<?xml version='1.0' encoding='utf-8'?> version="1.0" encoding="UTF-8"?>

<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc2629 version  -->

<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-lamps-samples-08" category="info" number="9216" obsoletes="" updates="" submissionType="IETF" category="info" consensus="true" xml:lang="en" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.12.0 -->

  <front>
    <title>S/MIME
    <title abbrev="S/MIME">S/MIME Example Keys and Certificates</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-samples-08"/> name="RFC" value="9216"/>
    <author initials="D.K." initials="D. K." surname="Gillmor" fullname="Daniel Kahn Gillmor" role="editor">
      <organization abbrev="ACLU">American Civil Liberties Union</organization>
      <address>
        <postal>
          <street>125 Broad St.</street>
          <city>New York, NY</city> York</city>
	  <region>NY</region>
          <code>10004</code>
          <country>USA</country>
          <country>United States of America</country>
        </postal>
        <email>dkg@fifthhorseman.net</email>
      </address>
    </author>
    <date year="2022" month="February" day="02"/>
    <area>int</area> month="April"/>

    <area>sec</area>
    <workgroup>lamps</workgroup>
    <keyword>Internet-Draft</keyword>

<keyword>pkix
</keyword>
<keyword>encryption
</keyword>
<keyword>security
</keyword>
<keyword>authentication
</keyword>
<keyword>S/MIME
</keyword>
<keyword>smime
</keyword>
<keyword>email
</keyword>
<keyword>mail
</keyword>
<keyword>confidentiality
</keyword>
<keyword>certificate
</keyword>
<keyword>pkcs8
</keyword>
<keyword>pkcs #12
</keyword>
<keyword>x509
</keyword>
<keyword>"test vector"
</keyword>

<abstract>
      <t>The S/MIME development community benefits from sharing samples of signed or encrypted data. This document facilitates such collaboration by defining a small set of X.509v3 certificates and keys for use when generating such samples.</t>
    </abstract>
  </front>
  <middle>
    <section anchor="introduction" numbered="true" toc="default">
      <name>Introduction</name>
      <t>The S/MIME (<xref target="RFC8551" format="default"/>) development
      community, in particular the e-mail email development community, benefits from
      sharing samples of signed and/or encrypted data.
Often  Often, the exact key
      material used does not matter because the properties being tested
      pertain to implementation correctness, completeness completeness, or interoperability
      of the overall system.  However, without access to the relevant secret
      key material, a sample is useless.</t>
      <t>This document defines a small set of X.509v3 certificates (<xref
      target="RFC5280" format="default"/>) and secret keys for use when
      generating or operating on such samples.</t>
      <t>An example RSA certification authority Certification Authority is supplied, and sample RSA
      certificates are provided for two "personas", Alice and Bob.</t>
      <t>Additionally, an Ed25519 (<xref target="RFC8032" format="default"/>) certification authority Certification Authority is supplied, along with sample Ed25519 certificates for two more "personas", Carlos and Dana.</t>
      <t>This document focuses narrowly on functional, well-formed identity
      and key material.  It is a starting point that other documents can use
      to develop sample signed or encrypted messages, test vectors, or other
      artifacts for improved interoperability.</t>

      <section anchor="requirements-language" numbered="true" toc="default">
        <name>Requirements Language</name>
        <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 <xref target="RFC2119" format="default"/> <xref target="RFC8174" format="default"/> when, and only when, they appear in all capitals, as shown here.</t>
      </section>
      <section anchor="terminology" numbered="true" toc="default">
        <name>Terminology</name>
        <ul spacing="normal">
          <li>"Certification

	<dl>
	  <dt>"Certification Authority" (or "CA") is a "CA"):
	  </dt>
	  <dd>a party capable of issuing X.509 certificates</li>
          <li>"End-Entity" is a
certificates
	  </dd>

	  <dt>"End Entity" (or "EE"):
	  </dt>
	  <dd>a party that is capable of using X.509 certificates (and their
corresponding secret key material)</li>
          <li>"Mail material)
	  </dd>

	  <dt>"Mail User Agent" (or "MUA") is a "MUA"):
	  </dt>
	  <dd>a program that generates or handles <xref email messages (<xref
	  target="RFC5322" format="default"/> e-mail messages.</li>
        </ul> format="default"/>)
	  </dd>
</dl>

      </section>
      <section anchor="prior-work" numbered="true" toc="default">
        <name>Prior Work</name>
        <t><xref target="RFC4134" format="default"/> contains some sample certificates, certificates as well as messages of various S/MIME formats.
That older work has unacceptably old algorithm choices that may introduce failures when testing modern systems: in 2019, some tools explicitly mark marked 1024-bit RSA and 1024-bit DSS as weak.</t>
        <t>This earlier document also does not use the now widely-accepted PEM widely accepted
        Privacy-Enhanced Mail (PEM) encoding (see <xref target="RFC7468"
        format="default"/>) for the objects, objects and instead embeds runnable Perl
        code to extract them from the document.</t>
        <t>It also includes examples of messages and other structures which that are greater in ambition than this document intends to be.</t>
        <t><xref target="RFC8410" format="default"/> includes an example
        X25519 certificate that is certified with Ed25519, but it appears to
        be self-issued, self issued, and it is not directly useful in testing an S/MIME-capable
        MUA.</t>

      </section>
    </section>
    <section anchor="background" numbered="true" toc="default">
      <name>Background</name>
      <section anchor="certificate-usage" numbered="true" toc="default">
        <name>Certificate Usage</name>
        <t>These X.509 certificates (<xref target="RFC5280" format="default"/>) are designed for use with S/MIME protections (<xref target="RFC8551" format="default"/>) for e-mail email (<xref target="RFC5322" format="default"/>).</t>
        <t>In particular, they should be usable with signed and encrypted messages, messages as part of test suites and interoperability frameworks.</t>
        <t>All end-entity and intermediate CA certificates are marked with Certificate Policies from <xref target="TEST-POLICY" format="default"/> indicating that they are intended only for use in testing environments.
End-entity certificates are marked with policy 2.16.840.1.101.3.2.1.48.1 and intermediate CAs are marked with policy  2.16.840.1.101.3.2.1.48.2.</t>
      </section>
      <section anchor="certificate-expiration" numbered="true" toc="default">
        <name>Certificate Expiration</name>
        <t>The certificates included in this draft document expire in 2052.
This should be sufficiently far in the future that they will be useful for a few decades.
However, when testing tools in the far future (or when playing with clock skew clock-skew scenarios), care should be taken to consider the certificate validity window.</t>
        <t>Due to this lengthy expiration window, these certificates will not be particularly useful to test or evaluate the interaction between certificate expiration and protected messages.</t>
      </section>
      <section anchor="certificate-revocation" numbered="true" toc="default">
        <name>Certificate Revocation</name>
        <t>Because these are expected to be used in test suites or examples, and we do not expect there to be online network services in these use cases, we do not expect these certificates to produce any revocation artifacts.</t>
        <t>As a result, none of the certificates include either an OCSP Online Certificate Status Protocol (OCSP)
        indicator (see <tt>id-ad-ocsp</tt> as defined in the Authority
        Information Access X.509 extension in S.4.2.2.1 of <xref target="RFC5280"
        sectionFormat="of" section="4.2.2.1" format="default"/>) or a CRL Certificate Revocation List (CRL)
        indicator (see the CRL Distribution Points X.509 extension as defined
        in S.4.2.1.13 of <xref target="RFC5280" sectionFormat="of" section="4.2.1.13"
        format="default"/>).</t>
      </section>
      <section anchor="using-the-ca-in-test-suites" numbered="true" toc="default">
        <name>Using the CA in Test Suites</name>
        <t>To use these end-entity certificates in a piece of software (for example, in a test suite or an interoperability matrix), most tools will need to accept either the Example example RSA CA (<xref target="sample-rsa-ca" format="default"/>) or the Example example Ed25519 CA (<xref target="sample-ed25519-ca" format="default"/>) as a legitimate root authority.</t>
        <t>Note that some tooling behaves differently for certificates validated by "locally-installed "locally installed root CAs" than for pre-installed "system-level" root CAs).
For example, many common implementations of HPKP HTTP Public Key Pinning (HPKP) (<xref target="RFC7469" format="default"/>) only applied the designed protections when dealing with a certificate issued by a pre-installed "system-level" root CA, CA and were disabled when dealing with a certificate issued by a "locally-installed "locally installed root CA".</t>
        <t>To test some tooling specifically, it may be necessary to install the root CA as a "system-level" root CA.</t>
      </section>
      <section anchor="certificate-chains" numbered="true" toc="default">
        <name>Certificate Chains</name>

        <t>In most real-world examples, X.509 certificates are deployed with a chain of more than one X.509 certificate.
In particular, there is typically a long-lived root CA that users' software knows about upon installation, and the end-entity certificate is issued by an intermediate CA, which is in turn issued by the root CA.</t>
        <t>The example end-entity certificates in this document can be used with either with a simple two-link certificate chain (they are directly certified by their corresponding root CA), CA) or in a three-link chain.</t>
        <t>For example, Alice's encryption certificate (<xref (<tt>alice.encrypt.crt</tt>; see <xref target="alice-encrypt-cert" format="default"/>, <tt>alice.encrypt.crt</tt>) format="default"/>) can be validated by a peer that directly trusts the Example example RSA CA's root cert (<xref (<tt>ca.rsa.crt</tt>; see <xref target="rsa-ca-cert" format="default"/>, <tt>ca.rsa.crt</tt>):</t> format="default"/>):</t>
        <artwork name="alice-validate-two-hops" type="" align="left" alt=""><![CDATA[
╔════════════╗  ┌───────────────────┐
║ ><![CDATA[
+==============+   +-------------------+
|| ca.rsa.crt ╟─→│ ||-->| alice.encrypt.crt │
╚════════════╝  └───────────────────┘ |
+==============+   +-------------------+
]]></artwork>
        <t>And it can also be validated by a peer that only directly trusts the Example example Ed25519 CA's root cert (<xref (<tt>ca.25519.crt</tt>; see <xref target="ed25519-ca-cert" format="default"/>, <tt>ca.25519.crt</tt>), format="default"/>) via an intermediate cross-signed CA cert (<xref (<tt>ca.rsa.cross.crt</tt>; see <xref target="rsa-ca-cross-cert" format="default"/>, <tt>ca.rsa.cross.crt</tt>):</t> format="default"/>):</t>
        <artwork name="alice-validate-three-hops" type="" align="left" alt=""><![CDATA[
╔══════════════╗  ┌──────────────────┐  ┌───────────────────┐
║ align="left"><![CDATA[
+================+   +------------------+   +-------------------+
|| ca.25519.crt ╟─→│ ||-->| ca.rsa.cross.crt ├─→│ |-->| alice.encrypt.crt │
╚══════════════╝  └──────────────────┘  └───────────────────┘ |
+================+   +------------------+   +-------------------+
]]></artwork>
        <t>By omitting the cross-signed CA certs, it should be possible to test a "transvalid" certificate (an end-entity certificate that is supplied without its intermediate certificate) in some configurations.</t>
      </section>
      <section anchor="passwords" numbered="true" toc="default">
        <name>Passwords</name>
        <t>Each secret key presented in this draft document is represented as a PEM-encoded PKCS#8 <xref PKCS #8 (<xref target="RFC5958" format="default"/> format="default"/>) object in cleartext form (it has no password).</t>
        <t>As such, the secret key objects are not suitable for verifying interoperable password protection schemes.</t>
        <t>However, the PKCS#12 <xref PKCS #12 (<xref target="RFC7292" format="default"/> format="default"/>) objects do have simple textual passwords, because tooling for dealing with passwordless PKCS#12 PKCS #12 objects is underdeveloped at the time of this draft.</t> document.</t>
      </section>
      <section anchor="secret-key-origins" numbered="true" toc="default">
        <name>Secret key origins</name> Key Origins</name>
        <t>The secret RSA keys in this document are all deterministically derived using provable prime generation as found in <xref target="FIPS186-4" format="default"/>, format="default"/> based on known seeds derived via <xref target="SHA256" format="default"/> SHA-256 (<xref target="SHA" format="default"/>) from simple strings.
The validation parameters for these derivations are stored in the objects themselves as specified in <xref target="RFC8479" format="default"/>.</t>
        <t>The secret Ed25519 and X25519 keys in this document are all derived by hashing a simple string.
The seeds and their derivation are included in the document for informational purposes, purposes and to allow re-creation recreation of the objects from appropriate tooling.</t>
        <t>All RSA seeds used are 224 bits long (the first 224 bits of the SHA-256 digest of the origin string), string) and are represented in hexadecimal.</t>
      </section>
    </section>
    <section anchor="sample-rsa-ca" numbered="true" toc="default">
      <name>Example RSA Certification Authority</name>
      <t>The example RSA Certification Authority has the following information:</t>
      <ul spacing="normal">
        <li>Name: <tt>Sample
      <dl>
	<dt>Name:
	</dt>
	<dd><tt>Sample LAMPS RSA Certification Authority</tt></li>
      </ul> Authority</tt>
	</dd>
</dl>

<section anchor="rsa-ca-cert" numbered="true" toc="default">
        <name>RSA Certification Authority Root Certificate</name>
        <t>This certificate is used to verify certificates issued by the example RSA Certification Authority.</t>

        <sourcecode type="application/x-x509-ca-cert" type="x509" name="ca.rsa.crt"><![CDATA[
-----BEGIN CERTIFICATE-----
MIIDezCCAmOgAwIBAgITcBn0xb/zdaeCQlqp6yZUAGZUCDANBgkqhkiG9w0BAQ0F
ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx
MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowVTENMAsGA1UEChMESUVURjERMA8G
A1UECxMITEFNUFMgV0cxMTAvBgNVBAMTKFNhbXBsZSBMQU1QUyBSU0EgQ2VydGlm
aWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC2GGPTEFVNdi0LsiQ79A0Mz2G+LRJlbX2vNo8STibAnyQ9VzFrGJHjUhRX/Omr
OP3rDCB2SYfBPVwd0CdC6z9qfJkcVxDc1hK+VS9vKncL0IPUYlkJwWuMpXa1Ielz
+zCuV+gjV83Uvn6wTn39MCmymu7nFPzihcuOnbMYOCdMmUbi1Dm8TX9P6itFR3hi
IHpSKMbkoXlM1837WaFfx57kBIoIuNjKEyPIuK9wGUAeppc5QAHJg95PPEHNHlmM
yhBzClmgkyozRSeSrkxq9XeJKU94lWGaZ0zb4karCur/eiMoCk3YNV8L3styvcMG
1qUDCAaKx6FZEf7hE9RN6L3bAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD
VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkq
hkiG9w0BAQ0FAAOCAQEACDXWlJGjzKadNMPcFlZInZC+Hl7RLrcBDR25jMCXg9yL
IwGVEcNp2fH4+YHTRTGLH81aPADMdUGHgpfcfqwjesavt/mO0T0S0LjJ0RVm93fE
heSNUHUigVR9njTVw2EBz7e2p+v3tOsMnunvm6PIDgHxx0W6mjzMX7lG74bJfo+v
dx+jI/aXt+iih5pi7/2Yu9eTDVu+S52wsnF89BEJeV0r+EmGDxUv47D+5KuQpKM9
U/isXpwC6K/36T8RhhdOQXDq0Mt91TZ4dJTT0m3cmo80zzcxsKMDStZHOOzCBtBq
uIbwWw5Oa72o/Iwg9v+W0WkSBCWEadf/uK+cRicxrQ==
-----END CERTIFICATE-----
]]></sourcecode>
      </section>
      <section anchor="rsa-certification-authority-secret-key" numbered="true" toc="default">
        <name>RSA Certification Authority Secret Key</name>
        <t>This secret key material is used by the example RSA Certification Authority to issue new certificates.</t>
        <sourcecode type="application/x-pem-file" type="pkcs8" name="ca.rsa.key"><![CDATA[
-----BEGIN PRIVATE KEY-----
MIIE+wIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2GGPTEFVNdi0L
siQ79A0Mz2G+LRJlbX2vNo8STibAnyQ9VzFrGJHjUhRX/OmrOP3rDCB2SYfBPVwd
0CdC6z9qfJkcVxDc1hK+VS9vKncL0IPUYlkJwWuMpXa1Ielz+zCuV+gjV83Uvn6w
Tn39MCmymu7nFPzihcuOnbMYOCdMmUbi1Dm8TX9P6itFR3hiIHpSKMbkoXlM1837
WaFfx57kBIoIuNjKEyPIuK9wGUAeppc5QAHJg95PPEHNHlmMyhBzClmgkyozRSeS
rkxq9XeJKU94lWGaZ0zb4karCur/eiMoCk3YNV8L3styvcMG1qUDCAaKx6FZEf7h
E9RN6L3bAgMBAAECggEAE3tFhsm7DpgDlro+1Sk1kjbHssR4sOBHb4zrPp6c18PO
6T8gWuBcj1DzOzykNTzaMaDxAia4vuxVJB1mberkNHzTFqyb8bx3ceSEOCT3aoyq
5fiFpR0L6Ba1vgg8RTvNCAIApHNa4pVk0XD8Wq+h7mlUAOYGbie5UO8/P2qWjcOz
+zcheyYXJS/iuu0t2/F0ihEWGcXBmoc8D++n7mKst2jkAHD4wlPN2MgVqnmagpBz
gobFNmCZyZpDS+PPTtQZ1XvdGF5Sodc+Fz+jpWun1kqxDHE4UIZzDA/HAaBgORbm
aEZaVsOs9ZExeqOtqu2fPB7zF/1JKdRk4UJOUxS0OQKBgQDJwonP5RwvO0sYoCiw
zuFcYTmN/hI3R3viKuxr19CH6+mvuIU85ooIHF6TiouZwhk+6+Vk7rcXdS554DT4
2RbVrX/5i/MOzx8c8IIwoZJIasLz+vx8F4n6hyhV65bXN7AIBojMh2dt8tP2MZ/R
VEfsk4mNmO6yKuzyAfjJziCnCQKBgQDnDH9UYUIPkq0PSvViKQFJFCB9BJPFhld2
pIgoziw/JZzM3W3IWU0KWG7UxS0T3xmn3IX6xmWW4vX1/088ybObZWYP0edb61GM
I9DoI5igndLgDwyOL2PFuZh5pqqc09DE+cpJW4nNoudqTNmCrjhmxNCGKgGjlD8z
/OkSccvywwKBgDd0ReajRUziEjDxjF2UbzKx8lzJsX4KIs22GIdHqSRCvlcy80Qa
5WN3ULNiyB350HCP69wDFMXYym5rJoQjPvh6GIuhYKv4V8fffxkYv5kx5uWiXZVJ
7v2x+m8rMqlyv+pkyWLV8KKytHmdiBzD+oTWxF7r4ueLjtaxngzxn93pAoGBAKpR
rR9PnroKHubSE/drUNZFLvnZwPDv6lO8T978tONL372pUT9KjR8eN31DaMpoQOpc
BqvpSoQjBLt1nDysV2krI0RwMIOzAWc0E9C8RMvJ6+RdU50Q1BSyjvLGaKi5AAHk
PTk8cGYVO1BCHGlX8p3XYfw0xQaHxtuVCV8eYgCvAoGBAIZeiVhc0YTJOjUadz+0
vSOzA1arg5k2YCPCGf7z+ijM5rbMk7jrYixD6WMjTOkVLHDsVxMBpbA7GhL7TKy5
cepBH1PVwxEIl8dqN+UoeJeBpnHo/cjJ0iCR9/aMJzI+qiUo3OMDR+UH99NIddKN
i75GRVLAeW0Izgt09EMEiD9joDswOQYKKwYBBAGSCBIIATErMCkGCWCGSAFlAwQC
AgQcpcG3hHYU7WYaawUiNRQotLfwnYzMotmTAt1i6Q==
-----END PRIVATE KEY-----
]]></sourcecode>
        <t>This secret key was generated using provable prime generation found
        in <xref target="FIPS186-4" format="default"/> using the seed
        <tt>a5c1b7847614ed661a6b0522351428b4b7f09d8ccca2d99302dd62e9</tt>.
        This seed is the first 224 bits of the <xref target="SHA256" format="default"/> SHA-256 (<xref target="SHA"
        format="default"/>) digest of the string
        <tt>draft-lamps-sample-certs-keygen.ca.rsa.seed</tt>.</t>
      </section>
      <section anchor="rsa-ca-cross-cert" numbered="true" toc="default">
        <name>RSA Certification Authority Cross-signed Cross-Signed Certificate</name>
        <t>If an e-mail email client only trusts the Ed25519 Certification Authority Root Certificate found in <xref target="ed25519-ca-cert" format="default"/>, they can use this intermediate CA certificate to verify any end entity end-entity certificate issued by the example RSA Certification Authority.</t>
        <sourcecode type="application/x-x509-ca-cert" type="x509" name="ca.rsa.cross.crt"><![CDATA[
-----BEGIN CERTIFICATE-----
MIIC5zCCApmgAwIBAgITcTQnnf8DUsvAdvkX7mUemYos7DAFBgMrZXAwWTENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM
QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx
MzU0NFoYDzIwNTIwOTI3MDY1NDE4WjBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL
EwhMQU1QUyBXRzExMC8GA1UEAxMoU2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0
aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALYY
Y9MQVU12LQuyJDv0DQzPYb4tEmVtfa82jxJOJsCfJD1XMWsYkeNSFFf86as4/esM
IHZJh8E9XB3QJ0LrP2p8mRxXENzWEr5VL28qdwvQg9RiWQnBa4yldrUh6XP7MK5X
6CNXzdS+frBOff0wKbKa7ucU/OKFy46dsxg4J0yZRuLUObxNf0/qK0VHeGIgelIo
xuSheUzXzftZoV/HnuQEigi42MoTI8i4r3AZQB6mlzlAAcmD3k88Qc0eWYzKEHMK
WaCTKjNFJ5KuTGr1d4kpT3iVYZpnTNviRqsK6v96IygKTdg1Xwvey3K9wwbWpQMI
BorHoVkR/uET1E3ovdsCAwEAAaN8MHowDwYDVR0TAQH/BAUwAwEB/zAXBgNVHSAE
EDAOMAwGCmCGSAFlAwIBMAIwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSRMI58
BxcMp/EJKGU2GmccaHb0WTAfBgNVHSMEGDAWgBRropV9uhSb5C0E0Qek0YLkLmuM
tTAFBgMrZXADQQBnQ+0eFP/BBKz8bVELVEPw9WFXwIGnyH7rrmLQJSE5GJmm7cYX
FFJBGyc3NWzlxxyfJLsh0yYh04dxdM8R5hcD
-----END CERTIFICATE-----
]]></sourcecode>
      </section>
    </section>
    <section anchor="alices-sample-certificates" numbered="true" toc="default">
      <name>Alice's Sample Certificates</name>
      <t>Alice has the following information:</t>
      <ul spacing="normal">
        <li>Name: <tt>Alice Lovelace</tt></li>
        <li>E-mail

      <dl>
	<dt>Name:
	</dt>
	<dd><tt>Alice Lovelace</tt>
	</dd>

	<dt>Email Address: <tt>alice@smime.example</tt></li>
      </ul>
	</dt>
	<dd><tt>alice@smime.example</tt>
	</dd>
</dl>

      <section anchor="alice-verify-cert" numbered="true" toc="default">
        <name>Alice's Signature Verification End-Entity Certificate</name>
        <t>This certificate is used for verification of signatures made by Alice.</t>
        <sourcecode type="application/x-pem-file" type="x509" name="alice.sign.crt"><![CDATA[
-----BEGIN CERTIFICATE-----
MIIDzzCCAregAwIBAgITN0EFee11f0Kpolw69Phqzpqp1zANBgkqhkiG9w0BAQ0F
ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx
MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8G
A1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPSJ6Fg4Fj5Nmn9PkrYo0jTkfCv4TfA/
pdO/KLpZbJOAEr0sI7AjaO7B1GuMUFJeSTulamNfCwDcDkY63PQWl+DILs7GxVwX
urhYdZlaV5hcUqVAckPvedDBc/3rz4D/esFfs+E7QMFtmd+K04s+A8TCNO12DRVB
DpbP4JFD9hsc8prDtpGmFk7rd0q8gqnhxBW2RZAeLqzJOMayCQtws1q7ktkNBR2w
ZX5ICjecF1YJFhX4jrnHwp/iELGqqaNXd3/Y0pG7QFecN7836IPPdfTMSiPR+peC
rhJZwLSewbWXLJe3VMvbvQjoBMpEYlaJBUIKkO1zQ1Pq90njlsJLOwIDAQABo4Gv
MIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1Ud
EQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQw
DgYDVR0PAQH/BAQDAgbAMB0GA1UdDgQWBBS79syyLR0GEhyXrilqkBDTIGZmczAf
BgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOC
AQEAc4miNqfOqaBpI3f+CpJDhxtuZ2P9HjQEQ+v6BdP7GKJ19naIs3BjJOd64roA
KHAp+c284VvyVXWJ99FMX8q2ZUQMxH+xh6oAfzcozmnd6XaVWHg4eHIjSo27PmhK
E1oAJKKhDbdbEcZXL2+x1V+duGymWtaD01DZZukKYr7agyHahiXRn/C9cy31wbqN
sy9x0fjPQg6+DqatiQpMz9EIae6aCHHBhOiPU7IPkazgPYgkLD59fk4PGHnYxs1F
hdO6zZk9E8zwlc1ALgZa/iSbczisqckN3qGehD2s16jMhwFXLJtBiN+uCDgNG/D0
qyTbY4fgKieUHx/tHuzUszZxJg==
-----END CERTIFICATE-----
]]></sourcecode>
      </section>
      <section anchor="alice-sign-key" numbered="true" toc="default">
        <name>Alice's Signing Private Key Material</name>
        <t>This private key material is used by Alice to create signatures.</t>
        <sourcecode type="application/x-pem-file" type="pkcs8" name="alice.sign.key"><![CDATA[
-----BEGIN PRIVATE KEY-----
MIIE+gIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC09InoWDgWPk2a
f0+StijSNOR8K/hN8D+l078oullsk4ASvSwjsCNo7sHUa4xQUl5JO6VqY18LANwO
Rjrc9BaX4MguzsbFXBe6uFh1mVpXmFxSpUByQ+950MFz/evPgP96wV+z4TtAwW2Z
34rTiz4DxMI07XYNFUEOls/gkUP2GxzymsO2kaYWTut3SryCqeHEFbZFkB4urMk4
xrIJC3CzWruS2Q0FHbBlfkgKN5wXVgkWFfiOucfCn+IQsaqpo1d3f9jSkbtAV5w3
vzfog8919MxKI9H6l4KuElnAtJ7BtZcsl7dUy9u9COgEykRiVokFQgqQ7XNDU+r3
SeOWwks7AgMBAAECggEAFKD2DG9A1u77q3u3p2WDH3zueTtiqgaT8u8XO+jhOI/+
HzoX9eo8DIJ/b/G3brwHyfh17JFvLH1zbgsn5bghJTz3r+JcZZ5l3srqMV8t8zjI
JEHOKC3szH8gYVKWrIgBAqOt1H9Ti8J2oKk2aymqBFr3ZXpBUCTWpEz2s3FMBUUI
qCEsAJqsdEch+kt43X5kvAom7LC1DHiE6RKfhMEub/LGNHSwY4dmzhaG6p95FJ1h
s8HoURI2ReVpsTadaKd3KoYNc1lcffmwdZs/hFs7xmmwXKMmlonh1mzHqD1/BqeJ
Hc8MP4ueDdyVgIe/uVtlQ9NcRQbuokkDyDYMYV6hzQKBgQD75ahYGFGZznRKtSE3
w/2rUqTYIWxx2PQz5G58PcsTZM89Hj4aZOoLmudHbrTQHluRNcHoXEI62rs0cVPs
D7IlZOLfs+SSTeNEXxD57mjyyufpV65OcNc1mSJAmMX2jWQ8ndnOuWPcc5J6fNvT
au0a7ZBOaeKHnA8XXL3GYilM9QKBgQC35xKi7f2JmGtsYY21tfRuDUm6EjhMW6b7
GWnI9IXF8TGj15s7oDEYvqSPTJdB6PAb/tZwdbj9mB4qj176x1kB/N7GO974O8UP
/PdHkU7duyf5nRq1mrI+yGFHVsGD313rc+akYdKcC207e6IRMST1ZFoznC6qNgpi
nNTuDz4ZbwKBgA5Dd9/dKKm77gvY69Objn6oBFuUsO5VaaaSlcsFOL2VZMLCNqQJ
+NLFZ7k8xJJQVcEIOT2uE7X/csBKdoUUcnL5nnsqVZQPQwI5G937KQgugylMZLte
WmFXlX/w5qzKXtWr3ox9JPFzveSfs1bqZBi1QQmfp0skhBo/jyNvpYUNAoGAMNkw
GhcdQW87GY7QFXQ/ePwOmV49lgrCT/BwKPDKl8l5ZgvfL/ddEzWQgH/XraoyHT2T
uEuM18+QM73hfLt26RBCHGXK1CUMMzL+fAQc7sjH1YXlkleFASg4rrpcrKqoR+KB
YSiayNhAK4yrf+WN66C8VPknbA7us0L1TEbAOAECgYEAtwRiiQwk3BlqENFypyc8
0Q1pxp3U7ciHi8mni0kNcTqe57Y/2o8nY9ISnt1GffMs79YQfRXTRdEm2St6oChI
9Cv5j74LHZXkgEVFfO2Nq/uwSzTZkePk+HoPJo4WtAdokZgRAyyHl0gEae8Rl89e
yBX7dutONALjRZFTrg18CuegOzA5BgorBgEEAZIIEggBMSswKQYJYIZIAWUDBAIC
BBySyJ1DMNPY4x1P3pudD+bp/BQhQd1lpF5bQ28F
-----END PRIVATE KEY-----
]]></sourcecode>
        <t>This secret key was generated using provable prime generation found
        in <xref target="FIPS186-4" format="default"/> using the seed
        <tt>92c89d4330d3d8e31d4fde9b9d0fe6e9fc142141dd65a45e5b436f05</tt>.
        This seed is the first 224 bits of the <xref target="SHA256" format="default"/> SHA-256 (<xref target="SHA"
        format="default"/>) digest of the string
        <tt>draft-lamps-sample-certs-keygen.alice.sign.seed</tt>.</t>
      </section>
      <section anchor="alice-encrypt-cert" numbered="true" toc="default">
        <name>Alice's Encryption End-Entity Certificate</name>
        <t>This certificate is used to encrypt messages to Alice.</t>
        <sourcecode type="application/x-pem-file" type="x509" name="alice.encrypt.crt"><![CDATA[
-----BEGIN CERTIFICATE-----
MIIDzzCCAregAwIBAgITDy0lvRE5l0rOQlSHoe49NAaKtDANBgkqhkiG9w0BAQ0F
ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx
MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowOzENMAsGA1UEChMESUVURjERMA8G
A1UECxMITEFNUFMgV0cxFzAVBgNVBAMTDkFsaWNlIExvdmVsYWNlMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmpUp+ovBouOP6AFQJ+RpwpODxxzY60n1
lJ53pTeNSiJlWkwtw/cxQq0t4uD2vWYB8gOUH/CVt2Zp1c+auzPKJ2Zu5mY6kHm+
hVB+IthjLeI7Htg6rNeuXq50/TuTSxX5R1I1EXGt8p6hAQVeA5oZ2afHg4b97enV
8gozR0/Nkug4AkXmbk7THNc8vvjMUJanZ/VmS4TgDqXjWShplcI3lcvvBZMswt41
/0HJvmSwqpS6oQcAx3Weag0yCNj1V9V9yu/3DjcYbwW2lJf5NbMHbM1LY4X5chWf
NEbkN6hQury/zxnlsukgn+fHbqvwDhJLAgFpW/jA/EB/WI+whUpqtQIDAQABo4Gv
MIGsMAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB4GA1Ud
EQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQw
DgYDVR0PAQH/BAQDAgUgMB0GA1UdDgQWBBSiU0HVRDyAKRV8ASPw546vzfN3DzAf
BgNVHSMEGDAWgBSRMI58BxcMp/EJKGU2GmccaHb0WTANBgkqhkiG9w0BAQ0FAAOC
AQEAgUl4oJyxMpwWpAylOvK6NEbMl1gD5H14EC4Muxq1u0q2XgXOSBHI6DfX/4LD
sfx7fSIus8gWVY3WqMeuOA7IizkBD+GDEu8uKveERRXZncxGwy2MfbH1Ib3U8QzT
jqB8+dz2AwYeMxODWq9opwtA/lTOkRg8uuivZfg/m5fFo/QshlHNaaTDVEXsU4Ps
98Hm/3gznbvhdjFbZbi4oZ3tAadRlE5K9JiQaJYOnUmGpfB8PPwDR6chMZeegSQA
W++OIKqHrg/WEh4yiuPfqmAvX2hZkPpivNJYdTPUXTSO7K459CyqbqG+sNOo2kc1
nTXl85RHNrVKQK+L0YWY1Q+hWA==
-----END CERTIFICATE-----
]]></sourcecode>
      </section>
      <section anchor="alice-decrypt-key" numbered="true" toc="default">
        <name>Alice's Decryption Private Key Material</name>
        <t>This private key material is used by Alice to decrypt messages.</t>
        <sourcecode type="application/x-pem-file" type="pkcs8" name="alice.encrypt.key"><![CDATA[
-----BEGIN PRIVATE KEY-----
MIIE+gIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCalSn6i8Gi44/o
AVAn5GnCk4PHHNjrSfWUnnelN41KImVaTC3D9zFCrS3i4Pa9ZgHyA5Qf8JW3ZmnV
z5q7M8onZm7mZjqQeb6FUH4i2GMt4jse2Dqs165ernT9O5NLFflHUjURca3ynqEB
BV4DmhnZp8eDhv3t6dXyCjNHT82S6DgCReZuTtMc1zy++MxQlqdn9WZLhOAOpeNZ
KGmVwjeVy+8FkyzC3jX/Qcm+ZLCqlLqhBwDHdZ5qDTII2PVX1X3K7/cONxhvBbaU
l/k1swdszUtjhflyFZ80RuQ3qFC6vL/PGeWy6SCf58duq/AOEksCAWlb+MD8QH9Y
j7CFSmq1AgMBAAECggEADgxoWEDDRE5yEZ+s7TMw+WH2o+3XOOrryqnsLbOyv34I
wAAUWK7qZyjd9rSDOAtBOgFhQNXYhWZlT+0iHslCIfqJMZ8wy1iFHBCIphoMSWs5
/D+idXrUef5Y23rClBxXH0g1UnSGXnpUH4ehV6p1lvZMh4OJKEoMC4cpyd1SzXrw
+VGCc1+pXv/tTW3Rb2qoWO9JoWY+Epcssrw5N8OFIFODh4QfbLN6pVTt28aQ4pf/
1KhLoapjFzXSYp/jrcNjYJ9qRdSAbZsKOJ2yZ0yqjLHDCDipFty+W0pkUZcJhsgu
Cg1Stt7tKgSvAV/nEjN8e/vA91/AACKBCNcLzEoLgQKBgQC4eTM6BDCzlusXJBK4
SRC/WwUthJZzfOk2Gmwr0DCTRYhWQSDjBfiQNboazHObVPz45qP10fOt2iPEHeX+
VWAXTNrN69M9lEzxygA3s76lAejBR3FbLWkzLYqPB3oZwSIE7CrWHTXJipFWZv+X
FG1R418fnRCUMJ4j85qem5iyqQKBgQDWhQMJu7FC02fr83qsIdLwqhiDtTpwUN3j
qfp7JoEZOxbm3TgM1xPAkrQTUgfr2ZhXGtUwsuKHyifxQEycrTkBOg0gqAfG0fnv
ybyXK6/guctHJQiy64lL39kPuvQkKB+YO60B/oF6zbyFvqanoKXjpspObN3i3yBU
X5/EOu/LLQKBgQCUVwHWeWAgSg+pgBx9jGOnPK4hOCkznRJ7qyuo37Tv+E317lFf
vYFvlYSd4CJmmiUCkZTvK3FkL7HrFo/HwSeQFQEt7aDkN8jX9bPPFv8K+UoNgkGp
LA8YVFrDQSPyadfNVYvsuXhzJLZSYGjPOGHgI5JufYLDZ4UDK/T97ekQYQKBgDDM
ORCxvXTyGiW2USVu3EkaqFDtnMmH27G6LNxuudc/dco2cFWbZ0bbGFN8yYiBCwJl
fDGDv7wb5FIgykypqtn4lpvjHUHA6hX90gShT3TTTsZ0SjJJGgZEeV/2qyq+ZdF/
Ya+ecV26BzR1Vfuzs4jBnCuS4DaHgxcuWW2N6pZRAoGAWTovk3xdtE0TZvDerxUY
l8hX+vwJGy7uZjegi4cFecSkOR4iekVxrEvEGhpNdEB2GqdLgp6Q6GPdalCG2wc4
7pojp/0inc4RtRRf3nZHaTy00bnSe/0y+t0OUbkRMtXhnViVhCcOt6BUcsHupbu2
Adub72KLk+gvASDduuatGjqgOzA5BgorBgEEAZIIEggBMSswKQYJYIZIAWUDBAIC
BBwc90hJ90RfRmxCciUfX5a3f6Bpiz6Ys/Hugge/
-----END PRIVATE KEY-----
]]></sourcecode>
        <t>This secret key was generated using provable prime generation found in <xref target="FIPS186-4" format="default"/> using the seed <tt>1cf74849f7445f466c4272251f5f96b77fa0698b3e98b3f1ee8207bf</tt>.
This seed is the first 224 bits of the <xref target="SHA256" format="default"/> SHA-256 (<xref target="SHA" format="default"/>) digest of the string <tt>draft-lamps-sample-certs-keygen.alice.encrypt.seed</tt>.</t>
      </section>
      <section anchor="pkcs12-object-for-alice" numbered="true" toc="default">
        <name>PKCS12
        <name>PKCS #12 Object for Alice</name>
        <t>This PKCS12 PKCS #12 (<xref target="RFC7292" format="default"/>) object
        contains the same information as presented in Sections <xref
        target="rsa-ca-cross-cert" format="counter"/>, <xref
        target="alice-verify-cert" format="default"/>, format="counter"/>, <xref
        target="alice-sign-key" format="default"/>, format="counter"/>, <xref
        target="alice-encrypt-cert" format="default"/>, <xref target="alice-decrypt-key" format="default"/>, format="counter"/>, and <xref target="rsa-ca-cross-cert" format="default"/>.</t>
        target="alice-decrypt-key" format="counter"/>.

