLKIEUyM
-AHGxOCWRXy+Te0JkONvSWUjo7S6SaU7UKjvjA5Qs/Ky8/6m0HsrT0rX9vzO9VRJ1
-2/E=
+MIICoTCCAYmgAwIBAgIRALdDnlqABK1vPNKCn5m0VQwwDQYJKoZIhvcNAQENBQAw
+FDESMBAGA1UEAwwJSkZfc2VydmVyMCAXDTI1MDUyNjE5MjYwOFoYDzIwNTUwNTE5
+MTkyNjA4WjANMQswCQYDVQQDDAJqZjB2MBAGByqGSM49AgEGBSuBBAAiA2IABMvP
++81atRzi9hw1NuRrKQZID6rpWy7j98pd9AGXjAn8y1y5lj9EC3trbznzYpJDjTEV
+yrOA9cMae37erLpcnyb0HNaR0FlKsl7c3JQKnSQpsEImV5Ne6QJEymCqhpkt0aOB
+oDCBnTAJBgNVHRMEAjAAMB0GA1UdDgQWBBTZcE3Mv3KP9G3dIIUsGTtvHpfsiDBP
+BgNVHSMESDBGgBSKeJDl8FDnjHXkuMCh6OmbshqdMqEYpBYwFDESMBAGA1UEAwwJ
+SkZfc2VydmVyghRd7fuTPbKqDIvbFd+9oZHOXPvLBjATBgNVHSUEDDAKBggrBgEF
+BQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQENBQADggEBAI5WIKJkH7s8/PRN
