<?xml version='1.0'encoding='utf-8'?>encoding='UTF-8'?> <!DOCTYPE rfc [ <!ENTITY nbsp " "> <!ENTITY zwsp "​"> <!ENTITY nbhy "‑"> <!ENTITY wj "⁠"> ]><?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> <!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.29 (Ruby 3.4.4) --><rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-lamps-cms-ml-dsa-07" number="9882" xml:lang="en" updates="" obsoletes="" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3"><!-- xml2rfc v2v3 conversion 3.30.2 --><front> <title abbrev="ML-DSA in the CMS">Use of the ML-DSA Signature Algorithm in the Cryptographic Message Syntax (CMS)</title> <seriesInfoname="Internet-Draft" value="draft-ietf-lamps-cms-ml-dsa-07"/>name="RFC" value="9882"/> <author fullname="Ben Salter"> <organization>UK National Cyber Security Centre</organization> <address> <email>ben.s3@ncsc.gov.uk</email> </address> </author> <author fullname="Adam Raine"> <organization>UK National Cyber Security Centre</organization> <address> <email>adam.r@ncsc.gov.uk</email> </address> </author> <author initials="D." surname="Van Geest" fullname="Daniel Van Geest"> <organization>CryptoNext Security</organization> <address> <email>daniel.vangeest@cryptonext-security.com</email> </address> </author> <date year="2025"month="October" day="02"/> <area>Security</area> <workgroup>Limited Additional Mechanisms for PKIX and SMIME</workgroup>month="October"/> <area>SEC</area> <workgroup>lamps</workgroup> <keyword>cms</keyword> <keyword>ml-dsa</keyword> <keyword>dilithium</keyword> <abstract><?line 94?><t>The Module-Lattice-Based Digital Signature Algorithm (ML-DSA), as defined by NIST in FIPS 204, is a post-quantum digital signature scheme that aims to be secure against an adversary in possession of a Cryptographically Relevant Quantum Computer (CRQC). This document specifies the conventions for using the ML-DSA signature algorithm with the Cryptographic Message Syntax (CMS). In addition, the algorithm identifier and public key syntax are provided.</t> </abstract> <note removeInRFC="true"> <name>About This Document</name> <t> The latest revision of this draft can be found at <eref target="https://lamps-wg.github.io/cms-ml-dsa/draft-ietf-lamps-cms-ml-dsa.html"/>. Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-ml-dsa/"/>. </t> <t> Discussion of this document takes place on the Limited Additional Mechanisms for PKIX and SMIME Working Group mailing list (<eref target="mailto:spasm@ietf.org"/>), which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/spasm/"/>. Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/spasm/"/>. </t> <t>Source for this draft and an issue tracker can be found at <eref target="https://github.com/lamps-wg/cms-ml-dsa"/>.</t> </note> </front> <middle> <?line 101?> <section anchor="introduction"> <name>Introduction</name> <!-- [rfced] We note that "traditional" is in quotes, but please consider whether it should be updated for clarity. The term is ambiguous; "tradition" is a subjective term because it is not the same for everyone. Original: It is intended to be secure against both "traditional" cryptographic attacks, as well as attacks utilising a quantum computer. --> <t>The Module-Lattice-Based Digital Signature Algorithm (ML-DSA) is a digital signature algorithm standardised by the US National Institute of Standards and Technology (NIST) as part of their post-quantum cryptography standardisation process. It is intended to be secure against both "traditional" cryptographic attacks, as well as attacks utilising a quantum computer. It offers smaller signatures and significantly faster runtimes than SLH-DSA <xref target="FIPS205"/>, an alternative post-quantum signature algorithm also standardised by NIST. This document specifies the use of the ML-DSA in the CMS at three security levels: ML-DSA-44, ML-DSA-65, and ML-DSA-87. See <xref section="B" sectionFormat="of"target="I-D.ietf-lamps-dilithium-certificates"/>target="RFC9881"/> for more information on the security levels and key sizes of ML-DSA.</t> <t>Prior to standardisation, ML-DSA was known as Dilithium. ML-DSA and Dilithium are not compatible.</t> <t>For each of the ML-DSA parameter sets, an algorithm identifier OID has been specified.</t> <t><xref target="FIPS204"/> also specifies a pre-hashed variant of ML-DSA, called HashML-DSA. Use of HashML-DSA in the CMS is not specified in this document. See <xref target="pure-vs-pre-hash"/> for more details.</t> <section anchor="conventions-and-definitions"> <name>Conventions and Definitions</name><t>The<t> The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described inBCP 14BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shownhere.</t> <?line -18?>here. </t> </section> </section> <section anchor="ml-dsa-algorithm-identifiers"> <name>ML-DSA Algorithm Identifiers</name> <t>Many ASN.1 data structure types use the AlgorithmIdentifier type to identify cryptographic algorithms. In the CMS, AlgorithmIdentifiers are used to identify ML-DSA signatures in the signed-data content type. They may also appear in X.509 certificates used to verify those signatures. The same AlgorithmIdentifiers are used to identify ML-DSA public keys and signature algorithms. <xreftarget="I-D.ietf-lamps-dilithium-certificates"/>target="RFC9881"/> describes the use of ML-DSA in X.509 certificates. The AlgorithmIdentifier type is defined as follows:</t> <sourcecode type="asn.1"><![CDATA[ AlgorithmIdentifier{ALGORITHM-TYPE, ALGORITHM-TYPE:AlgorithmSet} ::= SEQUENCE { algorithm ALGORITHM-TYPE.&id({AlgorithmSet}), parameters ALGORITHM-TYPE. &Params({AlgorithmSet}{@algorithm}) OPTIONAL } ]]></sourcecode> <aside> <t>NOTE: The above syntax is from <xref target="RFC5911"/> and is compatible with the 2021 ASN.1 syntax <xref target="X680"/>. See <xref target="RFC5280"/> for the 1988 ASN.1 syntax.</t> </aside> <t>The fields in the AlgorithmIdentifier type have the following meanings:</t> <dl> <dt>algorithm:</dt> <dd> <t>The algorithm field contains an OID that identifies the cryptographic algorithm in use. The OIDs for ML-DSA are described below.</t> </dd> <dt>parameters:</dt> <dd> <t>The parameters field contains parameter information for the algorithm identified by the OID in the algorithm field. Each ML-DSA parameter set is identified by its own algorithm OID, so there is no relevant information to include in this field. As such, parameters <bcp14>MUST</bcp14> be omitted when encoding an ML-DSA AlgorithmIdentifier.</t> </dd> </dl> <t>The object identifiers for ML-DSA are defined in the NIST Computer Security Objects Register <xref target="CSOR"/>, and are reproduced here for convenience.</t> <sourcecode type="asn.1"><![CDATA[ sigAlgs OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) 3 } id-ml-dsa-44 OBJECT IDENTIFIER ::= { sigAlgs 17 } id-ml-dsa-65 OBJECT IDENTIFIER ::= { sigAlgs 18 } id-ml-dsa-87 OBJECT IDENTIFIER ::= { sigAlgs 19 } ]]></sourcecode> </section> <section anchor="signed-data-conventions"><name>Signed-data<name>Signed-Data Conventions</name> <section anchor="pure-vs-pre-hash"> <name>Puremode vs pre-hash mode</name>Mode Versus Pre-Hash Mode</name> <t><xref target="RFC5652"/> specifies that digital signatures for CMS are produced using a digest of the message to besigned,signed and the signer's private key. At the timeof publication of that RFC,RFC 5652 was published, all signature algorithms supported in the CMS required a message digest to be calculated externally to that algorithm, which would then be supplied to the algorithm implementation when calculating and verifying signatures. Since then, EdDSA <xref target="RFC8032"/>, SLH-DSA <xref target="FIPS205"/> and ML-DSA have also been standardised, and these algorithms support both a "pure" and "pre-hash" mode. In the pre-hash mode, a message digest (the "pre-hash") is calculated separately and supplied to the signature algorithm as described above. In the pure mode, the message to be signed or verified is instead supplied directly to the signature algorithm. When EdDSA <xref target="RFC8419"/> and SLH-DSA <xreftarget="I-D.ietf-lamps-cms-sphincs-plus"/>target="RFC9814"/> are used with CMS, only the pure mode of those algorithms is specified. This is because in most situations, CMS signatures are computed over a set of signed attributes that contain a hash of the content, rather than being computed over the message content itself. Since signed attributes are typically small, use of pre-hash modes in the CMS wouldn't significantly reduce the size of the data to be signed, and hence offers no benefit. This document follows that convention and does not specify the use of ML-DSA's pre-hash mode ("HashML-DSA") in the CMS.</t> </section> <section anchor="signature-generation-and-verification"> <name>SignaturegenerationGeneration andverification</name>Verification</name> <t><xref target="RFC5652"/> describes the two methods that are used to calculate and verify signatures in the CMS. One method is used when signed attributes are present in the signedAttrs field of the relevant SignerInfo, and another is used when signed attributes are absent. Each method produces a different "message digest" to be supplied to the signature algorithm in question, but because the pure mode of ML-DSA is used, the "message digest" is in fact the entire message. Use of signed attributes is preferred, but the conventions for signed-data without signed attributes is also described below for completeness.</t> <t>When signed attributes are absent, ML-DSA (pure mode) signatures are computed over the content of the signed-data. As described in <xref section="5.4" sectionFormat="of" target="RFC5652"/>, the "content" of a signed-data is the value of the encapContentInfo eContent OCTET STRING. The tag and length octets are not included.</t> <t>When signed attributes are included, ML-DSA (pure mode) signatures are computed over the complete DER encoding of the SignedAttrs value contained in the SignerInfo's signedAttrs field. As described in <xref section="5.4" sectionFormat="of" target="RFC5652"/>, this encoding includes the tag and length octets, but an EXPLICIT SET OF tag is used rather than the IMPLICIT [0] tag that appears in the final message.TheAt a minimum, the signedAttrs field <bcp14>MUST</bcp14>at minimuminclude a content-type attribute and a message-digest attribute. The message-digest attribute contains a hash of the content of the signed-data, where the content is as described for the absent signed attributes case above. Recalculation of the hash value by the recipient is an important step in signature verification.</t> <t><xref section="4" sectionFormat="of"target="I-D.ietf-lamps-cms-sphincs-plus"/>target="RFC9814"/> describes how, when the content of a signed-data is large, performance may be improved by including signed attributes. This is as true for ML-DSA as it is for SLH-DSA, although ML-DSA signature generation and verification is significantly faster than SLH-DSA.</t> <t>ML-DSA has a context string input that can be used to ensure that different signatures are generated for different application contexts. When using ML-DSA as specified in this document, the context string is set to the empty string.</t> </section> <section anchor="signerinfo-content"> <name>SignerInfocontent</name>Content</name> <t>When using ML-DSA, the fields of a SignerInfo are used as follows:</t> <dl> <dt>digestAlgorithm:</dt> <dd> <t>Per <xref section="5.3" sectionFormat="of" target="RFC5652"/>, the digestAlgorithm field identifies the message digest algorithm used by thesigner,signer and any associated parameters. Each ML-DSA parameter set has a collision strength parameter, represented by theλ (lambda)<u>λ</u> symbol in <xref target="FIPS204"/>. When signers utilise signed attributes, their choice of digest algorithm may impact the overall security level of their signature. Selecting a digest algorithm that offers λ bits of security strength against second preimage attacks and collision attacks is sufficient to meet the security level offered by a given parameter set, so long as the digest algorithm produces at least 2 * λ bits of output. The overall security strength offered by an ML-DSA signature calculated over signed attributes is the floor of the digest algorithm's strength and is the strength of the ML-DSA parameter set. Verifiers <bcp14>MAY</bcp14> reject a signature if the signer's choice of digest algorithm does not meet the security requirements of their choice of ML-DSA parameter set. <xref target="ml-dsa-digest-algs"/> shows appropriate SHA-2 and SHA-3 digest algorithms for each parameter set.