</t>
        <t>It is locked with the simple five-letter password <tt>alice</tt>.</t>
        <sourcecode type="application/x-pem-file" type="pkcs12" name="alice.p12"><![CDATA[
-----BEGIN PKCS12-----
MIIX+AIBAzCCF8AGCSqGSIb3DQEHAaCCF7EEghetMIIXqTCCBI8GCSqGSIb3DQEH
BqCCBIAwggR8AgEAMIIEdQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIWQKs
PyUaB9YCAhTCgIIESCsrTOUTY394FyrjkeCBSV1dw7I3o9oZN7N6Ux2KyIamsWiJ
77t7RL1/VSxSBLjVV8Sn5+/o3mFjr5NkyQbWuky33ySVy3HZUdZc2RTooyFEdRi8
x82dzEaVmab7pW4zpoG/IVR6OTizcWJOooGoE0ORim6y2G+iRZ3ePBUq0+8eSNYW
+jIWov9abdFqj9j1bQKj/Hrdje2TCdl6a9sSlTFYvIxBWUdPlZDwvCQqwiCWmXeI
6T9EpZldksDjr5N+zFhSLoRwABGRU8jXSU9AEsem9DFxoqZq8VsQcegQFY6aJcZO
Xel7IECIAgK8nZlKCTzyNVALxeFw0ijWnW4ltDaqcC6GepmuINiqqdD94YAOHxRl
1lKU4mLknSJ36W4T7vaI4fp98sK0nGpaDzQheu6BbQ+dVd44q52MDwvqvD0Y7UjF
IVEP3V9Ebfn641CR0mIcVCUynxb3aaKjhgBKTGbYsKtPue974rDPIArMs2Heo8y3
cq+f7Jce0IVCglRatN6rSyJBF8JlBQW5pZGco8AwTM1pK3RrdIDziheA8DIBB+KT
4JZBO6UprlcZ5wBY6ncXWa5E4feb57Cd3bB+zJuubBX9f4yG/J0cSF59w92c/6Qb
i4EFk6tAiz19PxuLLwjco71e69Jiav19Ph/WJpf/XCEurw7K+VAeZALFW41G/D30
WIBRC2shisHB3j8+3fNPcvi4Fy3EkZNW4lrZFAjbBtloCxk5rcfRS7vxucAvC5X9
4bm0xEcdOysnuplH77u+CWWxjCk414SlKZTUbwc1a0B6yRDvojUMZkDzMqsxyYjn
JG5QhMFQrTyALwCgJsP/rAf5xPhG2p+9Qul0yiBIIZwvKNKRQKL+YLcvYvTh1bhj
rUflYzzvviyXCy9LcX2GBop9yBFJzIcmKfL0MGua6WIkWX2BIjhGTtu6VThmRHuf
OsqNg/ZrNCTYa7e1D6gwP5uFRecSZdASf+0XTe6M7e/vaN4Go4A3H8+d53SYQP6n
pTt/a0DTHzY77aNMh+mzkIHC1W3zUdlS48tUyJMiAN3Tt+RfhHZfgloJ7IdcYdM2
O1I+UD/5L9ghxN8dh13Fi3rDyn6Y5xB1xFuZ0mLjoEI+3Pr1+B9Kgf+o/hxFttfx
1uP1XcHt0a4gBr6g7fwGNssfw5S6g6hS9UDTAYOpvLaatil2TZmeYZzij19ssv36
kr1VaRV9xcQCbY05ucD+buymFXPn/rhVdxhgIydmvOtdzDozy0WFDTvgjUBNeRnC
eMVD6AlWdWOlmBqOcIlJS0aY2FWm8Kju62XZA8YIRowlLysuq3zIqDmzmqJFKwuA
mRMZmUVhophMEn86rwob3Z87gNbyy1U/dXi+s6Vybx/kiwDXjfyhWBnhn1gkhgiv
oOhGtt+yAliCVuHQlEloQeQN04C5QTU0d1WOj489Ft6wpvm0tqcl6NpnRYUhbCoF
XhFr4wswggR3BgkqhkiG9w0BBwagggRoMIIEZAIBADCCBF0GCSqGSIb3DQEHATAc
BgoqhkiG9w0BDAEDMA4ECPoEFEHQGB9dAgIU5oCCBDAOrGHyN47xktt1J1VvWQZN
BYIMFzLN6p2/zKotGf7EMdgSdwlxkhKTWxunfoP/gfRD6boXTAA7ukJDsHXZrfXF
KjI4HI2oa/NihwqctphcLonBJXcofuHv+loP9MPLtwu3Mo1wsWTiHpf5XmxMoZQw
fbrp2ohLugJO1ZRB9RfAUpaAhtFg91pLOtXEpz7GULEyOnYh9R8iu9bSel8bpl4S
+AoxzXD4gYiEU6Yi0/47aRstd3H4u3ERDnUKSoqVstslRSKnK/WrGYUwoy7kNDwy
DBitfosMY0rpWEe5rXTBwJkBodcl3LBpDbNzdbrZw+e+yObJ9zfRlMpl0xVfoiji
q9UbRdgN2yo0RKwF6c63V2RdF5tjQHnNIM3K3tC9zEis11jgn9LeOLB9Cd1qyE4P
WfmHN0gwqDF1eX96TmUipmYM63H6jcbnSc6p7eIZtCrqGjhsTqFwcMg04WaXWeHD
ffLXSZdzIUB+zfC8tftUUEOUX3tX4l1oU7K8uAuQTSK/AXwUj+MbQVhlz8te4FVr
w4ulZ184IYqhD3VdIOxXiZkfSKChRz8/7QacrXFvfKkrcrxS2iHMoxhoJ7WETNtI
slW5R5runj61r50VT4HCFNFQfGBbTtV9AdP7yka9aQDWxPCoXFgeb1Q01F/BigzW
02JP5Lcrw7ia0y88QbTzWhi57d4he5OIp0wHUiGPh7s792mlltvuSpRKJkOXWv6h
qAj5AsBB8JNvgXP71Ytx2vMdjw6gqzQcxASJ4UHQg0CxmiODLUP+FHAY1CPNSjbR
pHrTi1UFi/+9hYneQci++qPvkCqMuGHVxamd4OLanGJN1NxE1DyMeduapX5rXuPn
g66LPey9GQuE3SBNC2dmjuOy7d8fWXEZqhqLtPfsuwVzdnWb1uAcjRfQPNo+uWe4
zihYisXK3lqA557dRqdSv+6GL6/OZQOCTaYMyZIWD9jS2gU6T3q2j8uk1LNcL9n8
aSpQ5xWspBXpzXo39fG6CMeqzZlFCqrvQwYhdXbtxn9Ox/pimmWOlcqAxv+xythW
BMx+il1JEdbCj015wjmsCWNPWlM4AVSholpZhs9Mq6rvgBXi1HJgjD0DpSLCE0xh
/GNoXoOX3LrxfCIDEhT8LyZ2NE59yh3t6pm88soFzaAghdjb1Fkc79nBbcl4NLKg
SmL/7GktkxEznOiSYfnfJ905kjZC08d8RnoGfrDDUWD2ZIhbbxOCq4E3E0Zt13aH
JOXRBOZLC9L2JNeSNiBZZGykh+Pi4TsIzXL2UPQ+dy4DDaEf8yamyY04dlhFsnhD
qr94Y9E3O/rpF0yUb2gCehEgT9nppVuMeridsCkHqemmgVr/52Xv/XK9dx4+YBjL
4/3Id0/yVJURqDIHH8o4ogF4rflkzOalrZ9nJFugP0UM8oNysaL9yr7/Dli1juV0
MIIDZwYJKoZIhvcNAQcGoIIDWDCCA1QCAQAwggNNBgkqhkiG9w0BBwEwHAYKKoZI
hvcNAQwBAzAOBAidIqBxZFwvagICFCKAggMgTzrUv4/12Jqnv3AL+P6990uX1ybZ
NcTwC+hMRV0Ho0FuAAybzdSRBAaZch1+8GheU8yz7IYWmLn1PNHxlZ8inIYfmTfk
Pa34Rk8s/RxJIe8LMYL1qjk/FMq/Fpgc0S65S6bXvJ69Hb8gtAoGW8P1b0dd9bvG
NbAk00h5r+IWiH4U8zGpcqWDWRgieGICsY00Hvx4KKMV6FIjFVCTZevORVoyzmSX
ZZgxqrbjw4CZqOWReHPI3aEt5xVX3BihRGi4EIyia6yU10VOZTGBKqWUeKmOA5Gw
SX3mH/kLiya3gwwGvdq1ncXcl7V1STN1HFyp4ebGKg4CsZ6NkWjocwq2PwM/TqoZ
5i02tqvOeR8lX7LrSegxGH81Kw3nMV4dH5txoVt9hddZCKKGcJ5Z8FlzxFP4BFuF
7hOmRpUPdxiahJ/GkXDVIAw6BJKd4Q9e6sjJYxTeq4uOP6V4PMuDU7F98X/d9sEx
2X3b1cJxuA7xtOnKAPsWEyWBg98B+CKG6KwO5s8TlZVmlk15FCUjvFoKCiWIKF4N
vGLiWOIP/jJ9N6Gqp4gNbm51zNFGZ7gZAtvsBSGQSOUPgfZcx2mRxpBmcX8tm5YJ
hmY9EDK13umUUGKrPOrG8c7/MVAQegSKqQuXSfMK6KknXGe7jwjs7xaQaRm9fFHS
0KbGU3MsLxRGjW/jzjUNAEWDiSYPCVo8E/kd8LETvjAowF772y9o0X1ZzcP7HWcl
oYcO/WSSh4e+FAbgqLo/8KIkGzJ23BAcdx8XAtxzUZhRdHaItnwaJsfTr4TCwq8C
XxJG5u44/z6imqQrVOaXQfvk6sSNGdG62TkacYg2K63D9hcg+TbZPPVSStWXyj8S
N84anzTOxb1yx6aw6IL+uBLC4jISgNFijaF5pwjLSbgTs5Z7skZdCam80xYmdJVO
ES/uqFCQFUSamXXNbotviQk8jWuJFz+BXzPYJN3t+3mp6SmgTZ2zP8FUQEE4GbSH
DqYV621DcWRo/mao8xzX/mvkKm4ddGBldiusoHZaL4gdo2A1qThSMnMBsciC+jEj
DqOr70XhHccTDW8wggWUBgkqhkiG9w0BBwGgggWFBIIFgTCCBX0wggV5BgsqhkiG
9w0BDAoBAqCCBSYwggUiMBwGCiqGSIb3DQEMAQMwDgQIehcRLmVUApMCAhQOBIIF
AHb5dXZKzCeRUo2ZSj0oyuFS3zQ5HhKyfapsyCqbYCKv/lSzNYWvuda7xfa+uOM7
/wCB9sWdz0MTpaBMHWx9hvibZIY65oM+ry4tTuKKqOJl37OsnjB0dSNTKszsI3fa
PUjslxqIH3aC1shD7OqhIRGZzRjK44PJyWv626oQrgVtTYR9NYTdee+SbBZbkEt/
EpWipwftWXGR6tSYJQn99eO9Vih8HyQvwIpidUh3pCFOlow4VZyAqIWOHcw9TAjB
XNv+qfdH7fiX9wM5/GvnQReIsqjXCUoc6pSQIAqD/f+I/d1F2ZmqM7KwX0LGRER9
OWZGyF734pN9GLbNetWm6rKxmlSI/5m6+2Jxxfann16P+vBSEgWJ/I8GnJAdzIbB
Tyfjog4Gi2+lmrPzK7+C79ntM9nfsr4xVzy/BknwZIaJksd4VvOGkS9nfM6shtBJ
B9uR+GJfthtsvIVUHN0kz2r/lVzMSRbOg9yR53hv1H/nXCmUjWz/BvobmoaVBcCm
mOnnYZTHMNarIVYdLQFif5ZLH7WV/XVEVIoRntNRiKsK96VAHm5XboWQGCqL0heh
IX3Nily1genGm1aFlSQNMvLDko1ILDTKrINvPmjG/WFoLntpJFPtYZsooT1jjXLw
3VTSodtgKQNdPYOEidSJqwIS87fzrCB2Wmwys0iGfdsuNhSaqNqa0dMO6FiW2fku
x7H+w7SX1/n9YeZUNLOcewLcC7E8IA1IarjglZE1L6Yb2ldXxV9q3PPOwKuGnah0
TKnD6mLn5BIGOGTzF1VspXRrJhFrcLe+xsJR1r6niI3bcMWXXy7gbm1X/CRE902I
ynxE1oDR+xZ6rjPWDJP7kVf4GvA8trCGrot4pbJbmwlBeMIylScdQoHEnyqrenOn
RMmXZaKzl3njtq7Wk78qoJq0a6Vh/sde0KcOPFkyTZdMBlTztm0K2VJU3jUVzPlM
0WY2fyGDoA89ol+/MiNsgiaEghGybXBYipOex+p7j1GIRN/CKmpWsqjZnB78kyXm
Z6AE1vC6neD/7zANInDkzXiun6ic72LoBX3JGiCSuM6hIPJ0AcDwlzTDu0H2rCQN
w+tivJ2v4KbgeKoc6beQb5fZHs7VsWHikIcpwqB5ngwt34wHgFG0nTS4lZmvzSJ7
FMRVGmsDYkDTpZzgNOaxiUBQMcEvxNIe3nAmA+dvB7w6XRQVSUsL+vBFhHiWGZ7h
k5sCeHElewXK0SyJADgfFlYq3EfEgZ13h4wtoSfbBVtzbbyg2LNegUCLfIJkc7fm
T7X7JSxbjOgndMHEeMdVb+NFxbgsXYrYD8rC2A8l5cQzZrsxb1bvgybEJz+NU/52
UgGrPmdjJKuGBK/V2zor6qPvKyId1Gb4QQuIoyClwhZ+qk9nE4Eft84y7ISgMywH
+lw87HrSHKfpqzQhCxlrLu53IYK/4PhE7BYC9Q4tvIsZXSGZ+nju4tyzERSlaNe5
njUeIENr4B/+kXULwVDcvMFHqUFJMkFai8FUga7gyipZ+654clGgJjnNBO1va8Jc
dtdPRRW4gwdrVn8u8J78KBzt6ChkrpKRV8VeWKBk9lhcT0ZNpJnNqhDrkfzHBqP0
Uo133I7P7C+h9sNDI153W6IOIodyQE0Av1WxHo4y/1d1VeGDaB7hOSDq9ZMpm9n1
En7F6/1/s4IUZHja/qRrK9hD4M0Xq0LhFXuUzuipo49OMUAwGQYJKoZIhvcNAQkU
MQweCgBhAGwAaQBjAGUwIwYJKoZIhvcNAQkVMRYEFKJTQdVEPIApFXwBI/Dnjq/N
83cPMIIFlAYJKoZIhvcNAQcBoIIFhQSCBYEwggV9MIIFeQYLKoZIhvcNAQwKAQKg
ggUmMIIFIjAcBgoqhkiG9w0BDAEDMA4ECKq4DtyiayOyAgIUpQSCBQAKQtkPOS4s
LE6Os7nP4RaJWBuyXl27V/o6TusBRBgQoPzP+aC+O99wgisEKedyB47bAzcO4sba
4q8UkERAsYHcEhdD2hGRCL7ou9jTtrr4RgZpa5V9CJcBO0t4bqy2lUefOpm6no+R
X840uyM4q5Q+cfH1rTQ1a/a+gLglbptoEkH/4dfR3ELYiXcM5UrBYTJOHcyME8c+
TXbpf7kiplTtlsrlZyU5zrWcxngrBxwFA+O85W/uVR3QZSW+EGx/VCYwGruZlNyt
BvBYjsYsnC+yKYXbqL81DgOePy+eh6VX64SwBLXcWcY+NK2EZrhzrUFjl+PXFKY3
IVVPJhTE9o7gJA0hzvAanOluWXozD3/WPQaXhyIJDwM2MjznjL2MBydpy9K8Cio7
XaV6PX8DszIZkfI4DAz5f7G7WbwUq3IjPPPWiUv+JsR+dnqzWDJ22SXc+AdQP2sK
qMvP8gOpHOsVlXXE76c5rUcZCZD+gGv1avO7YttWqbDqLj6oQEIJ8LX0Qvwd0YEh
etE0bJ5uv2njhQDhLkH/JIbmFSgJZeM8dtKHb8f5wZc2B+nXGB+TFboGzSuP7gaW
u1vKsJNqT/J/FYEqcamI2F+td7z1sGfbR9ckAcxXeb2uPVbCJ1a50gRlz9qVm5Hb
5f53X7aoQQp3F3LDGQmJ+GFQ/oXXwabqn4TvNO9KDhxpGcMMU9RnugUfNU9GBec0
vfrzmVKZdmJ36HOmMnLvgRakRhCV3kGABXY83hwUv17E1qASLKcAWIachkCCGpBG
yGtP2IOZTn7PsLJR1BzKnePa7MgFcgoCToIpdQnCTtAsalmBm1s480LN3GB5ojeG
bQvNf9TAviA0tg5VuT4/O48V6uYSJsIZsawm3tGA/LjxyfV1aLddQT5Zf5ZX9BX+
K/PB4oYAFxtUpMK/aL5G1MvppUJ9CjqAtnoKE+EkdQmyZ1VoDO9ih44zuRx6XV4A
EYafNB8ygjRHGsvPW0/M0Es0w16wzJHTuf/15fD/nH7Xh5MzhCF0CtvLn8v+S1Po
i2/40O6pS2byjUFRbeCpzEpRxdv90LCb9ALdy0yG9u41W3yInKNFnaWBulfOPFCe
ZT92M1BgwJA8ZcydtiiunRNAH5iWLSPloUpOD1v6En+rat+PoyRXIy2fLHBL25aw
LhABoZPgRsCiLsiNiohfyngksrQKeRgOlaBMT92J8r1E4sUKirQlcOdiWBE6vmBS
XzyN/twvfgPNIXgR0rw6c7VhhS+hNTrsttg/xcfvJ/bftDbKm+RZL+yQoOkkAf9R
5tizyMdMBlaMrpfrBxvNtMiykbZ88SYoA70Trwab2aHQluVhs8OjXGBEOqmSudcS
dV1EhBpo9HBsDZZi0IwOp5/B9fCHdnThCTiUm80eQ6mX2/DB9LlNh7gHOyLL3azT
m12D0ZpZNaXyxLzdiRiAdwpWZmmegOOG70yi0D5eIxh6cbnbuU6Ygdp+pFFVYHfA
vc5Czpne2OPhXX2k0Okbwawr9AfrFjIfAEmBFx5GBGr/lSiUQSkbUC/s209YgaOg
WTYt3KXPzrThJJGZnnXZRTGfIi6vp8RsnPX35+Dxe/Lp3gXDdIJeWG6XVA8t3fsp
coTqPkm/XGNMmOZ81KX/ReVdP+dC93sov2DuDZbYGPmHlD47bOOiA68GD64DEuNt
Q8MhWk8VRR1FqcuwB0T0bc+SIKEINkvYmDFAMBkGCSqGSIb3DQEJFDEMHgoAYQBs
AGkAYwBlMCMGCSqGSIb3DQEJFTEWBBS79syyLR0GEhyXrilqkBDTIGZmczAvMB8w
BwYFKw4DAhoEFO/nnMx9hi1oZ0S+JkJAu+H3/jPzBAj1OQCGvaJQwQICKAA=
-----END PKCS12-----
]]></sourcecode>
      </section>
    </section>
    <section anchor="bobs-sample" numbered="true" toc="default">
      <name>Bob's Sample</name>
      <t>Bob has the following information:</t>
      <ul spacing="normal">
        <li>Name: <tt>Bob Babbage</tt></li>
        <li>E-mail

      <dl>
	<dt>Name:
	</dt>
	<dd><tt>Bob Babbage</tt>
	</dd>

	<dt>Email Address: <tt>bob@smime.example</tt></li>
      </ul>
	</dt>
	<dd><tt>bob@smime.example</tt>
	</dd>
</dl>