+ajD3kMCEAwCh1/RXk7CiePx59ClGInnxkIDpZW3Ix1TDTzj8xLXftX/9IJWjvtd8
+iVio8IS31BdNgRz6MLvnbs4eTNpf1P9mHsPly0Je3QKola+BYt2aoUgc8R2uTgd4
+neBeayySJypTP8Pry2Ik+UMFDyUUby8/7pJHKYSkdsH7xjWm68sro7wehTPDDn5e
+RTIkYYNkqmsjpkNUtm6FHBQJ8wmU6a9JX4aZk97nY/cwqdZ0fkAMbE1R8f+gQbZv
+2xvyAzYifJTFsjANZgBODQlQPgKLOKUw5ht2KVgr+V6xmVV4nmWT+lRySPQ7ktLA
+B2gBvLE=
 -----END CERTIFICATE-----
 </cert>
 <key>
 -----BEGIN PRIVATE KEY-----
-MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBI4JXNyv7EeAsIFaPn
-JBe0cJDvuYM+AGWJYcMtfQj8Sg5z+K0+Ur1IjRxj6vkyXa2hZANiAASNOOpPKb2D
-qTOjHDOKYI/6GYEAc0SBmB52Be72RtUlqMU7vdb6z8Z54LRCJ4Dili0wUML2nCwT
-+LlGsw2WbJvSRRWj8Ey8a1FF+MtZBLHQR7mQBnHH6zQy4nIUhJRY4zQ=
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDgu9X2O9NIi4drCkTl
+INFnFPYQSJ10JliFqGNM37UW4U2v5A93isSNU2YXyGgZnSWhZANiAATLz/vNWrUc
+4vYcNTbkaykGSA+q6Vsu4/fKXfQBl4wJ/MtcuZY/RAt7a28582KSQ40xFcqzgPXD
+Gnt+3qy6XJ8m9BzWkdBZSrJe3NyUCp0kKbBCJleTXukCRMpgqoaZLdE=
 -----END PRIVATE KEY-----
 </key>
 <tls-crypt>
diff --git a/OpenVPN/pascal.ovpn b/OpenVPN/pascal.ovpn
index cd74e16..60142d1 100644
--- a/OpenVPN/pascal.ovpn
+++ b/OpenVPN/pascal.ovpn
@@ -39,7 +39,8 @@ proto udp
 # The hostname/IP and port of the server.
 # You can have multiple remote entries
 # to load balance between the servers.
-remote 138.197.151.172 1194
+remote vpn.yultek.dev 1194
+;remote 138.197.151.172 1194
 ;remote my-server-2 1194
 
 # Choose a random host from the remote
@@ -167,31 +168,31 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            a6:7f:64:22:94:22:4a:39:b9:48:25:9b:99:9d:ae:a7
-        Signature Algorithm: sha256WithRSAEncryption
+            b7:78:f3:d4:2a:58:b2:3b:23:0c:a9:70:43:45:de:fa
+        Signature Algorithm: sha512WithRSAEncryption
         Issuer: CN=JF_server
         Validity
-            Not Before: Mar 17 19:30:32 2023 GMT
-            Not After : Jun 19 19:30:32 2025 GMT
+            Not Before: May 26 19:26:26 2025 GMT
+            Not After : May 19 19:26:26 2055 GMT
         Subject: CN=pascal
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (384 bit)
                 pub:
-                    04:6e:d7:fc:29:a8:23:70:28:49:70:82:f4:1a:4f:
-                    fc:e8:5a:d3:10:84:ef:0a:59:d9:3e:31:2e:5f:91:
-                    8b:97:7e:32:c5:e4:9a:b1:df:8b:66:82:f7:a5:5a:
-                    6d:90:ba:4d:4b:75:4e:1b:09:37:3b:23:5b:df:b8:
-                    08:89:c7:a0:d6:3b:fa:3e:f8:b1:08:18:a6:ee:25:
-                    02:25:b2:c5:43:ee:f5:03:82:9e:39:a0:82:d0:23:
-                    49:eb:fe:be:3e:8f:7a
+                    04:03:0b:f5:f3:3a:02:fb:22:42:b1:5c:ab:74:8f:
+                    43:78:3a:d0:b1:3d:97:8d:c0:9a:07:11:ee:d3:03:
+                    22:d3:da:f3:04:a9:c0:bd:8f:ac:41:7d:91:09:07:
+                    49:fc:1c:32:a5:9a:7d:fd:85:51:01:64:cb:3e:00:
+                    d6:bc:c0:c8:ed:e9:47:64:5d:24:a4:4f:37:30:b2:
+                    e8:c8:ed:75:55:87:7c:cb:01:52:ea:ac:a1:21:96:
+                    06:a7:8f:86:b5:19:52
                 ASN1 OID: secp384r1
                 NIST CURVE: P-384
         X509v3 extensions:
             X509v3 Basic Constraints: 
                 CA:FALSE
             X509v3 Subject Key Identifier: 
-                8E:E1:F2:13:12:D0:E0:C4:29:EA:29:E4:3D:94:2B:EC:0D:04:8F:BC
+                EC:EE:95:98:8B:6A:1F:DB:AB:49:CB:88:40:65:67:D6:3B:F3:F7:D7