</t></dd> <dt/> <dd><t>SHA-512 <xref target="FIPS180"/> <bcp14>MUST</bcp14> be supported for use with the variants of ML-DSA in this document. SHA-512 is suitable for all ML-DSA parameter sets and provides an interoperable option for legacy CMS implementations that wish to migrate to use post-quantum cryptography, but that may not support use of SHA-3 derivatives at the CMS layer. However, other hash functions <bcp14>MAY</bcp14> also be supported; in particular, SHAKE256 <bcp14>SHOULD</bcp14> be supported, as this is the digest algorithm used internally in ML-DSA. When SHA-512 is used, the id-sha512 <xref target="RFC5754"/> digest algorithm identifier is used and the parameters field <bcp14>MUST</bcp14> be omitted. When SHAKE256 is used, the id-shake256 <xref target="RFC8702"/> digest algorithm identifier is used and the parameters field <bcp14>MUST</bcp14> be omitted. SHAKE256 produces 512 bits of output when used as a message digest algorithm in the CMS.</t></dd> <dt/> <dd><t>When signing using ML-DSA without including signed attributes, the algorithm specified in the digestAlgorithm field has no meaning, as ML-DSA computes signatures over entire messages rather than externally computed digests. As such, the considerations above and in <xref target="ml-dsa-digest-algs"/> do not apply. Nonetheless, in this case implementations <bcp14>MUST</bcp14> specify SHA-512 as the digestAlgorithm in order to minimise the likelihood of an interoperability failure. When processing a SignerInfo signed using ML-DSA, if no signed attributes are present, implementations <bcp14>MUST</bcp14> ignore the content of the digestAlgorithm field.</t></dd> </dl><table anchor="ml-dsa-digest-algs"> <name>Suitabledigest algorithmsDigest Algorithms for ML-DSA</name> <thead> <tr> <th align="left">Signaturealgorithm</th>Algorithm</th> <th align="left">Digest Algorithms</th> </tr> </thead> <tbody> <tr> <td align="left">ML-DSA-44</td> <td align="left">SHA-256, SHA-384, SHA-512, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256</td> </tr> <tr> <td align="left">ML-DSA-65</td> <td align="left">SHA-384, SHA-512, SHA3-384, SHA3-512, SHAKE256</td> </tr> <tr> <td align="left">ML-DSA-87</td> <td align="left">SHA-512, SHA3-512, SHAKE256</td> </tr> </tbody> </table><dl></dd> <dt>signatureAlgorithm:</dt> <dd> <t>The signatureAlgorithm field <bcp14>MUST</bcp14> contain one of the ML-DSA signature algorithm OIDs, and the parameters field <bcp14>MUST</bcp14> be absent. The algorithm OID <bcp14>MUST</bcp14> be one of the following OIDs described in <xref target="ml-dsa-algorithm-identifiers"/>:</t></dd> </dl><table anchor="tab-oids"> <name>Signaturealgorithm identifierAlgorithm Identifier OIDs for ML-DSA</name> <thead> <tr> <th align="left">Signaturealgorithm</th>Algorithm</th> <th align="left">Algorithm Identifier OID</th> </tr> </thead> <tbody> <tr> <td align="left">ML-DSA-44</td> <td align="left">id-ml-dsa-44</td> </tr> <tr> <td align="left">ML-DSA-65</td> <td align="left">id-ml-dsa-65</td> </tr> <tr> <td align="left">ML-DSA-87</td> <td align="left">id-ml-dsa-87</td> </tr> </tbody> </table><dl></dd> <dt>signature:</dt> <dd> <t>The signature field contains the signature value resulting from the use of the ML-DSA signature algorithm identified by the signatureAlgorithm field. The ML-DSA (pure mode)signature generationsignature-generation operation is specified in Section 5.2 of <xref target="FIPS204"/>, and thesignature verificationsignature-verification operation is specified in Section 5.3 of <xref target="FIPS204"/>. Note that <xref section="5.6" sectionFormat="of" target="RFC5652"/> places further requirements on the successful verification of a signature.</t> </dd> </dl> </section> </section> <section anchor="security-considerations"> <name>Security Considerations</name> <t>The security considerations in <xref target="RFC5652"/> and <xreftarget="I-D.ietf-lamps-dilithium-certificates"/>target="RFC9881"/> apply to this specification.</t> <t>Security of the ML-DSA private key is critical. Compromise of the private key will enable an adversary to forge arbitrary signatures.</t> <!-- [rfced] The following was provided in response to the intake form: This document and draft-ietf-lamps-dilithium-certificates use the same text for one of the security considerations: "ML-DSA depends on high quality random numbers...". That paragraph should be kept the same between both documents. Should the paragraphs be identical? They do not currently match. Please review and let us know how you would like to proceed. Currently in RFC-to-be 9881 <draft-ietf-lamps-dilithium-certificates>: ML-DSA depends on high quality random numbers that are suitable for use in cryptography. The use of inadequate pseudo-random number generators (PRNGs) to generate such values can significantly undermine various security properties. For instance, using an inadequate PRNG for key generation might allow an attacker to efficiently recover the private key by trying a small set of possibilities, rather than brute-force searching the whole keyspace. The generation of random numbers of a sufficient level of quality for use in cryptography is difficult; see Section 3.6.1 of [FIPS204] for some additional information. --> <t>ML-DSA depends on high quality random numbers that are suitable for use in cryptography. The use of inadequate pseudo-random number generators (PRNGs) to generate such values can significantly undermine the security properties offered by a cryptographic algorithm. For instance, an attacker may find it much easier to reproduce the PRNG environment that produced any private keys, searching the resulting small set of possibilities, rather thanbrute forcebrute-force searching the whole key space. The generation of random numbers of a sufficient level of quality for use in cryptography is difficult; see Section 3.6.1 of <xref target="FIPS204"/> for some additional information.</t> <t>By default, ML-DSA signature generation uses randomness from two sources: fresh random data generated during signature generation, and precomputed random data included in the signer's private key. This is referred to as the "hedged" variant of ML-DSA. Inclusion of both sources of random data can help mitigate against faulty random number generators, side-channelattacksattacks, and fault attacks. <xref target="FIPS204"/> also permits creating deterministic signatures using just the precomputed random data in the signer's private key. The same verification algorithm is used to verify both hedged and deterministic signatures, so this choice does not affect interoperability. The signer <bcp14>SHOULD NOT</bcp14> use the deterministic variant of ML-DSA on platforms where side-channel attacks or fault attacks are a concern. Side channel attacks and fault attacks against ML-DSA are an active area of research <xref target="WNGD2023"/> <xref target="KPLG2024"/>. Future protection against these styles of attack may involve interoperable changes to the implementation of ML-DSA's internal functions. Implementers <bcp14>SHOULD</bcp14> consider implementing such protection measures if it would be beneficial for their particular use cases.</t> <t>To avoid algorithm substitution attacks, the CMSAlgorithmProtection attribute defined in <xref target="RFC6211"/> <bcp14>SHOULD</bcp14> be included in signed attributes.</t> </section> <section anchor="operational-considerations"> <name>Operational Considerations</name> <t>If ML-DSA signing is implemented in a hardware device such as the hardware security module (HSM) or portable cryptographic token, implementers might want to avoid sending the full content to the device for performance reasons. By including signed attributes, which necessarilyincludeincludes the message-digest attribute and the content-type attribute as described inSection 5.3 of<xreftarget="RFC5652"/>,target="RFC5652" section="5.3"/>, the much smaller set of signed attributes are sent to the device for signing.</t> <t>Additionally, the pure variant of ML-DSA does support a form of pre-hash via external calculation of theμ (mu)<u>μ</u> "message representative" value described in Section 6.2 of <xref target="FIPS204"/>. This value may "optionally be computed in a different cryptographic module" and supplied to the hardware device, rather than requiring the entire message to be transmitted.Appendix D of<xreftarget="I-D.ietf-lamps-dilithium-certificates"/>section="D" target="RFC9881"/> describes use of external μ calculations in further detail.</t> </section> <section anchor="iana-considerations"> <name>IANA Considerations</name> <t>For the ASN.1 modulefoundin <xref target="asn1"/>, IANAis requested to assign an object identifier forhas assigned themodulefollowing object identifier(TBD1) with a description of "id-mod-ml-dsa-2024". This should be allocatedin the "SMI Security for S/MIME ModuleIdentifier" registry (1.2.840.113549.1.9.16.0).</t> </section> <section anchor="acknowledgments"> <name>Acknowledgments</name> <t>The authors would like to thank the following people for their contributions and reviews that helped shape this document: Viktor Dukhovni, Russ Housley, Panos Kampanakis, Mike Ounsworth, Falko Strenzke, Sean Turner, and Wei-Jun Wang.</t> <t>This document was heavily influenced by <xref target="RFC8419"/>, <xref target="I-D.ietf-lamps-cms-sphincs-plus"/>, and <xref target="I-D.ietf-lamps-dilithium-certificates"/>. Thanks go to the authors of those documents.</t>Identifier (1.2.840.113549.1.9.16.0)" registry:</t> <table anchor="oid"> <thead> <tr> <th>Decimal</th> <th>Description</th> <th>Refernece</th> </tr> </thead> <tbody> <tr> <td>83</td> <td>id-mod-ml-dsa-2024</td> <td>RFC 9882</td> </tr> </tbody> </table> </section> </middle> <back> <references anchor="sec-combined-references"> <name>References</name> <references anchor="sec-normative-references"> <name>Normative References</name> <referenceanchor="FIPS204">anchor="FIPS204" target="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf"> <front><title>Module-lattice-based digital signature standard</title><title>Module-Lattice-Based Digital Signature Standard</title> <author><organization/><organization abbrev="NIST">National Institute of Standards and Technology</organization> </author> <date month="August" year="2024"/> </front> <seriesInfo name="NIST FIPS" value="204"/> <seriesInfo name="DOI"value="10.6028/nist.fips.204"/> <refcontent>National Institute of Standards and Technology (U.S.)</refcontent>value="10.6028/NIST.FIPS.204"/> </reference> <!-- [rfced] [CSOR] FYI: We have updated the date for this reference from 20 August 2024 to 13 June 2025 to match the information provided at the URL. --> <reference anchor="CSOR" target="https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration"> <front> <title>Computer Security ObjectsRegister</title> <author initials="" surname="NIST" fullname="NationalRegister (CSOR)</title> <author> <organization abbrev="NIST">National Institute of Standards andTechnology"> <organization/>Technology</organization> </author> <dateyear="2024" month="August" day="20"/> </front> </reference> <reference anchor="RFC5652"> <front> <title>Cryptographic Message Syntax (CMS)</title> <author fullname="R. Housley" initials="R." surname="Housley"/> <date month="September" year="2009"/> <abstract> <t>This document describes the Cryptographic Message Syntax (CMS). This syntax is used to digitally sign, digest, authenticate, or encrypt arbitrary message content. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="STD" value="70"/> <seriesInfo name="RFC" value="5652"/> <seriesInfo name="DOI" value="10.17487/RFC5652"/> </reference> <reference anchor="RFC2119"> <front> <title>Key words for use in RFCs to Indicate Requirement Levels</title> <author fullname="S. Bradner" initials="S." surname="Bradner"/> <date month="March" year="1997"/> <abstract> <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t> </abstract>year="2025" month="June" day="13"/> </front><seriesInfo name="BCP" value="14"/> <seriesInfo name="RFC" value="2119"/> <seriesInfo name="DOI" value="10.17487/RFC2119"/></reference><reference anchor="RFC8174"> <front> <title>Ambiguity of Uppercase vs Lowercase in<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5652.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <!-- draft-ietf-lamps-dilithium-certificates-12 - RFC2119 Key Words</title> <author fullname="B. Leiba" initials="B." surname="Leiba"/> <date month="May" year="2017"/> <abstract> <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t> </abstract> </front> <seriesInfo name="BCP" value="14"/> <seriesInfo name="RFC" value="8174"/> <seriesInfo name="DOI" value="10.17487/RFC8174"/> </reference>9881 --> <referenceanchor="I-D.ietf-lamps-dilithium-certificates">anchor="RFC9881" target="https://www.rfc-editor.org/info/rfc9881"> <front> <title>Internet X.509 Public Key Infrastructure--- Algorithm Identifiers for the Module-Lattice-Based Digital Signature Algorithm (ML-DSA)</title> <authorfullname="Jake Massimo"initials="J."surname="Massimo">surname="Massimo" fullname="Jake Massimo"> <organization>AWS</organization> </author> <authorfullname="Panos Kampanakis"initials="P."surname="Kampanakis">surname="Kampanakis" fullname="Panos Kampanakis"> <organization>AWS</organization> </author> <authorfullname="Sean Turner"initials="S."surname="Turner">surname="Turner" fullname="Sean Turner"> <organization>sn3rd</organization> </author> <author initials="B. E." surname="Westerbaan" fullname="BasWesterbaan" initials="B." surname="Westerbaan">Westerbaan"> <organization>Cloudflare</organization> </author> <dateday="30" month="September" year="2025"/> <abstract> <t> Digital signatures are used within X.509 certificates, Certificate Revocation Lists (CRLs), and to sign messages. This document specifies the conventions for using FIPS 204, the Module-Lattice- Based Digital Signature Algorithm (ML-DSA) in Internet X.509 certificates and certificate revocation lists. The conventions for the associated signatures, subject public keys, and private key are also described. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-dilithium-certificates-13"/> </reference> <reference anchor="RFC5754"> <front> <title>Using SHA2 Algorithms with Cryptographic Message Syntax</title> <author fullname="S. Turner" initials="S." surname="Turner"/> <date month="January" year="2010"/> <abstract> <t>This document describes the conventions for using the Secure Hash Algorithm (SHA) message digest algorithms (SHA-224, SHA-256, SHA-384, SHA-512) with the Cryptographic Message Syntax (CMS). It also describes the conventions for using these algorithms with the CMS and the Digital Signature Algorithm (DSA), Rivest Shamir Adleman (RSA), and Elliptic Curve DSA (ECDSA) signature algorithms. Further, it provides SMIMECapabilities attribute values for each algorithm. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="5754"/> <seriesInfo name="DOI" value="10.17487/RFC5754"/> </reference> <reference anchor="RFC8702"> <front> <title>Use of the SHAKE One-Way Hash Functions in the Cryptographic Message Syntax (CMS)</title> <author fullname="P. Kampanakis" initials="P." surname="Kampanakis"/> <author fullname="Q. Dang" initials="Q." surname="Dang"/> <date month="January" year="2020"/> <abstract> <t>This document updates the "Cryptographic Message Syntax (CMS) Algorithms" (RFC 3370) and describes the conventions for using the SHAKE family of hash functions in the Cryptographic Message Syntax as one-way hash functions with the RSA Probabilistic Signature Scheme (RSASSA-PSS) and Elliptic Curve Digital Signature Algorithm (ECDSA). The conventions for the associated signer public keys in CMS are also described.</t> </abstract>month='October' year='2025'/> </front> <seriesInfo name="RFC"value="8702"/>value="9881"/> <seriesInfo name="DOI"value="10.17487/RFC8702"/> </reference> <reference anchor="RFC6211"> <front> <title>Cryptographic Message Syntax (CMS) Algorithm Identifier Protection Attribute</title> <author fullname="J. Schaad" initials="J." surname="Schaad"/> <date month="April" year="2011"/> <abstract> <t>The Cryptographic Message Syntax (CMS), unlike X.509/PKIX certificates, is vulnerable to algorithm substitution attacks. In an algorithm substitution attack, the attacker changes either the algorithm being used or the parameters of the algorithm in order to change the result of a signature verification process. In X.509 certificates, the signature algorithm is protected because it is duplicated in the TBSCertificate.signature field with the proviso that the validator is to compare both fields as part of the signature validation process. This document defines a new attribute that contains a copy of the relevant algorithm identifiers so that they are protected by the signature or authentication process. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="6211"/> <seriesInfo name="DOI" value="10.17487/RFC6211"/>value="10.17487/RFC9881"/> </reference> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5754.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8702.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.6211.xml"/> </references> <references anchor="sec-informative-references"> <name>Informative References</name> <referenceanchor="FIPS180">anchor="FIPS180" target="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf"> <front> <title>Securehash standard</title>Hash Standard</title> <author><organization/><organization abbrev="NIST">National Institute of Standards and Technology</organization> </author> <date month="August" year="2015"/> </front> <seriesInfo name="NIST FIPS" value="180-4"/> <seriesInfo name="DOI"value="10.6028/nist.fips.180-4"/> <refcontent>National Institute of Standards and Technology (U.S.)</refcontent>value="10.6028/NIST.FIPS.180-4"/> </reference> <referenceanchor="FIPS205">anchor="FIPS205" target="https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf"> <front> <title>Statelesshash-based digital signature standard</title>Hash-Based Digital Signature Standard</title> <author><organization/> </author> <date month="August" year="2024"/> </front> <seriesInfo name="DOI" value="10.6028/nist.fips.205"/> <refcontent>National<organization abbrev="NIST">National Institute of Standards andTechnology (U.S.)</refcontent> </reference> <reference anchor="RFC5911"> <front> <title>New ASN.1 Modules for Cryptographic Message Syntax (CMS) and S/MIME</title> <author fullname="P. Hoffman" initials="P." surname="Hoffman"/> <author fullname="J. Schaad" initials="J." surname="Schaad"/>Technology</organization> </author> <datemonth="June" year="2010"/> <abstract> <t>The Cryptographic Message Syntax (CMS) format, and many associated formats, are expressed using ASN.1. The current ASN.1 modules conform to the 1988 version of ASN.1. This document updates those ASN.1 modules to conform to the 2002 version of ASN.1. There are no bits-on-the-wire changes to any of the formats; this is simply a change to the syntax. This document is not an Internet Standards Track specification; it is published for informational purposes.</t> </abstract>month="August" year="2024"/> </front> <seriesInfoname="RFC" value="5911"/>name="NIST FIPS" value="205"/> <seriesInfo name="DOI"value="10.17487/RFC5911"/>value="10.6028/NIST.FIPS.205"/> </reference> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5911.xml"/> <reference anchor="X680" target="https://www.itu.int/rec/T-REC-X.680"> <front> <title>InformationTechnologytechnology - Abstract Syntax Notation One (ASN.1): Specification of basicnotation. ITU-T Recommendation X.680 (2021) | ISO/IEC 8824-1:2021.</title>notation</title> <author> <organization>ITU-T</organization> </author> <date year="2021" month="February"/> </front> <seriesInfo name="ITU-T Recommendation" value="X.680"/> <seriesInfo name="ISO/IEC" value="8824-1:2021"/> </reference> <reference anchor="KPLG2024" target="https://ia.cr/2024/138"> <front> <title>Correction Fault Attacks on Randomized CRYSTALS-Dilithium</title> <author initials="E." surname="Krahmer"> <organization/> </author> <author initials="P." surname="Pessl"> <organization/> </author> <author initials="G." surname="Land"> <organization/> </author> <author initials="T." surname="Güneysu"> <organization/> </author> <date year="2024"/> </front> <refcontent>Cryptology ePrint Archive, Paper 2024/138</refcontent> <format type="PDF" target="https://eprint.iacr.org/2024/138.pdf"/> </reference> <reference anchor="WNGD2023" target="https://ia.cr/2023/1931"> <front> <title>Single-Trace Side-Channel Attacks on CRYSTALS-Dilithium: Myth or Reality?</title> <author initials="R." surname="Wang"> <organization/> </author> <author initials="K." surname="Ngo"> <organization/> </author> <author initials="J." surname="Gärtner"> <organization/> </author> <author initials="E." surname="Dubrova"> <organization/> </author> <date year="2023"/> </front> <refcontent>Cryptology ePrint Archive, Paper 2023/1931</refcontent> <format type="PDF" target="https://eprint.iacr.org/2023/1931.pdf"/> </reference><reference anchor="RFC5280"> <front> <title>Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile</title> <author fullname="D. Cooper" initials="D." surname="Cooper"/> <author fullname="S. Santesson" initials="S." surname="Santesson"/> <author fullname="S. Farrell" initials="S." surname="Farrell"/> <author fullname="S. Boeyen" initials="S." surname="Boeyen"/> <author fullname="R. Housley" initials="R." surname="Housley"/> <author fullname="W. Polk" initials="W." surname="Polk"/> <date month="May" year="2008"/> <abstract> <t>This memo profiles the X.509 v3 certificate and X.509 v2 certificate revocation list (CRL) for use in the Internet. An overview of this approach and model is provided as an introduction. The X.509 v3 certificate format is described in detail, with additional information regarding the format and semantics of Internet name forms. Standard certificate extensions are described and two Internet-specific extensions are defined. A set of required certificate extensions is specified. The X.509 v2 CRL format is described in detail along with standard and Internet-specific extensions. An algorithm for X.509 certification path validation is described. An ASN.1 module and examples are provided in the appendices. [STANDARDS-TRACK]</t> </abstract> </front> <seriesInfo name="RFC" value="5280"/> <seriesInfo name="DOI" value="10.17487/RFC5280"/> </reference> <reference anchor="RFC8032"> <front> <title>Edwards-Curve Digital Signature Algorithm (EdDSA)</title> <author fullname="S. Josefsson" initials="S." surname="Josefsson"/> <author fullname="I. Liusvaara" initials="I." surname="Liusvaara"/> <date month="January" year="2017"/> <abstract> <t>This document describes elliptic curve signature scheme Edwards-curve Digital Signature Algorithm (EdDSA). The algorithm is instantiated with recommended parameters for the edwards25519 and edwards448 curves. An example implementation and test vectors are provided.</t> </abstract> </front> <seriesInfo name="RFC" value="8032"/> <seriesInfo name="DOI" value="10.17487/RFC8032"/> </reference> <reference anchor="RFC8419"> <front> <title>Use of Edwards-Curve Digital Signature Algorithm (EdDSA) Signatures in the Cryptographic Message Syntax (CMS)</title> <author fullname="R. Housley" initials="R." surname="Housley"/> <date month="August" year="2018"/> <abstract> <t>This document specifies the conventions for using the Edwards-curve Digital Signature Algorithm (EdDSA) for curve25519 and curve448 in the Cryptographic Message Syntax (CMS). For each curve, EdDSA defines the PureEdDSA and HashEdDSA modes. However, the HashEdDSA mode is not used with the CMS. In addition, no context string is used with the CMS.</t> </abstract> </front> <seriesInfo name="RFC" value="8419"/> <seriesInfo name="DOI" value="10.17487/RFC8419"/> </reference> <reference anchor="I-D.ietf-lamps-cms-sphincs-plus"> <front> <title>Use of the SLH-DSA Signature Algorithm in the Cryptographic Message Syntax (CMS)</title> <author fullname="Russ Housley" initials="R." surname="Housley"> <organization>Vigil Security, LLC</organization> </author> <author fullname="Scott Fluhrer" initials="S." surname="Fluhrer"> <organization>Cisco Systems</organization> </author> <author fullname="Panos Kampanakis" initials="P." surname="Kampanakis"> <organization>Amazon Web Services</organization> </author> <author fullname="Bas Westerbaan" initials="B." surname="Westerbaan"> <organization>Cloudflare</organization> </author> <date day="13" month="January" year="2025"/> <abstract> <t> SLH-DSA<xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.5280.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8032.xml"/> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8419.xml"/> <!-- draft-ietf-lamps-cms-sphincs-plus-19 isa stateless hash-based signature scheme. This document specifies the conventions for using the SLH-DSA signature algorithm with the Cryptographic Message Syntax (CMS). In addition, the algorithm identifier and public key syntax are provided. </t> </abstract> </front> <seriesInfo name="Internet-Draft" value="draft-ietf-lamps-cms-sphincs-plus-19"/> </reference>now RFC 9814 --> <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9814.xml"/> </references> </references><?line 323?><section anchor="asn1"> <name>ASN.1 Module</name><aside> <t>RFC EDITOR: Please replace the reference to <xref target="I-D.ietf-lamps-dilithium-certificates"/> in the ASN.1 module below with a reference the corresponding published RFC.