      <section anchor="bob-verify-cert" numbered="true" toc="default">
        <name>Bob's Signature Verification End-Entity Certificate</name>
        <t>This certificate is used for verification of signatures made by Bob.</t>
        <sourcecode type="application/x-pem-file" type="x509" name="bob.sign.crt"><![CDATA[
-----BEGIN CERTIFICATE-----
MIIDyjCCArKgAwIBAgITaqOkD33fBy/kGaVsmPv8LghbwzANBgkqhkiG9w0BAQ0F
ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx
MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODENMAsGA1UEChMESUVURjERMA8G
A1UECxMITEFNUFMgV0cxFDASBgNVBAMTC0JvYiBCYWJiYWdlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5nAF0glRof9NjBKke6g+7RLrOgRfwQjcH+2z
m0Af67FJRNrEwTuOutlWamUA3p9+wb7XqizVHOQhVesjwgp8PJpo8Adm8ar84d2t
tey1OVdxaCJuNe7SJjfrwShB6NvAm7S8CDG3+EapkO9fzn2pWwaREQ6twWtHi1QT
51PduRtiQ1oqsuJk8LBDgUMZlKUsaXfF8GKzJlGuaLRl5/3Kfr9+b6VkCDuxTZYL
Zxt6+a3/QkaC3I9m2ygPubtHFJB5P5+s8boROSKm1OB1gsLow8eF9S7OtcGGeooZ
JiJUQCR14NaU5bIyfKEZV2YStXwdztoEJJ2fRURIK+8YnwlB3QIDAQABo4GtMIGq
MAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMBwGA1UdEQQV
MBOBEWJvYkBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud
DwEB/wQEAwIGwDAdBgNVHQ4EFgQUF8WEe9Cn73aQOLizbwi8krWeK5QwHwYDVR0j
BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAG7e
QY6Px7WZC5vCbF5hjOitxoz3oyM+LRcSTGWoYXdmlwsNUzy31pE3dtADvevRtsP8
uN7xyfK6XZBzhShA/BtkkqYGiFvXDpluOxWmqC0WPmc1PNK2mHil+pGMfvnUwnxd
6gKcHED5p+bUhDyIH2fy9hGyeOUs8nvi+7/HwBipN+nA/PfsPn+aU4l1K6qDoG/i
kwyuiWcFFlc5yE5rkAe2J0/a4+HtzNmTK4jB/4GbyI6xlUszPlEqKE+Es10Xut/y
UWL5nKKaqpRRd07Pq371MpFQs2+zXt4fGheKzZU3XXrIPcAPyJjWiyU1DzpqgSJM
OIp/HtXdFscHb9+Qic8=
-----END CERTIFICATE-----
]]></sourcecode>
      </section>
      <section anchor="bob-sign-key" numbered="true" toc="default">
        <name>Bob's Signing Private Key Material</name>
        <t>This private key material is used by Bob to create signatures.</t>
        <sourcecode type="application/x-pem-file" type="pkcs8" name="bob.sign.key"><![CDATA[
-----BEGIN PRIVATE KEY-----
MIIE+wIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDmcAXSCVGh/02M
EqR7qD7tEus6BF/BCNwf7bObQB/rsUlE2sTBO4662VZqZQDen37BvteqLNUc5CFV
6yPCCnw8mmjwB2bxqvzh3a217LU5V3FoIm417tImN+vBKEHo28CbtLwIMbf4RqmQ
71/OfalbBpERDq3Ba0eLVBPnU925G2JDWiqy4mTwsEOBQxmUpSxpd8XwYrMmUa5o
tGXn/cp+v35vpWQIO7FNlgtnG3r5rf9CRoLcj2bbKA+5u0cUkHk/n6zxuhE5IqbU
4HWCwujDx4X1Ls61wYZ6ihkmIlRAJHXg1pTlsjJ8oRlXZhK1fB3O2gQknZ9FREgr
7xifCUHdAgMBAAECggEABcQg1fTtieZ+O/aNdU149NK0qx97GLTBjIguQEDDBVFK
2lu4PhBg9AdgAUqLH1PE+eq65JaGZwvFH8X1Ms2AKiRzYsPOQIoJ4n1hc69uiEN9
Ykcv4QHOvvqtCtWYjJyb5By9WPeLH6QynJ6FlBoSqxhURSWyYfTuwqt1OHEhsUuH
d3N5BmbFiRBNj4aIA9zz+i5xL0m33kMKai/Ajj3sI0AJsZ5ZVAhYbC8sCt1Xevb6
i41p9S6GSwGC19by+1y9WC1QGtb5GDotvChMvmZS/O3NeDc6xC/LZoQcHNVgiZd7
f1g6iEkJlCYK+D7xsd7Y630w75Haj0vnlhiJObSA+wKBgQDxv8jp2D6IVRGgYfaC
nUU3Mg70wagX1fgPHO9Sk6e9c8CgORh2uwWjpTawu88xBGFyZ+xnWqr7GCNsltas
3m94ri4A4R94+5uL8+oOLC26gMDfzATd1Q3k/h919YLk89tonQEUbCFZJdphThEb
vg2W+nNsEVcQGuClzhX0AyGMswKBgQD0BYk3sdGQbBA/hYD1EYsZfYebUiYv2lTt
VGRgTohKFclRAWOtGP9YRbKyEVkBLhjgkXzS9xGqKywP71z9Iny+zDGbzk8ElB/g
lS7GFGX50TG0ISfaFWTYdxt4mN9pduZE2blT/26uyU8DXCEBhF/OqhwQjJqKTYTT
Rl3Ara5fLwKBgQDQyVtjIyD2q8naY2D8c4mo3vHtzyc21tQzcUD8Z4vSYps1hbos
KN/48qJmRv3tjqP+o+SXasYKsFE/4pIroLxTVNNkbQm6ektfttwpO1yPG834OwLk
97HVWOig/tX6mOWg1yBsm+q9TKTrrvm1pRGlmE6BQgSYYy4r5O4u3VlnYwKBgQCl
B4FvWyDhTVQHwaAfHUg3av/k+T++KSg6gVKJF1Nw1x8ZW5kvnbJC3pAlgTnyZFyK
s5n5iwI1VZEtDbKTt1kqKCp8tqAV9p9AYWQKrgzxUJsOuUWcZc+X3aWEf87IIpNE
iQKfXiZaquZ23T2tKvsoZz8nqg9x7U8hG3uYLV26HQKBgCOJ/C21yW25NwZ5FUdh
PsQmVH7+YydJaLzHS/c7PrOgQFRMdejvAku/eYJbKbUv7qsJFIG4i/IG0CfVmu/B
ax5fbfYZtoB/0zxWaLkIEStVWaKrSKRdTrNzTAOreeJKsY4RNp6rvmpgojbmIGA1
Tg8Mup0xQ8F4d28rtUeynHxzoDswOQYKKwYBBAGSCBIIATErMCkGCWCGSAFlAwQC
AgQc9K+qy7VHPzYOBqwy4AGI/kFzrhXJm88EOouPbg==
-----END PRIVATE KEY-----
]]></sourcecode>
        <t>This secret key was generated using provable prime generation found
        in <xref target="FIPS186-4" format="default"/> using the seed
        <tt>f4afaacbb5473f360e06ac32e00188fe4173ae15c99bcf043a8b8f6e</tt>.
        This seed is the first 224 bits of the <xref target="SHA256" format="default"/> SHA-256 (<xref target="SHA"
        format="default"/>) digest of the string
        <tt>draft-lamps-sample-certs-keygen.bob.sign.seed</tt>.</t>
      </section>
      <section anchor="bob-encrypt-cert" numbered="true" toc="default">
        <name>Bob's Encryption End-Entity Certificate</name>
        <t>This certificate is used to encrypt messages to Bob.</t>
        <sourcecode type="application/x-pem-file" type="x509" name="bob.encrypt.crt"><![CDATA[
-----BEGIN CERTIFICATE-----
MIIDyjCCArKgAwIBAgITMHxHQA+GJjocYtLrgy+WwNeGlDANBgkqhkiG9w0BAQ0F
ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0xOTEx
MjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFowODENMAsGA1UEChMESUVURjERMA8G
A1UECxMITEFNUFMgV0cxFDASBgNVBAMTC0JvYiBCYWJiYWdlMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtHAlBNMiBIk8iJqwHk/yDoFWwj8P9Z1uYdq
1aqIuofvjoAyjdA8TbsBRGdmvaIOSQOepsNjW1ko7lE8HlDs9JHn1E+tzH3mKfn+
G2erY+alkMJTXPvMAUdCA8+e1OJ7k91gYXDpzIWrP3Kc0xTlsJ8tGJ6mhydJX3wP
0/HuyHpfKQQfDusPH8S5yidPciWuB7Wj0X4xY1pUAz2rSSAlnGvhEzKFbW43BPjY
XPUnRWMtXFya1djq6Eb9M/klbhdZheDLLsjLUSXYU70r9VXGM/qcjd/NhWYphCeB
cqswaM5mXLYdm0mFmqoecF62mUE0DiNdhwKTtnefd0cll+D3FQIDAQABo4GtMIGq
MAwGA1UdEwEB/wQCMAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMBwGA1UdEQQV
MBOBEWJvYkBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1Ud
DwEB/wQEAwIFIDAdBgNVHQ4EFgQUSrOsMVMCSZxN42554CVhlT6IYiUwHwYDVR0j
BBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29FkwDQYJKoZIhvcNAQENBQADggEBAC2c
Y8FgaxgB+Dx9gAFj35ae1vgzYiWI3Ax3FSxogo/GzpK//LB4215oeBuKXbm0ixBn
4nojxD7PMlM0i+ilAvVNJNaHY9TtgIgq8V/C0C7vL8SdBN01e5ZRI764ohu9ivYv
Ixvvt7gzvSTpe+NUT1i09xNgsC8v19WB/BwkqMAgDqMxqCxT4fyrvVwpxNBke75j
E6Q3xCjfdOWYcfMLK7EsTSgimYuonZjN7v/yqTdjn/iVH+agL/2MlSfiU36w/Yf1
7EM09uKGH/Javh+2Vjd0j8rE/q2Iaac5VI91M6xz5oDZUknycBKKinR+nJWMt5AK
UAaL2Mjl3YtrUGBpxxY=
-----END CERTIFICATE-----
]]></sourcecode>
      </section>
      <section anchor="bob-decrypt-key" numbered="true" toc="default">
        <name>Bob's Decryption Private Key Material</name>
        <t>This private key material is used by Bob to decrypt messages.</t>
        <sourcecode type="application/x-pem-file" type="pkcs8" name="bob.encrypt.key"><![CDATA[
-----BEGIN PRIVATE KEY-----
MIIE/AIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCq0cCUE0yIEiTy
ImrAeT/IOgVbCPw/1nW5h2rVqoi6h++OgDKN0DxNuwFEZ2a9og5JA56mw2NbWSju
UTweUOz0kefUT63MfeYp+f4bZ6tj5qWQwlNc+8wBR0IDz57U4nuT3WBhcOnMhas/
cpzTFOWwny0YnqaHJ0lffA/T8e7Iel8pBB8O6w8fxLnKJ09yJa4HtaPRfjFjWlQD
PatJICWca+ETMoVtbjcE+Nhc9SdFYy1cXJrV2OroRv0z+SVuF1mF4MsuyMtRJdhT
vSv1VcYz+pyN382FZimEJ4FyqzBozmZcth2bSYWaqh5wXraZQTQOI12HApO2d593
RyWX4PcVAgMBAAECggEAEvPt6aAQjEJzHfiKnqt1U7p4UKb5Ef4yFrE7PdTLkeK2
RjncIhb6MeevVs8gO6co7Zn8tuUT95U3cOXLhVOWTvaHYeurTXaknICz3IeOoSl8
skiVZko70uJ8pR6asWUlr/zOjlEwZ7RnEUWet97oM0YeA07LDFDkF7eUq//6bfzT
ewr/QfDDsv+erwJBh+9CRHOJyTuDH1WeGxYV8VK3M6VhdTjFxXxFhrQ4pBe5J/UA
17Bd2GM8Urg6VYzVo6x4ajnc1H/ezYLdc459poTffv6Fg2trqFVAj2IrQlAeqjda
lemsa6Np801mUGknq3fjKS13RYGBv/48rCHOT8eRgQKBgQDM5TuS4ANQjOYoOgtF
xoVjbVlndOo+SmdFkZihzQHxcbLY9HXe5HlbLf1IMXz/nERxl+SmYuuJk0EdiM9r
HOCcHRLfBmC7t0GdVvLDHSAX8Ec47LbtKZqyM1U9dn7Z+5q4iywqpaP8pP3+oY57
cgtQax1jle3xhRAj65cl1RBmQQKBgQDVbLqK6wKDfSdZuMZGUtOY0rtamBDCgEU6
rEqBAyCPy5NpF1pomUFcYKWT/wbReFqtuyq2OyiATB0yHHMko46BUtN7qX/m/skt
DHWXVWs1+G4IgEMVokM9jjrkgdY5grrJ68sagKC+bgv35BizHPIqgQuO6qnPSrM9
bevwbQEj1QKBgQCiPE/zeBSnzyjeaTdLxGkR1R+ZX2WqdNdYqnQkiWMkflaSmt5J
4raEj+GhLC5BZsZ6+z480M6XXFWOwSkbMv5WHl824KHvgKcfoh0OiR1EVyjN1gDx
wKOQvjycMhs3FpXn0arjCczS2wGSgPGEpUR4JJhcpfaF6kphZsWDWzVlAQKBgQC2
ivbKltNhj4w2q1m7EGC3F5bzl5jOI1QTKQXYbspM8zwz6KuFR3+l+Wvlt30ncJ9u
dOXFU7gCdBeMotTBA7uBVUxZOtKQyl9bTorNU1wNn1zNnJbETDLi1WH9zCdkrTIC
PtFK67WQ6yMFdWzC1gEy5YjzRjbTe/rukbP5weH1uQKBgQC+WfachEmQ3NcxSjbR
kUxCcida8REewWh4AldU8U0gFcFxF6YwQI8I7ujtnCK2RKTECG9HCyaDXgMwfArV
zf17a9xDJL2LQKrJ9ATeSo34o9zIkpbJL0NCHHocOqYdHU+VO2ZE4Gu8DKk3siVH
XAaJ/RJSEqAIMOgwfGuHOhhto6A7MDkGCisGAQQBkggSCAExKzApBglghkgBZQME
AgIEHJjImYZSlYkp6InjQZ87/Q7f4KyhXaMGDe34oeg=
-----END PRIVATE KEY-----
]]></sourcecode>
        <t>This secret key was generated using provable prime generation found
        in <xref target="FIPS186-4" format="default"/> using the seed
        <tt>98c8998652958929e889e3419f3bfd0edfe0aca15da3060dedf8a1e8</tt>.
        This seed is the first 224 bits of the <xref target="SHA256" format="default"/> SHA-256 (<xref target="SHA"
        format="default"/>) digest of the string
        <tt>draft-lamps-sample-certs-keygen.bob.encrypt.seed</tt>.</t>
      </section>
      <section anchor="pkcs12-object-for-bob" numbered="true" toc="default">
        <name>PKCS12
        <name>PKCS #12 Object for Bob</name>
        <t>This PKCS12 PKCS #12 (<xref target="RFC7292" format="default"/>) object contains the same information as presented in Sections <xref target="rsa-ca-cross-cert" format="counter"/>, <xref target="bob-verify-cert" format="default"/>, format="counter"/>, <xref target="bob-sign-key" format="default"/>, format="counter"/>, <xref target="bob-encrypt-cert" format="default"/>, <xref target="bob-decrypt-key" format="default"/>, format="counter"/>, and <xref target="rsa-ca-cross-cert" format="default"/>.</t> target="bob-decrypt-key" format="counter"/>.
	    </t>
        <t>It is locked with the simple three-letter password <tt>bob</tt>.</t>
        <sourcecode type="application/x-pem-file" type="pkcs12" name="bob.p12"><![CDATA[
-----BEGIN PKCS12-----
MIIX6AIBAzCCF7AGCSqGSIb3DQEHAaCCF6EEghedMIIXmTCCBIcGCSqGSIb3DQEH
BqCCBHgwggR0AgEAMIIEbQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIe/d6
qDQ/28QCAhQGgIIEQJKA5kzRVm9d6rEwC/0RyBSgpPuSROUQTjspt6EhBZlgHc3u
FTCPaO5P/vpeWaCnBRarGFn3DmqA3JT+59bmRpGdiP3Zrlk2EbHi0yrd2P3UFDnX
qRkkI+7pf6eOHWJRntJA+KJS8v3tZ/hpiEKAEav/Mq0IFNFyEiZpCkbKCX5auDb1
p5c3J2MNg/WNBfpGJUHKVIzuIF3H+8LfFgayRsDsppoUMffR+GmdL8nxLiqhraHD
+Iqr3LpEroNi/iZQWUTFTUlaePf/2KMqaHOuy41IVvcH1jIcLXHGNa66S8AP/Hj2
TJPPg/lve76DVaGdEnx4QJd4pBFQac90zmhxU1HZrvzubK9t4e5lr80wpd2djvZK
wSLzUgtQZXq8pSs1r85vrb3KItdYGF6SZpX029FS7rY3uYth5SYVUQWdUYYY3S0/
nsaLg4MCWUO4Sh7nYJZl5Ijkk9LS7JhmwKvizHRRTXbLyRDH06e+jCRgLcU2WSUq
1bEr9Jy0ucK8zNPTf8HWBTS0ubvy4JfO3mVp4REX/8ozXlLztWGblFGbyaJ9Y4ga
LM3JpKxMtb1UTxoAyj3iFwGlGZFGKBlWplr+OdkKkC4dloFE22IINfLdRNLV9mPO
aGZhsDheB8iVOtN01u91BlU68Q7AL1ryXWUSjouKGRSU6uMDLZ7rw0wlZC1m4oLG
BF8CmO4ELmbOci78fBs/qDXlf3BJazcNtciamEsQPYRGkHASBRYtoDfVy6mTT40o
obdrZigcvCwttDBu7RtynAQVZ8DvKzxFGhe2p2Yc9H5A5ML7IwqNtYzheduBAQTE
jAU2jMqwnZN5wULEnH2TF6KAQNrKdtBYMbqkToKgxf5Zf+cJZbyQq7WM6nVfOM7g
kcFdeHDn/CWoSNHI1+JA3wSDM06zkU5HMd2MpT1RLTSaemImUKCAGYieJmwNQxR9
aYHBBw5BNBw1XRB7WRka2Uah0Xq/wAgaI/o9L+mShDRFJjFi+t8AV3KR0WWHg02O
9qchX7P5H3Sy/tq8yUQIol+hRiRjkfi9qy6AxIRttrK4WbW4scUtBZSkg9uFkTVU
ybnV6WvBpn2SrnwF/E1ueKARVmouWJ/7fiLJXk6wVvVtuBZw2gE5QGfuCwq0PQsC
xPx8MhNl1KZYDVCGsyUr/LMHeKNc31S2HLGQK7kh/o+QQazafiJocQ+kRbS1VX1D
nQlIhz4zvKsBgzHpoe3wQcfAY5sp2ubepsZ5T/YHkmroBmvA4g1vi7nlCetgxXrh
2V6OXvaZ+BnfsYxJeUZGnNMNEDFlzS7xB18ojtT5JN0o+9tLsdikdikl69IsVv+2
eCv9Go+wh19cSAL24rkzdKVuiIAXS7tzel3eWGjdKoq3Ke+tfJtobSGrB39xgLVr
3ho63hd+qTUyjcAhVL3hAJinv+/KT0jR8fq+CDsXMnCEWugHhwB+66NOr876MIIE
bwYJKoZIhvcNAQcGoIIEYDCCBFwCAQAwggRVBgkqhkiG9w0BBwEwHAYKKoZIhvcN
AQwBAzAOBAjiGuDSkfG4UwICFLWAggQogyL08hPtUl52dkO+BVimcGXW3FmDrT0D
gU3Drd0P76KzYzd2lLuGb9dx84wx0XnFIXeBM4F3QSDbCK4tOuJ6JRaEeUoCAyZd
XyHtLjVeuozt2xHBDUgQVEO1dZHtk1VUgzLSCha1rXjcwpa4+8xqqoVM3Cl5uBh6
QLUNey8Z3YlKlk018Tdge6OOUrg72BPKppNfJlN4TnOFwMVMA/qHAJl4pL1YDpmc
5BZm4tMg0HvPiz96uwjEhw1GZFGOgZIogeVJuqCNiZPDjCFEDgnCw6sciS5Bi+dX
Km0VUdamSr93e2eEPLbzxZR0E0A3IcOj66iHuZpU9YhKzsAIhLMxT8kF81I0ZZzj
8N+P1hnkjdVWuJLg77pkXxQJyvuT0e2oc9r/DCHjckneen3+E66IKsYbib7sX4g6
2oFBJs+7xQopy69pC8jCn3fx61t7AFx2RIvuVHY/eU4sXoWkJNqQ3Vxj2SPWKjzJ
4IIvWVxIFiQjjOtDFdGYPGukJXn62Lbb8CFgam9s4jDKnr0LHIngVeUIgi4wkvva
QzZTzXfUApezQgQqy4x+ogdiYF1UOa0OaqvrGRiiJlMdRi0/MDy+jzkX5cULhxkF
vdBNCirv+3zBaiJ5Eu6q0zP5Cxi2qXhSbehZqvTPB4dD/vu9yxHpZmUCvzm7H213
Tdrb9WxHOc92ZpBzsfiCA1smVwTDFVGa/kqN6noPw0qWZANIk27/+apsTkBYaVpa
jpfn9eydi5eV2+pEQV08fh4OJfiKbHS0l2E3Gp/rPm9lVgmCmjBWh+Di1k4qgF/f
lsxWgzXNOxPntpohnM6AZDxW9Sk+BElDLYS4WFwUg679BsJG6hQqAZKvG/8agSH2
k+TKKYUbXbFVCB0+iuNZIwgf4qxGzvI5+Iok+OcxuGCqwOu30QbfECEG01QbKETn
ic3kMiZ5Cxt7NQSuyEYAQ/AmvM4qo0x7Tw1r7tR8BcAEF6fGxd2VXIV8Tr/pXGO2
HL+0iIHs+Ob67zlTHr7wUB4tCp9LC3IIWdsr7KcSRNEMXpUIFI0etCjNgCU3iT+R
915215OfWNGxQfaXTEyMVNaT1HpwihIisSb9QHbagaRLbYmqJ+ILSECADYQPEWf+
LTO1tcOhkIb6BiwVWUuOOqNj6ILJM2XvmknATyUj9MYcd77xOJzMrJE5VtaM5BVT
oRpcOLfhYOmihceGSEqXX5golkqfLUze7zlslNWMYTTLw6tC6I+c/IUIWJnZT4m2
RbTQ0krfPn94zbTjrG42HS5+Ke3ySV6Fv8MZ+s93yY1v9iB6cVPEUteLRc+C7e7t
lw0bQ2+MyAkjenS5Td+3tC7lR42O2CSfY2SaOsRv+EaYjTGzf9F3TM706o5+VZrM
gtIKtw2okRcjRhaKDfhui6jo46YYzWbrgOS3vzc60VcwggNnBgkqhkiG9w0BBwag
ggNYMIIDVAIBADCCA00GCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECEyHXPVs
ncxTAgIUQ4CCAyDSBlYeFnsa4vtKApbLnd9FENDYeYqkKmj0lkDagMqHC22/nQ9v
gz2lOo5FQJoaJx/WSorQt0Jny1QP9vZd2t+bkfoaXOR0MtmFY5SOtYEudJplrCz+
ZEw8JlePJRP0Q3lnwEiSk5NnXLRWNzurIeuyZEd1VbTvi/rF22sRWlmU335L67zj
P1sPeXkBpIYCPLHw8E4rkaC8G1ko5wyrnhuqL4ItzhvOORvgRaDflpP9WTj9LVUv
FD5D59zgb0ptaW0jIw4JplIGXIEZIynW4KfkWy2YJvsXiuLHvN3Z8qL6VtxNGk1s
g340uKkUUlzmtDJqGT9RVkoYBXxN7KYesbSttONhPwdv/MxHrEo8TGHZAvbmwgft
hOUrc/WVtUopPEs4QgrsA8d0MrSd5lVtPW0XPsBPEnLuh7dqAlmgztYlP4Yztk2/
JJ+E4MosmhRjbKzM2N5WuGlDC5m9KF/5JjNVwQ7e8gMeUv/3gizgCG/4Mgng0VGG
IxGzzBoQXPWCKdT3sLQVyt4/pqPBpZYnP09bmkkY/UIa1unNB+WWpLOkKSzD5wRv
/2xmNO2D37DnHwTFYC51ZblKz7FGjOgCwG95VPc8NQ8aG5rqpQ+muq/Jil5mXgNw
IDeM4bawa01UKEzqTGQUb3gsJMGiVOhgtOrBiO9Kx/2PJolUuwZGcbo4oGSVR7KH
lLgIuC8aIQDyFURVYRCNwOw5U7JN5arkvZ4ty0/qk5UbjxQuDkF8o6ZdViO3l0Do
C+6zvncDx4HvUd6uQ+u/kZfr8qfwM5o6D2qXhS/ZHSkq2xwIzb47uUUqaeg3yOZJ
++na7gC+ibtHXXnNsHUvPbpCn9qViFhzilcQZYq0tZxDKa0E/pzEP/IA4IG24wEL
GnyuUIHXBS9T0MchTxl7BglycOPRDnFKzMQfUXY1rAErK76cs3y4VQDbfYDiOzsa
1qqMApIX4i/qKFdRvDuLxtZQbVA/rNumm40LPUQ5OvEngIESA74G+//YQbVjbMjP
y+hm7/15q5LRo9YxCS49KGlz4NG1QMWjnfkpOCNVZVpaQ7TPGOIYzBL6kTCCBZgG
CSqGSIb3DQEHAaCCBYkEggWFMIIFgTCCBX0GCyqGSIb3DQEMCgECoIIFLjCCBSow
HAYKKoZIhvcNAQwBAzAOBAiO/0ICbTbZLQICFOwEggUIFwT/JI8UjJQPfYTFonJE
o8zEbpYWXKboqw6/zZsMGmAnUPgQNQDxyuLVprs5jUc437kVB2M3F0x8DjmEppeb
tHfIoyjoXF7jdnA4EF38tsso0K1nMPmSgl02iYZtOqsOvBpfeO5Hj4Ovhi26J9Pz
TwPcgl3QQPqfWv7CwgGVn4/hntBAriPSE4gAlfAcqkxtJBm01QwDoAdsOKOMsYnt
gWajpr1J3Hm+34NPL04Usf1OpcesPUJ4CBxNyLXxjjsOzD78WVvKY+N+j89xTsyt
z5Y0fEkFqrcl8pgBQxH72jBwSCm5YwHz3BhWQgr2bpWJ1f2LWcVsnrN9tx6RhQtA
AkcyNgX/ksp5EW4JTo+o6oXLRhXIYauRrUrisMY++b8ZJTp6C1t0RW2QdqgMZghS
ZgaW6FSC6Dy2Dd/ezdkYUCgiEtq8eSxF/8WDw6Va2iGVSNt4/p/OJ97yN5yOJ0K1
g0hATebU+I3E74PQ9RK84FfJvyHDBC6fvYZW/ouMcgp3YmAF+dTm74Hq88X4daV+
/UPYf/cVpyiwcBTg6H3jrkrs0yKoWLIfrIvMNBeeKZ+fl2Enw1MFzkLI4VGD/UeR
wrbhN0SHkh5lIGtu0yRTfq6msYQpkw+jr7QwJIdQyrAoaaVaRotVyvgTOLlHw8r6
o7v36yoNov3kDPW7DfbSVTWX5lIyQn8NqMwa4N1clWT8ukfZXSaYykFSqF3w5zal
a4iIhu03GjDcfiWLMUlYVAUcvSmcIULE1oW7FKiJc8OadeIu0JBySRSEvf7B3w8l
eYUs+u/h1ptrZZKhe1JdAtlszvHJ0DD0kMqA6Ig4yomscGSol/sRUqpecIQwVZTC
RRq9dJOFJkKhKD5Eo9E0Z2snp01fpUF5qlMeBjpYgkX7jhyFyvq+qDqBAY8izvkc
ruE69WooBVyorqKHURjWtY+rhzcB4+HL72wZKzLnY3iUjJ1UANxM8mC9fpD1NJt/
7epqzPyZ2Kd4GJVYi8sQpFKf4tRHDr0tI5iUB78qj1EBp1w4qvRn/jC4ii7+Bas8
mz/AJ25QeviC44Vj+eT2YYXafDivrmoeBuVMIBbD066YnuBC2CeKydNWdiARzc3I
fhcuhVwq7riotYfyDqd4e0Jy7Y57pbwv4Qwz1yCxRjSwiFQ7/fRa2Cx8xtxKcC/A
4LGnXAKISy+uNbDWA7AYaP6RmGgMCaNiXy3F1zvxnE3bv68tXRF9vjuEChUq56N6
992qhoBuHP0J/mRItw+JoI4m/OFnEUGT3bNyxpEFyA7aXBE91aQdSXl4a97nC0/R
SFH/fRwPFYgxr3XdCIf3Cw5PDs25YNsXWCsDCVejWMFrwOzmDwa8sBkY270+rGv7
6qXvb/uGD3M2C+DySVy55Zd42wjghSezgY6taT0tqKfLOS6Vl4ELU78Q6va2o8Ml
cUdi343tOi60MZgCDUwPP8TjKZINh8u1KNhzgpwNLz1gE0dd200l3bbzdZ6uio3R
52WQWRCk17Z9lUesCJavytcAi0mMefMxBPMOdnUi6O8TPDRA0mcohbE5rybwDXAo
B/VUbwgM0/qCpZ7VcSKN1lUuoe9+Kho0NK/gyMEvntMxGNNI8arV8UkeFollPhrt
umvdwqbVCeN8TBj5vXo6Hu+eKB7AVwjBk/rRHpZxnnVGXbm8HzM+kjib2cY1dius
VRJ/1+Q9GXuo135tQbobgcMzAmqAqZp9kDE8MBUGCSqGSIb3DQEJFDEIHgYAYgBv
AGIwIwYJKoZIhvcNAQkVMRYEFEqzrDFTAkmcTeNueeAlYZU+iGIlMIIFkAYJKoZI
hvcNAQcBoIIFgQSCBX0wggV5MIIFdQYLKoZIhvcNAQwKAQKgggUmMIIFIjAcBgoq
hkiG9w0BDAEDMA4ECCNi2K1bMEiBAgIUdgSCBQDLIXo4ExcyE8+4aiZIj/Wnh/SV
VVR0n7s4PGCbXt+VrOHd9YzTuUicAqIcHH62dv7NSy+fgqZG7SmVR1IodadFe+5u
sAzXoyyhhEe2c+ToeVbr5rs+vBvQUyh6X5XTV5QVOAkwSyKGjyfdy86x1Q8cL2D2
BM+Rpkm1cFtjgWcB46U6S6w50sG7XOKSCMI4a6rnHPVgPPdXMrj3VSPJY8bhBqED
PVTnfSHf/wKZrIi54O3F33B5jt6Cm9+9m9Fed8n+81w59rRom72CY9Xii/ULER9T
HwjxOZOQ+dIml23KauwexuOGjii0UR8MeM/A0n7UNys+bZTulgdpWW/mDhJ+eLAT
nhJw5ro/AWa6YVXG+t5k9LjdJ1ZmqS4bJxvBwilpEGoh0MM6Yp0dr1XM4mT/E0JM
WD458Ngs05CuCpwAUXGdQmgrVsFrrV0HTyHeVLDhe43J3GI6HCWJVOeDQzzmaO3A
M+IooRDkTHnJMaxUXphKTag5+f/smNYEhzVjZeIc8GFZ36eSI4BNGHSXFACwLu2T
hkzpXMmg50JAUhBYxqE/fVevLUH4JPLgz869wk8gRlUBo6ihQGrnsx7ZO5IsYahE
Yjz0N05PVPJYMLSyMovG9i+LpzQ49gIBzPu2fdLR41u5n5O5mG1Y4aJ7OCJxMORY
hWHuctHdGdpJsgiq8+1iiUwmfyCfb0ZL3ePMU+W0zkAsyn22aK8jDBLLVZlvOZIV
qR3Gx4QFPSk6qCMQ0E58VkMUMxYvClzTwSeEMu66eND/AKTE+XXV/d9bmSmWGk7Y
8XrDKLKfmRdrlIeondVJv5mk12YKxBPQGeUqK5XJUa2dzH9zvfEX8iYzdt4281QC
iXJ3qwmbT+8RoOLBt4KyOs2e2ZSZnjrL9OO4oUsHIOyEfjwnWoLhKbkmun8GJxoB
2yCzTawVQf9/qIUXaSzcp23AV6Lf1k9Of79HYPW3cQJAtjf6XBVE1xVZPkfTuC3y
VLufljs2ed/ctpHg9nuId/xHFH7t4HbmU3/ZufE1GHnsRQ3kbnqA5WXerd9UzeoD
aVDjFXGrITp8env08GXYvwWGXLL150l0DuJSv1E+1yww86SNjBYUTx0r0CJjjTk2
7vIUhAYUEA+J71IeifqqPDKYXnrCdUEajbfEdek30WiLR+ChEvEp48Mla6UVTLm/
mjziwbsxm5QlGccmz13e32RiyrfseB+RyllmzeJtydP2IHkWK7pww9yOlPK0QtZs
66IGZKqeXrWBk9QFYDX42gAy/xTfglco4KO7akhp3UzTIQyTXnt+OsOScc+ArVm/
dwClm+ZxybtOcVyadjpKWydyfAr3aTkGxX6RmHrEWr1R9BnMGPYesDs+yeVNs1Qd
Dhff/bQLwCLXdGLWwLe6kitUiyi8F3bdfPjR7R61lEUvJrBm7YLmgdxRCJ02LFLG
n09iSMNe5vmiNaKiuzfb4Dp9dqEMhmJfdsTURagfJIyqULoe08EIIozahivbzoWV
A6oPAkk2D8DnTiMegX4IZ/Zb3LPxJKAeXO3Ys1YQrNSNZ3B2ZISBapzGzhFZfRVz
POmXhN53pDhlxkw0btkKblYA9CvP+kzgwekzCy/Mlq/HbO38CV1NKzay3yg4nteh
J+v9/k7gaqKmo3ZWMGk0WGBv/GFxYhmeNd14Y65D9TlypM/zrXSyGoOqZgSA6HlA
gogzwwSaGwx9n/o6czE8MBUGCSqGSIb3DQEJFDEIHgYAYgBvAGIwIwYJKoZIhvcN
AQkVMRYEFBfFhHvQp+92kDi4s28IvJK1niuUMC8wHzAHBgUrDgMCGgQUgwafFeGU
n9Q1rAOUCgw+KWxk+8EECJ1vqXe6ro0FAgIoAA==
-----END PKCS12-----
]]></sourcecode>
      </section>
    </section>
    <section anchor="sample-ed25519-ca" numbered="true" toc="default">
      <name>Example Ed25519 Certification Authority</name>
      <t>The example Ed25519 Certification Authority has the following information:</t>
      <ul spacing="normal">
        <li>Name: <tt>Sample
      <dl>
	<dt>Name:
	</dt>
	<dd><tt>Sample LAMPS Ed25519 Certification Authority</tt></li>
      </ul> Authority</tt>
	</dd>
</dl>

      <section anchor="ed25519-ca-cert" numbered="true" toc="default">
        <name>Ed25519 Certification Authority Root Certificate</name>
        <t>This certificate is used to verify certificates issued by the example Ed25519 Certification Authority.</t>
        <sourcecode type="application/x-x509-ca-cert" type="x509" name="ca.25519.crt"><![CDATA[
-----BEGIN CERTIFICATE-----
MIIBtzCCAWmgAwIBAgITH59R65FuWGNFHoyc0N3iWesrXzAFBgMrZXAwWTENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM
QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx
MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjBZMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL
EwhMQU1QUyBXRzE1MDMGA1UEAxMsU2FtcGxlIExBTVBTIEVkMjU1MTkgQ2VydGlm
aWNhdGlvbiBBdXRob3JpdHkwKjAFBgMrZXADIQCEgUZ9yI/rkX/82DihqzVIZQZ+
RKE3URyp+eN2TxJDBKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
AQYwHQYDVR0OBBYEFGuilX26FJvkLQTRB6TRguQua4y1MAUGAytlcANBAFAJrlWo
QjzwT0ph7rXe023x3GaLPMXMwQI2Of+apkdG2mH9ID6PE1bu3gRRqIH5w2tyS+xF
Jw0ouxcJyAyXEQ4=
-----END CERTIFICATE-----
]]></sourcecode>
      </section>
      <section anchor="ed25519-certification-authority-secret-key" numbered="true" toc="default">
        <name>Ed25519 Certification Authority Secret Key</name>
        <t>This secret key material is used by the example Ed25519 Certification Authority to issue new certificates.</t>
        <sourcecode type="application/x-pem-file" type="pkcs8" name="ca.25519.key"><![CDATA[
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIAt889xRDvxNT8ak53T7tzKuSn6CQDe8fIdjrCiSFRcp
-----END PRIVATE KEY-----
]]></sourcecode>
        <t>This secret key is the <xref target="SHA256" format="default"/> SHA-256 (<xref target="SHA"
        format="default"/>) digest of the ASCII string
        <tt>draft-lamps-sample-certs-keygen.ca.25519.seed</tt>.</t>
      </section>
      <section anchor="ed25519-ca-cross-cert" numbered="true" toc="default">
        <name>Ed25519 Certification Authority Cross-signed Cross-Signed Certificate</name>
        <t>If an e-mail email client only trusts the RSA Certification Authority Root Certificate found in <xref target="rsa-ca-cert" format="default"/>, they can use this intermediate CA certificate to verify any end entity end-entity certificate issued by the example Ed25519 Certification Authority.</t>
        <sourcecode type="application/x-x509-ca-cert" type="x509" name="ca.25519.cross.crt"><![CDATA[
-----BEGIN CERTIFICATE-----
MIICvzCCAaegAwIBAgITR49T5oAgYhF5+eBYQ3ZBZIMuujANBgkqhkiG9w0BAQsF
ADBVMQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQLEwhMQU1QUyBXRzExMC8GA1UEAxMo
U2FtcGxlIExBTVBTIFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yMDEy
MTUyMTM1NDRaGA8yMDUyMDkyNzA2NTQxOFowWTENMAsGA1UEChMESUVURjERMA8G
A1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBMQU1QUyBFZDI1NTE5IENl
cnRpZmljYXRpb24gQXV0aG9yaXR5MCowBQYDK2VwAyEAhIFGfciP65F//Ng4oas1
SGUGfkShN1Ecqfnjdk8SQwSjfDB6MA8GA1UdEwEB/wQFMAMBAf8wFwYDVR0gBBAw
DjAMBgpghkgBZQMCATACMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUa6KVfboU
m+QtBNEHpNGC5C5rjLUwHwYDVR0jBBgwFoAUkTCOfAcXDKfxCShlNhpnHGh29Fkw
DQYJKoZIhvcNAQELBQADggEBAGV0x0OEzgYlRKixMcztiikxxJDbmRat1pcipD15
1n8kiBoGhsT4fNZJVoL0OQBa/WTMntL+qcAk2itqZCNIeZeGklUljXBAz5tkDRAF
f/v99LEcsZTcuIbnJqz35danQkp4/upG4hPkfx+nbc1bsVylrITwIGOpnGhz7z3m
VCk03DFE3Qt4w9mlv9yuMse33nmsBGXog/XZvM2JRY0iKt0xksQqQD9uYm7MoMeH
qQs3Ot7EaoPj54xyWvy42run6TLUye64D94SNjB/q/wjL96bsVIKGrRn10T1ybCh
4F5HD00hQZgP15Dlb1rg+vskN8MSk5nuD+6z1VsugioW0+k=
-----END CERTIFICATE-----
]]></sourcecode>
      </section>
    </section>
    <section anchor="carloss-sample-certificates" numbered="true" toc="default">
      <name>Carlos's Sample Certificates</name>
      <t>Carlos has the following information:</t>
      <ul spacing="normal">
        <li>Name: <tt>Carlos Turing</tt></li>
        <li>E-mail

      <dl>
	<dt>Name:
	</dt>
	<dd><tt>Carlos Turing</tt>
	</dd>

		<dt>Email Address: <tt>carlos@smime.example</tt></li>
      </ul>
	</dt>
	<dd><tt>carlos@smime.example</tt>
	</dd>
</dl>

      <section anchor="carlos-verify-cert" numbered="true" toc="default">
        <name>Carlos's Signature Verification End-Entity Certificate</name>
        <t>This certificate is used for verification of signatures made by Carlos.</t>
        <sourcecode type="application/x-pem-file" type="x509" name="carlos.sign.crt"><![CDATA[
-----BEGIN CERTIFICATE-----
MIICBzCCAbmgAwIBAgITP14fVCTRtAFDeA9zwYoXhR52ljAFBgMrZXAwWTENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM
QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx
MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA6MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL
EwhMQU1QUyBXRzEWMBQGA1UEAxMNQ2FybG9zIFR1cmluZzAqMAUGAytlcAMhAMLO
gDIs3mHITYRNYO+RnOedrq5/HuQHXSPyAKaS98ito4GwMIGtMAwGA1UdEwEB/wQC
MAAwFwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB8GA1UdEQQYMBaBFGNhcmxvc0Bz
bWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIG
wDAdBgNVHQ4EFgQUZIXjO5wdWs3mC7oafwi+xJzMhD8wHwYDVR0jBBgwFoAUa6KV
fboUm+QtBNEHpNGC5C5rjLUwBQYDK2VwA0EAwVGQWbdy6FQIpTFsaWvG2/US2fnS
6B+BzgCrkGQKWX1WgkTj4MEOqL+0cFXLr7ZQ2DQUo2iXyTAu58BR6btcCQ==
-----END CERTIFICATE-----
]]></sourcecode>
      </section>
      <section anchor="carlos-sign-key" numbered="true" toc="default">
        <name>Carlos's Signing Private Key Material</name>
        <t>This private key material is used by Carlos to create signatures.</t>
        <sourcecode type="application/x-pem-file" type="pkcs8" name="carlos.sign.key"><![CDATA[
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEILvvxL741LfX+Ep3Iyye3Cjr4JmONIVYhZPM4M9N1IHY
-----END PRIVATE KEY-----
]]></sourcecode>
        <t>This secret key is the <xref target="SHA256" format="default"/> SHA-256 (<xref target="SHA" format="default"/>) digest of the ASCII string <tt>draft-lamps-sample-certs-keygen.carlos.sign.25519.seed</tt>.</t>
      </section>
      <section anchor="carlos-encrypt-cert" numbered="true" toc="default">
        <name>Carlos's Encryption End-Entity Certificate</name>
        <t>This certificate is used to encrypt messages to Carlos.

It contains an SMIMECapabilities extension to indicate that Carlos's MUA
expects ECDH Elliptic Curve Diffie-Hellman (ECDH) with HKDF the HMAC-based Key
Derivation Function (HKDF) using SHA-256; SHA-256, and that it uses the AES-128 key wrap, wrap algorithm,
as indicated in <xref target="RFC8418" format="default"/>.</t> format="default"/>.