             X509v3 Authority Key Identifier: 
                 keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
                 DirName:/CN=JF_server
@@ -200,47 +201,47 @@ Certificate:
                 TLS Web Client Authentication
             X509v3 Key Usage: 
                 Digital Signature
-    Signature Algorithm: sha256WithRSAEncryption
+    Signature Algorithm: sha512WithRSAEncryption
     Signature Value:
-        7d:0b:3f:f6:58:09:f2:8a:8d:0e:1e:50:c9:e8:31:f0:8f:0a:
-        f5:65:66:55:d3:dd:2c:5d:42:d4:0f:a5:02:ed:6a:77:e1:1d:
-        39:c5:46:1c:a5:38:17:89:13:f1:cd:eb:ff:b8:a5:3d:e9:85:
-        6f:d2:96:9b:f4:a1:09:6c:1b:84:40:70:19:2b:e1:ac:91:c2:
-        df:bf:09:a4:4f:c4:31:44:fe:2b:a5:60:38:97:a8:b3:01:aa:
-        39:43:74:90:b5:c6:fc:85:63:26:9f:7f:54:ba:de:4a:b1:ae:
-        6d:85:00:35:4d:15:9f:9d:10:f4:bf:bb:67:45:7e:c6:ab:ee:
-        7e:ad:92:4a:b4:e8:76:65:be:94:40:5a:67:83:ab:6c:d9:f9:
-        7d:40:bd:70:87:1f:14:4d:eb:56:50:a5:c3:7e:4a:b3:42:b5:
-        95:fe:f8:7f:9b:c6:c0:81:04:62:fd:94:ef:da:dd:17:01:a0:
-        93:14:80:31:5a:a2:fa:c7:8c:2d:7c:df:8b:40:d5:5c:ce:5f:
-        a8:9f:9f:48:4f:49:49:dc:cc:37:7e:f7:55:84:74:8a:cd:68:
-        15:60:8b:e8:4a:75:3e:83:cb:33:be:45:e1:a1:76:52:1a:b9:
-        09:34:38:af:6e:af:98:e3:6d:ed:c2:24:97:de:08:83:6b:d5:
-        45:9e:91:3a
+        4b:18:4a:f9:45:fb:ad:34:73:f2:4d:4f:f1:b9:fd:4a:c7:2a:
+        eb:a7:2c:e4:c5:3f:f0:e7:55:d6:d9:61:b9:2f:92:bb:f2:3e:
+        49:a8:ad:27:33:88:c1:ca:32:7a:33:4e:53:d0:4e:6f:30:c5:
+        59:c2:b7:1b:ef:36:48:06:80:a3:cf:da:b2:d1:46:3e:30:10:
+        a4:e8:7a:0d:e0:e0:fe:9d:24:fc:b0:b9:21:64:0b:c0:11:55:
+        6f:5e:75:d2:0a:18:15:7b:dd:40:00:a7:1c:bb:f4:90:29:1e:
+        6e:b1:3d:8e:14:d0:65:48:12:e6:7e:40:24:f9:72:5a:f4:70:
+        df:89:a9:1a:d2:12:21:9d:b0:00:d1:f7:35:20:f4:6e:3a:ad:
+        c1:72:29:06:a7:c8:4d:86:3d:a5:b5:a0:f5:9f:1f:44:4c:84:
+        ad:69:81:d8:f1:11:62:6f:0f:67:6e:4d:ef:1a:59:0c:6f:b3:
+        9d:95:b3:ef:3b:07:54:81:90:15:14:ce:0f:71:2c:b7:f8:39:
+        96:11:94:77:db:ce:55:96:c2:4a:cc:fe:c6:38:6e:58:0a:83:
+        8a:e6:ab:26:b4:ad:90:78:cc:0a:90:31:6b:66:ce:eb:ea:1d:
+        19:71:34:eb:25:61:a2:3f:5d:a0:0b:d3:4e:56:73:b6:14:5a:
+        09:0c:1d:1c
 -----BEGIN CERTIFICATE-----
-MIICozCCAYugAwIBAgIRAKZ/ZCKUIko5uUglm5mdrqcwDQYJKoZIhvcNAQELBQAw
-FDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDMxNzE5MzAzMloXDTI1MDYxOTE5
-MzAzMlowETEPMA0GA1UEAwwGcGFzY2FsMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE
-btf8KagjcChJcIL0Gk/86FrTEITvClnZPjEuX5GLl34yxeSasd+LZoL3pVptkLpN
-S3VOGwk3OyNb37gIiceg1jv6PvixCBim7iUCJbLFQ+71A4KeOaCC0CNJ6/6+Po96
-o4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFI7h8hMS0ODEKeop5D2UK+wNBI+8
-ME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIwEAYDVQQD
-DAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQMMAoGCCsG
-AQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAfQs/9lgJ8oqN
-Dh5Qyegx8I8K9WVmVdPdLF1C1A+lAu1qd+EdOcVGHKU4F4kT8c3r/7ilPemFb9KW
-m/ShCWwbhEBwGSvhrJHC378JpE/EMUT+K6VgOJeoswGqOUN0kLXG/IVjJp9/VLre
-SrGubYUANU0Vn50Q9L+7Z0V+xqvufq2SSrTodmW+lEBaZ4OrbNn5fUC9cIcfFE3r
-VlClw35Ks0K1lf74f5vGwIEEYv2U79rdFwGgkxSAMVqi+seMLXzfi0DVXM5fqJ+f
-SE9JSdzMN373VYR0is1oFWCL6Ep1PoPLM75F4aF2Uhq5CTQ4r26vmONt7cIkl94I
