From 32caba6a53a4b9824f037dc9093eca6e98fc3d05 Mon Sep 17 00:00:00 2001
From: RPKI Team at RIPE NCC <rpki@ripe.net>
Date: Thu, 27 Feb 2025 11:33:41 +0000
Subject: [PATCH] RIPE NCC has merged 5af977293

* chore(deps): update dependency gradle to v8.13 [7335cafef]
* chore(deps): update dependency io.freefair.lombok:io.freefair.lombok.gradle.plugin to v8.12.2 [725ceea24]
* Don't say anything about ROA change alert when unsubscribing from general ROA alerts [0a537bfef]
* Cleanup [7e82bed33]
* Use toList() [c39a9957e]
* Make Sonarqube a bit happier [dd9f9a991]
* Simplify notifyAboutRoaChanges [f3d3a77ac]
* Introduce defaultSubscriptions() methods [662c372d6]
* Revert ifs [33a5f8c7c]
* Rename to showRoas [cda322492]
* Make column nullable [ec22bfe7f]
* chore(deps): update dependency io.sentry:sentry-bom to v8.2.0 [861525091]
* chore(deps): update dependency io.freefair.lombok:io.freefair.lombok.gradle.plugin to v8.12.1 [2a9ff5814]
* chore(deps): update dependency commons-codec:commons-codec to v1.18.0 [e63c18b83]
* chore(deps): update dependency com.google.code.gson:gson to v2.12.1 [61cbf3820]
* chore(deps): update dependency gradle to v8.12.1 [076df585e]
* chore(deps): update dependency io.sentry:sentry-bom to v8 [40b611165]
* Don't try to be smart and notify about ROA changes subscription on every email send to the user about alerts. [7f324fd1d]
* Adjust template [7d34ef014]
* Add logging for a corner case [5a9439903]
* Fix UnsubscribeFromRoaAlertCommandHandler [0da9012e9]
* More NPE fixes [1ea4f5e3e]
* Cleanup [9a0af303b]
* Add test for empty case [4cb90fac6]
* Fix NPE [dea6f9e2c]
* More tests [6e8e7223f]
* Remove redundant code, refactor [2142a369e]
* Extend email templates with ROA changes stuff [99d212f35]
* Don't try to notify for absent configuration [e82f68538]
* Another fix [c417d6183]
* Fix UpdateRoaChangeAlertCommandHandler [29d270998]
* Better templates [723ed6494]
* More tests [eef7817b9]
* Remove redundant code [21b418bbf]
* Fix request validation [9c338c5e6]
* Fix broken test [7168e81fe]
* Adjust email template [80a05f649]
* Fixes and tests [d78685031]
* Fix test [6c56d55fc]
* Refactor, introduce UpdateRoaChangeAlertCommand and handler for it [ba05030b1]
* Cleanup [063fb59ea]
* Fix tests again [6693e4b0f]
* Better tests [4adafb7ca]
* Fix more tests [eab196a4f]
* Simplify [fdb0a79e7]
* Fix tests [adc30fe3c]
* Fix email template, add SSO account to it, better tests. [9779b24f5]
* chore(deps): update dependency org.postgresql:postgresql to v42.7.5 [7ab2dddca]
* Cleanup [939717d7b]
* Add initial test code [cf03d35ca]
* Add usage of isNotifyOnRoaChanges [cf2703836]
* Add SQL migration [3bed3cbbb]
* Fix tests [f1a6d95ab]
* Fix typos [bac59c2f4]
* Some initial changes for ROA notifications [906c9f8fc]
---
 build.gradle                                  |   8 +-
 buildSrc/build.gradle                         |   2 +-
 gradle/wrapper/gradle-wrapper.jar             | Bin 43583 -> 43705 bytes
 gradle/wrapper/gradle-wrapper.properties      |   2 +-
 gradlew                                       |   2 +-
 .../domain/ManagedCertificateAuthority.java   |   2 +-
 .../domain/alerts/RoaAlertConfiguration.java  |  18 +-
 .../roa/RoaConfigurationRepository.java       |  10 +-
 .../ripe/rpki/rest/pojo/Subscriptions.java    |  48 ++---
 .../ripe/rpki/rest/service/AlertService.java  | 133 ++++++++----
 .../service/CaRoaConfigurationService.java    |   4 +-
 .../ripe/rpki/rest/service/EmailService.java  |   2 +-
 .../commands/SubscribeToRoaAlertCommand.java  |  20 +-
 .../UnsubscribeFromRoaAlertCommand.java       |  11 +-
 ...RoaAlertIgnoredAnnouncedRoutesCommand.java |   4 +-
 .../commands/UpdateRoaChangeAlertCommand.java |  21 ++
 .../UpdateRoaConfigurationCommand.java        |   7 +-
 .../dto/CertificateAuthorityHistoryItem.java  |  11 +-
 .../api/dto/RoaAlertConfigurationData.java    |  22 +-
 .../api/dto/RoaAlertSubscriptionData.java     |  15 +-
 .../api/security/CertificationUserId.java     |  22 +-
 .../rpki/server/api/security/RunAsUser.java   |  10 +-
 .../background/RoaNotificationService.java    | 100 +++++++++
 .../rpki/services/impl/email/EmailSender.java |  30 ++-
 .../services/impl/email/EmailSenderBean.java  |  11 +-
 .../SubscribeToRoaAlertCommandHandler.java    |  61 +++---
 ...UnsubscribeFromRoaAlertCommandHandler.java |  16 +-
 .../UpdateRoaChangeAlertCommandHandler.java   |  66 ++++++
 .../UpdateRoaConfigurationCommandHandler.java |  15 +-
 .../jpa/JpaRoaConfigurationRepository.java    |   7 +-
 ...__roa_alerts_add_notify_on_roa_changes.sql |   1 +
 .../roa-change-alert-email.txt                |  10 +
 .../subscribe-confirmation-change.txt         |   8 +
 .../subscribe-confirmation-daily.txt          |   2 +-
 .../subscribe-confirmation-weekly.txt         |   2 +-
 .../unsubscribe-confirmation-change.txt       |   3 +
 .../unsubscribe-confirmation.txt              |   5 +-
 .../impl/CommandAuditServiceBeanTest.java     |   2 +-
 ...ateAuthorityViewServiceStatisticsTest.java |   9 +-
 .../domain/CertificationDomainTestCase.java   |   9 -
 .../net/ripe/rpki/domain/TestObjects.java     |  14 +-
 .../rpki/rest/service/AlertServiceTest.java   | 199 +++++++++++++++---
 .../rest/service/AnnouncementServiceTest.java |   2 +-
 .../SubscribeToRoaAlertCommandTest.java       |  20 +-
 .../UnsubscribeFromRoaAlertCommandTest.java   |  14 +-
 .../UpdateRoaConfigurationCommandTest.java    |   9 +-
 ...oaAlertBackgroundServiceDailyBeanTest.java |   6 +-
 ...aAlertBackgroundServiceWeeklyBeanTest.java |   7 +-
 .../RoaNotificationServiceTest.java           | 113 ++++++++++
 .../impl/email/EmailSenderBeanTest.java       |   2 +-
 .../impl/email/EmailTemplatesTest.java        |   1 +
 ...SubscribeToRoaAlertCommandHandlerTest.java |  71 ++++++-
 ...bscribeFromRoaAlertCommandHandlerTest.java |   2 +-
 ...ateRoaConfigurationCommandHandlerTest.java |  35 +--
 .../JpaResourceCertificateRepositoryTest.java |   7 +-
 55 files changed, 914 insertions(+), 319 deletions(-)
 create mode 100644 src/main/java/net/ripe/rpki/server/api/commands/UpdateRoaChangeAlertCommand.java
 create mode 100644 src/main/java/net/ripe/rpki/services/impl/background/RoaNotificationService.java
 create mode 100644 src/main/java/net/ripe/rpki/services/impl/handlers/UpdateRoaChangeAlertCommandHandler.java
 create mode 100644 src/main/resources/db/migration/V133__roa_alerts_add_notify_on_roa_changes.sql
 create mode 100644 src/main/resources/email-templates/roa-change-alert-email.txt
 create mode 100644 src/main/resources/email-templates/subscribe-confirmation-change.txt
 create mode 100644 src/main/resources/email-templates/unsubscribe-confirmation-change.txt
 create mode 100644 src/test/java/net/ripe/rpki/services/impl/background/RoaNotificationServiceTest.java

diff --git a/build.gradle b/build.gradle
index 3bab61d..77933ce 100644
--- a/build.gradle
+++ b/build.gradle
@@ -44,7 +44,7 @@ dependencies {
     implementation "org.thymeleaf:thymeleaf:3.1.2.RELEASE"
     implementation "org.thymeleaf:thymeleaf-spring6:3.1.3.RELEASE"
 
-    implementation platform('io.sentry:sentry-bom:7.20.0')
+    implementation platform('io.sentry:sentry-bom:8.2.0')
     implementation 'io.sentry:sentry-spring-boot-starter'
     implementation 'io.sentry:sentry-logback'
 
@@ -53,12 +53,12 @@ dependencies {
     implementation 'org.springdoc:springdoc-openapi-ui:1.8.0'
 
     runtimeOnly 'io.micrometer:micrometer-registry-prometheus'
-    implementation 'org.postgresql:postgresql:42.7.4'
+    implementation 'org.postgresql:postgresql:42.7.5'
     runtimeOnly 'org.springframework.boot:spring-boot-starter-tomcat'
 
-    implementation 'com.google.code.gson:gson:2.11.0'
+    implementation 'com.google.code.gson:gson:2.12.1'
     implementation 'com.jamesmurty.utils:java-xmlbuilder:1.3'
-    implementation 'commons-codec:commons-codec:1.17.2'
+    implementation 'commons-codec:commons-codec:1.18.0'
     implementation 'commons-io:commons-io:2.18.0'
     implementation 'ch.qos.logback.contrib:logback-json-classic:0.1.5'
     implementation 'ch.qos.logback.contrib:logback-jackson:0.1.5'
diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle
index eaeb175..3f04d0f 100644
--- a/buildSrc/build.gradle
+++ b/buildSrc/build.gradle
@@ -9,7 +9,7 @@ repositories {
 }
 