</t>

<sourcecode type="application/x-pem-file" type="x509" name="carlos.encrypt.crt"><![CDATA[
-----BEGIN CERTIFICATE-----
MIICNDCCAeagAwIBAgITfz0Bv+b1OMAT79aCh3arViNvhDAFBgMrZXAwWTENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM
QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx
MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA6MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL
EwhMQU1QUyBXRzEWMBQGA1UEAxMNQ2FybG9zIFR1cmluZzAqMAUGAytlbgMhAC5o
MczTIMiddTUYTc/WymEqXw8hZm1QbIz2xX2gFDx0o4HdMIHaMCsGCSqGSIb3DQEJ
DwQeMBwwGgYLKoZIhvcNAQkQAxMwCwYJYIZIAWUDBAEFMAwGA1UdEwEB/wQCMAAw
FwYDVR0gBBAwDjAMBgpghkgBZQMCATABMB8GA1UdEQQYMBaBFGNhcmxvc0BzbWlt
ZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA4GA1UdDwEB/wQEAwIDCDAd
BgNVHQ4EFgQUgSmg+iOgSyCMDXgA3u3aFss0JbkwHwYDVR0jBBgwFoAUa6KVfboU
m+QtBNEHpNGC5C5rjLUwBQYDK2VwA0EAzss75UzFuADPfd4hQdo5jyAQ3GvkyyvI
BdBGnWtJ1eT1WuMaIMhi1rH4vPGPd9scwW+sqd9fG+pv3MShl+zKAQ==
-----END CERTIFICATE-----
]]></sourcecode>
      </section>
      <section anchor="carlos-decrypt-key" numbered="true" toc="default">
        <name>Carlos's Decryption Private Key Material</name>
        <t>This private key material is used by Carlos to decrypt messages.</t>
        <sourcecode type="application/x-pem-file" type="pkcs8" name="carlos.encrypt.key"><![CDATA[
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEIIH5782H/otrhLy9Dtvzt79ffsvpcVXgdUczTdUvSQsK
-----END PRIVATE KEY-----
]]></sourcecode>
        <t>This secret key is the <xref target="SHA256" format="default"/> SHA-256 (<xref target="SHA"
        format="default"/>) digest of the ASCII string
        <tt>draft-lamps-sample-certs-keygen.carlos.encrypt.25519.seed</tt>.</t>
      </section>
      <section anchor="pkcs12-object-for-carlos" numbered="true" toc="default">
        <name>PKCS12
        <name>PKCS #12 Object for Carlos</name>
        <t>This PKCS12 PKCS #12 (<xref target="RFC7292" format="default"/>) object contains the same information as presented in Sections <xref target="ed25519-ca-cross-cert" format="counter"/>, <xref target="carlos-verify-cert" format="default"/>, format="counter"/>, <xref target="carlos-sign-key" format="default"/>, format="counter"/>, <xref target="carlos-encrypt-cert" format="default"/>, <xref target="carlos-decrypt-key" format="default"/>, format="counter"/>, and <xref target="ed25519-ca-cross-cert" format="default"/>.</t> target="carlos-decrypt-key" format="counter"/>.

    </t>
        <t>It is locked with the simple five-letter password <tt>carlos</tt>.</t>
        <sourcecode type="application/x-pem-file" type="pkcs12" name="carlos.p12"><![CDATA[
-----BEGIN PKCS12-----
MIIKzgIBAzCCCpYGCSqGSIb3DQEHAaCCCocEggqDMIIKfzCCAvcGCSqGSIb3DQEH
BqCCAugwggLkAgEAMIIC3QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIwS3R
pT1mkyMCAhS7gIICsGKkBm0nci9VHfqxOTWy/lkKyQeF5bwsF/9gZrqUym1KtHZF
a4rSJIPUctmzqVnhGmfW9m+LEi7Em9rRmUIQbDZt4kQDG5eDk7AdhyDnB3uZDG1W
4cAeUVXJMzGfnwtzy5TzBZzEo5nnVX74Al+PDW9wdpbv2TIriL0m29fBT+7HVS9F
Z/95XokSwbb6mmCYeGiPpNEaoeUeuU4zrh/k+JJqDuqNsU66I30wH0CFmk3aarBV
3LkEeCjKFkngzMOZqiKZu8D2hEUjsGQ9ALsRn7P+hIWNFIgjvqgcCMTF8fLK1C/8
vYGD+HOpnn23nLele4b/qpFYx5kJ0bOK1Zo1SpgUQ7Bu6gectUceyOgi7CjRScuV
ew7918ZY0ugyYoIWAT0kecPM0TFtxAn19JPXo4jBYAlwUtx7GYAlDkgZCb/0dbkv
4L+PAeJK4kVDREDQ6ch/6/hlqU8xHeNzdagEWYL6FxWDiHebASxIvZzqkLd7RV9m
dL1FXst9R9G74jOs0WMMFmd9toyOhD0q6Gl9catOrolCVS/CKaC0CucsJfiKrlJ/
duQkt/JwcELveuOg60u2uaGKUqHmFhd3+6omk+wNBoY+0D5MmBZ/xnrVELGmzp94
q0f/HfZPT6sxkYBGuP2eUA/qr/zimNG3TuGVch/MdnduuVhvAYLyh1gbA8yRm+I/
zGCVuAqhsHITTx7Fqc3tyVp/mLYUO0QuwmgAw6NhzwKZf5N+tR0DZGcgw8rZpeJA
yTxVFcjzXvoShxog7RroR9Nc4FwJhWI4BO241OHFEiQZeRk8vzI8WIFXnn6t42/q
j1mV7Ba42zxPEGoY3mObKwjR6rDp6KwmmfkghpwMPU3qP2/ASV8WT1+9GIYHc5Am
9CmSOTiQMluW70Ra2k5ZMlwnbKNyMRbjUB/yHwwwggKvBgkqhkiG9w0BBwagggKg
MIICnAIBADCCApUGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECOMzXMste/8a
AgIUlICCAmgXa+q2JhTLvWsj5SKLdMninTk5uB6HhOsDKYR9GDg/cABqUFxycROG
JeJuewIRkJhsfdXJi+TSRtnQOqpyVM9oRUdxcbGuCI98fEbLmVyr7KF8GudTgC+b
eaLjn6HYkWpv7lWdvsFG8BEy6Jqi3/tP9PgNvpCYgVVM7yx6SX8QArcLSQkxbTsv
Ae0iN18H89W9xOHEz4Z2qHYyb7f0pPHrmpTGC6qmtvo1gNRsKTF0wYeQ5Sy/9U3f
oM6bIcrOvHDksaco4+5n0zeySDETY8W4mO1K0uC/t0oTOScYGBeRhVr0DQapZGT/
Ej5LpgjXOuosAoT3IKnMwK3C0OZ8oBzcvgSpeAa/V/OTKDpZb22yq6sEaHAPoUqb
cKRJmB6HC5mdLs3n0uP1vlZuYsHu7Evt0Uhns9pbklJDiCgM+4SFgKTRbd6Xt8bf
GHkWnmpv4pQL7jjzA3epP2DHyC8MJaDvleWY7Z3t/IEtkzVxflLo8kT21edz12cm
uFVK9ilMW3eJuyiRyFXFPgVsuNi/HFnijXFgxzAncP7fFP5MCsOo6daiEjJjemKf
J3D+HdD60gFih/eX9V+tGl4y7/jtxCRA/54mit4sCy3LC0++lEp9AtFwGYrDw825
uGj27a7mE26qgGdGXdzT9UJ8FfUsIoRPrG38Q4mhS10pTarNucWOGjkftZiKJLay
rfMRf3HYxOI/7iupfxYLK/4/FODijaHzAfSdQf2Bo7csPaz2HQkK/0nyO+tt68S9
pUCjEfV6Liy22tang/jXxPFbBDK/P68MnmgR8C3PcYhPJCo/K0JR2/8F8pVVEqd5
MIIDPwYJKoZIhvcNAQcGoIIDMDCCAywCAQAwggMlBgkqhkiG9w0BBwEwHAYKKoZI
hvcNAQwBAzAOBAho9g0tQyYTvwICFIGAggL43SpNCoshZX3ikmK1mOIJpS2Ah8Xv
94S/5NA8kwHtaNXpLrjYr3CyRL93USm55uvGAtECR/EblON9zeo2p0gK2JPSbDr6
/1oovo7UoZNRoRBZ8pUegVWJswNWjqvzVu5JIRmpD05XjVDKHbFqiXAqtj9/w3q0
Qq/p/M9UrLWD93hyLNdIppWr2KR2it9mASTKEHX9dqXcTOG0Kp2GmrfGNteGL02j
qVKZaZyYI8gkSxhVLS9zzgf1OynAkzYQsoo+GKhdAW1fJECemAyPc3L+eeARw/SY
q1d5QVwxKfYpIJ2wiiavdeRVNbWiwV7Ti+P9PtPx/hV22NNLwMhvnJcHaSS1PaOi
SjoxFJ1EJWGEs0QwcdwM8iN3oVuqT5HU/edMgx9TLNTiE1g2GEq59I/RwBtCL8Dh
OzKnUb4PU1Z81+HimV3KPI8g3cduhYaBR4HfqAhMnc+w5HXI6J3C1NtAE/izZ1Y2
Od7l+GTJfjPgzIy0hjqfbMt8uU9D9aPr2XjNOWoKRSojae16v8bLx+dFn6RMxFUS
g3nLEZ6EDpyrJfpGPm6mPgZKSXtvnHuFcbS+utkRuVAtqu07r2XpkGBIJLNVIRHU
5gLACbTj9TPcAce6RLoaYSDgOuFK0YZMdwzhsAI0YMpyHsUEZpQ5tjWSBY6ENbvF
7+QhmDnf6N3Bj+vxUtGS40pVsYCGbmOD7UM5QpUxIgVkpPrfRokOZs/fi9sW+Xy6
eQ2Brbn3t9C2TAsORYzFbuBwuTCqFW/rXHS6iffJpx2eAg3DCqaUAJjptSV/yzj4
vxiXlDB3fMRcpNd5Je7DoHS4axuj7SLHdpNoUHs+qQsG6yDM5BEuXWGxo/L9sGhe
XQrUnkZ4m4g01sfgTOfDNurXx/oP0ym+B50q6nLUWv0tYZpmCVil358dIEGPPSMY
AMXh05tIPFdYSJ3WLs0cxy5X4sXZl5w16Pzeb9SF5topqRUb5PDTfVr2bQUMwTbp
99FcOQf6cg8HXyT+8b4qKp9WyjCBxAYJKoZIhvcNAQcBoIG2BIGzMIGwMIGtBgsq
hkiG9w0BDAoBAqBaMFgwHAYKKoZIhvcNAQwBAzAOBAgNhfODEdzSrQICFF0EOCEq
Fie1peicS9OSXNQjLwbN3kO8lYM2HqeSZoEKJ4JSFlV1kWW3xwfu5aZKrGEYBfGM
d8renRijMUIwGwYJKoZIhvcNAQkUMQ4eDABjAGEAcgBsAG8AczAjBgkqhkiG9w0B
CRUxFgQUgSmg+iOgSyCMDXgA3u3aFss0JbkwgcQGCSqGSIb3DQEHAaCBtgSBszCB
sDCBrQYLKoZIhvcNAQwKAQKgWjBYMBwGCiqGSIb3DQEMAQMwDgQINFcqIEMfd9UC
AhS1BDgZruEsSaBY+Cm9WKR8HhH3JXh+AoMSrwkDCKytWt+MNIXB0jY2QZHDbN3u
Fn7qHw06MDthnKniazFCMBsGCSqGSIb3DQEJFDEOHgwAYwBhAHIAbABvAHMwIwYJ
KoZIhvcNAQkVMRYEFGSF4zucHVrN5gu6Gn8IvsSczIQ/MC8wHzAHBgUrDgMCGgQU
8nOYIWrnJVXEur957K5cCV3jx5cECJDjaZkfy4FnAgIoAA==
-----END PKCS12-----
]]></sourcecode>
      </section>
    </section>
    <section anchor="danas-sample-certificates" numbered="true" toc="default">
      <name>Dana's Sample Certificates</name>
      <t>Dana has the following information:</t>
      <ul spacing="normal">
        <li>Name: <tt>Dana Hopper</tt></li>
        <li>E-mail
<dl>
<dt>Name:
</dt>
<dd><tt>Dana Hopper</tt>
</dd>

<dt>Email Address: <tt>dna@smime.example</tt></li>
      </ul>
</dt>
<dd><tt>dna@smime.example</tt>
</dd>
</dl>
<section anchor="dana-verify-cert" numbered="true" toc="default">
        <name>Dana's Signature Verification End-Entity Certificate</name>
        <t>This certificate is used for verification of signatures made by Dana.</t>
        <sourcecode type="application/x-pem-file" type="x509" name="dana.sign.crt"><![CDATA[
-----BEGIN CERTIFICATE-----
MIICAzCCAbWgAwIBAgITaWZI+hVtn8pQZviAmPmBXzWfnjAFBgMrZXAwWTENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM
QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx
MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL
EwhMQU1QUyBXRzEUMBIGA1UEAxMLRGFuYSBIb3BwZXIwKjAFBgMrZXADIQCy2h3h
hkaKDY67PuCuNLnnrQiHdSWYpPlgFsOif85vrqOBrjCBqzAMBgNVHRMBAf8EAjAA
MBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEwATAdBgNVHREEFjAUgRJkYW5hQHNtaW1l
LmV4YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgbAMB0G
A1UdDgQWBBRIA4bBabh4ba7e88wGsDOsVzLdljAfBgNVHSMEGDAWgBRropV9uhSb
5C0E0Qek0YLkLmuMtTAFBgMrZXADQQDpORBZitzXGYUjxnoKVLIcWL5xner97it5
VKxEf8E7AeAp96POPEu//2jXnh4qAT40ymW0wrqxU1NT8WW/dSgC
-----END CERTIFICATE-----
]]></sourcecode>
      </section>
      <section anchor="dana-sign-key" numbered="true" toc="default">
        <name>Dana's Signing Private Key Material</name>
        <t>This private key material is used by Dana to create signatures.</t>
        <sourcecode type="application/x-pem-file" type="pkcs8" name="dana.sign.key"><![CDATA[
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEINZ8GPfmQh2AMp+uNIsZMbzvyTOltwvEt13usjnUaW4N
-----END PRIVATE KEY-----
]]></sourcecode>
        <t>This secret key is the <xref target="SHA256" format="default"/> SHA-256 (<xref target="SHA"
        format="default"/>) digest of the ASCII string
        <tt>draft-lamps-sample-certs-keygen.dana.sign.25519.seed</tt>.</t>
      </section>
      <section anchor="dana-encrypt-cert" numbered="true" toc="default">
        <name>Dana's Encryption End-Entity Certificate</name>
        <t>This certificate is used to encrypt messages to Dana.  It contains
        an SMIMECapabilities extension to indicate that Dana's MUA expects
        ECDH with HKDF using SHA-256; SHA-256, and that it uses the AES-128 key wrap, wrap algorithm, as
        indicated in <xref target="RFC8418" format="default"/>.</t>
        <sourcecode type="application/x-pem-file" type="x509" name="dana.encrypt.crt"><![CDATA[
-----BEGIN CERTIFICATE-----
MIICMDCCAeKgAwIBAgITDksKNqnvupyaO2gkjlIdwN7zpzAFBgMrZXAwWTENMAsG
A1UEChMESUVURjERMA8GA1UECxMITEFNUFMgV0cxNTAzBgNVBAMTLFNhbXBsZSBM
QU1QUyBFZDI1NTE5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTIwMTIxNTIx
MzU0NFoYDzIwNTIxMjE1MjEzNTQ0WjA4MQ0wCwYDVQQKEwRJRVRGMREwDwYDVQQL
EwhMQU1QUyBXRzEUMBIGA1UEAxMLRGFuYSBIb3BwZXIwKjAFBgMrZW4DIQDgMaI2
AWkU9LG8CvaRHgDSEY9d72Y8ENZeMwibPugkVKOB2zCB2DArBgkqhkiG9w0BCQ8E
HjAcMBoGCyqGSIb3DQEJEAMTMAsGCWCGSAFlAwQBBTAMBgNVHRMBAf8EAjAAMBcG
A1UdIAQQMA4wDAYKYIZIAWUDAgEwATAdBgNVHREEFjAUgRJkYW5hQHNtaW1lLmV4
YW1wbGUwEwYDVR0lBAwwCgYIKwYBBQUHAwQwDgYDVR0PAQH/BAQDAgMIMB0GA1Ud
DgQWBBSd303UBe+a7GCGvCdtBOnOWtyPpDAfBgNVHSMEGDAWgBRropV9uhSb5C0E
0Qek0YLkLmuMtTAFBgMrZXADQQD6f7DCCxXzpnY3BwmrIuf/SNQSf//Otri7USkd
9GF+VthGS+9KJ4HTBCh0ZGuHIU9EgnfgdSL1UR3WUkL7tv8A
-----END CERTIFICATE-----
]]></sourcecode>
      </section>
      <section anchor="dana-decrypt-key" numbered="true" toc="default">
        <name>Dana's Decryption Private Key Material</name>
        <t>This private key material is used by Dana to decrypt messages.</t>
        <sourcecode type="application/x-pem-file" type="pkcs8" name="dana.encrypt.key"><![CDATA[
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEIGxZt8L7lY48OEq4gs/smQ4weDhRNMlYHG21StivPfz3
-----END PRIVATE KEY-----
]]></sourcecode>
        <t>This seed is the <xref target="SHA256" format="default"/> SHA-256 (<xref target="SHA" format="default"/>) digest of the ASCII string <tt>draft-lamps-sample-certs-keygen.dana.encrypt.25519.seed</tt>.</t>
      </section>
      <section anchor="pkcs12-object-for-dana" numbered="true" toc="default">
        <name>PKCS12
        <name>PKCS #12 Object for Dana</name>
        <t>This PKCS12 PKCS #12 (<xref target="RFC7292" format="default"/>) object contains the same information as presented in Sections <xref target="ed25519-ca-cross-cert" format="counter"/>, <xref target="dana-verify-cert" format="default"/>, format="counter"/>, <xref target="dana-sign-key" format="default"/>, format="counter"/>, <xref target="dana-encrypt-cert" format="default"/>, <xref target="dana-decrypt-key" format="default"/>, format="counter"/>, and <xref target="ed25519-ca-cross-cert" format="default"/>.</t> target="dana-decrypt-key" format="counter"/>.

    </t>
        <t>It is locked with the simple four-letter password <tt>dana</tt>.</t>
        <sourcecode type="application/x-pem-file" type="pkcs12" name="dana.p12"><![CDATA[
-----BEGIN PKCS12-----
MIIKtgIBAzCCCn4GCSqGSIb3DQEHAaCCCm8EggprMIIKZzCCAu8GCSqGSIb3DQEH
BqCCAuAwggLcAgEAMIIC1QYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQMwDgQIZNqH
TA2APx0CAhQXgIICqK+HFHF6dF5qwlWM6MRCXw11VKrcYBff65iLABPyGvWENnVM
TTPpDLqbGm6Yd2eLntPZvJoVe5Sf2+DW4q3BZ9aKuEdneBBk8mDJ6/Lq1+wFxY5k
WaBHTA6LNml/NkM3za/fr4abKFQnu6DZgZDGbZh2BsgCMmO9TeHgZyepsh3WP4ZO
aYDvSD0LiEzerDPlOBgjYahcNLjv/Dn/dFxtOO3or010TTUoQCqeHJOoq3hJtSI+
8n0iXk6gtf1/ROj6JRt/3Aqz/mLMIhuxIg/5K1wxY9AwFT4oyflapNJozGg9qwGi
PWVtEy3QDNvAs3bDfiNQqAfJOEHv2z3Ran7sYuz3vE0FnPfA81oWbazlydjB0P/B
OQ+s6VLbsAosnZq9jv2ZVrCDaDAl/g7oD7fY8qmaC6O2q5/Z3KusfMt+r9En2v81
H2vjgrpxnDIXjYuLZdrnNE/slRtqadOGR/WQ358RG+yUmRUbHYHGnkjn9fOGLasI
ZUV0aowivcWyF/kR7QV3VVexgqJMX6k1vzSXRoJ/tnA+1/WPWy1mCJeljGOgYqSV
txtVB61Qmc2XP48F7wyaQZvdAU9zfe11/tHAaKKJWBpE1lIuAEkGtIP6ozYJBFjH
I11tBA8fijTnug+S4OvSgjtsRV/+kSEiW4F+pwE8RuTYfUu7q+Ew0LYdLgkH5OyE
sn0b62UFpR/E1D9exWzohrFbIdUCbjtssXucruAqPNhW/abT0zicWu5nvf+Pniow
2VxvhwoGt5jZ+lkaR5Z+1/GpbMgq47EUyGCgKv+5GAcJxUxINZqLbACJ/MhLfYPB
eJrXz8f5Cigm1wZLisYCqnuc8cGCXjNqNkUlqtzodM8xv4gcgT/zILxmJTZP2q4n
YA4yBQx5/n2G2dZC+pf3kAfbXcp0MIICpwYJKoZIhvcNAQcGoIICmDCCApQCAQAw
ggKNBgkqhkiG9w0BBwEwHAYKKoZIhvcNAQwBAzAOBAjxuoiaSZDbnwICFH+AggJg
k2hcNYtO0+15uLqXdiNhr5Q0JkYcrHdo0wR6G5AgLmwI+TYi+P8EZUjDIJ4TJ3b4
6xv7+3pT8cbEFf6PXcfS8/sCfM7FaV3SpLACLZbBJV52OKE0CAgALZOLuIz5mGVU
tWI2h1x587KeIv5GRPIxumDebT3Gmkkp9Qoi55hjTgn68olSgDaJF8o5wnfODhkS
o110a3x9OwkJSN1AXfmBfj33KnT8Dc4bTfAZy1S5o1zCtaEqnct2Urb4PeO3LfHB
ErBsvY8HE4D7qh6P5ftXHQHAx/b3hbU8jQP1tR0N9Oh0SiLi//ebCeGXWQRdVjL5
+VQrhlQF5d4Kz9Zx79oC36g7C2BxCQomur/F9TT12NPzPpaEGGo6ljB6myAHnYw9
rCxbSxBvbtEtlgJnxxb1Y5Q4ukgyjzK6431Bwq2+iNL0vGc9o2c5ELUPU9zGeLBZ
tXWvdX27aOHjusPfDZl70C5zHiYs1FU6Tkn9Aotc424Q3d2IRTTcYnnjs1VSi1Sr
4bRyB8zBAQmdQrniBW++7eJm3m/EOU0Yy0noUT169m8KNJrmSspMvKS6pyiYHR4I
BvAIkRIjvdtQvJdQJ+Uyr+HH5daE6golW1917b2bXj/41mvXYkJY6W8x0km1RYhH
QJZphWlvNcrHKo46Unk48Qc/5J5tI+6UDTXFr//V34vcpQ2ktp0MAKl1rBH549ef
CsGQTGoq8XHPhksehEEMRmOJDeKTVkKx8xNhbwb395yFCIxfF2NHeDLXP+JyW+nH
Iy2fnBDlyTiPF7YXyGiPjPAgK8LS8GUE+Zq2rWqrGNkwggM/BgkqhkiG9w0BBwag
ggMwMIIDLAIBADCCAyUGCSqGSIb3DQEHATAcBgoqhkiG9w0BDAEDMA4ECOfJ/s3Y
f5bgAgIUnYCCAvi4NaYP4lpAtuXtE02Zqgl9aLFwsj9B/rikBo6O1ZR/lsryJ4PJ
VGYy6NyBPjG67glJVMYiI3Hge+j66FXKXD/AaiMVD21ZmfrH935Sl4ZUKS9tpTJL
QDw3ejpDEDqJUFJZJ/ybgpRAKoNjhcE3B7F7+WMI8Pr70M1Fbw7ytUCAjOf18sIW
prUA8f8O9dLiGgiWyjE5HMzSXEib5IMRpq5x4Q28pBrT8rVYgoQSSyVkfHtU7LDi
Bm68RfBgEl7jIqLdrt2kKxHC3/lC4xXQgFNXeQO56aRp8Yu4VpoRwraVLUO3tJk+
pf1zFfmUei/JtiFlC6uf0PvC2B5h6kAZocE1lLxGIDFH7fTd6dzP7qTDbUQ+uEk3
qsgktT2pcoVnxTanvQmTCEZM9ZKCX5/z7Gkm+z83lGLDDU9oNyRSrxHrRBIvgH4w
3aGH1v6kfYOWwwwaghQOQIZFyzGVRKXsP7AslL+n4ti831TxqSUZX2qy9LpI4Tjp
5A/NLMKo3uqmHFlTLnnYUqoppe88FNY8T/LXnHp0KTkuXFmdKJtp1/ydqh18jBk7
nfLcQFdf1R/5okysblRtaMujlhelymT7MoM8u5C8ceIO7uWX8NI5B/IB+Yn2BvzZ
9LXoSia/wHjTu7UK610o7WOq9qTYe1i1x+HsmJaOC6hpaQh6b33VWDrHJbl7c/4Z
tvQ9qAzqkqIhFWMRXNK+32jFVAgXrD8U1QHW2ip5s7W/Xtm1AegrhG1nSQgJezYl
OnE/t2PDWuPeW94kR0uv1fNsh6plLyZYf/BaqhoGCHsa/ipD86viVSZDgJ8ASVLF
eLUK3HYFMhJ+MLEzZJffYZAOnbYoyNPNc0vc7dpbk+ZMnlb5bDFcMCpm7+fWOjsC
nsNNL9nqQlNHHCJRKGuxO5rujftbPM7R3GLT9d/u5e9YY5cX0RiDLxomFfflj2Yh
uRoyX+8WzESt98I/KmAraWKXnxOP1FEWajtNCrnGCezDKO3xEHTQhECpg+z7O4mj
MjN6MIHABgkqhkiG9w0BBwGggbIEga8wgawwgakGCyqGSIb3DQEMCgECoFowWDAc
BgoqhkiG9w0BDAEDMA4ECL2Bz1vW+YZkAgIUugQ4YOyEjke53NDvCFR0ciUHZ7re
f9/wPx5TgV3qzGhfR4bP2rdpiOt9hAHVK5cmUAR7+wjAJiYdLUQxPjAXBgkqhkiG
9w0BCRQxCh4IAGQAYQBuAGEwIwYJKoZIhvcNAQkVMRYEFJ3fTdQF75rsYIa8J20E
6c5a3I+kMIHABgkqhkiG9w0BBwGggbIEga8wgawwgakGCyqGSIb3DQEMCgECoFow
WDAcBgoqhkiG9w0BDAEDMA4ECFw78Uk8K64uAgIU+gQ4id0jRb3JyEM5fdpaeQR+
YEeMn+Y5KavplVD5HtgQQY9hhppbQqG4af7KY+MT6xus6oNEQeJAE5wxPjAXBgkq
hkiG9w0BCRQxCh4IAGQAYQBuAGEwIwYJKoZIhvcNAQkVMRYEFEgDhsFpuHhtrt7z
zAawM6xXMt2WMC8wHzAHBgUrDgMCGgQUzSoHpcIerV21CvCOjAe5ZVhs2M8ECC5D
kkzl2MltAgIoAA==
-----END PKCS12-----
]]></sourcecode>
      </section>
    </section>
    <section anchor="security-considerations" numbered="true" toc="default">
      <name>Security Considerations</name>
      <t>The keys presented in this document should be considered compromised and insecure, because the secret key material is published and therefore not secret.</t>
      <t>Any application which that maintains a denylist deny list of invalid key material should include these keys in its list.</t>
    </section>
    <section anchor="iana-considerations" numbered="true" toc="default">
      <name>IANA Considerations</name>
      <t>IANA has nothing to do for this document.</t>
    </section>
    <section anchor="document-considerations" numbered="true" toc="default">
      <name>Document Considerations</name>
      <t>[ RFC Editor: please remove this section before publication ]</t>
      <t>This document is currently edited as markdown.  Minor editorial
changes can be suggested via merge requests at
https://gitlab.com/dkg/lamps-samples or by e-mail to the
author.  Please direct all significant commentary to the public IETF
LAMPS mailing list: <tt>spasm@ietf.org</tt></t>
      <section anchor="document-history" numbered="true" toc="default">
        <name>Document History</name>
        <section anchor="substantive-changes-from-draft-ietf-07-to-draft-ietf-08" numbered="true" toc="default">
          <name>Substantive Changes from draft-ietf-*-07 to draft-ietf-*-08</name>
          <ul spacing="normal">
            <li>Apply editorial cleanup suggested during review</li>
          </ul>
        </section>
        <section anchor="substantive-changes-from-draft-ietf-06-to-draft-ietf-07" numbered="true" toc="default">
          <name>Substantive Changes from draft-ietf-*-06 to draft-ietf-*-07</name>
          <ul spacing="normal">
            <li>Correct document history</li>
            <li>Restore PKCS12 for dana and bob from -05</li>
          </ul>
        </section>
        <section anchor="substantive-changes-from-draft-ietf-05-to-draft-ietf-06" numbered="true" toc="default">
          <name>Substantive Changes from draft-ietf-*-05 to draft-ietf-*-06</name>
          <ul spacing="normal">
            <li>Added outbound references for acronyms PEM, CRL, and OCSP, thanks Stewart Brant.</li>
            <li>Accidentally modified PKCS12 for dana and bob</li>
          </ul>
        </section>
        <section anchor="substantive-changes-from-draft-ietf-04-to-draft-ietf-05" numbered="true" toc="default">
          <name>Substantive Changes from draft-ietf-*-04 to draft-ietf-*-05</name>
          <ul spacing="normal">
            <li>Switch from SHA512 to SHA1 as MAC checksum in PKCS#12 objects, for interop with Keychain Access on macOS.</li>
          </ul>
        </section>
        <section anchor="substantive-changes-from-draft-ietf-03-to-draft-ietf-04" numbered="true" toc="default">
          <name>Substantive Changes from draft-ietf-*-03 to draft-ietf-*-04</name>
          <ul spacing="normal">
            <li>Order subject/issuer DN components by scope.</li>
            <li>Put cross-signed intermediate CA certificates into PKCS#12 instead of self-signed root CA certificates.</li>
          </ul> has no IANA actions.</t>
    </section>
        <section anchor="substantive-changes-from-draft-ietf-02-to-draft-ietf-03" numbered="true" toc="default">
          <name>Substantive Changes from draft-ietf-*-02 to draft-ietf-*-03</name>
          <ul spacing="normal">
            <li>Correct encoding

  </middle>
  <back>

<displayreference target="I-D.bre-openpgp-samples" to="OPENPGP-SAMPLES"/>

    <references>
      <name>References</name>
      <references>
        <name>Normative References</name>

<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5280.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5958.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7292.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7468.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8032.xml"/>

<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8479.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8551.xml"/>

      </references>
      <references>
        <name>Informative References</name>

        <reference anchor="FIPS186-4" target="https://doi.org/10.6028/NIST.FIPS.186-4">
          <front>
            <title>Digital Signature Standard (DSS)</title>
            <author>
              <organization>National Institute of S/MIME Capabilities extension.</li>
            <li>Change "Certificate Authority" to "Certification Authority".</li>
            <li>Add CertificatePolicies to all intermediate and end-entity certificates.</li>
            <li>Add organization and organizational unit to all certificates.</li>
          </ul>
        </section>
        <section anchor="substantive-changes-from-draft-ietf-01-to-draft-ietf-02" numbered="true" toc="default">
          <name>Substantive Changes from draft-ietf-*-01 to draft-ietf-*-02</name>
          <ul spacing="normal">
            <li>Added cross-signed certificates for both CAs</li>
            <li>Added S/MIME Capabilities extension for Carlos Standards and Dana's encryption keys, indicating preferred ECDH parameters.</li>
            <li>Ensure no serial numbers are negative.</li>
            <li>Encode keyUsage extensions in minimum-length BIT STRINGs.</li>
          </ul>
        </section>
        <section anchor="substantive-changes-from-draft-ietf-00-to-draft-ietf-01" numbered="true" toc="default">
          <name>Substantive Changes from draft-ietf-*-00 to draft-ietf-*-01</name>
          <ul spacing="normal">
            <li>Added Curve25519 sample certificates (new CA, Carlos, Technology (NIST)
	      </organization>
            </author>
            <date month="July" year="2013"/>
          </front>
	  <seriesInfo name="FIPS PUB" value="186-4"/>
	  <seriesInfo name="DOI" value="10.6028/NIST.FIPS.186-4"/>
        </reference>

<xi:include href="https://datatracker.ietf.org/doc/bibxml3/reference.I-D.bre-openpgp-samples.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4134.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.5322.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.7469.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8410.xml"/>
<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8418.xml"/>

        <reference anchor="SHA" target="https://doi.org/10.6028/NIST.FIPS.180-4">
          <front>
            <title>Secure Hash Standard (SHS)</title>
            <author>
              <organization>National Institute of Standards and Dana)</li>
          </ul>
        </section>
        <section anchor="substantive-changes-from-draft-dkg-05-to-draft-ietf-00" numbered="true" toc="default">
          <name>Substantive Changes from draft-dkg-*-05 to draft-ietf-*-00</name>
          <ul spacing="normal">
            <li>WG adoption (dkg moves from Author to Editor)</li>
          </ul>
        </section>
        <section anchor="substantive-changes-from-draft-dkg-04-to-draft-dkg-05" numbered="true" toc="default">
          <name>Substantive Changes from draft-dkg-*-04 to draft-dkg-*-05</name>
          <ul spacing="normal">
            <li>PEM blobs are now <tt>sourcecode</tt>, not <tt>artwork</tt></li>
          </ul>
        </section>
        <section anchor="substantive-changes-from-draft-dkg-03-to-draft-dkg-04" numbered="true" toc="default">
          <name>Substantive Changes from draft-dkg-*-03 to draft-dkg-*-04</name>
          <ul spacing="normal">
            <li>Describe deterministic key generation</li>
            <li>label PEM blobs with filenames in XML</li>
          </ul>
        </section>
        <section anchor="substantive-changes-from-draft-dkg-02-to-draft-dkg-03" numbered="true" toc="default">
          <name>Substantive Changes from draft-dkg-*-02 Technology (NIST)</organization>
            </author>
            <date month="August" year="2015"/>
          </front>
	  <seriesInfo name="FIPS PUB" value="180-4"/>
	  <seriesInfo name="DOI" value="10.6028/NIST.FIPS.180-4"/>
        </reference>