</t> </aside><sourcecode type="asn.1"><![CDATA[ <CODE BEGINS> ML-DSA-Module-2024 { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9) id-smime(16) id-mod(0)id-mod-ml-dsa-2024(TBD1)id-mod-ml-dsa-2024(83) } DEFINITIONS IMPLICIT TAGS ::= BEGIN EXPORTS ALL; IMPORTS SIGNATURE-ALGORITHM, SMIME-CAPS FROM AlgorithmInformation-2009 -- in [RFC5911] { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-algorithmInformation-02(58) } sa-ml-dsa-44, sa-ml-dsa-65, sa-ml-dsa-87 FROM X509-ML-DSA-2024 -- From[I-D.ietf-lamps-dilithium-certificates][RFC9881] { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-x509-ml-dsa-2024(119) } ; -- -- Expand the signature algorithm set used by CMS [RFC5911] -- SignatureAlgorithmSet SIGNATURE-ALGORITHM ::= { sa-ml-dsa-44 | sa-ml-dsa-65 | sa-ml-dsa-87, ... } SMimeCaps SMIME-CAPS ::= { sa-ml-dsa-44.&smimeCaps | sa-ml-dsa-65.&smimeCaps | sa-ml-dsa-87.&smimeCaps, ... } END <CODE ENDS> ]]></sourcecode> </section> <section anchor="examples"> <name>Examples</name> <t>This appendix contains example signed-data encodings. They can be verified using the example public keys and certificates specified in <xref section="C" target="RFC9881"/>.</t> <!-- [rfced] Regarding the text marked <sourcecode> and <artwork>, please review and let us know if any updates are needed. The following was provided in response via the intake form: The draft features an ASN.1 module that is tagged as source code in the XML. The module has been tested to confirm that it compiles. The draft also features example encodings in base64/PEM format and in a parsed representation. These are artefacts produced by an implementation rather than "source code" per se, so aren't tagged that way. Regardless, we've tested the examples against an independent implementation to make sure they work. Please consider whether some should be marked as "x509" for consistency with RFC-to-be 9881 <draft-ietf-lamps-dilithium-certificates>, as the authors of RFC 9881 provided the following guidance: And the PEM examples in the AppendixCC.3 can become type “x509”. RFC-to-be 9881 has not yet been updated. Note that the current list of<xref target="I-D.ietf-lamps-dilithium-certificates"/>.</t>preferred values for "type" is available at <https://www.rfc-editor.org/rpc/wiki/doku.php?id=sourcecode-types>. If the current list does not contain an applicable type, feel free to suggest additions for consideration. Note that it is also acceptable to leave the "type" attribute not set. --> <t>The following is an example of a signed-data with a single ML-DSA-44 signer, with signed attributes included:</t><artwork><![CDATA[<sourcecode><![CDATA[ -----BEGIN CMS----- MIIKsAYJKoZIhvcNAQcCoIIKoTCCCp0CAQExDTALBglghkgBZQMEAgMwQwYJKoZI hvcNAQcBoDYENE1MLURTQS00NCBzaWduZWQtZGF0YSBleGFtcGxlIHdpdGggc2ln bmVkIGF0dHJpYnV0ZXMxggpCMIIKPgIBATA6MCIxDTALBgNVBAoTBElFVEYxETAP BgNVBAMTCExBTVBTIFdHAhQVn/5vIv1cxCxSTfb9XijQ3jjzTjALBglghkgBZQME AgOgazAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBME8GCSqGSIb3DQEJBDFCBEAL v5NoEkfE3OkMRW4rKXw97hdFLivtQ/OVU4Pc/DrfWm3d7POpIxNQ4WCwyGDTWKwi dWwcHZ9E3CT0Twj2gI/UMAsGCWCGSAFlAwQDEQSCCXTzX9ZSUYiiAjJ2USF/0b1K fyTnaJTCFymSXY/ZOE0++0F6BZ9HUQweqTlrfXUmpOLlYK+8Hd/zCmyjboKZZmCA KY4rPlbI4W9ndcowgSgawGixVsOvOBimudg4B5Tbo43cORwIPW6FdDrCa9eKgcGh bMIFTYFF7f9J3suzYmcj7H99nDJd3d9POqPW0J2NWz64UoxZP8iHOu78gd46yIwB Rz9VYerDOBSOkZiU2kQUXGhCKmOogOES8Vg1TfV3esn7xeLbOhn4uyrpSOBx5bdC 3BLRxvWdic+haOSFQns5uSrduRjXTaLi88tnVWknzfidCzKubzIxJ/7CMcEcXxu+ L+dUOVXZvATV3FIddk9re8x54Z7gb0kHEyemJnf9uq+084pGB/LrIH5x+ZyYdzlZ Ys1a7XqEONK/VIuwD2E7UHcYDSROZAYRMFGoyqGKdwVD6/W1ElDYND6eX7Vqss4H jDuDi7qsha2j4oHet5JQWYeCSxSUsmwp+5E9S6p3g/30w4iAlEGQLGZV1H76m+4+ JYWnHapiFFPQ4nxly+C6c6+hDaX+KONzdM/lt0eaJnxq9Nzrprw/ieIqX8A7Ov9t 1MLVwd7W8Gc4auZec/8WrnDI/f7qaSU0Kt+kNN0oK2maZvLYbDyaDSlUyK4IXvqA FR5fbSgFmy7SY2TDc4k8JJ/KdBqSg8k0/tRemBiXE/YfltddyZqsD+vhoz5RXhl0 DvyZbQwxW67bdgr6TgRKexRuWOQTR9CAWNitmPzmZDRqIxIhtbg3jtoXuJTg4OO3 /tjhr+ZxCv5zsgcbUiJBiCsHRhuc1W1erOCRu+fknwXZBgF73WtFhDfDq8u9a00e jBTW4xMAXVfv3coIaknsDP+Di9LtvsXxhLsMaRr9bFZnfhcfU4/O0w+rGWbZ8l14 y8ECh//OPjYQxmFvXaqV9r2Fz6KkslzwlerMq/MjFUjt6vNcxHaGEID/m+xzSJAB 5/BzW0qkIBFoWIDHTkYo9wie7QI6cbgM7qbpTxJAbauPU0VYf2VUTTuGxVtb4aNQ zMDYSBjHVDjZ3/o+kmkjrlBxl+Jvx7QelOGOVNhKMP7OwMIXj50txvWqRVlTXIvm p5Qv/NFJWQTJWDv608Mt5/4lbGqJBO7v9T7gfxvd1LWXmmd1X/T8oPg9rFI6rGNP Nz7xoxs8xkAa+sBcoPmNQyk9q9srER8Fwi3eBGnUFuAq8nKfn+2LXh/Iuhxk6BFc a1wC4Qa5PV4uiKjsUrKyWwux12Z3dAbtLIf9HNStu1l57KaiJ/XLkCsUsDVAcq8L GJHpuT0OOY/2Ai/JkE6CjJH9nEXQLgxWHadD0gJrQA8rnwVOccex7RjX7xkhh/0d b3HxLf2fOFt6lyWgFK1uZKpLrp1fk6+U1hxk+EuUfdayrTOt5poNolRXaohINP7m ZZj1yqGhWlbq0xkZt7xantZ5FB1QuT9hT5FiY4TFoB1Z5LJlXvLpM/QFB/4n9ZJi fqqjKA6wMCWxBpsu4+ZOfaQkwvRZ+9+O8QIMlQaRqyMoZeSVh622QmUjuAw7EyYY KRR/sPkLe1SFXwFg6mcqrnABRGy2kHs2a63j4MIpev1DonKNWPbbBSzkqncPYpb6 MHXQTiL1/uqbl/vUElNucQxvzsaCIDP0ULQiZLS5PUO18rjWa3BbEOner4MyAT2s QXj5fxHYmuT69JppafV9omZa30d2mUDDtz9Wy2xGRE8MvSrawsRNE5Hucc/tXZul BzOGPARtzKB3lgrXuQU9CyYSM3T387tM1o1AXmOJO/H4bhAbAqFeFnL1Wm/gFWFr ocpVPNwAWRQj7NdteRMX/qE8nWMjGl1ax7wl3BPa8pDwC+6lpnVfGDzBNlwBzTHz oXtjGTTRuFi1Zpy6BgvAPuVZcxXC6Pg8EeodO1XH4pPKtPJ+tkCWLrnxzMur7oAP i5P3UZ/AEXrLiMw/f6oltVVDWvGD9T5OeemgB4fRzSG/0Sxu1WpMBm1va1v56Gym UOu59MHb6jR2NpsGBRu1J/5FVoxghvitSA4ggAhkLmlndoNcW0ThHJx67WBJH78h gVHhjqBuaXwRlfocyqdrNw4B9iVAEx/sxldvF9pIvlsnRXKore8RF9p40fYz7GGc 2+cbtdgCVyfpnt2u2reyvPgOAzw/Moms+AXs+LaxzHt6mrWIJOsuNtLwrwTEJu1t GkQiBwZwDlG+wb885YvMxAoAXU9s88jSWzEyfUS4ksMgG2CVrmfewHeFuLIFR9D1 LZkFSmQTgWLKwdJw73XUgFOqHxzMTBkLoTAIQasTZKjC16OzCbwZv5e/PT7hqvQk ic07PJLIjA41uhGnSyaN2ELYQYKQFcTAky5eHYaDHdJgMZTTKMn+k1SHYHCBYkzH ToSoodOW7ezgjzkMJMAp3A/egYFrCHpOdmiCkE6ot2OCW8Ju9vxKQMWAXXelFOa7 j3tVSqIUdvTjzyAGINsVU8ihKaSStO8khnOftb/aUj7eN36FHMwMeNH2LhXbwSJI ++u4GWW3woD8ZUyo1mpH7xLmBrci7Phs7gFpHtJeIZpPBeG5MuEDpvzCHHBBrvUA Ek8zuLLGYdlbb2PWGM6A3M+efSnjaY6JQS3GURQLA9BWMtuS5L3+ytm0FOOwOVCA hq2BN+vNwXm1XWqlEG1sbpAUbngWkpyipUT3GBBvjp+Ak3RIlciLQGcZ1IlXeg1E W9K8YhhLo49Oh3GDuf4CZgPULsHXqKcCr9lVDpff/kcxwVeXITQiFVykwjfEllXT gnxR3zQRP61P3aisQxwsaKgHKGzD5idGAzGQuwVgAs95xA/ka1ccMe8a5da+bKP/ 9QqnAFFtArVZpso0Xcy2D/iusW2bcBjiSANM4GnZwsyphF0WIK89aq/411WIz3zc XflJIW80fAy47VF8W340bSgc24AOrQlz38TEGLIcvqPvSMTQRVUdl2S9PgGo8cpP J5+lm7FzJftRSTwYsaSwtOUM1hvvXbvcWfO3g8XMJbof8cWH7QeEPcan+ygxqbtt ArQ5Dk+BE4Rv/MBJUVi5E30IBHxWXx6OTwSljFDjBwt8bPVk7YMaBWMMY4KZw5jU nRakavONHDQDizfy7U0IRAEjKTxKTFaRk56+y839PF2Tlp63wO0UFzAyQVVkZ2uR zs/Q7xYbHEBpepGfq7C0w9Tp7fgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA DhYkNA== -----END CMS-----]]></artwork> <artwork><![CDATA[]]></sourcecode> <sourcecode><![CDATA[ SEQUENCE { # signedData OBJECT_IDENTIFIER { 1.2.840.113549.1.7.2 } [0] { SEQUENCE { INTEGER { 1 } SET { SEQUENCE { # sha512 OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 } } } SEQUENCE { # data OBJECT_IDENTIFIER { 1.2.840.113549.1.7.1 } [0] { OCTET_STRING { "ML-DSA-44 signed-data example with sig ned attributes" } } } SET { SEQUENCE { INTEGER { 1 } SEQUENCE { SEQUENCE { SET { SEQUENCE { # organizationName OBJECT_IDENTIFIER { 2.5.4.10 } PrintableString { "IETF" } } } SET { SEQUENCE { # commonName OBJECT_IDENTIFIER { 2.5.4.3 } PrintableString { "LAMPS WG" } } } } INTEGER { `159ffe6f22fd5cc42c524df6fd5e28d0de38f34e` } } SEQUENCE { # sha512 OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 } } [0] { SEQUENCE { # contentType OBJECT_IDENTIFIER { 1.2.840.113549.1.9.3 } SET { # data OBJECT_IDENTIFIER { 1.2.840.113549.1.7.1 } } } SEQUENCE { # messageDigest OBJECT_IDENTIFIER { 1.2.840.113549.1.9.4 } SET { OCTET_STRING { `0bbf93681247c4dce90c456e2b297c3d ee17452e2bed43f3955383dcfc3adf5a6dddecf3a9231350e160b0c860d358ac 22756c1c1d9f44dc24f44f08f6808fd4` } } } } SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.17 } } OCTET_STRING { `f35fd6525188a202327651217fd1bd4a7f24e7 6894c21729925d8fd9384d3efb417a059f47510c1ea9396b7d7526a4e2e560af bc1ddff30a6ca36e8299666080298e2b3e56c8e16f6775ca3081281ac068b156 c3af3818a6b9d8380794dba38ddc391c083d6e85743ac26bd78a81c1a16cc205 4d8145edff49decbb3626723ec7f7d9c325ddddf4f3aa3d6d09d8d5b3eb8528c 593fc8873aeefc81de3ac88c01473f5561eac338148e919894da44145c68422a 63a880e112f158354df5777ac9fbc5e2db3a19f8bb2ae948e071e5b742dc12d1 c6f59d89cfa168e485427b39b92addb918d74da2e2f3cb67556927cdf89d0b32 ae6f323127fec231c11c5f1bbe2fe7543955d9bc04d5dc521d764f6b7bcc79e1 9ee06f49071327a62677fdbaafb4f38a4607f2eb207e71f99c9877395962cd5a ed7a8438d2bf548bb00f613b5077180d244e6406113051a8caa18a770543ebf5 b51250d8343e9e5fb56ab2ce078c3b838bbaac85ada3e281deb792505987824b 1494b26c29fb913d4baa7783fdf4c388809441902c6655d47efa9bee3e2585a7 1daa621453d0e27c65cbe0ba73afa10da5fe28e37374cfe5b7479a267c6af4dc eba6bc3f89e22a5fc03b3aff6dd4c2d5c1ded6f067386ae65e73ff16ae70c8fd feea6925342adfa434dd282b699a66f2d86c3c9a0d2954c8ae085efa80151e5f 6d28059b2ed26364c373893c249fca741a9283c934fed45e98189713f61f96d7 5dc99aac0febe1a33e515e19740efc996d0c315baedb760afa4e044a7b146e58 e41347d08058d8ad98fce664346a231221b5b8378eda17b894e0e0e3b7fed8e1 afe6710afe73b2071b522241882b07461b9cd56d5eace091bbe7e49f05d90601 7bdd6b458437c3abcbbd6b4d1e8c14d6e313005d57efddca086a49ec0cff838b d2edbec5f184bb0c691afd6c56677e171f538fced30fab1966d9f25d78cbc102 87ffce3e3610c6616f5daa95f6bd85cfa2a4b25cf095eaccabf3231548edeaf3 5cc476861080ff9bec73489001e7f0735b4aa42011685880c74e4628f7089eed 023a71b80ceea6e94f12406dab8f5345587f65544d3b86c55b5be1a350ccc0d8 4818c75438d9dffa3e926923ae507197e26fc7b41e94e18e54d84a30fecec0c2 178f9d2dc6f5aa4559535c8be6a7942ffcd1495904c9583bfad3c32de7fe256c 6a8904eeeff53ee07f1bddd4b5979a67755ff4fca0f83dac523aac634f373ef1 a31b3cc6401afac05ca0f98d43293dabdb2b111f05c22dde0469d416e02af272 9f9fed8b5e1fc8ba1c64e8115c6b5c02e106b93d5e2e88a8ec52b2b25b0bb1d7 66777406ed2c87fd1cd4adbb5979eca6a227f5cb902b14b0354072af0b1891e9 b93d0e398ff6022fc9904e828c91fd9c45d02e0c561da743d2026b400f2b9f05 4e71c7b1ed18d7ef192187fd1d6f71f12dfd9f385b7a9725a014ad6e64aa4bae 9d5f93af94d61c64f84b947dd6b2ad33ade69a0da254576a884834fee66598f5 caa1a15a56ead31919b7bc5a9ed679141d50b93f614f91626384c5a01d59e4b2 655ef2e933f40507fe27f592627eaaa3280eb03025b1069b2ee3e64e7da424c2 f459fbdf8ef1020c950691ab232865e49587adb6426523b80c3b13261829147f b0f90b7b54855f0160ea672aae7001446cb6907b366bade3e0c2297afd43a272 8d58f6db052ce4aa770f6296fa3075d04e22f5feea9b97fbd412536e710c6fce c6822033f450b42264b4b93d43b5f2b8d66b705b10e9deaf8332013dac4178f9 7f11d89ae4faf49a6969f57da2665adf47769940c3b73f56cb6c46444f0cbd2a dac2c44d1391ee71cfed5d9ba50733863c046dcca077960ad7b9053d0b261233 74f7f3bb4cd68d405e63893bf1f86e101b02a15e1672f55a6fe015616ba1ca55 3cdc00591423ecd76d791317fea13c9d63231a5d5ac7bc25dc13daf290f00bee a5a6755f183cc1365c01cd31f3a17b631934d1b858b5669cba060bc03ee55973 15c2e8f83c11ea1d3b55c7e293cab4f27eb640962eb9f1cccbabee800f8b93f7 519fc0117acb88cc3f7faa25b555435af183f53e4e79e9a00787d1cd21bfd12c 6ed56a4c066d6f6b5bf9e86ca650ebb9f4c1dbea3476369b06051bb527fe4556 8c6086f8ad480e208008642e696776835c5b44e11c9c7aed60491fbf218151e1 8ea06e697c1195fa1ccaa76b370e01f62540131fecc6576f17da48be5b274572 a8adef1117da78d1f633ec619cdbe71bb5d8025727e99eddaedab7b2bcf80e03 3c3f3289acf805ecf8b6b1cc7b7a9ab58824eb2e36d2f0af04c426ed6d1a4422 0706700e51bec1bf3ce58bccc40a005d4f6cf3c8d25b31327d44b892c3201b60 95ae67dec07785b8b20547d0f52d99054a64138162cac1d270ef75d48053aa1f 1ccc4c190ba1300841ab1364a8c2d7a3b309bc19bf97bf3d3ee1aaf42489cd3b 3c92c88c0e35ba11a74b268dd842d841829015c4c0932e5e1d86831dd2603194 d328c9fe935487607081624cc74e84a8a1d396edece08f390c24c029dc0fde81 816b087a4e766882904ea8b763825bc26ef6fc4a40c5805d77a514e6bb8f7b55 4aa21476f4e3cf200620db1553c8a129a492b4ef2486739fb5bfda523ede377e 851ccc0c78d1f62e15dbc12248fbebb81965b7c280fc654ca8d66a47ef12e606 b722ecf86cee01691ed25e219a4f05e1b932e103a6fcc21c7041aef500124f33 b8b2c661d95b6f63d618ce80dccf9e7d29e3698e89412dc651140b03d05632db 92e4bdfecad9b414e3b039508086ad8137ebcdc179b55d6aa5106d6c6e90146e 7816929ca2a544f718106f8e9f8093744895c88b406719d489577a0d445bd2bc 62184ba38f4e877183b9fe026603d42ec1d7a8a702afd9550e97dffe4731c157 97213422155ca4c237c49655d3827c51df34113fad4fdda8ac431c2c68a80728 6cc3e62746033190bb056002cf79c40fe46b571c31ef1ae5d6be6ca3fff50aa7 00516d02b559a6ca345dccb60ff8aeb16d9b7018e248034ce069d9c2cca9845d 1620af3d6aaff8d75588cf7cdc5df949216f347c0cb8ed517c5b7e346d281cdb 800ead0973dfc4c418b21cbea3ef48c4d045551d9764bd3e01a8f1ca4f279fa5 9bb17325fb51493c18b1a4b0b4e50cd61bef5dbbdc59f3b783c5cc25ba1ff1c5 87ed07843dc6a7fb2831a9bb6d02b4390e4f8113846ffcc0495158b9137d0804 7c565f1e8e4f04a58c50e3070b7c6cf564ed831a05630c638299c398d49d16a4 6af38d1c34038b37f2ed4d08440123293c4a4c5691939ebecbcdfd3c5d93969e b7c0ed14173032415564676b91cecfd0ef161b1c40697a919fabb0b4c3d4e9ed f8000000000000000000000000000000000000000000000000000000000e1624 