 dependencies {
-    implementation 'io.freefair.lombok:io.freefair.lombok.gradle.plugin:8.11'
+    implementation 'io.freefair.lombok:io.freefair.lombok.gradle.plugin:8.12.2'
     implementation('com.gorylenko.gradle-git-properties:com.gorylenko.gradle-git-properties.gradle.plugin:2.4.2') {
         exclude group: 'org.eclipse.jgit', module: 'org.eclipse.jgit'
     }
diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar
index a4b76b9530d66f5e68d973ea569d8e19de379189..9bbc975c742b298b441bfb90dbc124400a3751b9 100644
GIT binary patch
delta 34744
zcmXuJV_+R@)3u$(Y~1X)v28cDZQE*`9qyPrXx!Mg8{4+s*nWFo&-eX5|IMs5>pW(<
z=OJ4cAZzeZfy=9lI!r-0aXh8xKdlGq)X)o#ON+mC6t7t0WtgR!HN%?__cvdWdtQC<
zrFQ;?l@%CxY55`8y(t7?1P_O7(6pv~(~l!kHB;z2evtUsGHzEDL+y4*no%g#AsI~i
zJ%SFMv{j__Yaxnn2NtDK+!1XZX`CB}DGMIT{#8(iAk*`?VagyHx&|p8npkmz=-n!f
z3D+^yIjP`D&Lfz500rpq#dJE`vM|-N7=`uN0z86BpiMcCOCS^;6CUG4o1I)W{q6Gv
z1vZB6+|7An``GNoG7D!xJGJ<c(5lA(KYiLlDQB9PIY2*1omobu^d~%F?^lW+dlj#+
zuhl}acngFjeo#uXaPW}5&|9Qn0W=Mut|F!~+Q(O{lqNc*-|z;`osEU&4DcGvU1&_?
z>d_Qv(M-kdVdsIJ?CrXFEH^@Ts83}Q<W?rW4<1i^^DCjN7zUG>X}1%P6KQFNz^-=)
z<|qo#qmR!Nonr$p*Uu1Jo2c~KLTrvc*Yw%L+`IL}y|kd+t{NCrXaP=7C00CO?=pgp
z!fyr#XFfFXO6z2TP5P1W{H_`$PKzUiGtJd!U52%yAJf}~tgXF`1#}@y`cZl9y{J-A
zyUA&-X)+^N?W=2Fm_ce2w$C6>YWp7MgXa{7=k<nAhh-JR2ZFG6i{xJ#8OpVY7|4BV
zzNu%N9t?hsT@2Am!a~8j1K|Nc;|4q^o!o}|A%3fQF{v1(R>wwy9guBx26=MnPpuSt
zB4}vo3{qxa+*{^oHxe7;JM<uOhAmqTF0*B$<8CT_+)b(;y;Ku**c}!BtX!^CLrs<t
zIYdMWscSWL#6gu|6R`n^MCrR7`aUB`w+(PnkTj@&^{^g}c9JZspGOa<lo09Q*HU0|
zMeQ6pdQM&y(tG5tOFa#MHQNu(o?^}(^T2L%Auv>NMp>F`iNv>0!MsFtnb+5eEZ$WI
z0M9}rA&cgQ^Q8t_ojofiHaKuhvIB{B9I}3`Dsy3vW8ibigX}Kc912|UZ<T|;S;^C*
zS2e+93S7rchGUL3L{bA)g|Ku!p;?s;PX_Zq0~!Okb!jE`W<J!cA;!EoBjvfooo2-H
zIGlz=Mt6L58E}BDp?*uf^`V2$k7Utxvl0d3y#A}NV3@XKTz`{`5ga+J?%m13u<mZ5
zFSTkg9&s?NX1FU|kUfHfQ}h~tg)fEv*L`+oRq_sy5D@iH5a3yCeDDi31y})-5O}VD
zDU2l`8d$hC8wCHvQ1$&?2ah=saS&QsP704X5AbAK)IMi!?9r6Ak=H*Q{Dk~54NWoA
z4|kOt?XiY|md<`b>1uhH?RuHU=i&ePe2w%65)nBkHr7Bx5WwMZj%1B53sUEj0bxI(
zEbS%WOU<F$3BSsC289J>w)3-B0`-m0!{mk7Q%={B#7C^Si>C04@P|qm7$<d+;^50^
zi{HHGZmr1H4-WYmLf!OeLR<<(+u=k)lcFBzTv3l`ix|E}$B7ytzgSGGrFdR=2lXH)
zss6-j7Eo^DZ|=Z*5={M>Oxn3ki)G_oNQBTh6CN6d_kt@UKx1Ezdo5)J0Gdf@TcW|{
zdz1V?a>zldA7_5*Pj<LVGNxR@&)zaQo~k@(o}Eru%r)kYAt46?exw-pABAxUyQs|z
z!u5GpwGE+quI$ayI7&EAq}=i$_XWPeHP68;g?cIP9watEWz!*NT{|l-+O{$Ud)#1X
z_i+aw7gbtTddmth)#=Yl0|_x(Bpw07_dl{154D@|J`6oUr3OJ9>n6kDj|sbUqt-7X
z5+oajeC}*6oi~vxZ#Ac&85cYcC$5OKUnYPv$Y~>H@)mnTtALo*>>5&=0QMr5{5?S;
zCDF=RI@94n(!~sa`4Y{JLxgcvRqMM&T!}rRd~Kl#_X4Z&85;})o4W*g>?TaAVXSWB
zeY#!8qz^hmC6FERsjTnC)1Xu1UPd7_LfuNvuVqF8(}Jfar=T-K9iChEuZi-FH(P%u
zzLrjpq|?}8?g1Vnw^&{eqw~QY0f*9c71&*<5#9f5JlhJmG~IuV*8~nEBLr`KrvOvs
zkOLdlZ58K?u>1{vAU0CtT>Il<<J!?-PV@ZY`lCzw+gXNHj{UMNwQ_cB_UCVw7dE-O
zdZ8bf*kso?6aB>I{Q8#A!lO7#73V&iN13;oV?Hl?N5xDK63)Rp3%5reb&3n5OQ|9H
zDpYEI%JQXcrs^o*SCFY~iYf-VM<`7Tl@+kQS3tfR-fyH_JDaz5SYEMU-bTCLQ=JVG
ze?ZPcj95Tci|bVvSZk3^enqQ?pIcZn24V=YT{cf-L|P&<B%k^khho{7sHKt97|1g0
zReX55n{JE<ir!0^Gfz#GOIVaA6FArU)-20rcEaf)u=Ai8AwERWaQ6JHQ(McF8w%Xf
zE4Zk%LA%^X^uSN-nDQgZP0n4Y1{i!=!@5(B%Ee9}p{!jovFZ^=gFa(QqGZpUT64W%
z?5!M!7^xA>{-%%^ql$)^Vu~)Ida=<XPx9}M@!Pw!XHLEf+qh;>h$bZAMQEi$MM|&b
zY8;D;aEba_`W^=VdKfttW)h_zjRA&0A^T*tF*%+}TZQCOvFqKUu=xf1Bx@T?&~S(J
zopXniA?s%}Q4p9~F(Ty{8wt$l4oHeT(#U6sAu4>Q+~a;}I>0>??v*wfke}0TwPaeE
zj3gWtfNlD{jRgy7;S9PS?su5pnobi%Zoe0LVpw%`<)V=yT~Ht_U<t3J#R6KBv;{6U
zD`;&sL_;6Hk$+b5out^N)V!C+xz9-LP>UXIna4YUa;p=-T4df6<WRLWbSBrT2EHvQ
zX(*%JudK2|V2O}{(u+Oa5FqeX!|FGd+;=Kdf+Jk-<{AuGKjlFH<GI=0`kQ1R6|RBg
zR6L5LWBW}=%ct6|HLhw)FL0Vw9x7+j3L?8)TYP8pKwQ-*<S<n%hj4KPJDSbg77}R?
zccXgd^n3aVWRe)kGZEp)Jnci5_|=&R)w}3CQbS&7HY$egG0iwk$@}H>^;bz%;@|$F
zK;s9#K@9hqZCST!66N0uPB+FT*kq22%o<kD(e<Gj6FOb5db?zd6(YMgOB`|w%4|Bc
z(k<nVkl8H?k6%n=h)GRWLInD&GddoX$(?suWUkGuJOY_3COZ)(x*`6jCK#!&{ftl$
z5c+W78EgV@HW>vtJ%<9ArE%hcX^!(Lz;3?kCZ@Ak*MThjTOKU&t+uJdN*6t$;DDmh
zFStdHO>r)8L@qO}K@H~7Z);#f6WU{@Icn7Tc^|IZ`;K^ek9eCWdync`kWCt2s%D-k
zE$wyPCui$@gJJ9Q`CtixbMF(GiCCbm`ut(~ce-G|Ji|PZ3~DHlG`Asn;skVhnu0r_
zgGbdmfl|er`87<PDxK)?L{vfWEMzrIt#2nmi4k+6thI#E7ujL0iKg?Jb+&OW@<G(A
z?|UFyg#_0O6&G9ENNZ&VZepy{T5h}4=3-l6BSYDB!gK;2GstLmbj{j7#=!|R#=wU;
zwp?a$rL{V3x}gE&EKk?T<Ud!p4_iz9%TlRa&qWpRnpjZYrY90$d|NSy{r8Y<IE6}~
z4U$fj-apXaH~1^)xeE$3z4hybvp_#J8(o9>x@uYmd8A+!-3V95GE4&_^9N@hp4SC4
zeFU+Z<h<7ALX1|ieYvUghI44|&yD#FLgb;0L%_q|+({zf%6hN$g(W=uxx+>3Ou&G!
zlvZy|iHIIX3X2-Yb7YJ#{SYE9lCoixO+}(|u+H@Z6Rz-l1eZ7{I;vk+Y7kP7ev>hG
zv|(I<4?N{EXMSvRgUhbQhDoP1&A;SEUGGep8*!@4u)fNbl3%cts<&=m5<5pi7M-HQ
zPS#svbXWu2n&m*K6jL#@xm3VSMJxnxve5J6w1qGv`2>5<6F!uzGVHP1A(_xI7CWlX
zm6*wpT@dmQ&pAlm`r~T;)>m5HK^H^cM`pCSoh{;-CE43rMkg<;HnZaCHfMq1LoN0S
z%%7|$y~&k6wpiY@rsdCY9ZDh%9W6Pf=2^p=;iv-Ah^ACxwK3VmI}SMNneTa9n%biL
z#GoojRHxa}R2zOo!G@<<N~}d%LZtM_=`*gi>8M-B6vNp?)@_>#mYku#pe{O~t?~}1
zE8`)=BstIRk5W*xZw@2=89@ds?eQ~mxzkrA`y<$oR8bmaUw=rE%lFmzHY&aY8?<-N
zp1|bb$(XrOMmiYy{pH#)D1GOmv5aj_?waU~*h~s{VZ&H_PhoXYz`C8Pss{ymY_hPG
zt{NY&nPMH#FRvwR+T0(Xo2#<v5J=l*6F>T6;=oFmRgA9b-HVY72d|~YF+6v$F%sY0
zS#^LF7sTj>Itvyi!~){Hit*~3imOG*Xh51<a_1hxC!rL7YYs|OGyF+!91<CoI8u{4
z>qLz+!W~`vUBVeZZ5&k34SD%Ha%5#aclSzMfoGW<XEJVA;mZRf?T3gb>jiq9#rl}j
zOf*8NY>VN(`W!DxaBgjBzj3oUAVlLY{R}tiZZ0o>K$vwr?+eggZ!q74m2t?lkvm9z
zAmL2=W$jQJL>SSrbIOibe734A(K^B8`M@uao!`E$p+9D!rBea8Oxb|p5r3o4##G8K
zMr0I9y&`21{@m=Bi+4tTJ-xy(DB_mG$kYv+qw&VBM(A9^wP9;Yo<dQ|81bAtx~{Af
zxoYv{3*UnjM**q_Hz!exTY51$lwoq?_Ahv*wlsS!;*s!f;UMjE3x22cOIXyE+m!Sd
z5&Cx2U<A2wx0Gn3sV1o?$Txg0=svx@ET$`(C)Bb~g0q&nc{;%OnB6eaNp<dgDebd0
zM?P2+?k{xz0gxsC!Wp6p_f<{a_{5rC@jR_}^a@&|Sq?l)gbh@#%a)va-*K)Wl)PiJ
z^M}*brJVVRe7`f#&6C#u5GbwZe#+jaQqX9jxJ{>*6{#5tMp<g`jXf)he=6$LcD#=6
zVDpveMuDHkcNXT7DamVr3^8Z=iB&@`HF(_Gg*B$~q9qW~Wg4%TFNB>fa;m2FC+%l@
zk_cKXg-d&YUIj3(x{)aNwYGYjSHiOQK2K#yWt$vQomhbnF;Qhkxl`+;i{&+t{PrY`
zp5r28&|UvmUK|&Jlv>oX4>XE87Zns?fiE6c;VP7Bix<I(n$NvQi7hg_h9W83bYi5K
zDjgmam^+F73QGZf<80SV@GG70q5#9*uq37PYcqGEObGDg?BbaF;uSJ(yf47xb#HCx
z8d^YO6N5W;5wZhRtYGvZT~Qhjwv6Pt?&(Hze1@!Mwy7S3@9gZkVrY7ZA1fJt9%1W#
zBKqWt@F?Qg+sU(FGuB(eB-wa`pYSV43V)KZ^pBQ^yjX>T*6n}Zsbv$wd{gXyrE&Sd
z<S`Tii|b(0jYW#GOY$jqN0GnJ6ZOr1hb=tOu!-ky9O|6^jv9YxI{$r2#i!$kwNJ+A
zU+Bi6A+2b`TIg<NzqeTPC#bO%ME1Ic24SDh_OjzeuaXy}|BblIfQ!s^aMyQRpsKy%
zoD!BlBNU=;LZCuFS3}TGrj7Oa)_@u6nSQe%^xy<Xj}86OhGy9{1{Mkb@a`Ve^kccV
zZPY7CTt!*SX?kHRu+N2nU-nUEw(G@|;T900q{rx~ru#GRTEW)YRdKkfsVt4KvLG#c
zt&xyuHJe?pnql}7N%HE)^pHLg5O7$<{1}vtZ&gls0i9Ri&d_(D-xtfSbML)Su|ZO?
z1-Ri87$T9Z8H=GM3~jKZ32~H->hRlv!-{%~xv6yNvx@3^@JEa$={&giRpqZG>`{93
zEjM}YI1i6JSx$DJa&NWcl0M;igxX;est*nz=W16zMfJ0#+s{>Eo>bxmCi)m*43hU1
z;FL43I}nWsz<Wv=$2>jSS%*F1UYt^)4?D6&pDEt1(atK(DKY1pAkNMG`a>_ec;KiT
z^xMBBZ9i=;!_hNGlYp^uR0FW^lcBrs_c3ZvhcctW4*T^-DD^OU{{hK8yHahyGyCK&
zL0>f0XW|wvi4f`bNTfO+P*Ao<JRMaLqv0$({&278gLnpYNZlD%)>^L@8~ezagtl%l
z{(2uo71sT3rKTQ-L#Y5Rsy#x)Eo+HQranZmk;r_Hf7WWkRq<Yba&O~6u21mEKWYm3
zOl&3yq~$QoZ69OCnSeZ}w91hHEs|z^i|+-j$nChF;wxZxlfL3=&#*~e`a<fEN<phc
z-de(Hy#daWt+L3+OzdeTAPvX|uvXG~am?Uabm&o>&Q<eTqm!XiWZ8?!w45RQ;79VW
z;4rMI&{VwL<8h-7hT>mP{?}do0X=;3U_UYspffJl7v<a_2Rm~;=t1#eaw{n(`XA&^
zp_%SsDpq_ht0euysMlOi!YHX?n7{y`(WjqK2PqZu3O?D7UOA60n-7mU#N80l#(_Jx
zBO^L5`RPY5T~3In(Pft<(&|jBa76<G^~Y8}Yrn&%_F}AKo2?&I6<s3wZ85A=@z(b-
z05!=MphWAR11(<go<~NM{p^BTSp5#VRqN;>*Y&GnW;M7$C-5ZlL*MU|q*6`Lvx$g^
z6>MRgOZ>~=OyR3>WL0pg<z<=WunQAd$(giB3w14QYOU7RX)5AXVr4al0~er#j>h2_
znG)RNd_;ufNwgQ9L6U@`!5=xjzpK_UfYftHOJ)|hrycrpgn-sCKdQ{BY&OEV3`<YU
za)oLl!4JkDW;~G+aZFL>roT|=4I#PT@q`6Lx=Lem2M&k4ghOSjXPH5<%cDd>`!rE}
z5;hyRQ|6o>*}@SFEzb7b%5iY}9vOMRGpIQqt%%m)iSpQ@iSAU+A{CmB^&-04fQlV9
z14~oE=?j{b{xE*X^1H)eezKTE27;-=UfNvQZ0kZ+m76{6xqAyTrEB&Oe`Mx{4N;}5
zXp%ojp}JYx6PE}Z`IBO3qWsZEfVPa4EEz0vnsFNkQ!kG8tcec&)k$+s&XmPE<c+0S
za4(vqTIvzPiBe>rROoNxeTh9fATBk)w1g|9*~&S!%r0u6+FTn}dK-qa7cfK~tkJlV
zMi{BX!>lQsZhSQ<w<+X|J|4n?!kfEI>UWAf(M6+McPrv>)j<*T&hC!*?qq{@ABJWX
z@!~2Y1rhy*Z|x`DZUBuyayz}Kv5Pzrh}1wiHT{9|fh`Wl%ao=lRSwEFl*wy6BZ%vo
zrt9Ocbicd1q$a{F6`4#ZQ6vJa@`}IGz+xUr*=6TF^GR?`u{1to&gqJpwf$LN0?G&!
zsLNiG+}M+c{*<YTitloX{?VHG$MApcT?ma!w*2q6Ed%r4|KNmD64;}F&w@q>j-Q4I
zO!=lj&~{29Os}hgEv`iJ1tU)dx}=ob>DHSHKX|FVu2Y#pO|SsigHRgg4?!FX2>b3W
z`m}xI<#_02adGka0TuAIg89kS?>*lKyI)T)Pa)|12XfH;k9}<tY!B8Y;}j~X4&l&s
z(g;xpQ5G?0>#=dzH6T<KeHENIo<#?I;bVAn6Q}qQ-9h?=>iciCNO->e9m>!W)l&4B
zd74@>_LL9OuJ&v5e0)l7ME@xW)9K@*LUd1RY}Vs_${3YC%+LfSR^H+I=(7Szh2nKB
z_8bMoty|M+k9A|hGURVePvMf0XY9NYOiC@h^MLs-X@(8PV4zI7A155!RnZrBE9R1>
zuI4E`=JTxyJ#d`!(9_s?T2jxEM*E`){wGI`DBFIz%ouW`Y0cKDfXAGN{};aMpLRvZ
zu`PZ-3(+Tsh?UKAr)TQQ;2Jz(kv8{R#!c9Tyeev55@5@Ng*c4-ZQ6vC?o#5>6{<IS
z|Hdrgbn<g0XtE#_Q{Hr>;?gVfAIr-+^g>3b$}13U^~?gce6s6k-4ulnzWlFpq}*)2
zd0!wP{2>3U+zYiPaNr+-6O`J;M2Cb`H5hjDXw(1oKK!?dN#Y~y<BK6jV4~IT|3=+q
z6NP_+MdAvd<pq!H<;v^c(b6TvqA{~CKi`^T$DHmuKX!JZ<Ee#i^=Z*1Z0vr*o)73u
zH^_;iU_1Bs*jH4Pdb07knlsRgMaGzt+Wj9+JtBZY#mp*jxg_IkidvJS>gl{H2|9$(
zVg7`gf9*O%Db^Bm6_d808Q!r%K;IUSa(r^hW`w)~)m<)kJ(>{IbCs-LkKJ5Qk~Ujv
z|5`OBU>lb7(1IAMvx%~sj+&>%6+_-Pj&OOMzMrkXW}gMmCPOw5zddR}{r9blK&1(w
z^6?`m=qMI=B*p~LklFLvlX{LflRXecS#l<eVt23^HuA<>V$LVwi$+9F8zyE29LgL>
zW6R-6z&3x-zL({$nMnbhu|plRO8S_EavN?EKrr+c&Tt;Mk)NC0e|cvyXk%VKb5VIc
z;|DN^5)t^}tr&-2q)SbwrF>=k$moYK;yA{Q1!I940KmPvg_Ogb81w$_)<fG_Q;2t;
zuF7u(*g|W@;`q3%d}`uX&L4n<f|)LvVsUb-FRe25UJ>i3FgFWG<NjY@vAi9VTEfW1
zf8@Kw`sOYVb)srLfeI}ST9i6M{9{)Hv+tB&LU!S+-VlJ4jH1a8Sbkx2EYwuj|K%V(
z=w=V}uV5uQlmAb`R3x%cG&C^Yr@3@rrIXEJu&E*Yzlasepnnhg|0NvTks$@2jJm_b
zO>+MS?k=BpkVGk-bRhBF;xJ}wnGN{)?gbry^3=P1@$k^#z9*@tmmB+TZ|L@3#3Z+x
z8hJE({GEeEWj#+Mn<POX8zwJomlnSu4cNVLK-*Wer5Kd-2zA1qS6S&^TPxk#bnnv5
zrxXdP9S3)|pQlhD(V#+wMVL2H@@+uZR%lU2I9l}ck)9bgITlwdP^eG@R^AlMT+6Qk
zK&0q{0vG8G*{ksGaEi9SAZKMB9ScVYpC_Vvm9!}I?j2)@UkIlOduiIFU9wOw0`ZS-
znURQTw}nH6OFzn;4FYj3msI=-Nu*caS}u8ej9NE8s+UGK_B`-#kjo^x$J&3zbM098
zoO)!#Z28)R^<>USN^~c!=G+yW^j=cfN_0!}%(J-f1`G}w^}xi!T8BJDOCri{mGBU?
zsKXxeN*=L#<-p_aj6cHtYWMJ+;F`HLeW5cpmeVAhFfy+Y=0rIqqyJ-NRIu-aE*Mvr
zVnC-RDR`d1n<mbSq~r_vKQ+Ik{X(n+8!>nQu|^S79I>%9=bPNx1JLOJnB**Y`2WCq
zctq<)Cq2^Z%=$*&;QxX30;642;y+=mlMLec<knC1Y#tVqX>6{KA208FQ~_S&tiFQW
zp2{C3nyrmgkh+HRmG+$_y19m~0z~b`Mo+m6)Qq82p5)Z6ePn&B=!*twk7Rz%zzm-R
z>Qj!PE3XMBY)N-x<H_`H*~U8Gpsgw&BA7fvhw&L@=vaJsl8ryP$6fL0_j#VJZpCVx
zcD2>O(=VpO6=Cky5kpl}fQztM7QzvG#a}5$>2$f5w|}b8=3E)cNQw<%e1xAEwaRHu
zhHCGB4Uzs6x3A<AZi@p*tw0Y1R4F7A#&?S#=_%}E)>=7uUBC0({&iNH{!7JgQHVa+
zKfQItwD}sd;587x<ysUr;Wek0t>?M_hzpR|TKtTH^4{`G7*87o_wJrFlmrEjk=jvA
z6xBPKYjFB9{0Sj0rBL-z9BuBY_3c||UjVgv2kqw2m<@4#>zfx&8Uhq8u+)q68y+P~
zLT;>P#tv|UD62Nvl`H+UVUXPoFG3>Wt-!sX*=4<rs6D%tp5jx<Ip0&dkKN&67uJCV
zIZHWSLgAgPNgn!qcd4wsH!}4`7Z35*$oDu>{XxV|GSC+alg10pP~VaA>^}sRr1I4~
zffa2?H+84k=_w8oc8CQ4Ak-bhjCJIsbX{NQ1Xsi*Ad{!x=^8D6kYup?i~Kr;o`d=$
z*xal=(NL$A?w8d;U8P=`Q;4mh?g@>aqpU}kg5rnx7TExzfX4E=ozb0kFcyc?>p6P#
z5=t~3MDR*d{BLI~7ZZG&APgBa4B&r^(9lJO!tGxM7=ng?Py&aN;erj&h``@-V8OA>
z=s<m4Oi3*NA!x4t1}QZ=`cuvY3`i0fEc7?4Xf2xf@51(CvSAw}+RJ|jH&A3M4W91W
zruGUA9tPK%bbjBLp1V7G&*V&hD*IUUX+B?_82p{g^g0^nx#YRMApU&2!TW(~gFHnf
zkbVqA%h_4&sJVOkp_dWkG04%b!XbBo+XPH5TW<T_PA1o*FC1llQPfa3eYl}B5Q94I
zGKZaYZ9}8JvyepMH-2~TZYxlXaCTRHo>Q4diM!6K=su^WMbU@R%Tj@%jT5prt8I39
zd3t`Tcw$2G!3;f!#<<KOiK&UK`ftjs%A^uhWsp{;N$}cg(yq@+j?8g;=<QI$vjYF-
z>>>SQ<>g6}Q{xB|sx_%QKm2`NxN|Zl%?Ck6Lu_EMC?*eRxdgS!3zYU#OnO~0&UFei
zmP3k9!70^O24j5;G-fH6%T}X{EdO(%*+7ThlNGAh;l?$&{eZ<FnW)8j^|4C#HpOph
zbm@`#uYjc%$Rm&>-l`j281o@47x+6Z*DC`R2CkPo{1Behvlt!4${0Q?fBx)iIw$Ky
zI#xvxKs1U`uMgeZg5fD>s5AYH*n=+UaRzS?ogn6WwBPK3Gib5@Jj!sZN^tm>M&*r@
zjbBoF7uXJU2MW~JK3%Xa3R}3zsP<dU#Eq<gmn-<ZU4@`W+81jOp+Ou?1elLplyzJR
z9&@5(X#_WK`23z^zV1@2XNbd3;UoQq`_=wy*(Q2$Vgyzjd8>7qHEqbnC%eKsJ51+%
zVAT-eRHwD)0YlfK2&rN549*};CJ8I;dj8rD^PR(>#n?Jccsqx&wF#We;Auv9Vm%-}
z3HjpBGp$t5^S$XhJmYAP0q_qM@^#D}NM1FmCCyo;F|wv3_ci@$MA<3An0Aa|>_M&S
z%qGjO@w{NI$VKyDF<l%iI;N+l*{as6&ER^9*jArjrp&9CPuu23wa}!N@tNjuhPcC;
z?6mlkS`bvvH_g!~%F&ch+7hHlQK;!bveC_x6Phpp-}mQpT*~Cl1z7f2lF90T=o!7^
z=|4vq%$XLu{gPJ}rF}}5_2ap@Owm7i-PTrqUz1^v+c$yHJP@#RQL=+UMupjabm^GL
zJo>@w5W*6XK~5S`S$@ABWh@uaFIBq~VqOl99dhS}?}3N#JizIfYYt<W_#2=md9gBI
z#}F}*i(I`rGJ@Q|4CI#j%v)Q+9#;X}=?+J{8bF&jT!<pTicXV4_4SCoK4g;p3Zrqx
zRw=THF?#1)pKE>`ZKK0i_e#E;P0)VXh-V!w+qX%^-I0^ok>HAm5)tbBZlYov@XkUL
zU}l}NDq{%pc=rmBC>Xi>Y5j9N2WrO58FxmLTZ=$@Fn3>(8~6sbkJ;;Uw!F8zXNoF@
zpW;OS^aL|+<qH#mBemG0I2|~ter1TI1m%~?XOM%c$G!SO*d_Cm;2ametA9t!34vIs
zuThJ6wLav-QtC6jfIVAR<d6oh8=>aN@xwRNj^&9iX;<p|H+r$KL^^=M;IX6b-&Xy<
zd-x9#Ce9V6FcLXTrl%A|soy2|{09m8R0*VK!yBGFGDnq-N+&6}xpKOn+i!hxSmHK~
zM_+XDgs$sR<IPbaKmVJmxn$F?wf|hr6#l=AY=DLd{?3aIPUoNkuFc|kL#*jQr#DC?
z;gy7qj4SY-n^8{6wHdXVJwtQ_bU-w>XxRUuPo`ti>k3Hi3cugt`C(EwuQ&d2lyfO`
ze!0fi{eHhU1yN+o%J22|<Zx5&q_FVNQW$pBrz1#!Wc#z$>{prPvPOs1S?1eUuGUkR
zmzMlCXZtW)ABWasAn53}?BqtPMJ*g>L1i6{$HmoEb@h(kILnMp(2!H!rG?MNH`1V0
zotb`;u#Yz0BZrT1ffVTCV!?{L^z8q11_21ptR0ITbOcaZ!mlWhC_AZb>?2IDV|b_y
z9lVt3)0d@W=lNp1ArE;h_;DDQX^_;WtsSIO<;Ly&(#O~Xw$R0~W|xdQk*Y(b2=vLV
zt8HX8=;#;$=y}!;Qku2HJbGEzF`2_~&i$&ogHUe5vhx}FLR}K_Mp)J{n*Va2<|pk$
z4tI(7v3A%Z7Z0|ZWw#7%<L9&#Zv#MPQt+(E?sqgh1<}UP*wE8kaR!+eKa^P!EX^{p
zsd1qo?~5RTg$|wKuI|=~B2t6m=-05YFc<cqfE{Padpk)t{+ZdEN)S-Ehng`;#uT|{
z@)Cm*K&~<YYp-nI_KKJnj`A<T25*(MDss9uqe-S=dP;5=@s2p=b}9sg;DW|JDH14u
zY7AyB>$U#*mv+`Ujlh^N(t63xFt_%*WoJ^oq!U0j+Bx`<>q!J&0sWy4&{@#*BOr-s
ztZ68f;l0UT3wf@RRC}_ufMr6rQ69Woa@1sZ50Ww|{yfp8!7rMOh<G%wh$s!NM(0R(
zq0Gucg>_POTE;|zamq+4OObJ-VeTK|D|h?mfR$^lA{E7pk8DRDz*j&r<&fR>GaG*d
zYaJ*q5#n251XIpR6F1o-w>LZ)Cb6Ma^6tCfcOItn1o;$#H?^jqOd(PA)B3HaTlJ<a
z|JC!mDZ*M()h1k@$&%j_Fp^Bimz+bz3MbiZp&v&nl+p!x=UY?wbC3<^qw#s}Abt>K
zw!~?nh-v<X)^J^C{N(L?fFSM<gYb6Q$3|e3g(Pg4u%vVHg^k?Ih3wtu_E3C_!7v^M
zj+DJR9-Tfa2lPfcx5AWw_iIX?xAi+E-iSpr9k=p;6Q_Dl=`kvxbhn~rD#5R7pi5~$
z+&FBc%Pss`?GA<#x2q2WcMh4!xiGTTt}Vy|wf09qj3=Sfoh13@5BiB$RA!e!Vm@I1
z&Ej0XP<PnVJrW5A@0d!lpw3(Z?PA>-_WBi5*B=IuTZOX2sa{1I!#%VMd5eGe1VcL6
zQ!aDft}>TjlwzEJ9Kr6MWh1MoNNWr$5_?z9BJ=>^_M59+CGj=}Ln)NrZ;Fja%!0oU
zAg07?Nw&^fIc9udtYSulVBb-USUpElN!VfpJc>kPV`>B3S$7`SO$B21eH8mymldT}
zxRNhSd-uFb&1$^B)%$-O(C$#Ug&+KvM;E9xA=CE*?PIa5wDF_ibV2lMo(Zygl8QK5
zPgH1R(6)1XT9GZ6^ol$p>4UH@5-KV66NF$AH-qOb>-b~+*7)DYsUe&Is0yTx=pn8N
zs&2Z4fZ1Wk=dz>AXIfd%>ad=rb-Womi{nVVTfd26+mCx`6ukuQ?gjAROtw&Tuo&<w
zl)%U_5i!?%54w;2?WJEeGYDZRRXCWWuvQ_WLc!ER(u{D*q^lL!vV}~F_dI0|A2@2S
zp(UQW8vjSbVvo6rl@*INzt7g1P#i})ahTo4)xeTld!?`9&uK8h$n-G#SH2B6mDVt?
zz~=;Z7@okG2Q?-a`(9Vu15@4hw-95LV%~-4w10^Hs45ci8{L%>w$|&=rEzNzwpuy0
zsqq)r5`=Mst4=HCtEV^^8%+Dv2x+_}4v7qEXSjKf%dOhGh~(FDkBW<~+z&*#4T>r@
z>i7T5TGc96MfD%hr~nK9!%r{Ns9=7fui)N%GN8MvuIrox)(0nNg2{McUIC6nq>dD+
zNvX69vvf=Pw1@x}^K{@%UCL734;&AVta#($&l2E|*VUaKW@h`X*L*;1Kl4tajl}GQ
z$K>;*$3y1(<^32Cg8ugi^ZII=I&ina>q@GC&~gQ#Z88(nOj;<iHMXuH#f(t61*>*j
z1{hyEq|R_0v7LZNKB|3jqZPqZOuUG(SuM^Z>0@mzsKqVbRrkTz#TRZ0sTQ|%XiYcE
zEE5{9jEB+2Sdga|veYSFZEzOuepHGusAO#pg&R(%Ob@V0Lw;AfQJ{aLUJxnbe`q(m
zadg^fXYiWr+mm2akb*J?y`w(!KAL8OfFD!mVWiWrgScgp9^yo<SycT#CPl61i?gjI
z$t#MvsLPusu(Ze$1&fJYn`YD#<D1oakpkF%2Mu5kGnN&_sV53Gy2aXtoScfyu*`RU
z5Z&{L3ox^cFduqRc9}5;(=YJLVE5%dn&JyE>h3lNN<k?z`^Jd!^cl}ye~%N80oKmX
zlR9EQ=zh@Dc@vpGfxh`){OtH4b;4d~z{w(uZ9Xb{VkMXPR&y+0C~oq5u!axo1vLI5
zaymilE2p--)9$eeML6KkhU7_)Os~Y?p@Xb(Yq}<by|p(F{jF9kn%C9>Uxd?YyvgUL
z>+!2VX<jUwm;P9RH<=9I3W&9K6u52IZV+RNe)E)v3>P7Fzq<G1?skULDYhp=u&U@>
zYQ?(9-r*?N*cJCK&)pbYzuv%R{b;TB_wC1V3nO#12V0ucgp);>!N=;G=l;({KZF>)
zNAo=0m|3Zu*PNLa-2v=3r5>-hVI_xYdz0m*f-zUW_=eDqiM3j4MPnS~eIRNdw466?
z)yxHI@6d7gL2Qj<_@72W{GDyINBy%X6X&_cF1(##v^}87YGZ87HgfH$&epf>Jlia4
zw53K1M6=Px@YCVTUk!%_MjyBeaWy7c40i47-3B{voi|&|7aXz<V{M){FpJrHr`@4d
zImdj`-d3YlYC}?n2+c|oT3ALDb+Ng3u>a!(OB~E)U;f>5Wd3&@#UP~gkM*qmK=aeZ
zkP}gn%JmKK34}KdEu)4E2~qN)EnAhj>)4dbq&RbLu$BD&kJSoIvr$3A#S%P~l$l1A
z!96hNdtFXsta!b+enJ@G;6rv-Rd=IQ_llL#tSGk-mpQi(mhop;lObiTQIARXw~&d>
zVuCSG$T&zi?#&PT-fP)`*-d@gc;+tOPDaUA*6>R<P%GT~fbV;=0N6J%2`I*qqE!qY
zdsT^}ef}vE-<Df{OF)bj(T83TniX(Lw)hy#N$wQi&aRL}fE(G!FsyC8%c5F4vXE4{
z8;3KRWH5CGGA$f_Rkb#kVf-O#bgwsQZbwenO@34m2@wSu6}AdI-IX#jc0H>Irf67&
zpZ<1ie#4rJ3HEu>v7sF={4;oXv?_MwEI-^o-Lr@rW%%cd0TR2q`p=rkMOKYzOs&^$
z=xW*e)6p-B(0Ek7w8+!@Cks9>$_#zi44MLyL9X?{sDlihX%V;$%a;wd&RL*XGcb$`
zvU}#qxz8wAT)*NQ+lXO>AI`^r7B&IQ3J&{cVNn0aWa)(!fQtV+mm~`vsH24+xI|q{
z4ce$OB1hrqGLn;H#=~Rx%T#b|hN`d6SXt=;Jd=DNX3LO9R8xLX@6p3>SnZO7M+96a
z1s=zJKd%qy0#GWLeFgc~?fsCw^$6lG;B*54&@n#>q$#nRSr?2GA4YaSSl5~B2k}R_
zfJE-$C~{O_6Rh6BJbWFuoaeXEI!Q-YSA9EvSG_sjB~-*hf_PM~mJ6BL+IcaF)8$+;
z*4A4W&+_Mn6~tF|M8Sz57BxO=W9ZJrNPtdhME>$sS6)etinxj{YkK){@Q${`Vc~dX
zLT4U<?^MaTTKi<|Zf-Ag_mm{Rir&!7+NL1FnK1}xtSu*nQ-G{^%2y1TCQ<0)bJW~n
zI@Y>YjwuC>dH8AAjQb{Ji>eMvJ5rH-4a(K{4EyLrCDtta)u#>`V_AvyS?Y(;FRT8L
ze`JXZP4s<VKe1y+m7Uy9?EojlL(yzHoBGi!vU355-i4-5el(Yr>~Quq$m=6NI@}`(
z`>o3kbSApx<kp>cHP;1Mds3&41!_0r619~@AQr9TW*Swk`Q1JNmIk%nKm(ZbZMHEi
z4n%vC0MuAKNz2njKLk~w|6u!|y7FN!SXk5=7>^^p-R4w7R;~G!v<{>H3%SC-<DK1r
zmWHA8d+z%B^0Zo>?>8jAP&ka=owuQ$sKwU4e8EVyc6V2IpBR56HthbwJ*XdwnwrW4
zcR7oGg7kCmj(q{#ka1d85mRVIo0`1v3+B--4RXv$hGb545y#j7bmu0*>BLnTRZ+mp
z29%AP8Id+57Q(6`ep^&LTtq}GO1dvJ*8~jxjiH0quR*Poy%N3@c8rhlO6YR@LBk%l
zux{&bK~LvKYq%d;Tzl|VS=?rkBUD-j$YY-xX)z`zUfH^&($ZYco(Xc1tr|9rwx}=-
zk`E2Wwkh*HIVsWej-nJ6HNH)7rWDlB0@`{QG*0)&P+~Ng{m^kG#J*^p`drM(`dnd&
z9$U+FH=rXh2py-N$l_0)@|JY;X1hVL`@}qxNi@<Vp`k(Kp#IzZX}Q{K|Cg&a3@Y@#
z_@?OCRJ4~yFSWaaQhj#ROR|lyROWPW250>Zy5hI)@(af%=1cl~L3{fxZWys9G-hLv
z*%jvhoba^ePB8YL)`%d%=t6Yh*c5p1S7`+BPjOD*#q4~gv#bn0wOaf_K0SiGC{jp8
zAc_Vk31hKTSUiEU7XNk7`D}S-RUrYb<7%)k+tV0zZ7(}vQN@0C5EI<=$$qW}m7f7I
zk>dMLd+kSjN4{OaxBJ^_h?FayJ`Yr)3eC$jdk1@jEzVT=a?{BSjp?&?qPX=xO!ttw
zN_s#<#Ve(0i_|cRa=MC2=8MonmoT5)UtF&Wr9-b2ng>>zv{8$*UcIBIXSZ3)x727q
zy{r>bdOh?E;ZI(^io=P3`o*tLdsjkjM!rGae!v5QH<3-OBW(XcRhvM!(b)Yas?oK?
z$5)Y*YS^_d9H-ZP^_iVooK6EE1(akYvmNkXQGH1`kXg()p94|_F8B@_ABt*7QTmYk
z47RyNSjX8nMW&@VZIQ`1WB%-*W4oN#|M}EKDCC_@HQ9!BenOQ{0{i#>IaQkyU-HOT
z#8ueeQdKezCP`+p0{|o?!axX6WB@{OJTR;qfs(;uKp@Kjq4Dr)^>R9T+^$ohEYKB=
zQ<S&6O=lU<wJvhQ9NmpOheG7eK|obT)Ls7j-aFUfdl;&F=AVkl_O8G<gDS-j+x`iu
zk@6j^V9sp=`bAzfu`UCvHyl;AcuC=*A!=3vKg%h+Lu+2zUDXxKo7Wp9wmO=N{@!LW
zd!e3W=!v!L?};!;?nzD{sT;aWVITv|yf(<x5$&v&xK-eKKwtK5p>x_P+t?e3z}3#W
ztf10?br2MbSVn%*3!j2QFu;=K)-ueTmgyYq;%9HjJL_W=dV$#21FIjyv}d3@oIy+c
z?IcrTw17F6oYGMQA=66yCh`48DJb}^Q?8r<L=7qTP1jJUFL#dbmkA$tCUCXqZcc0$
zL4AVmDhE)6<M|8U?@geK<|Cx9J3o1b?cs0!dcF}No9<ST!)4EUpPs~{gNJVN9i|!r
zSC;%|fD20oC6G2_v+qQo-r|t<<cQjQuASQ>3Le<Md~c{^jh(Xt-g2pr%Q2GcL0y3N
zkxgi<>i%QJ!qpxnt5`aP%aJL9ltY7#;qzq)qdoGzpYx=gz7Lz$JJZ4?^Nr`!1MK@k
z47M)#_%Bezu?xD<{tFcQ{{@OiDQRGst}MJJdOtp%(wvCymmU}NKvIK%z%RysueJ$h
zMe(J;-iblcWW>90Ptma{$`%AUZi8_y>pQy*1GpoiiS>`GK9%)TGXC!$FDO5REO0l^
z&lv``tj^Y#F@DP6&qSkCYO-b8O*XVx^8O@0D}Wv-tbz7`p<r8&0pJ?jwLSwY%46)D
z#;`ke7zsyi^!o37Do|1Gao>YOlCS4pVmi!~|4dv-5i^8laoUp<SQpc@F%-z^VZ}+p
z<y}k3*x5P;8zGO@fm1=hSQvWH+|77XQuxgymSgu@GvjNmEr*&2vQG_?CeJoTI#SV_
zEb-P|%^=i~?K6BchU|6*MqPj$$nqCeXA$)3DpXTgjG}w%=z^DN8g|)761X;la%*>k
zxH@-rdRED~DyWrZO2290e;bISH8z$=kcmp_ct)+edl012<`vnqx}D^<cDH??kRDQ=
z){q+<gvtixTpn6MdOI7BfZAl^^Jy7>FD$tw<i7G_e`#P-V`60JkYWX{3o=Q=F)r<5
zR3(KMvgvE5=PT7}MWTJ+RlVl%;?D2NL2%)oz6DATxgrmlSP3vRwPeLI_;jh32;;P2
zTeS>K8)RpVW@yMvk8CRc&d*ku^a#%~2|u>f%{up2Q6x9Mdt&e&@t?_bEXURy{+@>{
zJjDZB-f~7aGc%-QXc7g4fF1tUfP-hsa@qS*#N2_g3675xMqbz<x|kauRfl07pLU|(
zo2L<u=Nq;`1@L~F=0gz8nh8)P?6|1Nbd4z$hAm>yQnC~pK_jH^3k}w%a6jCW!C?MU
zo{9eUxt*=#6(neNmoNf#hiRNdGBu|Q(@9s7|H`J*IMWuCEyE4;3IJtKS-n7f+C1=O
z89gY4%6N}DeX%EYz8B!^9f5Sf8V2S}yTJ>r+}=RsLXtADv|&$w!dxTz4oSIuz=8S>
ze%G>2|5coCh@K)cA(h6O>kRSfAQt>H_fE#}H@p)v`Tw>aulOfNhyS)7=rI4b9<or-
zSP<~=@DLCX;4SR0U`aV1Am4@q$x2gTVM8oQZtKsvHTFOeumK4iNk#!9!{W%rm__<V
znz;ohT(b9fgMdg$26g2Q+Q?P-4R*2LHrCjvV%K8g1FwQg*LnVq7F-+Twtp3G#~iz#
zyB@pt{FYufO{avOm;>Co$DH=Jd$I?iu%Tq!e%aPW7DXN#iTjDG0TqkpLrhBBzR8`k
zD7XbvwV1f*5U7kBxrIxHO}NcgSmCK*P*zt<4FpS5V5@~j2g+wGN-WtIbV``U0-3X<
z(0T||f@~2Ebo3UuxzrdG=FuH~6+|7!<lg5F8b!yct<wjxc=ma(hTjm{1hG|2$9Rga
zE14i{GTTs>VsYU$0Z;OEL^Mr^S^zSSbYwE3A~U-vOJDyUDUStXfD%K9;#`BD_z>Zb
zYj83mc+8KTgEK6`Y;^Q6ku|@W3|m*M55gt8^^WdrxGslExn_2O8$_a0M&&_Be0KPA
zDd|?nYAOvUkTJUXZ7l2Ml&#rK04@AJab<n7YONhF$kVc0AbF;)Rn-XDrOG&oq~{8M
z9-P0+2zFVKjxHdw-1fy!3v^&WFV53fCsHTyZ{@d}ZXO-RgR7;HRUIugA*dIGZ2;{=
z)0e0%OH@H>u&@g<IoY4R(eAL<=0%9V?j7*_LJN4iT@olUyHYxIzh)V0dhsS^96B8+
z5#b1ytsfZ!y42mW29Pi1Df}(B)Z!g`OkNv^;D=8T+FiFf+7qlm_rb48v1_`kp}29a
z(hHMuSuzdAA+jsz?BA>=pIr~b;eo^(8BT(?FunH$AF3j*ZiHB%C({8I)tTa3VRkn)
z=9uW|9))}J#GUqRh<&w4yL15QpK%2bM)-YYq2tcqZmh#_)@tYAn7$!Z+6(FhAPs2p
z^%a8A6xo5O-hgk)a=r7#iC9Sn=%vgrQsl}WCq)N+4q*=_VT+ac3I+*<OQvyJD;fIA
z6(qz4yMH&2`d`}Exu~_V!nps`{0iqorpPV`enN9Sp08C|xWzp3rMCaX&)9oyQ4;KT
z8fm@HX6NA^X^s>3lJQ&#epf@`!?G!7S(!aZGWqpGk8(*`ig}*V&iyhzH;xtxA$y_N
z>)-lw)z%-mcQ3s#`hcb*fp;U`yikM&{Z0^!k1?*j(d(dK9Vw#6o;HRAhEj6<dbj;k
zg~!LE*(BW!VSpSQqQnlg%vUwq6|-OcebL941?htmy!N#<q<w_a-!$C<9dr=N8g>!&
zxJ$%z@#hubu+iCATwZBgyl$DO;-%^6*lhP|m`w<wUCgJY!LGd^M^p%+khJt=9HmT|
zAWQqTpVcIK0C1NPC6tO1AZcC8PKVAYo$cAbi|%!j>V*S9e%1oP-d7}LFzNb-nbg&b
zLeV~*+>vogxCnjjqMaj6y1jn;s7GQLf{ZSY20O#1YGg;yjg-{KM81iL;0{|;LN@@*
z6ST#Kr<W{N8l2O5)N8_sg@zQCbhz8KJU)5mcT*%*@2l_kW;^s5!%FvttV5d;r-Gqj
z9lr+q)O5@aelh@MZpkSgq>KAJTzEMTb{1d?&eNzE47+;ZFtJ8pB_U~EkOk=`-6MB)
zTaU^zm3`7P2kZ;D_=u#Q2t;SHzo8P1xqM5!?7^WSE#u5XoolRV{Q<h*nfm!?&VMnG
zdWAju-nB{CBY|M(&RCe@EIS@{5c<|uJP<~8?Vj+lWfTt_0M$-wv7+NCHELO9n9wYG
zMmF=Z6>}doTaC)1S08Zy7GJ<J)$8@R$=Is+w%_AX3Zr~`mdm<dl$=FWN>?pd&8Jjw
z`*_`ev(<+Ra2R&CQf7cb97~c^x3voFRhQSEV_1<ZR&lGJqmXQH_Ldo5y7N%kd8g(=
zTBY3IP!R$aiHaqQvCCHzGvZAya!VI}m=^cL-}7g6+}8j7gFY&#NB%~ttDT#$&$C-?
z6*N5&Uqs#-vZVxx$y)!!XQ|ARCyMd$-2&zHS3bsvm|_42#)sUaWb%rV`RIbWMg6-W
z_>pF(I!QUWEkUh<2Uq?3Cz9FxIKeB|n?CuVkX7tAhr<4Ej#%Cq?uB5e^<(Tu{>54T
z!(6b8DmhS=>>S)e9h|J%5}ljxfXIRDVa(<SjjNDHf^m}B%L_v0beA_~>%*0*xTQ{+
zUjroY*#_U^>b1Teuc$T-egClH97?IE<0#OhF0Y9ByTKPxej00P`|jMJVCqxQ>44F0
z6StS1JT#Ng(}>CWNb0uNM*qkV5<zCb5#uB#H4OaSoi(#5WeLk=H?mzQUxl0}e}N2}
zA!BoPstK$2#pAab#%b+?HL~Q}$f|S!QEe!FQFEX$5lwwA@tD1q!X?=kO`~KKb3Kbb
zTJK0C>JF(s$Hm`S`+O2LRS#bpUMgwU)x`e2u1#H8woa1YGZIsxydK5$JP$cfI67I1
zBE?jjeY6QO_arp9gg1v9k)(iTssRJl7=WdW!5$tkQ-3&w4c|W=|Bh|HOKy{C>%J3@
zZ|8r+H6nd{{iLE~*`b<}mmrmA{8WRDdlJ%rL%W#To}q01jQ%5ZNy@MC_fzCo_!q8x
zb46H1v;|CrZ;mdn-6=g>sqK$5H<)H5rH0*n+c!YnE5YQcu{wHPyVztNP`)K`bv3XO
ziFeTQst<w6YKmJ}Hw0=wU-b#Wp^pTgXmEqG1MYFfDd>%KJAd9G3SLmUQ|V9fRRc;+
zPd%sGo1p@XsJh&<x>z8?psQ1@NnY|!@p3%Mm9gi!S*yNThSTSi>xCoEGLx%T*dPC_
zK3<rIHG)Nonynn9j31xe!ELe>J4iwp-OZ&1%b#}32cNRbgvhDTdd7->2vcnO3Mt%o
zR22P|KlOg^Lw}@|mzlgUh+KF7hZA-R_k=AFARuTl!02E$Fun#45CtF|+z(y&M--)~
zkX(>sZe#6y_I>oP0}9KH=o`);bPVMO1Tg8k$trp`n2F7Ga^3Z^)#GsOamw&Zg{k!R
z#))<PgT$qb?T^4p$5RbO!-dM}I6Xy52LQm|3iCFSKau6y+;9-IKxK<o>|f#dP=GU6
zM#KYRBI_eOICiiDR%oBa@n|ggpZJs>v7kQ|)(*x)4xxl6;d76Fl^)QGde*sDZnRit
zpWm`UgACR9MH}@~KMp!Y^x#))Vw2>dEk%BKQY#ne{MWqyu__rdoOP0@hS7`G*TR#L
zKP;$iLuM2_a){&S^B&D>F@2K;u0F-emkql27M7pe;`+bWflrlI6l9i)&<zY@u25WF
zwDF}C1PJ3Fgm?7r0vT#wDFR0-o$U}(mFbNTHKA{4bju%BGC<|P7MrYogl8T-Olsbw
z4mFZTa3(yxIwP-kt5mWRAs6DW9(o)i6tWta=+D`YyKx$a-NoT!eh(XsDarDkuleNs
zsMx<s-|C+r6)s|uqA09}kDL)6Vd|!yYwM$sUEX@2Esxr-rA5DpZxXZW3_|AwJTv|B
zzDJ)sxS{%g0Es|$zs#NCcKI$ZXV5?3!FymV%kVmZ%nwjY2MDcD`jnF&SX+M!d>m!9
zKWFwavy<&Bo0Kl4Wl3ARX|f3|khWV=npfMjo3u0yW&5B^b|=Zw-JP&I+cv0p1uCG|
z3tkm1a=nURe4rq<n?QsjYC%O&)T=1Iy<WxF^@R#b@Bf?GO|r?R)Zgu|?d*KtIp;g?
z$2VVk_0h+PXpJ<$boY%n?plBM`kFp1c1TahYr-|L{+jxln2{PvBsDW(q(dnqu46r;
zCv`2WV{=f;hGK(y>`*qB%GQMYwPaSWuNfK$rL>_?LeS`IYFZsza~WVW>x%gOxnvRx
z*+DI|8n1eKAd%MfOd>si)x&xwi?gu4uHlk~b)mR^xaN%tF_YS3<T8ITeRCqIGc7kV
z1C0Y2EuPdHk7Tr=AwAQ$#d_UizjbMev`kK>`PXTOwZ^2D9%$Urcby(HWpXn)Q`l!(