        <reference anchor="TEST-POLICY" target="https://csrc.nist.gov/CSRC/media/Projects/Computer-Security-Objects-Register/documents/test_policy.pdf">
          <front>
            <title>Test Certificate Policy to draft-dkg-*-03</name>
          <ul spacing="normal">
            <li>Alice and Bob now each have two distinct certificates: one for
signing, one for encryption, Support PKI Pilots and public keys to match.</li>
          </ul>
        </section>
        <section anchor="substantive-changes-from-draft-dkg-01-to-draft-dkg-02" numbered="true" toc="default">
          <name>Substantive Changes from draft-dkg-*-01 to draft-dkg-*-02</name>
          <ul spacing="normal">
            <li>PKCS#12 objects are deliberately locked with simple passphrases</li>
          </ul>
        </section>
        <section anchor="substantive-changes-from-draft-dkg-00-to-draft-dkg-01" numbered="true" toc="default">
          <name>Substantive Changes from draft-dkg-*-00 to draft-dkg-*-01</name>
          <ul spacing="normal">
            <li>changed all three keys to use RSA instead of RSA-PSS</li>
            <li>set keyEncipherment keyUsage flag instead Testing</title>
            <author>
              <organization>National Institute of dataEncipherment in EE certs</li>
          </ul>
        </section>
      </section>
    </section> Standards and Technology (NIST)</organization>
            </author>
            <date year="2012" month="May"/>
          </front>
         <refcontent>Computer Security Resource Center</refcontent>
        </reference>
      </references>
    </references>

    <section anchor="acknowledgements" numbered="true" numbered="false" toc="default">
      <name>Acknowledgements</name>

      <t>This draft document was inspired by similar work in the OpenPGP space by Bjarni Runar <contact fullname="Bjarni Rúnar Einarsson"/> and juga at <contact fullname="juga"/>; see <xref target="I-D.bre-openpgp-samples" format="default"/>.</t>
      <t>Eric Rescorla
      <t><contact fullname="Eric Rescorla"/> helped spot issues with certificate formats.</t>
      <t>Sean Turner
      <t><contact fullname="Sean Turner"/> pointed to <xref target="RFC4134" format="default"/> as prior work.</t>
      <t>Deb Cooley
      <t><contact fullname="Deb Cooley"/> suggested that Alice and Bob should have separate certificates for signing and encryption.</t>
      <t>Wolfgang Hommel
      <t><contact fullname="Wolfgang Hommel"/> helped to build reproducible encrypted PKCS#12 PKCS #12 objects.</t>
      <t>Carsten Bormann
      <t><contact fullname="Carsten Bormann"/> got the XML <tt>sourcecode</tt> markup working for this draft.</t>
      <t>David document.</t>
      <t><contact fullname="David A. Cooper Cooper"/> identified problems with the certificates and suggested corrections.</t>
      <t>Lijun Liao
      <t><contact fullname="Lijun Liao"/> helped get the terminology right.</t>
      <t>Stewart Brant and Roman Danyliw
      <t><contact fullname="Stewart Bryant"/> and <contact fullname="Roman Danyliw"/> provided editorial suggestions.</t>
    </section>
  </middle>
  <back>
    <references>
      <name>References</name>
      <references>
        <name>Normative References</name>
        <reference anchor="RFC2119" target="https://www.rfc-editor.org/info/rfc2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner">
              <organization/>
            </author>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification.  These words are often capitalized. This document defines these words as they should be interpreted in IETF documents.  This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC5280" target="https://www.rfc-editor.org/info/rfc5280">
          <front>
            <title>Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</title>
            <author fullname="D. Cooper" initials="D." surname="Cooper">
              <organization/>
            </author>
            <author fullname="S. Santesson" initials="S." surname="Santesson">
              <organization/>
            </author>
            <author fullname="S. Farrell" initials="S." surname="Farrell">
              <organization/>
            </author>
            <author fullname="S. Boeyen" initials="S." surname="Boeyen">
              <organization/>
            </author>
            <author fullname="R. Housley" initials="R." surname="Housley">
              <organization/>
            </author>
            <author fullname="W. Polk" initials="W." surname="Polk">
              <organization/>
            </author>
            <date month="May" year="2008"/>
            <abstract>
              <t>This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet.  An overview of this approach and model is provided as an introduction.  The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms.  Standard certificate extensions are described and two Internet-specific extensions are defined.  A set of required certificate extensions is specified.  The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions.  An algorithm for X.509 certification path validation is described.  An ASN.1 module and examples are provided in the appendices.  [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5280"/>
          <seriesInfo name="DOI" value="10.17487/RFC5280"/>
        </reference>
        <reference anchor="RFC5958" target="https://www.rfc-editor.org/info/rfc5958">
          <front>
            <title>Asymmetric Key Packages</title>
            <author fullname="S. Turner" initials="S." surname="Turner">
              <organization/>
            </author>
            <date month="August" year="2010"/>
            <abstract>
              <t>This document defines the syntax for private-key information and a content type for it.  Private-key information includes a private key for a specified public-key algorithm and a set of attributes.  The Cryptographic Message Syntax (CMS), as defined in RFC 5652, can be used to digitally sign, digest, authenticate, or encrypt the asymmetric key format content type.  This document obsoletes RFC 5208.  [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5958"/>
          <seriesInfo name="DOI" value="10.17487/RFC5958"/>
        </reference>
        <reference anchor="RFC7292" target="https://www.rfc-editor.org/info/rfc7292">
          <front>
            <title>PKCS #12: Personal Information Exchange Syntax v1.1</title>
            <author fullname="K. Moriarty" initials="K." role="editor" surname="Moriarty">
              <organization/>
            </author>
            <author fullname="M. Nystrom" initials="M." surname="Nystrom">
              <organization/>
            </author>
            <author fullname="S. Parkinson" initials="S." surname="Parkinson">
              <organization/>
            </author>
            <author fullname="A. Rusch" initials="A." surname="Rusch">
              <organization/>
            </author>
            <author fullname="M. Scott" initials="M." surname="Scott">
              <organization/>
            </author>
            <date month="July" year="2014"/>
            <abstract>
              <t>PKCS #12 v1.1 describes a transfer syntax for personal identity information, including private keys, certificates, miscellaneous secrets, and extensions.  Machines, applications, browsers, Internet kiosks, and so on, that support this standard will allow a user to import, export, and exercise a single set of personal identity information.  This standard supports direct transfer of personal information under several privacy and integrity modes.</t>
              <t>This document represents a republication of PKCS #12 v1.1 from RSA Laboratories' Public Key Cryptography Standard (PKCS) series.  By publishing this RFC, change control is transferred to the IETF.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7292"/>
          <seriesInfo name="DOI" value="10.17487/RFC7292"/>
        </reference>
        <reference anchor="RFC7468" target="https://www.rfc-editor.org/info/rfc7468">
          <front>
            <title>Textual Encodings of PKIX, PKCS, and CMS Structures</title>
            <author fullname="S. Josefsson" initials="S." surname="Josefsson">
              <organization/>
            </author>
            <author fullname="S. Leonard" initials="S." surname="Leonard">
              <organization/>
            </author>
            <date month="April" year="2015"/>
            <abstract>
              <t>This document describes and discusses the textual encodings of the Public-Key Infrastructure X.509 (PKIX), Public-Key Cryptography Standards (PKCS), and Cryptographic Message Syntax (CMS).  The textual encodings are well-known, are implemented by several applications and libraries, and are widely deployed.  This document articulates the de facto rules by which existing implementations operate and defines them so that future implementations can interoperate.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7468"/>
          <seriesInfo name="DOI" value="10.17487/RFC7468"/>
        </reference>
        <reference anchor="RFC8032" target="https://www.rfc-editor.org/info/rfc8032">
          <front>
            <title>Edwards-Curve Digital Signature Algorithm (EdDSA)</title>
            <author fullname="S. Josefsson" initials="S." surname="Josefsson">
              <organization/>
            </author>
            <author fullname="I. Liusvaara" initials="I." surname="Liusvaara">
              <organization/>
            </author>
            <date month="January" year="2017"/>
            <abstract>
              <t>This document describes elliptic curve signature scheme Edwards-curve Digital Signature Algorithm (EdDSA).  The algorithm is instantiated with recommended parameters for the edwards25519 and edwards448 curves.  An example implementation and test vectors are provided.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8032"/>
          <seriesInfo name="DOI" value="10.17487/RFC8032"/>
        </reference>
        <reference anchor="RFC8174" target="https://www.rfc-editor.org/info/rfc8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba">
              <organization/>
            </author>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol  specifications.  This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the  defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
        <reference anchor="RFC8479" target="https://www.rfc-editor.org/info/rfc8479">
          <front>
            <title>Storing Validation Parameters in PKCS#8</title>
            <author fullname="N. Mavrogiannopoulos" initials="N." surname="Mavrogiannopoulos">
              <organization/>
            </author>
            <date month="September" year="2018"/>
            <abstract>
              <t>This memo describes a method of storing parameters needed for private-key validation in the Private-Key Information Syntax Specification as defined in PKCS#8 format (RFC 5208).  It is equally applicable to the alternative implementation of the Private-Key Information Syntax Specification as defined in RFC 5958.</t>
              <t>The approach described in this document encodes the parameters under a private enterprise extension and does not form part of a formal standard.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8479"/>
          <seriesInfo name="DOI" value="10.17487/RFC8479"/>
        </reference>
        <reference anchor="RFC8551" target="https://www.rfc-editor.org/info/rfc8551">
          <front>
            <title>Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification</title>
            <author fullname="J. Schaad" initials="J." surname="Schaad">
              <organization/>
            </author>
            <author fullname="B. Ramsdell" initials="B." surname="Ramsdell">
              <organization/>
            </author>
            <author fullname="S. Turner" initials="S." surname="Turner">
              <organization/>
            </author>
            <date month="April" year="2019"/>
            <abstract>
              <t>This document defines Secure/Multipurpose Internet Mail Extensions (S/MIME) version 4.0.  S/MIME provides a consistent way to send and receive secure MIME data.  Digital signatures provide authentication, message integrity, and non-repudiation with proof of origin. Encryption provides data confidentiality.  Compression can be used to reduce data size.  This document obsoletes RFC 5751.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8551"/>
          <seriesInfo name="DOI" value="10.17487/RFC8551"/>
        </reference>
      </references>
      <references>
        <name>Informative References</name>
        <reference anchor="FIPS186-4">
          <front>
            <title>Digital Signature Standard (DSS)</title>
            <author>
              <organization/>
            </author>
            <date month="July" year="2013"/>
          </front>
          <seriesInfo name="National Institute of Standards and Technology" value="report"/>
          <seriesInfo name="DOI" value="10.6028/nist.fips.186-4"/>
        </reference>
        <reference anchor="I-D.bre-openpgp-samples" target="https://www.ietf.org/archive/id/draft-bre-openpgp-samples-01.txt">
          <front>
            <title>OpenPGP Example Keys and Certificates</title>
            <author fullname="Bjarni Rúnar Einarsson">
              <organization>Mailpile ehf</organization>
            </author>
            <author fullname="juga">
              <organization>Independent</organization>
            </author>
            <author fullname="Daniel Kahn Gillmor">
              <organization>American Civil Liberties Union</organization>
            </author>
            <date day="20" month="December" year="2019"/>
            <abstract>
              <t>   The OpenPGP development community benefits from sharing samples of
   signed or encrypted data.  This document facilitates such
   collaboration by defining a small set of OpenPGP certificates and
   keys for use when generating such samples.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-bre-openpgp-samples-01"/>
        </reference>
        <reference anchor="RFC4134" target="https://www.rfc-editor.org/info/rfc4134">
          <front>
            <title>Examples of S/MIME Messages</title>
            <author fullname="P. Hoffman" initials="P." role="editor" surname="Hoffman">
              <organization/>
            </author>
            <date month="July" year="2005"/>
            <abstract>
              <t>This document gives examples of message bodies formatted using S/MIME. Specifically, it has examples of Cryptographic Message Syntax (CMS) objects and S/MIME messages (including the MIME formatting).  It includes examples of many common CMS formats.  The purpose of this document is to help increase interoperability for S/MIME and other protocols that rely on CMS.  This memo provides information for the Internet community.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="4134"/>
          <seriesInfo name="DOI" value="10.17487/RFC4134"/>
        </reference>
        <reference anchor="RFC5322" target="https://www.rfc-editor.org/info/rfc5322">
          <front>
            <title>Internet Message Format</title>
            <author fullname="P. Resnick" initials="P." role="editor" surname="Resnick">
              <organization/>
            </author>
            <date month="October" year="2008"/>
            <abstract>
              <t>This document specifies the Internet Message Format (IMF), a syntax for text messages that are sent between computer users, within the framework of "electronic mail" messages.  This specification is a revision of Request For Comments (RFC) 2822, which itself superseded Request For Comments (RFC) 822, "Standard for the Format of ARPA Internet Text Messages", updating it to reflect current practice and incorporating incremental changes that were specified in other RFCs.  [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="5322"/>
          <seriesInfo name="DOI" value="10.17487/RFC5322"/>
        </reference>
        <reference anchor="RFC7469" target="https://www.rfc-editor.org/info/rfc7469">
          <front>
            <title>Public Key Pinning Extension for HTTP</title>
            <author fullname="C. Evans" initials="C." surname="Evans">
              <organization/>
            </author>
            <author fullname="C. Palmer" initials="C." surname="Palmer">
              <organization/>
            </author>
            <author fullname="R. Sleevi" initials="R." surname="Sleevi">
              <organization/>
            </author>
            <date month="April" year="2015"/>
            <abstract>
              <t>This document defines a new HTTP header that allows web host operators to instruct user agents to remember ("pin") the hosts' cryptographic identities over a period of time.  During that time, user agents (UAs) will require that the host presents a certificate chain including at least one Subject Public Key Info structure whose fingerprint matches one of the pinned fingerprints for that host.  By effectively reducing the number of trusted authorities who can authenticate the domain during the lifetime of the pin, pinning may reduce the incidence of man-in-the-middle attacks due to compromised Certification Authorities.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7469"/>
          <seriesInfo name="DOI" value="10.17487/RFC7469"/>
        </reference>
        <reference anchor="RFC8410" target="https://www.rfc-editor.org/info/rfc8410">
          <front>
            <title>Algorithm Identifiers for Ed25519, Ed448, X25519, and X448 for Use in the Internet X.509 Public Key Infrastructure</title>
            <author fullname="S. Josefsson" initials="S." surname="Josefsson">
              <organization/>
            </author>
            <author fullname="J. Schaad" initials="J." surname="Schaad">
              <organization/>
            </author>
            <date month="August" year="2018"/>
            <abstract>
              <t>This document specifies algorithm identifiers and ASN.1 encoding formats for elliptic curve constructs using the curve25519 and curve448 curves.  The signature algorithms covered are Ed25519 and Ed448.  The key agreement algorithms covered are X25519 and X448. The encoding for public key, private key, and Edwards-curve Digital Signature Algorithm (EdDSA) structures is provided.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8410"/>
          <seriesInfo name="DOI" value="10.17487/RFC8410"/>
        </reference>
        <reference anchor="RFC8418" target="https://www.rfc-editor.org/info/rfc8418">
          <front>
            <title>Use of the Elliptic Curve Diffie-Hellman Key Agreement Algorithm with X25519 and X448 in the Cryptographic Message Syntax (CMS)</title>
            <author fullname="R. Housley" initials="R." surname="Housley">
              <organization/>
            </author>
            <date month="August" year="2018"/>
            <abstract>
              <t>This document describes the conventions for using the Elliptic Curve Diffie-Hellman (ECDH) key agreement algorithm with curve25519 and curve448 in the Cryptographic Message Syntax (CMS).</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8418"/>
          <seriesInfo name="DOI" value="10.17487/RFC8418"/>
        </reference>
        <reference anchor="SHA256">
          <front>
            <title>Secure Hash Standard</title>
            <author fullname="Quynh H. Dang" initials="Q." surname="Dang">
              <organization/>
            </author>
            <date month="July" year="2015"/>
          </front>
          <seriesInfo name="National Institute of Standards and Technology" value="report"/>
          <seriesInfo name="DOI" value="10.6028/nist.fips.180-4"/>
        </reference>
        <reference anchor="TEST-POLICY" target="https://csrc.nist.gov/CSRC/media/Projects/Computer-Security-Objects-Register/documents/test_policy.pdf">
          <front>
            <title>Test Certificate Policy to Support PKI Pilots and Testing</title>
            <author>
              <organization>NIST - Computer Security Divisiion (CSD)</organization>
            </author>
            <date year="2012" month="May"/>
          </front>
        </reference>
      </references>
    </references>