-g2vVRZ6ROg==
+MIICpTCCAY2gAwIBAgIRALd489QqWLI7IwypcENF3vowDQYJKoZIhvcNAQENBQAw
+FDESMBAGA1UEAwwJSkZfc2VydmVyMCAXDTI1MDUyNjE5MjYyNloYDzIwNTUwNTE5
+MTkyNjI2WjARMQ8wDQYDVQQDDAZwYXNjYWwwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AAQDC/XzOgL7IkKxXKt0j0N4OtCxPZeNwJoHEe7TAyLT2vMEqcC9j6xBfZEJB0n8
+HDKlmn39hVEBZMs+ANa8wMjt6UdkXSSkTzcwsujI7XVVh3zLAVLqrKEhlganj4a1
+GVKjgaAwgZ0wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7O6VmItqH9urScuIQGVn1jvz
+99cwTwYDVR0jBEgwRoAUiniQ5fBQ54x15LjAoejpm7IanTKhGKQWMBQxEjAQBgNV
+BAMMCUpGX3NlcnZlcoIUXe37kz2yqgyL2xXfvaGRzlz7ywYwEwYDVR0lBAwwCgYI
+KwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBDQUAA4IBAQBLGEr5Rfut
+NHPyTU/xuf1KxyrrpyzkxT/w51XW2WG5L5K78j5JqK0nM4jByjJ6M05T0E5vMMVZ
+wrcb7zZIBoCjz9qy0UY+MBCk6HoN4OD+nST8sLkhZAvAEVVvXnXSChgVe91AAKcc
+u/SQKR5usT2OFNBlSBLmfkAk+XJa9HDfiaka0hIhnbAA0fc1IPRuOq3BcikGp8hN
+hj2ltaD1nx9ETIStaYHY8RFibw9nbk3vGlkMb7OdlbPvOwdUgZAVFM4PcSy3+DmW
+EZR3285VlsJKzP7GOG5YCoOK5qsmtK2QeMwKkDFrZs7r6h0ZcTTrJWGiP12gC9NO
+VnO2FFoJDB0c
 -----END CERTIFICATE-----
 </cert>
 <key>
 -----BEGIN PRIVATE KEY-----
-MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBaXJvFX1ve+n9RXR/s
-FyOJij1AEAhcbzj6Vg0PXekMwOSAkRsAltTXYM3nAaRK93OhZANiAARu1/wpqCNw
-KElwgvQaT/zoWtMQhO8KWdk+MS5fkYuXfjLF5Jqx34tmgvelWm2Quk1LdU4bCTc7
-I1vfuAiJx6DWO/o++LEIGKbuJQIlssVD7vUDgp45oILQI0nr/r4+j3o=
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCpWK6mbGbGCMnXPvTJ
+7WyarccXE9ZIdbSip3eHcdwknfl/Uwl55EoeeFAgD8vqj9ShZANiAAQDC/XzOgL7
+IkKxXKt0j0N4OtCxPZeNwJoHEe7TAyLT2vMEqcC9j6xBfZEJB0n8HDKlmn39hVEB
+ZMs+ANa8wMjt6UdkXSSkTzcwsujI7XVVh3zLAVLqrKEhlganj4a1GVI=
 -----END PRIVATE KEY-----
 </key>
 <tls-crypt>
diff --git a/OpenVPN/remoteclient.ovpn b/OpenVPN/remoteclient.ovpn
index 99d7139..f274cd4 100644
--- a/OpenVPN/remoteclient.ovpn
+++ b/OpenVPN/remoteclient.ovpn
@@ -168,31 +168,31 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            d1:ae:61:45:8e:84:e3:8e:5b:92:3f:aa:bb:81:9d:59
-        Signature Algorithm: sha256WithRSAEncryption
+            57:8f:49:9e:03:dd:fb:c9:41:7c:9a:36:9f:15:fa:17
+        Signature Algorithm: sha512WithRSAEncryption
         Issuer: CN=JF_server
         Validity
-            Not Before: Feb 23 20:30:31 2023 GMT
-            Not After : May 28 20:30:31 2025 GMT
+            Not Before: May 26 19:53:18 2025 GMT
+            Not After : May 19 19:53:18 2055 GMT
         Subject: CN=remoteclient
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (384 bit)
                 pub:
-                    04:65:e9:86:35:01:c3:d7:0e:16:3d:89:90:3c:cb:
-                    a0:5f:d2:04:f7:b6:32:84:1e:a0:dc:6a:1d:16:a0:
-                    6f:47:a3:b5:7d:4c:39:bd:d0:70:18:34:e8:16:67:
-                    d4:5b:4c:ca:ce:ea:f0:75:5f:55:72:09:4b:f5:dd:
-                    80:f1:d5:db:e6:26:09:e4:34:3b:ca:89:f3:3a:40:
-                    91:31:14:c6:ff:06:8d:8e:f9:ba:8f:47:df:40:41:
-                    f4:6b:84:f8:e5:e8:70
+                    04:84:9e:4b:e2:5e:3f:95:aa:62:a2:ab:bf:f7:d5:
+                    f7:8f:8a:c6:78:9a:e0:bf:d5:de:ff:a1:31:26:12:
+                    c3:29:26:cc:16:cf:72:ee:2a:fc:72:52:e0:9b:3e:
+                    0f:bd:16:38:2c:db:43:a0:fe:39:0a:61:fe:62:be:
+                    df:3a:e3:9c:f9:32:32:9e:b5:9b:cf:32:45:49:00:
+                    ed:7c:0e:44:9c:60:36:96:25:b8:4c:4c:c8:c3:e4:
+                    7b:54:e8:fb:e7:9e:f6
                 ASN1 OID: secp384r1
                 NIST CURVE: P-384
         X509v3 extensions:
             X509v3 Basic Constraints: 
                 CA:FALSE
             X509v3 Subject Key Identifier: 
-                23:F8:BF:EB:8E:A3:77:B3:2B:6A:FA:16:7A:39:B2:C2:47:31:9F:76
+                DE:16:FC:5F:F9:D9:20:5A:ED:F6:62:49:91:1C:BE:D2:38:0D:ED:23
             X509v3 Authority Key Identifier: 
                 keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
                 DirName:/CN=JF_server
@@ -201,47 +201,47 @@ Certificate:
                 TLS Web Client Authentication
             X509v3 Key Usage: 
                 Digital Signature
-    Signature Algorithm: sha256WithRSAEncryption
+    Signature Algorithm: sha512WithRSAEncryption
     Signature Value:
-        27:af:ff:e0:98:8e:d1:6c:39:d7:40:97:df:ea:5a:fc:57:31:
-        a2:92:0c:d3:4c:4b:74:22:9e:47:01:9b:0f:e0:a4:6c:dc:ef:
-        14:b7:93:0f:99:93:ec:c9:96:dc:51:58:d3:ac:eb:f1:10:48:
-        ba:96:54:25:32:2a:89:66:cb:ca:13:b4:75:cc:4e:2a:5d:7c:
-        bb:b9:15:28:c0:32:59:f0:66:e5:fe:d8:14:14:2c:fb:df:6e:
-        1e:b6:53:c9:f0:77:68:54:b9:21:4b:0c:a4:d6:bc:4d:c2:a3:
-        de:d0:9f:ef:67:68:3e:c6:d4:da:d5:6c:92:80:cf:2e:8d:04:
-        59:c8:39:9f:22:4a:04:28:3e:e8:cf:02:73:73:a6:59:d4:e5:
-        9c:77:55:41:00:5c:c2:23:61:df:44:5c:ad:a8:bc:15:57:2d:
-        ae:89:99:a7:33:8f:d3:75:02:21:91:f6:38:34:23:68:70:8f:
-        99:0f:53:27:6d:52:9a:9b:f3:62:cf:20:bc:f5:91:41:78:fc:
-        92:09:2f:3e:bb:2d:9b:69:39:7f:c4:b1:a8:62:64:27:3f:27:
-        2d:16:c4:3e:0d:51:c9:f7:4f:40:f0:fd:55:a9:44:36:31:59:
-        b7:08:6a:3c:28:31:8a:43:c0:b9:05:44:75:48:6d:94:24:c6:
-        b2:fc:f7:33
+        40:83:8d:27:36:cc:75:97:2f:15:56:f2:5c:f2:0b:21:54:db:
+        f5:35:5e:42:92:44:84:b6:c7:b4:0d:4d:8d:8d:5b:d8:31:d2:
+        43:f3:7b:20:58:13:be:25:02:6e:a4:a2:9a:19:97:1e:35:50:
+        aa:0a:0c:e9:08:d7:2a:cf:3f:3d:ba:0b:0b:fa:36:e0:29:64:
+        3d:5f:a1:bb:17:12:13:33:cd:27:25:c5:92:e5:76:14:21:b5:
+        98:4c:33:99:f9:b2:4d:50:b7:5c:d9:dc:19:26:9c:12:19:95:
+        1c:01:04:4f:fa:b0:5a:ba:84:73:b5:84:86:78:3a:b2:99:38:
+        aa:a0:41:a8:8a:6d:f2:05:ce:8e:6b:f6:95:a8:06:f0:92:d7:
+        6b:1f:91:62:58:31:2f:0f:38:e1:67:f7:e0:62:35:c8:e8:12:
+        10:69:c7:08:5b:be:71:7e:c7:69:4e:0e:16:8b:7a:03:73:09:
+        d6:ed:ac:98:e5:4b:97:09:ce:d4:c9:78:53:03:8a:b5:da:60:
+        dc:e5:3d:9e:39:09:4f:6d:3d:55:6e:33:79:e7:dc:55:33:14:
+        e3:99:4d:4e:b3:67:7b:e5:6d:c4:d4:dd:81:85:36:e2:ed:b8:
+        d8:ea:90:a8:29:c8:04:6f:ed:a0:6b:50:ea:d4:3e:20:d9:de:
+        fe:db:79:a4
 -----BEGIN CERTIFICATE-----
-MIICqTCCAZGgAwIBAgIRANGuYUWOhOOOW5I/qruBnVkwDQYJKoZIhvcNAQELBQAw
-FDESMBAGA1UEAwwJSkZfc2VydmVyMB4XDTIzMDIyMzIwMzAzMVoXDTI1MDUyODIw
-MzAzMVowFzEVMBMGA1UEAwwMcmVtb3RlY2xpZW50MHYwEAYHKoZIzj0CAQYFK4EE
-ACIDYgAEZemGNQHD1w4WPYmQPMugX9IE97YyhB6g3GodFqBvR6O1fUw5vdBwGDTo
-FmfUW0zKzurwdV9VcglL9d2A8dXb5iYJ5DQ7yonzOkCRMRTG/waNjvm6j0ffQEH0
-a4T45ehwo4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFCP4v+uOo3ezK2r6Fno5
-ssJHMZ92ME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIw
-EAYDVQQDDAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQM
-MAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAJ6//