z7~B_`-0v|36B}x;VwyL(+LqL^S(#KO-+*rJ%orw!fW>yhrco2DwP|GaST2(=ha0EE
zZ19qo=BQLbbD5T&9aev)`Al<gP#ctGOU!h^j3Xv@LA;WDDlMQYrbV+s$+VEE0%Rjb
z%rYhvQzV+!&Boqc5fEBLewEIn^O?L;cVxPN$z>Y7yE<o}bpmZEU8vF$3Y4OC%2dPT
z!I?eqkrc$JDxyx+wwIRE3YC`8>tL0B7+0ZSiPda4nN~5m_3M9g@G++9U}U;kH`MO+
zQay!Ks-p(j%H||tGzyxHJ2i6<M!cBG0fyi|!BQcLGEIdCYisBdl~&WGOqDbDWoiOT
zreS;JgkAt5R)D>Z)>qJ43K#WK*pcaSCRz9rh<ItEE&dgtb$KG4FgH#UZ^A3R)IzN)
zHB+0d)}2~LPn&;U>JS8)X|qkVTTAI)+G?-CUhe%3*J+vM3T=l2Gz?`71c#Z>vkG;A
zuZ%vF)I?Bave3%9GUt}zq?{3V&`zQGE16cF8xc#K9>L^p+u?0-go3<u6|EOLdzb=K
z0zH;Yz@<|uEgg>_WdI?oXJm@Ps6m_FK9%;;epp{iCXIh1z3D?~<4AhPkZ^c-4Z}mO
zp@Sa4T#L5>h5BGOn|LS(TA@KB1^<gfYsQcrC2PxOh{)_**{4Ax{WKuB89b{DHndFF
z!4_I(AeVv)b`KB1pB6->r67<@Qp!Vz2yF573JoDBug@iPQ=tr2+7*HcE3(5`Q%{A2
zp%psJG}nJ3lQR>^#z-QI>~|DG_2_261`HHDVmM&*2h2e|u<fd@Ku~WOXb6PbQ^R7n
zIW>G(OXl?228C|G32{9e%Onc=sVwIVZ=g2{K5s0>v2}V&CZi1_2LA=x)v|&YrWGaH
zEe3L=lw}aSiEdWu&2-C5U0O~MpQ2Hj-U8)KQrLg0Wd|XyOt&Gc+g8oC4%@84Q6i;~
zUD^<idn>(7ILW`xAcSq1{tW_H3V};43Qpy=%}6HgWDX*C(mPbTgZ`b#A1n`J`|P_^
zx}DxFYEfhc*9DOGsB|m6m#OKsf?;{9-fv{=aPG<V74~Jin`uk%EKX}<Z<r1-L%9Wh
z?oof~ee@s2q-fc$)6_FspGa>1$)qI2n`vZ(R8tkySy+d9K1lag&<E&4MJgrxGTo1C
zhW4UcKWbXxjnEyTk5tfy>7%F<X=}N(o)o;tOCP5P1l%W>>R(e|_M^wtOmO}n{57Qw
z_vv`gm^%s{UN#wnolnujDm_G>W|Bf7g-(Amg<kWxmVO9W$VW1biU2rQoj;<|7(EKD
zghKnSX+BV=&}Z<H(o7WBtd|}a+|<!2l!k1sFI#Z$>R@NtZ2eh!Qb2zWnb$~{NW1qO
zOTcT2Y7?BIUmW`dIxST86w{i29$%&}BAXT16@Jl@frJ+a&w-axF1}39sPrZJ3aEbt
zugKOG^x537N}*?=(nLD0AKlRpFN5+rz4Uc@PUz|z!k0T|Q|Gq?$bX?pHPS7GG|tpo
z&U5}*Zofm%3vR!Q0%370n6-F)0oiLg>VhceaHsY}R>WW2OFytn+z*ke3mBmT0^!HS
z{?Ov5rHI*)$%ugasY*W+rL!Vtq)mS`qS@{Gu$O)=8mc?!f0)jjE=p@Ik&KJ_`%4rb
z1i-IUdQr3{Zqa|IQA0yz#h--?B>gS@PLTLt<PX!ZH@)-+(a5|=e}u8nBOomn)$64{
z(?^76Ub3_fH4Y_p6TQP<ZS(#OoFp+@n1fdSfFWO@zY8n<12P)vZlll_c<FzP(C|YL
zg63OvistA@$Gt3xp5h^Pl(wW+>6F=3=v*e6s_6w`a%Y2=WmZ&nvqvZtioX0@ykkZ-
zm~1cDi>knLm|k~oI5N*eLWoQ&$b|xXCok~ue6B1u&ZPh{SE*bray2(AeBLZMQN#*k
zfT&{(5Tr1M2FFltdRtjY)3bk;{gPbHOBtiZ9gNYUs+?A3#)#p@AuY)y3dz(8Dk?cL
zCoks}DlcP97juU)dKR8D(GN~9{-WS|ImophC>G;}QVazzTZ6^z91{5<+mRYFhrQeg
z|Kn=LOySHXZqU8F1`dXWOJ?NViPE%&FB1@$8!ntuI?)geXh|#JJC1+G^n$h4F)g-P
z4WJMPQn{p=fQtw0)}uk;u*&O2z+G5?iW_=1kTy(!AJzj}de{a9WHY+*SqJ7`<bkc|
zdn1N%C^sZC29ZVW9h+NvBfAf7+11h>={VTi)3NK|)*W3PUT#5a$D6oyqH%5zjdO$5
zICHx_V;1Z)4A(rT6aasvZ{{r`HnxK7^fMLS1{;H{o<8j5hz*F@WkKQmDI*Q<U|JR|
z9m8fBJ@`rt7`%%qSVl3E4kk!!MHnTK=y<n%1z<=2)S$m`+L^V}{Lsr+@g9|X`D!$S
zWzLHj0|VlKy`t#swfWnx@;*KwX5OQSK)B#Rk?xuqlS@q*5`}+jkB+05{Y3-Ceeimb
zW>%Kf$Mo!EpQ)=HV^lsj9KSz->ROVIrXAI0!Q?WUosf8t6CR*rl382^sU3q@($L~E
zC(AoyIjS<FBbkdC{fLn{v^$Z~4UtZ`)5}AAy@w4(gLxi!Jq#&kTBR;Hi>&2(el|I$
za*8oAtqGQs+O~huhBCOFw(^b&bol)FWsp15Sra3v%&#w<U?v<+GY3UMPW4%i_Qshm
zHO;}S6W^rrjf`>Xz*!kSi!sV>mhe(I=_Zxmz&E1>i6=yB*_X4M#ktdNg7_G}MVRGQ
z7^zX=+mQ}1xtg7JN9E<W+2sLq6(cKQj*_!lzuuckFfD(b<w9nH^qu?;p<s+tb4;V9
zr>(QI&?4}=tP2#z2<7N%zf9rxzynL~!MgNpRvXaU69c*^X2<O`Wf>(c?$=h&o~Fvv
z06*{JdsM!gF$KALcW(}@Q&<c>Alo`@3h!H3j^@5rFMp8l6-q!cb?1iS$oZfU+}A2<
z)&2ZoL34kkSnbf=4>q<Y20GKGZY2oJKJK{1fyfjVxsUS$0teHMJJ@NFfxRA7`D6T$
z=$@VwzaADX6mr4*spf0dvZz@nMLst;4_oZqwPRaH+ir!&ra@ZwRQ#w7IS$Ah5<@oj
zWA@tP_L>d%guV7zM1p=amds@nhpkK7mRJlb?9zYI&?4ftd8+RvAYdk~CGE?#q!Bv=
zbv1U(iVppMjz8~#Q+|Qzg4qLZ`D&RlZDh_GOr@SyE+h)n%I=lThPD;HsPfbNCEF{k
zD;(61l99D=ufxyqS5%Vut1xOqGImJeufdwBLvf7pUVhHb`<Oo}66o?X=p>8`+K+G9
z>llAJ&Yz^XE0;ErC#SR#-@%O3X5^A_t2Kyaba-4~$hvC_#EaAd{YEAr)E*E92q=tk
zV;;C}>B}0)oT=NEeZjg^<nOEeyy!cWw3aqRR<;`KZC?Hn|5()KpSVc;nb*3>LHx}p
zic<&Fy$hApNZFROZbBJ@g_Jp>@Gn*Vg{XhVs!-LSmQL#^6Bh-iT+7Dn)vRT+0ti(1
zYyOQu{Vmgyvx3Tuxk5HG!x2a+(#>q7#Xji%f&ZxT@A*$m8~z`DDl?{&1=gKHThhqt
zSBmSp<nUy6!0Fb87~QOP^{@OlmH)yom&_Zx2Vpjp&c7p7WRto+B%*(t0DqOwsQiBq
z3A2kc1`qX05+NNtEjfx_QC2=#!sH?szT<c$88eRLmK4}Andnm_6@|Zyr?(o0iKL(n
ziEk^`6pmqawJdp6X^zM)o+NUHI0AlNTN-g`EhUs=ih{Cl+BLZ}Pnr+6k`@$a%)(a(
zD>x#kQc$Dh6W76k!dHlhS6V2(R4jj!#3(W?oQfEJB+-dxZOV?gj++sK_7-?qEM1^V
z=Sxex)M5X+P{^{c^h3!k*jCU>7pYQ}gsEf>>V^n1+ji40tL#-AxLjHx42bchIx9Z<
zz`>51CG4Iboc%m0DAfvd3@b}vv4%oRoYZpZ*dW?+yTcduQlxreAz&6V(Tac9Xw3_`
zNotT9g&r{F_{!Xb%hDPJqn`CWqDwai4M@7F4CQ?@C{H~rqxXwD(MFpB4!uljQmH~(
zTXJJj3MEVHkt7r8!^R;bp!H=&%-OG&ONKIOgLJtng(VD0u9%2LuXKe7h$?9lQ^#cL
zOo}gOx^+ixt2Izmb6{J`u0VexU0j}8Is+?LWLGvQ66Pg0ax4n^G+xW-rwp&fIZ0}l
zI?y~wn^6o3{jj*VSEQ}tBVn1#sVTQB(l&Gf(sriC0DKR8#{);Sgb5%k`%l#BfM#W|
zfN5C8APnl5w%nrNi{BWrDgudYAZLGEQKTzz^rV(Bst!UI7|8?nB_w}@?_pYX_G?9i
zgK?yo0}({MC^6DiO!bB88kijN><T5+IyvxKBN7h6c(t(&xeiNl%!`>+BCQ8v!rg{Y
zz$`Hf$t<u<%LMu}Mk)|9;(8xsD_Ux=xWhRMYx@Oj2Z}9bp=;<FPMg}%$*L<IEPm*<
zXmlHv&$sLSn~hvLZr^{nNm}u;#e$iF978r2pKeiu#q~{hF4d=Jb_*WpB65*zl~=?Z
zDfq{dPULwBzbc57g_W*6&C64Do)+inqG%*fD=TaB)OcKep>B*WdxSPHMMkJ{&p0(l
zyXx|^X_VUQBdh9)?_2P1TV<rOJ5RetsW(qo+kYeDv^TncfA@bV9dMo`&Gi`7MWc?&
zSdX((@5xi5vhE}q#ntPvniZ>iiYqy+91$zg%3%OjzWyY=X^f7I)2-34bDVCEhECAi
z^YqS9x@(k<kJJ02VOPlS9HsX^LiaI+-G28Y^f9L6eA@34zdy<J1W1SFJe@es_xt6_
zybzNXjMEr!1?qqJ$eCxb{#c%#I8J_`$xzPc{qn&)J)NhohFv3P9>D(Bto;VDKfgIo
z-)s_q)d2mr4O;DTUTgjOe4f51kd6T9`xa6_AUP*N{jz%!Z0E!Dqq}JlfPZ2EyGN*E
zoPHJ^rT;z^0vaI03Z(WcdHTh1suHxs?;>yWLj~GlkAQ#jSWq|nUE}m()bBZ1`Rh^o
zO`d+Ar$33kry+En{&JjrML}&gUj3pUFE58(t|p~g@k3p&-uvoFzpGktUMnQ6RxDA&
zibYl_A!{@9au^_fB@6;1XHLORS}C(Hi&J8=@>Kw66&QJD@w>_I1XJuBW3_vn?f~bb
zTv3_J^W1+E?921QNo!MQiLHISD9?+dP0BsAK+yB?l009uXXMOteoGX;?5I|RG_v#B
zf~l?TPy3zGkT`N>WlZRa=k7Vdbz-66IQ979fX!i7Wen@lu-oEcweu$76ZXrc&JWRf
z!tL<p$n#n-gQyuHeVo@veY|0mFF$4f+$erN%x!;reB3d{ojB_>Rg2JqNG{;`-H@L`
zKHfgY-Lve@vsPT7B0@716|Z$Z-Z{!WV;qGHV!`h!S>b)rZpc`9J))^79ey;7@-=zZ
zjys+j=U6maKhDddqZ}XQffIbFYn)R657nRGEG#j`M-Gni4deWVXcr=HoNok4SKTPT
zIW&LDw*WrceS&Wj^l1|q_VHWu{Pt**e2;MKxqf%Gt#e^JAKy{jQz4T)LUa6XN40EO
zCKLskF@9&B?+PnEe(xB+KN|M<@$&<DzAw)o8Rw6|kDN_Po<CWwfTvH*U!LbrTka*}
z^#q(toKC+#XuDZh7WPw4@F)mDwN@Tb{jPtoX9RA7l}E&i^zOQ_C*)WB9ziK22%X^1
zOwbaMA&5bzf|}<9pNfXnA~lcS6%kUZMPe)K{hqohgq|!VRQTzhpm~B%kMq;fh#!*r
zo%K-Zm-GCrm4%~SB2KO@gpVcPHjBj9C$O;{?auQz@21ruVNaTa$G5GN5*X*_qXK`o
z{-BS)Cqj>ZP{jM;DemSl!tAG2{Iisge|}6`>*BENm!G2E!s<fTyY8W_<NS-L6<;sb
zgM(k?`FEBh{W;qG6fH%hgT^cPyMUfPHYV{1soVW>_XsaUit2`a&pfn!ggt)wG<~No
zFFD~p(1PRvhIRZaPhi})MXmEm6+(X?Aw+GxB}7gAxHKo)H7d=m&r6ljuG2KX{&D9A
zNUe9Q=^7yych#S!-Q!YKbbka8)p==Am-8`N5_Qz~j7dxLQeaeCHYTma$)Fy}ORKS4
z5sf%}(j`4U=~Aq(!-|ZRRXvQijeGJ^%cq3itmW;FI)JsU8k4pNmCazDyH9@=bqwS9
zq)y8?KhH}MpVTd^>?u+Cs!&l|6KH<*pikOqr$wK%YZ7(>z%vWLb^+m&cCQ+h_MDo+
zaXmPW7CD|K$-d&cg$&GVPEi#)hPjGYx|SBxatca)&Ig?*<!7b1bIf_#dOqX)u6Vku
z+>6~uiQKE)tF7l+ci4JvbZ>vQo}1mB?m;{w?j6>1xBD9F+2<a#o^N&^lUwmT=DyQ{
zf2aE{@swNTF6+5d?y;V|@__ZcPQFPz(Z}@TzXsZF^)~BCqMhWRz2qbvJx_w%G>p#Y
zP3U>vfnMicQVHdhK1yDCfacJHG?$*GdGs93XO$LkB~?nFAfNOoRY`xRs9JiG7CM&D
zd5!=ra;zY~qn6HhG|^&58(rYoNlP4qwA7KN3mvymz;PR0<oE{FI9{S<P6sV_%Cy2c
zk6!1jq?OJf1)cR&>%5d!IoDF1vxVxNS5wG&fEt`JYIGi>i=Fq;YUc>8aXv_wIKNAm
zI$xs8oUc$5M((w)<+NMQ6{7X7iz)2tqz$eebh#@<&91|=(KSq0xZX>fTn|!<yNX)f
zYpKnB7qz?ZrVjV>v{~LlTjaOXR{3kxDZfD5<Uc`I7}=pOi5&k2P)i30$5jABB^3Yw
z$|;l46&#bnZ83ihd|Oo&|KFs|dwqTTXuEbx_tkY9bZygagO(A-V026>rHpl>gbmAU
z@|wOa$t%grx`7}nA|ePPsN0Y)k&2=Mc4?uE@gW0-f>S_2bO;VnKt&W3k$KKdvZh@&
z*WWKa@7#~`b<h2ubN77w;KKkGi<JV~F1u{?l1r+)jo^PqGZw1$R|k8l>#Kuyw9kqd
zj%CMuQ9ESPc-)MbM#7}YUL)ZP_L{+siDWcU?e8%n3A4VsFYJpNeLjn2bT>CI3NCJ<
zwecm{{XNM@ga#75hHnwEW-M&QOfzo9!Zf<cj3-DJjW209u3?EUWNxayRD}@GI_zXT
zXs)y(roev;J05Nf$Bj_LZ0wI4eSK!Uu{D-(j7VhOA_WBklQ$TfjK+u&3pbwKy}=AR
z3OoWc<!I8eB8@>i7EH$DX3S}9p>0NY#8jZt#!W_KUc?R>k@Ky-w6=+Da+_s0GJldl
zF|P?(31@{B7bweeajQGYky;y%9NZK$oyN7RTWNn&2`?k9Jytjwmk||M(3Z!M&NOYw
zT}t~sPOp`iw~(CAw<+U2uUl%xEN7WOyk@N3`M9ikM-q9|HZC|<M+r)cP>6CJ8jAUA
zst!H<<<&6(6Zvbpj!BrzUo!>VHN3A3vo$EF5-6b1Q~ajXENB~lhUA@|>x6=N0u#cf
zv&w(qgG`^+<m|?*r#g<ou^Q&1Mquiw$PR~d?zE&837K&PwHoSJy+Y#Jji@=^g7k6{
z=0gJuYothX3}PVxU(KNl58azlMIshqF>5=HoNur<s%R2W9Xq{B#|f;U4od{)<~_kN
zT4d<_Y!K(Am7t8IK-uvvGO*|CI2p@$_7s0I*GjMy9m~^0rwL3VXP0*;>`2lvR~b&P
zjumO|P8X;=d`c+z1YJlY7&H@<kqap&!!<|Dp#SH^5jM}u&=v+7id`!{so@NqDRAsj
zZc=a-S({#Xh8?8<oXrW@j#Xn|qGL<KF{27rQ{>Dz-Rts$X0IYE9kSIlqGZ7utSx^+
z2hOEC-eXviWZXQ9;$Va+WlHlU%y|f~w(|)o@(5J0o|3MQ2O@+B<@r*H4*65)(r^JT
zq+<*b06XMGclsEElst5dEfFJ;AQfYhRt}O0CVKdGh4Tk3-(^-{kukZb*3oM$ZffpG
zMs;jtk2ZjAsn%mND4R~OS73JDbj^Q440{oS&4<@VUYMInc0xxy?FE@$J_^n)b|gY+
zOj;8Pk^)6$w9nbnMms3RSr6q(9wP_)v01|=P}UbkXoS_1#FCl?>&9cjCHOS!yEJ<m
zQp)mp+>qiGd`83Nj00{X6dHFN84%)I^*MZ=*Ihw5FxD0YSJHV{j!9v(DT#k7##q~$
z87Dig!k3EiMO;k|9XhYz8cGVPukGe$N5@yNtQgngIs(U-9QZ2c^1uxg$A}#co1|!Z
zzB|+=CrR6lxT%N&|8??u1*Z?CRaGbp6;&#}$uQEzu(M6Tdss;dZl=hPN*%ZG@^9f*
zig-F9Wi2cjmjWEC+i?dU`nP`xymRwO$9K3IY`|SvRL^9Jg6|TlJNEL9me$rRD1MJ|
z>27?VB1%1i)w5-V-5-nCMyMszfCx0@xjILKpFhA4*}fl9HYZ~jTYYU@{12DS2OXo0
z_u+ot_~UfZNaN>@w4Es$Ye>i&qhgqtxJf9xi6El-@U<d)Q*=Ct5te`Q5P6%`dRnrl
z$Bdhy)utiq)x&g7*}2wOUorzH+382JwJu|D&JqQW<vA!>NPeQ>aXcYVxOUA--x3v1
z3e=7+%#m@}QuMTjN3n--=-{@rNtyYdYS@LJ(G?*np*HILbUeo)+l8N#+F-;^(8w>i
z8Q6til8Y^NG7_qa*-n2|4}(k<-HF~R0v*cP7bxlTWNJ1s6#R<fo-lgMwQ<6-SvBL}
zXnf3H!pj<djo*wb=h;ht#B%;yzB#`W5Dh9`CFjWHgdOvfk*{TOM($kG8@Kz@t>z!N
zCYesAbm(}4qp%-;B%AF-LyS5Q6@Q|V&Y2ar$uWn(?U<u#G{}FXxA3+`HR_#gg-hcT
zCpM}6tAJ~5$H8iqGe<k$#ovqYH@r8tHcGh){z(QocAMQ#)q>stqXy;5$ZOCC_?L$F
z@o#dk--?Co{)CGEP^73Kb_^><U_Cw8x0YTb-eF#pG-JUui2N5H^Zo-AwQehxIdfIe
z!(iIzE(#R4B-wwSPPjRxdg<MvibBGz6PlV-p^#%-E{&KSv&dd~ZAFo6dxXY-z3wo%
zEp$y3hzTT<dW*Qj#Ua<#jPjFoF-c73l_hk`4w+U&8Hd2IoRwT2s7GtnMY*WZ#1t`=
zstK8vbIs@y=XA5V_fHpIQOTR8k11p%G-@~wJ3mtsvt)liJwGu&rV9G<^vGF(rFqh5
z-C=WntYFeyE#{JJF^?528IvcJ-*l}NaV!CN=5>`G8sAN)M@iNKQLBj>QAcHjIw0!1
zl6{UYd;|bA+CcC#3IGYysWLa4!KA}CsEV#c)JpJcF~NX9mrX2WwItXv+s%I2>x#v)
zy%5xDSB`&bU!9COR@6LwbI|OQ&5mf&L^GGZnOXEOLshxOs;Y;ikp^<NqRL8;JyrCa
zvqDu=FXUW<D*Ra;GGH{(NH5479ZSbRLC(aooX)WI?3{^H3ARRev}WUDhH}<W7hljq
zFKcS%8BW`i(QY%oh9g9{R7g!9MHYpVOZYto5Y>M(l-^>J(o0NIdbt5`(fTq>p%?cG
z;%aHXhv=-@!20#xf*q)++kt8IJ5cG{ff?Sy9hfzQIroA8N>Git>3xOUNhe8nUspSV
z`GL0DK}<_w!3gRCwOvD~m+Zn6jxTMde<_?egr$S1OySh6XsS!0Wh)wJPX+xd11YQ=
zMq7X2tU;U;Xx|ObfO}%y{pchi>ryaM2zAy50_$ltt(ew6h#CF@+U74D#H@hdQ=dX_
z=OChf#oerWnu~l=x>~Mog;wwL7Nl^Iw=e}~8;XZ<v0oiPEAy8H{OXgW>%co+bp)3O
z{Mryc`*3ryyIC*S%Zu;8Y_D3bFAn%8NTYv?y_%Q4zR-DvE(Q*~>ec+JSA76q7D#_w
zFR&HI@z>V`9-)x<HM0L391yS8Rl0Qu+sVyzEK;~_7<YCK9C(`S^9*7jg?oHnWf=Fe
zVT0tx0ABAbFY?@u=e)|3*i$c81^kK>r*ME%7~<$Ykd?U8uZ~EqUe&AlGDqP{uUvna
zvy#q%0y2VKf%UxO(ZC2ECkuzLyY#6cJTru6Q`qZQQ+VF1`jr8+bHIwcJg}=iko8FE
zDt(bW8pbOr>?{5KLASE=YFFv&(&IM|P6@wK(5#jhxh@Pe7u_QK<?6PNJF_W3zZp{4
zJvoUWG@cIl3;2Lb|2&Mp+>d{x@L_-HM=1`rX8<oqmkWJm!bN_G_7PDK@a)9<fq=KL
zE8s2@o{oYtp>`BDds3pf+|$)DBqpXrDP>JcOxubC$Dy60;8(mfG^6yXE(+N*UWMW?
zA~?H-#B7S@URtmlHC|7dnB!Lqc0vjGi`-tNgQ8uO67%USUuhq}WcpRIpksgNqrx{V
z>QkbTf<T<=W9r+DIo^V7lnT4b#G-MDQD0k^632JS`x7E^PP^~k5z!pr%P=HP*u~%J
zqb(CB%Dwx_#7UX6rFkr-r^8L+JaIC$?srRi4>i6_2l0TUk5SXdbPt}D^kwXm^fm04
z^i66Xn0`pLmnhX(P0|TezL<YjiaC;2ixVY1S*(^cD*D8$;uLX_xJuHi#kG=NFSbj1
zvly22A+cA|z2bSX9}q8!mn6Smyv5XYjq67D1hHJwBGKa7?z&a-OqsvUb*JQ+GC$xN
zlsr@Bhg=Uzo+<M?U5`kfDf5rHo{&6K=AUxCB6+6F?{mE&d8W+2?RtM#@=Te3&-H=i
znKJ*OyHN5>iFcQ{E0~v*cmmAR2|PETl7Ls>OakCexUmie^yDw3ccuqd5(wV_6?YM+
zegsV{M=^n{F2a}~qL}DfhDok9nC!X$C9WV!U15~DF2xl0YLvS#K!rPqsqS7(b8m##
zZA(3F3H0v&0Z>Z^2u=i$A;aa9-FaPq+e!m55QhI)wY9F+db;s$6+CraswhRp8$lEl
zK|$~`-A=dB?15xkFT_5GZ{dXqUibh$lsH=z5gEwL{Q2fjNZvnQ-vDf4Uf{9czi8aM
zO&Q!$+;Vr_pzYS&Ac<0?Wu}tYi;@<xZb*}~#G4&yy`V$Et?fqE-EB*4sph7Cp%=;2
zQ@KZTXQv))ZZm5dKlAOb)-2eL^y=JF9IBYes5oS`N5=A5tT#5cHX2@wdhSCBLZEz^
zbWK1<N|V5HVnRPOvZcwtGcrxd_$RT=q}EH{`7pm&5yJvgH?k*vE#uHXZ{ARl6*0<w
zU*pF~#D0^f14bo&?!U)ETPoduHFQSS%8-fa(_fd%EWa&Nqx&jW*@3{~%3p*3@amO7
zVP*BofrH61il{g!VQdT|s5&TPJg;U1h7b9bQ0Jz|KQn}CPH|Pu8P0;k!33{!+%2HM
z0aVtmuU{~={*39`GiINF0a_SX6g~k^O9u!<o;w0-0RRB!0RR9{O9KRxNDvm2%zH<F
z5h+8q93HYw5uy}QM_|d8m%xHt3D{+J7m{e#O4`V2j<#tMr-_uta^2Q+TPKZL38bS$
z>J__n)1+zBq-Wa3ZrY|-n%;+_{BHn|APLH8qfZ}ZXXee!oA>_rzc+m4JD<KzMB7D9
z(8Y7-hIc*QI;y2l>1L)i(VEV-##+;VR(`_BX|7?J@w}DMF>dQQU2}9yj%!XlJ+7xu
zIfcB_n#gK7M~}5mjK%ZXMBLy#M!UMUrMK^dti7wUK3mA;FyM@9@onhp=9ppXx^0+a
z7(K1q4$i{(u8tiYyW$!Bbn6oV5`vTwt6-<~`;D9~Xq{z`b&lCuCZ~6vv9*bR3El1-
zFdbLR<^1FowCbdGTI<Yd=2+)}(UW@G^;5l|`kXa3rrUznCu^)v%E{e=0vYR!nX|Nv
zppCTz`^(c1U8kQ-=L(K-TI$u4PV0`dUo$m%%DvT#4b#<aQ_FQ`A=sI-(x-6Y&b>=6
z$L96-7^dOw5%h5Q7W&>&!&;Mn2Q_!R$8q%hXb#KUj|lRF+m8fk1+7xZPmO|he;<1L
zsac`b)EJ~7EpH$ntqD?q8u;tBAStwrzt+K>nq0Mc>(;G;#%f-$?9kmw=}g1w<ipB6
z>Dm#OQM0@K7K=BR+dhUV`*uus`*ND&2x<<uSM4PScL(Wqx`VBt3JO+#AM2-9I7B~d
zIIbfN_E3;EQ=3AY=q^DmQncV2xz0W-mjm8_VaHElK@EC-!ktWFouH=5iBgisaA1U@
z3bj)VqB)H4VK|{N+<t8Sy@S+2oqQhb)jYRLk8Nvmdp~VgXa~D*nc?&sHk7dJ$sp}4
zY1sv>wG1HL5>74*j@^8Jn_YA_uTKbCF<(bN-6P0vID7dbLE1xY%jjOZPtc<eNRz7>
z2-(JHfiJCYX>+!y8B2Fm({k0cWxASSs+u_ov64=P?sTYo&rYDDXH?fxvxb>b^|M;q
z%}uJ?X5}V30@O1vluQ2hQy*NBwd}kGo8BE>42WYjZn#(~NPFpjeuet!0YO{7M+Et4
zK+vY}8zNGM)1X58C@IM67?0@^Gy_2zq62KcgNW)S%~!UX1LIg~{{L&cVH^pxv&RS8
z7h5Dqhv+b?!UT{rMg#O##tHOouVIW{%W|QnHnAUyjkuZ(R@l7FPsbEG&X{YTZxd6?
zGc~wOFg0-e2%mI+LeRc9Mi3vb*?iSmEU7hC;l7%nHAo*ucCtc$edXLFXlD(Sys;Aj
z`;iBG;@fw21qcpYFGU<ZU9b&zvU5M^3yjxqjOiRCV+cH$TcX8GLws9}Gs}Lcy$4KV
z&`E{H>6D<g)!Gf169pGr=vv-Sd1i<C%9rqFDP+<_g&i<|H*Xmdk{4fK0AKi6FGJC#
zf<g|RMl=;BGMWpW{g@gU;O)-RBx~{*#M3#;(S!5@oF5!|0^%8|FE#{A^#<wf^bVH&
z!HU*ZH|{MMxeRB8cPezAfzmi9F@V$}Gse4MI@fwoKU-R}2(hyP`)+!VLO)FJ<y4Nk
z!5t6MkI(^sj^Q805JSbp{WgUA7OyTVf=%8}KhC;*Ku~;X4=u6sL%i}Sq!HJu=(;*w
zQ`MiKkFe}VIcvPFfXXOH7nx!E>0@j_)KD&L`tcGuKP_k_u+uZ@Sh<3$bA}GmGrYql
z`YBOYe}rLeq-7bVTG?6wpk_57A#-P&*=D9tDb<vJ$!nA9xOQ4sM|Is)T`iB$29KOE
z-0_Y!v(GZKhMia4am~e#u5PJbJTk5!5Jn35E$W1AVWB&zA{r<8tP)wo%Vg0}o(EZ}
zTs5eMgW$E9nUDxFyhPP(s8$YB7)%~lUan?sD~~95?SjKB=g7LRgD=)!eVM~{E}^zL
z7%lIAqb9AAiAuw>G+8N86Ovlm%$~Fhhg1!#<%uJPW4P+L>rOa{&N2gbFd3Fh-nnA8
zlL@IrHd6K33HFYag|7^pP;EZ&_CU5|tx*P)T5w<<O-<vHxNfy*Om%c!Iz=^Hhpm0u
z002R8KaGlW4r{{&(>3xsYB7C+*ZJvZ7o_)pdFg0Mq37s%lo=)Pp+u-bBo85|bFx@z
znXN$P1N#N~1jF)^LHc?61qH?2r$7+}^DzU=b4Sh0ILA`+DkZGwe8`w6RaaLOy2{+;
z*G-qRoS@LWVrj2g$m_QBE_9ft8J2%>-hNdge!7N;!t-RmW$Sx$dLFwX06)v6%V+3+
zI_SpK&${J_g&{nfAAf~@mBoJzd1aB-d!go}pMC=xBXEb1?t=6Z2khtQWf04f1vH2D
zAzR~Tj#erum;iqZ)uy9mW#IE(g6{gBs0m8`Hho^9SLk>6WYl=|`BSI?aM#~0G0T@g
zhZQIE7P486_X7pDDlh!Lpxdh5G=KJg4;1<e`z18z*=m6@wEj?`FVi2Pa+C>hc2-bl
zI9c0tmCMY}Qn=5b(4Vqv{|sKKb)cXA9B?~><OzfSCFiKWps(}K6TAw!Ns&-wCddWp
zm*|%np?{4kvd=0Y=(wVg0&0N%miZa+;N@5j(BBIZ2(f>}U6*`p`RQ9+ELmfJLHahw
z(?8R{AQudS8<=zg^lz2qD}8im+_uhWqYUr=fMT#sIo${8zZfe2N&j7)tPfNL^8Z2}
z6)v8;x|<$fDzHr5?L0g@AOmYTwm%3~HQmw+c~!W5LEVM>2|z;BF)jd7U&jQ>xPb5h
zeEn5a91wogI=6UL`b7g^&v-q5Y#V}Z4=>PWem5wViJ&4Bv3x<oU9vK-O1NSroFrCN
z9%JP_{h|r#yVl|1WYtAWlSv%7TC^ylS*)4AEa?}w0isAvoaxNcBMpSQVEx=2c3LOa
zD<UK|fCBJ%>eU=0-BSSJgLq4+X0GzB+;^$X5GmqzaR*xhkIN?DGhN6_q3Am7=yuN-
zb_|MEpaRpI;Cvp9%i(}%s}RtlP5ojEwsLfL7&QhevV-Nsj0eq<1@D5yAlgMl5n&O9
zX|Vqp%RY4oNyRFF7sWu6%!Dt0yWz|+d4`L7CrbsM*o^`YllRPf2_m#~2I3w7AEh+I
zzBIIu%uA#2<eNp0BJLBtSYS9@dD?bi0@XoK^n)oev)4!bZxs<vLe3qt5v=_F)y+kJ
z%vl%_oBQ>wR>--P{=o&yasGhV$95c?|JRlO>qdUDA33j5IN=@U7M#9+aa>fFb^X45
z?2QBBpdyCETfk(qrO_G9QH{A<cLc<ULa)>F(1{Qg6c9(jWVU>`9kPNV#kqZxKsnG@
z%?+|N3y9-DUAf>)sBX#CYB(Ss;o`eS>0TYtk8(ugt>(!)?E#S%6uC82XIZqAYlIHH
zMHZAe8xkWHvS<a9b0jJfz?<GaD+4lInKVp&sE{Ak?L(6bh97@P^tM3Wi*|h^b$ptd
zuF>k$;54;FuF~4*RSLzf()!C1J`J>iHkKBN2e70b?Xqa3NOvAB(w2*)%usxAitdXR
zX<KUWWvZXL`K`z`+L205)0?jE@pO4xyc?gTjgc1b_Ef@Gr0xr(L__%4ee}FnOx=7n
zIv9D8-Yn<>sosCjl0P-*iH$V%MrP>2!E3ZHl@yU_+CN1fffNwny;LnWvPf(q;(3vd
z)}hwfgz-(OR5H?(nx==K>;(!(<@t9;uhDT<@L}{HO(kEVmC@_oXQ(0S**-;H@pAPM
zql=DME;|u{PV`eSkr1cw8-cy+VdH~Tho_^5PQzI5hn0Vy#^@BR|0?|QZJ6^W<QgbV
znX*yqG0&d+LhNPoUT(_HP;TfNnW=;~I!$kDTt%M=Bzz$+TkK4#tNv+fiidojmii(+
zJ_T#jhg$0EF0t9a77uxgbgoE0g!SjKewv>2bop9*@$1i0N4&+iqmgc&o1yom5?K6W
zxbL!%ch!H^B7N{Ew#U$ikDm9zAzzB|J{M9$Mf%ALP$`-!(j_?i*`%M1k~*I7dLkp<
z=!h>iQXd~_`k9coWTEF$u+PukkXqb;1zKnw?ZnMCAU$*2j^CZL_F4f6AMEu3*y|O1
zH*on~MrSW(JZQTj(qC~jzsPRd?74SC6t~&Ho{fJ*H*AMvXXx@p@_Al3UkBY^gXE<b
z%D_djRJL(fIXa%bMpsj*{ZO-5q)#*MZZPi7<Kx!_AoID@5bq4r$BXovGxP-soG)IW
zm3*n+J34jqi&Jzg7QaScX34Ll*fZ1g)sSzR{<uhAOL!Z-3;gvlT3PYet5Y|>8Bdj+
z^csKuPu+aSU<4<<b|Y4#zq-snHxQu;;<Z;=XtiwDk}BI)YLji4x@3Dd?UC(X+9%s2
z9gyuX9hdEKIsxkvX_S@iI9akS(EDV|zbyAb`lxJ6eo^2LU=y=-;Er!pY=|+xWQ>E+
z*bM#6<<w9lb%jEVwCIVZZ%)(S0U^Lp(?5UUCszLcC;R|PMf%sWX#7Oeze~~onVq?T
zvk3mF2YWMHeFqUDPpkt#nYqN3SR^Gwc`#ZOp3;fHc2U5RA8r=)rLCl^E*&i&6g$x@
z0yt?#tSE}ciVo|C*xX<);bC`*gjXbdQe-WHg1wsXvs(d>ud+wQMn*g0ivOoLF2sMG
zMX|YA+;yTTVpqi0qIi@1?JkN$!q*sv^Y<6Uy<Ogh?m$Dg67t0)3WA7GcSiIT#r+rQ
z(KX7NKuhq+<J|$R8=o3JR*MJn4NrZXf@_o(?~_kmq_y!iJg9dEu81Ut)+j|W9P-CJ
zEkOW@cj#8S15-Dj84URo-YIg*ZQ_3#y`E|oho;5h8_|$I<cnVsN1DZ3as3MHz=MG(
zn<@fx9y@v&?7ef4m$BVo*JklBEDAypjm_c&KI8I=qs<~yvUFrxjNPc-`6UW4+|Px)
z`~|PP7P&zo8l#h9R2Z^-1isDFS=r~7`)BEKu^D}CH=zG^dQSGa<^J>Z3E5ufmiwQi
z%d*cc_c?mG&n@>~qR-1dx7`0aeM9!S<^Jm^0J+aC`obd`xi4Gp$3(a6bIbj-cuMM7
zii;+o|1H4kBUC4n<PmA~g=DEZ@_ZLiO9u!sB7#f#4gdgn9Fx%%9FrQ0E`RM#6G0S)
z-?6|#DV9<|u%NhpwS{FZM$%AYVn|F#8a38n<ll6A*e>ix*$<2{av@xW8pXsPUVs;6
zJVT3+(1xAt?9Q3@Iqyu)%%8u%egjy8DR6vr^rrerZ%S*Q{Fc6<Tf6#-ZUtV)ab@fT
zzTpKe;&@0d$%uHeEhEEflYg}zC0?X&>`FJH6}@8{p6nQo%F$e3uUKnOSQ}Q)_}#>H
zIS{p_QQ;x^w&N3pj&F1Hkiv+)I9^?SyjnF{bf|wGg%C(Lf+V!)h2xUId=T2E9m<wV
z=7&&rIux4qz_uyWFeEU!Cl96RO5ZkLHTTGhHH-*MpGTiF;kRVdC4UX00>cN1L$QF^
z5g2*u_)h#xV5qoL+7?I^OWPS_a6JtT*$mPcAHy(mJmUtoz)Z1zp0^RJebf|pVGWIs
zQB0nO8D@fneP+6d6PT}AA2UVLt7UKlb7Ppryg<H>Ktn-5>!^V1XRwIrG!}4+mn=`W
zBk<_rS~lA<Y|ueMzJEovQoY~iYXas~$fZRtL07(a1=a?#TU!GSD_28(EFUP#hg|sL
z=D^Hz|L6K7D60g^T-8lJg#y_+AG()`*QD^R!cpOxY7iLXH>Zls_hOj;GnnAs;L$9u
zaRbuj_dhXN_<^afP)`ndO!qW}o+exVj;Uj$zv1Tc32vVWmrHP`CoJ`Zxvp@$E4=rv
z{Dp%8tK5(97c5fP{T{ZAA#Omvi%lqOVetgT%V6phEDiQ6oM7cL#+QIm<(v8kP)i30
z><Rn@JOTg!9+QD19g|)V50j3T2$SQe9FyLS6@M$1P(={Ilb|T{zS&HZZ8w{+o7RKa
z2k|XD2_Ad^A4;5v9-M{w_<sA%Ec^NO{s91E*kkar+1y7@JQi|^CgD>q=X}6rk(Ww~
zN);x^iv)>V)F>R%WhPu8Gn7lW${nB1g?2dLWg6t73{<@%o=iq^d`ejx{msu;S`%=Y
z2!BRo(WJ^CT4hqAYqXBuA|4G-hEb5<nm_x%7<3+rm6dp{G%`3UY#OFkBpSm<E6NgW
zcqgjt(mBjyjkXO92Kx)K7NHg<4R7NG%Bl@52CZ{tRCU4Nuy^wlP(@g8J^SzaGX`F-
zKkI@Ioes2Nhe6|tz5pX=lC6u;@nM_#E*`l9QjfHG{080E-#`tv!21SJO9u$+FkAd2
z0RRAMlR*$20WOn(mKF|Ba&K^Da&&2Bb4F=wWs^{;7JrRYTUQ%Z6#h<0GjS4HN}-f0
zHVuj)Bt)pi2yN9;D%b!Ou$X$mlgUXkFqs+8OrR{at9|fCv=92&*FJ@|tYsg3^WERj
ze<AJ@E(rmbX06H0*_Ur$&bRlUf4}@4z$iS1Cl4MhWPXh0xv?hfLTo%{6l2Ml;Z$7H
z;=bwFseg)75G0qv65JD{EOReql!dY8RV!X>yvQw2Bx7zVRpD;RR2ccOu@PhR3faoc
zzJIZ5StRhvJT*c`VV6u>2x;0SlCBHsQ7n>YhA$6iQU$Rd`#A*0pf5UAX^2~<B^ct4
zETv157c7z9klb~JOy7|Xy?j%6%4V9|q?8&041XP~e4VE)ZkN*Y`Bh=~8iEXGOTu5=
z^n6iicrsj!XY1CclU6VjgS*G7Z(8YD?oKd7n)MoVhM?)~rqvc7yca<P?K;9Z#n9dG
zopdaVB2#Uih7N|1sJQ+nAu^naw+4xz6K8dtK^H?;L)FMr!#N6j)wE6jdOhsj2+pHd
zM}H44F!VHMIAgn2f6<qMS2Vn(qO}xQcYRw&A1*QkEQc2u&Nqyj{Oh)t5L03L8BQ9O
z<B15~Re}33K-i63r@2?AQZ&SM463ApYhrUz_^suVh{_#8Qh}xz+7GETq^VV=FC_OJ
z$#CwF@64W@07ftx#{0O;(0Np^;R=IBY=4~-_x%VyM0*%x$WXO538=;Us7(|h%yCR8
zyQ`Fe?@$Mbp{=&NQnI~{k9BDHgdyx5aB4V&8;97pYp&rY(b@C4^u1-%FB4DVM==$X
zZs9W>Q<!FW!>i`Ky%f6RGsoueIc_WKEcM!=sZzkijF|}LFs~GM=v-1aFc3dl?tifz
zSiqvXmL+l|5-?<rar~c9cd@L9@D;=9s!f}~ESfxTiTVIU<1PF@IuG~owVH=-7%nux
z7pk^zR>ahOL%3?PG<>&D{-(~{sG3$mZG!I^`lqCHWOSn}?5JWosiW?}R7Hz45Z6M;
z|I3ZkC#9f+gJwObwvJ7+lKPKs9)HS$N-3eNAWZc~d`TP=sY$X_md=Li)LwW?#|kR6
zy$<GczNvnPI6X;gmb#p!tvXk&<b_;P?tx1<Nd#3tViQ92F#JHL*9ejZ_$^Vx=_k;h
zqx;!5dUCn!7T(-OUv73NnM-UTTEjavytj?P-0dxp@$d_Lz%ZM9fsYs-V}G1Jt}*21
zYWTEsvWA(*JFipp-4U)~Ha8xq;fr5){z~))hDiD)DQd_qKi&Bw@f_bi%RWUYN$9V(
zv69;c&m~qmjV%;wSgm1gXbbi$O0tW%_!C_8B3ge((T|6edOrs0=ZE;E{$`LQJ%u*f
z!o+r*z$5x55|i`<+WrAhOA7}GT_*Z(_5%O__LC5kZhu>#RzQ>|l?27Kf`O2bZM(f5
zT<@B@D<m5EAbtj4XkugH3qOD#$~fD*)6yQc$<6G}|2Mlkv-|7!kDmaLflUIRE-&-B
z4`Pv)&X`&jm&H;=oD)l0tu8Cnlr=S3)5;9zb*3<CFbr0ykt|hN>C9-<3~{+a6@$%*
zbtze+^?#(ya}=}LbSblhT0Q6Rm4>3=gi)o*G!B_6$tq*ItV%e0&U6FU!uj0%!h9}S
zX6NEZ9}oimg4WPW?76Hk0#QwuQj$)~3QJw+v|eX=>YZgbHMJs34ZXEzFL($9Pw6>L
zDO8nGd&N^$GQH4GKq$+GsmsL%*AWQpwp1!JQ-AyUofV|o;~RKj0^!|%nF=P~ai{JL
zHLC<h+ouXunpw&g8Z`pm_j29J#63$Jz!fhv{p_t=V_L%`Kz0a>ol`|FQ<H7ACEC{&
zj2;o_UzJtaTqDpMiysIu0;7KL!cE-Di~Rc5?)J%kVLN~Fa_`l)55@)X!;Jyxg9!qI
zPJgNR{tO@77C^9qcLfMo-aP?^EKd|52qEs>7a$D7+<QP^$YAEymC}V`S8K;N<%0pP
zPY@WEuIjA<jKtz@#T+)=#G|opZTz4+wN=s19M<f3hxTt<1Q@i=yMQ9&8WCPU<d2;8
z`Hl906|t7FBi0~<k=GsV#hzh<Lq>PR6Mx&`hnhg>;JWrBjTd0T_>aUBJK||PoA}xw
zjpy>>3&$74TY?_p_n~D4+YZ_`VA~<vV)I)TTaPw~9^N$kZs2GEvl6t?#Npxb@pl*t
z-)cf6e5VPM+?(RwbSN5Z!i=X0(XYUNA&5cTP7sD3`~&nSW}7hU#OEMs$3tlO0%m=Q
zZxH!nhvy;XhDRLyp({S=;AwY!(!n#X_@aX^x#Noto^{2i9Q=_xKIPy!SA5#RAG_nz
z4!#U4F8Iu6JG=@{y6^~g$HCX&sS6%;@Mo~@hTDzBdx_s3==}pwO9u#2%D71HlU|ls
zfBSb6MHK#qJ`zHBG%at?7=^ZJ((sU43aGSzR{EkTV2Xg-WRfo3?8e<qTR`xwp!j}*
z_(VYz6%@7=M1Jrbe(;a-cxN|hk~Z~lPEPL5%>C};yEAv@pMP)u1z-biGn_klvcL6s
zU`UFOa5WKV3&fLwP#~_QGqNI?vZjX9e_Ddmyv`La8Jre}B_kXk=J63Dn>GS%Nl7ty
zD3D2o(^4iZ3mZc%E$ibOHj%F0n#U)zib4~{uoPZTL$0P|m2+KIQ#3oub%T7-d~5T@
z=GJh6j|NV-!5BPIEvv`*E?MCW0ZmUuQo58-cw|hMG8wK%_B(RtIFDydO?RP^e__!P
zX;g|RlA4P24jtif(}ij>mC-fQG-YluEa|d!vZky=`ljZ$Ff1r&IZhWinz9xVW74RO
zYid$XF*J6~9#4m@lhthw1!$|R%I2dC^$n%=%E!^TkD;QWai13pu*d@!Y6y9c-dw2l
zpbj-&crkx2s<6ZhH|C13WnOqNe@}d^VDJ{l;le5kl8?)VY1pm@y|@qed$1aQ;y}@)
zL?Jvc0$AuFD-SZv*SVC~K`>q0t1Aq34UJs|`lF_(@D?xDV66bu6ClOSK1t`Q>F~QK
z56Cm(MI(a3aT7ypQO-6;vTAZ&m6Uwuwr6=LD-tLFL<H?6QgI<nMUFeee`!h#>&h0P
zIO1GPDmNp0`#UM72-bPfjP(o)4PIiAp{Ai!ThwhM9u`&DL<uH}l-ubHx$y`?ZK~9Y
zSny)Aps5aR4D$p{4&z6OhlZIU&Kh(n^INe^Fi%^r)|ly%VR0GLB7w)TU4+s;ErCAC
z9Cl;J%ml=O7rUGUo|x&)e_8KztUg74i>*e7r45@}qS>??T@1^nnVwqpqQ|k{%dq*L
zC>flElRbiyesX2Z>T19VbuXQiV{#@+&4oMF+fTiOA{>-6PSIjcOoKFS6iq+l;13qz
z9r6xO;T=vS2R}50ccv2#o=Q|h+CAJH)AW%6InA}KX&=!}FH#s5e>yTlWkaW!*oqO6
z8SU{JV<t!_QE63Z0+nG{L6-MPiky&4KJAovp^Nih2SeZnMMKz%tS~-GIAd0vqfK7M
zaa6#Mk#?a3{aMwdXm*ardB$m0&ohKNw5*cwtD5N-jmDqrZvH|m_9t~M?XO>B)Hl0v
zvZTX1MRnmt>R(Ase@{zh`Mq(VYx=EF{=B@5S3GzLuQCMxe}@eW>)Mz!MD4@r)31AQ
z0&md9FQ^oyd75EqanI>gGg*_2aw+Y?TZJByZ%K~Lw>>z6cc`nDyCqzBkH{8`(LOG~
zi!9q#KEQ__ypNCak(H{r@CidzT+zgq{Y+dopW-YvxkPDIf8F?;VQslqQT}{=AzZ6F
zxnZyS=YB7*X}^!B6yLBv)PF1Vi?pQN^vOp4KT@~m?Cor>*}GrNCrA8Eop<;|;99Y}
zKl%=)R=@D=O1l<mwxD~5O4l#uk1-K%m+V$iUDqWqc}LRIe1*m{9bVw@ndqN42mODv
za#=>zz203Idf@c;Io*aod|N(Ldvd&;<#t}{mYn$t?;DCw($YAa`5v;U*>3p2K6PL7
zys(f}dR3lZQ!YEl$O}x4oh@DO@qatRvqM}Vm)_j>J-94ELt=Krd$CtZ8|QKA>}y<V
zzTppBSX9LW9le(3hd0j1KXjU0al*-Yd#gZg-i8a0vX>s5b|I0wKk~(gw@WTg-gz-E
z-n{phQ@gf~i|(7xw!Vj%cOG@#m!2tdzIT#XUxY_=#kr=;#50FJdPiKX<yKFcy1o8k
z*Vhme*INA+^^Z{*Ov~TJEWW~&aXfWTC*PM_oA}vtD>;<6g%q5bcD(S^wB;}3Jp@7<
zZ8SLqRYg^%-#s)lqC8l`qOsgr%x+u3JE@b!<sSKRnb(=jHhwv9Qt@|Sucb<K)Afya
z%I_TtFMr7U>)d9qQ{Pr~%n=KFw@&Ec@m*Rq_0JbiJ-FiiY_(H~OychZCO!23^?kxr
zsb6t9-n)(!fBU=h#GNC%a*MbEeJ^QR$1+>KO}iv^@kf((?fv)jjy!#k$T;iB`fx9s
zvzxcKJl2e6tM1)!{qv34mp6vCtlhS;y6DDUlXXfveK%ZiQ8{u;>;0mt%BNQ^#D=u4
zTW8m<Wj41rPiECJU$+b^Nu{k<Mff%c&u{Mf55E3|p<Ve|=wyMpD_NNivD{ahyl-x@
zOis!=-#lQibu+MarN#g}sRRyO1tvQ#l$l&3AUb)&QUMwGZSBBY7K~980`FRIT&O(R
zPgokP5OEPT1A`5U!mFZSh3fN7SRq$=Cd?OQDw6~Y&YEv31HOR~=$7d~D^PVFQvfUC
zTVNuCxW|rx!4}2%Hf5k9&B-T~<w5R{MqHc5z+i!*@Y3Xq3qqu0K$mC%ZF2_t9MwaQ
zCp#?kmjPeY1niui1FA7X(I2f1cFnnkS~AEt>e!<wD%1rlGGAmagSeamJ&dCbfQpoW
zx9{+SoXiS2dj7&9QRYljhRFg}iogpjz%sJ%Bh!Hn(m}C@$qJ;>45Xh8a%S}8iHk*;
zc34jqTp|rTRNYt_aaJ*KIuAv!@??P}v9jPJZ-M46271&EMPA8~VY0rX2RK?0r?4_G
z=%c8Lbe^oZLUeMavnp62{G3T(ETUTH>k3u~IlNU5tQh%hJ`)sE-+Mq6Yk?H9f)CP}
zY_Lp}$-xIK5$7WgHUV@9%T1u`HvwI*i(<mRP_RPjFlDep#GV4+aXcsrts}q+C6*h=
z_<@!gaWgRd2W~!4LQ!-u7pO>Pa>H^(8RR7~s8;^31S^uMk^xyMjTmQSU{F9Y?c8LA
z6*jEkA*0EOD@2*(y1`E9U7;!i9~1$43N=S==mjf!yh29?-XUURV9-M`*{~m^2y+-k
vO&Z*)1cp)oP!FoJdnQj@>B$Ny9`3IcWx78NY!UY=EiM6G;6aIVL4^VU&1=uc