34` } } } } } }]]></artwork>]]></sourcecode> <t>The following is an example of a signed-data with a single ML-DSA-65 signer, with signed attributes included:</t><artwork><![CDATA[<sourcecode><![CDATA[ -----BEGIN CMS----- MIIOKQYJKoZIhvcNAQcCoIIOGjCCDhYCAQExDTALBglghkgBZQMEAgMwQwYJKoZI hvcNAQcBoDYENE1MLURTQS02NSBzaWduZWQtZGF0YSBleGFtcGxlIHdpdGggc2ln bmVkIGF0dHJpYnV0ZXMxgg27MIINtwIBATA6MCIxDTALBgNVBAoTBElFVEYxETAP BgNVBAMTCExBTVBTIFdHAhQVn/5vIv1cxCxSTfb9XijQ3jjzTjALBglghkgBZQME AgOgazAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBME8GCSqGSIb3DQEJBDFCBEDV dAiINSoOkqad8+saHOVVYKw/LS+Cgc4/BqVtOoKFyyTuZAR1cSmheu9HfN8aRDoS Ig4wz94jCPe4gULOnjqoMAsGCWCGSAFlAwQDEgSCDO1SnJA5zOCk/J0mfklniShg BjzE2zH3oafJHtLTAItJwO7niA2s4tqmU9LfVVU4n+bXALkLNXOYY057rdKy/V4W u+tbqGWWNUKwBSWAZw/4htJXrN9tb7T+fSTn9A9XfMps2GMai15n9vp4cjia49YS FoSNumwGrK0WVQ2/pdFqyULdyvk96VUZnjhoKmRg4bxNLPt9b14gJZA75FpzItIF Q5Ngzx6rbNyCUbuUxx+ut+IgCAqfbdynWxROD01vW3nbZ72ZZcnejvvvMSWyLQIE /3aszLIkJ8GDsRt2UxyDc/o0DP04ULboC8B4AQq2qH1+MWILU+QTUm/+Jwg7tVjJ 5r+7kcpQT0J/kGexd86GwsuWQcNjNRZvsyTyMozrbz5jLahT+XLpBJH4lzWIKTi4 41RC5JRQajZ/Eh9+UYxtsp1wWnNZwXhp4BvMouKB/GtT7CfYB12b4yGGeyxjA7kR Jip6PiPJUP03MX580kqFkoiDJsl/HpINHdLEIGip83xbEley/KaV2j0u0njyUMdI FMFebivDOhSEVW6biU7FKFcgNeFxSg3Ls6qabp/kqakZnolfpVU8jTeFpapilZoL 0a/wp/xUiuUTJfARjjqOZ5A+HxVhkhLwykt14KC3v/jcp8URzDxw7/h8LNzEeo1P C6eT3psEzPN0L3TqJRNCGsDYtrtl0NoTOZpj7Vj//8cAg4rj1aZIykIuytJwLvxx dkLaq2MbJoiCq/OwnRFeARSdwt2viAf+MyI/GU3n1A4mEwM4NsYVJxRZzbUisekJ L+6cb4T5pnw1wZHySECw3YiHLYHRYHpi9Moi6ldy7HZBNT3z7GOO+ZOyAOHSKek1 HD7K6K7L0GL6s9gy/hd779s4DxhLFg2is5xfJ6wcvYDg+wgy8vCoQc/D9SchL98M DjQlh+x0Z8iqoTJ+z0mYB4fCKxqtiq3ufkrRGKHvkWDEyeTXAWV1/k3sZtEGkmX6 nan2U/GfqV7ilYelO83kb1CRLXeUbEXhBoqBuIAIaTbDwbTRJk38mNAF/l4QwPle IaQ0hwDZ/EAb7IICi64+RKdDGQvYid4jIJy3wuhdz6iCM5vwMVT/K81o67QGOMZj aCT22unxJkOSe9nwb8TOuEzqRpHtTQftBK+0/nYPZMx3AGjuU6wabb7eR1ux9DVk QFz0ykykN7gle89bcEjNr6wZ6GtY9qkmkY861+PWVTj4380aSZxNgJibnKhQ3jH5 tR93/r+JcsOI8a2Vj94y/ufTDAE3uEX9Z3MArceQ9FDcGq5CWQYXR5Cf3oWhORii PCO/qZ6LGmiXV0d8bYYQ1XFxgUpdslLnb7IyVEt7QJ2CrQfyT1e12bz1c0iCeImt bQbhWaF550uvkyRpDS/eqHFV/yFMqMurdCvxuKmfEWNgZayG+LhwgPHK5xDfAHwi ItT2e+GOmVUNecsMutvc5DrP9MTQkU8RUhPxOkiuQi3/Nc5vWIULR1a/MeV1lwuB l4ZCkyoWz2KW51M3StHgAngy0gbFfil2X9y0P+fGwGvNZTILIqLCnWgZ39Bpm05u fcQH19aN/Arjnxpgaysx8TIlzpIFK06Id40aTH5Ptl8vMvhnVa/WzXGIy8YkuzAb lt2IXcZhD3g41s1Cjmror20bUfxH/AvFQp60FssB+A411tSp/whzqdanvofjFdz7 yhS1ZTXBHgwJAvOeLEzZ+0B6Q8jiVbzHFoX5g5OQRPuGj7pQLiSxPV3GeYHsNqn3 wdiW6gNnEEM8ST9VGIihSVZQ1H86d1S//wNMNLs1957JdQECUgdqpDT+8fya3P4G /nVz7FU+Go5Zc7IK5FrNhK57JiTUu5INHN8Zlbm+wOoglCk0aZFU0Sf9Qxrhaus+ nYQofSG0zEoBOLyEzjVccbgA5bw75ZsaaMjRIGRotWTXtrMfBoMLNxBmVGAKqluL 7Wm3UlbKG43gcg7sIS2zdh069HD6aUqt+VKDTd2WG7FGMgC6MADwIbVN14E5AcbJ 19kKKQK08f+vrsxpSNY8XRKk5ShnT0ig0vRIoWIAGkN4YJu46YjZ2WorSfuaKNx/ +olnWjhlcRSf3oOl0TpwYLhp7Clok9/t7kCZS8L8KvOUZ8K36VL0E+4LeKycAZk3 Y4ziBJMW8wDG3tUl0QQZfZSKyBEgyCiugr8tXsJAkPLy8U38YtxDtwAgwcXTkDiN 85YXK5AreJR8sr33LZZI3Y0qiCIJVMQWfcSnrCwdSUXDuqXyG979qJr7aRiwt5iH X2GJqubN0XdpC6Y4KSSTZx4sYs2Tsf9/HWFbizXgAgsHyz2zLC/0FTR1fiBZF2Zf 7tgoJcF0FqKxJUq4BWOJNk4C/RwpSV5cMiU/rpkwojMJ7HnxV6k+l8ZqIUQJ7hWU cGQmlBP3kd4dueatyC2rvw3UrLfcttiLbAqYTHVo7UHYhpKX1vLZ5p1tPKKz5mbl zxhnenB3BRKj31+Fq0UE3luHur63WlcLSnqvGFhUcyz47pjZ7VntZrjMu3QyQbeg bNv/PROC0wp3EYo+C5/AS2H03quY6oW+0Ix1iWw16EzUDCVdnXT3bmnqNJEN1Hgs eyiKCmbTX+l378KIYjVY5DE6eYDTyzpc0lcxg8Vb4eM7q2cdmts+jZLTH6Xq/xLQ Kq93FkNvx8bkC83F8zXor8MbEPtzjQcjZI+adJrTTdUDrIDAF3sOddlgK5Lr15cR np5plnapwi/VXweRqRXTkYqjmZsfCKAe5AaleTfSBnPSCsczIXAVTTQC1CoQfxoM 8jjfzhPzHr/kHaktGQ0mS66L8/Gw/eVDxFgRj876exDl+J5Hp1+2+pHafw8jHO0/ EkPn9R/78P70H2P8XVrysdIeGM0Bq32jJNgDCT6YARqlHkrUBiiLKGHyNiLWFsXw 2mp5Lx/6lWSJ3jH0NQ1enyWVwbOiZo2jQxVjccaC+2hKgQgJZNVUr4zBPxcequ5V rEl29BcXNgEWL5lywVIxYijFULcxyw9g/Z1LTJbBofZ38zqhCxFtKjfraCp+pZaM jP1+Pgz4CD/Q2uqt2d+0cThjvrru9ClPFk6ssAuGN6DXQnnL3MoFKwL4eCwOUdVR a9C8ZW7D+ax16gQBmD3hQB/K/4bdQFD3tQRsLoG1DR4MilOGIvMxj5wdbglrNAeS 1rKMN5M3bJ/Zv4mXE+nfWehBFw4A+gDP3LR21579/WJy3TWG0FIK7Gc23BxhAujY hWE80C/NMuHhzp7n2uOmydFpkiGA4HcQaJti3Cw9bwMCoJMkQdvUZG+bJYNBLW/3 v/lo4Ireg30JE18wi0TXsqvtqoAfVoERh4ZQMYMz4PDooxG0KqDgHyDfY3AEU506 KAVCjqUMuCazq/B8CTMSqg2HrufMBVg0S4mzfwiCK6CdZsHbzMWy7yy28Bn5/Vfa r/tBXMEsqvfz2RZmYk2mgoaxHxYwbDT/tHO1EBkSuXG243J5VUbd0DGcnyl6s43a GQ2mLRz7KqCAK/QXgy7yU/quguVy6bUsSZxxwnpCvO9fCg8VZkThuMEl9DKe68bt b1xrzc4jXKLpa5C6LGIy4+BYVRV9NszZLOZ6RDcIIKYA7wnjutMNdYRBg86ukvdC q4CKWpGVH985lyS+PPOYhvo0cfMpKVg1EoPuCX4qFEX9Qt8RslvxEpUE3djYykuE WKvzH+yS1hOTnNNhIGNVGSoZVVt4rV+Rn2Sh3DZbR6U5tFcCK6FziH/wwQ7FL4YU v4uCF1xLZtMkulYE9a7SRvUYqeX88CEQQ57zQasJa+a/puljswL7UV/QBnmnM44g NmRyyHSDObZplX2hKr6cbQ6IDACM0YLbqveN0x478tW65D/e3EdQip4LKPf3TB/2 NabF50gr/XPeh9eMKJzCEFA2NBy20yjr6uHGprkd4Yd7iMzBz/DD9P/4dE6lAXGA vALm0S8mrv8p6S1ln2lrYjYptdELG6FbAm5ZFRWD9XDQUCmbDp8qQkw4q7nFSLTx lzu6lQIiB7weAoJ0/WyhrD75GTcp7W9e0pcmqQL6YMYTIlvRSoq0aK4l4nz+7eUY tCuJjGDmj/+2kHVOZUF/p8fzZmsWBcgpMUJnPo0hTUZ3oQqxsNYFiXZDStVtyA7b hS8OX6kEO8652tGQop6jIx3WEUs/vqSa/h1BHVW3aOd29Rqw0Tf1o6BoIoDdccpi 4NlIgwVFxFhzqxy9QvQF0nuaPIaCZFf8vTxaMSVD7JVmvAG2QJXQXfseyttHnaut i3iV/dQfCk6q5AF3FfLWmpbv7xGzgAqEQLJbWGTgzkWhrUd4XSxMuz3Fdr2miYqZ bKeW7WTYZheWIByiulhuxh9UYf0GDxAYY4m5EGV5pek6xgwhMj1YYmVobHng4g8n YKOx3QAAAAAAAAAAAAAAAAAAAAAAAAAECxASHiQ= -----END CMS-----]]></artwork> <artwork><![CDATA[]]></sourcecode> <sourcecode><![CDATA[ SEQUENCE { # signedData OBJECT_IDENTIFIER { 1.2.840.113549.1.7.2 } [0] { SEQUENCE { INTEGER { 1 } SET { SEQUENCE { # sha512 OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 } } } SEQUENCE { # data OBJECT_IDENTIFIER { 1.2.840.113549.1.7.1 } [0] { OCTET_STRING { "ML-DSA-65 signed-data example with sig ned attributes" } } } SET { SEQUENCE { INTEGER { 1 } SEQUENCE { SEQUENCE { SET { SEQUENCE { # organizationName OBJECT_IDENTIFIER { 2.5.4.10 } PrintableString { "IETF" } } } SET { SEQUENCE { # commonName OBJECT_IDENTIFIER { 2.5.4.3 } PrintableString { "LAMPS WG" } } } } INTEGER { `159ffe6f22fd5cc42c524df6fd5e28d0de38f34e` } } SEQUENCE { # sha512 OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 } } [0] { SEQUENCE { # contentType OBJECT_IDENTIFIER { 1.2.840.113549.1.9.3 } SET { # data OBJECT_IDENTIFIER { 1.2.840.113549.1.7.1 } } } SEQUENCE { # messageDigest OBJECT_IDENTIFIER { 1.2.840.113549.1.9.4 } SET { OCTET_STRING { `d5740888352a0e92a69df3eb1a1ce555 60ac3f2d2f8281ce3f06a56d3a8285cb24ee6404757129a17aef477cdf1a443a 12220e30cfde2308f7b88142ce9e3aa8` } } } } SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.18 } } OCTET_STRING { `529c9039cce0a4fc9d267e4967892860063cc4 db31f7a1a7c91ed2d3008b49c0eee7880dace2daa653d2df5555389fe6d700b9 0b357398634e7badd2b2fd5e16bbeb5ba865963542b0052580670ff886d257ac df6d6fb4fe7d24e7f40f577cca6cd8631a8b5e67f6fa7872389ae3d61216848d ba6c06acad16550dbfa5d16ac942ddcaf93de955199e38682a6460e1bc4d2cfb 7d6f5e2025903be45a7322d205439360cf1eab6cdc8251bb94c71faeb7e22008 0a9f6ddca75b144e0f4d6f5b79db67bd9965c9de8efbef3125b22d0204ff76ac ccb22427c183b11b76531c8373fa340cfd3850b6e80bc078010ab6a87d7e3162 0b53e413526ffe27083bb558c9e6bfbb91ca504f427f9067b177ce86c2cb9641 c36335166fb324f2328ceb6f3e632da853f972e90491f89735882938b8e35442 e494506a367f121f7e518c6db29d705a7359c17869e01bcca2e281fc6b53ec27 d8075d9be321867b2c6303b911262a7a3e23c950fd37317e7cd24a8592888326 c97f1e920d1dd2c42068a9f37c5b1257b2fca695da3d2ed278f250c74814c15e 6e2bc33a1484556e9b894ec528572035e1714a0dcbb3aa9a6e9fe4a9a9199e89 5fa5553c8d3785a5aa62959a0bd1aff0a7fc548ae51325f0118e3a8e67903e1f 15619212f0ca4b75e0a0b7bff8dca7c511cc3c70eff87c2cdcc47a8d4f0ba793 de9b04ccf3742f74ea2513421ac0d8b6bb65d0da13399a63ed58ffffc700838a e3d5a648ca422ecad2702efc717642daab631b268882abf3b09d115e01149dc2 ddaf8807fe33223f194de7d40e2613033836c615271459cdb522b1e9092fee9c 6f84f9a67c35c191f24840b0dd88872d81d1607a62f4ca22ea5772ec7641353d f3ec638ef993b200e1d229e9351c3ecae8aecbd062fab3d832fe177befdb380f 184b160da2b39c5f27ac1cbd80e0fb0832f2f0a841cfc3f527212fdf0c0e3425 87ec7467c8aaa1327ecf49980787c22b1aad8aadee7e4ad118a1ef9160c4c9e4 d7016575fe4dec66d1069265fa9da9f653f19fa95ee29587a53bcde46f50912d 77946c45e1068a81b880086936c3c1b4d1264dfc98d005fe5e10c0f95e21a434 8700d9fc401bec82028bae3e44a743190bd889de23209cb7c2e85dcfa882339b f03154ff2bcd68ebb40638c6636824f6dae9f12643927bd9f06fc4ceb84cea46 91ed4d07ed04afb4fe760f64cc770068ee53ac1a6dbede475bb1f43564405cf4 ca4ca437b8257bcf5b7048cdafac19e86b58f6a926918f3ad7e3d65538f8dfcd 1a499c4d80989b9ca850de31f9b51f77febf8972c388f1ad958fde32fee7d30c 0137b845fd677300adc790f450dc1aae4259061747909fde85a13918a23c23bf a99e8b1a689757477c6d8610d57171814a5db252e76fb232544b7b409d82ad07 f24f57b5d9bcf57348827889ad6d06e159a179e74baf9324690d2fdea87155ff 214ca8cbab742bf1b8a99f11636065ac86f8b87080f1cae710df007c2222d4f6 7be18e99550d79cb0cbadbdce43acff4c4d0914f115213f13a48ae422dff35ce 6f58850b4756bf31e575970b81978642932a16cf6296e753374ad1e0027832d2 06c57e29765fdcb43fe7c6c06bcd65320b22a2c29d6819dfd0699b4e6e7dc407 d7d68dfc0ae39f1a606b2b31f13225ce92052b4e88778d1a4c7e4fb65f2f32f8 6755afd6cd7188cbc624bb301b96dd885dc6610f7838d6cd428e6ae8af6d1b51 fc47fc0bc5429eb416cb01f80e35d6d4a9ff0873a9d6a7be87e315dcfbca14b5 6535c11e0c0902f39e2c4cd9fb407a43c8e255bcc71685f983939044fb868fba 502e24b13d5dc67981ec36a9f7c1d896ea036710433c493f551888a1495650d4 7f3a7754bfff034c34bb35f79ec975010252076aa434fef1fc9adcfe06fe7573 ec553e1a8e5973b20ae45acd84ae7b2624d4bb920d1cdf1995b9bec0ea209429 34699154d127fd431ae16aeb3e9d84287d21b4cc4a0138bc84ce355c71b800e5 bc3be59b1a68c8d1206468b564d7b6b31f06830b37106654600aaa5b8bed69b7 5256ca1b8de0720eec212db3761d3af470fa694aadf952834ddd961bb1463200 ba3000f021b54dd7813901c6c9d7d90a2902b4f1ffafaecc6948d63c5d12a4e5 28674f48a0d2f448a162001a4378609bb8e988d9d96a2b49fb9a28dc7ffa8967 5a386571149fde83a5d13a7060b869ec296893dfedee40994bc2fc2af39467c2 b7e952f413ee0b78ac9c019937638ce2049316f300c6ded525d104197d948ac8 1120c828ae82bf2d5ec24090f2f2f14dfc62dc43b70020c1c5d390388df39617 2b902b78947cb2bdf72d9648dd8d2a88220954c4167dc4a7ac2c1d4945c3baa5 f21bdefda89afb6918b0b798875f6189aae6cdd177690ba638292493671e2c62 cd93b1ff7f1d615b8b35e0020b07cb3db32c2ff41534757e205917665feed828 25c17416a2b1254ab8056389364e02fd1c29495e5c32253fae9930a23309ec79 f157a93e97c66a214409ee15947064269413f791de1db9e6adc82dabbf0dd4ac b7dcb6d88b6c0a984c7568ed41d8869297d6f2d9e69d6d3ca2b3e666e5cf1867 7a70770512a3df5f85ab4504de5b87babeb75a570b4a7aaf185854732cf8ee98 d9ed59ed66b8ccbb743241b7a06cdbff3d1382d30a77118a3e0b9fc04b61f4de ab98ea85bed08c75896c35e84cd40c255d9d74f76e69ea34910dd4782c7b288a 0a66d35fe977efc288623558e4313a7980d3cb3a5cd2573183c55be1e33bab67 1d9adb3e8d92d31fa5eaff12d02aaf7716436fc7c6e40bcdc5f335e8afc31b10 fb738d0723648f9a749ad34dd503ac80c0177b0e75d9602b92ebd797119e9e69 9676a9c22fd55f0791a915d3918aa3999b1f08a01ee406a57937d20673d20ac7 332170154d3402d42a107f1a0cf238dfce13f31ebfe41da92d190d264bae8bf3 f1b0fde543c458118fcefa7b10e5f89e47a75fb6fa91da7f0f231ced3f1243e7 f51ffbf0fef41f63fc5d5af2b1d21e18cd01ab7da324d803093e98011aa51e4a d406288b2861f23622d616c5f0da6a792f1ffa956489de31f4350d5e9f2595c1 b3a2668da343156371c682fb684a81080964d554af8cc13f171eaaee55ac4976 f417173601162f9972c152316228c550b731cb0f60fd9d4b4c96c1a1f677f33a a10b116d2a37eb682a7ea5968c8cfd7e3e0cf8083fd0daeaadd9dfb4713863be baeef4294f164eacb00b8637a0d74279cbdcca052b02f8782c0e51d5516bd0bc 656ec3f9ac75ea0401983de1401fcaff86dd4050f7b5046c2e81b50d1e0c8a53 8622f3318f9c1d6e096b340792d6b28c3793376c9fd9bf899713e9df59e84117 0e00fa00cfdcb476d79efdfd6272dd3586d0520aec6736dc1c6102e8d885613c d02fcd32e1e1ce9ee7dae3a6c9d169922180e07710689b62dc2c3d6f0302a093 2441dbd4646f9b2583412d6ff7bff968e08ade837d09135f308b44d7b2abedaa 801f568111878650318333e0f0e8a311b42aa0e01f20df637004539d3a280542 8ea50cb826b3abf07c093312aa0d87aee7cc0558344b89b37f08822ba09d66c1 dbccc5b2ef2cb6f019f9fd57daaffb415cc12caaf7f3d91666624da68286b11f 16306c34ffb473b5101912b971b6e372795546ddd0319c9f297ab38dda190da6 2d1cfb2aa0802bf417832ef253faae82e572e9b52c499c71c27a42bcef5f0a0f 156644e1b8c125f4329eebc6ed6f5c6bcdce235ca2e96b90ba2c6232e3e05855 157d36ccd92ce67a44370820a600ef09e3bad30d75844183ceae92f742ab808a 5a91951fdf399724be3cf39886fa3471f3292958351283ee097e2a1445fd42df 11b25bf1129504ddd8d8ca4b8458abf31fec92d613939cd361206355192a1955 5b78ad5f919f64a1dc365b47a539b457022ba173887ff0c10ec52f8614bf8b82 175c4b66d324ba5604f5aed246f518a9e5fcf02110439ef341ab096be6bfa6e9 63b302fb515fd00679a7338e20366472c8748339b669957da12abe9c6d0e880c 008cd182dbaaf78dd31e3bf2d5bae43fdedc47508a9e0b28f7f74c1ff635a6c5 e7482bfd73de87d78c289cc2105036341cb6d328ebeae1c6a6b91de1877b88cc c1cff0c3f4fff8744ea5017180bc02e6d12f26aeff29e92d659f696b623629b5 d10b1ba15b026e59151583f570d050299b0e9f2a424c38abb9c548b4f1973bba 95022207bc1e028274fd6ca1ac3ef9193729ed6f5ed29726a902fa60c613225b d14a8ab468ae25e27cfeede518b42b898c60e68fffb690754e65417fa7c7f366 6b1605c8293142673e8d214d4677a10ab1b0d6058976434ad56dc80edb852f0e 