-4JiO0Ww510CX3+pa/FcxopIM00xLdCKeRwGbD+CkbNzvFLeTD5mT7MmW3FFY06zr
-8RBIupZUJTIqiWbLyhO0dcxOKl18u7kVKMAyWfBm5f7YFBQs+99uHrZTyfB3aFS5
-IUsMpNa8TcKj3tCf72doPsbU2tVskoDPLo0EWcg5nyJKBCg+6M8Cc3OmWdTlnHdV
-QQBcwiNh30Rcrai8FVctromZpzOP03UCIZH2ODQjaHCPmQ9TJ21SmpvzYs8gvPWR
-QXj8kgkvPrstm2k5f8SxqGJkJz8nLRbEPg1RyfdPQPD9ValENjFZtwhqPCgxikPA
-uQVEdUhtlCTGsvz3Mw==
+MIICqjCCAZKgAwIBAgIQV49JngPd+8lBfJo2nxX6FzANBgkqhkiG9w0BAQ0FADAU
+MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwIBcNMjUwNTI2MTk1MzE4WhgPMjA1NTA1MTkx
+OTUzMThaMBcxFTATBgNVBAMMDHJlbW90ZWNsaWVudDB2MBAGByqGSM49AgEGBSuB
+BAAiA2IABISeS+JeP5WqYqKrv/fV94+Kxnia4L/V3v+hMSYSwykmzBbPcu4q/HJS
+4Js+D70WOCzbQ6D+OQph/mK+3zrjnPkyMp61m88yRUkA7XwORJxgNpYluExMyMPk
+e1To++ee9qOBoDCBnTAJBgNVHRMEAjAAMB0GA1UdDgQWBBTeFvxf+dkgWu32YkmR
+HL7SOA3tIzBPBgNVHSMESDBGgBSKeJDl8FDnjHXkuMCh6OmbshqdMqEYpBYwFDES
+MBAGA1UEAwwJSkZfc2VydmVyghRd7fuTPbKqDIvbFd+9oZHOXPvLBjATBgNVHSUE
+DDAKBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQENBQADggEBAECD
+jSc2zHWXLxVW8lzyCyFU2/U1XkKSRIS2x7QNTY2NW9gx0kPzeyBYE74lAm6kopoZ
+lx41UKoKDOkI1yrPPz26Cwv6NuApZD1fobsXEhMzzSclxZLldhQhtZhMM5n5sk1Q
+t1zZ3BkmnBIZlRwBBE/6sFq6hHO1hIZ4OrKZOKqgQaiKbfIFzo5r9pWoBvCS12sf
+kWJYMS8POOFn9+BiNcjoEhBpxwhbvnF+x2lODhaLegNzCdbtrJjlS5cJztTJeFMD
+irXaYNzlPZ45CU9tPVVuM3nn3FUzFOOZTU6zZ3vlbcTU3YGFNuLtuNjqkKgpyARv
+7aBrUOrUPiDZ3v7beaQ=
 -----END CERTIFICATE-----
 </cert>
 <key>
 -----BEGIN PRIVATE KEY-----
-MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDBTe+pBwBZIEMj0jszW
-fZEx67ft6630EHlFhaCHTXW9Nw25eDC2kfm2xwbjb093E++hZANiAARl6YY1AcPX
-DhY9iZA8y6Bf0gT3tjKEHqDcah0WoG9Ho7V9TDm90HAYNOgWZ9RbTMrO6vB1X1Vy
-CUv13YDx1dvmJgnkNDvKifM6QJExFMb/Bo2O+bqPR99AQfRrhPjl6HA=
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDA1iZlXa1lnVT6M75dK
+rcHt/NYGD8M7yhDKvxPBKX6jPBm/dhcHiYiGrxB4gLDs5MihZANiAASEnkviXj+V
+qmKiq7/31fePisZ4muC/1d7/oTEmEsMpJswWz3LuKvxyUuCbPg+9Fjgs20Og/jkK
+Yf5ivt8645z5MjKetZvPMkVJAO18DkScYDaWJbhMTMjD5HtU6PvnnvY=
 -----END PRIVATE KEY-----
 </key>
 <tls-crypt>
diff --git a/OpenVPN/stationKA2401.ovpn b/OpenVPN/stationKA2401.ovpn
index a5dd8f2..d1c6d0f 100644
--- a/OpenVPN/stationKA2401.ovpn
+++ b/OpenVPN/stationKA2401.ovpn
@@ -168,31 +168,31 @@ Certificate:
     Data:
         Version: 3 (0x2)
         Serial Number:
-            78:5e:57:99:93:be:f2:47:da:cc:6c:8e:0d:71:3d:f8
-        Signature Algorithm: sha256WithRSAEncryption
+            66:08:5b:1b:f8:f4:1a:91:25:8d:57:e4:d1:eb:c9:02
+        Signature Algorithm: sha512WithRSAEncryption
         Issuer: CN=JF_server
         Validity
-            Not Before: May  5 13:33:22 2024 GMT
-            Not After : Aug  8 13:33:22 2026 GMT
+            Not Before: May 26 19:53:27 2025 GMT
+            Not After : May 19 19:53:27 2055 GMT
         Subject: CN=stationKA2401
         Subject Public Key Info:
             Public Key Algorithm: id-ecPublicKey
                 Public-Key: (384 bit)
                 pub:
-                    04:8f:4f:26:6b:af:cb:49:0b:74:3e:65:aa:0e:9a:
-                    9a:57:99:b1:f6:bf:dc:74:ae:d6:72:ed:d3:a8:04:
-                    2f:a8:a0:43:63:f6:c8:e2:cd:dc:d8:fd:bf:69:93:
-                    09:d7:bd:11:ab:d9:c5:ae:20:bc:00:ac:d7:ad:ea:
-                    fb:c0:1e:44:6f:ba:20:63:9d:32:f7:38:8f:c0:d7:
-                    bf:b4:23:15:16:4d:84:59:13:d5:4b:de:9e:7b:46:
-                    d3:ce:ba:5d:d9:53:c4
+                    04:82:a2:c4:54:2e:5f:18:b0:09:38:2e:88:52:6e:
+                    23:10:f1:a3:d1:12:8c:33:e6:24:00:e8:03:18:12:
+                    ff:11:d3:fb:38:7c:e7:85:12:94:11:ad:d4:41:67:
+                    97:29:8e:07:fb:b6:b9:b2:80:ca:cc:d5:14:4d:a3:
+                    2e:55:29:60:8a:9f:7d:50:a4:21:dc:e2:17:05:5c:
+                    ca:c6:5d:8f:c4:a2:99:e2:2b:18:a7:69:a4:e4:26:
+                    11:1c:f5:0e:a1:5e:a5
                 ASN1 OID: secp384r1
                 NIST CURVE: P-384
         X509v3 extensions:
             X509v3 Basic Constraints: 
                 CA:FALSE
             X509v3 Subject Key Identifier: 
-                68:18:F5:54:75:30:27:4D:B5:96:D3:34:8E:1C:3B:58:1E:BC:1B:78
+                43:48:E4:77:19:BA:6E:C7:4A:98:98:A5:05:8B:DB:19:62:8B:47:33
             X509v3 Authority Key Identifier: 
                 keyid:8A:78:90:E5:F0:50:E7:8C:75:E4:B8:C0:A1:E8:E9:9B:B2:1A:9D:32
                 DirName:/CN=JF_server
@@ -201,47 +201,47 @@ Certificate:
                 TLS Web Client Authentication
             X509v3 Key Usage: 
                 Digital Signature
-    Signature Algorithm: sha256WithRSAEncryption
+    Signature Algorithm: sha512WithRSAEncryption
     Signature Value:
-        67:97:34:79:07:29:c3:cd:a6:7c:86:82:aa:94:0b:ca:69:ef:
-        79:5e:a6:35:97:c3:31:07:9f:cd:aa:89:95:e3:b1:26:4b:e9:
-        88:50:1f:3e:10:eb:d2:82:c5:6e:56:18:1e:ff:72:60:c1:de:
-        11:af:b8:e6:b6:bb:de:7d:52:f5:ba:1b:9b:4e:49:b2:05:25:
-        0a:e9:8a:f8:85:f7:0e:c8:db:fd:c4:b9:e9:a9:6f:85:0a:cb:
-        63:a3:d0:a7:77:e0:7f:ff:34:29:90:80:66:a7:8d:80:6a:bf:
-        23:74:80:77:ad:53:2d:5e:f6:02:d1:05:3f:9f:fa:17:11:8f:
-        7f:b4:a5:44:74:2b:57:1e:4b:7e:29:c8:95:48:a6:3a:fc:ae:
-        82:c2:7b:b2:26:4f:92:d5:af:73:71:30:8e:b6:b9:6a:f2:b0:
-        00:df:44:a2:3f:cd:4a:45:7e:ed:43:4b:d4:0e:07:25:94:37:
-        e0:5d:8d:0b:1b:fb:76:07:d0:41:da:c9:f3:19:fa:28:8b:46:
-        df:5a:19:82:ee:1e:e0:1a:be:39:c1:a9:65:b1:02:92:32:96:
-        2c:7e:3f:4e:ce:9e:b0:66:57:b4:74:2c:98:de:13:da:b2:27:
-        e5:7a:5b:30:df:3e:46:1b:6c:92:53:6f:c6:0e:88:6f:0d:ae:
-        89:ca:ea:ea
+        66:0e:a7:15:99:98:0b:a7:bf:be:fa:c5:c6:c9:6e:d4:d0:18:
+        84:fd:ef:bc:33:98:db:8e:56:44:25:c9:7e:7d:d9:1b:00:95:
+        39:59:36:2e:b0:d1:2e:8f:cf:c8:c4:0e:47:7f:c9:21:01:18:
+        7f:8b:5a:16:30:97:c3:a3:bb:70:54:58:e2:55:97:71:e0:f7:
+        b3:47:bb:88:11:30:a4:b9:41:65:2b:b5:d7:1b:df:5e:df:66:
+        33:32:52:a7:92:83:2e:87:57:11:65:52:28:f5:16:06:92:ec:
+        39:24:20:c0:fb:b2:21:30:a6:87:b4:08:b9:7c:32:3c:3b:09:
+        36:2d:9c:e8:8b:47:f3:d8:58:10:44:b0:10:f4:dc:e1:d5:e7:
+        e6:7b:c6:51:0b:de:fc:ef:aa:d7:ee:3b:ec:55:11:2b:43:52:
+        24:4e:b4:56:0d:cf:25:33:05:67:ad:0a:3e:b4:b2:55:db:b9:
+        43:bf:24:87:8e:02:8e:50:7e:6a:35:ef:fb:89:b9:16:1f:6f:
+        c0:46:6a:7f:6c:8a:ea:94:2d:a5:62:04:f9:ee:fe:31:51:d9:
+        73:f9:b8:5c:83:3a:46:00:fa:4f:e7:44:e3:60:da:c8:cc:cd:
+        6b:18:55:27:6e:c9:38:e7:3b:7d:c8:a3:67:13:08:6a:67:18:
+        92:7d:7e:c9
 -----BEGIN CERTIFICATE-----
-MIICqTCCAZGgAwIBAgIQeF5XmZO+8kfazGyODXE9+DANBgkqhkiG9w0BAQsFADAU
-MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwHhcNMjQwNTA1MTMzMzIyWhcNMjYwODA4MTMz