delta 34727
zcmXV%Ra6`cvxO5Z$lx}3aCi6M?oM!bCpZ&qa2?#;f(LgPoZ#+m!6j&boByo)(og-+
zYgN^*s&7}fEx`25!_*O>gBqKvn~dOCN!``g&ecy%t0`n>G*p<qResKK@r<&JI$;io
zL^$urU2VfYs_rt;3BbZ`P5liB>;ir0B{<{sUU9M>#WqH4lTN!~PgB@D;`rIdQ#hRw
z?T|`wO^O=zovKDMVjuZHAeratT0Q-HK<<x`D52Q}fPq1FSv00k0PD?K4^u2TMU^C1
z6_c`U_;HiQfYbD+RVjZCAZilbAS%cS)_gj{x+KlJ43*>95;BTTtc%A5Bo>Z{jfiz&
z$W5u4#(O_eLYQDY_i&xqzVd#y&cR>MOQU@-w1GN((w{b+PM;=Y3ndBGVv|>|_=ZIC
zB^E2+XVovHYl%!I#}4)Pma4)hM2Ly6E;&R5LmOnMf-Qz43>#K*j*LSWoYxxIR5Csm
zuHXA8{`YgmqApC|BgY0wGwj-im6rmS^jrAbN8^PEIHj1WH#AVVuUA2HXj&Vm*QD^#
zWX8+sR14XM!@6HrfzFpcC$ZXlhjA{<j&htWjfGaev85i~biz8$-l_SWti*k=VribF
z$5tT2bV0Enm^KPu*O4UE>{oq5cs&VRBUX2VwX$fdjO~`3n~1})#Bxr5Vh%KwFov=k
zW;Jy5qsvC$lw>?*BsoPIo}YgJN>u)C^4Abbjx$NW@n5S8aN_T0BeAXWjz#dQ=3v*#
zRQrjH1%R&krxBrfITop};aQdE=ZRgLN%n%+^y5BOs|pO6lg|I3prX{gSgQuRK%177
zlE#t+nHbT~VS<a9G1I$ae1OvJ7z=E^h+;|2mra>O995imTaX&SCB&pgp`Izkg}-NV
zI%~Z42T+^_9-gw;yOI&!oZf=H(Cot~)w4^gX&q(zg`7ekm4un&?FuaJQKIrLF$<_%
zR;ok9K%L!NlTYgW8?uhX&TS?ojtu~oLm(`7iY<5Ci@V)7+gRHbb!o0OipVh)`vKW)
zp9OVL<C-BR?~l0D$2r@5wc^8dKH<f~i)VbZ+#t*yr<}(oN?zPwm_#j1V22A2$Kr<X
zYl&iBHi{0I+N)&Q!q;(=__W$KIP4&WKsv5BBnt{-+hGdmZuu@?P|<>DkaP@Sn!ZRa
zpfwY36ct~JlEsS7_Dr%e0UL8^zRSsSv3K)+n<BApL8n3{ZtWdD3Uh8n5NP%`im!;%
zvwJZV-qR!cv0f7?dKiWvD#pw>$b@Xq9*^-p|AFj(*#}L-%5Z}D@Zl%y2gokn7l;Zr
z3CK}pP8BDR1$L~R{R^BwKH~@v9m;O_$00a5MMXTe!u0FG^=2=_f-XZR!DQeQ`5S_$
zO>mOUF8Y-Wfl3P|Mk-VDsBp`X&=kMQl<>nt9$C)^A<4v@xtW>qn@`Z)`|gCedb?$A
z^S(N0{?3!oy|^tx0p&<-D62OWo$gVhEodpMi;O#DM7P>i6bnTf$_=~8)<qRwr%lSg
z$YHAWlx%GOEW%$Xz?+5@;UP>PdQ+^h30pu>DfM=<dt<iZF%Wd^iWnodg_bpjHzj1u
zmR{hdP_rAyD&KsW!qfkGd$vNg6yHEfe4=W}te}}N@=8`h6e_MFzveJ3ghz-#0OGhO
z2<<C3kev<|JesXy2Z-Dk<BOW6PdtF}zX6|br%(j-jz@k^vt<ur%-RA>LQT20!&5)=
zGdR6}f=YHb45NFG9?dd44$Dm~B6k3w1%E%atidmZ`Kaw4q&8yb+5=wq<W&~!+gPDq
zH&}X5xRB%0YU^5G1!2~PjahmU5TsT52sk#OntOj}+d}$g><d0I3g%un8;N|V-#s03
zL=Yds%rWlp;Jp7k+phk%ZddABAJ5B$H+C)E3U~=KZNgUEx@Q3V&TOx;%#Qj6k28J2
zl?>e`pXWH0J%);cCo710p3&(EMuAI{aKjT^Z!u)Eq~b?HpnrSE9ftF4Ibs#HFpuPR
zyT$g5JIX12nSw?q!}IY^iHMikUh8V)gjx{JN@8Am6<$2Mz<aZI@TsvrH%cQ~(nRC$
zt=<W=isgz-M(s$~7{A*s_J_lmA`Or4_qGjHDc$H5J^#x&i^8tY`jAOnXOJo|5bblA
zesZ*TPfQe`IR#0B_!rSOGv+iOH33cL&x<-OU%gc{E@==rGVuPBO`#c;QFq2;QH=8v
zfmp)LAhZ3_k<g`I?t|Or+vC#-%6GMO6YoENpK{JLnnwOmo2JbpX&Gy3R9@(6LHE0N
zmNO5M;dW}+;2+?awOh+ha6tvEKHTFPw0LbNk;(eZ_IR~+(%TX^!&Avo1iS4kTldl2
zb5y-QTpX$Lmo1@q{oH391>^mHY*_n$LNj)%w6Vs2|Kwpq;J=(VFf`y)>|;A@J@8mL
zpw=k%oRd`%OdUL*1^Bd27^<|sYM9NqMxOfyc56FSDcG3u;oJKCAOsBvw)JlyBt5jT
zQZ;fkKI1}9MJMtnCEG?ZUph^R-lV{%Av1S91fH#pacM-EI@93$Z)d@UUxu6ru<qGB
z_;~0&UR8Oa{oB7NyMN8mw2Ys0k`?o`5D-Kq&&v+96RRq&qE+`BQh9I=c$Hd<MA+uV
zklt|&6gDTid^fGt*aD4b`C<u}9wU(~`9l@Awv8-Pb=;BBc3cF}b`d3(N-dFwftlm|
z)<9j>JMHVl=>YjT8reRi0SjW8t!4qJkSw2EWvi_K<HH&CnqIxcy15Aova;!CRXl58
zyy6+c3u+GkK;74O=vJXHuNNekO8tCZj4))mQaq8gkjN(B6cqYLX<YXEq{_`!GsLOQ
z3Tdt9Sr<PRCyvA8%@6^}8u(1eAIV*~r09l$(m{bIdN3Hi#@5{T=w)nm;yoKt$F~sR
zAANP{yoHRK8jQ4W5wj;GafxTtpU*lrvOTLTJv9Ns@lM+DyaTMb+%+?*jJ&8&=cclU
zF#?$9xUNoOKnVM7nOZm(hDKcQ(l&u|cdMp3hJAcRASIK3&r@z+fe5Q-82Q2k|M)ly
zJ6yjlibszENFezsy#9>%!>35@JDfw9#W$~G@9?4ubk&}M9<~>f3`r6~|Hun&D&#w^
zZ2xrK!I3O(3uNXz*JhWWdgESs3jPCOS_W_J;0ggAduavgNUuLi`PfS*0$=1$q$C-#
z>ca0l=Pm+p<gz_t)P>9&+rJQNFKvb%8vn0!qW9SGnIO&tjv!kv980`FquGKa<w&Y3
z)5JndS%D2(z4?UCnUa#lf?@)Y<?jk5r%Gk{?UmJ)$`Qyct&^>n<v;1NIQN1TQ(gIr
z0&hZ$g`Yp&{X$Q77aCUC4fxRx0XqS%6?FatTy|Z$=XEUb_WV6U`H*$Z3igU4SzEey
zu~AhbJ1oVsLkE?FizlkCjvabPczTY<STV;!)(;VMNR-2&mDoz?w|Azrd7k3u5|ukw
zvUF*YRtpB2_#%(n&DE>hc(YAwQTGx)(9c1fRnojjxST~<*=y|?<R^$NB<<1rj@4iF
z*9r;AkVvXOnj_Lwcjg>=9V1w`t~7Ag$5h)P#FwB7FM=E`e^youj?Nh^d}|GOC7mPW
z_H&16WtD5M9H)i@@=Vzo^f`%yIQZ-qGuCko?CP8h^B$X|UkaKazJe>9C00F82u$Iz
zFOjPU5)>;*KBg9UezT$OL$aW(Ogut^COwjSO2!@-ZbW#lHVfb_k?7DlEGcbl^tn{p
z#+go${sx^TPB3R527<rLT^t4ypz0EbhEfBf83w3L2_&>2wadT(x2lACj6Y4~LktAm
z<+#pEqlksdo%9?Q29%rP9C+LM*WZM-N-e*wX85OOu}J7Zrt%9iGjxN358Fy5GGaNA
zlr-b*b{4zqiK)A~_jjEnJhRaVOdID52{6I%oS^X6)EYS(>ZE6NKd-S?F}lIJNYkBz
zX=;apb)xyAi#nMFCj#Ex($CGiR?oF|gei))16?8E-mB*}o2=$UtMDZxq+&Q?liP(n
z&Ni8pBpgnCai7%!7$wG2n4{^JeW)f-h&_$4648~!d7<~p8apf5f~7e0n$lV_qbrLM
zH6T|df(D0@=>WA5f5yN)2BIZFqObOK5I*vhD*2~PZSt*83>fM))aLjXIEokDF;KGw
zZ_75?2$lhYW)I_!@r8QpYKr4p27lOeG~ESg#8)LE@pH;oozO*hv19;A7iT#2eow_h
z8?gZtDstc~s|f{hFXH|~d~zQ~z_94FB&hp$n~Uv_DB!2y<6&VqZs>-fmUU^yuJGdJ
zNCHP?2Q+FZr?J{^_M3`92rOWnrL2vymWZ&0dYxz>Kv&GXWgwxTKz)<+J43r&!q}II
z1DmfLl8nu-xGa?TgsrX45d}j{QAC!m8iO1JU=|Pb8D@9FE-V0hJEA?F)srec5$GqD
z8(`^KQozt$N;6ts8^+R_uiy|d8MO=#Jvd3z_#2aHXjF94XkEdq3myI_UvT|r>1&LP
zU*Mm7Fk}T$qbutLyH`@m{L57Mlkq!hAMe>2-o(8*axogLh^<?#hC=75g{W^TZF9hV
z)61H>b!!{|amH_{Hrdu!4kWol?jSB%l2>w;Jry$!mf_nbz9_B1#8bWJwL@w!No42F
zZ!YAr(^WO;wuxHb`%ZD(qK<WK!*MHJ{VL#P>IOW&)L%j)eAUf-WERo1D?D~FV`np(
z5x$@RPj8}2Rbm<>mRjfuPFJ`nN>>ltyp;oE9#K9I<eE2c_+cEmZ|}we15^eVMOca8
zOs^Kja&5G(Y3;%jv35=F>U>+pE$;Cq!IYr!NXvc_-MDFXBXW=Z9LZM(k9}OKqEKn5
zMk4%l_POO{UM$2M+YvQV#N~$?Ycqe>LbTz9ur0(-Wp!^8a^GDh7h{U~8h980RG|9E
z6RPnEU0ccY1fEIdJfnZ?3Nl4X0Ag>*m6>|oajhbexf9~a8(K`2Ys~o)z{jnuOj93V
zg4L4K@x2Dewt5Bok=03M@JIhBSWy2hwxcxRv7ukj`8uYPGrMdH0q!`qHJ^xDQ_bLG
ze*?ZCvMv^t`JI7rlqLPEo^WJ0b^>d@C~mI!Zv)-ljBg#u;uvw%ZXMqZsz8Mxdtvbh
zbK^eGn90ynsgjzKUOl)<k<4#6R3(K)zV)*K=J(8UhjW~IcI&*cr!{O+WX^o)<#_cE
zh=i3FDhL9yPcRn>O`l3#-uY%L?tj;+Edgz+awV<usc|DqwYd;zT>132>9Z-?mj*}u
ziM4~P{Pc$s;}v&zYF)Te5J7W2!$o`EH|~F3NfA2NjF&~?@K5S*f_mv2@wT};{Sj`b
z%#^~iJN17>qQ6aej~{ubsrhkBAD`C(j7{y)+hU@!^SU03F0Vu6vU3+>!lN@MLR}42
zLOtG<ZE~qfBnNcb9}T(GJ(fs6FH=m$D;xX`+6FOfP9@%6jy^qSFzILN>S+@f@~=id
z8&aK=-2+Pz*y)te)kF3xgyS?qgp@L;G(tM1&#!4p&Z$yX2<+lj>VWT1tiO4`_h^}*
zQ@WGd`H9t~sH>+NT2d{O5(~BeYjG#5=s&k0J)iACkpC8u;rFz@_E-w@s0bAs_;b>+
zeR6?5n@}4wjy}GSL@%#%!-~chg|$Q=CE38#Hj0u5P4^Y-V?j(=38#%L#%l4={T(Rq
z=x*H|^!EG)+e-leqrbec5?(g)@Op(cHsVg4*>F$Xb=B<Mj9i!OJf(gHeKzQm5F_*Q
z2HB(w_OGM*8I@Oiv=T*SE;gaYd!f==Mcj8;{^*ii&1a9eyfa86-a+HVGmC5_p_km2
z&Fb`{K%~ciBDz($MTKJdt-cTgB?=B6U^IkW4f<S$(a+jRT*h%d=RAL(b|1Oga!1}}
ze=0z<%Hubc9hq=4crNO7k`lr~1{2r~gN8`cxhTdH{$L|R-ENncLqfw5f8c<&5|!`1
z@6-eme({Mm)dlHqs;hn1{~pYa%fEjM?BkP|*>heCE*5LdSmdwZ-MSJs@@i{5t){y;
zxAVyon;`>Rns;YH^`c&M3QdxzNaJl(Byct8a9v38fkXaJ_<=8oe=(6%mZ}CJAQ}2r
z#oHZ)q;H0pGydy~@02e)oeVW*rQaD_OLr+)29*|p(gAHd<9*JxBnu0W61lNr+cO_=
zX$B`VmPwyz9?FV9j3-@v0D<tzqo)8jV6Wb<=%`8RDyhXV2!7Q+Y?1{kDTLBUSm61w
z=&ovZ4Tl3rA*k<@^91HxsHF?kmG)PfHk6m*q>7Z1Z}O;#KZ!@Gm7ZeKORcLQsPN8=
zAZRd8VWqow?b1Kp8!AiYk8acC$>6xHuUZWkNk~?EqKsUr2$iixV=zYwM9laPwn)(W
z7b-$PlwKh6n5^&Rs$#s&98P1ch#7FGNN6yU!Nwzcesp2Ylw~C1F@G^YA!PF|a$MJ+
z{<m@v(4|q^LvrVi0ydAjvRhtXkA_)46s4O#`ulfgzLw*)cGDV2<f#8~<gWfLWxdtV
z=8S7NK~EU$LhsNgEH*@PVf!36{m_}TSD~@Ceh-q=-{9pAzqHrRCr5_tNt?#Ba`+we
z7&bV<bduD>!r?468ju$sWQLL=o~SYP|CBJ7(3`;c^t;TL4ScL$Pvv>N+5iugRLdmL
zaD(CzY&3J+N)7MS)Jw`U8u*IevtEAUKN4~AiL82B$4Bl5oK#No3jGEW-o4`>c%G#8
z!h<$iX*efTk1lnM-d*7Db6h_94Y@IcQg@UJ1-g76_d9@vHWB%F55WG&!4DAy{K)Xv
zz~7iiiq(J#G*Jdb2F>RKFnc3y>bIwlQ_Jhzoc4h(EOVm|0C}@X1v`lf-*wuaH5_<D
zN!M1D+wH-t4<u?HMdA879=B2t@_)6cuR)c##-iwU+RjbSxOW`u*x}v#{I;pYJI|!J
z+GvJ1%z_X|5*f2zt|&=J6fNdmL0&-<j98xr7=t(FYmOev8S+Ni<Uqm~jwowjXVyxN
zJWetFubZ*wUAI8SJim^*rlhaN#<~-n9)=1k$Qs1zhTW{i3iN2?*g@bOqF7eze2__U
z!6wdI=Y()&19xI)>H)kg%$_&tAkc`-Mk_04t+f0A_7=y20O8`7#X)4WDMOUpG*Z~n
ziH5Zevf@*c28LS>z60h(QH92FxJHOKTj&>ep>z##ag+Tm*{QU<#Sk`f3)1y<#hgNV
zkGRx3`qggo)?FK!Vd`6U+lA@MVk3QlsjDj#M*^!8JsEqK;p+%l%NyiKg#EX^3GBuk
zlh2;u`5~mtZgY!005*{*dmF!OsrxVg*Rpvf{ieqF1ZPV6Mm4vb&^x06M8jn4XO#a*
zXJhi$qNRT@M;;!sLq`lbqmcnAsSvSakQ{XcfmP-CU5_ini_P>t3m1P+(5I3tq028F
zE8xAnu-M!FQ{&(q8oC{RXMCqw5&ri5tvt$=P|_J!<S}+D%O^Ku3l#VU^Bs2C?CSjD
z!u@>+#m6Iz;U2BaX7}7%E%i{`jgjM^OfP1@K6wN+iSJ-2z7%MfLBS2$+zC|(5j4tu
zq@N1d5n}UyXF>Bz{_%qT2O=&{@hkb|g++>5oZPMe%j~Ee^;OCr)Y7u{V4m&Qf@%WD
zEUKEu%teX>pmF5DMIP1<d`_a^o0v`h;r&H9&46g$nZ<4Cc58UVE!wl3&1UK``%}^n
zs#Zj6;EKRJa6T>!>pm1D);32{D-N5>U4W*9kTO|z(Tb#n-@+j!vWj-S8aRy<(xvQm
zwZ-#hyB%RQf|G(r&oI7iZhf^pG13lCEWA>mk}rI8IFlm%*!~#7;2xQps>NS2$f@g2
z1EoM!1ML(HjM)=bp<T>>Z>u=jEM5{Ir>yFJ{m8hLv-$1jxB4a{4HNUhk+Rj5-H8}G
za~r&Uoh}bQzyC)f6#o<NF@`zA;2YupMb7i9uP9`V&Ic5MjvIrX^e7n`5tNM2*&(=r
zcBW(162N{VdWZg4iIgmf4f-xR=H0@4UBnIfwaM>3mEkwFNhaD8_~{CW03Dv2Tbl4{
zAFamTS$i&ZYWmae1aCxVNIKrj+u4g3%D96}iqw8~HBu+gFA&*oRP5Z`MikjjDgYjq
zkf0&#_Xj->@bJ><aI-$0*PLQuc(&H(7C*+_g{jVZA)X`Q&U_8!UE*2H1T*_S|F5$J
ziXJm4bSBrBu)!Q~5f3`*a53rdG{a8qb$3a~`~72V%$H!fi5J(xEU8S>!}JGl=t1|~
zGIx9!u63fRtm^?=^0z=^H2SZA43p1deVixbphteFyrqycaRq6DLy2$x4nxgB;-Dug
zzoN<>vK7~UxLPDR{wE0ps6mN9MKC>dWM{~@#F)ne0*ExL**#VrA^|@km1xCtF`2N(
ze{G#meS3J5(rIs2)mwi>518)j5=wQ+Q`|O{br)MyktYd}-u+5QYQmrBU2ckYE7#Z$
z>MgHjknqi-2`)(Z+pJ?ah4UMg*D%PFgHFMnKg?{GSZZ*f<zs(2P3*mv05gRY3f;VZ
zH42XQlv-7u`8^6-{<L4wfN(KAOlA`&j>3V+g@129FH@79v%&$&v32_So*G$-3SIp6
zYTlLgF2}s>)U;QtdWf5P&xikI0p1eg2{G!w0+xXNuYf%n#X#fou<STp^-T+QP2D;y
z#0HJCu2=Qt=mvDi;%fD~{f1VD-v}qDs5zM<j>8}EYvAw$zmrjK&OZkS!$REMr$*aG
zyPPjsYd_SXp#Vt9NGI*R;-*4~Gz)&7!zq>hh7)i?8PzCAAv(pNcUGlPNf^OXS<esa
zQ<{y$w(c0U3<hbHk+iWpcl7(__cRea6BTne)!t6TB`3@3uN(fv!bJ+R35}v#lY*!+
zk1c8QYTG+S7#;<}0Yk(kycEC7h*N}A@+9IDkjme|(09U;3>$=bx(V#ji2eMF6q{U@
z9?ldp%YEsl;)d%}_Qs81OX>!2>kyChh!-n0Xd@2C1cI2qkRk&b4)(?@KY|?%qMoYb
zEi7l}n$O`v+T31;YZF(;FEwj`I8Dz*9fbKrE)8#&?joolVY~3YbZuJwfRt4-kCOM;
zcm34HXKH>;a?joGLqjIBG|B??@rS`LSU(l!vxSyfKmGa^x5&S$gvrsrlVT0@Yw#bP
z-3#zdbm1;n!DpT@>An<WN40~YDd1&uYv4oW6ka&<3Nv$70Zrxf1F9twp8ktp!suvZ
z*~bqbCL!B&B#>xkZ4llVa;h^fj?R3uN5?-F)SLb}a%TBE=HM5_U*{K=ddu;L7kJ##
zqyyGh;WY5rpvMm)$*xZHv!CUlc{zU8huQp`KmQT*yq*ugOu_#Kt-kRa+ODx`Va(;{
zLMO*lsSV`U%+u>-R9GmwqgWulP#>jO9|<YJVqD#QVLRDLG-z!-T2if+A3S9b{=p~d
zxzlZ!Q)Zwi(&xM+98Wxh#%rY|zug*yF^fukbAdvj#(a~ea9h$~8XfTJ&I^>V60TBE
z5ONjntHY2V_MmDJHr3CyuL<p*g6$AjWNnQJ&GscZgWq{EsV*%hds#Fmjpj-MxRdN0
zZL_c!Q+Qg?fwTm$8pYCpSOx+B*c8L=DW&*Nac!hO;^^n?bIb_te*RJ-?TF3$oJQIn
zL?mj4(e_Rth;5+g9~eTO;g`BKJsr+SP@K4sAm)s&4xG>5X%IlQKbDRch~>EBrwAM?
zvOJj&z#NzlWa*K*VEZgjP#cAQ-H<t~$O4)Xv+Dn@4zkOQ2m>R<SeNg{mcBHu?zxw`
z?TABihSI^x%xa8DdC74=aJ<5j`4VSZ$vzpQ6Ar6wdVdb-`j8>G&mC)aqyjY19GP$U
zSKm`d_gXzrLE_^a!9R<~vT9n;>{y3F`!rB%M5psN(yv*%*}F{akxIj9`XBf6jg8a|
z^a*Bnpt%;w7P)rXQ8ZkhEt)_RlV=QxL5Ub(IPe9H%T>p<I%Pv9HSt_N&~dQFyc2i4
z*{q@;(<#tCjMnuB^SURG&^7w&cO1q$8&mh6L5WAG>hrx_UNUT(Tx_Ku09G2}!K($6
zk&bmp@^oUdf8qZpAqrEe`R@M|WEk$lzm$X=&;cRF7^D#Nd;~}a8z$(h7q%A88yb=#
zVd1n3r|vPZuhe!9QR*ZtnjELX5i*NoXH%d1E1O1wmebT~HX0F~DbFxk=J^<<mSMS&
zX~x>v|BCiebRdAHYXxOo$YS#BHYecz?S6CX@AcF_k;#_IF+JIV*5|%lV=Y;Ql?=b^
zt}1qN)~qaKnz~KZRf9Aa7U5S&Opz~;SF2ojOSD3HP8WYTbvlEyYK~);#wr+UO8_Sl
z$-Yx3B~JYU!uChjzf0v1TKYAtsRkH`QZeF8Q$_`7iPJ79{8V(jbX4T=-LF59vw>au
zY6LS|t<r<VnsVIQ&s;WeY$v#8^*ZzqQbiPVrQ7z9WyBJ8wn2s>!~Zz>*ops1&9o5w
z3lQx<X86->+lhgdg^4d0r-%q!s(A$J%XYhUx~)v|ptx_cU#?44pnz*s$G%3=wh_01
z5l7f$uM;P6oqhM8F|$4h0me5--syUE%vI)HuhLv@kL`s1eP@buw&}80Umf5QOXBlP
zAY(8r9}paD1p*&Bir^3<@3Cc4Mr>EpoDHghr{U$hcD8$^OZ6bZS{UYhl_*Otp}Be}
z-P^9U7tc!@aodKCp{~TV6o}?M9xG$hN$Kr>|7e~E4mJK>_yjrqF@Kk1;fHw1PP`UI
z1Aoa$7yGRMrUVO0M9$rM;=Glzi>SO8!lqon9E_1^0b)CsR0%Nv-$st+be?a*qJkqI
zUNaqi*6Y^E>qlHH+*M=aj?)y2r>RGkG?X;Rv!7J<xSTYml}L_#*RR)+pg$b0oA9un
zo)O8yUD1vrV;CN61c<>G6Uz=^g7B`jEKEvgUq)s3Fw|zFMdak((XwlUaSRN4hGMrH
zn2xFaLH!t8txnTiQW;qUWd^m#<3zgCp(=5~i~xw9lU{R~o1qSo#Sh1_4W5(^hL%O9
zOauMH!uGL}u?hV!4V~#<c9qg6F0qxzvx=3D6+G|k8;iL8S`0fe=c@jIF2QN;HVN+L
zB8pb93U$en7x_kB_Ei6fSwz7l$cl<Rkbl7k#84KK1w(3TGvO>?F-<;)X<)4B$u1F4
zf=%}>{b#f`$<Mqx@^7UjaX9O&DqaNU1sV|xyPH70-`g8GQqh_7t~PKl{WGSV!-nI&
z5x^WkB^}j8!}L|E{Bv;`{kkp1KK|NWSTnA_T(FrcNt?CCIH{5Ynx)Hvva<Yi|Murs
zP_)yQ4x5DOv^6;`UMC`h%}P860Guy{0ER~1pYzMGp=j(@7ArOh^!a{EpW}TPYiA_l
z<{x`F9%Bk{k|nUza{FT^$G4~6>Ixo^Du_42V6Wir?Muh`(!izQSV9Y3d-MCQT|9bs
zIlCtJP7*;A%^1-=u(Laj97hG}uP6Hq0+DzAjB^|$CG(?e_adMTiO&^_9WwrW4H!ju
zWEYrjLw<{fSyh-yiPOP{O;c|453fxkp`E;k&)d^wYK=ipbD_kG$u*Ro!kQJOppV5*
zP4o#ab%r@RITbag_zHMKF5$z8fJd1L+D8G@m^`*H-><XW&!E2O*7MC?!{pUUn%wZ0
zrjdgM1OEvuEnjXiuI=?DUs_SGdd|2DO>XyF$E{x;d;A+T`A<t@;F&eq=W$ZFxBrBV
zBqrme_MfPkBmOrU8Dn5WSOqX4W!$tNzYlZR%Zn7##ZrayUxXE{zRlXwa=Kd0!jDsr
zf4YL-hi@HhvV*m%F!0&Af$zMNs(PRNhy^LRr+D8I-2$y{wRi=-oDS!GRD@c1-#lJ#
z?Cb1gSDw2npihN2`Sal|o|%oZY5h|#@0msZK@umog@e0;xZgufBsJ%42ZcnS+^HX>
z<K{c+<VKnbt`hUxZEbqOyb`*!E5D}Flprt{afEqT7(YyOvjxFg`Ntw&2EV1Q_xFEU
zaMawsUM+q6XCRuVk;HDXDNbTE<cJq;m$#2%XWCL-l*f(#(dy9EWEPhCL-j}ycUk#j
z*RNSEZpPU%&aEO&24(M{T6EO`ky;APr0hsmA~5-ZGg>R!1#O!ed)ai|TF054f1+K6
zTDH=fps}vL7=Yl3_R)o948I{CP*`f1v{E~-xX#PaLvb?#qQRElOF-pVuL>d8_&#0{
zSCu|?z-R)71@L#eM!y^Z6p;ZjzlW@gZzHJC3~O?Pk5QEa0q(aFy!-~pFZ%vBM{a0B
zOf<zFDgb$X4e$}V7x#N5F5SD(a{p`WV{ovV0bb4!FgRyRA>AZFmYc{!vg!PSF@l2U
zJK`=N@CTmAO4Wuqv6k{SNl?~rs-CcW0VFIdAj^B2Wacs>M@<wo1?4aI64ViehhHsW
zAUj6yS4-rN8cL+-MvV%PA|utXAn$REhv6+@4T|`dxoS7l8mV#f-CDCLyJAa}1^-df
z5SQ};kJ4CC##-gVCyL0NH*1Fyhjam2n$5I&nr5_a>3N&63=c06V6Rf2sR|QLucLaU
zKEq5=F9zA=+3ZT|OlY$lIrFmvTV4H!iv+MxhtKJ%j}wlD3qAoT@g^}Cw`#0dsQnXX
zETbS9p{IGl{fkz7ld(7^$~HEkkh7pv3NYi8<1qwOw!a|xaQ$TntGU7;01Z4?b9D8N
zBh&aOYgatY!f;X<$(oO>v=8iOcEG%aUvS8Uu1du6!YK*G&VLOXlHRCKu=FF(IkNo_
z!128k!z=B?9(@872S5v{*=6WjNH3gAJAUYkC%^7Y;H4r>$kZZC%?&3E-qa#4n-YG$
z{5tlV`bCK=X~Idzr7&v8p)y!whKx;pP;V!X^4&igR1g*2j}8HyVC+>KqbPFthf}+i
z5*V2^NBvmwfWIU)3;IBGEwFtYFWVWUoB2RyvL7S*E#d%FT_ytxM895Q4V_PCQh+><
zlu~L{SuQcQ?il+AeFdE87H!P8>HgIJjkGW8@`{o5wNd6uVn=dNX5$aDi14$pTSR=`
z!YTmifM=Cy`Z=%xX-u&9>1bJBw3nKr0@mO&<l+TM{hJ>YfAp~^V^fzVJyvwMY(hM5
z=T^FaQL~&c{7f<wuV`~sK_KLh@eGlVHvH7HREDQ97dDe5T~F|au^qLp<0$Fl8^Zr4
zq*D&BSb={+vh(RbAt4qJ03}SwL%-mJO#vNOfsT%zrxYk^?BL4i$B@tPym&b9eFt1^
zO2f)Y91tAIJ28J0d<we%4eEUKt?uq^582L>IT@FE@vI;GbS=Go0=v=3x<1AaB@b>U
z;-hwvu#U||CUj!>9G3YgO6yQX+H)L6*ozXXaV=U_b`_DQWq#`f$?cZ;??y9(AcTLq
zHrc9U_$w&NRKgWZ>e};_T#tf-g1TX#Ttj{JjKjCJqlf63U8$=~02ty9Nn<E<Cyz9x
z)R9Y|BUM1ApbuuO;Tr4`Qu4ujP})2wZf}V70WS*Y-F&%WLSp&!fP>3p2WX;CqqYS%
zz5QZEArIj!d6Y0VI^JFWKudu=NFUPF=6TxRR|reQB5_2vIn)qBV}S3;MX1}04E3Mt
z#5d$zK8z>OW^i7tXPB6e%UCqcK(le)>M}pUp6H17YHZ$`4urRAwERt6^`Bj>zwymc
z6H+f|4zhQjlg1Gy%93Sw`uMScxrA;vQE~ta!zM?jz@&c;IxYkrPHXB+h4)S0@SIgF
zdm{UTZqxJaxzBR!!`71;K*uco18U~X>AK&Pu-C&`R?B-Aj0=_$cxPzn{MlJK>ywJq
zsw-Yj{^>7%vDCYw^iw(od$~o-Pz6ks8aQ}A1JFWnE@Ez_SYh@cOMFVY`?D$Y&Z~a1
zd&GTzg|c6+o8_xSfEUIvTsdiN&WOe=n|xS;8X;CYLvf)|=u($Yt<h<O){z%>Ou_6J
z0tW_ukuKXj2f=f}eva;=T4k7`&zTqf{?>lGm&{Fe_;9R2b^^i}Krru0>ta|4^_A$H
z7DO?PFho!p<t1h0o<lp}=TX|0u{hgSUb6BokyqC>4A2C|$W~JYbWN&eW(4R;;Tmhz
zkr;EbZ4D?Birca@{afZpp_|p2YAInGJ`1Fkz7A$droV0#{h=lZdX+xO4B%I?B_3ac
z=7FC<vao7w{^76u(1+qZSECo$h1pU(P{5D6ty>kf`P*_R`SaCnBPG1Jd|Abx!brVL
zIt?Rv1@qnIGKpG7W-M54@Oi;BujL}Xdacfmc_9q?u&4#P2hPg`({??ZOOjRFnps_D
z-f(IqU)UUW`f&U}`A@568jBEz<~CX~Yv+1et@-+dsV3RVrNTx?H9ht?VAAS0D1{G?
zJbr4_B_Tqy_Ag;Xppzr)KXQ9QX}21eoMW|m_{|BBHJ*=OjhvNq(4HgLp`u-X3tw>X
z9A?^?H5zIU4r9K*QM+{?cdUL9B5b=rk!&F@Nffz-w_pG9&x+7;!Am0;Llsa02xfYC
z*PtggCwO@a;vLXCgarLHOaCqh;)QBGzd)|oeVtn=&wvyz)rOR3B)bLn=ZqpwZHq0G
z#6YvZtco3reVEzgsfMR6A16B&XJA|n?MuIu8bp_){SA_{zu;H?8<Hoj+YrcNwzl45
zynPmOqX0zDq;9dy5xgg6eBT{A6<^}^RZb#xBhd4Vxl3^&vJ8dSE<6UJ%3uCR2%e}^
zaNc1cB%&_=$n4q|jDW9LisI_Bwoe}~;3;AThsohJE5r{ZwVGt_I*nAasZTu{?Pc;S
z|0cWz<?<J}ZI1+zX?Z#X`5u#6ab0%#a0<qQE-pTvnHg>${rR&r^T3v9C(nb5F3yeC
zBCfU1>1a`bLUbS{A0x;?CCtvBD58$7u3>y2A_P<b?b$MBTdJ{GC)Nnl`LyKG_*Hop
z9lg0)0$>9vigNVLI2|Lin+b~C-EytjMOHW0NTui}pkxXdFdIJ$-J+Bm$%CN%mac~u
zc65u)RMsVt!-|8Ysv6BvqDBlFKElp~B6L!lpd@XpeV9f#ZPtB*A?b!2cQ>(0KpkD3
zcX2g{WebJL!6EmdE>s!+V>?WUff2Qb1G0)SgHlNwmhKjxqoM~UZ>S=G#3}dZqbOgm
zLQr$%IH~rG-VibZjQxA+wx_MOF@JC7m(z5WFp@?e-&dnA^W!f5(1q_mx7SHG&7Mjz
zJ*FkzBLiO~YXM}_WN$-^LB=)#9j0}Ig(60{oTJ7L{`hY&|LX}pO<rT+|G*9Gf8a()
zOc~@n$A%+pwZYN;A*6cm#eAnEr1ayEgf1qlgsiMYz837C8965n=QwPBWn+vN^1o5S
zo>&lXsa+ZJY)@FOggOhohsSKci~64T#~a*U>?#ib&8;moQD4mX2U+S(Fg|)$9R86W
zITbI3PGBmng{xAMx7@wkfPyHgTBnY--U-MN(8g4;hg*?%-H-2y9+fMsROmUruu~DJ
zD`y+zHt;&kEmb0pX<MKk9VeHzIKFG@)kXA-6x*e8YXX=EG&)H)LXrcR*35lg5K6?+
zlpgs)C!z03;6L3-C)<NlGDA`MyU(j}{a4Dl13elcAiBf<7wo7OVQ1_&dLFbxpf+fi
z{v;-ON6qh4_w!Buw@b&@)CVPDFK0(&dXB!y`%}`87whx<QMLyII#VOI#?|-f9<QBU
zacq><5f>5axt7b!mHhGZrk)cPJl8fFV}4Hof{DHc?nmlNe4OZlh%Hw~gDORC9fFH@
z(dp|iOIbEM2+*ogN5G5IIj5N6dcX2{rbl=|y=_lReUu(wdD=vfPY1!pN@X;H)!7M&
zsVSTH?G;8EjqWqJgt8F<T>#raa9{%Ig46>|d7k@)*edY9u$q-2MD_g(YtesUb(fF@
zeIca^`q$v%I*l@1*pSA^WwV15>IOc#+Fmv<?fsgpu^Kx3J`#R~YS8+9AP9ZC2%`%P
zF`-q_w(>`%pKtg3<1=cn#Ja|#i_eqW9ZRn2w?3Zu_&o>0hrKEWdq=wCF&fL1pI33H
z5NrC$5!#iQpC~<a0scbNdu?P(QtIkCpkta4+IX@92<1%sjPtvPX$(f7^k`k;viMi4
zGDq^Wq?|OP{&)nL5VfRRj=-&8b({DfVdIY(JXO;_3=;9;+@L34WjrTXgnv|ShZy8S
zn)kl2)cLW+)Ya5+mr<919TL0KfAOPW^5EX<RMpJV%&D(fMAM2ZnBGP<3uH4?fjs?c
z1#I@Di7*A!^O^Pp=+-ZD-_J$)-{;JUGncaOj2MXxP&0t~x_T)J2;t5M?rzKuubhi1
z)ctYdn(7!8I?JbTtc@Xp%l78@FUY4VmSsRQ39v>h3&=-FwKV0nX1y6cWqW7`fBi39
zRr%M}*B_mXH{5;YJwIOwK9T9bU^f*OUt#~R;<BY?Gvoe+h7<-uF3JcwFA)XBYN$ES
zY2&=H*#2I0SCA*7(@a<>VnR}qpl2)y`p76Dk90bpUnmP%jt$sr^*lRURZhg{Jc|t%
zzJ@`+8sVJPXQ1iJ<*|KHnVaNh6Bw9w7(H5d@A2z)pFDaQHfA+~;ft*Wl5TXgXt$X+
zw>HuHuNiPuH}l);i?tm23b}z`d*)Fc#9aSTR0**x64KPFxH=waD^aF`<3*U+;u(Jl
z%Vml|ibUgNPW@Mu(3F&xqqX`Ywa;f)vz@_@ai=KchFb+T#v=)>bVeCp(|;s8%<x{K
z1+gE;eojqo{p}lEKqy;wChO!^*h%eEOKb5YUw7d5u_fLZ(~;C~X6+BCg~O#75!y~9
z-H)#h{UBi#^5C<w*R5gX=!nQT%QnJx3?D~H1=W0oh5KXibBxVm4w0BtjT~PD?r%?u
zYNdoQ{j(EB_`3-l_lXRkO8QT>R{-yG(vI#MB|PpTf%;Q_dytxihYgUEEp*4UnBD2i
zFzwhlAsbs^rvyOn1@$Y4a#xL*#mfe*-%9pKM;rMxBrQ{x6g=Z)-ac6r2QHFaIB3Cb
z)MlIq>|a&HnWt;JF7aNioc_56#kOM7`*3HQOh2zj587o#jVvMmd0^Lq^}+G*kE4L@
zyr1bonUrLt{25*}164@vq<IF=>#vyAHWXa=#coq+BP`G?NvJ{D6iI(?WK_#=?Sghj
z1PAobWSn&T1J<yFJz2T@``FrALWxKS9H{AyqTRHIDHy0u)-h56#Q#pAJ^20|=V!Zy
zxH)>N2+aDKWLzLa-vkU}op+rSMu-^54o|YB$BNlXsc4)Pk+N;1Zjv_2G@*gdMul2v
zus9!wq9-nM_j*C2j*4}T#EOpQH+mG;>6M45k1Bv!l)vdjfmgsSe9%ze*37SC0>9_L
zi$J!Ziite+mT#sPW;8{9EdmpRcM_V2yctTOVr}V45Ya@X%iVpnLr%`<6JxcpQZJW7
z8cdPFktXB1WhRl~Hl4PUPw4E0+n*{!yDCO9mja<K?7YHVAt+PjQ}o$iu<=t6BZZ@X
zL>l(#n-Se<rS5Rx3d?iy%fA8sbcl((#*cETgJAzxMc?PB5$It*eAtKkZ<j%mlLLK9
zNX5wiy!(o$IyW0_Ft6SzhRM1;qG@^dxSdT?=E$Y=TMn5c&Od@|`=@}ubcU<{EP?2l
zYk2gWwiOjR?dYccWz(bx<I|s)Q{E4Ix+dNo-MI=qi^%KV<ir}|HqvU*_TaA-`aBQJ
zOLCe98mb1!UtLsG8-8_#s^JZx)M|sS8x<4RawF^))C>E6ATb`3BWpmcOoQt<y1p7$
zt?<Bia;U_>W0YC&i_4DFt9eMt#<$YtDl1dXA!$_EIQN?X#w1#3P}!YVg2_+D)GMjl
zY@_EZ_ZKP?D)_w?>J6RZnB*Q7Ruv~$QHEOp7abg-XyAe)|FAORoics58~_N@dE!<o
zjG+SJj1*ts?22N1%Pi=br&C5CP^%wzU~CPX{^~Yk3H~PBUL_t>`8kvn*VMyv=fg8F
zE;Y1gK-hU9#R`_&5n`$v&+@j=#2b-LIZsY&v=}NAOjfOB3*&2UItP}{OqgRpGh>_f
zh%mJf#U&@U;;T#cyP}$M2?X^}$+%Xb$hdUMG3A`>ty6>%4yuP<(Yi8VcxH+@{t9(T
zEf55zdju@GID-2&%(4Va<|Ra3khy_F5iqDnK(rPsYx`73WPueFWRJV)QFt_0MR4ew
z^AAwR<vg|=phzs5Z-rG4)#1-FHb)GV#IjdQ9|H@5yhjZC9oGs)C<v(m{yc1GdE_Pk
z$^aOMeW@%vNNsR2L{&5WOJ6IDZE(7S*?fuKG(m90?jP@YAC@Lx&mVnuYW{T)lk6W`
zAQ3MzQJLOX6%1(L8WkS8<?1*;{fg{lW+Www5FFAWaiI5{&n``aKBE$<1{P9LalEU_
z&sy}m<B_~{^w2ST0-@f;1xoM32LBK}ZVb_r`Lue%V(tkD7>M+u8@ln#u7JFYkT)O+
zi#|KR&In+^((C^Qz6W~{byGrm-eEQBwWk;Gru$Vq&<u>12PTBnehngdy#zSGdTlw|
zntnZVw0Zw8@x6+gX%7C`9GLL`vpHbla6TX+B7XSrfgEy0hYHbG<OluSa8hV+gjKL5
zkq~!3FU99p%AYRQ84(+ysZfaaY<OwNu=29X$e0i-A&tP#-&Ir4!l{ia<PqmZ#Vps?
zAB0sCQd7I`M%U~t-^yB1;vFS?nfrUQ=G^`7GTM9VPxr&}ExHK6M0k>enBTju?E1^#
zcPx@a{i?zW3ISa;V@%Kjgr2)Vx3UHv;v0j#v5i!do{bld!wDqWoiXLi;bP20NC_Q1
zWmLa5QI~_)A`d}#*aQ+SfANbQB7Qd!Nc<ekUktYt$*ga%z{jh}tUQnDlwKTt99w`|
zFk})FuepBq(fkVhrxEi&a30QDw}R*z+*&Yz)oD7fs!s33<p7$KX$q|wplSumKQL0t
zONh_xqAsDG9jPgZBT2}K#}BuO{Uw2i^H`3a7|7<hYwc6|DZ$NLg9K(oVc+M{cG?S(
z7cf1zy5K((FXmU?lG7)bRyd%6!jm+|+A1h<c`(qgHfruImOB9+D&=a*m=P9-Tue2W
zMi{ldbHBI$76Kt1;bq$2jCA0*k6;?{#MAYuu(XLUXxgJlxOyt}ppV!0M_bZa>l(>6
zheiX141UI3v(dtiSKg*zR;+|a*Uv_OU@_I@u$Sw%+tp%rqDxg~Va^*|OD%zXAYe6!
z!Osuw69pNHQ-?@qEDa7bt^Ga?Xa(5g6(KJGSSDy#r$D2V;~$a?q6O+}b4^#6wsf5E
zX_GK0Km%<HlfwbJjQ2byBr6UlrV9H<25o35`%b;mtW*Zdevw_qa>Z@vtZr~zNs08B
zzlMH4(M*)#G<G0OP%!AQRn;1Oc1IcLsxCFw)xHS%6phyx`y=4WH1g5T)aFezNxz>5
zynvFiw~srA#@cLNhHk`!r@!W}8-+5UBM7C2P^oZ%kc0uzbTp>FHRO=xYa=v)0aQul
z9UgNxrY#bF^%AFxsI;{sv#0ekRc8}5bc+e-tghcK-OU0FGl`O!q9lk-bQK3kz*s7?
zV*U~Q9=~-fem_OJizGL{$4*=a7|@ZKwLY%<s$>#p@2?FP3Q>15nTl#b(ZW{k6q`Nx
zOMo<A(ndW=sepF)&Fx+z(=sVRa8tkMI)Py2b8b<D9oGr<p&Oh{*&L^l2K9nuMBlto
zRP<kZ8~skowo&2+Tp8oY5PVg4v}6~-itMhAuk1?gp=P9zbX6|Uky}~sK;&wp*haXQ
z0Q@}*LJNr-`UOqaW2|ka6i^#yjJTb3Gup4S7537+)$?I7x2Cx!$1P7z{=l%SYop;D
z<n!%=Mb3qZ-i(D7r%y6rDsj$r8(o$zPrQX$lGiF)iupV}s^@3s`_O$SKRYakQu$Ai
zIZk9KIl4$M#$!AvN3%b?9M9%khI?VB{yW>npItf;aZ4(|66znCH7E27N)R9I&GsIJ
z*ClS8kTkcOvZ{S>Fv|`^GkxEX=rkW1(MQX6IyC;Za75_)p3!=|BF|6pLRs<RXy?`A
zJ|vFj&qbl1DrixxS0ure?@9dkJn9ehLi>YUq@}YIj4k#cwM<(2dKCeZZpd6cJ$fz6
zXU8ca+ou~;k@S379zHDD8S5)O*BT7~{)Dj3LCoshK9dt=*UEKo$P_!yxozT=ZtBkj
ze<b7Li1O745yhqcLl}bgBcZj8wCh%U<9;2whZkQjI3nT4N_YCEn6G9cOsxA$!ptH<
zk+sox?+76vCZ3qEp`^&^@0Ek%Yd8w^LmHh68T^C%JyIG*QQpkMADJslfqSI>v^`G~
zc4AoF3d|9i#^@>JywzuSvW7krJ{v(4IX&@ZU5})Jy)F_p647?_s=B2@mHHAWI5l=-
znNFit0x5-AIV}8zv2z;Y-K9Mc<V%@0y=flu%hYEOI|)T4RiUl#tILc_^N<|FA2LB|
z>GGqK{hU0@PjRaEJG*_X4Jo*Ua=DamQ8b7f09*Mazbhhn6LBj%&=C`Zw8uz@XoMbA
z<gok`sF1c-AN@`7K_+EI)pBe>%j)N=G34Q-&zQal!IQE=*PWyC%Nzbkc?SQz^J9l>
z3}_mkctbvtd6Vvr=Tx5dQ|k=lg-=zHk76OjP=g9IPH_%tWed^LXiY9Cazf??c$snr
zz!4}Hl4G4@_xpkYJf2FXoKOO9-6J)oiWYVXuSJAY&Q`aFnV)5L@nU~x9O9VuEbZmm
zRJHYpRyw?}bQVa47oYcRa)$0@{Whq+Eszd#|A;H146&zmxR5#?^3=Qdiij=KX-Bvd
zk&plq0|^#&B~AjImXrDvvJ40$v(^a!JSp>w3$@6tFc)7&spiek=YVmKkS2(%uo;S;
zqBCrWkh+zGsP=MQ_NEL>&43-zSnE7k>kbEB)jJWqRV5}k>J?*Rcn)jx=c`6*MZ~|i
z%~^le&(UQK^+n_>?xxUQts<>aPR-TgOJSE6Uvk5ZUkP+>VveCD#mghIG(nOynL#Rs
z2$vVgxk2{9-OsO=D`|Z%@x3w)&CjCgeKN0P_V|BE-c%IL`c-nXVk9#S-YNj3*P!-C
z^7XvFA|<DHf*{bQly~v+dl(xgtdsP(I)Vy@Ruo(`Z`-T!_;wcK`ispIQbWSL^D>Fc
zQxCIu-q?|)UMe%sa3wKx=4brU5@->gWRLT4CltHUIy;}a|KrUJ{a?72odi_$Jtv~g
zkQWC&u|Ui#HM<rmxV&N`x@`^bRq)id9+AKsYgupsL+M|J!d|>R{#IS~nXxMkhhGSf
zY@Od4)>#^qTHlZOA6ih(()g<+OnN3wb6{Q^(N3|JFQ>wk@<G{R8zrPWC?Z%rEfxR1
z-(mUSU16C7kOpU9O23WfX9q2z_S{jg5IF;}sJg+t|I*T8f5j_!{O^Vs2v-NNMEdZ7
z0qeh^o4^+z!d6BJQP;);#qLT-nFXtF7a+{(W9Ma_T%3P93AFsy0{-7`vMA=k(*J+G
zXA`p<!piABmF<4n=5@ICFlGF4eK@MOV{h-<UhHPtVg$_Bt@-Mp?wYR!WNo>M>uhX)
zr)h?8eW=WL#|vUm?PV9~lwWnXh-FzzJ%!x>#?s)dgZwur=+ie)NL%H#f~c%;e2_O?
ztRDfj%ldcOwjk(ny5_GYpz}QMZ&YY${hM|O2AyZWre5QzFI62O!>~tkqcDdtBY{-$
zuP(XeSh@3Xk*0o^Wa)qAsTKNxZe}ik_%<ITtF7MK*xRq{?$xp8JF{l*eA$@U<y5wE
zaZV;=kF5C>)PtKt<$f>wWvxMo*99^R)3&;*5cJd|r=q^}Qw~=ZGkr7Dg^@4b4T-b$
zv#R2Xe!$2km%(4C))AfZ2<vvzmz9G3HsrRveOZ%|Z;PX=dga06t?K>6hixuAF}-+f
zZwfDSoMo+1_8Bu$7xPtlaoSMSxTLFO1~#1+>uc(Djj`l$TpKz(SF{%R8<nT}+i_x?
z#}K5+NiPTlj5XG|bzp<5;SYn?V{*74^Go|jUY$$u=|Wa#_LukXf|o&&Ov9%*ZleEz
zS}}Kgq?LbsqTxSuq@~LbLh>g%NC7!}{IaPsNc}&S&M`WZu4&tu*tTukwv8*!#C9^#
z72CG$WMbR4ZQGgo=6>GqNB3UctM{K?)xCF}Rdo~rsc4{MqGT*X7Wi1f9<rfK_LyS$
z&p>D7k%cwP1a?U&RIrc`PKXV&fRKgI#_d$X(&SXS1O&!lRovJGQJQVg60S*AF9wDZ
zh9=X$yV0h)E%*z&CuydVyRSQ+JH9@TQ=dpevf`7)2Bn*IUCx&ilfbHu<}m{SoElh7
z39m})DpJWpA<R`)7BU=ZY!!k_8i86HD}pRv059_SBANH%x_AfeTG8;Lmz@UCfw<rq
z$|Nv!r~Bf{@>R!Qp@x3%)%4JbzWB4LPxVLQRSboj0EXO)iCbQ->>+)1T{T~oy%}-k
zZPiD;=v1*g?z+0TArLF-QXVcw-NDyEHfrSg<C~_Y*HCG>jtgkt>ep=3P%Q6WnvrJt
z+4RwtdR4Q#<r_gbK6Yf<NL4?}zS+yh-m;s4B41tG<8L*xX6>RUS7xS~!Qbs=E;lje
z53Oy>LXWHQ$2v+95NE2^FeUsgp1y4FyvUw1VadDrg*G_B4otGbMYIlWq>so@%yJ!C
zV+>DAk}A<r?`OB5rOq&CO9`+Y3r`;jHh~pS@+$4Iv4IXgiPtJoJ5#58eIv+F{ON2O
zU0Y+9G`Hc;nWv~_Mfe^$zhPQw;=Dhl_$Cc%qK>XSYO|>TXO$oecP3UZixgcI-#ccF
znJq7up8Zjx1AN0)D-mL!udb@{XsbvCrCnAgur+f+WxIfw{$K!<B1!TmjYEd+3H>o4
zfn|*egR+@Cqfbd)SeHLedNl(erm}_}Clq=82-p7cA`8%vq@&iJlk<}*b;&T@mm@wX
z<w$)y4OnS!Fs1)(9_U$Qa9%2Dty&R~$<S;+uj<8m2rShU$q!i35$9_Pz9~gm!M!@(
z((s5#1(eTGatrGNCxjhMO}qdF?sq8*pNE;ymFl<v9i4+M)a+!|1M>}1cA((mK@yos
z<RVS_mN`!sMXYjs7Gu7Ki3MMhgI>PW0ZW@JX#qtMNijTe@pH1gG4`^<{AR@h;s(T}
z&3#(~u$Qi#%j!zW{ss#Xsm|DQOrmKNB0cK9N~^$rZJLyDEKoClR=V$R;aujtgT#1b
zA`U4#ht`VKoHWuito?@~br1x@B1L^j>cuo=exM!L_g$Gz0SpZ^`C+o-yaA}LPlf0=
z^n~1R7J(vVSULvS{$R8709Q#R@ZbWBjZyY(AbHaC(7|(oHtzZ@NbtoHn;_g=+H3fa
zy!pe)r}Lf|tftQ|FMWp`rny9H<W7W$0AB!qmDVbaD~@9L#kn+X>Z;N&8jH3-LHf6@
zM&!|x^O%ZcPJiq#EK4mpID>Rd469b;u>zA+kvrUva9OQIDXPl_*T6IGn29GAYKQ0n
zASA;!l#^KpqRw`sb%#}-2}Ud`ZK&<)htt;RIog2CA2(DI+sP*f<UVz1J?mH?f9td)
zzdeNua(jfm=DFmD2W4F^d-U<|)=F0aU)80;Ir7>^;yl%Jzz6%{0}^a#h=NyKLgPR?
z+h)#g+PQn_^B*+snviZU(joHWllOKpV9D$p5IwQbs<S0JccDYV`BRCKg3`|{Iyv6D
zD{$lCQhE0De1`P{-?u=x#L}>oi6pC_`)m%$bm~s>3~@o<?8)o{_CkC?kFl2O*R9i{
z);ZyiSB}yRq@}dyvnfj)M?a=7jsgVN%eR~f+Zk`qaZ`Brn=&Z%jyOWoM9?20z*uGo
z!MnB*Lg@5aDOQ9C5N@3uq2dK*0r(nlP(CK>HT|MFt~;^<GiAL+doOiIH8Cj_+=cZU
z*PU*<Z##<L&s^tDKfW1E4ajuJuVa(we-KeuN;qcwIbF4$rz@`~$xr_I<&%*s$vOF(
z?yHam0%rCp51eUO&nGNb;~eMXAD!cUR!-~md0n|xyx=r{L7TObXl)CODd=Hi>&e$k
z<m>`!AZ@c$^%MzW3|Jt;kr?yNKC`4g;qphv-mowYqO~qxIDHG&T*1Il;sp@iK|H~;
zRY8%8d5`6`s8oac%2s^AFKN^&{3cN##QttYZ`4w%O1kG)vS3r_nko@(3WSWY^hy%k
zD_xZkb0hmkTBJdfu$mY-P*DN?TlRxM-eP1OB3FiJK5ogaE%S@t)Zzn*d&`8NQU6AL
zC9qU0aDA(=vpOu~8PPvMOGiOGcbw0<rp-<9m97+w{AtS-xxLex>;i&OIZa_^2(khD
z;&117LsI_yz=<&pOSpyG0=nv1z6nB$uqp6DxHM4~*{6ytIT39}>Z<;BowyqFU@THt
z9tvb``MojCN=M7LPJs?9k>}02!$N}>-Hdf5sj+7zPsGcEpJ72v5=@DH<P*>xVbShM
znTCaXY66l$r(TQRo{5JpXcn1GZ4$yFyu=I%t%@xcR3pUKP%~9_4y2j%Q(-)PkDfn}
z9I;eUk*#9=IplZ{KjMiWV(J5dk%FI*g!Mq0g2h}Kb^c8wfG~@54Ml|sRB_zCI<@{6
z^>GrT2@cGf?mzHC4F8I^S9r33+|on(dnh|1Z>%)RxVYT~j~E*AoAP*jexWIP76myS
zPmxHAcOLo4+KFvX7l<VO)YYuXI^C@OT!8$6y6#B{iS?>eBb75ClA;yi&nJL{!SU3@
zWMvA{qx5Pu{sRs@9^q`F3_ray9*Q&n76E5u$F_G0Tl}P{sn+HS)^78+pUqFXayKO{
zi^~-OJkHkEj&_t9g1Y0<`H^--_8B+x!zqT9=#17`5WUA@RUk-mPwZ;c+8RhB+N`=K
znJs*ymvdg07$&iKn$G*<XbgK-hE+hXCw!L4)7~SC(Vb=~1qJ%g;n(ymJ7MDCgbU9s
zHyCCo;6uf7$%kx@e{0p&FjgT2y_5CW*)>Mk6>^D1*zhr9ipPUJ%R8Yk{s78rc=2jq
zx?!bk{FtF%6OeF@OlMxwiOa{3JZqSunUzIK$Krxk3j28$=JhtBU<A{w1V)M@i+MfS
zyoBQBFdgnJ-Qpxw*t(w^ldGwG>VAPyC$e(tOs@2&>aIiai+vP@s~9<ky^D*G;e|=i
zym>CD!K+B*cxuJH5{ZoroEdkOb07;B!(&?FM&tYiDzMEi^#Kvu)$>mUMf_&sIXt9V
z1`|{6PuR}`LE+?M@z!%&B1y|M_RaF73@U??hm`07>sJ^Y!2lLnd(8Vpp>y1ny1lr3
zl!y`Wp!J+)z{ok;P0$-LP(J+_fL&p*f0=;J+-ts3-7_(rS04#pN+)SQz)n%tOxR6_
z@iS9s7}z{TeV+AZUSI^TvB)a<)51kpw?}19ciIMhgxJi+fk$dzsUIxLVQ}Nw6>zz%
zYtr38Z538+YKBWeW51rNm{Tpg2qKiX&!^s#!ve?C(NY6ft*#v{M7+r!kFvwni9Vg9
zVE>1ImnPXi@nY&lD&bwEzxTI{dNtF18pL$JC~#UVZdYp;{nAd(+?7ql2-I0p0a3h^
zdE7VU7KJ<gSN0#yB={@0x(Sa*-@-62y)FS_T$-c6jKk^G;u4ki*zjt5N5q!3Mz_b2
zl@mKyBqe`#hpIPYIA`$qwBZkiE2-*csTvNr8y1`EtZ?veVe(vs(U%OZ)|don^|e}x
z0-(f@-Js`glt`btYLu>)trJ-z)<va54l2RNUreF>KsCRt^QH<g`+e067MEg0Z293_
zO<MAYCE1&lsnAr6T+MeHzmW&nM^Y$`VoS&A-J84LU-~Jge+Z)iSaDYxZ@;wJ8n_~j
zccz)Ne-Wuk>%e#W!F~rPh@w4+*$@<sRsesZx0)y69F03o56Pt`XU5p_TXRAuBqPQ>
zK4)>+_gDsG){RQP2XFWefCz@LxK4qr#%x=W<xZcani+D`VZKw*_R@DCQB+VMB&1Ap
zdKYB@XL^w_KGG0Tf#&Qr%_zNZ+Qu*b9j%3#xG<B6C%)7_yW&+pG5$19ID}_b!vZy)
zt;UOES)D?GTgSFT0EH~h$sl33-s4@ErCqjZK9cgObjBljYhrL3iH?lOrZuQ-p@%$m
zzo=bv!1v!fwG5V`DOLx}%tJ|lkfGkjFw{sRm?9U~5Qqh54e+?P;tR{K)$(F(1?qQ!
z>mPy&Qi9cIKa_7gh__E4y<?zsI?(6}#j{*D5&C?OW?b_wGVx&?^#qIOFUKguc)BZj
zS#e+Ny>=^U1@#vNfA=^ut28X2_ieyr<^WqKZ6Z-Or8MH|Ad<`?oNVuOc^D;a300H_
zM@89Pv5h{>T$*iPbD?^mIOFe&5u_Bf2CQ{5|AFdS+Fwi*XSv_QuaOXm*g$E@V6`8E
zQRKWE^)Z_$Y0gO|a~q&cE+vcV=jv9uS%8|>#SnVFD4{g@06WNT*HBsw>2!tC0{d{{
z-?m)$6BB^p0Jsu~0e@^&+QoxKB>XGk((rAyZ?!zC_Y&)X*aR~{dd)P4=tBS}&bgS2
z{qy^PL8LkzJ@}LlCE)1?0?<p4OU6yLdk)N;Kq=zWQ3p_Jw8z#f+jN;B2$opOAoA;!
zeBy9c_FUk=ylJP<Uu-rZwMw0`hPtDbIyA9FLprhHNbn~U>Rcsi(8&_kltfWR6M$DM
zB@k7TLP~t7P?uK;Ts)*HwZe_wZDjbBZM%!6b?Jhxe7&{7sfsC;9!MX@l+!aDwGefQ
z4x^TY#)Apr3tC6<q!ze3&_v!WU1LdD>_!dw?x(%AL$?5VUr|4VvE0UoX+_onVuhyG
zjno6xQ`GYfpa&yn`;1$$&NDY>HXLD&5<y;Kap95Z$GXLCn(%38VzTiyQ7L|OdP+}a
zu7451!k+S7(I5}L1rAla9ZX6D2Q~D@gQ1A)Q?o2U$Tz=VT;Sn7SHn^)@p8UolA$6F
zcs7^fv?I!?$j4NO(^q_w4s3s@^vSb4j!(6!$h~{1{)_Ii6nb%)(rH_VwT<)qu;~Q1
z>4al2@3A?<mo{$#`>CO|q4u_Avv9^NpXV^|y@IoDy42y31Z)~eiGpE6<O#H86x=I>
zjFQWawJp?DvP0va!#N^er>_g=QN4?!$QgS^+?fbZUO$e-pB_^&i#<6xi*}@zikhr)
zQ3p!<HJhi;{0i4(3xTZg`Gn>O-n4OUat{Ysi^*BT_O2f8jyx#;l8S9XRMCoMZ2A)_
zX({EoS{qBU0kjhm%{)Y@gbA}dPEho2-^nP_{xyxl3R{(C!oi@~ily18z0RaLa0~`Q
z-}?ov&mj*bb++L+Cn&la1{QW6ioeY&-ik0^fbt>FeFp7$E%vk?b`~WsQnvbzyglt2
z9`}pj;QLZOF2GfJW`1Ani=s|17tLg$8U+`!R+s>XANYrUg=l>KXV@4VJI=(f0lM4q
zc{QF7gE<z@FTyJ!hnv-i?+gSUFQ;~pYVfl-`Z?LKZ<ELC2>fqt;%le{C3*5Z;l{WC
zFSAqZwN$9H)7C|NkiQGy?ue@E(A}7Xg?|NcL2!wKV2fX9dAtshHJ||p-F=%=!ny8q
z6#06TOF*fvSQIa|E4OQ!zt_m$j8YEAXLb#*=)p7dhKLDe#O1>ypGw~Mhuiss4SE&o
zUCOJU9zDRJ%X0NAEI1iD47H_vlSGZkF~C$89(cGGOkm&MeNlaq=G0Z^LGoC#&+(5;
zaLHJmE~eLwe)P>Soonm@y#9COv=j>${%>Y)XCS}#)W(vgsSVQX`2E(M^D$y3#n~@U
zgV@<MLC-IUI+{qW77bca+;u;vou!kPAOml1;#fUBLKLrq^Gzg|80~UC@f-tgBe6LZ
z!hSFAGxlHF*1eK%!Ow@bpIB$;`|fXMllQR9LFG8)zQI}{0$pC=vjW!LwJ3E+j*sq0
ztw2N<ycu4}6w)T*L@;gxs-rUhFfIg_QS?r>DGaFc@HzP4;aOZH2b_Z$V?;5?hCMg*
zn!6cCC{y}g^m+AoL?$;eAC=f<u@)*RZdAn8*t@_xWT~*WSLRzgqJ8i_u;wrx1UdM}
zKLTPt>(GWM_EJYNcPYf@<v0gbU}9e?eZVk2#7DP4!5WA`!ats|4$w?#x5%*q+n3c%
zu8g*)`*?8Pw5EwrR++0-RmlpI-~+^LQ>{mDE%^ugN=T0ugCc2Ib$OHbSS~)R(7Omi
zjZ9k3U(d1-{M$k<#<4`~+j1kbgN}?&yxq;C&cE~NugdUGNRR`qr}^`}2t-ziw}9Yu
zND&z4NgN_teN~?NfvUpDyi>c_B^0D$$U%w_9IM8HxQLYy){J#z<i+Z6Lzt^x`W%PQ
z0tWKbe=qP$ex=97+^OxyV<mcBH!GieIDchlgbZGjDl$%m#nJ3aCJntxH8c?1jNM1I
zE-v`jQz;A{N}0>v$J|XC2k3T=4g!TR3r2+)_P(#EJsgpZU#ejJ820y9k*w+P@sqnB
zl9o~obFSN-5jU6z9D=9cynbWie^HJCnF-Ek_hYH71W5_lcLsNLo|gKJBcNoqk5c#`
ze{rg+LtS})^(X{gJxq+Am1Jg{hJ6adCBk8!+}{d>I_;u1kC3In1Oy{5Hv>zNHJZs5
znjAml*}FNZQo=Ul=BGBKuJg#6S6Zrl<MFo)yrWxUq%rpONrcr;ig~VIq$~~AG&gzZ
zr)On)NUZwno3N>Zyojk7hV6B@O&_H#+`Ni^H}s&=v1+EevijAm=O*FaVtKKpajjc}
ztaO=b1DMn~BYxd*1Ljzw4}l3A@`qiyNuq=mV%qB(#Sat#fi05rT^EFLO~bNLgjSc>
zSJeJCu>K0517vo(tmJk=ys?J>M|?&{ev!nS5H~cObS#1rSXcN(j8<2c>5`D6w2tf7
zjkvK{8I{la@AP+{l|PZ5ymZ+vIZ)x*a@lgzr?3`tKDAD@Y<ZX2cEA}yezBS96PK(<
z(#Q4dE4Dl>KBNf+PeRun(}CTCE(QK$%Jyv^`vksei?l5pL8gQ{6s0E?fw#I?&W!G9
z+C)pZbxWvq8L3$`GAe}p$97nO+37R48}bxo#dEr&Qg2J#ZMnsBo=g#@IeASh%rv$3
zCyobcB()INWZIHZD`1NqVUEe;JpLx>!$#$~`lfTHjZNvIt*&KmP29<5qHD)>(a~>x
zDT_5fVT~3K%Ybc3xNBC1#@T$N^+~ISZ6!Z%293?xQi>N0^`8#KfX@*0`rA@o@8FAT
zsB`&GEUOCN_|)~=lHXT#bL%f2XZWAqP55N5u%n`YbLctRQH>0A*QR;vQFGqagnY<R
zLBJt){v&=~X>+W1#k`J)!VJdJRaXokyH%~~(F{OUSN8mX&?MrQyK$stRrJN_8j?Wp
zkvR4O{4Z^Vqxx%u2m=IUj^=*~`lcNV5Y9)}4C60QCd=D9OJJjRd!f6-KB(4iLqL0d
z06RKXrX;z+KDpkwUBP~_lcJsC)qGnR83P3c9A(LFOs=@F++QC+{gdCcPuUTcIvlZ|
z1hzapkd$@yJ+ay<ZTk6DZdPFTu&d|sd-nas?`v-m1T#_tbd#ymb~;h6vh!&UNJ&Om
zi>MyfQFU1*rdhojeGzLl{LMmVJLfqNj@w~3XBub!DJCFknUoW~z8qjLV2$^@+>HX1
zzkSZ4A3OtiiMH9G)F{x8-`pxn7O@+>p8bL7A}3@y3{7A@M8Vy*CAVFWIF!T1<e<L~
zi<w?dt3(C`bf(A$M{AfbA*Y)IDM(`yf(c`BV|-z{TUVvoTZZhU;v`S$m6eH^or-#N
z9HKAor4QHj@nYhO`pB5|V<`#PHn1BH3QS3jhjK>DH%dJu5FlvnwyLF0#cSdT1$M6#
zZ18qzTQfAt9;sl^A2aK%_~@pCg>_Qp()DFxmpa6s=1SZ4*=uzdMYCjqo;X(5oMhv{
z(dB(zEBvvp#a1pisvEaXUh>{EKF)%>rO~fl_8B-_Ime(8ne*<ahm9u$3P&uP+_!p6
zvdVy9(PZy}g7jWW?|lW}dlz=t{TIh_6ioV<;UdHqM^_y@8wYhcDs}#x+85>WlnsG*
z=ur;WDhz}R_=p6&Me__0Dnqa)Vm(Gjshb;d)FwR&H(;EMbdzAFeKFCT-Ig4E$-4aK
zGi-#-;?EInxP?iXbRq=$>IBkhmhdo$FOD!Kejf)(j0kQ2kZL;=o?Rn5)dp>0x9TTa
zCPh;SH*Hd8zFU~s1yV6Aqabc3g)G)YP&0~_iN4(1;c@Mm-(~T@_R?w9F6{(DUIimi
zp3cI_mO`0P?HWD-gKBwij}GDE1U1oqsx#4xf_P&!$(ge3=p}rPpg(z7QtSLwVp%wr
z)b0###i4ADrG59KZ8H5jrgmQYIGWL*j+|7cc$#s65id0@KZnq(3&wC@I#!RvrVJD`
zc}=SdM#lo1wY7qQ?%8r4UAkOF<H1gt!y<9Y6UirX>5s^!cBg2nM=0e+U=;dHNa8Rk
z6OSdR1P^6%75kui(xcdvAns#PwNEUe)W6QKvx++Gk|I@P=%B{I!M1%mN#BD~Z&~S>
z$J6!HZEokW811c<M!MF92<^bPRckg)lsU7N<NBt$&ND-R*e|4rQAl-ZUCb@<wwqDn
z8*r@MKH%9|HI~T>=}jB3iJ%ga)vN0pvV7DdI!MQ|gk(^k^%8^T$}3nBR>8|jLy4Kc
zE=NuJDc;yGJK4Q)RVO0FMbi#2d?W{tqrvP2@CjY;agYympLu+8SM^1Bm^UyXv=)A)
z$BGy?QAf}MC3Q9vaj5ue2ht+%CG->!2?Xo*aAjdD>+D7_N2BVDezDXJyMf0#@!V-l
zodn=f$EwhwvPjP_`FNCTC?>YxIjNyQ{JA`OmQ^H@t*Ugyq^(r<Nir@@GPdaSzYR}B
z-;z%tNio<OnCuPFr8zhcPHwI@m4|h#wjU+%IoqWK-px!?G4%{C8<E{i6nasrq5GsM
zZ#QT*akVy?irjlg%Xu7rqN`k>Ox@Jb)%18SEeuX)K#ChV<yN`SzrBNf#b1A-n7Od}
zHLPz=4F8p0_Zef^@Fco9jS*7BiedM=k>AWHY=G3=!Nw39B8L}Up9V)+ma4^A&pH?m
z!ZxP?A|<ry)Ra+lcE$vw82mhIG!T$KP0q22c%@`>Ow92k*S%zgJf&B;)6NY_3^}60
zB^*Tq4Y^#YePB|#FBZNY8^FhrqL)yz@kIB=2}87#%Sz7pTM@ebhNF*?h-zOlGaGfv
zZQ6P7qKX#@;EeeS%nI0kqiA2Vr6}63Y&%v5y0ML^&*z*~kj@ok`vxQmDwUd}iS^e}
z-?Z%5Rm&l#PM70=N&Wo!2i0KZ&gRQpo@dtJqbT)p_hI@y$KO)<o|Z?7aZ{6DSh6Q|
z7^mIEPHEsmt~C?5mubqKv9LdkhaUp=Mz(Idj^K15to{`t%WI)IKst&K+IkpUF;AQX
z+!@%!T`u=%#9)k3%3dq}r~|EayAG?=n8CmH!2&W3?B4C1ZBQT6zER;EY1e2HX~21b
zMPnz^k=2P1?HS_kjP{Oq3$hWmeAr_AEs$0byE-$^?(?#)b(j|LD%@_Pwi*(%LVjlw
zJo$#AvDP=|cR8ud59?1(&_}1XmuVCL<~X{@KF@WEVT1(hQZX7-!-n7=I#-O=w8^|o
z*w96qZj!M>UOh{V+3hcj2VhIFR<ufU>)|`=Pg4tx(@};;bTtOsuNyB$QXe9pmHv*L
z1ben*Fi>HnWoMC*FSQmeJ=SCE7~<Ksz4?BG%_~1rP?N%7Ma5kt2+PT<jlgLH=H=SV
z##9CN@NYY78tLS+1As%>L=5TdT2brdx>Lpwa+1d|$6We068K6Wxxe&F!baQ|&s7pR
zl$NXuC6`oi3J}9TYEA17G5kP5aP5fSaDISnI#xzANK&8QAygL9p|IKcF>Js?yRHxU
zXvzf=6iuHcb=PWBZ^DVxxF3fDUpU6wevU*hwgyKVtY3u>XIdUCa0x^aO19CqYHPS9
zu`dYUXsTy$uB%DR^04ViJd4h7l#|9UlYmL0#XJR0%{SPhqaVrB&z{5U&dg+Rrx@9o
zO385wN^)BuxZOicKQ)$`=k7N#;9Rnz+VF@5%Y`gGshFy8Hw5qg1W|DShA!yJt9nJq
z$TD$(FaiuiWu6WUWb_!WUy*ZE@V4svwd&C@-1t~Z{HSQZ`B<j4+R)e_SuO?d3}Gr+
z_`2&Hq0Y(AZ!WFFSh&^zeEu{vQ+Sg4^(`*Q&xtvC1282DPfQ^tLE4=D6X=TDp~G%8
z><(gJ*A@AOX3QZPVwMQNTn>MiKs)cfbC0;XP9g$wQ(ssw*!|cIBS)~BQVg{XNM;6Q
z;Z4vGuyho7&kMD)b8KPy{I)E0CA9=YS*^)sySa<+o<MZQ2aM7^Td8|wM#S=OOXEL{
zM#8>{t^_`#Wr&9lM#6YQ7DV>6?p(hnyN`!Gj7pUlUK!ybM`VhCQNEdRJw0<yAzDvF
zKFehg>Ukd^J@oN^+6;{FFz;7a!3hiE!Py)C;^8Cbt>|>vA@hw*yV9$+*+F}_|C^C{
z^$4FY6yp6QXa@b-Xbg5FDP(X<&GfJpd+IZhw5H3X1pyX`UgqephJAD<7@yKcmyak{
zBe-1l&h}3?t;+`H{Z5<-0A-Ed?nmf4oZn+6q=JKLD0`|9;b#lCP+P-NR`c8`gG}~o
za_Wop;jix$On;U>r}s_Z#~q-fxnlbMCTVSaw6-|ETsY)HQi$+ZohweoYG;J!#MmYU
zJ-&E}<7=c5?zK`~6X1y;X3s^0gnjdu`^z8PyA=m4zB2}%OVJ><lo2sWr@?)j4M_M!
zv>2-(KV1!c_UG5tvz;-b<-P>67PMe-{!%S$+ge-~q#h{~r!iBIm0yR<I-DC(fu<J3
z&D8u*rwX~k$rE+L#?00aGNF`kA!1ky!p$p_pMoui=*$NPld#WQP@HF!jc9jGt!sMz
zN%~EzGv@?+QrRa$eWsb079m!AW_!Nvr#BSglnu!-GwDwsDzB@Ni$LQ&`i4Q{DVqk~
z)?30pm|>$+-JIM$&8J3`IN$zZby7XCwIYN&KX**xR?3#I`P@$25sP73{J~Fr{&VSx
zWjo4(!WZY0!WRLG+&5_hs+36ennIRCGszV{g{c&nVv<_CY*JB76~&P_B3|dIkxj~o
zswLyq+@`s3IgBXdfGL(JNd6+zp~TOG2=b5kop^*4-kRP~>$H7FNTn$aAkWn2(`%K@
zrFm>^ze(m-JNeWHOSG8y%D)sDXEXClyF~dn{9#!|`|qY&trq!g^80r!*MCE+{w?so
ziMQ>7@&6_Yxnljhy1zm7fOt$qRr3GE8*nPAj(P{1Ed#RkgKMS8Kldx-Y36B97IYsk
z|9}y6IW9i}gPJn_ITCs#0(+!0^=F_B17!!Ja0Fejsus9etsKjEH{|gRobo=RabqWx
z+E&({i>_*%E@=1X|NH^2N9Z7gBRCL{zZm~NrH23ixJRLXwVMH>*4=hnF@c(Vhz6L?
zfp{Y5=prJH88g|6MHz78O^o71L#>V^fpA29VW_j}65@zQ*^j4uK+%Uk_aBf(U@o9>
zNJyvCe618gc(S4%qX--Jg9r=UYJd}3g)VM{2sg3JVv3zB=}QO#SbJNpmK#M~YdHii
zU{sg3c`hw~d2=^L3ugw$bl$tWmJOz@l-DIhqBt!HD{X}KbwYy==H+zrbaN?|>TEYr
z0CKrru|C>d!2)@Ga^_fEG(5+9tE4#&&R_0^_9d@-J|c81x}VBM4}h2AIy2OFiy9l)
z2iDN_TbnQHnDsiZ1q<~HtUsOfO(hHZK(R8@n&|X&-gme5v8YW}j;=D)lv_A@`oA1+
zNUKZ`vXjqpP>7Wn$t?Ru;6+8)qSGP}KP5OAm_7UIg5B&VzSzLZ|8a+!1NZ5<@uMGk
zC%5@!@%x4*mY3luwenb&Jx8X{=A`6&qZX+C^T;Z}lVq*`rMsN|JN}nXopeTxk#y!Q
z1;nHgX~8#Wp%Il5CkUX>H2{TkrZ7rd*OxBTr?aAamEB~ISQMB2*=}#sQIjND1HPa_
z`VzU_VYSd?wZLZglgn<APT_V?<qsE#bUgTR({dToZ?;GClWFh2pSyTHFEvU#<b~Iy
zRA&z%aA6(->%4^}vuEa|9P^noEhB(MO`zY_m{qND#(h`HJd6D$kG_kme5{oszd&i(
zEO$uPV&<4Nk5pW9Y~0A>hUeCvz*EBZtGT4R@XC&cP9DRNGq&SM(;Fuyixh&|s@)*|
z@R`oGyCdd^huhWJ8piCIg>D{fJaRF-E(BkVkmZr9$R)jZlgrWyD^K@hc1=v&CD8pe
z|GW*rcuG~5uTj?g8(^WxCdG#oo4vAFn|A@Rd|ExPvW?j!sPofTRq+M|eN6jwD!arC
z+^(8p%`i9gjQ87zSIaT_w`yIkE5IZBJF{Y3?WWGaHoew93sB1j*FTe;A{Yecfk@wu
zpS8McksjKqHCMF1dFHK)V52~|0NiRI9G!n8<DqvDq8vlB7s4#YXp$un;(*<F{5!X)
zG!0u*IzkL#^$YCXQXw96sn5^@T&BS6tN9<3?x=EFx78kl9q<@v7Iq^eYk{jtMWlHn
zvx?XmohfkLs?*iJ^}-^*-dfbLnYM^8rR>tyZOz2fMkVdBpl=JIp<Mr=4HRk~Ao=(;
z=tN*uFBRC7v4OrJ{t9iKPzbR)=Juk~j(-OU&*ujVXFd0Lcq5K_3C^LRn4HKT3Py&m
zQJ!OhJZ&6|Gzb&3|AO{-OHhn>ar9_Zchau!WviRC`DxWD%D3h_317BbUl44j1a4&^
zGs$RKV+L}b>ga6jc(uQI1uWd|5+t!4_96Io%_HvJhrg2uY)acmo&SFF&mSd9q|{<V
zZj4C)H3V!goY<<crQVd69#>jTx^fJvbGU$-P~^aGpDRPn#1$1;sIRL24$V+`egtex
zE0k}VA5-#zF0nBs%l&y#BhpJ~zUqR^x<O=u9E!l@(xb;H{^6xu0QB>co=d$&7V*PH
zZ=(514Nu-@FP;;Wg?->1LF)jYHi}1_6XDz?5r0lRq0^lXaH8k<3vAvt#)oP8Jqopn
zrAsa?bw*t^03OdK3HpRM0`p{7XB=%X>0D6C*+UeG(3y##xz;tUM1{^fo^F%pfTlLd
z#?dCv%;ETjo#!e$C)Lv`iA+?t?z5~zU%{cd-;<foAx$LdUMLFmJ>DX>v_MGiYDW9<
zxgX|zu<79r0gb4~B!MrWUytBX=pu9m7rpvVIlw0`O1cN41Fb?v&Z6_1mp2eH4<WF0
z&j340zs$qlC(`cBX-pS9LkO6;9B@z*u?&qs4By0=#O6x^MG<o(*fB=fGU0N*({b^S
zu4fj(Z63gf7I`M;gP!!WiSWH(4{$1&IKkzfA<y-n>{GvQB3CrHZWyrJ;VnXLHO@%E
zN}Lo;kSiq2fzh`?=X#gM-#%8;q(d{1S4eY6v`^npV%ZZaTx~x^K8$(CSiZ=xP0G{T
zc0(O^50=d&>c_p$N43*lVIrBX3n(=G{Ivvw*be|0`dVQ&l^=&sB&pxb7BL=}$~X|`
ztZcSIzQG9LxDz1?LIBcJ3y2zUcP~kNIxR=HnK=<JV64ZQxDd_7MI1|YOcVW}I-M>Z
z$Wk>Vx#^8P+vXHHZAm8UFFR3!#hHtX@Y<}(s$-Omy#$v~zLk0N7ajAJ`o~JX()PFc
zWrpRbuu*pK0Y{Qv34&GzdRHoS@k8)D4bmvj40_&)M`F5^D#&F=<StG&G*pq$wDL@Z
z<q2b0V9@yC#N=|d-7(5>t-fRWF}}{L+uiU-6_d--48;;BRMD~TQn3cBij`+7B^`ye
zsH$AndXoEoe5G+SztfZ>ycU7WwiDI7j(Hy<<)HI8pVpN-D@n?jWThZq|4u{WT}l92
z<uud|;Z$lh$3OZR9O6__g_R!aY7J&gMQp7cu&g}vvc7p17lfGlrcBvs#`xN?-!-Ny
z79dY_>gM;60dekYz?-Rl2H}NbCJEz1jbe>FP6mCEO|J<sr;C5@^NSE1ssHkf_lxy2
z5Mg<RQ5Ns_831|Q(qLnoX;|u#g`wjmVi}QJUgij?W%GD<TRf(xqGqqt#$|^4wVk>H
z3_(<5pMGGP-K>)xQsP2Z@yxwywe=+~J8hr?y<61l@QJh!w3q+x(#_Sz9{Bx!pLVXL
z{iT(lg=r-K!a?=*bUB9|;0<!lC|&2+=ND=K(Lk>w>|#mOz~OgdS&|qCbH}A(#|zMe
z6uhN4%e@WH%s+CNx4`g<@yk+@jM2&i3I*YUczoxe{`UFds_i7|K$3OrDWvUK^)PS?
z(^0gc@Mr-vEMRId6m`k1!K4<uL_+@{{U)K6$^fyjfN%><YF5x{pZcN?`TSz}hUt7!
z+D`#MeVosNw7N*=GQSx*#(ubb(EjBgu8Pk>hmkN3)Qk5^@QXnC&?+bWtOgAP#?ryk
z<U^i0r01a^8N?ogeCH4cAb&z_xs8ve=JoUsCvxBxJ2>-yqkXeE_ZvHcB`Ny<X-@Ph
ziHnV1U*WL}-v7Q;hHs%M`y~FR5<3<;>#a<B?*EquPc&9EFzlk`vG`LCBDJD3M+ymP
zq7M*zjTE4v(E225fMIW_?6L0$1dT^_i-z-GT4jl4WhC|iF$7{@Km`*u&)6BH_|1c?
zu^Gf|gy!=N!Zl^=B1D>zmP1R>8^$}PRZmr+)@s90MQEgqYX4H|wG8~Ib$fDbyeKRg
zCr8v{0HDv)uS^-HK1K0?s1#GqxSF3QK#J<u``IJ%)u3HsprGOj|M27oK3m5o+|c;n
ziFB2yvuV9+-gGXRhod`{wM8)mjGCd{WiTEoyArs$c3PnGK}ygm2b?Q73dW5bI|?^x
zKwHk2`ZYl4@^pA(b3oEIiX9I{Lro__+y)L2Z%Bxv7^8$()&J$06m$WX8K(8e8a7fM
zl8^#(y%4YM<2f#}py)DA`UoZjZabco^A8SpCzXIIU5NyQjenkWgQEa=!JL@<<5V+^
z4RHa|CnYML4|au8C`jQ3^vw9R{C1tpu@}VDAN|ScICm(2btQt6;$5Wd!0CE{ZZ7jg
zE|`)-Cw>A|7|!-3K+AsTY$58G27<7Yzi!9C&IH3NshKKtMbEHyh%yHtJl3+Aey;<O
z_hCMFaX8q)wNc~x!ddo7`N&ocAE=3T0oS?2nRqxXZ1|xOtFGWythPwP!B&q<KE7r3
z38YRY#E?vWt)3&Ldh3xj2R?F~)4hI?YhCQwC{N+N=HpS$i@!8n<Q8G&Z+gH4hiKRi
zDV%IJLWD7#PE+7G4=M)go`OSO$`71cdE8RJ{CJ}IYqBKjP$Hn!Q;YCUl)Epvn{#BQ
z{oKXU9D1{O?c&Cn8|-lH;zt##AVO0BXDVhySbZ_!b)#jmv<DH>Lh59(yqb??B4IeD
zm9F)fMrB^tbIcgRMuM#3d^gvtS4S7aPR#7$h;)>PH|;*1>MMn6A&JiwkKa5Ur9(F%
zL1dS_1Db1u`Yo_*JP-F_C^XB9Z1L%C4q+orHgXL8I<FW>1Qz<vpaK)mfSi-?zDs`e
zQu)$$;H^}h7RO3fVV+F+1vRAT;j6QV>x`W4jrt?5EU|8G;!NSzWeNG&Hjli{v-u-D
zK|+c?Ehk)<>H{WSI-Kn-rf=uD{+^_AaB*JD!npc%U;;R6;)=QgB=CEuocaaljF4O^
zzh3^FZZYf2_(J=uj?=7+#$yjMqav7#SK`)IPa+SN+=qlo_e!s_>W_|fWSCEG>IbO+
z4~)$s6yV~rwtl@A73o)$Yk~A`&@)zpUu5o!>pQ^bK5JG@s%yBlD8XJoz4WyhRr{-`
z?Y1%AV;Q(Y+WnWiWpoZI&hV+9#4!9`FijOI@(C?1UzJ^>n9lL#QAP-l!i{zRSv<6R
z-q_H#O;B*_X_3TXT$HKUC@(K30Wj4E%Fq<+eqfFlpWALXdOM@zUE?2&^x{Qy^^Dtt
z*Y?F&^c#zfut^`~ypB85(1^?KWviDYa?{pmRuWi<*D~0!==#k1&d;P@9dzR${4gPB
zwpXZ4yV+KSPcXZie_65QSFS_9K!xMM7Tp>3_QvsJ%!ks=-y`(=P~s!T>LVL`=9Fn(
zwrA;<@ShpH%kZK^?dCHz9;K;XWzc*$k8w!=)r;%MyJB`A{(L~!RKHz5kLw!7l}#vm
zfdT(gIdpqd2PW;L{|mA*)jiC@ld6k!y~x7Vq+SD5%{FE28WGgeY&{kY))D6f*D25Q
zZIKpb)^m&1>KPLxb=G4OC^kX6rCPowoo~yKCR>iMApU@GvgktHya9$ou^;6|xY1)2
z77Yy*2*QhNRl*Z61(u(lX+Cs`!LhAByn$as6T5%IiG(Yp|Eglf<XL}k(R}RwW@F=y
z+RO8*=lZ?eicIn_#0!#~A*UB5p~{*ZRw%JglLKvw1wsGbZ?0mvA=_~=asMFFpf*kF
zpHw;=S!h{(R{sYi3vY^o|4K38E;3jtvRXp9UJK37oet!|?4^8d%u-74{xAAyNE@(|
znv*NaTM<LzDsv5h{yMRHQz%XD6JyK`1gdQ99^0KEvb)le7|ItCheNxSNf@f|du9+C
z7FEMEf#(UX6U=qoSM2|6_N3muoBD_Cm$bSU{GKuc;291Ed3o$*N}E{5sG^67{YfvQ
zfF{02+?Mq)dRTE0BLNQZ$tbofYytDR)TR%{lDT=&5Z=Xl-Z-49b-KV->-rG+vBMiH
zNSRL~4z>Ds_`*DKHWA$IFyjUaiNWXB=oR<b80)wf=vgV`q)La*<ez8il>PVpNREz~
zJdb0>;6p5v6{Ap$$6i?8IF(M#@^o+V%BY6TpW3(m|8$-~te>WSGA)dn=IQI+0JCc+
z1Y5UG&yN3{fgyr)pIgp<tDZRid&Z#<<Vdjf3@*;{sK>UQ2yMG@mf>~r-@em=hB4Fs
zPb*keoJx*#qEzubR$|G;*rVNlJ}u6i+w3bM2#6>C|3n4uC`O>oe;pP>cTvtnX++y$
zFws|ab+tA7kWz5b7Keh1RemB!_9(Q5T@M&c7%-2FA?<6G&u6~%6Ya&Z<`zguZ-j1N
zUEO57^4w-*X9xj--;nh%YI{#dM+)aj25BoK?+CuStuN0U+pt}!hZAcsK7(+$L-+A|
zi75A`YLcPL<iJa2*)HkboiuxK8?Q-D{&iOTl%NYGLaqzlY6Q8{FTaBh{P4_$HD%OY
zcb~$!d%IXdHS7kgQMpUqONt_q(T`IV=m1v+Y0)SHZble-$O5~K0^2rIKWMWmiGqJM
z;aQ>xgP>|q589cvPj-(Q-~QFwVzNdrq#xNZy(E{6RzPeFY#v$sNQj|a;fsnxzI(QS
z{VxM!EhB2fwQ1s@ODoItDdL!WmT2NhHhUwuspBfFUp5T@DIKRY>vG>{lLz)G7BuoJ
zwpEerKA-82becp1o*+DJ>_L7^2=fnU_9O77RM<8@$jNktpD?X$roUS71EkVyD%j1m
zi;9B(0p=z`tb2#kAf~F~b4j)G>2^Cov%uDKasoo}w8VVriKr*Tw%&Zqj7~!Sy7;1^
zYXoZCSciBN^qHn`ZBGtWsl93LukGbpBV!*@Rb@_{ngsW<rSHw}_5RX3#FNI_{X3+7
z16A59s;@I;)KWF>#*s99n=UBvfoEUa;`FK47AVK3Z(Kk(<sN)Uu;1-5%!H4weabTI
zP%mx#+POv>`VMK%yB0i<nz}jm8YpIAWL$4p8`EqMjr5~v!sCqSKbz8jX?EcIS9ebM
zf4~JpWTb!S66hqu3jCz+7z|)dSW_f%AeD&9neXq6e?_O9##}W}4M+#No~Zo)L&l*9
zaKk;`f4^kuygXihgMla-#r02`yATQ7YmZT61}n8^KmJIQFra0i)kr61LM69XDRPuf
z%Ww>sQfAzy_3+`v+SvC`vx<*mRenZ{rYe)+FRhOGb8<>o1JfoC4lLp|Q8h!ZVWpYp
z07yBY#DyLjqm#Ft%nC9?=7gD;Q5ew0z{kR7g;rohjNHvfHj3lzM9_A+B0g#t*@*@9
z{}HX0C=Zbt-1H1+v=)mJxzxka&}Zhp+WrDpM_JLG{nPm;I$-s3wqsAM49srLc&@FG
zsSi5S^wPxDXRWkHj_AgJiOi0$SLF4XOF4+)uII;p@9csmNs#=Xu4Mh=zwZ!?83ZP2
zzXTmw?U#$InVqt;gQJ<VtCg8cl4BeW@PByXSOq>O)TX9nQFNFeHunGU#0U(YKcfCc
z84#4Am^@i|WI`3q8)xJJ+WL)Ocu)OW2EQ`trvMLoSx7zacwbm6zN#CgSZU@pQ&aCR
zzPAo}yMO;2Yk{QA8Ljy|n6|eiR65#dv@I{WPE?jW&`jF2*oHy1oZ>3f(Lw{$22i%J
z$ZZ{W>v0DF&zlND9Quc`Ob->B+m;Wh#&kr5&d1KptP&lKZ9ffd_z-{i1>s?(MC!Kc
zlN4XC!04kblxYWJQI%0fNorJ=_(cb@oSD@zFgPu`gNv;sJ&Wo;RFc77Cbj}ZF(=}_
zh1nhC;t&HEzIbjDwXMUM;e~)lHeGv;tp?ha{OFqb#^J_IjDbO#@TZH90(P5p<wk57
z*FX8{a|ZBV@!+~R1|7eU%S9}(JFGk1?^p(fd0m)dxns}6_Yp!pdzBCdi>*I5hvP54
zxh0t^54jbYv)5d@)6zndct=vo?){V~T9*+g0?@lE_Ss9^nBNUh9nOK$dv>AWhxfFD
z6#^xKpSd@D+*JeQIFJmZj}rJa8ls@5H2WI&ZS<fR#l2ME(?j=+l*#+v@S`sg?55a-
z?!@Fs{Ns+!d3NU*iipl*qwyjA%+A`i1%3G_yO_g8#IaG>G5fxHg^_xo<z{>apOW%|
zOow14uOw#3p6V1%SNXsjPT39#z4-#;Op=pZXA{=Qs?W9GHMIeh)t^7o0(woLngo8H
z4+<`;3k_TF3ii8&u70}@15*aHJ6uf>^L}bt?G_vGHDOJ#Bov{K;>*h3QRG}&gQA@e
z9uuwy{Gu;!pid-0$Sm*--v8_BhG$5_$izneQaowLRi9<@l0X3jTqMppT7(t&mgqZd
zDr(dm2mtDIXaq9!9H6->&ZG}aZPHH0aT{I$=!Spg<h)&b>V87(Dkm)+bc$OZ3T-qn
z!O<S``PAw0D<k20zJyErj^%_tt^6|c$fD)F87RE``LAN@<Dx7ib}K)N(HSvli0Zj$
zpG+1Q%A5124_OB2KW&S};?fhuB^GUG!u;A5<+P}Gwx^B-<HF*QzK%E(%#C#*8vgVT
z&bc+w(}zB&Ccii;1%F}^o{?ZfV$Z+*F`0k6uN}@bbuJyQE9CH<!ACHT)*&8<e4JvT
z+k2clD<qa&569HmX5-#qVonsDPT+%g5QfaZD)LNmoYqH=Q(YALJN>MiD!w1mEJvir
zW2aB4yS38ZKex_!?|*;5l|zc^%zwxkMacgz)ng?gr$HrASK=q_C1C*z{EtQAsZzj)
zn*syk<Lx@T3H5F>J8fjxA4I<3d*+5lhOqoVgp!?FJjzN0Y?J=AZu#rr?qUAAdP^kq
z!-%j2#;2oW!dx)?7og3^T15{9j>1Wj-ZG`KT3Kyn$y9=lHG4H<puC@1yHv7K**pZU
zNRwqK1yuu{lT5S3G(;1a#5&vmFbOy8gWK#ivM<LW(GOE3pX8!fDBC!Z&RB&yvyx%I
z2jI@jP?$AOl+eTy`tV1-J8jA|Fq$<BK?%3+NKSMGsB2%SmMzmRs@>9e)>KgFRGv=@
zc=wADdn#VCmndt<5**Fy^goF*{V1TuD`h;j(UT&s-&L=ek|zL~ziK8}$2jZ<zy!bk
zHJixr8NKe{TB1k8w$GVJIsZCPt<@yi^JUVik>C2=^h57nb&+Xj0;6<U9@I3hPdbOz
zIU&=wjAFi^*61l%_%^e8;)FNgM*B<Jp9K3Q2+RIZ)4-I=<HchZ(WP_!cN$ckyDu}X
zKau^j2vRi4nTITJ_|@WVuNEW_ql-zn?|~4S+2~gxhzPXPZ2^ce_R$U*C>SK0M{Not
zdZz(j4-L_ilW$;OzN@|ih7mQU2i-~jJ|$tSoAseoPDM>*%W1v2)MgWKlT^6ZZHGNF
z8c*EwJ6_0X<CF^kr8xu`iPa85mNaN>#_|qDK*Y&GQL+Wb5n00*6lHD1u^afa915W-
zT?Loj+aB5k@$jc%8FKd!@1Q<G_aZ6Kt+nj7{MbZX!_3-kTJvfWdAcjz_kfeKnv$K9
zL>nC~E88_D_bL04aMukP?cxyVom601|3fVoQoI-RZwN7@6Q2ln#~spKR=Ry(6IxzC
zF#%G+G2D|id5_3Z6hUrCG9IDR-DvGwThMI#;US{nZ6p)-TOnW1-kx0TTX2w&(<l`_
z|6!yO?^`3E;Q1b1{Y9XXZ_A*~T@zTGkq5pH0jJ(wd5}<$0@s#3{f^w1yU73bOFlsX
zAHVsx0Z{%w^M6m}0>1xm(aP0F71hR_K*TMY<5a+Phx^w{W=@t17gH^mSK(im&ZG=(
zHY+&j8`#KC*<lO_6?NrwP1=W`)4L#G^5~~|BBhlY(&^FBjQ6dd$NP=<Yd7#u_cNA1
zLfbU6`-iK;<9MGxI?;hOX*~n75~OHATk6bMr0GN^uA&VPM)8qXtIgCAfS(-g=o3F0
z7Hzu$Z7U}m*)J9#Pn(^}YOJ%i2d2wK0m+$IyOTXi^*d4&Z6qJvfJuERx!SpQ(mK*S
ztld7IDbvAzV{Hjv@ovA5h6_80s?zM4dzXwZn<W3dLRvNr6*eyVOqFu*d5lErhVb~l
zy5gKsos}NQPl+IhBB835a1-#8-@Zdxp_H{lGP86FA(VokMR6rLMS6DW%RTfRf?@RB
zM@nsl)I=V4*-1fRf+jRHcKy)mw_9V!bOA{7Sf#DtgtC^Qb)64B0u&DI1s<Xo3lW@v
zV?k*A>)CXO1mRNQ2prSNv<OD3=l%%(ee)C?(n%z+4g-GYfLl*nLgYbZof%=%Ef4GU
z@CTCSpb|cHW-@i~sRRfdzv(ea=r7(h)K2J98z|S1f|j0wB4OYXI>ye;Fm5%5KQCx;
z+dA2~9tVLR*2#}wl3kX<%G~y*mW&hYC(@b<wN;6Uvs*9pNTw18M|t7--Qu*2!4+dp
z7TgNJ2xI+qQgo^8D4ApPBVh-=Vf21pq|EwU<A8oSde)_-H0!7iyCF)Ikm+QjLh1ID
znRvW7W_sBa01BLeEe89t3ErTdNYdb&(?NlsdH8Qg{Rtm9cjyzVO9oc+4pVKtktXRq
zrz`Y=CPle?DORZMH4e5P4SU0cQ~^}xUM?%ZO@b<=gk6)Wc@e9@6NY))jTppGvqgEO
z8n5}|wOjKwFQw$C>49;<ei^2AR&%%JU6^N(oMbd-O4;cUzGXh~?qJfZBsRr)6GeGn
zb~|(hp~Jm6^nHSdkFq;Ns>C3o^Z~v_7$_x*N|I|v`&i45IX|B1=4vaVd3PpNY;;~A
ztC*Q@XS!v7{8;phXUsnbA-TMXmOWsCxte$qib6tBnljH_wrg(qy)J~r(YKJKiI^@L
z32i1F<J2-KO$8t84y{<9TEsz<gC=vk$SKz;bNLazfRmw${HxOZL!#*Zv?Hr`F7jJO
zU+(jA1=~%*KAZ9UPEkeQGvPx^b#W1xsN?5=f0OP<mn_7@bclguFi-{G|998;6Uxm_
z95?@E|LJ^HfIEcC@(@csa)E!czNziBsVbvdMzTHGeZNK&X}pzu^kkDTdysEQV{#jn
zu}jJnZp4xZYfmE8j*e(g3~6Un>U~UBL+>rPfVS4sWYUk4F-yrQH&d^$snQ<kGgIH9
zS49o%=|N`fHC<aTc@LwYnEWPd<T)cc7`>+bh=Grrl*yp_Y6P_G42ksY7{XDy!@BpD
zR7o?eFWUQz?llUyQc1AcFyYNn=wV8H2Y518w=C)>qG}Dt!QVs|<Ef*&q=rgMUDEo!
z>`{G*hTt>yKL6|Aws-73L-7Tq6n*O^57tyDvcRy5%UYtiLUv~R9V`;&h>u37{T3v<
zEBXKCudNlzz882L^h?Hd@5OHmzJA%W>qTRDqg3I?%i+B{zU6xQGfmPHm>A*ke=<XH
zBCA&BxA(^qk_|+9dJmg--ilb0Ez_N!^wL*nf9F&&Ih+3OhY1#DpWSy{V3FGvP=7yD
z(Ph50PR>Wu%L&yh?jK4PyH&G0^GizJmh0C&7taf*Z*5)C+PrUhW`)J}iYwoBdLQi!
zymZKrJCpl-q=9Zvghi#~YAfIYX<?Pp>mtHkldpVts$g2*daUr-xl%9PhOn4}vooBx
z>sA*WndWYo;?1g_Qz?|5Q#tKlD@&m0iOKa%0)at}MK@K>9kr5nK3KR%deeuEts7sf
z9Dg_AUd*L9mK#SdF{`(~aW#FXyi>J;`E;$gPED!!y#?=?Rxim}-+3Z4@##G+!MZhz
z50xuMN%s8Om$^jdSm8%LMah3l>iHvAE_{D<+mdXX^!xL>&-kvnt+rg?s><9=mrW;J
z&Qr=2>`l|(aq0Wtdz>+x-?%TZ)a{LWl(}xNs*L|lqZ_YV_D(#0Z&u%0rJSw3cc&kg
zTTm!^QnsnpO-XUv+E03`riaII-*pXraqE>~$i|mBB|)aSMoyPc3anhatYF66U$rZK
z@Pj%~f{}?Yf+zRPUCBB*p(;Xgvemp~mc!G9W=>u>PmIY$U~=F*naQ;RqLUx26kvti
zt^R+WC=<UhSb~26`(%G%X^^B0`1WXE+bx!zfx(6Wc!UWYTo#2Z77<ecD+b@g$;QBt
z1RO%KMNwQN2~}*v3b{`)V1X#pQ3bdOT?<TP5LeNm>uynoD+HdCGWoQ!JlHzW4QPvi
zy~J8z<!XUq-FY<>4dn~9WW=t+?#W_cFh)`QKm$p!HY@l>rpW?}M47_1;Syepv}BO)
z$+1T<Azc@)aD%QoI8ecNPfUIfG$p_QDhawyhac>4#Ch@z3~DGQ#h6Y$uviIrMFm75
z_%L*!57z*(4vNChmOzE>vXH}}85rgOPp3!q)hcU-$qx2Xliyn_gY1-rpH~bFEJqZh
zgzZ5py}_#B$KL`~*`cTsa%7ln@8|(`KjI`-1_pf;RUXchA1oD}+`rUR8gbAhx`j5A
z?=OvI1)s+^*>RaD(_NscOXVhOdMbiVM;w*|Je&{3bX^~yLfOd=mdVS&4_g5`R2N0j
zt5C2L43-<qAT|vEkKRF1q#glP#5Q@>axH1|&#=Wr3=B#r3YSm5zuZm+d94eoZBHsE
zKUgk1*`f-PT@V9^3=9e=25qVaDwLVLbA`MNVnm36K^{dBLpRu2{@vi5DT5dWK~E<W
zd%+6hSL(<hdRGh#z=0BY{$yYf>IW&pHfkaU4roNf6g>=uCr>T__Rcg`=}3c15@4P_
a%EQ2*fnt2><os0*Ttd7I4B~S^wgLca-h3he

diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index cea7a79..37f853b 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.12-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.13-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
diff --git a/gradlew b/gradlew
index f3b75f3..faf9300 100755
--- a/gradlew
+++ b/gradlew
@@ -205,7 +205,7 @@ fi
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
 # Collect all arguments for the java command:
-#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
 #     and any embedded shellness will be escaped.
 #   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
 #     treated as '${Hostname}' itself on the command line.
diff --git a/src/main/java/net/ripe/rpki/domain/ManagedCertificateAuthority.java b/src/main/java/net/ripe/rpki/domain/ManagedCertificateAuthority.java
index 46bbb0c..34b1952 100644
--- a/src/main/java/net/ripe/rpki/domain/ManagedCertificateAuthority.java
+++ b/src/main/java/net/ripe/rpki/domain/ManagedCertificateAuthority.java
@@ -66,7 +66,7 @@ public static EventSubscription subscribe(final CertificateAuthorityEventVisitor
     private final Set<KeyPairEntity> keyPairs = new HashSet<>();
 
     /**
-     * The last time the ASPA or ROA configuration was updated. This can bever be equal to {@link #configurationAppliedAt}.
+     * The last time the ASPA or ROA configuration was updated. This can never be equal to {@link #configurationAppliedAt}.
      */
     @Column(name = "configuration_updated_at")
     @NonNull
diff --git a/src/main/java/net/ripe/rpki/domain/alerts/RoaAlertConfiguration.java b/src/main/java/net/ripe/rpki/domain/alerts/RoaAlertConfiguration.java
index 4e37afe..a4647b2 100644
--- a/src/main/java/net/ripe/rpki/domain/alerts/RoaAlertConfiguration.java
+++ b/src/main/java/net/ripe/rpki/domain/alerts/RoaAlertConfiguration.java
@@ -2,6 +2,7 @@
 
 import com.google.common.collect.Sets;
 import lombok.Getter;
+import lombok.Setter;
 import net.ripe.rpki.commons.validation.roa.AnnouncedRoute;
 import net.ripe.rpki.commons.validation.roa.RouteValidityState;
 import net.ripe.rpki.domain.CertificateAuthority;
@@ -34,7 +35,6 @@
 import java.util.List;
 import java.util.Locale;
 import java.util.Set;
-import java.util.UUID;
 import java.util.stream.Collectors;
 
 @Entity
@@ -44,6 +44,7 @@ public class RoaAlertConfiguration extends EntitySupport {
 
     @Id
     @GeneratedValue(strategy = GenerationType.SEQUENCE, generator = "roa_alert_conf_seq")
+    @Getter
     private Long id;
 
     @Getter
@@ -68,6 +69,11 @@ public class RoaAlertConfiguration extends EntitySupport {
     @CollectionTable(name = "roa_alert_configuration_ignored", joinColumns = @JoinColumn(name = "roa_alert_configuration_id"))
     private Set<RoaAlertIgnoredAnnouncement> ignored = new HashSet<>();
 
+    @Basic(optional=false)
+    @Getter
+    @Setter
+    private boolean notifyOnRoaChanges;
+
     private static final String EMAIL_SEPARATOR = ",";
 
     public RoaAlertConfiguration() {
@@ -81,12 +87,7 @@ public RoaAlertConfiguration(CertificateAuthority certificateAuthority) {
     public RoaAlertConfiguration(CertificateAuthority certificateAuthority, String email,
                                  Collection<RouteValidityState> routeValidityStates, RoaAlertFrequency frequency) {
         this(certificateAuthority);
-        setSubscription(new RoaAlertSubscriptionData(email, routeValidityStates, frequency));
-    }
-
-    @Override
-    public Object getId() {
-        return id;
+        setSubscription(new RoaAlertSubscriptionData(List.of(email), routeValidityStates, frequency, false));
     }
 
     public void clearSubscription() {
@@ -100,6 +101,7 @@ public void setSubscription(RoaAlertSubscriptionData subscription) {
         addEmails(subscription);
         routeValidityStates = StringUtils.join(subscription.getRouteValidityStates(), ",");
         frequency = subscription.getFrequency();
+        notifyOnRoaChanges = subscription.isNotifyOnRoaChanges();
     }
 
     private void addEmails(RoaAlertSubscriptionData subscription) {
@@ -124,7 +126,7 @@ public RoaAlertSubscriptionData getSubscriptionOrNull() {
         if (email.isEmpty()) {
             return null;
         }
-        return new RoaAlertSubscriptionData(Arrays.asList(email.split(",")), getRouteValidityStates(), frequency);
+        return new RoaAlertSubscriptionData(Arrays.asList(email.split(",")), getRouteValidityStates(), frequency, notifyOnRoaChanges);
     }
 
     public Set<RoaAlertIgnoredAnnouncement> getIgnored() {
diff --git a/src/main/java/net/ripe/rpki/domain/roa/RoaConfigurationRepository.java b/src/main/java/net/ripe/rpki/domain/roa/RoaConfigurationRepository.java
index e5c1a76..e46684c 100644
--- a/src/main/java/net/ripe/rpki/domain/roa/RoaConfigurationRepository.java
+++ b/src/main/java/net/ripe/rpki/domain/roa/RoaConfigurationRepository.java
@@ -1,15 +1,11 @@
 package net.ripe.rpki.domain.roa;
 