  </back>
  <!-- ##markdown-source:
H4sIADgD+2EAA9S8W6+jWrYm+M6vsHY+VKa8Iww2xrClkoo7GAM2F4N5qeQO
NveLMaTyqFUP/dQPp1vnqEutbvVj/4/+KeeX9MReK2JF7MjMnVWp6qqt2BFe
E5hzzHH5xjfGxOvTp09Ql3ZZ+MtCX8mizC7Yh5tXWbiQwrFduEWwoMOmS6PU
d7uwhYLSL9wc3B00btR9SsMu+pSBB9pP7fOx9hOMQ/OtcdmMvyzSIiohKK2a
XxZd07fdGoYJeA25TejOFztoKJtb3JR99cviOQ10C0cwFvyyEIsubIqw+8TM
K0FQ2wFh/qOblQVYfQSiQG7fJWXzC7T4BC3Af2nR/rJgPi+kzws+zbK8bJ7D
L3EZt0jDbCG5SfHN1bKJf1mQediA/RULOr2n2eKQevOWw3ZhFmlZPO9ruyYM
u18WyHq7oJrSDRZ69/l5xU87sFElHBYXsJefF8rlNVwGYFkEhmH07ee+6GaV
mDr5HHA9rwnvYHH6YD4HwtxNM6DYW/wfojTqErC3FowVn4ESnjc05WymMEg7
IPys2SZ3u/QeAg1w4lFHcOwTCnaqip8R+DMGr/GVIurG5/na5+dFaCF+Yj6D
ZT+VVVhUcfVuNDCDxtEoskFfn7ab9fr1aYdixOsTjiLwl084+KQL5HqL/eUF
4XlBg9WNT0f1INIX8Miic5t4VmPSdVX7y2rlt43/uUjb7nNc3le0rtGrHGzQ
XR2b8hr6Xbuiy7zqgSd80kO/b4CuP6ne88onLYzBg2GzAj7Z52EBbgYe2v3H
qsxSf/xcBdG84Mu3fzLAlY+evDg+71p05ULvq6psusVREhfHNCu7l9vPT6RF
/BOY5IujvfnLvMvFp8W7aIt30RYM8J82BT6z+D2tM38ADwRgrV8WaxhZf4K3
UPHBZECRawR5U+52jb8pd0ts8TfVr4mvRngbw+HN2xiO7NB3c+zeTbTdIr9A
nz59As4FHNb1QdgYSfge2UF4D7OymlUF3DHP+2KW2QuLMErBpqOmzBdt4jZg
14s3x1iU0aJN4yIMwM4XYeE3Y9WBH8C23M8LI0nbxbv2F5Hrp1nazTCxaHs/
AWtkmeuVDdgx0Ig3AgGitJhndxdt7mbZog27eQX78xYm7puF/wFpnja4zRgE
/HzRt+FiSMJiEQNp5wlnEec13uT8DD23nadBkIUQ9LsZPZoy6P156W+U8Ps/
/elNU3/+8x9+rJKfAZQsKhfI4veZ2yw68HT4aY7Ov3T/b9Uh2NPq13qE1KgD
W3su8wBGm7e9AH4CQMnN5q2D+0owT1F28/DscV7ou7NO5meqBkTzC6+8cF53
jgLwzDzogp0AF09nQWahX6bwy6YBIVSEbfvzvA1wEQgAfpqNnM64O8/oerM5
x1n8eZnyDoZmm41g9vwzJJQDUEbz82JIQXT03cL1/XkKsNx8exNm4d0FampD
vwm/3dPPswO8sgxwILAPoKXZhN/609NbZkf4Dc7ysuocRbNVZ9f5uuxf9iAw
/Nzo64fie48ii9keTzE1nfyw4KzDFybM+klnd6+qLA2Dn19L/+iZeSPN01j3
NADWmWXqhnLxExCgLQu3/ennBQkgKXxOQZXeLEAAsB4sBnY/zlMv2GANHJd4
d2IABvN2f5tgIHHGT1u9y/c+2TcyvosF8mP4jWy022TlKypBLnV/Za0IfGhn
J3WbphyycdZn1Bf+S37gJWGWfZpTFtg7UEDRzRK+xfgXx/gMid0sNjB5N8cf
kLgqgUMCj3KB8YFfNV9WbBdzxn4GQfkel+9b+xFk5cDH3DgEHj/Hx+IOAgAk
2J+fTvCceF4QYFj3UgIIGWCqWdjv4gHs/He/W2hh3adN+BLk4BZxD+Z+Ac28
oZnCtIufZFM3gO6e/y4U9flZY0+mqLHM/Bmk0MPhy4f3O3RBNQ/M109fn6RV
WWYV5vUwGF18NySTl59ePviTejREVSEPP81g1n1jqtkPgc688LW3CsTJjE3g
jrD1G0B+5k0vKPq4QNDF09PmRPXnP78+z4kHfJ5j6bVUWQBrv34EegRGrarQ
nXFkMUet71YgJ2RA0WCBNimHYgGUHb60aIRNnhZlVsYjAPDFT/Q3nky+e/JP
i98Di/xEkz/94eUdMziP89SuB6wNQCFt2372lic4fOPR87RsEXxinx7308fn
n06Vth/n6dsfz7L4/bxTsL20eaFnW5VF8AT5X8PbHxbzovKcL8wWOBYJIKd7
24Nsft1EU8aNm7/EeEOl8AnBCVhsThwvUANcDOj7LQG9e/FLf8cmBbdbgHdC
0PPmmcKBm/2ymKEfKLzMw/eg+LifpzXmkJz/fZ9zVsAdpK6yb9+z5YtjgtWM
ZwBmAdjOTNmBiAC4ixnyqw4ob5yvAXvHs72SfOEnJYCy9rW33B1nT3vm4xDQ
hDTrgQJfaNy9WBbAGzB18ZZc2rk2mEkT8fNrB11ZZi0AY4BlgG5ns6qBDAi8
Rj95afdE2tk+XwYYXX9t0L29AxVwSQCEzYcoyNrya159T6ZFOQCQDMJs/PTa
HAiGIyvPOFI+7f37NgxfhplZ2Qy/T8icE+SLl76CAii/C0GVEOYgnNpF0xfF
08eOYZM9a4M5AsPHk6TNT+cv6jDP8y4hkFx8EzMt/KwH0fmej56m+mK2ZxA+
IQyQPkB53rSbgmQ2h3oMiq2ZM8wBmXvPhDLb5XtUmLGgCNoXMnx+86eZ9AN/
+rK++zUl2r/KHl8D6jUGVPfMN2+JBtAkwBKAdV4A8bYSCKAs+jTH73v6TJ9z
zEYJ0pmmAHMD60R99kSyN38Bgrxc9NN79ILImoNiQbn+s6IsgmeIfOT8ZvsO
0sDaPwryb1kE0B3Y8yuVfKEQ84beggMEcBc+E1z7Ha2c734L2N9/COI/zCb9
SC3fEBPAYg/CByijb597eaXpL5zxh1kM+Pc80ZOezQkNAOA7bf4VhYsAzoRz
3D5pDYh6YOlPH3Lw84Fn4QW0RP+Atszx9m7OX1VRM/N8eu+f/vSh3Hu6TfDE
8pmTzq7xSg9N+OZr4VvueNftB/OGxT1tyuKZXj9D7Fdp/6pkr8pvsf6MYJ9x
FP6MgLoU+bz5DAY+o/hn5Ed7/Yuz/MVp1p9/5Vjso0pfZc6LAnwj5VvwBF8T
8dzQmNEsfaoCAN12/fmFUl89oe2jaFZtMft/9MqnMzpE/RzfH/Q5pMCeT9d5
xsisTHcRhQPwXd8N5kzxlal/RNwXpr7PChZ4m3lOU88bq8wd03fO6Gelf1u0
NzBv64fFnCXaP4DiYVbeV6E79xY+Cw6QgNp0Thbdt9oA+SVLg9mQA3COcgCq
ZPrwVTOA7WdhEXfJ+NLNiwS87nsGSvudYp87n3ECrPw1pr7CxTzrHBlzMIJ1
+xdEvbEe139VpWE3hEDmjzJ+WH12mLcw/xB8v3YALbyX/psDUF9rM/D3rCAw
4WuCF+I9K7o3Z38P21nGN2x/oeAwJ4Ln7l5Pz9N94W0gbEBptCiA8HMyBiTj
/ky3L2u2zyWAbdp5sh9N9L0mwazVW3p2ixHUbu+7+UqKZ+CYWQvILX3W/Qwm
LML30vBH7r4I0xerLhYqrR/fsQDs85lB/5gGn9zgU+m31R9f1HMu9oJ3f/xC
/UAh/9bnmgnhq8J8ITdIniFwMjAMnvl//x8UxCUI0Fmkb1D8GQ60dvhegHmV
eZhJQdJMQWaaZzrOxcavF/hWvtdaABQ23y/28guzfQHeE0nB/c/Wk/40M0CH
cvHVN8K/gGtzpl5Uaeg/NdyWUTfMbvT76KuX/Py66asLPTda/Br6geqa9AFC
NS/Bra+gfwVO+HLIF815N9csNvuh6AVbABnsxSA/Na0L0u2bVj/e+V5KfnN3
+Bp8e8KdnScLY8A/Zp68aErgkV9qVaA5pXxnEF8o36xHL0zcO9BJkEYRCIAX
HILlv1HYE1XcOcK8cfETgKq5Yv40czDwAYw+FwNY/9OL+MzPg6rnww0/vYjn
p2yuI3/6cj+wKPdR5/kcHXPfZ/a6b3oqT0YmHKXjW8Kf+6ZPRc0Jzn0V4S92
984oPrKHJ94GoZt9wVv3G0R60aN5c+5vEvwdQmYGkz4pRfB3rfGXVfjT56cP
v/zuo51agC3PqZ69ivTF+r0Zo+aYdZtnq/VtuleD6DXhyzF+vI1f4yydzGXN
k0U9/RlQ2+wTwECQfr7C5w+Y3YvLVVk5vmd5sPl5rieRLl8JFfxQ/IAXfv4B
Z2uenaturF4bnl27LOJPWXr/qqqXM4Nob9p/9zWIb6DCAPJ4c8esr57o9dTJ
04tedns2An8IDfOiH+xUfE9mfn6j/ekrFfSgovp6+welf37RlHcq/1dw6Nsa
Ye64vCewpxbfQR6Q1edMIB8BJRS3b4R+Kfr3X9jfF1r/tU54ifer4vpN3D/8
/GpMzoCXNGH4tsQ8LdjJNxH6bKH9u/adMT+7nR9EAcHpznd8erv+ab745z//
vPjjc/jz2/Bnv+n++If37X6DLiAAwydOuh/qk+fZVvsD8ASSPPcwLzMv/kLQ
r6v67mcw9FruFwgUXb/MGXdO6p/mc6t//9NL2ncJPs36Tcqq/enP0D/90z9B
//av//Jv//rPv+HP/75Y/Nu//C//9i//03/pn38Ga/2vi6/iLv7tX//v+cL/
/L/927/8p8WvlAdW+0/gif/jt0n3f83S/ct/hXT/+akNiHxVj7PZnmXzX7Pd
E5j/mgG/5rTvjfg1sX1jyOfgy5Q/L+6p+6v49JuybT+9wf9blfXRKZ6Xf+0a
YPSLg/xN/3iGx3+Jh/wj/OSf/2Fe9kWX3/rZ9zoBy/2f/zAv/Ef44n/+B3ky
NS7KPO26dyb5I9dpn2n2a/FVgVvSuXvwXveAtNo1btE+veOnb3FwbuT8OMW8
N3Hejw6+nO/M51vf+vPXp/4wo/OTD4DKL0rj/lU/vbcp3bZ9dsQhiHXnI5av
PVPAZlogxK+qY/ChCb9efJKEIyt/evbh5p6cROu/w9/YN7HF//znt/7bPI+f
hSBKAH9/9i8XvwdqmvuVBahy3iT5w6ucmQ98nvn8o0hvfbxnqprLppleP7sy
M20EdXQaPcviD0w7C79M/IHWgUI5AQRx1sGXCnxe6ik6sn5rIq6J9RfZ50y7
mOnul3QK9tC72ZfZ25+/nvy98a5ZqG9Y3fu985nal7Xe55+P2wpQl7+dl8ya
fRaEC8DK38q5dxO8TKd/0EuTxk/yZXzV15zlnkdsPzxkmKleEHbPJj8os964
Elj+SZNevfb5lOWlwWYW4f107lV1RXMbb577T3/68obDDI6e2z6bR082BRQd
zj3W93ln6P3Tn15vJwDVvo5kX/qcS70ifrazv6SGeSnA7gCaAkHb925uG77m
eyP3zzYHqB2/VqjvGp17t22YzSXKfMDxYsHhm9Bvp/N//vPnb7T2nlpmsvfW
Rv1bSnxtDeQw4MjJ2xH6xz19fpt/VsTXo4qvW3hru33sRIUfD++aRfq10J49
rm8Anrw3I+YyMcvKAcQkSFPha8b3c+E3RTz1DCodEBPNEx7ePPSt4zh7yku8
J3ucxVmv0YU3o8rzaPL3zz5U2gDg+nLhbQlgy0/AmCBdx89+ztvCT3982/8f
XoLO037EjXQ+bXq4AbBKPh8vQr/7lqD9+Lxp8afffVvxfkuX/9qTM848N1LO
+nrhxBe9ggS++LRQni8k/VF/TXYg5aP+16b84+u88a+sqT1Z8gcI/9PvPvLM
twOQ78qIpxWAXV+A9h3v/6Zm+A3b/vwDZvKVK76oyKsKfj25enx6gCrrXcT5
3Y1PnyiWF5UFzWqGyIk0abDPUUgWRSacaJrM1ZgcRIqMRcOnCvjhrabADelT
VlfY6Jgk75g0QypUfKuTW8oTA0yRJ5iDSIY6yyd4oIcLcz6dJHbQ9tpZ42WN
HZjX2IEdEvlkIidzpGxtYh8yjfMkYrLkQy4hc811Pv/IRPZBGWcKiLc3TjrF
OPYedi2nuqw58C/RiyyHBHxy9/MMDg0y5gb4oRrsA5Kv5KBcTVg2Epcn8VFm
TPD/bVQmcq0Yp4fKlcPZYBWZbJ+r0onM6ubZ1K6sJpM4Dz0HH7JosJxicnJ8
hv2HbJB3KlbOFCkbEqcknk21jk69b0M3YTY+rc9jwGc55FpKAj7cvZSiAlsr
vc2+CoTbEMdsKpMwT+s1r4vehjmxQGkmSaIixQzkfF0iS5GCyBO95vkjEOCs
BCl8aNPTjiBheVrzy4O2zzx7fVdKXDdSjyzGE3GeuIbfC1cz0eyVmjeQetw0
DE2t9UtEHc9DANMBjU1EHe1v/vnB+EgiLc86cZcK/wCLR/OS3faD1cuV7SJi
mE3QcqL78zK+nvGNeS+wwSg2hEznY97vCu44pYnfq4UnX1Q6kHPTSxEmxw2b
OGJpx2mbJIVEodIl2buVdiYj+GZnuVz02O5ulFiKvXKV2PEo9hIx8CYZVpW/
PZHCPia2xyMrKEKWy9CYUBOd5fFtLCdND/Xm9qgJO9xLJoFmFu868OShN7eh
+2YVpnJJ3zYX5YwfNm033n2Zh5DaZGjSlR4Y57DRLmEJTcEOG4+MZYok+evp
CoxJPj0vYAeWWg0nTibBtQgfmPjCQGcNPpInYQVsxJAxy8sU/LyZiU8WRema
LG5x6uHL1YrdS7y55nPfdwUPtoxXXEAfA4MkVZo8sSTN2Fa256+T5AaKfPS5
zBELh14K2U47ND7FaOvtVabtmBgPkDjwZ9ZXqnUkoMuLYGgGfxBwxD2SjByY
vBBXkR/VwzVs3Xu3ylXYgHX4cN3D2jknNhELJaGumIKZxmeNKK7GeViz1LQL
19XyvunUVi764p5jR5GJhccDtrD8Osn2LuN3qLePyuUdCh7Lq7hy7W6Zpsm2
Sner9aUnQoM590t9ux7agsMJit2HZ7hZsjnPPMw7umOWW6k/VZJMQOYqbe1q
oDFptcEMXEuSQD3ZTA3LHYEYDhrsDQPON35e4vA0+Y9Wkhm9cwRVnWiqo2qo
F73BGraqu1uXK3GIifvSgq2bTtEW6wbRqpeWvpb6j+b07//9C9pYhfk1sD2J
/t+A9jf6JYXjG4r/4HWDL2j+2/H62YubQX5RhMM32P9XkBys+UMkr8L8U5Rm
4UcUP2riGWx0IbGXLyjOLmf0/hVCs8ARdZqSYgA2+g14NTkDzvd4A/29gPM9
3kB/L+B8jzfQ3ws43+MN9PcCzvd4A/29gPM93kDfAg5LA3gn2U3HJW2+Y6qY
yZpyieg35Hb1hLbV0FalBA+dmmOF+Qh+VCEQL7HVU/4VYSZ1Gm+KMbmyyzzI
1EXv/eO8p5DcC5ubIkwGV48e7j02fqizKm1s3HKsoW2UcpUGHzDKRe5xjGvG
XaFJkawExUWr8w22Gdyql8kuz0xSvfBeGm5NFV8d17V19dU5DYCqarzYe32V
9j3crVccnCasxfs2lZc+ziyXxS6X2m59vZECgw7ZUVmDjFkXuRtX1ATFpccp
Oe2MTsXoy+PR6E4OYt8DntvqZeAvuWl5ray+QG71gxFY1BSdiSFXAulSsap5
IJeyjntu1ZZw2EdYq13dr6MjtZu4FbKXAu2GmnvVfOiwepKo+MTsh7I4brXh
rsLtpaTTAZp6zr8YubJKxI22uadS/2gQghawZX7vRRPflqUocJiRlr0zJLcl
tjzfdo1vB/p2izIGCq0179zYq226ktXpgfu4KA6lsxfd9jAt7w+cQwssGZMz
tvVsZUeKVHmVk3XQ4d1xLTsrDTqzUXtDcyVXsVHqp5GMrvsppQv6JXLBCIR5
McXjrYaP+v2cSiduz9EUQe2PXJIFa6gS43JKh9XemeSNtREtE5Ysfjdv29g8
8mIj2tgjtyz0biMrGMdHT/Uc63KEw8DDEF6GRIIpxW0aF8EhZoZRPayPXO8A
PK9rHyYYdulXewstlLIPagOYq7km+UOheSnmrxmDT9BKvem+fx+HAYjMBLAW
ulfNnFL2yjyu3Nr0JumBZ9O+tVFJbNdrXgyEWtfoe+aPOHxyoa2lbMyDko7U
ZgsL9BEjBoaT7cuYb5t9eboe7wnGi31yke7oGY+i6HG73Le3x7a3Uts576Hd
ff1Y5ngj19l4X1a30TqccUkaOyEPUmpilqVhPbhdg/bh4dq5jyKeHgWxqciS
p0ip0qBGI45FU0pC7+nsKmhMxeEO98IZjswdy1TcIHZ4pyqHzW5dmQYhXTU8
VDYI48pVeVIrH6Lqe6UDUalDhxTM2J7Xt0aEtUEW1Ym0fJglaFyT73tsqQXm
Fj4hlD5e7wfeldItSQo36GjccJ+/nFWEogU+s/FqY18iQFtPrvDo+jN9xsNL
TN+fIotOmJ4TH74Ye/VqusG0hKG7DlZC3Cbe3tYX+kjz0W5apld523jybXdt
LumDwSz5aqi380Fg2vNDpiqP3PHJYWdI4xbyw4oSEADQD1bM8KBWlmYZ7kOq
KoRy5QPekNIasXLl/SQu69QsN6rMaEtTIAhFDAJJgdLdltfOBzK0YHGKO5hg
ZTZliGvJtIN6ukjScKEokgcZRhRBRmpk+sbTFs3rJJeRw4mGyPjkVz6/SYSL
ubMurjuYqaKdyu4QDcVlkssuN8gOSbFvsvmvEtwzm3+fogdQDb6/2fe3Gx4/
7na8Pda9lfeLP7pbH/F2OLrDEDQMMAxxMQ/ertebLYKucQ/1dhFMBLgPqN86
IIgNvA4CbB0Sf3x/x2SeJX0rU39Yb3/onnxbcr9q7cUfX1/++fi9n2cd134C
mwYb+vzGGOaV/vj5b5Ic+pvm5g/r2K+tcQgSo+draK/Xq/xsfkXm1c3/2MR/
b97/1pL5g+5/0N5/Hl19ed04SdvvD96+7aB+qarn4+Lw+f7WD07y/pE19ls/
/L+60qa3c6Vd5V8rbeNUFBHOmO2dDO43e5ebYX4p2x1DclQsN45NDtZb6Qr9
qHb9UemqGOT0XroePpSu0FvtyjmMiCgGuxVZJfMLrXLy7Hqxtcpbo/HJPsMu
T4yurW1lmrQZQxxkQwSTiqDSnkxY4coLM4kDGBhUQ9zIzAVRGBa1rn+7DwD9
tUbAb+kDQL9uBACF6uLAnC57qXREMKoA0ktRJ5IB9AvUTeD6qZypGEUeLhfo
Qsins4msD6d+3DN3mDlNx4uHdmx+7iIXX18fe3Xf0tGeQWzZai+3UNE5LsIx
t0VXYQtSq+DsE5wlbGpz2sOH5riu8Fx72KwyWWyzPR/WeB0M91NMaKl1KigX
HTOQfBLMPu5kaWtDGK3YU6Avo4ZSowgeJE9yd71vrlSJG1EsaB8xuodHR+sP
puo9lAhe1RJ8FkJejMNMLKFHryehOdlT1DnleSUU/YlN4xRdy6Uh4inabEjn
RGF5NmUk6efM5objJx8OrcsksYIsAaZMG9JV4fagaDP4BgnQW2Vs0vPFqQpD
uada3UrYncDEMZaMIEbs4R6OG0ClB8+qTrIIUWUjlOebtupZA2E35T1oaXIA
pYWr4LJQvuytwcarmDYHcq62J9KevVLQSRZiGVKVyYGn8/dUIVIyKT7L8N9S
hUN/oQyPXivILM+QVkxpTVmdiT7RvS0Ns/ApvMGXw+2Q9zLUGV8ijDmdqOK0
hEPuuKIoacK9M3s4s8eBsDh7EPliFHZNkx9Oe53d8vs83/kXG+K4PcWP/kax
puzxGKP9oU3g8ZLAaPAIZFzbJj7zN8vTLwfqb+3Kb74MCr2+sPLbe56v+w/l
PcxcP/zjfIV94TgZBE3Ytr+8HcT/hzYHyfHzGyy+WqBfJAGJwn2+qnieUfYd
KL++5P9dDnk7In0i8t/siH4543mf9u3LW+7rrercDcIZs5+y/AiRX2eQ8xN/
EY9/VC//sOs5zVjchF+wWIFZLgwRJIKlqswGjDgm9VTVFTL9D9v1VKe/s+vJ
TeT5PXUwN651LWWW8B7k5/YCPgO9UeL1V90u9q3bhZPzDXQsPTtf3VHfY1yM
ctetkhfE8dZcSvhq3CL6jhoRuYKqQF1Jh8rx9irJNnAr7sirq+4ohO9lk9uH
utEDEqRE9MD4zO2CbY4nK1sy4qHd8Y/zYEN9k1wCJ3PPINjM+kz6t+M9DBjK
X22aCWUAXnNRu2R3J5nr8mApwWi7JHGDVlRkzWhnCmIq74juOYZIWh+vGqar
+JwD1WAA13hcF8mDstaaQ4aHetqrsjvSp25okXp3624Kpa0HyLG3In0NfQ65
7LnERq9NIQzVKmUPfF27ih1sVhe44ncnLvSVHb7BxOMxiAxZT4/asgppqEn2
znDQQwCt9mEfbs7y3bufriUlV+wlc/eUKUo3FZlOyLEm4OKatfuDOogMeSKp
EuXvwJX5dobSD11NWibJgXthcAzo+cBcSZmKqzi5xZRzAmndICmZQp/PQOzp
ZMuURbHrl71PgtK5FpId8jN6sZDB482BfU2WgbkGOr6IT9p/MgVA8Qfo16Dt
kd+B9o5ox/GgwTybjHaTZvWNAsSCd3J/IiPoW9D+233W79us0OxtPpqnSh2p
tUtV4iZa0tWeSUCV5ayPhHA9saflHaOC446X9ghRuGK7oa57NcDQpiQhSSCr
pb/G0fN9PNvWniBArYrXa8c8yQ9h+Uiwkowmv5zyIsBs92wJMRoK4lUv17tj
nkgQi5TkXpISxgs81nfsw3r5QM7LoOfH3OpcBkYYx+lv0qXZufEouElqa8WK
JvxxAzRcK1A7Eg84uh5PMbZkagBmp0qeCFZ0Q8ylBYFK1PRo7sTjzZ3i4yW+
HZgtEd3QIy8Ul0eLcFASqNjk3AgWn4bMR8hD7LirVPf8KW1r/6Zsaj5MmHWL
YFc5GTjgbB2VKsueZmKFXzEwVI+Gd0GjWEpDU3isOqGfzHZyHvv4N/VZP+aP
OUkdn2ejz190sJDfe6nv6WJG8Lmaec8V1dvNf6nx+sps85vvz2/bfMgZfyNL
/Nd3VeO/1lX1567q9UNXFSbEorSY2Dre1i4UwUu9S6+6omq4tEoUnFlm8A4v
+yxrbyip3/Xh2tJKuWsF00UfJzPb7lXsXF8Q/EAqgwpp18YnKNdG5bifWo+z
qRDruQTJz5Wdcw+9MqnxtCS2sMxNq/B+jI8ENpyXE2p0oHBYO9AGbYwUQCHA
eXhnXxTOZNWsXcU387jmH9OYt+r65l4so+82ejPSdSiwnOdwNwrtG/mGQo9G
3NMberKaXl+DeBM8KotusaRsB/sc3ywuStXej+hiKZ5at65KJNhExFW/eR15
3g4b6D5FZYwTCCE/JJEQsAyVejYryG6/ozrHb7NdYI5ET9BqzI43LT2XN+4U
16edrTDmstlAeqhaw63dfeyqchKzZniCRPrdrt70m2ptMcJm6kOjS+vYNfAe
t9XlNVHF1RISptImwhJnxP3KW/EbrxmEMUqQ3Z67HwRk8uK22HpxsjemTbPc
+46zzTZtU8tnvMOnqwjtWUGV6E07CXh8OUtWI8YUWasdIhBGiu/XpQSMPeY1
xTUbx64okzasip3W7YaTKdMUoZpmW3JftwHrJ8tbh27s7e1OlvnuQCOMkLKY
JkUgPffe6sArgj5c0CCfQFrHKmLL7ZEEanGhNDVxrYXnqjXcwJWCjVReFB/J
/CjKh8BpVwnX7h55PtiSnGdlAZxkEmoGWVF1uIcEH5ePaB8ywXiOxXDVn7vs
RCi+dvL68nZjRuYiX85YMr1alLutm1x4jnemQpM6nd1Aw2rdmLVxEa3HY308
TVt+ix/91nBkHMAr6jpqCXh1IHiNcRKyXlN8obRZEVs3Leyfjy3E7MTMUQ8g
H+u6ESqs/WC2u/w6jn1UnbGt6oPN5PqezGV7fbVOeBEUam8dfX+7xyLlbkBu
D7s7h1LdUBIKErftw4a/pJlMPEWmN9uHlO6i9T7nu/ZyWSNdpPWMmWPsNZEt
zNtBvFWIhGhzuMFfkW27Kxn2cq/1o7EPKOxIeqvOGQLvSuQUWl+RHfZAbtRK
2fEqsUNV3DxCq2Mg3Mxd0I/RttBqJG/E5chzwrnlmQ2yafyle7sEkk+v4V2I
iZqsG4jDlVNBY7USVylUKEbPTKjjzV1VcssExCqQpHy3i+8XjFC9a4GVFNeb
rbo9u66rZ37LqYf12ZEPtFKf9tBSOXDO7oY/9vvT2WdF1Vj37M5e+S0lBaVp
+sVhWxRtfXZOx9Mgbnlis5NOcR+PmewcuhCycs7O7NWwrSfJ7qxmUz6I/ZGb
7qEetYhXO1SKnE55VMHtLaHK1XVU7tXFVMiSJ2XlNkB84gcnC9/xF8Bp7NMq
PA4qIApEFje0saIG6chIGZ5tnfgeHVZBwE7WKRZWduOWo2CsDahnexnBlyd5
t0miQ7fGtLk5aksIbcrydFhG5MnftVcBudjZLQs5Uo/Rpqn8RqpLbSlR0EVP
3VFJSAkdm2hpKRhG4+fjrfDIXd/CB8RgPVKdceICKOigpelpuG2orGYVbqxG
H4fgE1I9qo2581MhxfMihW+Kb9ThdndZrUu8uBCiXnQIH0VyuyMup0izDS1g
87XeYSWdiBBB37fXHXoQHPsWs2cuUtdKveoHfTKcW3i8LYXyuC9RqyOD8ubE
GjmOQgbHrBviWoYTIQQKAuBF3fwF8qvmcEYTIzjdh7E6kVsqLhsqZlnSAdkn
jilZbwfpdNlfREckLZOhSJGGKGrUxz3CyMrxgj6Q46bqA2bpVSvqlJwCJKu4
rXda49x/Fx1VYu3jRIBuNnCwCfBwgwRoFISERwRwFGIhEfkIukZQJAiwrYtu
w62HbrAI3v437Kh+YAwfuqrvlIb9+rb73yiDv3nv/a+/GfR269fvGYOxv1H3
fnj39h9b+jIjnN01dpvBjXrKdKEMUUIhXan7H/eFn/9/S9+8MqtleafKXj1i
JHfaL7VqqFTm8ZguGFwgULbfbiqQBvV0n1m3oRtW/uNUwx3aM+u7daHwWDWF
FX3u1k6FgLzST0dpv3b6bX7BbkK+hJIztRS75HoIxZ3QxVijhL1db+GV0Rv6
w95qiIiwNt/hFZaQp3NIbktn7UagbvGIXVicITwuJw1eKbc+RsmbnXu3nSEo
Pn6/X2Vz7xbO6pzrqBEztX219KTKfHGT+fc75cjt0KEItIKF/T3Xh7rSsfLk
k4+NFboxPNLKFTkTZ2LsVxvm6l88QESzfbRVPFnwZORwQe2tn1gRpLDeTcGS
U9+Mq+lRZG1/i4tlJHj1fWCS/QFYvLJWV3IFilpLXA6JWdXd6b/z0teMvyt9
UxMWzhozkpJ2xkn9OGxRDHBiZcP8w0rf2MzQcj8+5GqwKnLM1LuEAeXKGRIz
WwFBWRqV+0eN9HC9tmNb1SlBxJjIXqEHBmqjxy7Sxb7FY+t82Vi1HPYquRPT
CdToS55he7yX7iGrabZT+A9+GNdy5AmI6G1M/DQZ0LWm8GUwrcnhEsoPlbFq
oqyGjlxlhnrTYrzv07sTxat8G3Hl6tQmmaC4rsGcWbs1UcAMCVzIV5t4Krx7
ElxB9eGlaOlsOtINtIzdSsQ+Pbn7i1qYOV9FFH48DoyG+YnshGGsn0jIWi5V
UaqFJl5ZbIKOaX+M6py82+vEuR2r9K7sL4FxNG1DV3cSuiXosfZqftkqarm+
+QhUGHaGbzVBac7SSVoe4It1QU7LxCL/rtKXCb/kib9a/Qav+/6LCuC3Zz9+
WfpvZIv/1iWwm+kFluJ8iqKrEiLPZLHlC/qGHgVBuTZ6ZJlFEWYKikhifnYN
esMQE0c3+iZFjy7hxMJIbk8Rvrc2Tg5watrWOxkvCyff5c61PoUexpkCmq55
uUOvbbhm6hbBtmFTGIS6Bfw4ygTzamq+uxmLmqUg6owyeVI4FR4yyX3TYYE9
0ldFMPC1jjExrYVOb3Syj0zjcik/TlkdFITlHBKVVKtQcSCJz8/DNTyPS5y7
jRO9udqrk58vnQNdZ4c6oQZGCJxtzRiiuD6ebcTeSLuVryqP5E55rgllqxvS
DkE7md01ibKRc3BY60+bmqOx+2F15ENrxHQ62uJBX69Ilb21NGll3lJm8JNA
XKDrjub0vEY+lsBM/CgtlmFA2h5ZZ9nuDHlYWsK6XG5sVW2asS7ag6eO9w0q
QgNJmpa0q53xGhCNzqhkR6kxl5wU+5JYTmYs4VRoM1qM6r3s4MOIpJxA0WKV
lLJutVtoxSzTwG7MMNpe1puGzqiHLcAxYhY6bxcVMEiYnLEKye6OnKDqXmJL
mUb9agwQfbKbAVqeedpHlpV9X3WGtdG8dV1aKrEvrcuSrfy2bYatgqucyKlM
gp4i76Bg1dno1rh7QqtoBSFScijd6spNtn6pVtfGV66XPVFrgU56Tiup+/Xo
wGN9PQgMzaQV141LC65upuPvkzbuITpG9K7bdVKs38nzqmCvCh6u7iSBrEiS
liha8Q8TWx7iVz2JhoaMUQw9ZX1r7ykJheZfn2gNZpfsnSlSbwCbhwZmaEMD
KjzpzJWK0pPile4kqN75OKHb+ojAkdqt0yMrhPYSOlukbSiNghEykbHTY4zJ
TbvDMjK8UtqG8w7WbTpc6iO1KZ1BF9kd3ViCYe/BZiznvrQhjkc0FMGjQgPF
0h694ts6zLfpWL+qdis5yft+x9HwOmrwTd2KwWGok5TpjGowlc0VqqNqty9Z
R314+caIZeRxJG/NyTDjqFk7CeAL5tD2kjCm0ePEjn5j3ICfwHFNRjwcFXdo
9EZbwlZx73fC/pSOGJodNsTt2N9PN4laXlQMplYlh03eyN1rtygl+1q1leop
m3QzUiZkb1es2q8Oh5eWzfMgWKFFxnq8rGLqQVx5tThKaKLSt6nQ9rt67MvN
zrgv2Q2yy7gIul+4e3bRA5Te53lq0jfHuEsb7nbYCQ3IL8KghyfuxHY7l7kp
+NUmvOORu+PS0iyV+MZX0IHEL2euYU76cXSDSDlf7m1vJ9P+4OgX/npUeSEW
t/s+uhwYBzUZaWUAxnQ7XWaJGUaGVI1+3G1j5FNrbernfsPe3JpjukLOhfWO
xw7Ko+8DfxX45drnLM+BPY/nFHy8pBQ97DMoYnjmvhu8LSfG420ErKZAs+p+
FQCrwBKbgGM9MTaGYbQOrF/3ez522PC8WtdjvXQCbgVd3GXon9cYNWnIOeqn
Fr1SBd3rKOMK8cPvLWsNosfR5qrdMsr7bfMIOhY2nDsTNg/zAmV4Yi/vw54f
d71zDeMU9bnQ12+qhqbh7fxo2DvLJ5USsNSar4NDXGEnjD8Gbkbz68FHoV1V
XqsVnBY+qnWaFm0KR3CNEYa9Qg9X8LjsYNX0bprc2UlxTs8J7asdRpl+K/SV
168hMui93Vo63JbxndSZoO/djr/Wf08JPPgEnOwJWIu0/EH7qRnZW3cTYVSV
TtilXQl9HIer/y5KYMSPdiiOEuBvdBuhGOaj6916vUWibURg3m4XuTBG4N4m
nP+KkDDE1/DOi/6bl8DvpOFDFTx/yQ1ZL16/F/Z5gvskI2+ae7v6+w9ft/vD
+3cFv/yetKccgJp8PLl+/oalj98kev/u+Mej5D///GX4y5HBh7Hvv2b+Pv6R
YP359dWlH34P+PU7wObfjFP6X35B0VPY15e/ovQefsrC5+8E/fIVxNcR+h//
MvGqkPVvJ1xP9X3hWvaSBBwKVOccTn781ohAumBsx7JxEnbzfbVB05SIf3MP
RNXz4Py1Eg2fCdlM3oJvXozxQe0z8HT65SGZPMkDqFRE6yS10HE0XYq40GRi
0DF4WKfbxlBN47IhUG5srreQpvQzEgw7cVMSpaPsFMx8rKVRdPPWSvfQbtft
tAOyOusPnTpcz2dcL7bLVbnJuWuzVW7jybP627jZjPp53AiOGTj+WjPKcuTY
QEtx6IGvg4l1z7nr7SoLnaqSX4lnDVONdPKtvVqWfMnCqpbm2Ljml6nmbMIj
ZdbwEg915WJBy6tolXfC9QKuvhJXxDtJ15XQBNdwbdBBhrlEq2cGd7mLD8oy
g2PmMMOdPtVDSlu5HYoQZhBs5WTBrWVmkZcTl+iHUhtIitdMkE90kyDZNswJ
hnuUtVPj5/bkh/GJu2Du3ndUyA6zncjSIhlLeOFkEm1Mo3ImD4+QG+D0ahUW
mnWMW/s0xodV3otKWtcBQ6AXUhUeWgYhmWSi+eFW6PsNZqHG7u6KaFQReCvB
BV+5zHRKwh6jvNMyOAcoWm/XMthEfWfgy868cpB4Zo+bM8F6UYGhCK3Bueif
aXMsHt7GdaVrElOSwXuXVuqOfUjs0IY5imQjt2shLPFxA/n1Mtrt/RAWz3Sc
aW6nYI0+7ikO32fUydpWDu+XODkYMlJJG60JRGZKk5DEGZGilpIBoXuHUjGz
ajLf2Q7UBSt823K3LBqF3nZHBxuPWk77vvcom4jQkV/tYV/ntsRArP0VdvKg
FGW5G9aR6YQQx0d/OAxXv9whIQaKQfcOxpKVtQe00KbZvhl20vJMhg554CwU
4VfMBoYskdLodQsgSqA2V3y5iZSjf0+BG4N07SjABo3DkVeP6rKSfty2jR9p
+u7+6H3yTm9tAkK9HH6wfqCObdFXmbDb9Uvash5XUMogqJ5JjmF6g4+4MIWN
GnMvr6bs3JhJrtvHeLkW0J7fnhKZOzXGSB4GOt63x1VDRtvHMeHX1ZI49Rk8
ppQoOsNdUiTtJB2Wl4N/v9yNBPGSK9SYUXaZpvs9HW16JA6+veapsiJGittP
op9L0QGW+d7FLPFm2WtKvCa80fXY2UhyTegjSG1rJV45jUIbF3cXIgwWD8dt
z2kg1TsBqUdL2DZCTN4BGuwqKF+i5EYAtfx2o19OR6yAKqNbuTBjCNNlt3MV
OVnm000UaMTaTGaQ6SjemeNeTkllY3RLLUoEUOhn5X4nBv4lkNeQiohLk1lt
D0ScPBQ8SJANl24aZiywy/ZBIQ+ud+D8cC1Zcbk5NsiSIqQ4Wpar5MF1XfSA
kP6I2L7QwS4aUw0W76KBV9o2GrY6FmOJTpiMQV7U6n5wAcxma8PJw4szpVeE