5fa9043bceb9dad190a29ea3231dd6114b3fbea49afe1d411d55b768e776f51a b0d137f5a3a0682280dd71ca62e0d948830545c45873ab1cbd42f405d27b9a3c 86826457fcbd3c5a312543ec9566bc01b64095d05dfb1ecadb479dabad8b7895 fdd41f0a4eaae4017715f2d69a96efef11b3800a8440b25b5864e0ce45a1ad47 785d2c4cbb3dc576bda6898a996ca796ed64d8661796201ca2ba586ec61f5461 fd060f10186389b9106579a5e93ac60c21323d586265686c79e0e20f2760a3b1 dd00000000000000000000000000000000000000040b10121e24` } } } } } }]]></artwork>]]></sourcecode> <t>The following is an example of a signed-data with a single ML-DSA-87 signer, with signed attributes included:</t><artwork><![CDATA[<sourcecode><![CDATA[ -----BEGIN CMS----- MIITTwYJKoZIhvcNAQcCoIITQDCCEzwCAQExDTALBglghkgBZQMEAgMwQwYJKoZI hvcNAQcBoDYENE1MLURTQS04NyBzaWduZWQtZGF0YSBleGFtcGxlIHdpdGggc2ln bmVkIGF0dHJpYnV0ZXMxghLhMIIS3QIBATA6MCIxDTALBgNVBAoTBElFVEYxETAP BgNVBAMTCExBTVBTIFdHAhQVn/5vIv1cxCxSTfb9XijQ3jjzTjALBglghkgBZQME AgOgazAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBME8GCSqGSIb3DQEJBDFCBEAC T17yhGvaIiDlQiCKz9cV3dO44RHoOQ1ihksdwSjAosm3RWewuVXGF/ACIE0n2IeV aZ4GXwFq4xxtCktCZiJkMAsGCWCGSAFlAwQDEwSCEhOYY96ah3JfVdeWO1CemlSW 30ZGl8Qta5PTVd4n2ccPMYjFeqR5KIy1uKqZOnKPnnXsEsr9wlvhVNxpHxWAqxpD 8mkqUmRT2Cyd0a6qNcIRbA3iXtLjTy6llMey1AnbSRHlRuDilT8OpzAbDy9OEROY IVUhWDPkncXGe7dKhG52hdR3vk0yc0/AxPe7tC14oYRnruGno/v8rEds4RblHvTL sTHVZWon+hg2utzDkNqFfYetYxD1t46FzgZv8ATW9QQ/whuxPIOCdl4jleW0wCIp 496Gz7CQ5mGNsvyDA8rm8+LU56I/DnDUUU9w6qqC99UMbcln30RVoVcI/xV1C+Ch JIG+HlH+c4D5/It2wnHrUiHIV1we8O7joEuHRnAPmfBTkt6aafqjAoJcxm8mZem2 x65lrBKk/MdCotYj6eCUi3MHMpHcQXL5C02wOm2W++WHcVNHMLbhOb+P7JT/hcTq +KZ4KpSyuPJ82i8dhPAHkV651ZyHPbW1sfLFcqpiT59ms8VHu33J2tpcisSWHjCB HLk67gss1PYXks+DIBrv5V4wjQsYDdxF2qNn7/Vm2q+9b81NQD7HshxWPDjFpIoY fl5upDCh/NF3866Xamu5OViOenpx0szKNgfIKQZeZ7kSX9YFbWYssIuFJXjJ2I/o czPO/2GCf6ca8CFZeG9Mg30Rk08ICNj1NlRx1tOx8eKxWOs0HYmls9WQnI3SL2ir pdYF3hzDSAOI+A/h93ip7hgyuqb74xJqVBmb7PQk5HpFasO9pk2mmDZbVMxOtc8q hCdzdAmvADUis1GI/lWjSBG8i6wGAVrdQ4pdFbgxgNPe2JxAvn8xM0np7d5lVlEn TvbrT/1nnPtCtglPK5Ls3WrBDacKJMzRh/uj1yfbsaRs7rwBxMmgf1TfgG2sdzFw cr5r/1NGxhjhyw5OuUQJeBVyAmbgsJxQHo3gsFzPq/Ld++4N4/zNXg3FYqlc/CHs wO1gojgCPbKYL5mglJuWIwsmI7iCE6ikrlSulxXp/bLmfUClSeeV48+OzASav/nY SPC9McplLdKS6fxpyLsv6tfjip6DV1E9XhXCNaKzXAfi0yYj5GE6gsEk/H+cuBJO irVweL30w+0pmMIqMx493f3LUlqKmFHp3rPlG086VYciKW8IUp/2V+I4Fi/JdOlz U3GiDBUmrMchATgFXkb0Qod2uOPqMiTPeAOQkO309Ov+pXD+zX+DwpjURzN5fmV+ lj/nLe1BD4iInFAjDgwuR5DjNeCsB+1MPLrrkNe6dhkZJu6sllqytq6K9LilAeeB nYMIV7hqAZ3Fy2BhnHy2FnlupZJCgjOH8bSldAbH2NFR+IAth3o9wJyAWfSl3lwD H6FisurRJe7n3lP7WF2DtcLMVs6ONswKXzOcm3E6N0MkCLeCiEwt8UHAu1E3zpVy uGx69dczUvmc16r7AxHK9uGUTZg7meuLTDMtkx3wr5GJ9BI3p1RYtXeXtxhr67X3 qkNz2NtUBt8qq3iXmdWwQEw+9OCGuFxXFY70cYJFGfk4kdgQh6kTaqNa7Fa2+pG7 KGXPH6sSJZwXAl1Vj6KOIQuwmkx8Rml+DWe5w5WPYASqCz/b60EstV6pT+BESSJ2 mSFlP9KJNWlnZVNuPML9H3t5K5qqAbUKOubsYWLql8sAxVT7S9WkXmK5RKartrSk /voXuSVefT8ev4hEr33ujnBnOUptpx+z1eRJ5555IMWRFIBCkxLpC0l1aOH9vFjg P1huYGL46zcZ/3p+lNWd4qZVf7VxBdJH2U1NEnN1FpocTF17adLdCrFYNfXLVXcL C4UhcBVX2PVtT2knDqnWe73vimTlTiMM79Yno6EK2QQ7wCU/dt2QzfwB4GbpP2qB Mh8fnfJfK7fY0VUvN2bJttyzQYqh83DpgJJ6W1AFNZjsm/JJ8Pq74qy+6uIXKVGa 7mtvOvvwZuVP6nVVBMjGY4Brx1ZIg7I2I0yaTK+LmOFlJGTyoktzgSO8/AWwFlvf qSLcX2WVOs0wic9MLOj3yZNeVQhEmKaq1TQ0gtaw6NYoa0f+mGT9w/OtC0ltTWfy ohM4LbOGEyupuosv0K4ZiEU740Ir4y39zUugVHY09oHTzG5iSYbvRviewctNWKq3 LYXwtqObyov7SfV/YbQSZxo9azdQtasSqdqcN7LdoheoK/Tfs4pYAt0s3yE5Dd/O lZBdk+M/mpkQnwrel5FE1ahDGrQoyTwOiyJ6JWXsILMyEBlNvBYU7iawHe1+R7hn MKamavolV9EYtTzFmXn5fupDItjwHIYWo+J3NZoP8uPu5OS/IdJCavge+KYi8pjQ 3F/QGbR5+kMCmNs7lUdqTRy6oYWtzxIzRtYWBJFphowPUS+OV69SEMDYdJBF+83Q Vyojyj1l3gP4lOpJwFlgIajPxbqphaqTTqAhDYZxIvxESpd2ZARd+afL6wLPRfRI sHJl/1z00/xHF+40ogOMFGao9zZl/yf8h6Tt8rDzQvzva9ftHWr0wLvengvKIa2i +TvSrHrQwxwv3C/tSH205qadjJifrBQQGvL4lGI1TK54/9qJZYVDRoKCF7HybtAY NW7jgdrEXim3B4Q2zZbCzAj53608oGpw6pl8wg84zqMpsPMse0WEBLOSDEamu+u0 9WSBct42O59gwLR8togJjRrme1dlc4DbgtvqFpt3jvUSrxhFoAmF+bFOgUNXKydD l7YuuDSQX0vBsZwwA/HRsldEU2Ui9EaaYAsB1RvQxajfHZ+89h1/ciHgOfqDNGUo Ys1Dm5IDI7KzG+CVDHsVcaHq4Z3xZ5qWwYdVG3goOJw6b2OQ/KQjFR9ewjzuEkOn GDl4vYRRoraGc5m/PPzOetJHbzXqgoc4ztlkfZlc/ecjgyfzD+7a9f/X2HCcO5hU ZO/P49aysUZWSxNqY3rO2J80F+9am6ooySLBTmCOz2W75o0hO9eSzrwK+MUtQW2f VfgaisIoQzpchXma675Vnu3ikH3VUlqse2CDMXZtmLcJMxTofWogekIvFO7bxeEt 3eBHAUglLt63PgByQlTXMCfywLru2tP9MngNGeM/mckXFg7LQsyQBL06/O9oga+C 1UAAL2onrz4VpwbAAWMjYHgaizJ/4P3bfREmQ+66Inb5xF5m9mZoUG5t5XjKze0W JbaANsnwz72+qPd9LFkj2W/qaRilR6N6aYDF5vtk1PXRjfh7GzwGQ/tPy88SROGN aWlyWdI9Q2zvTOxAwk9OO5fxQMUS3CVwa6L7DaZYFPNmJ89RnPG+HPd7wSH8/Bo1 KVjJVtnyx3D+2E5viLnLE/+0it7JXF77BARNrsybJLIEHXfjXl9XBFj/BibL2ovG 8xrPzpt1N81qyDrmOAL1uYNYonsvK1uEKBa9qwYLTPgDTTp6KctJlXtmt7PR7opl ntj5CsWZxpLC6AT6xH2knUGoDoRbE3F1iHKB2xOP77X1zGFp3Lc7UTnzBmwipTpW 5VPXVAC5vgZt/N5/z97dNuEmwkXXyYWV2SbL31EabBagv3cEP5N8swxTxpgrJaTs 4vu3teTneSSR77I2fc+YDeTBqw3uewplOnfm66XsLW1KBSsAI/6iFBl4w1t8h/WH rE/2/8Y49UobrrpdoMFDVZf5ZDlsxNfD8fHUmYNFb+NsCYV+MaBukqZzujLw78C9 znZHlQzbGrzIK+xmPysgudCGJXpBlZ1kiD3S+ACwdqLW1UZrZ2c+Vcch0OOueGVN uT1e7eUZs1IkkGgzIZjpEIkrLuJzkVqkTIiS/aA4oW9qLYe/8xFJ8co/qU9SI04F LygK4+bj6F4bzYtz2xnEGR4xYKgtV5J6MrRn7PbJUFmaUdMHwynAud6Npo5P07ll EugZH6HL1Wa+ep4YRrxgVmP6SWTWq7Rn6f6FAh1f+iIYcy9T/Sk3kfKVMOkA4cmb 5f1BE5hqxDswyI8dLBBczSgr0MUmNuP9WipzNmrLbvs4ZypB5zQH2xopPel1ZdkW 9iJZkiv4y21n5BjVbAayqdBJwexlkhwb2Ns26nY/kgGKZcdKSoERxvyRAbYUTYoq Cj+CI32x7mjof77CjY1OvMVmHdRFxV93OzfWVngFRNfURlhtI7Q1Wq9FLqNgjSb5 Tza00aJbD6OrqIfFLLhXTlqKY9qGs3fAqFOLwFgPyGGut9t2m9uD/YD//5ZZj/MR wOVojznVJ8kuPVuKbiG+jHFUGxKUJQ97p6JCwnND0ZDAOrrQiBm/X5nxS2qA8rmT p+b7brWo0LEJlM5gUDJO2AYh8lspKKThTUExH1RT7+GTPO3MWFOf4VDy5jbAwPMU bHcEBpRbv8589a17YsS9u4BjGGoHtGBtKEHtK7FhMmUd26sqc31HfzHsy5570dvA P6y4dn+nmMI1C5M0vHpFSeuDNL0rD47MNHM2cJLWpRLo9Q0KuqEGG7/kSnwFB76m ruMDfzfEbBSRzSeA/uNzEBCjdzqZU3vwnOKEhQltG2vcmpq3P8g1Dh48LNJiBY3x 0TFe4bh36rIwB1L/fqMrVIUsv+DuuEybqEX7LNBTwWxZ+vr0IK+De2n0H5d0pY3d Vg3LsXSF65YF3uqe33aBoEOy9SIzjshngSEEjVCRvvWn0xAJ67aYkOZFfzm5hTuU rMiTYDT42sDA8QQ2+pixdIrpCOtDERa8usQHPOmsd/n5VsBaquOYRKJw6k/gNWUl oDjGuGgUJ41G2VjvreV7x3zj0ITNtLaXj0NzIVZI0LUrvnOF99FmMM8tS05wnUih E2NpRqCs+LpUuN/JOpwmEenfGaFJ1jV6BXb+dHz728NHRU5Lezw+QBGVJR6i99Qz quWHlyr6p+6Ykkcmyj/idyb5LZLDhQW3Yc5EYK4UdeJDXjYr1LNV64ncXbzmcEAF Y5TD59BIFflOE13OyDniY0WbqJl6I7uPpmu1tfoTxUhbM7HDa2cHqQ5caJKYkOtk lZFE4QKxuCoqI2cgn6vszkUrLPD/Yo+unFKQ5tBTNceqMO+YW6SNH75uRjVyT0sB 9GofTeyIxftebq5hof9+XRdPn8C6zQOjnLv4D5KibJrart11XbNC5JWql+ul3/52 FudfRv5dUQcqqsXPJRTV+s330BYuDUfXnNxJk8y8VlbDbfTfgGwyWh3FopRcpd/K s7PntnKET792spvx9RaHL15D3iWIC/xCbpPSeMPsSDCc/VlDiZOYIwMT/GNvL4c4 blE6AhqIBNg5S1bFuXh05IOMa9ITqptkImZreHWAKg1RI2GWVHIrmPqpYNVzrTSS 05EarQa7Bd9dTDdjbsBX6jvrq0zu/BdhySK/TNGEr3hE2u0+++M4nfjRqZnUqTCd zyiXMw36jyWJxdF9FjrJpnkaRq2fB6+7a5hnBzIvIIQ0Cm+91uWUi1z24vGM3FSB a3fpLFX1p9ckiQGlOFhpdfZoGMOacb3LpsAgxld46zBwhc7Rk0OkR9N9jRRgCbAi nlhHsZ7Gc1AVnnwlYYAq8BnXRerrkTIPvE4FbXzcJCL/IcTBQzyPM8sTDJnaDvcw 2aUopkGXDL9Cm8nreEnSxTAh0T9qRcWA9XDivGHDROC171T1uEcL4ErM06YZReJN 9xPtsg3x2VouYo6V/VoG4c3Ia/chA56181yCGTrmgxIdJ5nSHUZrNMvx8vjdLu2a qCKew79jYIyzRIoX0SM37lehkJuMRU7hfziMrC4fhVSjp16MX9fV7r5lRLfJo8n/ n6hgrjDXmpSqzGRRatsCLjbYy/Bij7UljieM4uyst1Tb3bJvE0xrQRTQqcjEfEbx oAnZkqiDy0qMU9EK5v1EnpAH4XEoaPut3Lezocj2CouAJFo9q71aM0FJ6HMAb9hM jKpXuCG/h8xe9uPRXT5/cJCnz6OaK1m4BGT6HBg++idJiH+dS4FBUmO6CN/AubuZ Kw0Fj0RtohMmt+9RhBrxg8JrWFFp973R/W0NP1oA+TK6lJ9q56125ILHJ+saMwAO 93kz15TLPWIfGj/wvbnkmvPCAKCvxcaAUt7iiKRZBHGc1ZZ4KoNapkiIwJdGb9eh N546WTMQ0vspzgjx6zkZWgAOGIaNmrCy07Ln+QEIaqO+wyBRYYGOmK6xvczS2UO2 1+UJO2O/xN4BEiktT2yN0NzsGjJETl5vjpnE/wAAAAAAAAAAAAAAAAAAAAkMEh4i KDI8 -----END CMS-----]]></artwork> <artwork><![CDATA[]]></sourcecode> <sourcecode><![CDATA[ SEQUENCE { # signedData OBJECT_IDENTIFIER { 1.2.840.113549.1.7.2 } [0] { SEQUENCE { INTEGER { 1 } SET { SEQUENCE { # sha512 OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 } } } SEQUENCE { # data OBJECT_IDENTIFIER { 1.2.840.113549.1.7.1 } [0] { OCTET_STRING { "ML-DSA-87 signed-data example with sig ned attributes" } } } SET { SEQUENCE { INTEGER { 1 } SEQUENCE { SEQUENCE { SET { SEQUENCE { # organizationName OBJECT_IDENTIFIER { 2.5.4.10 } PrintableString { "IETF" } } } SET { SEQUENCE { # commonName OBJECT_IDENTIFIER { 2.5.4.3 } PrintableString { "LAMPS WG" } } } } INTEGER { `159ffe6f22fd5cc42c524df6fd5e28d0de38f34e` } } SEQUENCE { # sha512 OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.3 } } [0] { SEQUENCE { # contentType OBJECT_IDENTIFIER { 1.2.840.113549.1.9.3 } SET { # data OBJECT_IDENTIFIER { 1.2.840.113549.1.7.1 } } } SEQUENCE { # messageDigest OBJECT_IDENTIFIER { 1.2.840.113549.1.9.4 } SET { OCTET_STRING { `024f5ef2846bda2220e542208acfd715 ddd3b8e111e8390d62864b1dc128c0a2c9b74567b0b955c617f002204d27d887 95699e065f016ae31c6d0a4b42662264` } } } } SEQUENCE { OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.3.19 } } OCTET_STRING { `9863de9a87725f55d7963b509e9a5496df4646 97c42d6b93d355de27d9c70f3188c57aa479288cb5b8aa993a728f9e75ec12ca fdc25be154dc691f1580ab1a43f2692a526453d82c9dd1aeaa35c2116c0de25e d2e34f2ea594c7b2d409db4911e546e0e2953f0ea7301b0f2f4e111398215521 5833e49dc5c67bb74a846e7685d477be4d32734fc0c4f7bbb42d78a18467aee1 a7a3fbfcac476ce116e51ef4cbb131d5656a27fa1836badcc390da857d87ad63 10f5b78e85ce066ff004d6f5043fc21bb13c8382765e2395e5b4c02229e3de86 cfb090e6618db2fc8303cae6f3e2d4e7a23f0e70d4514f70eaaa82f7d50c6dc9 67df4455a15708ff15750be0a12481be1e51fe7380f9fc8b76c271eb5221c857 5c1ef0eee3a04b8746700f99f05392de9a69faa302825cc66f2665e9b6c7ae65 ac12a4fcc742a2d623e9e0948b73073291dc4172f90b4db03a6d96fbe5877153 4730b6e139bf8fec94ff85c4eaf8a6782a94b2b8f27cda2f1d84f007915eb9d5 9c873db5b5b1f2c572aa624f9f66b3c547bb7dc9dada5c8ac4961e30811cb93a ee0b2cd4f61792cf83201aefe55e308d0b180ddc45daa367eff566daafbd6fcd 4d403ec7b21c563c38c5a48a187e5e6ea430a1fcd177f3ae976a6bb939588e7a 7a71d2ccca3607c829065e67b9125fd6056d662cb08b852578c9d88fe87333ce ff61827fa71af02159786f4c837d11934f0808d8f5365471d6d3b1f1e2b158eb 341d89a5b3d5909c8dd22f68aba5d605de1cc3480388f80fe1f778a9ee1832ba a6fbe3126a54199becf424e47a456ac3bda64da698365b54cc4eb5cf2a842773 7409af003522b35188fe55a34811bc8bac06015add438a5d15b83180d3ded89c 40be7f313349e9edde655651274ef6eb4ffd679cfb42b6094f2b92ecdd6ac10d a70a24ccd187fba3d727dbb1a46ceebc01c4c9a07f54df806dac77317072be6b ff5346c618e1cb0e4eb944097815720266e0b09c501e8de0b05ccfabf2ddfbee 0de3fccd5e0dc562a95cfc21ecc0ed60a238023db2982f99a0949b96230b2623 b88213a8a4ae54ae9715e9fdb2e67d40a549e795e3cf8ecc049abff9d848f0bd 31ca652dd292e9fc69c8bb2fead7e38a9e8357513d5e15c235a2b35c07e2d326 23e4613a82c124fc7f9cb8124e8ab57078bdf4c3ed2998c22a331e3dddfdcb52 5a8a9851e9deb3e51b4f3a558722296f08529ff657e238162fc974e9735371a2 0c1526acc7210138055e46f4428776b8e3ea3224cf78039090edf4f4ebfea570 fecd7f83c298d44733797e657e963fe72ded410f88889c50230e0c2e4790e335 e0ac07ed4c3cbaeb90d7ba76191926eeac965ab2b6ae8af4b8a501e7819d8308 57b86a019dc5cb60619c7cb616796ea59242823387f1b4a57406c7d8d151f880 2d877a3dc09c8059f4a5de5c031fa162b2ead125eee7de53fb585d83b5c2cc56 ce8e36cc0a5f339c9b713a37432408b782884c2df141c0bb5137ce9572b86c7a f5d73352f99cd7aafb0311caf6e1944d983b99eb8b4c332d931df0af9189f412 37a75458b57797b7186bebb5f7aa4373d8db5406df2aab789799d5b0404c3ef4 e086b85c57158ef471824519f93891d81087a9136aa35aec56b6fa91bb2865cf 1fab12259c17025d558fa28e210bb09a4c7c46697e0d67b9c3958f6004aa0b3f dbeb412cb55ea94fe0444922769921653fd28935696765536e3cc2fd1f7b792b 9aaa01b50a3ae6ec6162ea97cb00c554fb4bd5a45e62b944a6abb6b4a4fefa17 b9255e7d3f1ebf8844af7dee8e7067394a6da71fb3d5e449e79e7920c5911480 429312e90b497568e1fdbc58e03f586e6062f8eb3719ff7a7e94d59de2a6557f b57105d247d94d4d127375169a1c4c5d7b69d2dd0ab15835f5cb55770b0b8521 701557d8f56d4f69270ea9d67bbdef8a64e54e230cefd627a3a10ad9043bc025 3f76dd90cdfc01e066e93f6a81321f1f9df25f2bb7d8d1552f3766c9b6dcb341 8aa1f370e980927a5b50053598ec9bf249f0fabbe2acbeeae21729519aee6b6f 3afbf066e54fea755504c8c663806bc7564883b236234c9a4caf8b98e1652464 f2a24b738123bcfc05b0165bdfa922dc5f65953acd3089cf4c2ce8f7c9935e55 084498a6aad5343482d6b0e8d6286b47fe9864fdc3f3ad0b496d4d67f2a21338 2db386132ba9ba8b2fd0ae1988453be3422be32dfdcd4ba0547634f681d3cc6e 624986ef46f89ec1cb4d58aab72d85f0b6a39bca8bfb49f57f61b412671a3d6b 3750b5ab12a9da9c37b2dda217a82bf4dfb38a5802dd2cdf21390ddfce95905d 93e33f9a99109f0ade979144d5a8431ab428c93c0e8b227a2565ec20b3321019 4dbc1614ee26b01ded7e47b86730a6a66afa2557d118b53cc59979f97eea4322 d8f01c8616a3e277359a0ff2e3eee4e4bf21d2426af81ef8a622f298d0dc5fd0 19b479fa430298db3b95476a4d1cbaa185adcf123346d616049169868c0f512f 8e57af5210c0d8749045fbcdd0572a23ca3d65de03f894ea49c0596021a8cfc5 baa985aa934ea0210d867122fc444a977664045df9a7cbeb02cf45f448b07265 ff5cf4d3fc4717ee34a2038c1466a8f73665ff27fc87a4edf2b0f342fcef6bd7 ed1d6af4c0bbde9e0bca21ada2f93bd2ac7ad0c31c2fdc2fed487db4e6a69d8c 989fac14101af2f89462354cae78ffda8965854346828217b1f26ed018356ee3 81dac45e29b7078436cd96c2cc08f9dfad3ca06a70ea997cc20f38cea329b0f3 