-MzIyWjAYMRYwFAYDVQQDDA1zdGF0aW9uS0EyNDAxMHYwEAYHKoZIzj0CAQYFK4EE
-ACIDYgAEj08ma6/LSQt0PmWqDpqaV5mx9r/cdK7Wcu3TqAQvqKBDY/bI4s3c2P2/
-aZMJ170Rq9nFriC8AKzXrer7wB5Eb7ogY50y9ziPwNe/tCMVFk2EWRPVS96ee0bT
-zrpd2VPEo4GgMIGdMAkGA1UdEwQCMAAwHQYDVR0OBBYEFGgY9VR1MCdNtZbTNI4c
-O1gevBt4ME8GA1UdIwRIMEaAFIp4kOXwUOeMdeS4wKHo6ZuyGp0yoRikFjAUMRIw
-EAYDVQQDDAlKRl9zZXJ2ZXKCFF3t+5M9sqoMi9sV372hkc5c+8sGMBMGA1UdJQQM
-MAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAZ5c0
-eQcpw82mfIaCqpQLymnveV6mNZfDMQefzaqJleOxJkvpiFAfPhDr0oLFblYYHv9y
-YMHeEa+45ra73n1S9bobm05JsgUlCumK+IX3Dsjb/cS56alvhQrLY6PQp3fgf/80
-KZCAZqeNgGq/I3SAd61TLV72AtEFP5/6FxGPf7SlRHQrVx5LfinIlUimOvyugsJ7
-siZPktWvc3Ewjra5avKwAN9Eoj/NSkV+7UNL1A4HJZQ34F2NCxv7dgfQQdrJ8xn6
-KItG31oZgu4e4Bq+OcGpZbECkjKWLH4/Ts6esGZXtHQsmN4T2rIn5XpbMN8+Rhts
-klNvxg6Ibw2uicrq6g==
+MIICqzCCAZOgAwIBAgIQZghbG/j0GpEljVfk0evJAjANBgkqhkiG9w0BAQ0FADAU
+MRIwEAYDVQQDDAlKRl9zZXJ2ZXIwIBcNMjUwNTI2MTk1MzI3WhgPMjA1NTA1MTkx
+OTUzMjdaMBgxFjAUBgNVBAMMDXN0YXRpb25LQTI0MDEwdjAQBgcqhkjOPQIBBgUr
+gQQAIgNiAASCosRULl8YsAk4LohSbiMQ8aPREowz5iQA6AMYEv8R0/s4fOeFEpQR
+rdRBZ5cpjgf7trmygMrM1RRNoy5VKWCKn31QpCHc4hcFXMrGXY/EopniKxinaaTk
+JhEc9Q6hXqWjgaAwgZ0wCQYDVR0TBAIwADAdBgNVHQ4EFgQUQ0jkdxm6bsdKmJil
+BYvbGWKLRzMwTwYDVR0jBEgwRoAUiniQ5fBQ54x15LjAoejpm7IanTKhGKQWMBQx
+EjAQBgNVBAMMCUpGX3NlcnZlcoIUXe37kz2yqgyL2xXfvaGRzlz7ywYwEwYDVR0l
+BAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMA0GCSqGSIb3DQEBDQUAA4IBAQBm
+DqcVmZgLp7+++sXGyW7U0BiE/e+8M5jbjlZEJcl+fdkbAJU5WTYusNEuj8/IxA5H
+f8khARh/i1oWMJfDo7twVFjiVZdx4PezR7uIETCkuUFlK7XXG99e32YzMlKnkoMu
+h1cRZVIo9RYGkuw5JCDA+7IhMKaHtAi5fDI8Owk2LZzoi0fz2FgQRLAQ9Nzh1efm
+e8ZRC97876rX7jvsVRErQ1IkTrRWDc8lMwVnrQo+tLJV27lDvySHjgKOUH5qNe/7
+ibkWH2/ARmp/bIrqlC2lYgT57v4xUdlz+bhcgzpGAPpP50TjYNrIzM1rGFUnbsk4
+5zt9yKNnEwhqZxiSfX7J
 -----END CERTIFICATE-----
 </cert>
 <key>
 -----BEGIN PRIVATE KEY-----
-MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCqirzGpSX6ei53uFLm
-GTcOHVuwJL0ut2FF+GghDE9CAc/up9n1u8xmfvI0/KEueYehZANiAASPTyZrr8tJ
-C3Q+ZaoOmppXmbH2v9x0rtZy7dOoBC+ooENj9sjizdzY/b9pkwnXvRGr2cWuILwA
-rNet6vvAHkRvuiBjnTL3OI/A17+0IxUWTYRZE9VL3p57RtPOul3ZU8Q=
+MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDAh/Y9TU8aUUekLbX6h
+FFiLOce9MCbh1b8Kpw9bjc9fLmB8zrWjmRvrieIjaOaLD8ShZANiAASCosRULl8Y
+sAk4LohSbiMQ8aPREowz5iQA6AMYEv8R0/s4fOeFEpQRrdRBZ5cpjgf7trmygMrM
+1RRNoy5VKWCKn31QpCHc4hcFXMrGXY/EopniKxinaaTkJhEc9Q6hXqU=
 -----END PRIVATE KEY-----
 </key>
 <tls-crypt>
diff --git a/PWD.txt b/PWD.txt
index d377c19..c56df44 100644
--- a/PWD.txt
+++ b/PWD.txt
@@ -3,11 +3,26 @@ PC remote de test: b2BiiIU8
 Anydesk: Otarcik!   
 Anydesk ID : 1949771789
 Anydesk ID PC #2: 1004609138
+Anydesk ID PC #3: 1907983063
 Router Ubiquiti:  user:yultek pwd:Evinrude30
 Windows PC Axiomtek: user yultek pwd:Otarcik!
 	Pet name: otarcik
 	City born: Chambly
 	childhood nickname : otarcik
-EMQX
+
+Crédentiels pour clients EMQX (Kubernetes ET droplet)
 Login: YULTekDev   pwd: PaceST25!
 Login: JFMDev	pwd:PaceST25!
+
+EMQX Web GUI (droplet)
+Login: admin	pwd: Otarcik!
+Login: pblouin	pwd: MoustiqueLeChat2025
+Login: JFMDev	pwd: LolaLeChat2025
+
+Accès droplets (apps et clickhouse)
+Login: root	pwd: F4stCharge
+Login: yultek	pwd: Ch4rgeRapide
+
+Clickhouse (droplet)
+Login: default	pwd: F4stCharge <-- c'est le compte admin
+Login: yultek	pwd: Otarcik!
\ No newline at end of file