aNv7BoNuDXJ2tTPx8E+0d4G3vc8svX7MOftYrJrkHDySWByD/K52wcSU0whb
HGPc46tJKaFW0FAonxmMzKzAUrOcqlVfzPY67F7WnJXj0rXH1rYDGKWolUN2
GNu+3kxizeRTXu85aehJKNdkJzfPSVklMlvgWDOU3sbBd7HijSNirgI7XbbY
efQeq1s6MPY1GhOLKpICiW9JnN6hUk34rluOIO3S5144ZWxWnsKTAqP0FlB3
OEAs9YriBNdhQ3XP4a72M0ypCu1iJh5dcpCdcA06tHNe2Hws4qnBjcFYOecJ
Z048DMgfHPxt4jFIHwKE7MtDDMkyMomy9LFkOVY48RQRkLFobkvwMEOqDS+M
Crp73LoO2SPnu3VyFIi6iDI3zSXdejVJZcdHO1YOYj0YssctkQzr0QNmcFzF
kcZgXmkbJLnrb3umFWyniWwOkq4iKojr0l0paTLUflcl/qEsqL3tl1Ev3JdZ
eSTk46Eb+o1cIkNrGalQRVs7f8ilcxqgyGuqdZkc+nivIo5GEVpEmpVLJh0X
E0h1UDubraYdbx7YUS0uCaHhaU94epjhXpWhOrQky8dkM2h8SVkTu6TwCt25
WtsFGwEFJYDGFKakl/W57dpM06VCWlkNfzGHctzdFGYYIYZKu6hs5QvcVBYb
bhvboIb9jSoDP9scqIrxlCnwGmdYhstR9fbEFGmZXGXw4xyV6TWFasL0tCBW
1mMJa9LAYT62Oa+1gNt215NQKKK8kTYdTUxs2iLINS6IQ6geKIIOkHpk0SNk
RbmgwPFQMxwS2gRm5GZa5RcZ2wjY1QfM3ceqXSg6Hd3U/DVpjZobfDmGUcu1
rVBgoCg62AA5JtEE8B3ReBd1psmqpr3pbDRDSnMn4T3ZnwxdWpH2YF6Xsnc6
J9mEdyHKnRtoQPvMQXBUvNQJszkHovqwU+cW6RKdaBO+2p1cv7G5eyTdGr95
6OtUkMtHAhDFYg2lE6E2s7batumLK4Y0W/hsoALNKdwp4inP6M4EGRx3480l
XFANP450aXNx6CEnGOFWVBpPFgSv98ftwQc5I3XhEcdPnjFZSbrdBWgSblWx
ggfBTPljsmt3xDrPsu7e65Um7W+qbd2xBKrJ65ZsKQrfK/fYPu6QS/dY3+Xg
OmBxPZ38B6nvUVM4xTD9yFOVOZjHJSeQF4Q+KvrV06BKaIwUMbl0tSSSSxGe
/HS5rI/3G13LPS+cH24eoOrBLfi9gigPFmFGOQx6t7KBy/THAoox7HAMR4I/
9exGpxR6HeTXXh13AR5ZNuvUSX3ojlHbD+cpKCwP6Un/qkWno1IueytEIZCr
L2lrS5usJrdg51od6Pclxh+wleqcVNpwL/LoiBZDXPV1bGLGpl5f8f6GHBT/
QBQ45OrVafuw2oqyq8kuN0TEY7Qc1pOTcXTd3E/DJQlsr3sUhPpYVWmeA/D0
a/JxXz7GLrEgSn4s0wzZs4FHX2FkO1zzlraUo5XJKHnWkzKrnKQl5Bpr7jFl
p4iwj68MzFT6gWbhRwKteKW0S9XeHJpHRIsMmxj4YXTWCrslxmTTYVWO423J
TS4ZJ8HVQ7ibvyMKyvMzVDlIMaTnh9WOv3W3BzsVaqpfoiICteT2dnVoGA9w
rSj5qGEY02LWgD173kOla5TdsLDTIRtXgPaqrVGqc6CJw3qvAPKZUo7Dj7dk
eUxRoxUn+7A2j4CijSjDuGyEj24+XmA0yBKuLRIGqhtA+Qh2o66aioNH01vH
dJiwsUEUVXXuZVAGBS19E+owz+Nzs9qu7fvKlojggS4v1PUAoauNGMCr8bw3
tZoRBQEv0TLm0CbKbpPqAoJDFHuuj4+wKeOlMrbugRib3YrJUuTan+HnUaAz
fFMf8CUYs+aX5pETTZ7mWkJRvs0Z7AC8WZqfgV4PDaBiIVWKTAOxph4ON9zd
WKQ5WiLjWI6NqTHv6ApZ7+viviEPyyNGEHBvI6PnQIpvDPQykbUzLJQw15Pk
6E2BrlGk6/gJssT5JDTxcdqJFys/FMhRER6Zg6eFeIlyI7pBR3eDaje8XWmP
vRjiB/lyQOrrbcXJ9YqrYh/WMcAUPPu+xwjBw+OOLHkLPyIeHASEd+chxSNv
MJxsm6VopQJq4hNf+bXFWFqchrxItxcYFu4PVJLkM8aJV+5MG054V7VzOU65
bkOOEz/qxrsOKO3UqqWFwlHcuGy3fZztDZUmGg+4rDimLjaaCHxWHYOnpNoy
QylXyS0/QLq9yYXV7ZCO7iYeBv4e1Aigy362OyO6oSACN1Zo6PFSjNKtgyk3
61r6Q70+DvLKqEsH2qbwuqvvaqjhmb07NHoYP3gBR6RhU8hnNBC23aM8d0QS
BA4tSby/3zo4l00P7ohSXM9Bu0TNtco8Bo/UTfYr/mYzZ1BGYtReCtATEWLt
dX95GGGNzseZZ/Qo94y54wjcXgVEyz6gtb3xEH//6Mndo1MLiTy2FjtaVEzg
1JKWeEwa1G2LG5lzzrMbsuVo83rnSolOLVHiUAW684fUUsXj6ronFIyvKxSw
o3yLTArHO7vYIbt7S+n8SVfNYxw5/mOda4+Kyn0b7/LtZQ8lOQglRkI2fW6a
vNQcAQ/B/d1KPpOnMNal+tTbeiRLmHQrbD7cXYdru3u4J1fLiYgTdAiWPN7c
yO3hofFXa3WdrqZCshYDkOFIn0ucXd0C/MAa9ytZDtxutx6JErYRZ/KPO8Hy
M6i8+OrK0vUEDZcc6cX1oVzhknjjp/16Q5F+8MBtsntMppNogeCKXTG4+zYy
GtSghxqnIfsBKoYeRVcTlub1qTmrrn2K7jes1RU+4LG1cXP9S7yWsA1DJH68
NDzneDzremfZ4xXXIQVH3WIy1IeHjA/MHTDxsOypA41eRT1WuPTqcttquB50
LzbarbNrb05AuzkOPy55sD+rEKuv+pqjT5ypu7ltK17Z3dPTDb9a/Z6blpQ9
HS97ZdMtN3mF6XlsOOvpiHPmiWVR3tMFiKkvZ2yNML6llavcLXHAmFb5/Sbl
aBDwVBakfVsKjntA46Bck0htJLpcyFTrp/Tyyl7BBGqzg+1E8H2DsXCAPpb5
LfrwgLFaHKiauHhugdgwuOe8peL2eQ/0YqglRc6tEP0CLprpX2p5hImvHfKz
SVYyTSYndZ4UIgVvG9iONNGhZpZrR7/C5dhz+mY6bYVEGiO3ake69i60dF9l
+qRcrHsfuLtH5C57Vd5Bq4GmiNYKJlg2KpeSBetBJPfUc8QLti3lZTOindFL
Uq3us81ObYsrBQe6Ykjt1IqbyIWO5rXNHrUobFwaaRNmp9aJqPHOpF0lFD3u
R0BD1lh5auJzZ1w0QrkYQRgudY9yvBvbrSC2stJqiIBb8BrW6Zf9qSCIUCXO
aYIL4+k+iFUamMmmojk1Kwf07IxkLVqq4A+EQV4pyFbuyzoKhF2U2sQgb1f8
vThpodjWV5s2S8AS9ZNI1swqWoqrAOHWTl7LO2mw4QOvsRoBqRbIhNxug1YK
wR88JeysHGukR57p4mqbY8v1/gEUVhQIdlzeKZ2Nrf1KxPliTwJy6VGQMUbX
Mkb5dL3M8uY4SbslDdJ3JxNF1Dbo4zyNK+pWDI7o7m9tgJ7vKn/TwUUZa5OO
2kMU0WtLfh91SdfexbMJeO9tWjer7DzJuuapMTFq201yR4RVYdO5ebWmFXUv
vbx0z5RP51CuFsXFMQRZcRvxfAkOJy6Nts5B2FnnlX1mz2KpFZ2ipVIrEdiZ
FPKt7ZXWiafrA5yECSTaGyXNRiQOCz5HXC7TT4p8PzC3EhEPjCE1onI/5ld+
ZXHloeiqPXfsLk5blgZyvdqHAdqcDb0Mulg6KcHxorJpoO/rQdTxXTQ1NLW2
8mFs4ZSPgrZXEt2tldqFA1nFuNRaR7ceeuyE5bDTbWRVEJfQMZWD6ofDwad3
LC6SiOg21zhzWOSAXbx1FtiPM1Fvjkd1kHq+cBMYMqSCwUDa3VIir/LGxCHn
trK1Zg/qSf8QLh/tXkMarEjFjefLlm2Pu9jLEXtFaywBr0VoLAB9LRlt+XCw
5nq0mP1xdztHKH8n8a6h+abs0Mrbe/mQUaEsjpnuB6dSYIuxbsJCLSBNzm3H
laZsU1y7emfddnhd7mvYxc7Jqg1CWPLV/4+6N1t6VTuXBe95CkfUJVFF313S
9yAQIOCOvhW9QFAvX/xruVm2l7fts12niZgzYk4JwRAa48tM+DJ5SN3pxbnJ
9d61vWEdvfkQ1vrB9ehNAH5FaHnKwsjSzNiDkNlYa9UkYlXLZxpyUTPZxRec
qBaRVdeCeP09ve5pHg8cRXdn+AZikhWRnSeHQoCoi7XUQeiusPkMZJNRqDFy
IabJDf/8mGStPjSYzYSjvzzhAyvowjsWcIBbs2vojutpVej34kkLJyXKWFmp
YH0pTadm0zFzxFAdG4YfSiXJ8OA98T5+79dTowDpZkfyexWiTvCm+KosO/k2
PueYmbh/LbXABvbNgvnOUQcZuk7w9FfjXlRSrTSvGzxroCNWvlDEvjhCHX6e
GitUpdRHMyaWYhUjWI0f2/gsUy7YrjQ9K9SwisrnjVLVbtJcvgGPCint+U1b
uxpyUxELMw9S0JK+abWG0RIJ9MKjLN0TmXPFy3rjT7pXZypqF2j5N28F/Epe
Hu+81e6ZxelQgF7jQt6SRz/VHJFT3HE+6njy/VHH4Nwxg4iL5UbjJ3UDl3ke
CgD2B00py1PRy+kWWTX/7RfjQ2BqpEP4oxYpLuIZB992dY3DpxyDQ/vBt/MS
3WefWAUBDK1fqKK14BwEdqFvHIGQ7aakzL6kmZ2UNDeMVQlVnc0UgySBZ71c
ae1gcTayJ7SWAfmWP1z3hVdHvgQD/aE1ita5ayP5ulumn96eoHjpXMf0debB
sTVpg3Vr3KUrL4WbHzDgjwiGqdSDuvkus1qCihDYi1RtdcxPR4TZHXl9lRE/
ISRHgkIWEu6mZU9hZmJzejMDAogDJZEQAq246sdKm0Czu+hMLeAmHM6wUUvh
x78+zTTijG367CH/1ZX/zgdM5yj4iqtZ+WATh2tZ2T/Uv6L/XWC6kSjpmufk
gfhQ2UkKD06FhKGdIQugsexxawapZ//6nsKtGaTaefJcJP6gMfOzTeFExl+2
OXTWuUXXjcbvnzfVls1+95qSPuPCdnPl0z5/rilNPzt1WN3Zuof9xFfAEEl7
pYYH7ibai/ucYY9SATSS3mflXK5yxsf1ABMetBnmqJpV1Iv85HAqZa/Mxtc0
AfCZ9jvRZddIycQ6F9BadnmDGj9M623LgrtVPCVEwPBaxtnwhqfzifZ+UdrT
mxxG0AVCGoc/p4nPhANmpYIsnoMkUAJWRtWn0zaKnQLheeliohE1YWYS/sL9
RDoo2WmKdAYCXphOJdU1U+9t/br08ekT1/LKvkO1cN9DYkGbJl7QJ3AxJ36+
QFH+QgEfHfLyiXvr3ABu56J2jdaBB089CtPZoBGhsovHCRY1GYQk/jw4I8xe
WQRaOirGS31LMKntwUco6REGqEHw0GpPZEaq0li4vnY2Gez+8wrHS8Cg18NJ
wvpUNeEwUbO9htZATe7Mp5PRab4ZKSBMAvIR0sJ6qXFXqrjAXkRJydQrPfwZ
U9vH4/Fq/B3UVhfMh/m66z6KPsMMZHPnga46MJv7g67sSbHXoA9DkSIzYvGz
mI8FsJJ3JNltKtq215wKs9HeXEdUNdoI4Zu75HAk1kCxiXCqEZ8dHdraEWrj
Puuamr6lZ6XFhUnnm36rvZI44gzlwJvxc6AnpaN8PT8PqkpewAfZ9VWzZg/S
ICkS5yx5q6gEbjl1Iatcpi6TdWz2DYsU/TyClNeQhIArt7+YOXgTSgoQJYGF
VDI6zoRJmCHIzlsDZcmBxjA8knQecG+3bEYX6u8kZ6bpM+7wqfzS8hmZKzIY
2Mvlegd6nL81jFTstzkYe+UmnVvzAdbJLBdGNFYf/o5QIjKzT0PP2JeaZHXH
8/LEycApbw9UvfXkQD1W40Zi7tKH4pFQZiVl1ch7ozrlzsB7G7sm/Zt7IytO
w4aFyRwxtoUMpM5ulTfj2xsW3ioi+Hg4ZON0QH6ip7aq8Zocb2yTWchov2cZ
IImR545HxDcNChkuBAEdenD4GLHSd/MnU4cSg5ARc58mX2P4dma3YdRFUOxy
533GSDAKNtPUOH593C8ZBjgLiFFSWhx9Vq2ryOv+eMGQCYsrfCDkcWmK9ykh
hCgFaFCosCbMq+YlmN92Y6B38Ik8RqBBIRy2bz6KpmfrS25a8NMlTu433xnY
4FOGNfITPmXmgyMv7FQH3ZKG5K4cfXnzBr4AYo9BTYSrDo2l4+zMt+aGdtdi
FaJ5Gc9HP/qTLSA7KQ7gkmzgYzzdUD3R0lA4AyWSAzBqlhvjR+WufGOsjdWM
dXkOVbcujl64ld3fEuA+hkYviIivvt4sTp/ZefPiRHJ/c08gvE4L2o69rB6W
GlYuvBxkRgV1/QRry1vWbaugb1buGpSWm5Dqb9CNDfB0Rrvr2JJxAWJrrtP8
4T+JuUzlXUR2azObs0tjmn5GI0vB3nJPSTRRnP4T1Cttt/eCEO35/fzk2RPI
A0SsuWlkFG4V4riB1cOeCIhjSl7JB6/mvca/VWLhkO8QhQSOMXqrpirFPg0D
Sy4PeCOoAMdTbCXh+TWuvHEbNj+mV/x+F5VtyxR8NrBAFOq3JrN0SD8+GVX5
BE6SFERKyQJ7RvDXNBSo/ajDEO1gu0uP5FgYtlykVi1Z8c1JX0Lm5JvBPxvf
eXapz0MrCjNRldgV8PKiDdPDx7V4tabJ8TCEsevJpdqQ+0S76/AIMQIUvgVk
TFgVCrmqFS/5noQ3D8XKdQKy0Zsf3RsKZct82zGN6CHkFkH+AHOewdZxR4WP
EKeR/HgrvXAjim03LEnLAokL4sfaAIc261dHB66LSHP2OTjYg9MMfKq6qFrd
Hr0FiTW57rf3VjRJEE2lGtnI4VaAlTs2Orje5M2/3sgT/5mDdjc5+gC4I5L0
4y7G9ShKNjQM5i08G2SM4SeodRr7ARUMah8Xx7aI7fDynmjO4ai8zrK/Td75
TUPCHzMKuDH9c0IBANz/+zciCX625pI0Tap/kEeQjunvpRH88Zj/ZhbBvbP/
cBLBr08K/btGj/tA/6EUgrP9sWLof7ZiJLPdCRhWcifUyUmwvh87bVR1evwf
nEIg/LtWDIF9/smKwcPa/tM3F720Jnrlf2XD+PMVn39kwyAGVoKr3h1Lxmo5
vSvICvxJ3bQrtzycNlNA9ALeMFuSlKS51iIe3sf+bP0refssNjHgkVLh3FyB
Yjt1UKztUU30Q5tGms3fdLLQeI5uwFaciB3k34TXPlZBPbW2XI5nzZHWzr6p
J80LMgaKydTZTHkN6PQ6Eld0yO14bUqDOB5AII/8426Ng4zz+tE62uCEyjfj
XvfXJCwlWtYvrZc/ieH2BITp5cKAKRl0vPD5enFkAPF3I8EEg5wu4TGVeaNn
9fikmyJpHPEgwJVOR9d+6m/E5pBqNcaDLiTmSdn3by8X4xgDWqP5Du8iuJX4
RKqepS7GARo9t/DIr5vUahpaur6r6iAdDbdYx/5iw9hMVZ6B/zEbxh8/4zgB
YHI2J77u37rjrvTVb/GT6Av519lpcuYvG2qOY5rsKPP8PZkcX+IOU7xlw69e
DuHXI4v3QpIPgc1/cVY4uChV95b0SywYfqCwxLGN5kqPhu6WV6ETzqH8OsoW
4G4WII2s33m8XbJZKOjll3/WN9ZNgyLXKCN1fxszZP0xZohjZaoAnIh8fKlX
zBM7n0pE3drN9h0vbDxN0HCzpye/xijM3/2xWv51YsgkYvnGCnuxu9v6oIGP
Rd1ESyfDmLvqZ81C3NZ1cyQ30h4KU/+xv6/3zMOvxztDHje1fytND06yWe6D
fwzfHCArPVNEgZjA1K+FU1XQ8mRq+Sxsf6WHvQEpSDm4ZrLAgYUe5foYwMTH
e0QnZ2GUoQbojvPTvDJJ6jPiFImlYwtUg6EEB5Xtst6ejrcchMvpqZLf3l+v
Ry/OPxRvReDws0En4L8MYtD1ZJ5cN4epx4xRiDlJzoqCV7jhpVwX+hX7WBgu
6iNjH6fWvprTR4RrmqunZgK2OkHKFubSmikpAzpNRv8rFoy/4MV/kT3wAw//
bvLAD4D9q7kDf0aF/8lZrsI7Y8MnH8g1BKMmIM4uNQvUJn5WkpMgjreO8iYs
qcNBy+r3Irp6nI2TJBrEc+wIxYBR3L4Vs2H5Nw+TAoA8Hzw/HPT73R4cmn7n
/aqxBEUowycCTBrVN45Qm/q2wJ3TRWVEaT7djEM10xJ357cDUAhkl0mfcpPo
CjPGJXBhBNxj8BmUkFFNeDXzib+9YxVtzvm+/en5nXI6PKLFfPsJMQKbHA5Q
9hNaTOzTy1FtSrL6ahtkbCGWkuHd0chaNE11FiQ+cOZ3SgcN5PX91CKhzqkP
4MqLPz6t8MVDxFhJ5Ihisqm7t9q7rKaEFTJ5/dpq9Oj2YVzrSMlhNlo53RAz
kitWC0B9m5L3lfy3lgsucyqk9LamiEEbSqzcR3DG0uH5y1Cy4XGtWn0cUbhB
WdIBtP/gj5qrGDavWH82FOQhgsVMEloix8cuKXSImCvK6o17RevDdtRRwwek
zkjm04gWA0RdtuOOYu/7vPHbK2q1MyW4k3k9CkMhnXPQSKnnxuf8rX33+Tqj
0vsc84bYiliv/kcBcswiuHcqNS5ntXiissx1gQ3xNeA3hnWmnjQQ27bYqsKs
tsZEHLB1lPL0ym9IWOwpCTQ4MjFPUn4eMo8w6Qki99F5xJG3lJCFcdtvNN/f
8ROyMasQMvLLQ0Y8OpliBVUT5xRQIhXZiJ3W85EOCtR3zamIxOCDIpSkhfeh
rxvNTp8sePziX/judDuhAqneFKaKyoQHBt/HzIqCj6QKkVshKTbz7MiCyWi+
st0a/RyvdvKS40PTX06Wzhj8Dq95oWTeWvstWQHszeBLg7O4y+D3VDFocLQN
HiUrUygv1ssRB+ugmkGYyOhoZhsHR/RTXoq1fKq9WkyBvUJf4GCtYpA58ofv
rzqE2VM211+HDHNRh6257KQcC9WRgIjRGpdRkfpNtKO9twGB7FbeWOtSdk+9
l73JDyZyU/0Ug44z6rbqwuvJfOVZP48HhVyMOpzgJcjp1dFiz0EV0D8pWZJD
AvZkWH2WiXSLnfy74W+LmfJPLKJp70Eo+Tl9Wgh5kaslyJ7rm95os+5Fnge4
PcYuCVEavw7ZOYOtVU8BnekhiVCBzvD3iO13gT8zFNmcK/MFOsb3ZzStSJ2O
K6BbEE7P2tvdsa2dH+AIPsNkjfRVEiF8UpfR+HqBZXWp8yaLbiu37Zhs5HzI
NIbbh9EBDKUEL7upoC0k3/arQk5ufYMz4+nesuxvZHLl/i2SnFM9o+jEF8LG
P1jQD9EvI+Z7gMOl/XUKtRc4ypGwpeJXWLJDHeiBoP6syCrQNQmxDuRLxy+i
24dU47GJ7StvOGPp1IGVGIjmUJEgFn9EtLch3azzE73NbMBMDBu9HH2prq+v
rfbHf2VxBoZY8hJLmlLVyRKBxtHLsImT+ROjmIdu+r6O8UUPc8V8KZ+uZewT
GQFKKj8uEd7WIB5FzhdKWEdMSH5eA4/VeQcKBUZnriXGpTyhjHrcTNSRXDMv
2p3tPlARaame+js1r5qkyngDqTLMl8H7A3FA8iXKtIzibeQg+Pq+EqNTxecW
vBJ9eepu7i3W5bH2UhSavka4a03kfW6namzTt3pzJMCraPMzwV+Hlm7eSi+b
X5yD8r3+rSxXRgfnkwqUxxXZ3HycOCurUCddSx1qb5oW7fHzSKv/TbJcSzwp
kyRLUwKnsBIj4QImkwxDCxhGaLosbhjDkgIhMoZJsxLGsYRO6ZIs/ifaLv7M
GX7juPiVzPwrqQM/jOa/mTnwXyjc/1jewN+KXFP5Kg4Lylo7ZtFmLNUJvg6r
kPv/g/MG/peJ3HlT2J6zzIZTO7rR5uPmQqcwSq+jpR9MjHyifAaQZFY/Y7m3
I3u2OUt76cq5cv7eE9V+OnYxrVb7QrqR6kVa6YWV0ZQBEcHtUrC3Xg4gIKPF
EoFJ35maFz52k/VznqXBArE1qmOQKroVyqW+lgemZ/D3Jlcavcka+a7vchdi
xwOAIeVzKlOpO04pfNaHQj+Js8kfWfP6cNSrhUP8GyGTz17o8nyy/SDvtXjp
UvrCMe7RRkD48Af3ZW6hdCZI3s6kmDIm1PVpncd1IRjG2hr+M4x8Cl6YIJRN
aM7aHLLqVzTVfMEB2bweiUm8QyPK3/Bbes9jkUkk+vZFWGisvD5uXBiKMoez
vgcFTPrfWuRK6t+I3Odir2Zg8s/4a+EoQeB8UPceqUaN/x8SuTyaAREtVcm3
4kDhy1Ss1GLEXUD36oqal4qxX0x6fsdqhORr0iHI4HAUIcaC++hh+oabLzcA
+DC2X4F6mL0JN2DTs3tgaVaiRIy3VWo10wHEwzy1G/Qz5ywYKYjYVSkSH+sP
0+zRDqjffd+o6tqf3lSAlu8hDcx8rWrl6R1hXhzEHd1sspUwm9+Z/3p4eS57
cExfi+sKimgBkXSwL9+Wuf2KstI0dEpcvWfVvKPPOMStRe3QOXt5O0BNoIBJ
ZUCo2T/LxsfIA4pKBKBEE2Y+uqxAWrLXIBq0OdzSiwjNqHrDDRGoDGKS34sY
hdjvhjPjdL0ZXHDQ7ulLsDrgs4mBmm2PRdviy9z0/Ub/usj95ykDP6jwP5Ax
8Eep+68kDPwWHf7bYhdi/yux+/MUpWf/m3yBGc74e8Weqth4J6C+F7bwINWu
gpR/HBAyvIgaXYJ5bMgaBO1K0C1Y+FqfQxJjNGHGitBYgnwfqJW+nu0H8L2j
8O0L7orS90jMLItoAks8jcmtJeaXc/RWBtIH58KqcBGUjw8fD3txdWYPZp2s
EJBNlyfZr2M44WiYE0WD+7JkIY8uKLXo6YnjaJs86PJrDLoGM6eW4MqWPNyy
ldpX7wjAI9k0lX9lCSh65hhsaZuJoFVnzDOXohPJQm0JUHsZ3R2+wGfwkZC3
hJvr5zQ3V8trD9ifOxJk0QVOp4XRqBQ3b1HDpXO+uPF6x9lWo+kzeiVzTRzh
ksSO59gqgirsZKM5wWCAe75C/JEFf/Xgkv2xkQnrtKJ2KWWjD7e09KkJ9/WU
EEv8lBaReuSe0RU6CrjtkKl1SppFsQcrXdlkNlLxQG8f32MIH8vs0KgD++Xt
90IvPosXJt2g8hemFvb47Glg7ZogvuEH/mj05JLJ+vL7BbrsthePmHIH0X8V
G0ONJhwVLEwZgiR0ElX4MwSRaXl5QHEs0A0swrqDxXJoXA0yvKvY2ul9BAV5
FfI3CuhAx0wyqHOvlb7hV6oXB5+4gtAgnwUQistR2aT9pSKD6ApG8osn99dC
FKi4IiPPcIKZRq8sd1Kq0G2ZpYBtUXVxeraY2zwB+uK9JqQ10TDy9uVumLGy
1Z8I5kYyt98CauEV+54U7q/5AoJJeJ8nzlpOa0ejXW0S8B2DNr1VT27fAuud
S13c1JejfLPUiBglLAilT40SUc3wggbR/fb3VtHno3WwmDcmswCKzWeKa5Tc
m6c2WM6D3RCUJxvSYoZTRrrp8XyaiM/kAxWDxIw35zFPyYOeHhg4RgQFZNXm
JF+k7QvsW7tsSxJZj7jc2/l1yEFqzDp56EL5zOOPGcv+ZkfwsiVvTuAr0SeB
RZw59uQfJ2FNEjKNb1/KIv3lQUfqFtK8fc4Ztc+G9Tj4VBSzG3GS8zeLmkPo
Da3dBgjKKwxeKwLKuFqJZjB2JtO2S1flEVEti0bSd03SeTCtdozgmkt5qHPl
fGxyHh7PxWSAtNiP1BFb5Nd8geYhQlfBPYfrbIvEy42v3LmIC8Yh+ppzK4/m
wemal9mVffJ8b4QG4EsitqBcGzzBxWtMghdOwyYZhtLLPp5dau7ES+lpFNeV
vdKzcqxhu3ERMThbC6mEL3DotrO3Z2bWKyZN4QAnS8tn1xM95Gf1kMXJd3FN
q7PplvJkN9Xx+hJeV9Czv44YBZo91fvNqlv8QGfkTYkyj0lEevVEey9bx9Od
MErXyaSv4yL1j+RiYA++9n7D4CHTmA+Q26HkUxWfc4U5bh7HUh8u8L+xvenO
2TOpNy6WjxzWgFzWoKWiJxgN8lKYi8+7xVN54LFJOkm9HPI0pfx18UglnkTU
Xm6begW0fLr0QRyFgnx+HTL4KpOsFt8OZmXfXzwunf9jyM8T2hWL41XjbJ/7
tA9XUiZ9JTI6HJVWqU+7DbyOuron8jKj8GcihJV5lOwSAFeJUAnzFTQDNW5l
rjGsVzxHDB+ZS+2mVDNgi1eUMbPnKFd8MLDRWMTlDy3oHbbesA2EbKJBrvYU
Z1Y17eoo5Y9i1/U2kix1c3eZb37olcN1N7rwrPjVL3biqv5P3E28xa4qKlqr
vqP42UfdRKpD68Q0BTlUietnHSamLBT3iIrqfw+xy9AZzTA0SaAMQTMoU9A0
c48PYUosvTltkZcFnGQJQuQJBpNwfr9AJ0hB/08Wu/9SwsBNRf5/yBf429vD
vyQG/NVNgT+/8vfJAn9Lqv47uQK/Pkf874IF7kP8bqzAz2n774QKkH8KFaB+
J1SA/CVUIP/Z7v1LqED2O6ECys8tBxf+U6hA+i+GChRQTgKz4EAo7fy02Ms/
oQKOprNEd/08sTAnF/HgIdg9uWc1PT5P1/Ydr12njRRrLu4rJcM+gOTxj8Qm
HtA+Fa+EHzg3WWRpwIT3zGKaBxJM+nYnOW8eWLz0HSqmSgOfS44+MF8ShhCY
3a5TQWoqycJWXpo7bBoL6tqT3rEthuqpEXVWTHbInGFVsqRTbOKJ71KdD4nk
I6QIMBEZpqGmVUEviysnWfMVPVCvjyphCkgb5S2JTncV1mkafbMsXVB+5wY9
fI1mrpdEEQBQnRfMmMRltBqoiZ2X70me3yfFo4RQ3bxZo/05cUQN9kxBWjUz
QkW2EpJ80uwDUloU8LTHo4L6vaBIIUjkXBy+uKPlN32RnCRj4Otdf31EiZf9
+qQ6s+EF0S80fEw5mrd7rAPH07j8G97jcKan54osNLEvKaarWx7JEvmMpxC+
1d+TWiLsE2018YwC33nlfhRF2BOGgGFNjAo3+Zdv48+aGiIt7gm17TrGeFJa
/T70/YZj1/XC1DhdQYHJAmx5tzIyH309/RlAUnFhtBP+ZDp9WQ+vpJUX5z3h
T7qfuFba2DuYcFcMIXq8wt64tpec9pKcnonGRHiVAIaJaZP+NbcU8b3vz4UM
rJEOuZdjSda5/jX1C2jnnd7xeN6PkoiiqmqVRu5aRsC8HzaQyHG9CnXB0U1g
b7e2/DAI1/sk7VCsgSxn+PKf7XgLO/fpkx9TMGJqOeCjj3nkjY+GDHASzb9t
XDTeqZ01FF1yKzQLYV9inJZcmbVlTfIWV+cRuXKnsE/OjbZRKIOTfHseDo/A
mOZL3FTZzh/bJnAfyt3OgXWCmBZ2/fpKcl2gExpljEKwhGlQ6jFbW3Td6/Nz
Sx9PBFrWR1tzPobYIg7fEAcF9SRSZx1r0fONi8x07rxRr74lEZdgpsXp6czU
yySHoLRNqgK6TMoLRRgg/jU+LUVFQI3FjqdgwuTV+YRi5qg5eYhreM+keKtv
X+dZOWoK7X1YztdlgCRSOO4gOIs7kNDlqJfbJaif1HA4QwdbJSo0Mgb4ftaC
K2mt1IAbzQaY7sKvl1LBqA0wc1aH1INQsOcJbTN9+o469mDtNm7blQ0znyT7
Vd1tW3T8lb7wNfM3Ln52FfOROi/wgTMdAvK1c9OAPpfhkCAR+RQ6exeU8fPS
IKpsDC3syCPYg+3DxQdaiYQjlx/+mOGHs/LA9/GlzdrqET2OhICX19NfIMNU
Ct3KMOSJKobs6FRXQyPoOMmVlI02Zg7YuekTCUJEAAanV+sLv3Z95apLmcYC
O5ysZCNindBPWkxrTHhQpHTvZeTeO4tXyN5QQ88XW/UNlxpAA9IO9yQGuaFc
o69W+LE8WKYlClJ/Pakvh9Bju3mEZsEjyGzGmjfd/acnGXUNdhAFCn5n5BE8
aoTJnqyB4kt35XrwaVQ2fFLbVfRY8ZLbXB9nTC/ArdS2MX3KC4cx38oIFgCr
RxKrc3D2/LPN2DowsJrVmmEHId2DW5cuZ5AX1tAcePH1qZT64ECStOyFpsgf
CADSvzeOitEvAQLHH42jbvCPjKM/nwH+YhxtG/kjPLtSxv1D5SXjxVaVM1an
AdP1Y/N7As07G+SC5p3J4QuT3sLiwQJQ+Ziw5PCDIvUrunK0Nz5yyuRfGj++
cDhIalhwJi5hzlNIeR3f7I9Gam4iFv7Is2ecA+GpbEYbFJ/x2tCvwgl+5QSi
jeSxsnVI4FeX8eTrBFnCNjumBAfp7zyPgYnxPfHhahJwDN8qTjrGol7vOxih
vbwqSNu+NSSFcg99mqxS6y3cG2zpMAOThWaF1Xp8MpBImN4ZcEuMN76ZFazs
j+ZiyM/RivWB/FQ0u4rVsSoC7TPzVhM/hJaXRKEa+INcs+Z5ix8wDwH9DQd+
nryfC4MVaCE+jPT6xi4swiymZnZLko3yiSefiWr9Wlm1NsyvR3cSjahwHF8t
QFvgA6mHrs2D10czKoqauvDraOf+8eACHTNmgQReabNuKIoBA0WSVPU1SpuU
WkO8IgF0lDhtBamvM04nyUw83fIDVn5JZKNY6Yu66v4JlAgqfHwNx1enWbOD
Bd8WfT5eenvdgktV91fwVaXGaVt7E6Rcjh7yp9PCgUSNNKX5G17fzIq3gj4s
sKGoQxUUvlo1+NHtewI4V+xdYemzU3E5lTOf+Bccq7yJJMS3E9hO5n2R3abR
ejN3GxgyhRNsry4kMt+ov50E7Dln8c2yg9jFJY1GiB9yhq8HwX8bdA7rZ1rU
8bx7Dw7PBWj/MOdXmeK3z+/Xm1JQBAO8fEmZ11exMwaNJ+5ay4ZnkfUdHJ4g
BXICdbNFDuPjgOdXzFpqh1IQmEyr13FREkwJ0E7lwBRn3hBFgIKT6AQwXf7k
KJaNnipPuEdFTJ6g5fFm+qB68++We9Wg0CAdPlcSVAL9+n1VV2jZ38ewTWM9
mCQbC98X8+xATuwFI3riL+nwK5JiuFWTydqZ2VjfZYhOqqeCAh3o6Xrkp2Eq
BTwHg83HitWjKvH5K1+7SoDq2IF29v3I/HzYHwx20lLkRRlGnFQXvQFoMqwz
m/g+aRtlOc/PKUasA7Hv3cTnEf5S3oEs1ObSXMaKElnK3xwNQjWgvQWaQtlG
AcUA4UZVVtBOSerqPWWhDp/DN35iDB5T1Ve+LpSePV1LNMPJVyUVLja+tSre
xxoPdAEGIVCEsMuXJX+dMgk98TQDK/EQZTqaWm3WZ8o4SppUiWuk0XvWQNV4
ijwrRM5DfJUgYHg2smV23akpyTVH8PI/tj1bLakamomG+7sbWO/0W8aMspyi
vrZ2mYsmEsGWmAQXeMDoTpltlHVkv5s6K+RbfYYhUY19N5eGfxX311p762VG
nmcc5MaTKphBqq++tCH28DcKuKnnwN1SPgYGv1KvXWQcVZ4EqBc/iVmktNNm
DK4MdkbIzjQcmQUP0d8Kw81AniqoDegPOHVQ0DzZri2GJ+HlILbxVO/iqI3y
zzJCn4m9ujsoJlHryVfJSJhnUjA5EmAQLyZQbaq+HejYuVnr1okulPWnIdsR
J6PoeqVLZT+x/cpIOPgJfrWGv82TAe4Xo597fsEfA2VY+O8DZX7X+yOeSvgI
VmDIvt6P+cfB7w+fwpPro0K62Se+bzo7pcaQM9IttaMimjv93cJ9JySVOSs8
ikKDw+xAdaG9PRKSo42J9oVez3FxNlgbTsR5MHucoxuYduWYhLYLm9tbioin
vUXiJ9duBslfIBCLB631xUNzH7CD9cMhNs+OsIbQcF/W9VnU4nPGYo4Eqbc3
0CKh6Oq++rePYYRxT90WeCDrowg7blIj/mEoBy3e+JzwtIx0I3Gcy1B/ZgNX
t6vebdv9sX0IZT89mJfXMkbg74AkEALBXFUKT1vyglv1wO/BqXKoirF6Di9c
L7vXiUbavobNx1B2C4vp2SCD7WvJHbICFYbDH73z/f56b4I2yx7jBt0YceHX
ovSoWNPnttlW/TjyW/d8lUUcaU9WYnZP3/eq34D6BrEMegWbP04PccWdallZ
OofN5ZkTfbA9XnD4WLmHOBifmspntn9X1xb1Dzy6tg6FAE0DRdwc13fttql+
mahFvD5yL/DEm9EliNBaKzgcqqArs/B3CKuaq+JlCDeroYIDWQbUu/Bc3OiE
jxev5x62Gk5wbjg0zQ9uiqPhAd+6r+siyFcT5DNYHPh6TYbd6c9LIA53ByD0
+7ZsVMAoYVAOT4p4AonTXr8oSW7tij9khggeGW05dCITyzw54PszQ1rTE++w
sg5AFQoTT5MjgRFfF6/Zkx0/xapVM+VbQNTVZi9cYzP6F0If2tj7nyOWs3TE
R/kZuJSuAL1RqR+eTlRHOCXfDSKXtw77IHxKs4hk6fYY304YmjvCT9uv8xFu
YB7JOA8aG+thYQR4kLz2IRO+uLL7OflxwA/UxeVCz+VhEiMp/IJPUKw8uxn9
HuqV4tTH9+ekqLDTjjUABIeEqniwSTclDAdrVfz9kU78wMxBI9VX02dOHM3w
Fn8FPYFFaLrEB6SyuCqj+CEagDycH19VQu7JeLCZ1d63p7iqPzP74QqDdP+w
TumHEbKw4qJTZLZiJx44QlpGQmNfawIg82yykxriDTTrUu7uwsf4brGTBiy0
WJ/3G4eNh+8Q9i4OlSo+WQqXQQiK7g3a1GwfwAnWbwpCiJkw3JGJvvwTZ3S5
v3BLRhzz1Q5lN9m8FcQ3kDqU95BtNbo4g+x+rmbElQz87SUPLurEnxAB8y8h
AjJ//uXqBV+J/I+l0Wh/MgTGA/gtbf1N3IkNwSqfemlsODdrtY97pzcqHR6k