-import net.ripe.ipresource.Asn;
-import net.ripe.ipresource.IpResourceRange;
 import net.ripe.rpki.domain.ManagedCertificateAuthority;
 import net.ripe.rpki.server.api.dto.RoaConfigurationPrefixData;
-import net.ripe.rpki.server.api.support.objects.CaName;
 
 import java.time.Instant;
 import java.util.Collection;
 import java.util.Collections;
-import java.util.List;
 import java.util.Optional;
 
 public interface RoaConfigurationRepository {
@@ -40,7 +36,7 @@ default void removePrefixes(RoaConfiguration roaConfiguration, Collection<RoaCon
         mergePrefixes(roaConfiguration, Collections.emptyList(), prefixes);
     }
 
-    void mergePrefixes(RoaConfiguration configuration,
-                       Collection<RoaConfigurationPrefix> prefixesToAdd,
-                       Collection<RoaConfigurationPrefix> prefixesToRemove);
+    RoaConfiguration.PrefixDiff mergePrefixes(RoaConfiguration configuration,
+                                              Collection<RoaConfigurationPrefix> prefixesToAdd,
+                                              Collection<RoaConfigurationPrefix> prefixesToRemove);
 }
diff --git a/src/main/java/net/ripe/rpki/rest/pojo/Subscriptions.java b/src/main/java/net/ripe/rpki/rest/pojo/Subscriptions.java
index b812f86..562c741 100644
--- a/src/main/java/net/ripe/rpki/rest/pojo/Subscriptions.java
+++ b/src/main/java/net/ripe/rpki/rest/pojo/Subscriptions.java
@@ -1,28 +1,31 @@
 package net.ripe.rpki.rest.pojo;
 
+import com.google.common.collect.Sets;
+import lombok.*;
+import net.ripe.rpki.domain.alerts.RoaAlertFrequency;
+
+import java.util.Collection;
 import java.util.Collections;
 import java.util.Objects;
 import java.util.Set;
 import java.util.stream.Collectors;
 
-import net.ripe.rpki.domain.alerts.RoaAlertFrequency;
-
+@ToString
+@NoArgsConstructor
+@AllArgsConstructor
 public class Subscriptions {
+    @Setter
     private Set<String> emails;
+    @Setter
     private Set<String> routeValidityStates;
+    @Getter
     private RoaAlertFrequency frequency;
-
-    public Subscriptions() {
-    }
-
-    public Subscriptions(Set<String> emails, Set<String> routeValidityStates, RoaAlertFrequency frequency) {
-        this.routeValidityStates = routeValidityStates;
-        this.emails = emails;
-        this.frequency = frequency;
-    }
+    @Getter
+    @Setter
+    private boolean notifyOnRoaChanges = false;
 
     public Subscriptions(Set<String> emails, Set<String> routeValidityStates) {
-        this(emails, routeValidityStates, RoaAlertFrequency.DAILY);
+        this(emails, routeValidityStates, RoaAlertFrequency.DAILY, false);
     }
 
     public Set<String> getRouteValidityStates() {
@@ -31,30 +34,17 @@ public Set<String> getRouteValidityStates() {
                 routeValidityStates.stream().filter(Objects::nonNull).collect(Collectors.toSet());
     }
 
-    public void setRouteValidityStates(Set<String> routeValidityStates) {
-        this.routeValidityStates = routeValidityStates;
-    }
-
     public Set<String> getEmails() {
         return emails == null ?
                 Collections.emptySet() :
                 emails.stream().filter(Objects::nonNull).collect(Collectors.toSet());
     }
 
-    public void setEmails(Set<String> emails) {
-        this.emails = emails;
-    }
-
-    public RoaAlertFrequency getFrequency() {
-        return frequency;
+    public static Subscriptions defaultSubscriptions(Collection<String> emails, Set<String> validityStates) {
+        return new Subscriptions(Sets.newHashSet(emails), validityStates);
     }
 
-    @Override
-    public String toString() {
-        return "Subscriptions{" +
-                "emails=" + emails +
-                ", routeValidityStates=" + routeValidityStates +
-                ", frequency=" + frequency +
-                '}';
+    public static Subscriptions defaultSubscriptions() {
+        return new Subscriptions(Collections.emptySet(), Collections.emptySet());
     }
 }
diff --git a/src/main/java/net/ripe/rpki/rest/service/AlertService.java b/src/main/java/net/ripe/rpki/rest/service/AlertService.java
index ae94deb..9ae5023 100644
--- a/src/main/java/net/ripe/rpki/rest/service/AlertService.java
+++ b/src/main/java/net/ripe/rpki/rest/service/AlertService.java
@@ -15,6 +15,7 @@
 import net.ripe.rpki.server.api.commands.SubscribeToRoaAlertCommand;
 import net.ripe.rpki.server.api.commands.UnsubscribeFromRoaAlertCommand;
 import net.ripe.rpki.server.api.commands.UpdateRoaAlertIgnoredAnnouncedRoutesCommand;
+import net.ripe.rpki.server.api.commands.UpdateRoaChangeAlertCommand;
 import net.ripe.rpki.server.api.dto.HostedCertificateAuthorityData;
 import net.ripe.rpki.server.api.dto.RoaAlertConfigurationData;
 import net.ripe.rpki.server.api.services.command.CommandService;
@@ -55,70 +56,42 @@ public ResponseEntity<Subscriptions> getAlertsForCa(@PathVariable("caName") fina
         final HostedCertificateAuthorityData ca = getCa(HostedCertificateAuthorityData.class, caName);
         final RoaAlertConfigurationData configuration = roaAlertConfigurationViewService.findRoaAlertSubscription(ca.getId());
         if (configuration == null) {
-            return ok(new Subscriptions(Collections.emptySet(), Collections.emptySet()));
+            return ok(Subscriptions.defaultSubscriptions());
         }
 
         final Set<String> validityStates = configuration.getRouteValidityStates().stream()
             .map(RouteValidityState::name)
             .collect(Collectors.toSet());
 
-        final RoaAlertFrequency frequency = configuration.getSubscription() == null ?
-            RoaAlertFrequency.DAILY : configuration.getSubscription().getFrequency();
-
-        return ok(new Subscriptions(Sets.newHashSet(configuration.getEmails()), validityStates, frequency));
+        var subscription = configuration.getSubscription();
+        if (subscription == null) {
+            return ok(Subscriptions.defaultSubscriptions(configuration.getEmails(), validityStates));
+        }
+        return ok(new Subscriptions(Sets.newHashSet(configuration.getEmails()),
+                validityStates,
+                subscription.getFrequency(),
+                subscription.isNotifyOnRoaChanges()));
     }
 
     @PostMapping(consumes = {APPLICATION_JSON})
     @Operation(summary = "Subscribe/Unsubscribe for alerts about invalid or unknown announcements")
-    public ResponseEntity<?> subscribe(@PathVariable("caName") final CaName caName, @RequestBody final Subscriptions newSubscription) {
+    public ResponseEntity<?> subscribe(@PathVariable("caName") final CaName caName,
+                                       @RequestBody final Subscriptions newSubscription) {
         log.info("Subscribing to alerts about invalid or unknown announcement caName[{}], subscription {}", caName, newSubscription);
         if (newSubscription == null) {
             return badRequest("No valid subscription provided");
         }
-
-        final Set<RouteValidityState> newValidityStates = newSubscription.getRouteValidityStates().stream()
-            .map(RouteValidityState::valueOf)
-            .collect(Collectors.toSet());
-
-        final Set<String> newEmails = newSubscription.getEmails();
-
-        final HostedCertificateAuthorityData ca = getCa(HostedCertificateAuthorityData.class, caName);
-        final RoaAlertConfigurationData currentConfiguration = roaAlertConfigurationViewService.findRoaAlertSubscription(ca.getId());
-        final Set<String> currentEmails = currentConfiguration == null || currentConfiguration.getEmails() == null ?
-            Collections.emptySet() : new HashSet<>(currentConfiguration.getEmails());
-        final Set<RouteValidityState> currentValidityStates = currentConfiguration == null || currentConfiguration.getRouteValidityStates() == null ?
-            Collections.emptySet() : currentConfiguration.getRouteValidityStates();
-        final RoaAlertFrequency currentFrequency = currentConfiguration == null || currentConfiguration.getSubscription() == null ?
-            null : currentConfiguration.getSubscription().getFrequency();
-
-        if (newValidityStates.isEmpty()) {
-            currentEmails.forEach(email ->
-                commandService.execute(new UnsubscribeFromRoaAlertCommand(ca.getVersionedId(), email)));
-        } else {
-            // Unsubscribe addresses that are no longer in the new subscription list.
-            currentEmails.stream()
-                .filter(object -> !newEmails.contains(object))
-                .forEach(email -> commandService.execute(new UnsubscribeFromRoaAlertCommand(ca.getVersionedId(), email)));
-
-            // If both validity and frequency remains, only subscribe additional email.
-            if (newValidityStates.equals(currentValidityStates) && newSubscription.getFrequency().equals(currentFrequency)) {
-                newEmails.stream()
-                    .filter(email -> !currentEmails.contains(email))
-                    .forEach(email ->
-                        commandService.execute(new SubscribeToRoaAlertCommand(ca.getVersionedId(), email, newValidityStates, newSubscription.getFrequency())));
-
-            } else {
-                // Either validity or frequency changes so these guys have to be subscribed.
-                newEmails.forEach(email ->
-                    commandService.execute(new SubscribeToRoaAlertCommand(ca.getVersionedId(), email, newValidityStates, newSubscription.getFrequency())));
-            }
+        if (newSubscription.getFrequency() == null) {
+            return badRequest("No valid subscription frequency provided");
         }
+        doSubscribe(caName, newSubscription);
         return ok();
     }
 
     @PostMapping(path = "/suppress", consumes = {APPLICATION_JSON})
     @Operation(summary = "Suppress alerts for announcements")
-    public ResponseEntity<?> suppress(@PathVariable("caName") final CaName caName, @RequestBody final List<BgpAnnouncement> announcements) {
+    public ResponseEntity<?> suppress(@PathVariable("caName") final CaName caName,
+                                      @RequestBody final List<BgpAnnouncement> announcements) {
         log.info("Suppress alerts for announcements for CA: {}", caName);
         HostedCertificateAuthorityData ca = getCa(HostedCertificateAuthorityData.class, caName);
         return processMuteOrUnMute(ca, getAnnouncedRoutes(announcements), Collections.emptySet());
@@ -126,13 +99,16 @@ public ResponseEntity<?> suppress(@PathVariable("caName") final CaName caName, @
 
     @PostMapping(path = "/unsuppress", consumes = {APPLICATION_JSON})
     @Operation(summary = "Enable alerts for announcements")
-    public ResponseEntity<?> enable(@PathVariable("caName") final CaName caName, @RequestBody final List<BgpAnnouncement> announcements) {
+    public ResponseEntity<?> enable(@PathVariable("caName") final CaName caName,
+                                    @RequestBody final List<BgpAnnouncement> announcements) {
         log.info("Enable alerts for announcements for CA: {}", caName);
         HostedCertificateAuthorityData ca = getCa(HostedCertificateAuthorityData.class, caName);
         return processMuteOrUnMute(ca, Collections.emptySet(), getAnnouncedRoutes(announcements));
     }
 
-    private ResponseEntity<?> processMuteOrUnMute(final HostedCertificateAuthorityData ca, final Collection<AnnouncedRoute> toMute, final Collection<AnnouncedRoute> toUnmute) {
+    private ResponseEntity<?> processMuteOrUnMute(final HostedCertificateAuthorityData ca,
+                                                  final Collection<AnnouncedRoute> toMute,
+                                                  final Collection<AnnouncedRoute> toUnmute) {
         commandService.execute(new UpdateRoaAlertIgnoredAnnouncedRoutesCommand(ca.getVersionedId(), toMute, toUnmute));
         return created();
     }
@@ -142,4 +118,69 @@ private Collection<AnnouncedRoute> getAnnouncedRoutes(List<BgpAnnouncement> anno
                 .map(bgp -> new AnnouncedRoute(Asn.parse(bgp.getAsn()), IpRange.parse(bgp.getPrefix()))).toList();
     }
 
+    private void doSubscribe(CaName caName, Subscriptions newSubscription) {
+
+        final Set<String> newEmails = newSubscription.getEmails();
+        final Set<RouteValidityState> newValidityStates = newSubscription.getRouteValidityStates().stream()
+                .map(RouteValidityState::valueOf)
+                .collect(Collectors.toSet());
+
+        final HostedCertificateAuthorityData ca = getCa(HostedCertificateAuthorityData.class, caName);
+        final RoaAlertConfigurationData currentConfiguration = roaAlertConfigurationViewService.findRoaAlertSubscription(ca.getId());
+
+        if (currentConfiguration == null) {
+            if (newValidityStates.isEmpty() && newSubscription.isNotifyOnRoaChanges()) {
+                commandService.execute(new UpdateRoaChangeAlertCommand(ca.getVersionedId(), true));
+            } else {
+                newEmails.forEach(email ->
+                        commandService.execute(new SubscribeToRoaAlertCommand(ca.getVersionedId(),
+                                email, newValidityStates,
+                                newSubscription.getFrequency(),
+                                newSubscription.isNotifyOnRoaChanges())));
+            }
+        } else {
+            final Set<String> currentEmails = currentConfiguration.getEmails() == null ?
+                    Collections.emptySet() : new HashSet<>(currentConfiguration.getEmails());
+            final Set<RouteValidityState> currentValidityStates = currentConfiguration.getRouteValidityStates() == null ?
+                    Collections.emptySet() : currentConfiguration.getRouteValidityStates();
+            final RoaAlertFrequency currentFrequency = currentConfiguration.getSubscription() == null ?
+                    null : currentConfiguration.getSubscription().getFrequency();
+
+            currentEmails.stream()
+                    .filter(object -> !newEmails.contains(object))
+                    .forEach(email ->
+                            commandService.execute(new UnsubscribeFromRoaAlertCommand(ca.getVersionedId(),
+                                    email, newSubscription.isNotifyOnRoaChanges())));
+
+            // If both validity and frequency stay the same, only subscribe additional email.
+            if (Objects.equals(newValidityStates, currentValidityStates) && Objects.equals(newSubscription.getFrequency(), currentFrequency)) {
+                if (newEmails.equals(currentEmails)) {
+                    // if emails also stay the same, the only thing that can change is notifyOnRoaChanges flag.
+                    // In this case issue special command updating only this flag.
+                    if (newSubscription.isNotifyOnRoaChanges() != currentConfiguration.isNotifyOnRoaChanges()) {
+                        commandService.execute(new UpdateRoaChangeAlertCommand(ca.getVersionedId(), newSubscription.isNotifyOnRoaChanges()));
+                    }
+                } else {
+                    newEmails.stream()
+                            .filter(email -> !currentEmails.contains(email))
+                            .forEach(email ->
+                                    commandService.execute(new SubscribeToRoaAlertCommand(ca.getVersionedId(),
+                                            email, newValidityStates,
+                                            newSubscription.getFrequency(),
+                                            newSubscription.isNotifyOnRoaChanges())));
+                }
+            } else {
+                if (!newValidityStates.isEmpty() && newSubscription.getFrequency() != null) {
+                    // Either validity or frequency changes so these guys have to be subscribed.
+                    newEmails.forEach(email ->
+                            commandService.execute(new SubscribeToRoaAlertCommand(ca.getVersionedId(),
+                                    email, newValidityStates,
+                                    newSubscription.getFrequency(),
+                                    newSubscription.isNotifyOnRoaChanges())));
+                }
+            }
+        }
+    }
+
+
 }
diff --git a/src/main/java/net/ripe/rpki/rest/service/CaRoaConfigurationService.java b/src/main/java/net/ripe/rpki/rest/service/CaRoaConfigurationService.java
index 745bf25..1101da5 100644
--- a/src/main/java/net/ripe/rpki/rest/service/CaRoaConfigurationService.java
+++ b/src/main/java/net/ripe/rpki/rest/service/CaRoaConfigurationService.java
@@ -15,6 +15,7 @@
 import net.ripe.rpki.rest.pojo.ROAWithAnnouncementStatus;
 import net.ripe.rpki.server.api.commands.UpdateRoaConfigurationCommand;
 import net.ripe.rpki.server.api.dto.*;
+import net.ripe.rpki.server.api.security.RunAsUserHolder;
 import net.ripe.rpki.server.api.services.command.CommandService;
 import net.ripe.rpki.server.api.services.read.BgpRisEntryViewService;
 import net.ripe.rpki.server.api.services.read.RoaAlertConfigurationViewService;
@@ -293,7 +294,8 @@ public ResponseEntity<?> publishROAs(@PathVariable("caName") final CaName caName
                     ca.getVersionedId(),
                     Optional.ofNullable(ifMatch),
                     getRoaConfigurationPrefixDatas(publishSet.getAdded()),
-                    getRoaConfigurationPrefixDatas(publishSet.getDeleted())
+                    getRoaConfigurationPrefixDatas(publishSet.getDeleted()),
+                    RunAsUserHolder.get().getCertificationUserId()
             ));
             return noContent();
         } catch (Exception e) {
diff --git a/src/main/java/net/ripe/rpki/rest/service/EmailService.java b/src/main/java/net/ripe/rpki/rest/service/EmailService.java
index 4821b55..4d2233b 100644
--- a/src/main/java/net/ripe/rpki/rest/service/EmailService.java
+++ b/src/main/java/net/ripe/rpki/rest/service/EmailService.java
@@ -66,7 +66,7 @@ public ResponseEntity<?> unsubscribe(
             if (subscriptionOrNull != null
                     && subscriptionOrNull.getEmails().contains(email)
                     && token.equals(configurationToken)) {
-                commandService.execute(new UnsubscribeFromRoaAlertCommand(ca.getVersionedId(), email));
+                commandService.execute(new UnsubscribeFromRoaAlertCommand(ca.getVersionedId(), email, configuration.isNotifyOnRoaChanges()));
                 unsubscribedAnyone.set(true);
             }
         });
diff --git a/src/main/java/net/ripe/rpki/server/api/commands/SubscribeToRoaAlertCommand.java b/src/main/java/net/ripe/rpki/server/api/commands/SubscribeToRoaAlertCommand.java
index bd0abcf..5791572 100644
--- a/src/main/java/net/ripe/rpki/server/api/commands/SubscribeToRoaAlertCommand.java
+++ b/src/main/java/net/ripe/rpki/server/api/commands/SubscribeToRoaAlertCommand.java
@@ -19,33 +19,35 @@ public class SubscribeToRoaAlertCommand extends CertificateAuthorityCommand {
     private final String email;
     private final Collection<RouteValidityState> routeValidityStates;
     private final RoaAlertFrequency frequency;
+    private final boolean notifyOnRoaChanges;
 
     public SubscribeToRoaAlertCommand(VersionedId certificateAuthorityId, String email,
                                       Collection<RouteValidityState> routeValidityStates) {
-        this(certificateAuthorityId, email, routeValidityStates, RoaAlertFrequency.DAILY);
+        this(certificateAuthorityId, email, routeValidityStates, RoaAlertFrequency.DAILY, false);
     }
 
     public SubscribeToRoaAlertCommand(VersionedId certificateAuthorityId, String email,
                                       Collection<RouteValidityState> routeValidityStates,
-                                      RoaAlertFrequency frequency) {
+                                      RoaAlertFrequency frequency,
+                                      boolean notifyOnRoaChanges) {
         super(certificateAuthorityId, CertificateAuthorityCommandGroup.USER);
         Validate.notEmpty(email, "email is required");
         Validate.notEmpty(routeValidityStates, "routeValidityStates is required");
         this.email = email;
         this.routeValidityStates = EnumSet.copyOf(routeValidityStates);
         this.frequency = frequency;
+        this.notifyOnRoaChanges = notifyOnRoaChanges;
     }
 
-    // Let's make this conform to human repre
-    private String validitySummary(){
-        if(routeValidityStates.contains(RouteValidityState.UNKNOWN))
-            return "invalid and unknown announcements.";
-        else
-            return "invalid announcements only.";
+    // Let's make this conform to human representation
+    private String roaSummary() {
+        var stateMessage = routeValidityStates.contains(RouteValidityState.UNKNOWN) ? "invalid and unknown announcements" : "invalid announcements";
+        var roaMessage = notifyOnRoaChanges ? " and ROA changes." : ".";
+        return stateMessage + roaMessage;
     }
 
     @Override
     public String getCommandSummary() {
-        return "Subscribed " + email + " to " + frequency.toString().toLowerCase() + " ROA alerts for "+validitySummary();
+        return "Subscribed " + email + " to " + frequency.toString().toLowerCase() + " ROA alerts for " + roaSummary();
     }
 }
diff --git a/src/main/java/net/ripe/rpki/server/api/commands/UnsubscribeFromRoaAlertCommand.java b/src/main/java/net/ripe/rpki/server/api/commands/UnsubscribeFromRoaAlertCommand.java
index f2a728e..b494236 100644
--- a/src/main/java/net/ripe/rpki/server/api/commands/UnsubscribeFromRoaAlertCommand.java
+++ b/src/main/java/net/ripe/rpki/server/api/commands/UnsubscribeFromRoaAlertCommand.java
@@ -5,20 +5,23 @@
 
 /**
  * UN-Subscribe an email address to alerts about BGP updates seen by RIS
- * that are invalidated by the CA's ROAs. 
+ * that are invalidated by the CA's ROAs.
  */
+@Getter
 public class UnsubscribeFromRoaAlertCommand extends CertificateAuthorityCommand {
 
-    @Getter
     private final String email;
+    private final boolean notifyOnRoaChanges;
 
-    public UnsubscribeFromRoaAlertCommand(VersionedId certificateAuthorityId, String email) {
+    public UnsubscribeFromRoaAlertCommand(VersionedId certificateAuthorityId, String email, boolean notifyOnRoaChanges) {
         super(certificateAuthorityId, CertificateAuthorityCommandGroup.USER);
         this.email = email;
+        this.notifyOnRoaChanges = notifyOnRoaChanges;
     }
 
     @Override
     public String getCommandSummary() {
-        return "Unsubscribed " + email + " from ROA alerts.";
+        var roaSummary = notifyOnRoaChanges ? " and ROA changes." : ".";
+        return "Unsubscribed " + email + " from ROA alerts" + roaSummary;
     }
 }
diff --git a/src/main/java/net/ripe/rpki/server/api/commands/UpdateRoaAlertIgnoredAnnouncedRoutesCommand.java b/src/main/java/net/ripe/rpki/server/api/commands/UpdateRoaAlertIgnoredAnnouncedRoutesCommand.java
index 889b80a..4c3506c 100644
--- a/src/main/java/net/ripe/rpki/server/api/commands/UpdateRoaAlertIgnoredAnnouncedRoutesCommand.java
+++ b/src/main/java/net/ripe/rpki/server/api/commands/UpdateRoaAlertIgnoredAnnouncedRoutesCommand.java
@@ -17,7 +17,9 @@ public class UpdateRoaAlertIgnoredAnnouncedRoutesCommand extends CertificateAuth
 
     private final List<AnnouncedRoute> deletions;
 
-    public UpdateRoaAlertIgnoredAnnouncedRoutesCommand(VersionedId certificateAuthorityId, Collection<AnnouncedRoute> added, Collection<AnnouncedRoute> deleted) {
+    public UpdateRoaAlertIgnoredAnnouncedRoutesCommand(VersionedId certificateAuthorityId,
+                                                       Collection<AnnouncedRoute> added,
+                                                       Collection<AnnouncedRoute> deleted) {
         super(certificateAuthorityId, CertificateAuthorityCommandGroup.USER);
         this.additions = new ArrayList<>(added);
         this.additions.sort(RouteData.ROUTE_DATA_COMPARATOR);
diff --git a/src/main/java/net/ripe/rpki/server/api/commands/UpdateRoaChangeAlertCommand.java b/src/main/java/net/ripe/rpki/server/api/commands/UpdateRoaChangeAlertCommand.java
new file mode 100644
index 0000000..fa4c9e4
--- /dev/null
+++ b/src/main/java/net/ripe/rpki/server/api/commands/UpdateRoaChangeAlertCommand.java
@@ -0,0 +1,21 @@
+package net.ripe.rpki.server.api.commands;
+
+import lombok.Getter;
+import net.ripe.rpki.commons.util.VersionedId;
+
+@Getter
+public class UpdateRoaChangeAlertCommand extends CertificateAuthorityCommand {
+
+    private final boolean notifyOnRoaChanges;
+
+    public UpdateRoaChangeAlertCommand(VersionedId certificateAuthorityId, boolean notifyOnRoaChanges) {
+        super(certificateAuthorityId, CertificateAuthorityCommandGroup.USER);
+        this.notifyOnRoaChanges = notifyOnRoaChanges;
+    }
+
+    @Override
+    public String getCommandSummary() {
+        var action = notifyOnRoaChanges ? "Subscribed " : "Unsubscribed ";
+        return action + " from ROA change alerts.";
+    }
+}
diff --git a/src/main/java/net/ripe/rpki/server/api/commands/UpdateRoaConfigurationCommand.java b/src/main/java/net/ripe/rpki/server/api/commands/UpdateRoaConfigurationCommand.java
index aa86504..c6c6ceb 100644
--- a/src/main/java/net/ripe/rpki/server/api/commands/UpdateRoaConfigurationCommand.java
+++ b/src/main/java/net/ripe/rpki/server/api/commands/UpdateRoaConfigurationCommand.java
@@ -4,6 +4,7 @@
 import net.ripe.rpki.commons.util.VersionedId;
 import net.ripe.rpki.commons.validation.roa.RoaPrefixData;
 import net.ripe.rpki.server.api.dto.RoaConfigurationPrefixData;
+import net.ripe.rpki.server.api.security.CertificationUserId;
 import org.apache.commons.lang.StringUtils;
 
 import java.util.*;
@@ -21,17 +22,21 @@ public class UpdateRoaConfigurationCommand extends CertificateAuthorityModificat
     private final List<RoaConfigurationPrefixData> additions;
 
     private final List<RoaConfigurationPrefixData> deletions;
+    @Getter
+    private final CertificationUserId userId;
 
     public UpdateRoaConfigurationCommand(VersionedId certificateAuthorityId,
                                          Optional<String> ifMatch,
                                          Collection<RoaConfigurationPrefixData> added,
-                                         Collection<RoaConfigurationPrefixData> deleted) {
+                                         Collection<RoaConfigurationPrefixData> deleted,
+                                         CertificationUserId certificationUserId) {
         super(certificateAuthorityId, CertificateAuthorityCommandGroup.USER);
         this.ifMatch = ifMatch;
         this.additions = new ArrayList<>(added);
         this.additions.sort(RoaPrefixData.ROA_PREFIX_DATA_COMPARATOR);
         this.deletions = new ArrayList<>(deleted);
         this.deletions.sort(RoaPrefixData.ROA_PREFIX_DATA_COMPARATOR);
+        this.userId = certificationUserId;
     }
 
     public List<RoaConfigurationPrefixData> getAdditions() {
diff --git a/src/main/java/net/ripe/rpki/server/api/dto/CertificateAuthorityHistoryItem.java b/src/main/java/net/ripe/rpki/server/api/dto/CertificateAuthorityHistoryItem.java
index 9158461..655283a 100644
--- a/src/main/java/net/ripe/rpki/server/api/dto/CertificateAuthorityHistoryItem.java
+++ b/src/main/java/net/ripe/rpki/server/api/dto/CertificateAuthorityHistoryItem.java
@@ -1,5 +1,6 @@
 package net.ripe.rpki.server.api.dto;
 
+import lombok.Getter;
 import net.ripe.rpki.server.api.support.objects.ValueObjectSupport;
 import org.joda.time.DateTime;
 
@@ -7,7 +8,9 @@
 
 public abstract class CertificateAuthorityHistoryItem extends ValueObjectSupport implements Serializable {
 
+    @Getter
     private final DateTime executionTime;
+    @Getter
     private final String principal;
     private final String commandSummary;
 
@@ -17,14 +20,6 @@ protected CertificateAuthorityHistoryItem(DateTime executionTime, String princip
         this.commandSummary = commandSummary;
     }
 
-    public DateTime getExecutionTime() {
-        return executionTime;
-    }
-
-    public String getPrincipal() {
-        return principal;
-    }
-
     public String getSummary() {
         return commandSummary;
     }
diff --git a/src/main/java/net/ripe/rpki/server/api/dto/RoaAlertConfigurationData.java b/src/main/java/net/ripe/rpki/server/api/dto/RoaAlertConfigurationData.java
index 93d3c6c..678f4f0 100644
--- a/src/main/java/net/ripe/rpki/server/api/dto/RoaAlertConfigurationData.java
+++ b/src/main/java/net/ripe/rpki/server/api/dto/RoaAlertConfigurationData.java
@@ -1,5 +1,6 @@
 package net.ripe.rpki.server.api.dto;
 
+import lombok.Getter;
 import lombok.ToString;
 import net.ripe.rpki.commons.validation.roa.AnnouncedRoute;
 import net.ripe.rpki.commons.validation.roa.RouteValidityState;
@@ -8,6 +9,7 @@
 import java.util.*;
 
 @ToString
+@Getter
 public class RoaAlertConfigurationData extends ValueObjectSupport {
 
     private final CertificateAuthorityData certificateAuthority;
@@ -18,24 +20,14 @@ public RoaAlertConfigurationData(CertificateAuthorityData certificateAuthority,
         this(certificateAuthority, subscription, Collections.emptySet());
     }
 
-    public RoaAlertConfigurationData(CertificateAuthorityData certificateAuthority, RoaAlertSubscriptionData subscription, Collection<AnnouncedRoute> ignoredAnnouncements) {
+    public RoaAlertConfigurationData(CertificateAuthorityData certificateAuthority,
+                                     RoaAlertSubscriptionData subscription,
+                                     Collection<AnnouncedRoute> ignoredAnnouncements) {
         this.certificateAuthority = certificateAuthority;
         this.subscription = subscription;
         this.ignoredAnnouncements = new HashSet<>(ignoredAnnouncements);
     }
 
-    public CertificateAuthorityData getCertificateAuthority() {
-        return certificateAuthority;
-    }
-
-    public RoaAlertSubscriptionData getSubscription() {
-        return subscription;
-    }
-
-    public Set<AnnouncedRoute> getIgnoredAnnouncements() {
-        return ignoredAnnouncements;
-    }
-    
     public List<String> getEmails() {
         return subscription == null ? Collections.emptyList() : subscription.getEmails();
     }
@@ -44,6 +36,10 @@ public Set<RouteValidityState> getRouteValidityStates() {
         return subscription == null ? Collections.emptySet() : subscription.getRouteValidityStates();
     }
 
+    public boolean isNotifyOnRoaChanges() {
+        return subscription != null && subscription.isNotifyOnRoaChanges();
+    }
+
     public boolean hasSubscription() {
         return subscription != null;
     }
diff --git a/src/main/java/net/ripe/rpki/server/api/dto/RoaAlertSubscriptionData.java b/src/main/java/net/ripe/rpki/server/api/dto/RoaAlertSubscriptionData.java
index 5799825..63e3ef9 100644
--- a/src/main/java/net/ripe/rpki/server/api/dto/RoaAlertSubscriptionData.java
+++ b/src/main/java/net/ripe/rpki/server/api/dto/RoaAlertSubscriptionData.java
@@ -5,7 +5,10 @@
 import net.ripe.rpki.domain.alerts.RoaAlertFrequency;
 import net.ripe.rpki.server.api.support.objects.ValueObjectSupport;
 
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.EnumSet;
+import java.util.List;
 
 @Getter
 public class RoaAlertSubscriptionData extends ValueObjectSupport {
@@ -13,15 +16,19 @@ public class RoaAlertSubscriptionData extends ValueObjectSupport {
     private final List<String> emails;
     private final RoaAlertFrequency frequency;
     private final EnumSet<RouteValidityState> routeValidityStates;
+    private final boolean notifyOnRoaChanges;
 
-    public RoaAlertSubscriptionData(String email, Collection<RouteValidityState> routeValidityStates, RoaAlertFrequency frequency) {
-        this(List.of(email), routeValidityStates, frequency);
+    public RoaAlertSubscriptionData(String email, Collection<RouteValidityState> routeValidityStates,
+                                    RoaAlertFrequency frequency, boolean notifyOnRoaChanges) {
+        this(List.of(email), routeValidityStates, frequency, notifyOnRoaChanges);
     }
 
     public RoaAlertSubscriptionData(List<String> emails, Collection<RouteValidityState> routeValidityStates,
-                                    RoaAlertFrequency frequency) {
+                                    RoaAlertFrequency frequency,
+                                    boolean notifyOnRoaChanges) {
         this.emails = new ArrayList<>(emails);
         this.routeValidityStates = EnumSet.copyOf(routeValidityStates);
         this.frequency = frequency;
+        this.notifyOnRoaChanges = notifyOnRoaChanges;
     }
 }
diff --git a/src/main/java/net/ripe/rpki/server/api/security/CertificationUserId.java b/src/main/java/net/ripe/rpki/server/api/security/CertificationUserId.java
index 993eb63..78e6db5 100644
--- a/src/main/java/net/ripe/rpki/server/api/security/CertificationUserId.java
+++ b/src/main/java/net/ripe/rpki/server/api/security/CertificationUserId.java
@@ -1,25 +1,17 @@
 package net.ripe.rpki.server.api.security;
 
+import lombok.AllArgsConstructor;
+import lombok.Getter;
 import net.ripe.rpki.server.api.support.objects.ValueObjectSupport;
 
 import java.util.UUID;
 
+@AllArgsConstructor
 public class CertificationUserId extends ValueObjectSupport {
 
-	private static final UUID SYSTEM_ID = UUID.fromString("3b22801d-c151-4bcc-9298-a93df3f365d9");
-	public static final CertificationUserId SYSTEM = new CertificationUserId(SYSTEM_ID);
-	
-	private final UUID id;
+    private static final UUID SYSTEM_ID = UUID.fromString("3b22801d-c151-4bcc-9298-a93df3f365d9");
+    public static final CertificationUserId SYSTEM = new CertificationUserId(SYSTEM_ID);
 
-	public CertificationUserId(UUID id) {
-		this.id = id;
-	}
-
-    public CertificationUserId(String id) {
-        this.id = UUID.fromString(id);
-    }
-	
-	public UUID getId() {
-		return id;
-	}
+    @Getter
+    private final UUID id;
 }
diff --git a/src/main/java/net/ripe/rpki/server/api/security/RunAsUser.java b/src/main/java/net/ripe/rpki/server/api/security/RunAsUser.java
index c9509ea..88a17cc 100644
--- a/src/main/java/net/ripe/rpki/server/api/security/RunAsUser.java
+++ b/src/main/java/net/ripe/rpki/server/api/security/RunAsUser.java
@@ -1,5 +1,6 @@
 package net.ripe.rpki.server.api.security;
 
+import lombok.Getter;
 import net.ripe.rpki.server.api.support.objects.ValueObjectSupport;
 import org.apache.commons.lang.Validate;
 
@@ -10,7 +11,9 @@
 public final class RunAsUser extends ValueObjectSupport {
 
     private final CertificationUserId userId;
+    @Getter
     private final String friendlyName;
+    @Getter
     private final List<String> roles;
 
     /**
@@ -37,11 +40,4 @@ public CertificationUserId getCertificationUserId() {
         return userId;
     }
 
-    public String getFriendlyName() {
-        return friendlyName;
-    }
-
-    public List<String> getRoles() {
-        return roles;
-    }
 }
diff --git a/src/main/java/net/ripe/rpki/services/impl/background/RoaNotificationService.java b/src/main/java/net/ripe/rpki/services/impl/background/RoaNotificationService.java
new file mode 100644
index 0000000..38152f0
--- /dev/null
+++ b/src/main/java/net/ripe/rpki/services/impl/background/RoaNotificationService.java
@@ -0,0 +1,100 @@
+package net.ripe.rpki.services.impl.background;
+
+import lombok.extern.slf4j.Slf4j;
+import net.ripe.ipresource.Asn;
+import net.ripe.ipresource.IpRange;
+import net.ripe.rpki.domain.ManagedCertificateAuthority;
+import net.ripe.rpki.domain.alerts.RoaAlertConfiguration;
+import net.ripe.rpki.domain.alerts.RoaAlertConfigurationRepository;
+import net.ripe.rpki.domain.roa.RoaConfigurationPrefix;
+import net.ripe.rpki.server.api.dto.RoaAlertSubscriptionData;
+import net.ripe.rpki.server.api.ports.InternalNamePresenter;
+import net.ripe.rpki.server.api.security.CertificationUserId;
+import net.ripe.rpki.services.impl.email.EmailSender;
+import net.ripe.rpki.services.impl.email.EmailTokens;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.tuple.Triple;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.List;
+import java.util.Map;
+import java.util.function.BiFunction;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+@Slf4j
+@Service
+public class RoaNotificationService {
+
+    private final RoaAlertConfigurationRepository roaAlertConfigurationRepository;
+    private final EmailSender emailSender;
+    private final InternalNamePresenter internalNamePresenter;
+
+    @Autowired
+    public RoaNotificationService(RoaAlertConfigurationRepository roaAlertConfigurationRepository,
+                                  EmailSender emailSender,
+                                  InternalNamePresenter internalNamePresenter) {
+        this.roaAlertConfigurationRepository = roaAlertConfigurationRepository;
+        this.emailSender = emailSender;
+        this.internalNamePresenter = internalNamePresenter;
+    }
+
+    public List<EmailSender.ResultingEmail> notifyAboutRoaChanges(ManagedCertificateAuthority ca,
+                                                                  CertificationUserId userId,
+                                                                  List<RoaConfigurationPrefix> added,
+                                                                  List<RoaConfigurationPrefix> removed) {
+        RoaAlertConfiguration configuration = roaAlertConfigurationRepository.findByCertificateAuthorityIdOrNull(ca.getId());
+        if (configuration == null || !configuration.isNotifyOnRoaChanges() || (added.isEmpty() && removed.isEmpty())) {
+            return Collections.emptyList();
+        }
+        RoaAlertSubscriptionData subscriptionOrNull = configuration.getSubscriptionOrNull();
+        if (subscriptionOrNull == null) {
+            return Collections.emptyList();
+        }
+        var humanizedCaName = internalNamePresenter.humanizeCaName(ca.getName());
+        var ssoEmail = internalNamePresenter.humanizeUserPrincipal(userId.getId().toString());
+
+        var parameters = Map.of(
+                "humanizedCaName", humanizedCaName,
+                "roas", showRoas(added, removed),
+                "ssoEmail", ssoEmail
+        );
+
+        return subscriptionOrNull.getEmails().stream()
+                .map(email -> emailSender.sendEmail(
+                        email,
+                        String.format(EmailSender.EmailTemplates.ROA_CHANGE_ALERT.templateSubject, humanizedCaName),
+                        EmailSender.EmailTemplates.ROA_CHANGE_ALERT,
+                        parameters,
+                        EmailTokens.uniqueId(ca.getUuid())))
+                .toList();
+    }
+
+    public record Roa(String asn, String prefix, String maxLength, char operation) {
+    }
+
+    private List<Roa> showRoas(List<RoaConfigurationPrefix> added, List<RoaConfigurationPrefix> removed) {
+        BiFunction<Object, Integer, String> padded = (o, size) ->
+                StringUtils.rightPad(o.toString(), size);
+
+        BiFunction<RoaConfigurationPrefix, Character, Roa> textRoa = (r, operation) -> {
+            IpRange ip = r.getPrefix();
+            return new Roa(
+                    padded.apply(r.getAsn().longValue(), 10),
+                    padded.apply(ip, 50),
+                    padded.apply(r.getMaximumLength(), 12), operation);
+        };
+
+        return Stream.concat(
+                        added.stream().map(r -> Triple.of(r.getAsn(), r.getPrefix(), textRoa.apply(r, 'A'))),
+                        removed.stream().map(r -> Triple.of(r.getAsn(), r.getPrefix(), textRoa.apply(r, 'D')))
+                )
+                .sorted(Comparator.comparing((Triple<Asn, IpRange, Roa> t) -> t.getLeft()).thenComparing(Triple::getMiddle))
+                .map(Triple::getRight)
+                .toList();
+    }
+
+}
diff --git a/src/main/java/net/ripe/rpki/services/impl/email/EmailSender.java b/src/main/java/net/ripe/rpki/services/impl/email/EmailSender.java
index 97038b3..7624341 100644
--- a/src/main/java/net/ripe/rpki/services/impl/email/EmailSender.java
+++ b/src/main/java/net/ripe/rpki/services/impl/email/EmailSender.java
@@ -4,24 +4,38 @@
 
 public interface EmailSender {
 
-    void sendEmail(String emailTo, String subject, EmailTemplates template, Map<String, Object> parameters, String uniqueId);
+    ResultingEmail sendEmail(String emailTo, String subject, EmailTemplates template, Map<String, Object> parameters, String uniqueId);
 
     // Limit the number of possible inputs to allow us to check all templates in tests.
     enum EmailTemplates {
-        ROA_ALERT_SUBSCRIBE_CONFIRMATION_WEEKLY("email-templates/subscribe-confirmation-weekly.txt", "Your Resource Certification (RPKI) alerts subscription", true),
-        ROA_ALERT_SUBSCRIBE_CONFIRMATION_DAILY("email-templates/subscribe-confirmation-daily.txt", "Your Resource Certification (RPKI) alerts subscription", true),
-        ROA_ALERT_UNSUBSCRIBE("email-templates/unsubscribe-confirmation.txt", "Unsubscribe from Resource Certification (RPKI) alerts", false),
-        ROA_ALERT("email-templates/roa-alert-email.txt", "Resource Certification (RPKI) alerts for %s", true);
+        ROA_ALERT_SUBSCRIBE_CONFIRMATION_WEEKLY("email-templates/subscribe-confirmation-weekly.txt",
+                "Your Resource Certification (RPKI) alerts subscription"),
+        ROA_ALERT_SUBSCRIBE_CONFIRMATION_DAILY("email-templates/subscribe-confirmation-daily.txt",
+                "Your Resource Certification (RPKI) alerts subscription"),
+        ROA_ALERT_UNSUBSCRIBE("email-templates/unsubscribe-confirmation.txt",
+                "Unsubscribe from Resource Certification (RPKI) alerts", false),
+        ROA_ALERT("email-templates/roa-alert-email.txt", "Resource Certification (RPKI) alerts for %s"),
+        ROA_CHANGE_ALERT("email-templates/roa-change-alert-email.txt", "ROAs changed for %s"),
+        ROA_CHANGE_ALERT_SUBSCRIBE_CONFIRMATION("email-templates/subscribe-confirmation-change.txt",
+                "Your Resource Certification (RPKI) ROA change alerts subscription"),
+        ROA_CHANGE_ALERT_UNSUBSCRIBE_CONFIRMATION("email-templates/unsubscribe-confirmation-change.txt",
+                "Your Resource Certification (RPKI) ROA change alerts subscription");
 
         public final String templateName;
         public final String templateSubject;
-        public final boolean generateUnsubcribeUrl;
+        public final boolean generateUnsubscribeUrl;
 
-        EmailTemplates(String templateName, String subject, boolean generateUnsubcribeUrl) {
+        EmailTemplates(String templateName, String subject) {
+            this(templateName, subject, true);
+        }
+
+        EmailTemplates(String templateName, String subject, boolean generateUnsubscribeUrl) {
             this.templateName = templateName;
             this.templateSubject = subject;
-            this.generateUnsubcribeUrl = generateUnsubcribeUrl;
+            this.generateUnsubscribeUrl = generateUnsubscribeUrl;
         }
     }
 
+    record ResultingEmail(String email, String subject, String body) {}
+
 }
diff --git a/src/main/java/net/ripe/rpki/services/impl/email/EmailSenderBean.java b/src/main/java/net/ripe/rpki/services/impl/email/EmailSenderBean.java
index 8ffa7a3..3419d3f 100644
--- a/src/main/java/net/ripe/rpki/services/impl/email/EmailSenderBean.java
+++ b/src/main/java/net/ripe/rpki/services/impl/email/EmailSenderBean.java
@@ -61,10 +61,10 @@ protected static ITemplateResolver textTemplateResolver() {
     }
 