2c7b458404b3920c46a6bbebb4f5648172de363b9f60c0b47cb688098d1ae67b 57657380db82dbea169b778ef512af1845a00985f9b14e8143572b274397b62e b834905f4bc1b19c3003f1d1b25744536522f4469a600b01d51bd0c5a8df1d9f bcf61d7f7221e039fa8334652862cd439b920323b2b31be0950c7b1571a1eae1 9df1679a96c187551b7828389c3a6f6390fca423151f5ec23cee1243a7183978 bd8451a2b6867399bf3cfcce7ad2476f35ea828738ced9647d995cfde7238327 f30feedaf5ffd7d8709c3b985464efcfe3d6b2b146564b136a637aced89f3417 ef5a9baa28c922c14e608ecf65bbe68d213bd792cebc0af8c52d416d9f55f81a 8ac228433a5c85799aebbe559eede2907dd5525aac7b608331766d98b7093314 e87d6a207a422f14eedbc5e12ddde0470148252edeb73e00724254d73027f2c0 baeedad3fd32780d19e33f99c917160ecb42cc9004bd3afcef6881af82d54000 2f6a27af3e15a706c001632360781a8b327fe0fddb7d112643eeba2276f9c45e 66f66668506e6de578cacded1625b68036c9f0cfbdbea8f77d2c5923d96fea69 18a547a37a6980c5e6fb64d4f5d18df87b1b3c0643fb4fcbcf1244e18d696972 59d23d436cef4cec40c24f4e3b97f140c512dc25706ba2fb0da65814f36627cf 519cf1be1cf77bc121fcfc1a352958c956d9f2c770fed84e6f88b9cb13ffb48a dec95c5efb04044daecc9b24b2041d77e35e5f570458ff0626cbda8bc6f31acf ce9b7537cd6ac83ae63802f5b98358a27b2f2b5b842816bdab060b4cf8034d3a 7a29cb49957b66b7b3d1ee8a659ed8f90ac599c692c2e804fac47da49d41a80e 845b137175887281db138fefb5f5cc6169dcb73b5139f3066c22a53a56e553d7 5400b9be066dfcde7fcfdedd36e126c245d7c98595d926cbdf511a6c16a0bf77 043f937cb30c53c6982b25a4ece2fbb7b5e4e7792491efb2367dcf980de4c1ab 0dee7b0a653a77e6eba5ec2d6d4a052b0023fea2141978c35b7c87f587ac4ff6 ffc638f54a1baeba5da0c1435597f964396cc4d7c3f1f1d49983456fe36c0985 7e31a06e92a673ba32f0efc0bdce7647950cdb1abcc82bec663f2b20b9d08625 7a41959d64883dd2f800b076a2d6d5466b67673e55c721d0e3ae78654db93d5e ede519b352249068332198e910892b2ee273915aa44c8892fda038a16f6a2d87 bff31149f1ca3fa94f52234e052f280ae3e6e3e85e1bcd8b73db19c4191e3160 a82d57927a32b467ecf6c950599a51d307c329c0b9de8da68e4fd3b96512e819 1fa1cbd566be7a9e1846bc605663fa4964d6abb467e9fe85021d5ffa2218732f 53fd293791f29530e900e1c99be5fd4113986ac43b30c88f1d2c105ccd282bd0 c52636e3fd5a2a73366acb6efb38672a41e73407db1a293de97565d916f62259 922bf8cb6d67e418d56c06b2a9d049c1ec65921c1bd8db36ea763f92018a65c7 4a4a8111c6fc9101b6144d8a2a0a3f82237db1ee68e87fbec28d8d4ebcc5661d d445c55f773b37d656780544d7d446586d23b4355aaf452ea3608d26f94f36b4 d1a25b0fa3aba887c52cb8574e5a8a63da86b377c0a8538bc0580fc861aeb7db 769bdb83fd80ffff96598ff311c0e5688f39d527c92e3d5b8a6e21be8c71541b 1294250f7ba7a242c27343d190c03abad08819bf5f99f14b6a80f2b993a7e6fb 6eb5a8d0b10994ce6050324ed80621f25b2928a4e14d41311f5453efe1933ced cc58539fe150f2e636c0c0f3146c770406945bbfce7cf5ad7b62c4bdbb806318 6a07b4606d2841ed2bb16132651ddbab2a737d477f31eccb9e7bd1dbc03facb8 767fa798c2350b9334bc7a4549eb8334bd2b0f8ecc3473367092d6a512e8f50d 0abaa1061bbfe44a7c0507bea6aee3037f37c46c1491cd2780fee3731010a377 3a99537bf09ce28485096d1b6bdc9a9ab73fc8350e1e3c2cd262058df1d1315e e1b877eab2300752ff7ea32b54852cbfe0eeb84c9ba845fb2cd053c16c59fafa f420af837b69f41f9774a58ddd560dcbb17485eb9605deea9edf7681a043b2f5 22338ec8678121048d5091bef5a7d31009ebb69890e6457f39b9853b94acc893 6034f8dac0c0f10436fa98b1748ae908eb431116bcbac4073ce9ac77f9f956c0 5aaae39844a270ea4fe0356525a038c6b86814278d46d958efade57bc77ce3d0 84cdb4b6978f4373215648d0b52bbe7385f7d16630cf2d4b4e709d48a1136369 46a0acf8ba54b8dfc93a9c2611e9df19a149d6357a0576fe747cfbdbc347454e 4b7b3c3e401195251ea2f7d433aae587972afaa7ee98924726ca3fe27726f92d 92c38505b761ce4460ae1475e2435e362bd4b355eb89dc5dbce67040056394c3 e7d04815f94e135dcec839e263459ba8997a23bb8fa66bb5b5fa13c5485b33b1 c36b6707a90e5c68929890eb64959144e102b1b82a2a2367209fabecce452b2c f0ff628fae9c5290e6d05335c7aa30ef985ba48d1fbe6e4635724f4b01f46a1f 4dec88c5fb5e6eae61a1ff7e5d174f9fc0bacd03a39cbbf80f92a26c9adaaedd 755db342e495aa97eba5dffe7616e75f46fe5d51072aaac5cf2514d5facdf7d0 162e0d47d79cdc4993ccbc5656c36df4df806c325a1dc5a2945ca5dfcab3b3e7 b672844fbf76b29bf1f516872f5e43de25880bfc426e93d278c3ec48309cfd59 43899398230313fc636f2f87386e513a021a8804d8394b56c5b97874e4838c6b d213aa9b6422666b7875802a0d5123619654722b98faa960d573ad3492d3911a ad06bb05df5d4c37636ec057ea3bebab4ceefc1761c922bf4cd184af7844daed 3efbe3389df8d1a999d4a9309dcf2897330dfa8f2589c5d17d163ac9a6791a46 ad9f07afbb6b986707322f2084340a6fbdd6e5948b5cf6e2f18cdc54816b77e9 2c55f5a7d7248901a538586975f66818c39a71bdcba6c020c65778eb307085ce d19343a447d37d8d146009b0229e5847b19ec67350159e7c2561802af019d745 eaeb91320fbc4e056d7cdc2422ff21c4c1433c8f33cb130c99da0ef730d9a528 a641970cbf429bc9eb7849d2c53021d13f6a45c580f570e2bc61c344e0b5ef54 f5b8470be04accd3a61945e24df713edb20df1d95a2e628e95fd5a06e1cdc86b f721039eb5f35c82193ae683121d2799d21d466b34cbf1f2f8dd2eed9aa8229e c3bf63608cb3448a17d12337ee57a1909b8c454ee17f388cac2e1f8554a3a75e 8c5fd7d5eebe6544b7c9a3c9ff9fa860ae30d79a94aacc64516adb022e36d8cb f0628fb5258e278ce2ecacb754dbddb26f134c6b4114d0a9c8c47c46f1a009d9 92a883cb4a8c53d10ae6fd449e9007e1712868fbaddcb7b3a1c8f60a8b80245a 3dabbd5a334149e873006fd84c8caa57b821bf87cc5ef6e3d15d3e7f7090a7cf a39a2b59b80464fa1c183efa2749887f9d4b81415263ba08dfc0b9bb992b0d05 8f446da21326b7ef51841af183c26b585169f7bdd1fd6d0d3f5a00f932ba949f 6ae7ad76e482c727eb1a33000ef77933d794cb3d621f1a3ff0bdb9e49af3c200 a0afc5c68052dee288a45904719cd596782a835aa64888c097466fd7a1379e3a 593310d2fb29ce08f1eb39195a000e18868d9ab0b2d3b2e7f901086aa3bec320 5161818e98aeb1bdccd2d943b6d7e5093b63bfc4de0112292d4f6c8dd0dcec1a 32444e5e6f8e99c4ff000000000000000000000000000000090c121e2228323c ` } } } } } }]]></artwork>]]></sourcecode> </section> <section anchor="acknowledgments" numbered="false"> <name>Acknowledgments</name> <t>The authors would like to thank the following people for their contributions and reviews that helped shape this document: <contact fullname="Viktor Dukhovni"/>, <contact fullname="Russ Housley"/>, <contact fullname="Panos Kampanakis"/>, <contact fullname="Mike Ounsworth"/>, <contact fullname="Falko Strenzke"/>, <contact fullname="Sean Turner"/>, and <contact fullname="Wei-Jun Wang"/>.</t> <t>This document was heavily influenced by <xref target="RFC8419"/>, <xref target="RFC9814"/>, and <xref target="RFC9881"/>. Thanks go to the authors of those documents.</t> </section></back><!--##markdown-source: H4sIAAAAAAAAA+y92bbbSnYl+o6v4NUZIy0VtTfRN0qnbbDvO4Btlkc5AARI kCBAoiFIysffUg/1GfV074/dFQDY7b2lVKZrDNdDKvMckUAgmtXMNdeKAM/L ywsVOZGLvxU+TUJc8O1CtMaFXvelqqkFzVl5KIoDXFDdlR840XpXcLy0RSU4 7yN/FaD92jELPRyGaIUL2tmL0KnwudLTvnyikGEE+Ag9591dH+1pnygTRRi6 PH8rhJFFUZZvemgHs7ACZEcvDo7sFxft9uGLuQtfdu6LFaIXWqLC2Ng5Yej4 XnTeQ/NWTa9TXrwzcPCNsqDPb5TpeyH2wjj8VoiCGFMwAY5CAUYwEQ2bMSzj /IlK/GC7Cvx4D1e7zs6JsFVQLcuJoGvkwoLMNfKccBcWbD8oDDuteQF5VkHr tXq1T9QWn6ED6xtVKLwUYIbp39ks04+W44KwnHhHHbEXY9Lubx+sUMjW+mkG c3a8VaFBuiLXd8hx4Xq4R+HuX4jMXv1gRW6gwFzDjXUU7cNvpRJpRy45R/x6 bVYiF0pG4CchLqU9lMiTK5h3bMCzmfSTVemuAHLfBRmH0UPf13av2ZOvjv/w ROkn6nxdRzv3E0WhOFr7QSpK+KdQsGPXzWyhjL2ChtwIB+kNmDRI6YKI1L4V Jp1CH+UCrJxB/4WrcgsV7EUBTp/BmYgM7L2G3L94Zmi+rvzja7z9YDjVQrvC GDke/s8Oh6Cn1+AvDFeF3rFbmCKv0MAg0/S244HZVl/fXH2eSuZ6fXyKbnN4 HNxK+309Im9FOvgXM23uQfOXMG/+avo7ivL8YAddHlPzrLeGGkvzMPig9crQ ryLNyqV+S9NfyZ1XuAWNKtpg/C0dK0LBCoMZXK3ADAPzFUw4Iust7QN/g80o LME4+xj0dxv5xTfSOy8BXkFrHJTQFVnyS0G6ymyQDJgqeSd3iQ+yTgrjvJO0 9d2OyJ9MxjeVtbwQeoNeCMJpEXgXCqww9TIdvM/zXX91zh9NdUCWnn5PQaXA 0iz/QssvLA0Xx/WKIArsN4pyPPutEBmZ/pEQ4dYLf5O18GNZC/kgCsOQbuci 9Pmh2JMkeYVlvTpeVAqwWdJfxrXKy/wVHniU4KfWdZ6+97BeACrVIBI3oyty 9/0oazXwcOGzqvVfmS/fCtoem47tmNktkKCBQkB9L2/8Wmjpkxcd1AH63mGQ bdounUbhM4iO+VL490JLG5RatUpBlkGUzDdy+fXTB5oDY/+Wdfgg/zo2ghgF Z6IIBq53ht0G0cnHYnHQqxmUyP0Sw8lPkqj4AQgqnV8dxW5UUKMImduwABfG YA7+zrkAOlfGC01Xu9pL9YrkH031Jf87t5naa6EToPUuN8h394evhSEESvfj u43XQhcm8PFN/bXQ+P/+t4fPYfzGKjNUSbV7ndawWr/LAu8DsI5XB5lBCvtX qbzuLRvaz/qNKlzi/oIguRKjcMyTJDUIRS5+0cF8IPA7Fn6pQBTzANIeRPpe jt8KvXO0Bi2DuSC4dv7nX5Ds+LUwAzz7+GbntdBf+R/faxO5/a8g8n6kE9BZ NYYoeETPcuX+BrlmQkoF+wK8ivyrgHIHoyid8CrfikFmXRRFjolfyigEW6s6 EDoBoz5iW58z6vTlawGFBQvbEJysgnFO4YnwKQIYMF3+a8EBNCvs/TB6OcTI i+IdkJCs3/DWb2iu8Q4DCUNRATlANyIfQmMhBWdcQCuIfSHc8SCAHXEQEn+D MaDTEKeci7g+eqZ+yHXPoEkXQ7yJCqN86Btkf66MR5Uvr7B4mB+QvBjgISqE GZ7gMOWDQNiAJRGXzPhPHBKS80BD7wu4BYtCAv/+RSL6SrXIijK69TV96N4P 2C0MDXMJ0mCwjw0XugF+VwizLoA5FiCeHaGh9UplSt05luViivoN4koUgE5T QPlPqjjT4Hul3eca5nHLCTMjICuZaH9lkCt8JrbzhdjTHgVRzvid4Nl2zLtU zw/jZsAO4jBBziDXiEwa3AAwH6b0oTUZPijqE/jAle5+euwcZI0ytEgtPMGu S/7OrxXiCGAjNQdUuE0tt610eN+2wVAL4Q7sEFR4k1q2avI1jVteBFZqI8IV CkEMCt+ltgeWrnWbqY19/55H5d9//5p6AKGdXhrZnyXzkWKQG/rvtJMG9J8a fvwu4bpnSCAC+BjgXJ6E9YCPYRcgK2v7woPT5x9F4Wu63vyrLL0WgCxhWJS6 34NunFOhTEZqvVRfH7j4LUt5MXEQZQEeh7//nnrhzoclOg+8wc/m9mY66bip u0DcDMkg2STAVYaBA/1E/lv7uU67kICmt56feETltwABc8/vk65vl1NHBMaR 6h/6MVwMY9RhBIzM9Rs5gmUD/yPaDnEU5gr9wOUHrWphDYMbGFKNq3KIm1/N gQdpZNq9aQ5QNsAv8NQa9HxEgUOA77burwUCiXCnCQ2uosgz6/ulR0WDfZBl 3UbP7j1YzSuV6XIPRvdyDF+uwz8qysIRkP+QANRvvwH83hE1FSIJHKn7hRlI EYWRBDaE3Hyi6Z++Zn8X+oP087g2mrTGtSr5rDXVbvf2gcpbaM3BpFu9f7o/ WRn0erV+NXsYrhaeLlGfeuriU2atnwZDvTXoq91P75acKjuDE4IuASyZ5Mwo pCwcmoFjZGIqV4b/7/9keJDN/wN0mWUYBWSSfZEZieguWWMvG833AAKyryD5 M4XAM1BAegF9gdL2BHYzFArXxCbXOCAW9t/+TCTzr98K/2iYe4b/p/wCWfDT xavMni6mMnt/5d3DmRA/uPTBMDdpPl1/I+nn+aqLp+9XuT9c/Md/doFaFF4Y +Z//iSJGdPWke5xq3dwmLHz/LS/J3LO3u1eFv1NUD3nnQpo+EEqFAAICCJIE NUktI0yhjzjArft772kLovy8x/PbeHF9JEwDe+5GXz/qKkztKA6z2HTr7y2t CK/uSK5g6yWdMbCSiFgimQ2BcfCYHTpnYHC3nfmrQCuFR/i8DQcMigwGrDbE D2OlfRVCgKe/fsZ3dnKPb29iEfT//fs//yrQX73pKR7dIer96rLZ/1Brzp2k IkLmXNdPQsiT/+M//gMueK8M9cGj39VuYzBu6c3ei74Y1kCTT9+/3R7RcPR7 4du3P90YvAY+V+tXaoXvt0tpKnGz2cKbvl7/4Fifvz91+OXr07O3yBG+e/ap Xf7nD0PSPnzT5/d/uU3h9y+Fq7vdnv+dyIOi/hGSaAuDVQVbCwDnT58M1ze3 n/4J2oE31yDpI0zV8IGB5FwUxGsH/g4gLq8OkOgEdgDX71HxRo2hH5It526Y d/H9O6km/P77a04Q/pn0xJIraTAhZsAosvz00Cv1j6V0rv+URQ9QmmvdnOaH xrBGx8zJMzsgLG6HkQd/E5O4SQg+50u9qS0dIPVAwiFJ9CaBOk1bbjCT5w4f QwOZG1hzZq3wbJZYXGlFGi+vYcTAMDfA+bvibxN6sIU3M7rzi0eGdBXgB1Tj xtfJQnLBvVnvK1UjROYjBpOy7KeunAi4VvLIaqDjrwXApojErYxUFIJrXvY4 S4IrnunGFr6F3Xx8FUJfbK6/Pi48jXUQhv2dE5EQTCJoAXumb6Ws3HsXJ+5W 8JpZS1bxe2BdHygjg4xcLmlu+5eLfmC8pB6Z8XUr7SiApJxkY9BXKgUyTpZd OjBlEs3vQATYCXMOC4Nyu1bRC61qra+36q3amCBM4Xth4wPzeHFC/wVSqpfo M/sFuoLUITh/ZsQvqS/H4WeZp788lWc/M18KK//4maHhgxn6wWfuS4EURm8C Cj/zXwocgADlWNedDZ7/4Tyu82Sk50dE4S8/Ij8/Ikt/+RGFPJLC029ptnoN hw+UMqWYQxJ1dj4Y0TG8EeLswvff3jFVQqjzqikAzWMWBC79LuXNDCRNgrLk O1NpnCeC0B6H18QVICXL+PPkM51yZhG3iB78A5mic4QARmInGHqU3iRpIOkm C6u34mY6KZjt15QZfhRjwU32ez+I7jZLJhvgQ+wEJPTdJpVPNZsbJAZmTPZP rAI+pdklqZ1Efl6Pufb+FXzMASBI/NhNF+GlC4MRXSejBW8wZrd3MSHN2QJS B70OlfmolXMR8u2RiGiAAylCAyeuWVkWTOKBTHMscasPcuOHNDPD95QPZenT Q/57U0D4kdiymgAqfCJ28inLBa6m8im1oRuze7Ksr+8l+5k0uj+cFlEe5Bxi AmURBjmnfOmNED/M5cOH4JBG3/tkrjb/9YeWR+qaqbDTRI7ESIAq9DCy5ZDy 81XvH07hlZoRHT5phE9Tm3RT8KaUtyyPbK2FEAc9EzzPjQm/u5HJlBOkNDnN g55Wk9m8/6wqmPtDPpxWMRySJ5uIsESw+p0P4g8BG1Ozg8SJuMBj/SXA11IN SOVI6mtpKIPBclGhKAIpx9EVB/LoCu1Sjef+nfPwrwXQ45pQC1K1MTCx5efu H1VyJe8QJrFrXy39/bgoS0jyMmZaRfp6pcFPphc+Onrqmd4/RG/qS+D6ceZP aTHkuoAUPt+j05pEpGv9yiO3PQiD0duKUc6hbxLKQTjtwvLxY+3g/J7E/8Nb bP786V6EIN5yW9Rriur3+uQKppNtxd0BJMfIZzB/TiGixAclgDVZ+ZQf05mb Yz5g0gdZWDobsv+UdUTsLrNh4hUf6xAWGab6fszjVGhzZW65Lm6EKA1tAdkW y9kDiJFY1y+MhYwwLcqkbC2fYh6jsgIuUSmZzKdnrPp0NYJfACFYxyGGZ9Jq GQx9c7x3jntN1rJ5Z8D0buAUiAo22ecj94kJBTdnuZWn3i/XSc0HlhOQrsk8 PqrXP2bNBGf8OPq4rzRWvGHeOUcjMQw8Nq0qZ/D3M+HfKoifb7L48nPseUCS qy08TDulvk+Vpe/ftXyXUHjlyRM3g89FnHf2KdsSeRSBk3nCEbnxDQPA19G+ kj1CjK6A8y+FQUWv6QVNH7f6jSxdiVAWs13srchGmRnhKLxVP3Pqbv1cTNdW f6ugMnUUqsAPb1w/X4r24FvZGnPcvpOhu3MB/rzzxb9W2CDP2xzydeVY85Gg MjOFEFGbD7utSgtkC/Id1NPWV+9+DCWkp1Yvb/vf/0z/939Nm2bgldZ5bsAE WQrQ1Jvb6B8iTZowwbM7x3N28e6Wa90qSi9pcnxTWAY/115fcl5zu50N86O7 DznyR0HzA1Mn7JKkRo+tiGs+quSWx6bO9oGJmSjEV240xjeyeaXPOJtLZh15 3gusx9k719E8wlqBCRIoBoK0JxK+4+BjsElr8VfzSI3jF2jPPSat/eRrBuZv xPLOZ12y9Q2pLw7SVJkEZ1LvIxXoHdn/y/PuVJtXIv0klTtLAmGSk2dPaS7c SJdOruUUjuQXBC1X6/cbnT8Jvyk1+2hj63E/C8R2Y+nh1fZORNhB5kf7FMwJ p0jp1C1Gk5NzAb4mZtdQ9gYy8tnlpnJvhkhky2eZjxjmbDZL3u7S+PF2x9e7 qh4mHKbkMQ+ZeLePzvmtO3HJIOeqZOr9uF9zL06rV6kNPDx2IypPhcvM4dSn WtUwrT3cIYv7ID68eS7HhjfFqze5zD38xw8bvFkGe2UpkMeEoW86qfDvZZqf 1Y6uBuCSnVSf5GlBBpi3Zl/TwknKoO7j/gG8y7DQHwufsw8QN847w3czwL7t jr0+hKHgumH7AdX+mu8ym2vfSXnv+1UTdwNfu7IUEo7SBPxpw/G+X32zSbI/ 5hJtPFYH7t2mppzz7NuijLSAZt87v0nlum8Nd3xyICDAzo4o6bolTfRwF+b1 KrHP2AaPTCEuIiQYRx/sl2YTyaSMCisHiNSzutIanuuTpYQPlvSwnjvXjKBP cP0CW/hv71cGLAx8PAsf70R5W+3jdLz3MPSQSqfs4ENalzqV6wMSXDOeN1Mm LOAm3mth5j6DH27cvlLTLJUmdUh1AVaaVhLRwwSdhwBHyjw/Ma9btvReNXnl hqBPeDewe18fT+7797yulg1F9sJI8CG7hyGBwsDfB8RRC1pTfWGz5B0+ce+m lkWFdBv7zRCANuQRgWFzn2PSSv21KHsvQ2XnZu61/+vGdPiYI7zfV877Tq3X iRDZPSA9EVv5cCc9OyOTnYbJwjjZnfUhaKbP+vtbHdzFK2Sesw3upwJVnhcm DjAE4ifOikQS8pHM/4eHUK7pB2FWgBNp1ptXk/KMN5ctTgt94FhhdoQiS9ld dCYF6aafgBcC4GXZXkpT7Ngzs4kRG8vrWXfR/jE9AoWCyCGeAI/COJ0aK4iF fIf2sfHXzGudm198DO2p1LLyn3P1uhxIH1RyT+gc6yVco8wKyOa2IAlkc/td 5w8nG65U9+pv7/Yy3hT278Nni/tg/C0mN/LtdYlm/4/P4Db4DeLIkp8BLSNz 10D9rh74lELfSxvfCrcoRaLEExm5pqw/oXZvD429IS8/Cvck8nr+ddMrtY18 