qbTfas6jjDxpHDQRGOlLTKfoFerpOB8kdMWrKb/ZwX9UjuUI3/NjBNOyEq2f
4RjVBRxqYhL8pYX2LU5TkQKbUqrj2Y6hRLX5cFdLCaO3dR1hHRnMx/tZ9TDa
RPFmz6t9C6OysAmlxe29blBSYx4X4B2PrOoxx3nM5Wun+KOSgwGH6mHj2KV5
PEW8YvuSzebuu2nc+0b1QxjZfLV121yjYQOqV9JOC6JhyhvEcOthwLi/log9
ZcX68DWc577WaYTftl3tS6DoV7DrEWiBLc18vfXcgIuI4FLspHnJenqqOOer
UGjLHU/+TUSHcmFc/bqLDJpOLw0pUeOVBeuwWMz2Jd3a2ViA7bLTqkKoWydC
fOGaN4IjOd41uQ7VKPm4i780qxmBYErHmjeRPLLB7gt18rky46p+AnGVvEjp
yZPCiQo5VFx5F/l81Yi3CC2eXwmiX8JBBgnayMHT+qk0kK0x1GkRp63dZxqo
4Jr1itQHVUyk8IfDuDqNS6W2n4rA8WS5R/ELGj9mVk1Y9GYlMPfeFK7MNB3i
eRKAAOQ/ohLKgulsjozzKlLB2qVbVvjUx5ehlou6mxZXFHoMljflGw7ElK7O
UPFAFiC/cIFjSWsLfipdTdxosH3g0/XKmXyvkTN1B9gulHNoau6cCzsmSZC4
4xace+XZRn+j0EICI7Vj5Dla4451wuNFCWX6DLxXeO/udAbams0jwS0k618e
/enKOHwm0dlJz1nCDuJKeiDBG7X+wJjcClnZvAzT76OA9bP9+c5U3xCR8UVJ
eqNltJ3khfqBNe58uk9xLykOO+geKCJ/vatYjUzbEsd6XSBazm79eu2KBgsC
3JkzS6oVfo7vNZOfYw+trj9PRaY6RxB7POC6M5NrtqR1eq0LhDgyIhyj6zDB
SDn5EjH3ZsG1U1R1IdXWp3TuMzgLM8dGdHPtXQYsH5FkXuPIBee4zLriu+1r
i8ClvjIOBxWDQo9Yv4whwpp7GSM+a31N+s0z5SQglrZBAFVM8/U4Y1TPcVkL
ooZenUnSS3xzFWGBN5VofI6i5xYRuQk58Hl3B6jl8aahQC5ZaeB9QayGEk6x
NzyOBy1YeGgUhUkpNPvy/umXCEyVSwWYJKPhw/EoX+hnbr3yhnWvDFOBss4+
dXDM1NKMW1SewpzjBaydVERQU3rsuHNcyMl/3fZ5NJJDQaWboPyX/m5fPeMh
FsANeQhZXX2e4MdKhRdLsVHyIN23XJl8YjXhiUnItX8HEUt3kt5CV2L29iPy
tT8TpEUCDIPO9ch9lAesQW9X3Q5QG1X8DdnSIPqyh6XW+Z1E6WSpJOREBkmc
/Bn2eMJQAw9DLvCUlHtUx0OKqu+ChTmvlhh/EA9hRYnIWsMXvwp8ULQvU1oO
+3oLR0KvXBehFAwu8k4B5BzuKfSRBcxEeVD4SZQliDjH0aO9V3txVRG5JR68
zXpp2E8y6HHR8CnaIfcEHWmzBzI/bzAc2+yGhO8KwQv+8XjQXqvHqlXTH0S3
6quaDsu4kEqE8xyF4R5L0yuPyU8zYi5AoC/n5fIdQsVM7xcrryX7uWVsA7/N
ojS/3MO088FvSJv2HoLLwu9srFORWM70EEJ2BDgo8NOjMm8KwE8xFWRP3UJu
HjEWDKjXI2zpUHWa4j5s5le2LJVOloD2u0Ia+/5RLxvwee/5MacBX1i0x7XE
Ho6k8gELnaPY4Gi5DlrcW6t+hyGQw/RNK5cJdm2TolmE/ITxAIGrQQjoMHL4
GRGM2Jx0TKvMvNj3zM7xxHSCSJuc/7e2RVWpIjaquB1gZfX3QwTE+VoEyWO7
d+YV1qco2D6KfbCR1Z/2Nqn7Y4YA8NsQgerH7//HSJ+fjfLfCRH42wwB4O+E
BG81qI6kptj8NBv6efUTIiAYajji4jc7RRrEkyZWW+g11NAzAILAhQdqxR8y
n4YbGCy2kjPR5X38JmNnNVMUEs13yrrXSlnNsUw934GLqGOe5FIBEh9gZa9w
PM+6Fgs0A72xCNKFWFZw53bHP2syJEIvIJzAZrvjeepye5b5SZNfxKEzAxVQ
gDNBd+reSCZtbfW6qxDpk0/yIOBVpkJbf/KmiifkMiiPoHo88tBcWix4PrSI
TmtuFgXgEXhD+VRK6NDjRW0I3MYkDOOIdiP5NwMyb0YqcnoAaeQgmMUd3xTK
R0zYNNBdsl3GA5Sj/dqx7YC5+u5RTE8+R/H92HLbNLDv0mZhQux9knzrXME0
9j59lU+vF/QWag0sDNYDhlo7iGWE2FdCRkEogxvRMUaba0j8np94qn137mj6
SZTHGjZNMprgfEFCE397kAhrJvAScIK2qhUm+A8/HawfyrnzrpZglZYlgBXv
VIrAEOoCxzRMVkmFf2mBXQjOdb0TG2MBE1TH0RU6Txk0M/n64VTrXlIRYAmt
bysS6yto40LNaFmKMbJ4qjhnycozlFj+MD6od0+kawrNd0XAGuvXXPSdRagM
it3wFVx7GNVFk8zR0ZXb+9xINrUjL8P6pWKbUNcoqUUgai/YgolHcP8ypvE8
zXGXmQY0psvBmUrlrscHLXPDxZEPMRA28ZaRCE80yua1r2m7EVC/lJ8HK+Ry
Pmlr1cw0iDSNf7zLky9TODaw4mH64Au+OnY9BxRNdLoVOMMI4n63YzUAZheT
v7gjPZ4dOfOmA4sEHXSmb36jne8v73gWovkhycISIFb3RDAMAyi/ddTz/ZI7
KgLocBF0Qy/fbr70ajEOeaDtxLtD0Ei/65kjF/6sE6HmJ2h+Kcy1l2JIN9GV
bzhKIw4PNKGGzcc79UDaHW2D23D9tFe0QONnPLSLwdg2PvqrotqnWLbH8BqN
Wk+792egZe07cgB68peXHIFTMtCs+mHyvLIJxdiANEqkY+ySYpTo8cIyR2O3
tiRDLhCRbxA/utL78NgJBMan7Nv7kDmUbZNSMcNHzaGvIinUhivpLdOh+FOK
iKwMq+tgXTrMLPEKiyVn/KsYBSAJhFYK5UX1JroYdpiWw2g/XnJoGAgB37rs
oz13RASR8zho8mm1XOR7X3iBea1tvQ4FqF31azbyRRbUKEQtmnKeH4IehcPC
576YtGkp5kWHwa/GcEG+Fndxwm9ESkg/8Iw3BLzbqznS9fsmnF7OsveFYAWG
us25lGvBge7Z9++r0LYzf6Cq0r10ajoO5rT7hw47W7wCJKnKsT4X4fLiOsaR
IiHE0Yo9oa9XVn024rpNJV09Yf7lqc7phcMG2qv9zDKQXYJ7BPnB928w/p7p
ZmfBmeTtpL/O/CzZBUu8Tv6GN1dQFvG1IC7DDab8iIpVWMGzCKwVcXJAqMsS
Sh3j4I0wl43XYRRk12x+cza0hKV5+WhdyiWRXvR3beHeVGS8q/zr8hqMGpIh
AwPMNE/TKoj93ViJ3nyuMsWFicln0azfWpmvnu8mVamp5+wbYwHToqqOV1I3
e3qNrwBgyfHBdh0q0MLgNWZRhbgaQ3GKGY+vprNFaGPRikTOYj2tGOPQWH1y
yXTJVy3FpRtcwMN+h7VFYJNQ99/ugNOt09M+Yhl+f4DdVR1Fd/EnZPYzpKQ2
RvMBYulXcmJnhQ9bUQMauDNQR1XJrL9HLH6Zcge/fprBZOkb1e/CyhE8IgmB
8fpzMqFrCZ+nPNpzXD1ZUulZoBqr6zieiXx8mQEayez6r9H4b8EY+DMac6VU
K7szgQzaCQ2+orS6a7d4bD6+ydO3/GIVrvIX4WZ/cuX41ZGUUiH7wMA4t7S3
b5l0gPrr24G0KPIass9hQS4jLN0AO7J/9ZSs3wkQEH919v9BzFGCQJjfeBh+
+jTYz1aPy4+34f/9v/7YNFL8uuH/nSW/9K4Wfyj+xT3868EEv8YZ/MFgzcfz
n+3210iCf3Zsdxy3v7Fn/OV7/CvujF9bU3777nq/vX5+7c7d/vXT8Hs9JFny
//zymX9o5vgS8J8H+s8MHdz28wDJ1/vPhg6FYFySkD4v2ZKU8cxgC2texbqE
FytxlbnEIXu8vF8dEsDvWSR+zyFheez1J4eEIVl1GnJr/ORM4I9ODykWVMTy
REIVrT4b3Cl+920UulOK4pUTBnAiM2cSuoTJs6HgqYfpqfdO1S9gXj5sSWMk
XOrx84LZisj997I8B361XPzP7CbA3/hNEFMw/+Q3Wf/ObiLeCNz6iOl1lYMG
Zy73byB5WfX9jz1tOC4P3THFtClXukNv/3zCBNXhxcqPmVOFli6EaFRo6vkK
1NiJQcDVRcx3zwksLNT7agKnW7wpsr8O0YW9X59I6B/sj2Pg53rVL04BmmNL
WrxP6M+DA6NDcX7Z2Oa4u0TIn6YPUVLS9s5wPJcjPbf6OJ8EPxGT9WX23PqM
tThWYrWlf42A016HB081tYQFjGJfTE6Mhxmah6OidgkmU5fL6FthVIF8iEj6
wapbuasKcaDb+QS/EqAd8Pj5ZtrJnqHo4P9KB/w/W4PPX3vs9OL8+6a732t5
/zcW1c8K/WU1/mEojr9apP/lcvvvdcfz+C/30rn7d9LR4OB4VVTZjaaZryvs
91ymk47APGq79M9zIHlHKOhSzduFb56Sm03/bl/iH7v//mGfH/vkVfVf7vb7
8zn4TavfPzvJ/C9ddD/9ePcP9I+L6V967QBALf+QDH8ofg2WyfqmGO7xDv39
gy2fdfv1G7lP9l+v27/pt/xTb98fuwDvXd31+T7aPX/u/9ynq7mBfnkXefPz
QZ79q9L+l5KeDOcfinufxa8evr+u///5An+fnP9Imef3nzKf/OU5wS7OeMTI
VlEtEWDBRQ4Wc7Fqfj7t37o31v+1vr3TFMQTMD3/ND0TsQT3H/r2/oRK/7Jv
7x+h0u+BEvBfo9L454XNniJbq5JcZs3jxlEIsip8TFYEeMq+XHbP2kLEbC6H
Nu/op3M821LgyD/i5p/saJLJmj/l/a8sacDveNL4P9nJfuMm47j2r91kCakH
ZTr6wBt0Ns4SlcmSeYInltb4i53sX3GTAX9jJzP+kpkSwF/YFq8q6l29+ZrZ
tTVN973BLH27yYZMWTMJCAEgA9013CjXq4eXVqwFowHbDpdAL88cNgOcM7ZD
m22OeUst4kLuer9vQ469iK0TXFYCSmhnGEPM1tjLPmo6aPOFEXkyON2EQ59J
xutbPH7BIc2QdA3O/lZ+hyrb0yDXF3VhbyDgOxgTJBFzNvxg3v3OnB9zLTBs
eK+cHI4VFMa7iWpuBDf6Bn+71ZkdgflEb8oczUIBZmfF7I0Sk/HREvj3fO0n
ji6fgfQM/yxIXGDwHx0JzdDRGgx5j0LV5cUdENhDzpSvAVwiFAGGayeuHggh
9CmyVOC+dhZtPjti+AggeSHB+qma8QWD3T/H0j/wydKP65+DvX5bAVcA+PXd
f4NP//ED3ucHG34/6iv7ZZPfS/v6y1j+zcCvX3f5H878+nU0v19jf3nnP5L8
xXM/xTX9C4d+IHgZ8J67sZJQsMx1/H/tfVuTo0iy5ju/Im325eyqexAgJJh9
We4ggbgLoT1rNtxv4g5C6Pz5DZSZVVld2XOqpvvs7jHbhzarVkKEu4eHX+LD
Pdz6nBo4es3/E8bQ1PZnY2hHofV323/UUX72BfIh8QYCzPp4eVDt1yBUSSlF
VqGElXqsFCXLNY6uujIqNQq7FofFURfPpjZTB88kiWyoN8KkSMLw2/Jd6Mfq
d4n3+l1XoT2aF45pUN5vwZp+QP9MDe/HPlXQbxtVXaRzruJT6ADGmF3txVO2
uu8fSsoS3xndxUJDi4n+zEJ/cSxrMNFJ0B0/nLe8LjXWctP5TUBh20TjyoS2
9Ip+JExXCPrBOSNOUlj5RuHUVl6tA/4sd7uLjrK6XaPZebaoESdoY+sPAaP/
0NXY3+zsf9Ca6W0j/2x3pjer86MNmj7u3z8/MJdvt7u82yByfF5xDSbNc4Qx
ebfZl+pROrnpRVM2CnlEJNH9vx2YfxXDdxH6lxX7kf4Tb8v2B1tQvBtc6UNJ
DwiyTUVSOMZrPD+7ZkMGno3uQ1T1C0VLMlaFb3F26g1fyVZsCjzXRAEI/TmG
FV+Lb8QDy79VTAER/gpk+N8XkvoXijN/RVDitSyr85pflrqh96HfsgCDZ4gN
Qjzren5Pp/6sXhnMcflmLvK+uIX4saZvKx9RFcrakR6TYl53yo63lP3/buGj
W/AT4BYYvIZAHGlJShaGlu1aAezMJdeeJyK9lIjuSw/0fkYTnr2v640YKpLo
KcBIfzxQhdhJjxR6moTkI/pY6ICChfQP1xBz/GctIaA/4lMWlwL9AZ/CMsCl
QB99SmKWySpTE3NmFPacUNiIeXzfr/d+8alP+d2o/6NPefT9Drcf/EixWhxu
Uj2s8XymdEy4FfN8kyA6pIXKGfZIZCHOqHiSkmZIJ25umqCFZB9MzqpvQzIW
Vs0NU0DOsHocqJ/0Kf9+J4Q3+/RPNEP46ll+pB/Cb4zAn+lbxqdvkUR8R6Ai
XA9dKs8kO9wew46M4/7WBKdzEtpA6UP7Zur94f8J3/Iuie/cy/e1nq+S/g8o
9/wkOXhWcv421vj44/d1n5+o0JfSz8+PpP7Ja6VfJ/q0APRNqH+gBvTwSF5r
QJnG/a4GlKkDLkladnkuXrKS2yc1oNS41IDKxVsNKIP9YA3oZGIG1FhIWczL
NUvmLgEv98KhoMt1FWTkSYzbu2o5M3wtDrMe8bg/9TxMJpeutecSOQzihYe8
TWfuJc0OhvLRnqpUKGOHLFcyl+24kuyM0pZ0n70Mm0JnBTxiix0VpjNb0dh4
YQXEgTYBFdmn8155CHE1DY8Ztx705cHVeFWdzrsNdV1prENOYePfUEvqMnld
omRMW6udeDJJHrrAJH6uC3Py/W1ZMm4kZFpzBBl9ZEejvXl0KVys9vuWHdtj
b2+3EraexDXDlwXmeR19gjC54CImP/BFlTwU9dJmh8tIsGjK2Xkv6CQl90a1
01ap5Bx5KclvbRIwisUTsXxAGJiAbq7ArkS1qSoUq+ToGm18uG14944X+7Wv
HpBLjZhNYus7etwmYMfYQTSrSbZjcsMMxhMUTTsSIS7uekxmt5YcyloXUaAp
a4sf7lSFkHvtXG9y2qWukz3cdwL4B1skF8aH16Ff3KCNvNKoaH/YFCfW4Fh9
G6TwFk6vrU3cxej4CL2Ec1x5y98dNhMjnzLv0u3yaAs53BknsoRCGeHP/UAa
pLDb5Gq/dhSFL0NyqGc1ZdftVriSQK3Vrr4yJxNmDh6zZsagX+pguusehsJR
LwZ4PwWcfItGNdmuR3T0hIPdiiWfhthqW5fFajrStbtas7hS0hf4XnUnThbK
R0NuoHYdw2J80axtfy9cWhg1NLIpuO3gR1YeBcwahRPgSgmrcBxP6Y1y5TlF
Ep8iZqNcSTD0EJjTSLVpDxJP677j2wAb5lMDl7Jrq2t9nJaMfntMH9PhEuPH
1WCs2YsQJBPRXZpoT0GzdT/xQf4432ozvdfJzuhqgzwGG37ap460oVV0g6gi
z2X6JTIK4vaQCEfiz1W1HTYo3EI5Up52tLdBH3eNE2oXK1X/MOXGtmOb7WEq
y7hI0mZSNBtrNRSmzBPhWMiKFCRXDHCqhEimNFUr05Xr6OzWhocW+EW5TpV/
OM6K4ec2Dc/iNIHtfrh9f1/wIXnGqdV7fUdj/1h9h6o8zko/RDDhLc0V7KsE
Xi6Ts7dq0X1qyTenz3HzIIcKSBStAh/prZiqPXtwgbawCRxQdGvz9zkwVAHa
R/sxmiSj2Kd9HJ732coyjaHS1baZTwpZG3Z4D3xhZCSSiDlfLk9ztzvwhDCG
VsKsfCjy5Lzaim7hNLfd1QlvPS8QNDdv922GwYNGasnx1jBucjopu/m+Nc+E
TnWBbOrF3bf6G0RF6+yIECJBOuRdFbnH5oK2ojv7u3jdaGJXNpbAbNtyuNVI
cjT6g8WvJzfScXOGSRuLoVrZ+lLQqTeRLXovqDcrvFo/otlkOcslnE2pIof1
yMDDurZUM3AFOjLSU7dmda+5CBYMcTkuN0l+Vse6p2oLkw6VMh0wZq1eiJp+
BLfEbCLKg0+wah3Y5uKj6Nxue84TKa22Wx8KDsa+BFJm8DKUe6xajxpyu15G
txfHHXcb1nZa9WTjF9c9mzGJstqYfHKwDD/cngfCjyFBLJyqbG6bRpd3ef6g
sKjRUFacGULZe+ztGjnu7oINsMQNxeN0j69yTRQWikThA0GDEhr504HMroqD
gfWcM2Pmz7yWnPrxmMEiX2X5mU/uD6oKtF3MayDb6NV6G3oZl+/zqDzE0B4D
JjFkt+uEz1I4OpOn1SBcN/MOzoc7Y1AwvimzYdMzMyYz69XqyjUkNfCT4Hbs
RKA4NAo5uvN2JYdu20QIhXP4sEh7T/Cx3Uu1oXUCRuibMjWRdWN53XEMHFXI
i3i4ZIe97M1QFytGjInuXZXgXTY28R1kDfAG5lU2yz3xQcVmqMcoXe+CXvMe
qKgXB3hdzepqGLaESUKNzeRcfNrK2Yyig1clcH6+a7xPswdY2xJKVSYGwWBa
4Kbanqnhw3pvoDDBE83pxLUh/uywqH1yjauy7M75vRpXuf7gNa5pTSbrQZ9d
67ZU40oCBdz+BjObI1P36eWMZUV5QEpV2jcmSqXE+QaRGxPGjxQBEorBO54b
ucvdDmNmQyYx2yxxfLwJ1MAxBsz5V/VIPqIabdbJAd1rps92WwhG6vpW7+z6
cjRqg74QjR0lJ2ffT0cnb2+P04jvJaNs2DV+zk/sQfT5NjtT7ZCT8IS1a0hv
4QZWSLuTHZbE0lk+hlLTOB16MNBsIEvKtA6ceCbD9hxYqrA+NKhQdrFwHCJB
XqM51J4OF+8yuxKRFOY9Pckm+XgkMaLOFVU8XL2v65VwSEPKQeI9x0QlNWsB
Jq+iiDIm2HShFglx/TTdD7HbSHt0yjLvFkbG6eg72XTaWdkK2JRBu8PpCUWP
R3lS0lu1D0TPNBHNUzPIzOs7v0e4vSNw/VqfgnBSiOyI1aextXDRhqNQSe6k
JR+tjEMSVOBanJRgY6IHRibYFFIfh8r2N5qNXAhkJWblCTtogB8sCMfU9Whj
A0ItKlWqYDXh4lna7jEGOQ4UB2ePC+KikBrurivB2se5ljykeZ3mbewrAzHa
JEt6Woee86Pq1AfDrHMvQrY3wpfvq5CvtoZy520TSkBcwl22HNvM3T5uBK3c
llpyOZjn4VaJIx/45mocCmM8UUM7rndgxKYQaGkvH0+SIdoQnsgU41s5aWkB
FURbQ64912QTdeQPa/eihNMj7Slp7SrNLPY2d2l0fMgdk3a33NG/8dBupacl
W8XbI0bnq9vdHgRzs25OvcsIfqmyO1vB9ca+S8mpaLQuNupCvfRwnJG9szrP
WyjSUbrzK2wgGdSietVwH7w/0tNoMS3vwN1ZNLdZHO+bOxpRCcYyrWdT+7wZ
zBM8P/INdLtn5ytLY8AsBM0xxPfRjq1Fc+Pdx3xnymLYHGtb7Fet3gvbmVVw
mhvPjnCvYZnshTSCznpnV8VlU26SNdLHiaXG7HHszne41tZzuaJxECdVsu3c
1oN7aUrmlF0xnAglTtA0U3EhSjmna3yQND50zT3myP06uM/4edOfL1d8Qrba
I/JJk8eHumkN28c11opPHerrtjJZfgORJB+oerwNEkI8z9aK8DftoSGdOWfo
+3d3vwkoLQkPRXo9ZF9uYv3wSfZyEyvtKXwyfV5ElRzTWGW58GF2SxEVv+ZU
hmshPouQJsoCk1TN81HP5ck/YoVKXF0FFdvIvNTcYb/Zm/z1hBSOg92neMS9
y6ETOJeOBQUKiS6qjCxXbGkSvv083Vb0TcRSy/13HBUkdE8JBBU8qPyjfYQY
w77/e6cnSaD/Npeih8Sk+wdDQz3L0N0n3687IL7+vVzpyAetxClxSNoMBHIl
hGZBGjRyvenR7oopSedgEGIqYvtzuqJqxeymgmUO8+AMK+Uonel17qL6RWSB
tEaIr3atOK23Cjuk1aHKvAfPKHT/268HVTGZlpuHUkqUKJ+ib5SoPL8ihL77
pl8w+c1jDMRTd8STcStUhHTrzeAh6fBnXxFCRKW6ktNV+9OZGzsS3x3wgDlh
+R0POGbP5t6liOcNX/3QV4SsV3m/B1cuf/sJsPL5uFg3TdR9DlWGlfcZTvlO
wk+ilCF47U/GKBdKPjspWKb6k/BJ6olPOl9vJnIu0io9DRXR6JdbRpVaSZ8f
Tlz9p8QnNz97EG0rtPR+EC0bAj+6Jg02ET1dztJvP9ub0RRLgRX0Dqy73Wkj
Mx7lqur0TAxNx220a8L3ahYvLZhale6AWW0fyzHx8SQaz284OCqnKEihg+fx
rkTpOkihJhaY0PfDZyrhJpBqvaKHBsfxOWUnxr5wHTzVxePgOcgVAmnPxnWQ
yRdsEO89j3qvNDVNTOJKz27vui1Skw5sz/Nv2utHgzoY3AfkrJ/LGALD5NC0
IVEbn/b8dON7u4ggJqFn1f70kMNrTsVPKkyFE1jKSWiQ0DYnckxNH8KZNbfW
o2LtyoVcjspgfRWUrrONCoK9bHicBdfO71V9OMlS4Mj4vYo6cpcNOHQ63Dkg
jx0VUQ251VSNG2EYzc9VumkpawMcorOeuvZuAy0hHAcOzYT5gTPkDzv5H6CS
z437s5jk07j8KCL5db/++Xjk8UIIWlzqKUopzWo8Sv1F8R+32VKvw3TjBgQb
+7yyPWdz/L97ZvxVCN8dF7+t049gkc/F+oNI5KtZ/SM45BvB/6dRyKcI/zQM
8pk5Rl/79bNFfzi21W1sZk9FkyK/SuF03D2a/4yfd/9HmX5nA0w/CH08CYUo
p7BJWSCYm2eICWtyLhnuUJfgjpdImTJfG5PidFBpFESKKEt1H0NPRic4SMyp
QKHrj30J9hwQ1CLhD3dy0LT1vd9Y3Ab0R/zG4jagf85vgK0C/MZrr/qn3zBD
bI3ZdLTydgIj3JhwoNVKdYZZa9jf9xuL24D+gd/Yxjugovfzo6lcsA5lJ40x
bB51M4ZhFVidnW0WIUQK/Oo0pIK5IkG2IFo0k64vwihKNsklVZyEpozYBubY
hbwbbgT1437j30cen9bon8Ad373Hj6CO32z6Px9zFO6XgZB3V3dDqFy7SXq4
L/XNFLGpcVSuriigiDlkNy1+YD/oP742mP0zPcdPYI2LdP8DkMbvAvwncvht
9PD1p+8xxu+U5Q8jjPXYfY8wLtN8ii8+xfhH0MXhHV2sNt+jiyXBJUnTLc9d
lpxiJD5DF5czSjl4RxeRH0QXL8dWhCwKpbT7eukwe17QxfawEnmR34Y83k5X
R9kqBnOeEOR06AKXjuMtnskUrc3CzeGO1UmBLAtYI7n1hXLrhmgkV4N2ue3r
U4SbMbpinU2L0RfSO4xcWEU0XRAlu9/CcousJv7u4gXkeLRoUVv5WF7hY6Fg
Dw+Ou43nH3i9GrfsJbmwgn9JUbpPGKVUSSsSk8scNX2KOdrmokKey95Mdi1n
3CPqWO2q0knuemlwlPMbzFZwyN8HVcXqbo2sLcuudaaNxL1at1i6H0xpBVLt
dXYutskQI7Ch5tu9McAY1T7gUlakdLxLCYwfkOnuktTEW5t6jq9ec9zXDyEh
20nIIM05DdyM6ezxRvWYz8bZUW+peK9y4g19YIZX7Xp3fGA3bs1XWkwRSO34
3uM6hzm91mAaUvVVvz3Jfk/VfXVpyfyGXk4dw3osdYWTXc3uYpdoS4/ZqmiL
wxfsMPaxMqw6kqvQG4FAInrLk665V6x0zt1RvoRddeTg/moMrReqggE7OoYT
hrCa7dKwfRGYoKrIKzJWBdnrJehig6AAZP63wJl5uDB2+gk7naJ70u6V87ZA
bg/zbNR7eKioFQI7mjMjJbOPrrmgJm5rnqDhPpzoLaKXAXrWNgS/m2YP5Loh
ZZOPOEIQeAAafTjsHbrhkKs0UlwhDJK2rR/unuZzEZIQZKApIs5yqxqTlblR
b2aSD71xgleFyWXOhl81E0cYo+XG9rhrV9y0lt1QTgoRV2cO6qu1v0VtvjFg
DmHJ6O486rTjfSm0GR8M1J/HoBupVjumDuz51vqRBc6IV7d4pVVZPUHo6X5L
p1oY8PyyuhaegV8Ar0LjK0m72XH2LDDJ4bbCBSrY3+07SBJa2aeYPaykcuxq
NBTtu/ODiHEmS0pkushZ7zJtNQZEIDDn/NgeC/vaDo86VIj7bZMEiQU/JPle
7q2LhrabCnKpzUzrdxyuUAENL8yqibGCiv1z0KyXrd18D1Uw5RNI1J8+CEqS
w/EfdQ790Dj0PtaZZ15Yv1qgCnFFJck+gQoUbBx3UNcrBB/l9hxmx7TD9TWI
coJODOv1ZGwFnErkcpJWlputNIK72Dkr7TfWHvM30PZ+262wxiICn+PjrXYO
YpOAeyZWdrx3wsxGphj54tP7E46qBw5YnoSSL6o8Sg+8FE42NDgSmiJ3nNgd
IumGC4Ym3ceSjXwLE8qiaEi9znA8za2k2hL11UxYb88TNT5VscqmhQnVCLL2
sDupTsXePCLUOS7pOMewQ2URbLDxrZi6zIiJ18iDGTyurYIBtTt/o0UqJsci
DXEd3d9cQuQ27K5NtxoeD2dRF6k77GOpbxO5riGDsT6Saro2MzmD4chnIuHs
6EZ4ymUcWp30Lr3qPB5uDg/yct+RNYNtkx2D0ndGr8uxg3nSshD0qD20xuME
od5ec3pbzpRYuRMJdczdN+/0zR+44Zrsq/vdR1xc34xFMuePw3aDIfTUoqvs
KK9vQkDWaIBzsq2BvSZEMn2BhrNzC8/ozlPFfOy1mL1cd2sGf4iZ2yO8vbWK
iqTqIdigGx0LUcmwrMCtqrxHTmaGmB208Y2ZJh4gMi1Dvasy2lmtdtG+xEqY
U+21O6+r2raQLVkSh+O+K82+UW4Hc9vMmSsaGwmib5RUGFJ+Cwf9tg/1/cqe
u5Uo4qHHbZP66iAksvNR/5zDG6S8nd1i724d4r4uSsRwUxHS95cmda63I9C7
Q73Z2lWxIfQAxvf4IK22Nmud+Q6GT9jmFjQ6Wgxgi1CHK9LRIr4hoxhiekG3
hLolzqKWFn2UcpxilOqejQ7WqTjciTtInCYfI/GZZ6R7zKNHMWLls7baz86q
AhZpRuOKZq+zlWn8zj3PQqblGpUcCNkkBJtbXVq0c9pOOC4X7SjwJ/0clWlB
GOV3vH/+Ubw/3sM95kIx7icL3l+5y5dF2eboudrm2lDDeB64NXppkyvpyfzU
5yQNd1lB11sVuRjwte/m/UbbQyfBnbfHmdZyYbtLrvuT4mYSJibRKt9u+fPh
zMKUlyknFkUuZdyJJIab183FPpjk0Fh7GdLZCYvyhuXYdm/z+8senv2kMahD
fczTgMPoHb9bOYpEaN1urSC8P+3mwWaoXI0RopccqOlsYNQJlQzlTEgyZ845
XFSAN+EyH5cUo2nx+0ZHiYbuLKI7uUmtm+Z8KmJxsHcym0F0uSUMkO1w110u
tXLYDShYPJHB4CuzuZ/1hD+eI13Ft57REO64OTW1MXXeSbZVbNgXK6iJkQcf
l3aUwfsh46/MdozX2g1sRjzdFtSlDoBDku+CxPLiLrbCbfjQdq3F+ra+GrkC
g9o+KQYLbYL6VN0tr7rppcVwF4W8LG3u4cdOKMrVg8CugsyyNlkfZ8Ps7mJn
0NItETcThHmCiNy2ReyqzjQBzUh1FcRf/PwQTsbh3Gs7qr/Kq2ozZASGWPfW
tC9ntJ1JuZE2Vt5AOAUfZeVQY2NbivzVkqvKtdvlEJ4g+KNLWLB8rsRmfbCK
8cyX4WE/NAg8h22KEDld7KAqlgOdD2PEgPG6mHsfBAaeMubXNLrOpbWUWhEj
zhBBJKm70TkTRwmnYYleuRVK3x4XiJTPtZl58CTm1rizD1tkXe8ctSVby42Q
DLmvxL7ceyqzTRtPT7c+hp0cthP3/nUXwBtgkW462VKPtmillHcU43w8rDA0
509Ucu5YwkZ00UGzBu93DnweSoSKki4VkMrUk330cK+QWnHwgGqsM2qRQ24K
Yz3ekPjYp9vmKs8XN4Zpr01B2i/2Hpw1LLG9ZSfg35I9QZknmYci2T5gossr
6X6lyNzjso9j90Kple/W81E7ButbsAsbv1hdlOrq4z7LBwrTlLtV7Kh5z0BV
fzzKZNXq16MoMnvjIIx3Fe/GPB58TdkZmCBbZAiPeES6Lh6c10bGyve65OP4
mqNuCo1GPZ9XhPPgzIEkJPhQUp3nHM7VXdUQnnO8fDgyXSUw0YM9qNidEy09
5ZgmWT126qbMISU/bhVJpL61NEKS+BKXeMSUeBP4r/i+JeNSrclSAfSptZFR
+oHcnJV7KRZjMyb6xgUBVV5EOHZkbwxvrIPMFi+7LoJiEp60O24lJ6x9CGls
bHwN7cImUwcypcTTAQ9KmzJ2qymn9hmIzmz9ruXU+ZvrGBlDvzPpRqIEnXJ1
eqQE7vNGWHsM7Eed3+Fd70oesUfXHLQNcA+TVsU/KwdoEcSncuCnHWEXBHCv
4yKHFZBDFq5zw8f2M6fgcdh4kW6sIJeLlGrl4gfv1lxPLC4Oia67ZJo2ja+3
wsaLdwd3pVjb+9hv6yOnR3uKw6cvcviC8f6wHLiETXu+GcV06IbdA3pQ3qRs
72dlQJ3P0MOHWYtNIEXdCUWYG6PmVIRfTmmPKgTHMDgLFcXjiirX4YfQQzMK
xtcK87rqs/Dtbp3+tb0ISLl/k9M/i7vDOhjLpZy8T+vxGr740XIy8HwbPBXU
ZdPVZbYc3HjPgvF+mSP6BTwXeK8V4tHvNSBoRv+a9enbq+DBLorrLnqp6uHt
FZCnU9X8MRd/mdIsSMEw2fvZ9EsYVTMY53l6klU375qF3071RnlWBdcxfFLU
v7ELmFyu9lneXk5LXiTqSH0nnOePC64K6Eqf1w3VQCrPo5RvJPQcgX0X129H
+df/+WLwzAsXZkPd/e2luUYeoKKLyvr2VkYPWH5y6L9K4SmdN6b/19t5zZfF
WE70x64D/7zOLxEYcxHigox2RVhP1V9fXpSsAgRGz+mAEKAg9arlgH+p3Adr
2I/JcuIEXrtl3ksZdclCTDtGS7cAb4DSYWj6v8Fwkg1Xz/8rWGc4LBL44ylU
/wIm8Of3rgNAKkCykPeszwcEaK8chlm3nCZ51+sTBXpiENVyulQujHjd/Pbi
G78vEmfx0GtHmmXYRd7L8vzt5e994/Xl/8iiIf5r3SVvYPS7QETwTN3Ny49A
z0e/H8AsGRAt88Z3DNT05fUobRni13/9b7+ud8+l/PY3AoJeXn59oYDKzV/F
9xIAbqqx+SC38FnlC4R2y6Lp5+bdfjLv7nVepu6e8vqy0ukbY8sfjWj5d/R+
bLdo4HJq9dw+fu2/zvXrGv85avBPqNm+SSEMAaf1OPjPdhBgf4I9WgXLQGBu
L+jqai77F41TfnlhDPn1wE5lTG1pE+FVRf9iDtHkdcML3XnLDnkOGgRgY4C1
vwIJl3UIVAJM8js8/Rwrm09YwZ8fPZhTNgC78XzJFCkcTAUeBf9Cln2jUMxL
kEZB0Y/lYhQWYv4LeOT1KLT/5UnWs81F3byeMx6iGewo8CjgJurBVqiAugaq
+defIxj7hODNk2C1A8YDqNuTAvjZIaN7YY9Pi1tXQHz9svf6oG6ivy7PayPY
VB8bh/yDrhzPlh31Fy6BGR0iL3x+ZRFd4/cBumdPEOq3bV5+hj30E/awJ3vv
eg60CWgA2EdgchNeQMaXz1HGJ5Ovc7385SPo+aUhyF+Wyf7yO91C/vJ8H+jz
R8BUq4HFyV5Rz8VAfSMy79mrJPz1+34l/ZexgB3yquzxdiReffsDsBpjlQ3v
g/8BMSKfiBGFoC8b9Jt1/2adF731gdsC69h/ff4fCvpDPdKTpTe0J/qKPi+u
85d3ZPb12r7FMCzxwBPmbbzOKyMgyldBcVU/Pr060K6nLa3G0gd/fPGWX6PE
W/h/exIow9M12wve85Wmp6cusyorx/LXa1QlgCNasl5My5COws+Kc/2JOJEP
4mTG7ha99p559XTfyvRflt5HDPXLm5B++SKl//pDZAA3+rtmd/2kwhFevLB+
lfW/gMdflhjhbYxXhV5efY0kfm7OD/bxCxnPKYEFf/Gvtf+2KPUE3G09dkG0
LMjff3mGZH9/w0v+/lNTYt9P+Wrg2KgPugyEIuGiKsvi9gPw/0vk9vXex+VB
EH9E1w8UPu3vAsYsuM1TM86K/FM0od/T9GqVKGAPXnf+cg/0IobIA14j9ZYY
bQLvLDRWCzj2QSH+Boz/gjZ1wLu9xjhV8sv7bx/2zauivIU5z/ATUAGC1CD9
Mf19JxX5nvpXY/Abr/VcyjC6Ahkvd2wCZ/sRKHsDyRZgrEk7EKn1P0XE+nsi
XrfQa5wZPk3e84rHL6wu2cDSg+qDuwH/+6tmmst7/WuCAExA1qSLFa6Gr4Yg
vnrJx/dCb/C+eRIoAcc9V2VhAzjlAizeNQqTaPnze2Hlk97nxaNgrCbrXtFm
IIns6nUvi26/pj3Ri9pElSZoLyDmDJ7fGtK511XZizFW4MllHfMxAUHK8PJv
/yb9yv7V76JfgSeumqR5j46fACXXgbUGYVtQd1fvJY2uDZizb+rhtefVmzJ/
/DjnFWJdTJoJIs6ll0y14Jd19szKgBifWO0GwZbrT58obFa/0g5eYSMfeNb6
CvbQ10D1+UnOt5r9lhE99bqPFns9RN87jjddfvOE72oMpnHqawz8XPIiLlH8
9Z0vQJw/ZtclTgRJYTgG2XKV69ubbyHeB/3867PDDiCxAjQBpqvqJQGCWcQP
NvQ3BuiZ2IDoe2Fzoehr7rWs6MK4dwNZH/XXhfsGyOsZYL4GloAUf7mW+is+
/A2jC3NfZRW8hiWLywGjylk+Vi9y5tXvLCbRK4GvFqu+1sn80mVJutDwTaj7
HNeoAVeLawD56fS83DZb/MvXrOJt4tfp/jd2zBPBKA8BAA==

-->

</rfc>