     @Override
-    public void sendEmail(String emailTo, String subject, EmailTemplates template, Map<String, Object> parameters, String uniqueId) {
+    public ResultingEmail sendEmail(String emailTo, String subject, EmailTemplates template, Map<String, Object> parameters, String uniqueId) {
         if (!(mailSender instanceof JavaMailSenderImpl)) {
             log.error("mailSender is not configured properly, {}", mailSender.getClass());
-            return;
+            return null;
         }
 
         try {
@@ -75,7 +75,7 @@ public void sendEmail(String emailTo, String subject, EmailTemplates template, M
             message.setRecipient(Message.RecipientType.TO, new InternetAddress(emailTo));
             message.setSubject(subject);
             var parametersUpdated = parameters;
-            if (template.generateUnsubcribeUrl) {
+            if (template.generateUnsubscribeUrl) {
                 var unsubscribeUri = emailTokens.makeUnsubscribeUrl(uniqueId, emailTo);
                 message.addHeader("List-Unsubscribe", "<" + unsubscribeUri + ">");
                 message.addHeader("List-Unsubscribe-Post", "List-Unsubscribe=One-Click");
@@ -83,7 +83,8 @@ public void sendEmail(String emailTo, String subject, EmailTemplates template, M
             }
 
             log.info("Rendering Email template {}", template.templateName);
-            message.setText(renderTemplate(template.templateName, parametersUpdated));
+            var body = renderTemplate(template.templateName, parametersUpdated);
+            message.setText(body);
 
             if (!Environment.isLocal()) {
                 try {
@@ -95,8 +96,10 @@ public void sendEmail(String emailTo, String subject, EmailTemplates template, M
             } else {
                 log.info("Not sending message in DEVELOPMENT mode:\n" + message);
             }
+            return new ResultingEmail(emailTo, subject, body);
         } catch (Exception e) {
             log.error("Failed to send email", e);
+            return null;
         }
     }
 
diff --git a/src/main/java/net/ripe/rpki/services/impl/handlers/SubscribeToRoaAlertCommandHandler.java b/src/main/java/net/ripe/rpki/services/impl/handlers/SubscribeToRoaAlertCommandHandler.java
index 4ae3609..d5c9ae4 100644
--- a/src/main/java/net/ripe/rpki/services/impl/handlers/SubscribeToRoaAlertCommandHandler.java
+++ b/src/main/java/net/ripe/rpki/services/impl/handlers/SubscribeToRoaAlertCommandHandler.java
@@ -1,6 +1,6 @@
 package net.ripe.rpki.services.impl.handlers;
 
-import com.google.common.collect.Sets;
+import jakarta.inject.Inject;
 import net.ripe.rpki.domain.CertificateAuthorityRepository;
 import net.ripe.rpki.domain.ManagedCertificateAuthority;
 import net.ripe.rpki.domain.alerts.RoaAlertConfiguration;
@@ -10,18 +10,17 @@
 import net.ripe.rpki.server.api.dto.RoaAlertSubscriptionData;
 import net.ripe.rpki.server.api.services.command.CommandStatus;
 import net.ripe.rpki.services.impl.email.EmailSender;
-
-import jakarta.inject.Inject;
 import net.ripe.rpki.services.impl.email.EmailTokens;
 
-import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
 import java.util.Set;
 import java.util.stream.Collectors;
 
 
 @Handler
 public class SubscribeToRoaAlertCommandHandler extends AbstractCertificateAuthorityCommandHandler<SubscribeToRoaAlertCommand> {
-    public static final String SUBSCRIPTION = "subscription";
 
     private final RoaAlertConfigurationRepository repository;
 
@@ -54,52 +53,50 @@ private void createConfigurationAndSendConfirmation(SubscribeToRoaAlertCommand c
         var emailTemplate = getConfirmationTemplate(configuration);
 
         emailSender.sendEmail(command.getEmail(), emailTemplate.templateSubject, emailTemplate,
-                Collections.singletonMap(SUBSCRIPTION, configuration.toData()),
+                makeParameters(configuration.toData()),
                 EmailTokens.uniqueId(configuration.getCertificateAuthority().getUuid()));
     }
 
     private EmailSender.EmailTemplates getConfirmationTemplate(RoaAlertConfiguration configuration) {
-        switch (configuration.getFrequency()) {
-            case DAILY:
-                return EmailSender.EmailTemplates.ROA_ALERT_SUBSCRIBE_CONFIRMATION_DAILY;
-            case WEEKLY:
-                return EmailSender.EmailTemplates.ROA_ALERT_SUBSCRIBE_CONFIRMATION_WEEKLY;
-            default:
-                throw new IllegalStateException("Frequency should not be null");
-        }
+        return switch (configuration.getFrequency()) {
+            case DAILY -> EmailSender.EmailTemplates.ROA_ALERT_SUBSCRIBE_CONFIRMATION_DAILY;
+            case WEEKLY -> EmailSender.EmailTemplates.ROA_ALERT_SUBSCRIBE_CONFIRMATION_WEEKLY;
+        };
     }
 
     private void updateConfigurationAndSendConfirmation(RoaAlertConfiguration configuration, SubscribeToRoaAlertCommand command) {
         RoaAlertConfigurationData oldConfiguration = configuration.toData();
-        configuration.setSubscription(new RoaAlertSubscriptionData(command.getEmail(), command.getRouteValidityStates(), command.getFrequency()));
+        configuration.setSubscription(new RoaAlertSubscriptionData(List.of(command.getEmail()),
+                command.getRouteValidityStates(), command.getFrequency(), command.isNotifyOnRoaChanges()));
         RoaAlertConfigurationData newConfiguration = configuration.toData();
 
-        final Set<String> oldEmailAddress = oldConfiguration.getEmails().stream().map(RoaAlertConfiguration::normEmail).collect(Collectors.toSet());
-        final Set<String> newEmailAddress = newConfiguration.getEmails().stream().map(RoaAlertConfiguration::normEmail).collect(Collectors.toSet());
-
-        if (oldEmailAddress.equals(newEmailAddress))
-            return;
+        var oldEmailAddress = oldConfiguration.getEmails()
+                .stream().map(RoaAlertConfiguration::normEmail).collect(Collectors.toSet());
 
-        // elements LHS not in RHS
-        Sets.difference(newEmailAddress, oldEmailAddress).forEach(email -> {
+        var normNewEmail = RoaAlertConfiguration.normEmail(command.getEmail());
+        if (!oldEmailAddress.contains(normNewEmail)) {
+            var parametersSubscribe = makeParameters(newConfiguration, command.isNotifyOnRoaChanges());
             var emailTemplate = getConfirmationTemplate(configuration);
-            emailSender.sendEmail(email, emailTemplate.templateSubject, emailTemplate,
-                    Collections.singletonMap(SUBSCRIPTION, newConfiguration),
+            emailSender.sendEmail(normNewEmail, emailTemplate.templateSubject, emailTemplate, parametersSubscribe,
                     EmailTokens.uniqueId(configuration.getCertificateAuthority().getUuid()));
-        });
+        }
+    }
+
+    public static Map<String, Object> makeParameters(RoaAlertConfigurationData configuration) {
+        return makeParameters(configuration, false);
+    }
 
-        Sets.difference(oldEmailAddress, newEmailAddress).forEach(email ->
-                emailSender.sendEmail(email, EmailSender.EmailTemplates.ROA_ALERT_UNSUBSCRIBE.templateSubject,
-                        EmailSender.EmailTemplates.ROA_ALERT_UNSUBSCRIBE,
-                        Collections.singletonMap(SUBSCRIPTION, oldConfiguration),
-                        EmailTokens.uniqueId(configuration.getCertificateAuthority().getUuid())));
+    public static Map<String, Object> makeParameters(RoaAlertConfigurationData configuration, boolean notifyOnChange) {
+        return Map.of("subscription", configuration,
+                "roaChangeSubscription", notifyOnChange ?
+                        "Also you are subscribed to alerts about ROA changes." : "");
     }
 
     private RoaAlertConfiguration createConfiguration(SubscribeToRoaAlertCommand command) {
         ManagedCertificateAuthority certificateAuthority = lookupManagedCa(command.getCertificateAuthorityId());
         RoaAlertConfiguration configuration = new RoaAlertConfiguration(certificateAuthority);
-        configuration.setSubscription(new RoaAlertSubscriptionData(command.getEmail(),
-                command.getRouteValidityStates(), command.getFrequency()));
+        configuration.setSubscription(new RoaAlertSubscriptionData(List.of(command.getEmail()),
+                command.getRouteValidityStates(), command.getFrequency(), command.isNotifyOnRoaChanges()));
         repository.add(configuration);
         return configuration;
     }
diff --git a/src/main/java/net/ripe/rpki/services/impl/handlers/UnsubscribeFromRoaAlertCommandHandler.java b/src/main/java/net/ripe/rpki/services/impl/handlers/UnsubscribeFromRoaAlertCommandHandler.java
index fcc6f51..ba59aaf 100644
--- a/src/main/java/net/ripe/rpki/services/impl/handlers/UnsubscribeFromRoaAlertCommandHandler.java
+++ b/src/main/java/net/ripe/rpki/services/impl/handlers/UnsubscribeFromRoaAlertCommandHandler.java
@@ -1,5 +1,7 @@
 package net.ripe.rpki.services.impl.handlers;
 
+import jakarta.inject.Inject;
+import lombok.extern.slf4j.Slf4j;
 import net.ripe.rpki.domain.CertificateAuthorityRepository;
 import net.ripe.rpki.domain.alerts.RoaAlertConfiguration;
 import net.ripe.rpki.domain.alerts.RoaAlertConfigurationRepository;
@@ -7,16 +9,12 @@
 import net.ripe.rpki.server.api.dto.RoaAlertSubscriptionData;
 import net.ripe.rpki.server.api.services.command.CommandStatus;
 import net.ripe.rpki.services.impl.email.EmailSender;
-
-import jakarta.inject.Inject;
 import net.ripe.rpki.services.impl.email.EmailTokens;
 
-import java.util.Collections;
-
 import static net.ripe.rpki.domain.alerts.RoaAlertConfiguration.normEmail;
 
-
 @Handler
+@Slf4j
 public class UnsubscribeFromRoaAlertCommandHandler extends AbstractCertificateAuthorityCommandHandler<UnsubscribeFromRoaAlertCommand> {
 
     private final RoaAlertConfigurationRepository repository;
@@ -43,12 +41,18 @@ public void handle(UnsubscribeFromRoaAlertCommand command, CommandStatus command
         if (subscription == null) {
             return;
         }
+        configuration.setNotifyOnRoaChanges(command.isNotifyOnRoaChanges());
+        if (!subscription.getEmails().contains(normEmail(command.getEmail()))) {
+            log.info("Trying to unsubscribe the address {} that is not amongst subscribed addresses {}", command.getEmail(), subscription.getEmails());
+            return;
+        }
         configuration.removeEmail(command.getEmail());
 
+        var parameters = SubscribeToRoaAlertCommandHandler.makeParameters(configuration.toData());
         emailSender.sendEmail(normEmail(command.getEmail()),
                 EmailSender.EmailTemplates.ROA_ALERT_UNSUBSCRIBE.templateSubject,
                 EmailSender.EmailTemplates.ROA_ALERT_UNSUBSCRIBE,
-                Collections.singletonMap("subscription", configuration.toData()),
+                parameters,
                 EmailTokens.uniqueId(configuration.getCertificateAuthority().getUuid()));
     }
 }
diff --git a/src/main/java/net/ripe/rpki/services/impl/handlers/UpdateRoaChangeAlertCommandHandler.java b/src/main/java/net/ripe/rpki/services/impl/handlers/UpdateRoaChangeAlertCommandHandler.java
new file mode 100644
index 0000000..6ca9ecc
--- /dev/null
+++ b/src/main/java/net/ripe/rpki/services/impl/handlers/UpdateRoaChangeAlertCommandHandler.java
@@ -0,0 +1,66 @@
+package net.ripe.rpki.services.impl.handlers;
+
+import jakarta.inject.Inject;
+import net.ripe.rpki.domain.CertificateAuthorityRepository;
+import net.ripe.rpki.domain.ManagedCertificateAuthority;
+import net.ripe.rpki.domain.alerts.RoaAlertConfiguration;
+import net.ripe.rpki.domain.alerts.RoaAlertConfigurationRepository;
+import net.ripe.rpki.server.api.commands.UpdateRoaChangeAlertCommand;
+import net.ripe.rpki.server.api.services.command.CommandStatus;
+import net.ripe.rpki.services.impl.email.EmailSender;
+import net.ripe.rpki.services.impl.email.EmailTokens;
+
+import java.util.Collections;
+
+
+@Handler
+public class UpdateRoaChangeAlertCommandHandler extends AbstractCertificateAuthorityCommandHandler<UpdateRoaChangeAlertCommand> {
+
+    private final RoaAlertConfigurationRepository repository;
+
+    private final EmailSender emailSender;
+
+    @Inject
+    public UpdateRoaChangeAlertCommandHandler(CertificateAuthorityRepository certificateAuthorityRepository,
+                                              RoaAlertConfigurationRepository repository,
+                                              EmailSender emailSender) {
+        super(certificateAuthorityRepository);
+        this.repository = repository;
+        this.emailSender = emailSender;
+    }
+
+    @Override
+    public Class<UpdateRoaChangeAlertCommand> commandType() {
+        return UpdateRoaChangeAlertCommand.class;
+    }
+
+    @Override
+    public void handle(UpdateRoaChangeAlertCommand command, CommandStatus commandStatus) {
+        final RoaAlertConfiguration configuration = repository.findByCertificateAuthorityIdOrNull(command.getCertificateAuthorityId());
+        if (configuration == null) {
+            createNewAlertConfiguration(command, command.isNotifyOnRoaChanges());
+            // there wasn't any configuration, so no emails to notify
+        } else if (command.isNotifyOnRoaChanges() != configuration.isNotifyOnRoaChanges()) {
+            configuration.setNotifyOnRoaChanges(command.isNotifyOnRoaChanges());
+            EmailSender.EmailTemplates template = command.isNotifyOnRoaChanges() ?
+                    EmailSender.EmailTemplates.ROA_CHANGE_ALERT_SUBSCRIBE_CONFIRMATION :
+                    EmailSender.EmailTemplates.ROA_CHANGE_ALERT_UNSUBSCRIBE_CONFIRMATION;
+            sendEmails(configuration, template);
+        }
+    }
+
+    private void sendEmails(RoaAlertConfiguration newConfiguration, EmailSender.EmailTemplates template) {
+        newConfiguration.getSubscriptionOrNull().getEmails().forEach(email ->
+                emailSender.sendEmail(email,
+                        template.templateSubject, template,
+                        Collections.singletonMap("subscription", newConfiguration),
+                        EmailTokens.uniqueId(newConfiguration.getCertificateAuthority().getUuid())));
+    }
+
+    private void createNewAlertConfiguration(UpdateRoaChangeAlertCommand command, boolean notifyOnRoaChanges) {
+        ManagedCertificateAuthority certificateAuthority = lookupManagedCa(command.getCertificateAuthorityId());
+        RoaAlertConfiguration configuration = new RoaAlertConfiguration(certificateAuthority);
+        configuration.setNotifyOnRoaChanges(notifyOnRoaChanges);
+        repository.add(configuration);
+    }
+}
diff --git a/src/main/java/net/ripe/rpki/services/impl/handlers/UpdateRoaConfigurationCommandHandler.java b/src/main/java/net/ripe/rpki/services/impl/handlers/UpdateRoaConfigurationCommandHandler.java
index 43986fb..1380a24 100644
--- a/src/main/java/net/ripe/rpki/services/impl/handlers/UpdateRoaConfigurationCommandHandler.java
+++ b/src/main/java/net/ripe/rpki/services/impl/handlers/UpdateRoaConfigurationCommandHandler.java
@@ -7,6 +7,7 @@
 import net.ripe.ipresource.IpResourceType;
 import net.ripe.rpki.domain.CertificateAuthorityRepository;
 import net.ripe.rpki.domain.ManagedCertificateAuthority;
+import net.ripe.rpki.domain.alerts.RoaAlertConfigurationRepository;
 import net.ripe.rpki.domain.roa.RoaConfiguration;
 import net.ripe.rpki.domain.roa.RoaConfigurationPrefix;
 import net.ripe.rpki.domain.roa.RoaConfigurationRepository;
@@ -17,6 +18,7 @@
 import net.ripe.rpki.server.api.services.command.NotHolderOfResourcesException;
 import net.ripe.rpki.server.api.services.command.PrivateAsnsUsedException;
 import net.ripe.rpki.services.impl.background.RoaMetricsService;
+import net.ripe.rpki.services.impl.background.RoaNotificationService;
 import org.springframework.beans.factory.annotation.Value;
 
 import jakarta.inject.Inject;
@@ -30,18 +32,23 @@ public class UpdateRoaConfigurationCommandHandler extends AbstractCertificateAut
     private final RoaConfigurationRepository roaConfigurationRepository;
     private final ImmutableResourceSet privateAsnRanges;
     private final RoaMetricsService roaMetricsService;
+    private final RoaNotificationService roaNotificationService;
 
     @Inject
     public UpdateRoaConfigurationCommandHandler(CertificateAuthorityRepository certificateAuthorityRepository,
                                                 RoaConfigurationRepository roaConfigurationRepository,
                                                 @Value("${private.asns.ranges}") String privateASNS,
-                                                RoaMetricsService roaMetricsService) {
+                                                RoaMetricsService roaMetricsService,
+                                                RoaNotificationService roaNotificationService) {
         super(certificateAuthorityRepository);
         this.roaConfigurationRepository = roaConfigurationRepository;
         this.roaMetricsService = roaMetricsService;
 
         this.privateAsnRanges = ImmutableResourceSet.parse(privateASNS);
-        Preconditions.checkArgument(privateAsnRanges.stream().allMatch(a -> a.getType() == IpResourceType.ASN), "Only ASNs allowed for private ASN ranges: %s", privateAsnRanges);
+        this.roaNotificationService = roaNotificationService;
+
+        Preconditions.checkArgument(privateAsnRanges.stream().allMatch(a -> a.getType() == IpResourceType.ASN),
+                "Only ASNs allowed for private ASN ranges: %s", privateAsnRanges);
     }
 
     @Override
@@ -58,12 +65,14 @@ public void handle(@NonNull UpdateRoaConfigurationCommand command, CommandStatus
         validateAsns(command);
         validateAddedPrefixes(ca, command.getAdditions());
 
-        roaConfigurationRepository.mergePrefixes(configuration,
+        RoaConfiguration.PrefixDiff prefixDiff = roaConfigurationRepository.mergePrefixes(configuration,
                 RoaConfigurationPrefix.fromData(command.getAdditions()),
                 RoaConfigurationPrefix.fromData(command.getDeletions()));
 
         ca.markConfigurationUpdated();
 
+        roaNotificationService.notifyAboutRoaChanges(ca, command.getUserId(), prefixDiff.added(), prefixDiff.removed());
+
         roaMetricsService.countAdded(command.getAdditions().size());
         roaMetricsService.countDeleted(command.getDeletions().size());
     }
diff --git a/src/main/java/net/ripe/rpki/services/impl/jpa/JpaRoaConfigurationRepository.java b/src/main/java/net/ripe/rpki/services/impl/jpa/JpaRoaConfigurationRepository.java
index 3a45e93..ad74083 100644
--- a/src/main/java/net/ripe/rpki/services/impl/jpa/JpaRoaConfigurationRepository.java
+++ b/src/main/java/net/ripe/rpki/services/impl/jpa/JpaRoaConfigurationRepository.java
@@ -84,11 +84,12 @@ public Optional<Instant> lastModified() {
     }
 
     @Override
-    public void mergePrefixes(RoaConfiguration configuration,
-                              Collection<RoaConfigurationPrefix> prefixesToAdd,
-                              Collection<RoaConfigurationPrefix> prefixesToRemove) {
+    public RoaConfiguration.PrefixDiff mergePrefixes(RoaConfiguration configuration,
+                                                     Collection<RoaConfigurationPrefix> prefixesToAdd,
+                                                     Collection<RoaConfigurationPrefix> prefixesToRemove) {
         var diff = configuration.mergePrefixes(prefixesToAdd, prefixesToRemove);
         applyDiff(configuration, diff);
+        return diff;
     }
 
     public void applyDiff(RoaConfiguration configuration,
diff --git a/src/main/resources/db/migration/V133__roa_alerts_add_notify_on_roa_changes.sql b/src/main/resources/db/migration/V133__roa_alerts_add_notify_on_roa_changes.sql
new file mode 100644
index 0000000..194681a
--- /dev/null
+++ b/src/main/resources/db/migration/V133__roa_alerts_add_notify_on_roa_changes.sql
@@ -0,0 +1 @@
+ALTER TABLE roa_alert_configuration ADD COLUMN notify_on_roa_changes BOOLEAN NOT NULL DEFAULT FALSE;
diff --git a/src/main/resources/email-templates/roa-change-alert-email.txt b/src/main/resources/email-templates/roa-change-alert-email.txt
new file mode 100644
index 0000000..46a0cb3
--- /dev/null
+++ b/src/main/resources/email-templates/roa-change-alert-email.txt
@@ -0,0 +1,10 @@
+This is an automated email to inform you that user [[${ssoEmail}]] made changes
+to one or more ROAs for your organisation [[${humanizedCaName}]].
+
+ASN        Prefix                                           Max Length  (A)dd/(D)elete
+===============================================================================
+[# th:each="roa : ${roas}" ][(${roa.asn})][( ${roa.prefix})][( ${roa.maxLength})][( ${roa.operation})]
+[/]
+
+You can review and change your ROAs at: [[${rpkiDashboardUri}]]
+You can unsubscribe from these alerts at: [(${unsubscribeUri})]
\ No newline at end of file
diff --git a/src/main/resources/email-templates/subscribe-confirmation-change.txt b/src/main/resources/email-templates/subscribe-confirmation-change.txt
new file mode 100644
index 0000000..71102a1
--- /dev/null
+++ b/src/main/resources/email-templates/subscribe-confirmation-change.txt
@@ -0,0 +1,8 @@
+Thank you for subscribing.
+
+You will receive email alerts from the RIPE NCC Resource
+Certification (RPKI) service for every ROA change for your CA.
+
+You are able to fix and ignore reported issues, change your alert
+settings, or unsubscribe by visiting [[${rpkiDashboardUri}]] or
+directly using [(${unsubscribeUri})].
diff --git a/src/main/resources/email-templates/subscribe-confirmation-daily.txt b/src/main/resources/email-templates/subscribe-confirmation-daily.txt
index 135e932..3850f98 100644
--- a/src/main/resources/email-templates/subscribe-confirmation-daily.txt
+++ b/src/main/resources/email-templates/subscribe-confirmation-daily.txt
@@ -1,7 +1,7 @@
 Thank you for subscribing.
 
 Once every 24 hours, you will receive email alerts from the RIPE NCC
-Resource Certification (RPKI) service.
+Resource Certification (RPKI) service. [(${roaChangeSubscription})]
 
 You are able to fix and ignore reported issues, change your alert
 settings, or unsubscribe by visiting [[${rpkiDashboardUri}]] or
diff --git a/src/main/resources/email-templates/subscribe-confirmation-weekly.txt b/src/main/resources/email-templates/subscribe-confirmation-weekly.txt
index e63cfb3..e005d8b 100644
--- a/src/main/resources/email-templates/subscribe-confirmation-weekly.txt
+++ b/src/main/resources/email-templates/subscribe-confirmation-weekly.txt
@@ -1,7 +1,7 @@
 Thank you for subscribing.
 
 Every week (on Mondays), you will receive email alerts from the RIPE NCC
-Resource Certification (RPKI) service.
+Resource Certification (RPKI) service. [(${roaChangeSubscription})]
 
 You are able to fix and ignore reported issues, change your alert
 settings, or unsubscribe by visiting [[${rpkiDashboardUri}]] or
diff --git a/src/main/resources/email-templates/unsubscribe-confirmation-change.txt b/src/main/resources/email-templates/unsubscribe-confirmation-change.txt
new file mode 100644
index 0000000..22e1011
--- /dev/null
+++ b/src/main/resources/email-templates/unsubscribe-confirmation-change.txt
@@ -0,0 +1,3 @@
+You have been unsubscribed from Resource Certification (RPKI) ROA changes alerts.
+
+Please visit [[${rpkiDashboardUri}]] to change your alert settings.
diff --git a/src/main/resources/email-templates/unsubscribe-confirmation.txt b/src/main/resources/email-templates/unsubscribe-confirmation.txt
index f1946d2..b8b8e92 100644
--- a/src/main/resources/email-templates/unsubscribe-confirmation.txt
+++ b/src/main/resources/email-templates/unsubscribe-confirmation.txt
@@ -1,4 +1,3 @@
-You have been unsubscribed from Resource Certification (RPKI) alerts.
+You have been unsubscribed from Resource Certification (RPKI) alerts. [(${roaChangeSubscription})]
 
-Please visit [[${rpkiDashboardUri}]] to change your alert
-settings.
+Please visit [[${rpkiDashboardUri}]] to change your alert settings.
diff --git a/src/test/java/net/ripe/rpki/application/impl/CommandAuditServiceBeanTest.java b/src/test/java/net/ripe/rpki/application/impl/CommandAuditServiceBeanTest.java
index 127a14b..b640263 100644
--- a/src/test/java/net/ripe/rpki/application/impl/CommandAuditServiceBeanTest.java
+++ b/src/test/java/net/ripe/rpki/application/impl/CommandAuditServiceBeanTest.java
@@ -96,7 +96,7 @@ public void should_extract_emails_from_subscribe_command_summary() {
         String email = "user_some.email+ripe.net@gmail.com";
 
         recordCommand(new SubscribeToRoaAlertCommand(ca.getVersionedId(), email, List.of(RouteValidityState.INVALID_ASN)), "some event");
-        recordCommand(new UnsubscribeFromRoaAlertCommand(ca.getVersionedId(), email), "some event 2");
+        recordCommand(new UnsubscribeFromRoaAlertCommand(ca.getVersionedId(), email, false), "some event 2");
 
         entityManager.flush();
         Map<String, Long> emailMentions = subject.findMentionsInSummary(email);
diff --git a/src/test/java/net/ripe/rpki/core/read/services/ca/CertificateAuthorityViewServiceStatisticsTest.java b/src/test/java/net/ripe/rpki/core/read/services/ca/CertificateAuthorityViewServiceStatisticsTest.java
index 741a998..e26d2ee 100644
--- a/src/test/java/net/ripe/rpki/core/read/services/ca/CertificateAuthorityViewServiceStatisticsTest.java
+++ b/src/test/java/net/ripe/rpki/core/read/services/ca/CertificateAuthorityViewServiceStatisticsTest.java
@@ -24,7 +24,6 @@
 
 import javax.security.auth.x500.X500Principal;
 import java.security.SecureRandom;
-import java.util.Collections;
 import java.util.List;
 import java.util.Optional;
 import java.util.UUID;
@@ -32,7 +31,7 @@
 import java.util.stream.IntStream;
 
 import static net.ripe.ipresource.ImmutableResourceSet.parse;
-import static org.assertj.core.api.Assertions.as;
+import static net.ripe.rpki.server.api.security.RunAsUser.ADMIN;
 import static org.assertj.core.api.Assertions.assertThat;
 
 @Transactional
@@ -138,7 +137,8 @@ public void testGetCaStatEvents() {
         commandService.execute(new UpdateRoaConfigurationCommand(
                 child.getVersionedId(), Optional.empty(),
                 List.of(),
-                ALL_ROA_CONFIGURATIONS.stream().map(ca -> ca.toData()).collect(Collectors.toList()))
+                ALL_ROA_CONFIGURATIONS.stream().map(ca -> ca.toData()).toList(),
+                ADMIN.getCertificationUserId())
         );
 
         assertThat(subject.getCaStatEvents())
@@ -151,7 +151,8 @@ public void testGetCaStatEvents() {
         commandService.execute(new UpdateRoaConfigurationCommand(
                 child.getVersionedId(), Optional.empty(),
                 ALL_ROA_CONFIGURATIONS.stream().map(ca -> ca.toData()).collect(Collectors.toList()),
-                List.of())
+                List.of(),
+                ADMIN.getCertificationUserId())
         );
         assertThat(subject.getCaStatEvents())
                 .asInstanceOf(InstanceOfAssertFactories.list(CaStatRoaEvent.class))
diff --git a/src/test/java/net/ripe/rpki/domain/CertificationDomainTestCase.java b/src/test/java/net/ripe/rpki/domain/CertificationDomainTestCase.java
index 674887a..80d1506 100644
--- a/src/test/java/net/ripe/rpki/domain/CertificationDomainTestCase.java
+++ b/src/test/java/net/ripe/rpki/domain/CertificationDomainTestCase.java
@@ -163,15 +163,6 @@ protected <T> T withTx(Supplier<T> c) {
         return transactionTemplate.execute(transactionStatus -> c.get());
     }
 
-    protected CertificateAuthority createCaIfDoesntExist(CertificateAuthority ca) {
-        final CertificateAuthority existing = certificateAuthorityRepository.find(ca.getId());
-        if (existing == null) {
-            certificateAuthorityRepository.add(ca);
-            return certificateAuthorityRepository.find(ca.getId());
-        }
-        return existing;
-    }
-
     protected CommandStatus execute(CertificateAuthorityCommand command) {
         try {
             return commandService.execute(command);
diff --git a/src/test/java/net/ripe/rpki/domain/TestObjects.java b/src/test/java/net/ripe/rpki/domain/TestObjects.java
index 190e828..87a0ce6 100644
--- a/src/test/java/net/ripe/rpki/domain/TestObjects.java
+++ b/src/test/java/net/ripe/rpki/domain/TestObjects.java
@@ -182,14 +182,20 @@ public static ProductionCertificateAuthority createInitialisedProdCaWithRipeReso
         return createInitialisedProdCaWithRipeResources(new InMemoryCertificateAuthorityRepository(), new InMemoryResourceCertificateRepository(), certificationConfiguration);
     }
 
-    public static ProductionCertificateAuthority createInitialisedProdCaWithRipeResources(CertificateAuthorityRepository certificateAuthorityRepository, ResourceCertificateRepository resourceCertificateRepository, RepositoryConfiguration certificationConfiguration) {
+    public static ProductionCertificateAuthority createInitialisedProdCaWithRipeResources(CertificateAuthorityRepository certificateAuthorityRepository,
+                                                                                          ResourceCertificateRepository resourceCertificateRepository,
+                                                                                          RepositoryConfiguration certificationConfiguration) {
         ProductionCertificateAuthority ca = new ProductionCertificateAuthority(CA_ID, PRODUCTION_CA_NAME, UUID.randomUUID(), null);
         createInitialisedKeyPair(certificateAuthorityRepository, resourceCertificateRepository, certificationConfiguration, ca, "TEST-KEY");
         Validate.isTrue(ca.hasCurrentKeyPair());
         return ca;
     }
 
-    static KeyPairEntity createInitialisedKeyPair(CertificateAuthorityRepository certificateAuthorityRepository, ResourceCertificateRepository resourceCertificateRepository, RepositoryConfiguration certificationConfiguration, ProductionCertificateAuthority ca, String name) {
+    static KeyPairEntity createInitialisedKeyPair(CertificateAuthorityRepository certificateAuthorityRepository,
+                                                  ResourceCertificateRepository resourceCertificateRepository,
+                                                  RepositoryConfiguration certificationConfiguration,
+                                                  ProductionCertificateAuthority ca,
+                                                  String name) {
         KeyPairEntity kp = createTestKeyPair(name);
         ca.addKeyPair(kp);
         // Implicitly persists the keypair before it is used in a outgoing resource certificate
@@ -198,7 +204,9 @@ static KeyPairEntity createInitialisedKeyPair(CertificateAuthorityRepository cer
         return kp;
     }
 
-    static void issueSelfSignedCertificates(ResourceCertificateRepository resourceCertificateRepository, RepositoryConfiguration certificationConfiguration, ProductionCertificateAuthority ca) {
+    static void issueSelfSignedCertificates(ResourceCertificateRepository resourceCertificateRepository,
+                                            RepositoryConfiguration certificationConfiguration,
+                                            ProductionCertificateAuthority ca) {
         for (KeyPairEntity kp : ca.getKeyPairs()) {
             if (kp.findCurrentIncomingCertificate().isEmpty()) {
                 ResourceCertificateInformationAccessStrategy ias = new ResourceCertificateInformationAccessStrategyBean();
diff --git a/src/test/java/net/ripe/rpki/rest/service/AlertServiceTest.java b/src/test/java/net/ripe/rpki/rest/service/AlertServiceTest.java
index 658bf36..cca0731 100644
--- a/src/test/java/net/ripe/rpki/rest/service/AlertServiceTest.java
+++ b/src/test/java/net/ripe/rpki/rest/service/AlertServiceTest.java
@@ -7,10 +7,7 @@
 import net.ripe.rpki.commons.util.VersionedId;
 import net.ripe.rpki.commons.validation.roa.RouteValidityState;
 import net.ripe.rpki.domain.alerts.RoaAlertFrequency;
-import net.ripe.rpki.server.api.commands.CertificateAuthorityCommand;
-import net.ripe.rpki.server.api.commands.SubscribeToRoaAlertCommand;
-import net.ripe.rpki.server.api.commands.UnsubscribeFromRoaAlertCommand;
-import net.ripe.rpki.server.api.commands.UpdateRoaAlertIgnoredAnnouncedRoutesCommand;
+import net.ripe.rpki.server.api.commands.*;
 import net.ripe.rpki.server.api.dto.CertificateAuthorityData;
 import net.ripe.rpki.server.api.dto.HostedCertificateAuthorityData;
 import net.ripe.rpki.server.api.dto.RoaAlertConfigurationData;
@@ -39,8 +36,7 @@
 
 import static jakarta.ws.rs.core.MediaType.APPLICATION_JSON;
 import static net.ripe.rpki.rest.service.AbstractCaRestService.API_URL_PREFIX;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.*;
 import static org.mockito.Mockito.*;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
@@ -78,14 +74,28 @@ public void init() {
     }
 
     @Test
-    public void shouldGetExistingAlerts() throws Exception {
+    public void shouldNotCrashWithEmptySubscription() throws Exception {
+        CertificateAuthorityData caData = mock(CertificateAuthorityData.class);
+        when(roaAlertConfigurationViewService.findRoaAlertSubscription(CA_ID)).thenReturn(
+                new RoaAlertConfigurationData(caData, null));
+
+        mockMvc.perform(Rest.get(API_URL_PREFIX + "/123/alerts"))
+                .andExpect(status().isOk())
+                .andExpect(content().contentType(APPLICATION_JSON))
+                .andExpect(jsonPath("$.frequency").value("DAILY"))
+                .andExpect(jsonPath("$.notifyOnRoaChanges").value("false"));
+    }
 
+    @Test
+    public void shouldGetExistingAlerts() throws Exception {
         CertificateAuthorityData caData = mock(CertificateAuthorityData.class);
         RoaAlertSubscriptionData roaSubscriptionData = new RoaAlertSubscriptionData(
                 Arrays.asList("festeban@ripe.net", "bad@ripe.net"),
-                Arrays.asList(RouteValidityState.INVALID_ASN, RouteValidityState.UNKNOWN), RoaAlertFrequency.WEEKLY);
+                Arrays.asList(RouteValidityState.INVALID_ASN, RouteValidityState.UNKNOWN),
+                RoaAlertFrequency.WEEKLY, true);
 
-        when(roaAlertConfigurationViewService.findRoaAlertSubscription(CA_ID)).thenReturn(new RoaAlertConfigurationData(caData, roaSubscriptionData));
+        when(roaAlertConfigurationViewService.findRoaAlertSubscription(CA_ID)).thenReturn(
+                new RoaAlertConfigurationData(caData, roaSubscriptionData));
 
         mockMvc.perform(Rest.get(API_URL_PREFIX + "/123/alerts"))
                 .andExpect(status().isOk())
@@ -94,7 +104,8 @@ public void shouldGetExistingAlerts() throws Exception {
                 .andExpect(jsonPath("$.routeValidityStates[1]").value("UNKNOWN"))
                 .andExpect(jsonPath("$.emails[0]").value("festeban@ripe.net"))
                 .andExpect(jsonPath("$.emails[1]").value("bad@ripe.net"))
-                .andExpect(jsonPath("$.frequency").value("WEEKLY"));
+                .andExpect(jsonPath("$.frequency").value("WEEKLY"))
+                .andExpect(jsonPath("$.notifyOnRoaChanges").value("true"));
     }
 
     @Test
@@ -105,20 +116,24 @@ public void shouldSubscribeToAlerts() throws Exception {
         CertificateAuthorityData caData = mock(CertificateAuthorityData.class);
         RoaAlertSubscriptionData roaSubscriptionData = new RoaAlertSubscriptionData(
                 Arrays.asList("festeban@ripe.net", "bad@ripe.net"),
-                Arrays.asList(RouteValidityState.INVALID_ASN, RouteValidityState.UNKNOWN), RoaAlertFrequency.DAILY);
-        when(roaAlertConfigurationViewService.findRoaAlertSubscription(CA_ID)).thenReturn(new RoaAlertConfigurationData(caData, roaSubscriptionData));
+                Arrays.asList(RouteValidityState.INVALID_ASN, RouteValidityState.UNKNOWN),
+                RoaAlertFrequency.DAILY, true);
+
+        when(roaAlertConfigurationViewService.findRoaAlertSubscription(CA_ID))
+                .thenReturn(new RoaAlertConfigurationData(caData, roaSubscriptionData));
 
         ArgumentCaptor<CertificateAuthorityCommand> commandArgument = ArgumentCaptor.forClass(CertificateAuthorityCommand.class);
 
         mockMvc.perform(Rest.post(API_URL_PREFIX + "/123/alerts",
-                "{\"routeValidityStates\" : [\"INVALID_LENGTH\"], \"emails\" : [\"bad1@ripe.net\"]}"))
+                "{\"routeValidityStates\" : [\"INVALID_LENGTH\"], " +
+                         "\"emails\" : [\"bad1@ripe.net\"]," +
+                         "\"frequency\" : \"WEEKLY\"}"))
                 .andExpect(status().isOk())
                 .andExpect(content().contentType(APPLICATION_JSON));
 
         verify(commandService, times(3)).execute(commandArgument.capture());
         List<CertificateAuthorityCommand> commands = commandArgument.getAllValues();
 
-
         UnsubscribeFromRoaAlertCommand unsubscribe1 = (UnsubscribeFromRoaAlertCommand) commands.get(0);
         UnsubscribeFromRoaAlertCommand unsubscribe2 = (UnsubscribeFromRoaAlertCommand) commands.get(1);
         SubscribeToRoaAlertCommand subscribe = (SubscribeToRoaAlertCommand) commands.get(2);
@@ -134,19 +149,34 @@ public void shouldSubscribeToAlerts() throws Exception {
                 Sets.newHashSet(unsubscribe1.getEmail(), unsubscribe2.getEmail()));
     }
 
+    @Test
+    public void shouldRejectNoFrequency() throws Exception {
+        mockMvc.perform(Rest.post(API_URL_PREFIX + "/123/alerts",
+                        "{\"routeValidityStates\" : [\"INVALID_LENGTH\"], " +
+                                "\"emails\" : [\"bad1@ripe.net\"]}"))
+                .andExpect(status().isBadRequest())
+                .andExpect(content().string("{\"error\":\"No valid subscription frequency provided\"}"));
+    }
+
     @Test
     public void shouldSubscribeToAlertsWhenOnlyValidityStatusChanges() throws Exception {
 
         CertificateAuthorityData caData = mock(CertificateAuthorityData.class);
         RoaAlertSubscriptionData roaSubscriptionData = new RoaAlertSubscriptionData(
                 Collections.singletonList("bad@ripe.net"),
-                Collections.singletonList(RouteValidityState.INVALID_ASN), RoaAlertFrequency.DAILY);
-        when(roaAlertConfigurationViewService.findRoaAlertSubscription(CA_ID)).thenReturn(new RoaAlertConfigurationData(caData, roaSubscriptionData));
+                Collections.singletonList(RouteValidityState.INVALID_ASN),
+                RoaAlertFrequency.DAILY, true);
+
+        when(roaAlertConfigurationViewService.findRoaAlertSubscription(CA_ID)).thenReturn(
+                new RoaAlertConfigurationData(caData, roaSubscriptionData));
 
         ArgumentCaptor<CertificateAuthorityCommand> commandArgument = ArgumentCaptor.forClass(CertificateAuthorityCommand.class);
 
         mockMvc.perform(Rest.post(API_URL_PREFIX + "/123/alerts",
-                "{\"routeValidityStates\" : [\"INVALID_LENGTH\", \"INVALID_ASN\"], \"emails\" : [\"bad@ripe.net\"], \"frequency\":\"WEEKLY\"}"))
+                "{\"routeValidityStates\" : [\"INVALID_LENGTH\", \"INVALID_ASN\"], " +
+                         "\"emails\" : [\"bad@ripe.net\"], " +
+                         "\"notifyOnRoaChanges\" : \"false\", " +
+                         "\"frequency\" : \"WEEKLY\"}"))
                 .andExpect(status().isOk())
                 .andExpect(content().contentType(APPLICATION_JSON));
 
@@ -156,6 +186,7 @@ public void shouldSubscribeToAlertsWhenOnlyValidityStatusChanges() throws Except
         SubscribeToRoaAlertCommand subscribe = (SubscribeToRoaAlertCommand) commands.get(0);
         assertEquals("bad@ripe.net", subscribe.getEmail());
         assertEquals(RoaAlertFrequency.WEEKLY, subscribe.getFrequency());
+        assertFalse(subscribe.isNotifyOnRoaChanges());
 
         assertEquals(
                 Sets.newHashSet(RouteValidityState.INVALID_LENGTH, RouteValidityState.INVALID_ASN),
@@ -168,14 +199,19 @@ public void subscribeOnlyAdditionalEmailsWhenValidityAndFrequencyUnchanged() thr
         CertificateAuthorityData caData = mock(CertificateAuthorityData.class);
         RoaAlertSubscriptionData roaSubscriptionData = new RoaAlertSubscriptionData(
                 Arrays.asList("badweekly@ripe.net"),
-                Collections.singletonList(RouteValidityState.INVALID_ASN), RoaAlertFrequency.WEEKLY);
-        when(roaAlertConfigurationViewService.findRoaAlertSubscription(CA_ID)).thenReturn(new RoaAlertConfigurationData(caData, roaSubscriptionData));
+                Collections.singletonList(RouteValidityState.INVALID_ASN),
+                RoaAlertFrequency.WEEKLY, false);
+
+        when(roaAlertConfigurationViewService.findRoaAlertSubscription(CA_ID))
+                .thenReturn(new RoaAlertConfigurationData(caData, roaSubscriptionData));
 
         ArgumentCaptor<CertificateAuthorityCommand> commandArgument = ArgumentCaptor.forClass(CertificateAuthorityCommand.class);
 
         mockMvc.perform(Rest.post(API_URL_PREFIX + "/123/alerts",
-                "{\"routeValidityStates\" : [\"INVALID_ASN\"], \"emails\" : [\"badweekly@ripe.net\",\"boyweekly@ripe.net\"], " +
-                        "\"frequency\":\"WEEKLY\"}"))
+                "{\"routeValidityStates\" : [\"INVALID_ASN\"], " +
+                         "\"emails\" : [\"badweekly@ripe.net\",\"boyweekly@ripe.net\"], " +
+                         "\"notifyOnRoaChanges\" : \"true\", " +
+                         "\"frequency\" : \"WEEKLY\"}"))
                 .andExpect(status().isOk())
                 .andExpect(content().contentType(APPLICATION_JSON));
 
@@ -186,6 +222,7 @@ public void subscribeOnlyAdditionalEmailsWhenValidityAndFrequencyUnchanged() thr
         SubscribeToRoaAlertCommand subscribe = (SubscribeToRoaAlertCommand) commands.get(0);
         assertEquals("boyweekly@ripe.net", subscribe.getEmail());
         assertEquals(RoaAlertFrequency.WEEKLY, subscribe.getFrequency());
+        assertTrue(subscribe.isNotifyOnRoaChanges());
 
         assertEquals(
                 Sets.newHashSet(RouteValidityState.INVALID_ASN),
@@ -198,14 +235,19 @@ public void resubscribeEveryoneWhenFrequencyChanges() throws Exception {
         CertificateAuthorityData caData = mock(CertificateAuthorityData.class);
         RoaAlertSubscriptionData roaSubscriptionData = new RoaAlertSubscriptionData(
                 Arrays.asList("bad@ripe.net","boy@ripe.net"),
-                Collections.singletonList(RouteValidityState.INVALID_ASN), RoaAlertFrequency.WEEKLY);
-        when(roaAlertConfigurationViewService.findRoaAlertSubscription(CA_ID)).thenReturn(new RoaAlertConfigurationData(caData, roaSubscriptionData));
+                Collections.singletonList(RouteValidityState.INVALID_ASN),
+                RoaAlertFrequency.WEEKLY, true);
+
+        when(roaAlertConfigurationViewService.findRoaAlertSubscription(CA_ID))
+                .thenReturn(new RoaAlertConfigurationData(caData, roaSubscriptionData));
 
         ArgumentCaptor<CertificateAuthorityCommand> commandArgument = ArgumentCaptor.forClass(CertificateAuthorityCommand.class);
 
         mockMvc.perform(Rest.post(API_URL_PREFIX + "/123/alerts",
-                "{\"routeValidityStates\" : [\"INVALID_ASN\"], \"emails\" : [\"bad@ripe.net\",\"boy@ripe.net\"], " +
-                        "\"frequency\":\"DAILY\"}"))
+                "{\"routeValidityStates\" : [\"INVALID_ASN\"], " +
+                         "\"emails\" : [\"bad@ripe.net\",\"boy@ripe.net\"], " +
+                         "\"notifyOnRoaChanges\" : \"true\", " +
+                         "\"frequency\":\"DAILY\"}"))
                 .andExpect(status().isOk())
                 .andExpect(content().contentType(APPLICATION_JSON));
 
@@ -218,13 +260,12 @@ public void resubscribeEveryoneWhenFrequencyChanges() throws Exception {
         assertTrue(emails.contains("boy@ripe.net"));
 
         Set<String> frequencies = commands.stream().map(c -> ((SubscribeToRoaAlertCommand) c).getFrequency().toString()).collect(Collectors.toSet());
-        assertTrue(frequencies.size() == 1);
+        assertEquals(1, frequencies.size());
         assertTrue(frequencies.contains("DAILY"));
 
         Set<String> validities = commands.stream().map(c -> ((SubscribeToRoaAlertCommand) c).getRouteValidityStates().toString()).collect(Collectors.toSet());
-        assertTrue(validities.size() == 1);
+        assertEquals(1, validities.size());
         assertTrue(validities.contains("[INVALID_ASN]"));
-
     }
 
     @Test
@@ -234,13 +275,15 @@ public void shouldUnsubscribeAnyoneWhenStatusesAreEmpty() throws Exception {
         RoaAlertSubscriptionData roaSubscriptionData = new RoaAlertSubscriptionData(
                 Arrays.asList("festeban@ripe.net", "bad@ripe.net"),
                 Arrays.asList(RouteValidityState.INVALID_ASN, RouteValidityState.UNKNOWN),
-                RoaAlertFrequency.DAILY);
+                RoaAlertFrequency.DAILY, false);
         when(roaAlertConfigurationViewService.findRoaAlertSubscription(CA_ID)).thenReturn(new RoaAlertConfigurationData(caData, roaSubscriptionData));
 
         ArgumentCaptor<CertificateAuthorityCommand> commandArgument = ArgumentCaptor.forClass(CertificateAuthorityCommand.class);
 
         mockMvc.perform(Rest.post(API_URL_PREFIX + "/123/alerts",
-                "{\"routeValidityStates\" : [], \"emails\" : [\"bad1@ripe.net\"]}"))
+                "{\"routeValidityStates\" : [], " +
+                         "\"emails\" : [\"bad1@ripe.net\"], " +
+                         "\"frequency\":\"DAILY\"}"))
                 .andExpect(status().isOk())
                 .andExpect(content().contentType(APPLICATION_JSON));
 
@@ -255,6 +298,102 @@ public void shouldUnsubscribeAnyoneWhenStatusesAreEmpty() throws Exception {
                 Sets.newHashSet(unsubscribe1.getEmail(), unsubscribe2.getEmail()));
     }
 
+    @Test
+    public void shouldSubscribeOrUnsubscribeToRoaChanges() throws Exception {
+
+        CertificateAuthorityData caData = mock(CertificateAuthorityData.class);
+        RoaAlertSubscriptionData roaSubscriptionData = new RoaAlertSubscriptionData(
+                Arrays.asList("festeban@ripe.net", "bad@ripe.net"),
+                Arrays.asList(RouteValidityState.INVALID_ASN, RouteValidityState.UNKNOWN),
+                RoaAlertFrequency.DAILY, true);
+
+        when(roaAlertConfigurationViewService.findRoaAlertSubscription(CA_ID))
+                .thenReturn(new RoaAlertConfigurationData(caData, roaSubscriptionData));
+
+        ArgumentCaptor<CertificateAuthorityCommand> commandArgument = ArgumentCaptor.forClass(CertificateAuthorityCommand.class);
+
+        mockMvc.perform(Rest.post(API_URL_PREFIX + "/123/alerts",
+                "{\"routeValidityStates\" : [], " +
+                         "\"emails\" : [\"bad1@ripe.net\"]," +
+                         "\"frequency\":\"DAILY\"}"))
+                .andExpect(status().isOk())
+                .andExpect(content().contentType(APPLICATION_JSON));
+
+        verify(commandService, times(2)).execute(commandArgument.capture());
+        List<CertificateAuthorityCommand> commands = commandArgument.getAllValues();
+
+        UnsubscribeFromRoaAlertCommand unsubscribe1 = (UnsubscribeFromRoaAlertCommand) commands.get(0);
+        UnsubscribeFromRoaAlertCommand unsubscribe2 = (UnsubscribeFromRoaAlertCommand) commands.get(1);
+        assertFalse(unsubscribe1.isNotifyOnRoaChanges());
+        assertFalse(unsubscribe2.isNotifyOnRoaChanges());
+
+        assertEquals(
+                Sets.newHashSet("bad@ripe.net", "festeban@ripe.net"),
+                Sets.newHashSet(unsubscribe1.getEmail(), unsubscribe2.getEmail()));
+    }
+
+
+    @Test
+    public void shouldOnlySubscribeOrUnsubscribeToRoaChangesAndNothingElse() throws Exception {
+
+        CertificateAuthorityData caData = mock(CertificateAuthorityData.class);
+        RoaAlertSubscriptionData roaSubscriptionData = new RoaAlertSubscriptionData(
+                Arrays.asList("festeban@ripe.net", "bad@ripe.net"),
+                Arrays.asList(RouteValidityState.INVALID_ASN, RouteValidityState.UNKNOWN),
+                RoaAlertFrequency.DAILY, true);
+
+        when(roaAlertConfigurationViewService.findRoaAlertSubscription(CA_ID))
+                .thenReturn(new RoaAlertConfigurationData(caData, roaSubscriptionData));
+
+        ArgumentCaptor<CertificateAuthorityCommand> commandArgument = ArgumentCaptor.forClass(CertificateAuthorityCommand.class);
+
+        // Change nothing except for notifyOnRoaChanges
+        mockMvc.perform(Rest.post(API_URL_PREFIX + "/123/alerts",
+                        "{\"routeValidityStates\" : [\"INVALID_ASN\", \"UNKNOWN\"], " +
+                                 "\"notifyOnRoaChanges\" : \"false\", " +
+                                 "\"emails\" : [\"festeban@ripe.net\", \"bad@ripe.net\"], " +
+                                 "\"frequency\" : \"DAILY\"}"))
+                .andExpect(status().isOk())
+                .andExpect(content().contentType(APPLICATION_JSON));
+
+        verify(commandService, times(1)).execute(commandArgument.capture());
+        List<CertificateAuthorityCommand> commands = commandArgument.getAllValues();
+
+        UpdateRoaChangeAlertCommand roaChangeUpdate = (UpdateRoaChangeAlertCommand) commands.get(0);
+        assertFalse(roaChangeUpdate.isNotifyOnRoaChanges());
+    }
+
+
+    @Test
+    public void shouldSubscribeToRoaChangesWhenSubscribing() throws Exception {
+
+        CertificateAuthorityData caData = mock(CertificateAuthorityData.class);
+        RoaAlertSubscriptionData roaSubscriptionData = new RoaAlertSubscriptionData(
+                Arrays.asList("bad@ripe.net"),
+                Arrays.asList(RouteValidityState.INVALID_ASN),
+                RoaAlertFrequency.DAILY, true);
+
+        when(roaAlertConfigurationViewService.findRoaAlertSubscription(CA_ID))
+                .thenReturn(new RoaAlertConfigurationData(caData, roaSubscriptionData));
+
+        ArgumentCaptor<CertificateAuthorityCommand> commandArgument = ArgumentCaptor.forClass(CertificateAuthorityCommand.class);
+
+        mockMvc.perform(Rest.post(API_URL_PREFIX + "/123/alerts",
+                        "{\"routeValidityStates\" : [\"INVALID_ASN\"], " +
+                                "\"emails\" : [\"bad@ripe.net\", \"festeban@ripe.net\"]," +
+                                "\"frequency\":\"DAILY\"}"))
+                .andExpect(status().isOk())
+                .andExpect(content().contentType(APPLICATION_JSON));
+
+        verify(commandService, times(1)).execute(commandArgument.capture());
+        List<CertificateAuthorityCommand> commands = commandArgument.getAllValues();
+
+        SubscribeToRoaAlertCommand subscribe = (SubscribeToRoaAlertCommand) commands.get(0);
+        assertFalse(subscribe.isNotifyOnRoaChanges());
+
+        assertEquals("festeban@ripe.net", subscribe.getEmail());
+    }
+
     @Test
     public void shouldMuteAnnouncements() throws Exception {
 
diff --git a/src/test/java/net/ripe/rpki/rest/service/AnnouncementServiceTest.java b/src/test/java/net/ripe/rpki/rest/service/AnnouncementServiceTest.java
index 89dd81c..3f1fa5b 100644
--- a/src/test/java/net/ripe/rpki/rest/service/AnnouncementServiceTest.java
+++ b/src/test/java/net/ripe/rpki/rest/service/AnnouncementServiceTest.java
@@ -396,7 +396,7 @@ private RoaAlertConfigurationData getRoaAlertConfigurationData(Asn asn, IpRange
 
         final List<RouteValidityState> routeValidityStates = Arrays.asList(RouteValidityState.INVALID_ASN, RouteValidityState.INVALID_LENGTH, RouteValidityState.UNKNOWN);
         final RoaAlertSubscriptionData subscription = new RoaAlertSubscriptionData("joe@example.com",
-                routeValidityStates, RoaAlertFrequency.DAILY);
+                routeValidityStates, RoaAlertFrequency.DAILY, false);
 
         return new RoaAlertConfigurationData(caData, subscription, ignoredAnnouncements);
     }
diff --git a/src/test/java/net/ripe/rpki/server/api/commands/SubscribeToRoaAlertCommandTest.java b/src/test/java/net/ripe/rpki/server/api/commands/SubscribeToRoaAlertCommandTest.java
index 51c7359..b12b192 100644
--- a/src/test/java/net/ripe/rpki/server/api/commands/SubscribeToRoaAlertCommandTest.java
+++ b/src/test/java/net/ripe/rpki/server/api/commands/SubscribeToRoaAlertCommandTest.java
@@ -17,12 +17,24 @@ public class SubscribeToRoaAlertCommandTest {
     @Test
     public void shouldHaveDescriptiveLogEntryForInvalidOnly() {
         subject = new SubscribeToRoaAlertCommand(new VersionedId(1), "bob@example.net", Collections.singletonList(RouteValidityState.INVALID_ASN));
-        assertEquals("Subscribed bob@example.net to daily ROA alerts for invalid announcements only.", subject.getCommandSummary());
+        assertEquals("Subscribed bob@example.net to daily ROA alerts for invalid announcements.", subject.getCommandSummary());
     }
 
     @Test
-    public void shouldHaveDescriptiveLogEntryForInvalidAndUnknown() {
-        subject = new SubscribeToRoaAlertCommand(new VersionedId(1), "bob@example.net", Arrays.asList(RouteValidityState.INVALID_ASN, RouteValidityState.UNKNOWN), RoaAlertFrequency.WEEKLY);
-        assertEquals("Subscribed bob@example.net to weekly ROA alerts for invalid and unknown announcements.", subject.getCommandSummary());
+    public void shouldHaveDescriptiveLogEntryForInvalidAndUnknownWithRoaChanges() {
+        subject = new SubscribeToRoaAlertCommand(new VersionedId(1), "bob@example.net",
+                Arrays.asList(RouteValidityState.INVALID_ASN, RouteValidityState.UNKNOWN),
+                RoaAlertFrequency.WEEKLY, true);
+        assertEquals("Subscribed bob@example.net to weekly ROA alerts for invalid and unknown announcements and ROA changes.",
+                subject.getCommandSummary());
+    }
+
+    @Test
+    public void shouldHaveDescriptiveLogEntryForInvalidAndUnknownNoRoaChanges() {
+        subject = new SubscribeToRoaAlertCommand(new VersionedId(1), "bob@example.net",
+                Arrays.asList(RouteValidityState.INVALID_ASN, RouteValidityState.UNKNOWN),
+                RoaAlertFrequency.WEEKLY, false);
+        assertEquals("Subscribed bob@example.net to weekly ROA alerts for invalid and unknown announcements.",
+                subject.getCommandSummary());
     }
 }
diff --git a/src/test/java/net/ripe/rpki/server/api/commands/UnsubscribeFromRoaAlertCommandTest.java b/src/test/java/net/ripe/rpki/server/api/commands/UnsubscribeFromRoaAlertCommandTest.java
index c3cc845..2bee7a1 100644
--- a/src/test/java/net/ripe/rpki/server/api/commands/UnsubscribeFromRoaAlertCommandTest.java
+++ b/src/test/java/net/ripe/rpki/server/api/commands/UnsubscribeFromRoaAlertCommandTest.java
@@ -1,22 +1,18 @@
 package net.ripe.rpki.server.api.commands;
 
 import net.ripe.rpki.commons.util.VersionedId;
-import org.junit.Before;
 import org.junit.Test;
 
+import java.util.function.Function;
+
 import static org.junit.Assert.assertEquals;
 
 public class UnsubscribeFromRoaAlertCommandTest {
 
-    private UnsubscribeFromRoaAlertCommand subject;
-
-    @Before
-    public void setUp() {
-        subject = new UnsubscribeFromRoaAlertCommand(new VersionedId(1), "bob@example.net");
-    }
-
     @Test
     public void shouldHaveDescriptiveLogEntry() {
-        assertEquals("Unsubscribed bob@example.net from ROA alerts.", subject.getCommandSummary());
+        Function<Boolean, UnsubscribeFromRoaAlertCommand> makeCommand = notify -> new UnsubscribeFromRoaAlertCommand(new VersionedId(1), "bob@example.net", notify);
+        assertEquals("Unsubscribed bob@example.net from ROA alerts.", makeCommand.apply(false).getCommandSummary());
+        assertEquals("Unsubscribed bob@example.net from ROA alerts and ROA changes.", makeCommand.apply(true).getCommandSummary());
     }
 }
diff --git a/src/test/java/net/ripe/rpki/server/api/commands/UpdateRoaConfigurationCommandTest.java b/src/test/java/net/ripe/rpki/server/api/commands/UpdateRoaConfigurationCommandTest.java
index 8a6bdc4..8de92ba 100644
--- a/src/test/java/net/ripe/rpki/server/api/commands/UpdateRoaConfigurationCommandTest.java
+++ b/src/test/java/net/ripe/rpki/server/api/commands/UpdateRoaConfigurationCommandTest.java
@@ -12,6 +12,7 @@
 import java.util.List;
 import java.util.Optional;
 
+import static net.ripe.rpki.server.api.security.RunAsUser.ADMIN;
 import static org.junit.Assert.assertEquals;
 
 public class UpdateRoaConfigurationCommandTest {
@@ -20,8 +21,12 @@ public class UpdateRoaConfigurationCommandTest {
 
     @Before
     public void setUp() {
-        List<RoaConfigurationPrefixData> added = Arrays.asList(new RoaConfigurationPrefixData(Asn.parse("123"), IpRange.parse("10.64.0.0/12"), 24), new RoaConfigurationPrefixData(Asn.parse("123"), IpRange.parse("10.32.0.0/12"), null));
-        subject = new UpdateRoaConfigurationCommand(new VersionedId(1), Optional.empty(), added, Collections.emptyList());
+        List<RoaConfigurationPrefixData> added = Arrays.asList(
+                new RoaConfigurationPrefixData(Asn.parse("123"), IpRange.parse("10.64.0.0/12"), 24),
+                new RoaConfigurationPrefixData(Asn.parse("123"), IpRange.parse("10.32.0.0/12"), null));
+
+        subject = new UpdateRoaConfigurationCommand(
+                new VersionedId(1), Optional.empty(), added, Collections.emptyList(), ADMIN.getCertificationUserId());
     }
 
     @Test
diff --git a/src/test/java/net/ripe/rpki/services/impl/background/RoaAlertBackgroundServiceDailyBeanTest.java b/src/test/java/net/ripe/rpki/services/impl/background/RoaAlertBackgroundServiceDailyBeanTest.java
index d3bac33..3322471 100644
--- a/src/test/java/net/ripe/rpki/services/impl/background/RoaAlertBackgroundServiceDailyBeanTest.java
+++ b/src/test/java/net/ripe/rpki/services/impl/background/RoaAlertBackgroundServiceDailyBeanTest.java
@@ -39,12 +39,12 @@ public class RoaAlertBackgroundServiceDailyBeanTest {
         ImmutableResourceSet.ALL_PRIVATE_USE_RESOURCES, Collections.emptyList());
 
     public static final RoaAlertConfigurationData ALERT_SUBSCRIPTION_DATA = new RoaAlertConfigurationData(CA_DATA,
-            new RoaAlertSubscriptionData(List.of("joeok@example.com"), Arrays.asList(RouteValidityState.INVALID_ASN,
-                    RouteValidityState.INVALID_LENGTH, RouteValidityState.UNKNOWN), RoaAlertFrequency.DAILY));
+            new RoaAlertSubscriptionData("joeok@example.com", Arrays.asList(RouteValidityState.INVALID_ASN,
+                    RouteValidityState.INVALID_LENGTH, RouteValidityState.UNKNOWN), RoaAlertFrequency.DAILY, false));
 
     private static final RoaAlertConfigurationData ALERT_SUBSCRIPTION_ERROR = new RoaAlertConfigurationData(CA_DATA,
             new RoaAlertSubscriptionData("errorjohn@example.com", Arrays.asList(RouteValidityState.INVALID_ASN,
-                    RouteValidityState.INVALID_LENGTH, RouteValidityState.UNKNOWN), RoaAlertFrequency.DAILY));
+                    RouteValidityState.INVALID_LENGTH, RouteValidityState.UNKNOWN), RoaAlertFrequency.DAILY, true));
 
     @Mock
     private ActiveNodeService activeNodeService;
diff --git a/src/test/java/net/ripe/rpki/services/impl/background/RoaAlertBackgroundServiceWeeklyBeanTest.java b/src/test/java/net/ripe/rpki/services/impl/background/RoaAlertBackgroundServiceWeeklyBeanTest.java
index e7cccf6..9f0eee3 100644
--- a/src/test/java/net/ripe/rpki/services/impl/background/RoaAlertBackgroundServiceWeeklyBeanTest.java
+++ b/src/test/java/net/ripe/rpki/services/impl/background/RoaAlertBackgroundServiceWeeklyBeanTest.java
@@ -39,11 +39,11 @@ public class RoaAlertBackgroundServiceWeeklyBeanTest {
 
     private static final RoaAlertConfigurationData ALERT_SUBSCRIPTION_ERROR = new RoaAlertConfigurationData(CA_DATA,
             new RoaAlertSubscriptionData("errorjohn@example.com", Arrays.asList(RouteValidityState.INVALID_ASN,
-                    RouteValidityState.INVALID_LENGTH, RouteValidityState.UNKNOWN), RoaAlertFrequency.WEEKLY));
+                    RouteValidityState.INVALID_LENGTH, RouteValidityState.UNKNOWN), RoaAlertFrequency.WEEKLY, false));
 
     private static final RoaAlertConfigurationData ALERT_SUBSCRIPTION_WEEKLY = new RoaAlertConfigurationData(CA_DATA,
             new RoaAlertSubscriptionData("weeklyjoe@example.com", Arrays.asList(RouteValidityState.INVALID_ASN,
-                    RouteValidityState.INVALID_LENGTH, RouteValidityState.UNKNOWN), RoaAlertFrequency.WEEKLY));
+                    RouteValidityState.INVALID_LENGTH, RouteValidityState.UNKNOWN), RoaAlertFrequency.WEEKLY, true));
 
     @Mock
     private ActiveNodeService activeNodeService;
@@ -56,7 +56,8 @@ public class RoaAlertBackgroundServiceWeeklyBeanTest {
 
     @Before
     public void setup() {
-        subject = new RoaAlertBackgroundServiceWeeklyBean(new BackgroundTaskRunner(activeNodeService, new SimpleMeterRegistry()), roaAlertConfigurationViewService, roaAlertChecker);
+        subject = new RoaAlertBackgroundServiceWeeklyBean(new BackgroundTaskRunner(
+                activeNodeService, new SimpleMeterRegistry()), roaAlertConfigurationViewService, roaAlertChecker);
     }
 
     @Test
diff --git a/src/test/java/net/ripe/rpki/services/impl/background/RoaNotificationServiceTest.java b/src/test/java/net/ripe/rpki/services/impl/background/RoaNotificationServiceTest.java
new file mode 100644
index 0000000..58e1683
--- /dev/null
+++ b/src/test/java/net/ripe/rpki/services/impl/background/RoaNotificationServiceTest.java
@@ -0,0 +1,113 @@
+package net.ripe.rpki.services.impl.background;
+
+import jakarta.transaction.Transactional;
+import net.ripe.ipresource.Asn;
+import net.ripe.ipresource.IpRange;
+import net.ripe.rpki.commons.validation.roa.RouteValidityState;
+import net.ripe.rpki.domain.CertificateAuthorityRepository;
+import net.ripe.rpki.domain.CertificationDomainTestCase;
+import net.ripe.rpki.domain.HostedCertificateAuthority;
+import net.ripe.rpki.domain.alerts.RoaAlertConfiguration;
+import net.ripe.rpki.domain.alerts.RoaAlertConfigurationRepository;
+import net.ripe.rpki.domain.alerts.RoaAlertFrequency;
+import net.ripe.rpki.domain.roa.RoaConfigurationPrefix;
+import net.ripe.rpki.server.api.ports.InternalNamePresenter;
+import net.ripe.rpki.server.api.security.CertificationUserId;
+import net.ripe.rpki.services.impl.email.EmailSender;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.mock.mockito.MockBean;
+
+import javax.security.auth.x500.X500Principal;
+import java.time.Instant;
+import java.util.Collections;
+import java.util.List;
+import java.util.UUID;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.when;
+
+@Transactional
+public class RoaNotificationServiceTest extends CertificationDomainTestCase {
+
+    private static final long HOSTED_CA_ID = 454L;
+    private static final X500Principal CHILD_CA_NAME = new X500Principal("CN=child");
+
+    private static final String ADMIN_RIPE_NET = "admin@ripe.net";
+    private static final CertificationUserId USER_ID = new CertificationUserId(UUID.randomUUID());
+
+    @Autowired
+    private EmailSender emailSender;
+
+    @Autowired
+    private RoaAlertConfigurationRepository roaAlertConfigurationRepository;
+
+    @Autowired
+    private CertificateAuthorityRepository certificateAuthorityRepository;
+
+    @MockBean
+    private InternalNamePresenter internalNamePresenter;
+
+    private RoaNotificationService roaNotificationService;
+
+    private HostedCertificateAuthority childCa;
+
+    @Before
+    @Override
+    public void setupTest() {
+        clearDatabase();
+        var parent = createInitialisedProdCaWithRipeResources();
+        certificateAuthorityRepository.add(parent);
+        childCa = new HostedCertificateAuthority(HOSTED_CA_ID, CHILD_CA_NAME, UUID.randomUUID(), parent);
+        certificateAuthorityRepository.add(childCa);
+        when(internalNamePresenter.humanizeCaName(CHILD_CA_NAME)).thenReturn("Better name");
+        when(internalNamePresenter.humanizeUserPrincipal(USER_ID.getId().toString())).thenReturn(ADMIN_RIPE_NET);
+        roaNotificationService = new RoaNotificationService(roaAlertConfigurationRepository, emailSender, internalNamePresenter);
+    }
+
+    @Test
+    public void testNotifyNobodyBasedOnFlag() {
+        RoaAlertConfiguration r = new RoaAlertConfiguration(childCa, "bad@ripe.net", List.of(RouteValidityState.UNKNOWN), RoaAlertFrequency.WEEKLY);
+        r.setNotifyOnRoaChanges(false);
+        roaAlertConfigurationRepository.add(r);
+        var messages = roaNotificationService.notifyAboutRoaChanges(childCa, USER_ID, Collections.emptyList(), Collections.emptyList());
+        assertEquals(0, messages.size());
+    }
+
+    @Test
+    public void testNoNotifyIfNothingChanges() {
+        var email = "bad@ripe.net";
+        RoaAlertConfiguration r = new RoaAlertConfiguration(childCa, email, List.of(RouteValidityState.UNKNOWN), RoaAlertFrequency.WEEKLY);
+        r.setNotifyOnRoaChanges(true);
+        roaAlertConfigurationRepository.add(r);
+        var messages = roaNotificationService.notifyAboutRoaChanges(childCa, USER_ID, Collections.emptyList(), Collections.emptyList());
+        assertEquals(0, messages.size());
+    }
+
+    @Test
+    public void testNotifyRoas() {
+        var email = "bad@ripe.net";
+        RoaAlertConfiguration r = new RoaAlertConfiguration(childCa, email, List.of(RouteValidityState.UNKNOWN), RoaAlertFrequency.WEEKLY);
+        r.setNotifyOnRoaChanges(true);
+        roaAlertConfigurationRepository.add(r);
+
+        var now = Instant.now();
+        var roa1 = new RoaConfigurationPrefix(Asn.parse("AS64396"), IpRange.parse("192.0.2.0/24"), null, now);
+        var roa2 = new RoaConfigurationPrefix(Asn.parse("AS64397"), IpRange.parse("198.51.100.0/24"), 32, now);
+        var roa3 = new RoaConfigurationPrefix(Asn.parse("AS123"), IpRange.parse("fd00:550:ffff:ffff:ffff:ffff:ffff:ffff/128"), 128, now);
+
+        var messages = roaNotificationService.notifyAboutRoaChanges(childCa, USER_ID, List.of(roa1, roa3), List.of(roa2));
+        assertEquals(1, messages.size());
+
+        var message = messages.iterator().next();
+        assertTrue(message.body().contains("123       fd00:550:ffff:ffff:ffff:ffff:ffff:ffff/128        128         A"));
+        assertTrue(message.body().contains("64396     192.0.2.0/24                                      24          A"));
+        assertTrue(message.body().contains("64397     198.51.100.0/24                                   32          D"));
+        assertTrue(message.body().contains(
+                "This is an automated email to inform you that user admin@ripe.net made changes\n" +
+                        "to one or more ROAs for your organisation Better name."));
+    }
+
+}
\ No newline at end of file
diff --git a/src/test/java/net/ripe/rpki/services/impl/email/EmailSenderBeanTest.java b/src/test/java/net/ripe/rpki/services/impl/email/EmailSenderBeanTest.java
index 1e71d30..e115d10 100644
--- a/src/test/java/net/ripe/rpki/services/impl/email/EmailSenderBeanTest.java
+++ b/src/test/java/net/ripe/rpki/services/impl/email/EmailSenderBeanTest.java
@@ -99,7 +99,7 @@ private Map<String, Object> variablesFor(EmailSender.EmailTemplates template) {
             );
             var configuration = new RoaAlertConfigurationData(
                     ca,
-                    new RoaAlertSubscriptionData("user@example.org", List.of(RouteValidityState.values()), RoaAlertFrequency.DAILY)
+                    new RoaAlertSubscriptionData("user@example.org", List.of(RouteValidityState.values()), RoaAlertFrequency.DAILY, false)
             );
             return Map.of(
                     "humanizedCaName", RandomStringUtils.randomAlphabetic(12),
diff --git a/src/test/java/net/ripe/rpki/services/impl/email/EmailTemplatesTest.java b/src/test/java/net/ripe/rpki/services/impl/email/EmailTemplatesTest.java
index 5606885..a57116a 100644
--- a/src/test/java/net/ripe/rpki/services/impl/email/EmailTemplatesTest.java
+++ b/src/test/java/net/ripe/rpki/services/impl/email/EmailTemplatesTest.java
@@ -18,6 +18,7 @@ public void setUp() {
         templateEngine = new TemplateEngine();
         templateEngine.addTemplateResolver(EmailSenderBean.textTemplateResolver());
     }
+
     @Test
     public void testTemplateForSyntacticValdidity() {
         // Add required variables (i.e. those that are dereferenced) here
diff --git a/src/test/java/net/ripe/rpki/services/impl/handlers/SubscribeToRoaAlertCommandHandlerTest.java b/src/test/java/net/ripe/rpki/services/impl/handlers/SubscribeToRoaAlertCommandHandlerTest.java
index 322fa15..5c13fcb 100644
--- a/src/test/java/net/ripe/rpki/services/impl/handlers/SubscribeToRoaAlertCommandHandlerTest.java
+++ b/src/test/java/net/ripe/rpki/services/impl/handlers/SubscribeToRoaAlertCommandHandlerTest.java
@@ -17,7 +17,10 @@
 import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 
-import java.util.*;
+import java.util.Collection;
+import java.util.EnumSet;
+import java.util.List;
+import java.util.Map;
 
 import static org.junit.Assert.*;
 import static org.mockito.Mockito.*;
@@ -45,6 +48,8 @@ public class SubscribeToRoaAlertCommandHandlerTest {
 
     private ArgumentCaptor<RoaAlertConfiguration> alertCapture;
 
+    private ArgumentCaptor<Map<String, Object>> parametersCapture;
+
     private SubscribeToRoaAlertCommandHandler subject;
 
     @Before
@@ -52,6 +57,7 @@ public void setUp() {
         certificateAuthority = TestObjects.createInitialisedProdCaWithRipeResources();
         emailCapture = ArgumentCaptor.forClass(String.class);
         alertCapture = ArgumentCaptor.forClass(RoaAlertConfiguration.class);
+        parametersCapture = ArgumentCaptor.captor();
 
         subject = new SubscribeToRoaAlertCommandHandler(certificateAuthorityRepository, repository, emailSender);
     }
@@ -70,13 +76,68 @@ public void shouldCreateRoaAlertSubscriptionAndSendConfirmationEmail() {
 
         subject.handle(new SubscribeToRoaAlertCommand(TEST_VERSIONED_CA_ID, email,
                 EnumSet.of(RouteValidityState.INVALID_ASN, RouteValidityState.INVALID_LENGTH,
-                        RouteValidityState.UNKNOWN), RoaAlertFrequency.WEEKLY));
+                        RouteValidityState.UNKNOWN), RoaAlertFrequency.WEEKLY, true));
 
         verify(repository).add(alertCapture.capture());
         verify(emailSender).sendEmail(emailCapture.capture(), isA(String.class),
-                eq(EmailSender.EmailTemplates.ROA_ALERT_SUBSCRIBE_CONFIRMATION_WEEKLY), isA(Map.class), isA(String.class));
+                eq(EmailSender.EmailTemplates.ROA_ALERT_SUBSCRIBE_CONFIRMATION_WEEKLY),
+                parametersCapture.capture(),
+                isA(String.class));
         assertEquals(RoaAlertFrequency.WEEKLY, alertCapture.getValue().getFrequency());
+        assertTrue(alertCapture.getValue().isNotifyOnRoaChanges());
+        assertEquals(email, emailCapture.getValue());
+        assertEquals("", parametersCapture.getValue().get("roaChangeSubscription"));
+    }
+
+    @Test
+    public void shouldCreateRoaAlertSubscriptionAndSendConfirmationEmailWithROAChangesUnsubscribed() {
+        final String email = "joe@example.com";
+        final String email2 = "festeban@ripe.net";
+        when(certificateAuthorityRepository.findManagedCa(TEST_CA_ID)).thenReturn(certificateAuthority);
+
+        RoaAlertConfiguration configuration = new RoaAlertConfiguration(certificateAuthority, email2,
+                EnumSet.of(RouteValidityState.INVALID_ASN), RoaAlertFrequency.DAILY);
+        configuration.setNotifyOnRoaChanges(true);
+
+        when(repository.findByCertificateAuthorityIdOrNull(TEST_CA_ID)).thenReturn(configuration);
+
+        subject.handle(new SubscribeToRoaAlertCommand(TEST_VERSIONED_CA_ID, email,
+                EnumSet.of(RouteValidityState.INVALID_ASN, RouteValidityState.INVALID_LENGTH,
+                        RouteValidityState.UNKNOWN), RoaAlertFrequency.WEEKLY, false));
+
+        verify(emailSender).sendEmail(emailCapture.capture(), isA(String.class),
+                eq(EmailSender.EmailTemplates.ROA_ALERT_SUBSCRIBE_CONFIRMATION_WEEKLY),
+                parametersCapture.capture(),
+                isA(String.class));
+
+        assertEquals(email, emailCapture.getValue());
+        assertEquals("", parametersCapture.getValue().get("roaChangeSubscription"));
+    }
+
+    @Test
+    public void shouldCreateRoaAlertSubscriptionAndSendConfirmationEmailWithROAChangesSubscribed() {
+        final String email = "joe@example.com";
+        final String email2 = "festeban@ripe.net";
+        when(certificateAuthorityRepository.findManagedCa(TEST_CA_ID)).thenReturn(certificateAuthority);
+
+        RoaAlertConfiguration configuration = new RoaAlertConfiguration(certificateAuthority, email2,
+                EnumSet.of(RouteValidityState.INVALID_ASN), RoaAlertFrequency.DAILY);
+        configuration.setNotifyOnRoaChanges(false);
+
+        when(repository.findByCertificateAuthorityIdOrNull(TEST_CA_ID)).thenReturn(configuration);
+
+        subject.handle(new SubscribeToRoaAlertCommand(TEST_VERSIONED_CA_ID, email,
+                EnumSet.of(RouteValidityState.INVALID_ASN, RouteValidityState.INVALID_LENGTH,
+                        RouteValidityState.UNKNOWN), RoaAlertFrequency.WEEKLY, true));
+
+        verify(emailSender).sendEmail(emailCapture.capture(), isA(String.class),
+                eq(EmailSender.EmailTemplates.ROA_ALERT_SUBSCRIBE_CONFIRMATION_WEEKLY),
+                parametersCapture.capture(),
+                isA(String.class));
+
         assertEquals(email, emailCapture.getValue());
+        assertEquals("Also you are subscribed to alerts about ROA changes.",
+                parametersCapture.getValue().get("roaChangeSubscription"));
     }
 
     @SuppressWarnings("unchecked")
@@ -88,7 +149,6 @@ public void shouldUpdateRoaAlertSubscriptionAndNotSendConfirmationEmail() {
         RoaAlertConfiguration configuration = new RoaAlertConfiguration(certificateAuthority, email,
                 oldValidityStates, RoaAlertFrequency.DAILY);
 
-//        when(certificateAuthorityRepository.findHostedCa(TEST_CA_ID)).thenReturn(certificateAuthority);
         when(repository.findByCertificateAuthorityIdOrNull(TEST_CA_ID)).thenReturn(configuration);
 
         subject.handle(new SubscribeToRoaAlertCommand(TEST_VERSIONED_CA_ID, email, newValidityStates));
@@ -108,7 +168,8 @@ public void shouldUpdateRoaAlertSubscriptionAndSendConfirmationEmails() {
 
         when(repository.findByCertificateAuthorityIdOrNull(TEST_CA_ID)).thenReturn(configuration);
 
-        subject.handle(new SubscribeToRoaAlertCommand(TEST_VERSIONED_CA_ID, newEmail, EnumSet.of(RouteValidityState.INVALID_ASN, RouteValidityState.INVALID_LENGTH)));
+        subject.handle(new SubscribeToRoaAlertCommand(TEST_VERSIONED_CA_ID, newEmail,
+                EnumSet.of(RouteValidityState.INVALID_ASN, RouteValidityState.INVALID_LENGTH)));
 
         verify(emailSender, times(1)).sendEmail(eq(newEmail),
                 eq(EmailSender.EmailTemplates.ROA_ALERT_SUBSCRIBE_CONFIRMATION_DAILY.templateSubject),
diff --git a/src/test/java/net/ripe/rpki/services/impl/handlers/UnsubscribeFromRoaAlertCommandHandlerTest.java b/src/test/java/net/ripe/rpki/services/impl/handlers/UnsubscribeFromRoaAlertCommandHandlerTest.java
index 9480d59..9c12243 100644
--- a/src/test/java/net/ripe/rpki/services/impl/handlers/UnsubscribeFromRoaAlertCommandHandlerTest.java
+++ b/src/test/java/net/ripe/rpki/services/impl/handlers/UnsubscribeFromRoaAlertCommandHandlerTest.java
@@ -68,7 +68,7 @@ public void shouldUpdateRoaSpecificationAndSendConfirmationEmail() {
                         RouteValidityState.UNKNOWN), RoaAlertFrequency.DAILY);
         when(repository.findByCertificateAuthorityIdOrNull(TEST_CA_ID)).thenReturn(configuration);
 
-        subject.handle(new UnsubscribeFromRoaAlertCommand(TEST_VERSIONED_CA_ID, email));
+        subject.handle(new UnsubscribeFromRoaAlertCommand(TEST_VERSIONED_CA_ID, email, false));
 
         verify(emailSender).sendEmail(emailCapture.capture(),
                 eq(EmailSender.EmailTemplates.ROA_ALERT_UNSUBSCRIBE.templateSubject),
diff --git a/src/test/java/net/ripe/rpki/services/impl/handlers/UpdateRoaConfigurationCommandHandlerTest.java b/src/test/java/net/ripe/rpki/services/impl/handlers/UpdateRoaConfigurationCommandHandlerTest.java
index 4d71766..5d8001a 100644
--- a/src/test/java/net/ripe/rpki/services/impl/handlers/UpdateRoaConfigurationCommandHandlerTest.java
+++ b/src/test/java/net/ripe/rpki/services/impl/handlers/UpdateRoaConfigurationCommandHandlerTest.java
@@ -14,6 +14,7 @@
 import net.ripe.rpki.server.api.services.command.NotHolderOfResourcesException;
 import net.ripe.rpki.server.api.services.command.PrivateAsnsUsedException;
 import net.ripe.rpki.services.impl.background.RoaMetricsService;
+import net.ripe.rpki.services.impl.background.RoaNotificationService;
 import org.junit.Before;
 import org.junit.Test;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -22,11 +23,10 @@
 import java.util.Collections;
 import java.util.Optional;
 
+import static net.ripe.rpki.server.api.security.RunAsUser.ADMIN;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.mockito.Mockito.*;
 
 @Transactional
 @Commit // don't rollback, we want all constrains to be checked
@@ -39,7 +39,6 @@ public class UpdateRoaConfigurationCommandHandlerTest extends CertificationDomai
 
     private static final IpRange PREFIX1 = IpRange.parse("10.0.0.0/8");
     private static final IpRange PREFIX2 = IpRange.parse("172.16.0.0/12");
-    private static final IpRange PREFIX3 = IpRange.parse("192.168.0.0/16");
 
     private ManagedCertificateAuthority certificateAuthority;
 
@@ -55,8 +54,9 @@ public void setUp() {
         clearDatabase();
         certificateAuthority = createInitialisedProdCaWithRipeResources();
         roaMetricsService = mock(RoaMetricsService.class);
+        var roaNotificationService = mock(RoaNotificationService.class);
         subject = new UpdateRoaConfigurationCommandHandler(certificateAuthorityRepository,
-                roaConfigurationRepository, PRIVATE_ASNS, roaMetricsService);
+                roaConfigurationRepository, PRIVATE_ASNS, roaMetricsService, roaNotificationService);
     }
 
     @Test
@@ -66,7 +66,7 @@ public void should_add_new_additions() {
             certificateAuthority.getVersionedId(),
             Optional.of(configuration.convertToData().entityTag()),
             Collections.singletonList(new RoaConfigurationPrefixData(ASN, PREFIX1, null)),
-            Collections.emptyList()));
+            Collections.emptyList(), ADMIN.getCertificationUserId()));
 
         var config = roaConfigurationRepository.getOrCreateByCertificateAuthority(certificateAuthority);
         assertThat(config.getPrefixes()).hasSize(1);
@@ -85,8 +85,8 @@ public void should_reject_if_etag_does_not_match_current_configuration() {
             certificateAuthority.getVersionedId(),
             Optional.of("bad-etag"),
             Collections.singletonList(new RoaConfigurationPrefixData(ASN, PREFIX1, null)),
-            Collections.emptyList()
-        );
+            Collections.emptyList(),
+            ADMIN.getCertificationUserId());
         assertThatThrownBy(() -> subject.handle(command)).isInstanceOf(EntityTagDoesNotMatchException.class);
     }
 
@@ -97,7 +97,8 @@ public void should_reject_new_additions_of_private_ASN() {
             certificateAuthority.getVersionedId(),
         Optional.empty(),
             Collections.singletonList(new RoaConfigurationPrefixData(PRIVATE_ASN, PREFIX1, null)),
-            Collections.emptyList()));
+            Collections.emptyList(),
+            ADMIN.getCertificationUserId()));
         verifyNoMoreInteractions(roaMetricsService);
     }
 
@@ -107,8 +108,8 @@ public void should_reject_uncertified_prefixes() {
             certificateAuthority.getVersionedId(),
             Optional.empty(),
             Collections.singletonList(new RoaConfigurationPrefixData(ASN, IpRange.parse("1.0.0.0/8"), null)),
-            Collections.emptyList()
-        );
+            Collections.emptyList(),
+            ADMIN.getCertificationUserId());
         assertThatThrownBy(() -> subject.handle(command)).isInstanceOf(NotHolderOfResourcesException.class);
     }
 
@@ -121,7 +122,7 @@ public void should_remove_deletions() {
             certificateAuthority.getVersionedId(),
             Optional.empty(),
             Collections.emptyList(),
-            Collections.singletonList(new RoaConfigurationPrefixData(ASN, PREFIX1, null))));
+            Collections.singletonList(new RoaConfigurationPrefixData(ASN, PREFIX1, null)), ADMIN.getCertificationUserId()));
 
         var config = roaConfigurationRepository.getOrCreateByCertificateAuthority(certificateAuthority);
         assertThat(config.getPrefixes()).isEmpty();
@@ -138,7 +139,7 @@ public void should_notify_roa_entity_service_on_configuration_change() {
             certificateAuthority.getVersionedId(),
             Optional.empty(),
             Collections.emptyList(),
-            Collections.emptyList()));
+            Collections.emptyList(), ADMIN.getCertificationUserId()));
 
         assertThat(certificateAuthority.isConfigurationCheckNeeded()).isTrue();
     }
@@ -150,13 +151,13 @@ public void should_replace_roa_prefix() {
                 certificateAuthority.getVersionedId(),
                 Optional.of(configuration.convertToData().entityTag()),
                 Collections.singletonList(new RoaConfigurationPrefixData(ASN, PREFIX1, null)),
-                Collections.emptyList()));
+                Collections.emptyList(), ADMIN.getCertificationUserId()));
 
         subject.handle(new UpdateRoaConfigurationCommand(
                 certificateAuthority.getVersionedId(),
                 Optional.of(roaConfigurationRepository.getOrCreateByCertificateAuthority(certificateAuthority).convertToData().entityTag()),
                 Collections.singletonList(new RoaConfigurationPrefixData(ASN, PREFIX2, null)),
-                Collections.singletonList(new RoaConfigurationPrefixData(ASN, PREFIX1, null))));
+                Collections.singletonList(new RoaConfigurationPrefixData(ASN, PREFIX1, null)), ADMIN.getCertificationUserId()));
 
         var config = roaConfigurationRepository.getOrCreateByCertificateAuthority(certificateAuthority);
         assertThat(config.getPrefixes()).hasSize(1);
@@ -174,13 +175,13 @@ public void should_replace_roa_max_len() {
                 certificateAuthority.getVersionedId(),
                 Optional.of(configuration.convertToData().entityTag()),
                 Collections.singletonList(new RoaConfigurationPrefixData(ASN, PREFIX1, null)),
-                Collections.emptyList()));
+                Collections.emptyList(), ADMIN.getCertificationUserId()));
 
         subject.handle(new UpdateRoaConfigurationCommand(
                 certificateAuthority.getVersionedId(),
                 Optional.of(roaConfigurationRepository.getOrCreateByCertificateAuthority(certificateAuthority).convertToData().entityTag()),
                 Collections.singletonList(new RoaConfigurationPrefixData(ASN, PREFIX1, 17)),
-                Collections.singletonList(new RoaConfigurationPrefixData(ASN, PREFIX1, null))));
+                Collections.singletonList(new RoaConfigurationPrefixData(ASN, PREFIX1, null)), ADMIN.getCertificationUserId()));
 
         var config = roaConfigurationRepository.getOrCreateByCertificateAuthority(certificateAuthority);
         assertThat(config.getPrefixes()).hasSize(1);
diff --git a/src/test/java/net/ripe/rpki/services/impl/jpa/JpaResourceCertificateRepositoryTest.java b/src/test/java/net/ripe/rpki/services/impl/jpa/JpaResourceCertificateRepositoryTest.java
index 54f33af..ae4596f 100644
--- a/src/test/java/net/ripe/rpki/services/impl/jpa/JpaResourceCertificateRepositoryTest.java
+++ b/src/test/java/net/ripe/rpki/services/impl/jpa/JpaResourceCertificateRepositoryTest.java
@@ -1,5 +1,7 @@
 package net.ripe.rpki.services.impl.jpa;
 
+import jakarta.inject.Inject;
+import jakarta.transaction.Transactional;
 import net.ripe.ipresource.Asn;
 import net.ripe.ipresource.ImmutableResourceSet;
 import net.ripe.ipresource.IpRange;
@@ -17,9 +19,7 @@
 import org.junit.Before;
 import org.junit.Test;
 
-import jakarta.inject.Inject;
 import javax.security.auth.x500.X500Principal;
-import jakarta.transaction.Transactional;
 import java.util.Collections;
 import java.util.Map;
 import java.util.Optional;
@@ -27,6 +27,7 @@
 import static net.ripe.rpki.commons.crypto.util.KeyPairFactoryTest.TEST_KEY_PAIR;
 import static net.ripe.rpki.domain.TestObjects.PRODUCTION_CA_NAME;
 import static net.ripe.rpki.domain.TestObjects.PRODUCTION_CA_RESOURCES;
+import static net.ripe.rpki.server.api.security.RunAsUser.ADMIN;
 import static org.assertj.core.api.Assertions.assertThat;
 
 public class JpaResourceCertificateRepositoryTest extends CertificationDomainTestCase {
@@ -63,7 +64,7 @@ public void outgoing_resource_certificate_should_change_to_expired_after_not_val
             ca.getVersionedId(),
             Optional.empty(),
             Collections.singleton(new RoaConfigurationPrefixData(Asn.parse("AS3333"), IpRange.parse("10.0.0.0/8"), null)),
-            Collections.emptyList()));
+            Collections.emptyList(), ADMIN.getCertificationUserId()));
         commandService.execute(new IssueUpdatedManifestAndCrlCommand(ca.getVersionedId()));
 
         // CA certificate, EE certificate for ROA, EE certificate for manifest