zDznCh+JVQqwz6l5+JSpPBSNbzlbNnD4sHeTkyeyXRfkDpftIaYbhSR2f4ha lp/6FGFw51eq73sYOnJhGl9vuJGy/rfOnCrxWn+6Gu9T6Hp6dcQPLBxkfg/p kZNXNFxni11n7ftpoeYZVsjWNaG4jpuG+lSP+QG0LOA/cLhccc+cD0KE5/8g T85Zz9ePlwWP+G9SpacIp77dwKMK//5QQrvby7+TA4DEPO+bQB/sJf/qn38n w9wOgT3eyCKNIH7NwFDmv15Vkn7gbve4203udrdTY1j5Ad4ehxGFd8N80PtH fZKefnk1svRumHvvf0WfHw/z/Vvht/e2n51n/tMn7RoAP47Oecn0d4q6uexj VlDIdozf33vEumuBG5zrDe35qAZItq2//mX0zMuRb3bQyTbzDV/vw9134tNN 8TdVmJ+e6fn920/M+6NTQukcfmKrT7ufP7KIN4b3tP35i1b0tP/5gUmA1l98 x7obwkf12KdVvbWIu/o+sIS3RweeS75ZjQRQKHbT/CU93vFQxv8LNvL+fMGP LPCVSqf1s3LgY9Ehxd5bteEx3N3zXpZM8CEVfN51fV/K+aVOuTedwrz7fpQX JB6zbvEp6y7sXUQIgx0HacB8ZvT5rkBskqhhx+6badmPKcVruvN9e7frKZJm BxpuacObMJv60H1GRBhAln71KFYaebMCx106txrYbUJv0qX7rna68wlNyF7W K0WOT4ApOXcremyaOEDwsZfC3dNpfxgeTJtkuwHQroBcetwwvtaULExOFaeC XTurNTmanUbpIH2BppC9j/mwAfSUXOT7h4/kPstSc5N3PGSB9shc9yGOLf/l qdurlfowwOfhuN8Iv5BpX0tSKQvK3CpMa1vPpbLYA33tyFHHpwRwn5KNyElP MD8k6D84XvSanjsmZQJSJ8yOF6eFAJgeyU5sh3AtyFTIXCBFdzLOczuekg5O 5g5KODqB76Vbfam4bqcdSK3nQWcQCkKcvsOZvxtxx4x02/K6t0pe1nBS0uQQ 3vq0aRqQijGogGyFPvWVrH03s4xwj8y85vyIBvZb1WY+c6943GozV1P4gabT E4IOeQwm/0eYBr75PvcqvjJvvD/bX/J3+Pb+BnIfDzOBSZbP5PwQeZXr60/L qDCZMF8F2WbKkTYBZujHIJHwG1zBkA7mC03Lwvc6pxUHT6cnHnr+mifF+EbK H7u47sQ8bU2+O5ByrRxfN9uIteQk+tMaWytsfXp/1JycS4DOry/mpIcq8sU8 aIz4ADD5PTDuyFmlm695hSsV2hunffAuMDjyUpeZv9T1WP9Kn7xeeX1/WH5P fCwieISzMygWYS6E8oeAT49JT0bVN3EYXY97/ECKPxVefp72CdUfguS7M7mp qDK5ZhvpP5hefqDOudWVbjUkBChBDrW9yVMeNoWCwv0E9+248/NA7zRKABUC WUTsO8w3aj5UAnjFkw6yvVESkCCqeOS8gwU5y1/S3M0SHs7iESgz07deyCvz qR3hDCzAL68vC6an7K+vYJIYXY9TpwDwinJvvnadnQEKo7ObWWU2dFbr9Y6+ e8Rvakhk1iTzzUv9b043PZ5suFZR7hUc8IhrcwJSuQKuYfreV+rKBJsfJgxZ epidQrAJdGenr4A9Z+cyTIeMk+2LkXelbvWgVLUkMybhUQevPQKXfCwVxEb2 UtZDtfjrtTJx42jDB8Hd9vYejkVmRReRTU/83utOj+DywX4UEJnBlXKR19af uUzLfsTLfJPlJqKsU7KrGFhJdkjzSDwgFRtA0+36LYbu0hffCp+bWo8ciSyk +3upRp+CaORvyXkz51FROyARIHKUlc4zEYbkvaU8PpGX5u8H8v3cldL5EJ08 7tmB0YapJZR/ull3PWTnYUIJwQ/da3P8uDXzfsP1SnF/tJn7Jql6R2zf7BOl DOH29tqPjkdlcv5w7bnuQNn3H5Rwz1/vB0Xeg0wKYtfiKUrfcX0673R00K3W VPhgc/cPu/iPhc+7+Mv9oMlt/yitvH7K05oPJSG+yxvy8Jc9Q4DhU1ZHTitd xsMBhdQg77uNz3aVmd+nD8/5vTHiZ1qUpQpXU3suwOVHdoAJe+G1Snl7pa6a reNveNkiZ7o3IacSfZB0dlwnT2WyV7tSb26pffVdSlLPd+uzE/u5F9p+fC33 odBjiLmlD6ccIz1adCUZxIAI6r87pn07BpB3+XDns16uMl+yzQaUr2t/NZFP JOH2b0k3CRGfchWH6yuqgm59Ez0coP2k9Vr3tCvdJS+Rnz/J36d9qCt8KuQ/ FHEufGZe2VeZp18ZhhN45ZV5hX/EV/pL+h5cQTXJ24UuxPk0D8yyt+w98zAH eFJ5zI/gets3JZI99vd5zpJvCIHPpy55e7EuAHvC19N5hGWRM6drRN5fetxp +VaYOlvgVIVqvF37R8/5WhjHwEGbfhy6GLx1iDw/LHTAfpCHtg7AU49MbBB7 YQJeuv5aqCN36xc0smt22YIFaxh0psfBbW94hp2Xduyl78mnJ+8fTxGSNy3X GB0zmLPB0Twzy3Eez5d+/aVDpV/zzPZX7Z7oHoQbFlb+7fByroPbwdPrRMPr G9YGxMlUhalR5zbw/bfUln/y5gwspVCrtvTB+FthSDZHU2gipYE8Z0qhw0xV /udfmv+/UtfXXB7dKzu6ltv/Q69pYAACH+79LHqlR8vTN0Vhao/v0dxfRPjH yqBaK5RrjVZf+6c8w37J3yLPf+DhO/itT94s2GFC0l8M3zqTFxKuLyBA8m6F zufMC74U9lszJK3J38pnJXtZgezh7JwdJm8vFDIX/UxfPz06a+7cIOZqrd7q t8jLS9r9iJSuNrT0pYF0xhRVmw8HY10rqN3uHykKmqXftFajr+qTce3l9hLV 1+z3jF4q6lAjP4IyHvQe3hq553QwCVopgA2A4P+cv+f0r49CuBe9Xp7evOC+ gB1Zn8nyUmaII2idrv3KUT4LRITXH1si3/Zb5/RZehDIVVZEKOij2dHsZ0FO xQPyuhUwIVNA99Lk4zdZui52LtDKS65fImiyxjrJQn/VEv8rZHAik360DoYB C/u98Efip/D/Qu20f1/2e+C/OLodZyEbsXeNkl/I0N5VKzVo/4HxZK+pwMQe hU4quE9yf3NBlsi7fa+vr0RbWg+Mv4L24YMZftjr6x9SP0mbvh3gx/dk6eHe w7C1fjX3cPgE/p2/WlM7IUKAwxyo0ZVT3MrEOGvwdErtegwyzN9HzY9u3d43 uP9wxvXpty+MPr2o+lSBvbGayl/HavKXvO5RMzved53Au5N2OWaG6Y/HPOwM XI85pfc/OGaSZzrZu6QkRLy8pABEjCr9RvVarU6oLtodf9laH82+OjIrPlzz 9Uqlsqcr6qh2qupqt7xyV+vtqrwc9WrqqpeMkuwZKn+o7FcXtX6N6XUnY32k 0XS/Ur6gmRUvZ6No2ajTC63s4kY9Mhsnt9W09lZjtTJZ16OM3XTbggZWs71f eFN6Oe+dVqt9hcxsuGqVVV0Ve5VWPov+tKz6ernm1qe1xammq0Mqu9jTK7VT WZ+W9Vbdaqrr0dQrCcfWkTFPlZOm24YydzYjbrO56Jvn5VDqarBCF3VRXm0P 663TUBK6XBn1TpXkSS7lXk1uVLRDQ2sZXHVUa5er9Uq5pnapo9D3a1u7xg22 vfGMDzrzRJHWVr3rHKNRaTCd8EOzVA3s2Y6zpOFg3zr1R/yskpwbVX3WSRzK miVmc6nUuIpO68mGXbVKk54aNiqzSkNT666ajKq1kVapzPXLXFlqk4XjqJs2 O9HqJdpgOpR91j3U1iv1806bL0rLQY0uFum6WF4qzckowQfdDez5ZLcfdN1F pyg3rdKlsjtvDL+zXO4qKtVZ8MHQNVr8TPEs009W2golDec0DQfHQdnZxdaK Lwu64fOcORgnreFMrFvVoIIU3FmZjTVl9Fp1fVGvS7bS5sL4stiZG6mpKF61 bXGWMhwchjO6zfZnF5Gf+KflUHaag1iSVxYvnltJmRpflOkCB9VBWRtsl86E 3Y4m88a60tkN/NWgpsnTFaPbUw6HnnTCXWOw9vj4HOy1QfkkGFaF4srd8ek4 sxyzuEYDrT7yQiHWAiseb+Y66jqyHHnT2da72I5VuXRi49I6tUtSpWfWzPkp LlLdojUZTOfLo6pPuXrLsrZKgOWTwC+llUFvm7Uz3rU9W4kPRVrm941yqRu0 msKpuDwvrIu7pBYhg6T5oTbod0rTVpxU2Zo0aZqLqjYeLNXFuFdv+OdDo2Ml 06pYmjE1t7roV0U8l6aHMOSb1KYaVx3pAGSY3fB+E0dCezRb4Ip20ibhLtkX hZqiiXtuVeLohHdUt9YYdRvLKdOUxF2RL1Ltxcxror1Trw9HvHdyz8WKaIrF dRXNi51B/2L1Sm5EY9T2Tgelfwn2QVJycOswl1VpcFQiChx4mljSTG6YPIqX 2CzJs8Crtkq2dEDahO5ExW2/T/sddoeWx+7CqJ5RVXMn5w7fmh8PKlUfC7ah req7s6QtWL1q8lu53S51rPJBW8lbuhSN8a7szGulhe1GlnVeHsJq8bj2L8J4 vnZpqno8L41RcpqJkmGtAlFfjTv4NI5ng5E+VirqrO9Eu+Flt6yOD61Tax0Z K24T+fO4ra/4wYCjStFmHRSXp8pRuIQr05g47bJTCZvjdWwyMwYHg8o4Ltpb L5kvy6u6xM2i+rpqVw9yrCCaxtSmrM/4U0+dT+0jZ/ottPXC6rBYdZRudAzn p3U37KFxoBj1pWevTXvClwZ0UgwaM2MpuwxPneVaZV0qDYabxei0qx/n6DBV ArZ+ETvb0L1AchX0DqXepj7ZROKxb56aqFFrVUu74umitdUyJZTKlxl92LbK dX/Wqjb17cJXEgdLo5ZoGquedDD2+qmtGigeTujpwmanE12PG6dpZPCoP6Iu vSoA7qY5rW6WXMkvbnfbTeCWT26xfTxJI+wOGoNpf93pDaVB0mvNNwIdge8c xlNXn7eOO2ovjI6lfr09G+ntWfUo0nIvEkq8azQO7fJAOiq6tLJPR4vpzua7 ncXMS7rsD1dKUG+JQaM/pPoX6eSfQvm0VVExLJv+cNcfnbfKQQmD2liuJw6H yw1vUo/Vg+x1bK/IdufrUiten7ZiuW5SiEkq/AgJwykfO51NOAk651kSnxh2 yVmqEXVbttLsa1HMuILUQU67NO9uK+EkrE5V8yB3qUa7uY91ejBYlFjVKbW3 NbGyaTcVrzYfdVenWRNZVXrVDkaqHHjJdGCa+CQBVkin7Xpdoi3K4Jqnrs3a g3okuufZqt5h4mVn3w32jL0VixMGplqsxRPbQudAH0TC3u/77niO/HWrP5R2 1HK5YcDf1zPXONCn7TKSTsiLlkK9zIxiXVnrQt1Z8HrdLzNLodt258fuvlca 1csl3lOWbYeyD4dNRxWTXmV2Ku/DmC8uBzYabZPjeFlUigN51Oq5IzQ+nHv+ EmvTtciyo91kE6uJVDsvFlRnPC6Fw20XM1p9ntRX4s48BJ5aHjfO7LYZskjk NnyvtcdHpup7nf5saBhl7bI9eOZwsTdEqtecj3Sny5Tig+GWjpOa24/N0el4 CVGlVR3Sk+7IWXY1YTgZMHKwmSGubNQGQEr43lnV2ZAagW3Zp+ZiF+ui0t7v kT1V/N0ScbTF7ibVanRRZmf21BjX5N5RC1ASjvs1oRmbZimaL2OXKl8GjaE6 ji6dMueugnk8miiV80LrcTonS1GP8Rl1vhu0B6Umb6xVQz3Ucd3rMrNdaVWf 1QPKN/fTYT9RZ+PRRupbER735qVDTfZmvU3DZdBJSlyuPETyvppUiqK796Z2 o3op992kfNGbF8qfR5uGro/jusMs92exvDqqw3i6NE/zijhcyTXsWwNm3uT3 w040bBejbWXWDbzTpRcHkg8MxRGG3GRZUmvzoOv0kpIt+m40nVZnx0ZV0YUB xrtVmbfHF61RorVTzMz2vfKOOSLmKIiN846aDGJB6TUNcTNm+/uwUR7HTLsk 1Kf+abU+OpGm8quVut52d65n+X1zRuvrZvskSrNyuynJa2o1ba43h3KM5snY tX3zfLCCfsKXFWeq1k6l8ORax7qybx3d0BvPOz7EvTF852l7cZEaDZNii6YR WavK9GzvvYiN2QCfj8PVQL0kpZ6/C4vqPCx20enSjMRdMGu1B2Hcj7pJkOi1 dsxEVGM7csrJMqm6jWJiyLKwOPZOqq/OJ0ooyxttdqmd7YnGb8PeqsFWpsHO xkkT1+Nuqz5WqgzVXW7r2m6kr2bdTmK1E4mbT1b1waEJctbL266vq60RCvVl Z1NhxMGlYiTLo4BLQ11aH46jLeWYtDRsd1sblWfidcPTzqjP1rqL0aIzqpu6 uj0LuLlA1abVXvWWut7pecUtozUXzUp5sb00Kd3XfND0TMKX1eay7bV76p5T S3i1qAeV5n5g7ZwKgIwfsYPKTG7HyvHUGfVm6nyO3foASdSGi6baoTWxjvrm claBiIfTieysO0jTooG8XXsDOzJKaLKRcJ8T681e0sP9Jttdz41Ea7eoYjHm G7MZl/hVeTk5+8xu35RO3V05MB1puA6lVX3fjNq4tdwPy7gh9OJadX+8VJrN cjk4TlSqtpUvcbfbWFiuYbDDWaMnqlyviG3N26CF2B5pXGMyHnVVpTzrRbEm dLniOdrR9cEgGUyBJ64PbLlfPPaT+Y6Zzw5AQJjQ2KsTw1vNtvuzs5/oXKNc Pm72RXXLjVuu6XRHDXPJtNw5XjE1aqZ05MV63fV5ZbDmGtXY5ivL1XDSDZvz Q8esBIo7re5tu7Q1T8kUz1v6yKlPz9tkY9dcd65TK+805i6j8VBkhhxywtEp CVFn1ew0LlXBsRrqpTGKk+lKDRXhpJa2iDHNHpaRYKGi0RmWKGV08NR6PVKD 6XIf+vTcPLPVkhOHM9YwyxtHU/s9vuEtk/C8X9fpWasjK+hQ4hlm1rpwF5Oa 2267NZNpWz3z0rQuzzieBspjsrw6CEbuhZP1WqPbMo+H4VHr6aPxdGK5rKYM Vw1fNvdDqi0U3Z1Uv7TtaKzpySJEWhINJj1mfTzOjaM5swfcSp732oZvy+as CQG7NoS8tXhenQ5GFFFqMBKq22K5xo+PpV65PZk6Qo2jW+XmaTY/iQM90dxN vbopJ5FsDKdbadFDoNDegu8sE2Ezobwx2qLjoN+sjqrOxT5LE7o1Vmubjn7q 6HU03gpi8SxzyrDO6u5e5JIBPalf1PNoOt0u2XhMXcLSSDotjGatvMf7hn2Q KnSi6HvJXqm/8oeqrhfbvvqnP2VZKaT595w0zfbJv55+qei3PMGtQkIMX7Pf 5PgfD7/J8b3wrrAtvbKF36Hxn+l/zX/t6N2PH7X6oKzs6bRp1kh/+HGkD38v 6bdCdrb84dJHM2JJZT2d0itDM6/cKw9T5G4DFW6f7kO/G+y3dDef+tkwHyyc eRjkvvy8C/L67P/IXp+Fpz+9KShcCyd5NeJaXKCeqwuffrqKvyjAj+T+w8Y/ vPx2qL/YPBPoY/Wvj3b4g0Yfa1MABTL004Svf4bkl23J1q2WvXwHciW/s//p g8Zvr7z9/jetifyK9N+wGu5XF9NVe0OtMGv89Qt6/nZX/L8xgmLbWLRZ1rYE 0+RZU2B5yxbhG2Zli7YwJ9scj/+NeurjF8zlA/f8Gx30ebi3nvQTrfx23e3W z/u3KvklH1Y+0M3HlvEGIf6qUZ6R4v2K3377yXrz7d/s1P7ftmL+F1f8BsH+ jTYMW+FEmWF5yeQtEyu0yQsiZg1WkUzOojBmJF5g4QK2eM7mFEHgZM4ybZND li0g0bIsbNocUlgOpkNjRqQN2pRF2uIEGQEBZiVBNBmTsRSbhxFYHv6yadkW ZfiXxf/bXyHFXzDgX7RV7jX9hauPu34rJJsTbEsUWIGRZUROJLGSCD7CSLbF GBaPJJvlsUSJssKbcJVVFFawYG0KJ/MWh22DZyREg8/yksDQJoORwimiIVmS wIqIxywWRBrZlAFCsmybo5FoIk7EMvQkiiIt06wigwY4aGfKIGFblCQBmtCg N5lBJi3KBiOIFOjE5mRGRqKhWDIn05LCWwbiZMsyOYUxadAcdCtIPIdMVjQs SUYyqAYxommS/xAAb8kML2CYBK+AWg2DE1lRYjlsSrZkKSYHC4M/Ng8KR9CX RcM4lgAzM2SBlU1KUDjblGWJQxjDBwaQCMF3k2Z4ibMFQYTFmxzMkZexwigg MQvxPIxpijLPsogSOSTLYEUMazOCDPYNRiZJEjIV2zAB3SyDQ4xiy8DCEVag F1pisGBIPGuZDGsxlCnaAkxKMW1YlYx5WeBZyeAUQ2GRZRkKI1sSDAoWbXOm IUowJ4WVTMuWFYs2OJZCAKwcGDMr2diEv02GMQWbMQx4AksCT1zAUgyT5i3B AuBlLEnkbVCnYZqSghlKwZgWQYAwM7AURCQIlmIgBIYA6kG8SIPFYIOlJSwx tqKYiixJ0K0isqYlIApbEpJ50Bpr2AIPS6VpW2Q4Q6AliZEh/+d5LPK0CP5P CwySTYRA55JEw+QwPEIZYJ0CDRYA3xUs2IYgIoM1QVayyRlgGAbMxpQFZCEO AgZoyZDAZsFEZUlmeYNieIU3WNFkQeoKw1k8tJckmbNB9SYng4YU0JpCs6Yo gjR4CdtIMTCG3gToVqIYC8HCQa+cRWMQryiYBqYNBIYBeqEtJNgwMOYkTuJN O1WgpCCQlCkiG1CCwgYYscmBVjCYhWCbNAeat23AG3AyiHowaUu0aVHiZBFU JmCwL5uBjxKgj21RNsYINCtwPOjdRjzHWxYrs4aoKEiE0GnJosmZCgJxKgJv ygjTsgDLkGlGAIuyKRGag0QMFlusyImwbhhK4QDAFNtEEs8A5MnQA8fbAI0C VsDxFFA5qMpWREuiwDpgLPBOGxuYQRy4LyNgRpF4GnwDXNuiTY4RDIQtQyIA AFBA8wAnBsOLWJApzDMcL1ng/4JsychSZNvEoghLERExUJYxBNCmJGMLMZIB zoRp+B9ngOVagBMUApIgMdAzCIeYG7RnWZYHGGMNWuJFxlDA4ERgDQiMQyE2 LmFYHg0GTos0Q0mGZYkGL4A1QjRABiAC+W4xWDYZHrAEMJ+G1gIYAGAMokEX vIJN2rRtYmaUBdIzMPEfmQc7NkWFQYClpiCCU0BoYWwIJ7Aqi6NtZDAAdxAm AGTAUAENaZaSJRtuc5gTATlFEbAP8lGkCOBwliyAk7MILBU+0ApZhYmM1HnB bbCFAQ0pwo8kUYbHIfG0wUhNieNlhaYZLNm0xAkGjxDP0gyghQCGbUo85kVW tiUabA9bFOA9AsnBHWJRgDk2BEtatJAhw+R5QYApghNAbAPXgpUJoBSiboE2 TROckOLBMEwCHLKlALKCyyksWCZAJDg0mANmRduUIEhA35iRMWCezAO4A/wQ SbIUI8m2YgHAweJhroKgCJxgygYWEQA8CwKywGEFheZNBTDTsJHFAVRbsEDy Eq1JiQgWzGOAZJgxoJMEcAYwzhuCAl5HgokAiA9WTYPWLASgBvBuimDZYPPY BkPiGIMzTQAdUB9YtECaKjIwAlaBBwzLYA2GYcBwTJYFQkDzomLxjIhpFtms xFKKrRCbNMD+ISwYiIG+sMwwgPuGYNIsZmiIWRzhrxiCrAwmAxQEFGsAQwGE pYi9gOOI4IymTAKvCYHXMtIVYBOBQwBeA8gAJoH7GDREDlqCwWkDvBIkS5He wTfAh2yRBuIMDggikSFoKQyEamA9FkyDBssE7IIAaUGgB1MH6GUN4hEUhHgG 1MRgi4QQkIrCMulMAIbAjiH4QDeA74BlSJFYAUHMQ+AiIrEvcHJKsQTgWsiG mCeS9dvgEgr4N3gUQBQHfAqLBI8QK/CCBDqTeZmAC7g8ADPAOsF5xAgI+Bm0 ZyB+kqAjIAWQUFIYnrEEGpYJAMTbCgNxB/iHSeZhCQoGL6HATDFEHoXjbJ4G 4wPzAKGBNbISRhDQAfAwiI4GsYM+CPSB54GiJAjSLMAuZfPAYgyIlbB8mqXB 3Gji0QZQIhkgGIxQlkArIs8CXeKIz3AGBEGRASoDDAAoDpgNDbMG/wSbo4Es gk+Bnghsg7x4EUIyBE7gHaIB8uBAISwwUcAMoCzEkIBtAHW0DFqAeMaTqASx kVVEcCtaAhUCm2JtgYA/RHwJ5spDKAQuJRH4ACQBfiCzLE0kAMICyiHyBk9s g4f4CqqWLRgZIikIACsEQWSOA3AgXsGnfkiB8zDALxDmbQhV4D6KqABHAbWB niDU8JIEMYYnSyeUh6zI5EWekF7TsIDiQFesCXDBACXDxKjAMwijQKARoEYi B9RCtADKINwrEBcsCayaBFKIyAzLcZTE25LNGQZvWiL4IC1gkUQmw2ZsWQRP YgxwOxJqQLLAuZBoYwhqgJ3E75AgUJxpmQDboBJC7YC/WGA+HPBZjBiIaJZI IBQBrCMweBPg2CQCsFmFtmkawjyFoFMCGgwEQLgH0Z0Gh+QYoIUQiESwTQi3 gJkCeLwoKqaBIJwAZQLwAfSSOAocHxwdhAvsCgYF6BQEE5AQ4isClgT2CEZE AyHC4HwMAKmBYFwZvFEmFg7BFUggDArE2jSAXwJTkGwEngP9ANIKiEyNgB0Y r4LJ9qQkSwQ0IGaCy7KAiSB0CFbAnUVwYEAhSIQw4DcSIYkxYFQeKIaBEURg iP6KAQsQIEAKhBYCBIuUbAIzF22Iyzy4DQvhBb7yLPgwQJUI1NWE0AKAzpiK KUGMF2kekMawATUIw2AoGYNUoLkEMoCARuqtYM+iwUkQxRmwaoAw0AqEAaBP kmgzxA0B9QWDhZQMfAHB2OCIDLkhyRY8AhzDFBkI6hDIyWQtSB2gpYQVwAgL JoHA91jDtGHGNAd2ABkdC7ZMLgiQxsmGaMA0JAJhyBDIfzwLeCoEX4u1gUZA gAHPhqVYDLB2lqVoCQgYTQOxgbgKkuVM4C3Ag02eRoQXAC+G3NAEJgs5AmHD Fs8DT2FN4lOGSFOKANxNglQDbB2QUwaWIhDKYwusBQAt8EgEEiQDmJkI9MGC aGxwc5C4ACGKsSliG6ApABVEqIgMtAwQBzBXBpYoISCNNHB1QEpbkWB+kI5B bAa/ZYEDgMUaIAOYDslQMFABxDCA/eBnkDFBPgL/EOQC54ExaIWDRA2D74Ny IVFjRRrsnKcsjsQQG1AVQA14HPAGmC5vEiIBcVwm1q2A0CCaQ8LLQYINNyGj Axe0LYiBFDQ3aMBNMFVRlMl4PEYyUEJOBrFBnoZtQC4eAaQIsG4LsiGBgQzA AAICSAqRCQwf0BVyDsyZNkvTIktbkBAKIHnEsApQMtbgAfl5GegyADjYOjBw 8H1AWKBhlCwQMQL1SY0IgrFggcyAKcq2Ab4gAy+DqGZCeLDBFHkTEZREhPUz YO+0SBkSyxLzEYEjAagDroHGMcvA0BA6MfBMjoR4DqAIEk0IozToCdsCYD4L JIOjiOYJvbMUwQBvhNQSOBP4O8AguKUEHB2MEJJg4LgMIUICw/A0hCqLFgCs LINSWIhwFvgK0GSgUiAJuAvhSSaUFLJaDhAFUI+RFJCYJSIQIXA40QRCRxO6 TUmgBoVVTCCUwOUgosvQAAId5JqgeYkHewHOJQMjAEoN5Aa+giJoMGgBUN0A QGEJx4VkG9Qgk0SNAxABAgQJPEQXEA9D0jokEUoEywSUUSSggxgSY8gxBYkC 0gB8H1g9QCEAEwuUm1dIegV2IJkCY9kcDykfsDseyDZ0ZfLwJIgN+BJwHZmC JB7CNYADjMgRl4AoKdKQpNkS8BvgkzzAHMQbjgHFAfsE4oFJpcEGWkgD9FDg sgxkJSyISElrEECKAHpFIM6QHxlwDxgHDRQVLIPmeDBooHkKTMFEigxtKTB8 gAmOyBcesSBEgGfZkF2bggW8BxgT5Na8BKZmAD8XGFiWIWHIZyDXAnA2KABR 4DY0hAgLTB5CLtgFYxIYxjYvmzwEeAB4MBPIuQ1wZuCjMsQHREKGYiOBUoAu ShxLcl7gxBBeZAOwClgkD2wb4iUAFWQQkMaYwGQgQkMEggyBJa4P6aMpQMKB LQgWQAAhFQUCATkeZHqGkcoFkn8a4j4QV6BWIhBvCNUKZHUyyZLTTI2nYE0i REYsQ0OaR4JsgqqBnADtMQENBeBTFumTWC5wEo5UeUyOkGnFgvyVB7YOLBJi FcfTkEJxpFZgwcJlHsIBSwg3wQIYBPgfp0BqCZkSUE9Yh0XKSgoGbwQ0g5QA BEFzkO5BtOJFCCwKAwmFDSwY8mQGcB5MGagVdAOpF5GQCXaKIVBQYPJ/6x9M sI/insp6z7sc5N+/U/l/leI/f5pTFP7PnOYcdEbvTnMOGptKpbpe/M2nOdm+ 9p86zclKMLN+lPzff5qzOqUs1Wn1NX+wPQDgFkPUHEyni05S6mrFysrkS+XD NBr4nfr5rMdLdcyY2m6NY6Vp92U0rvoa1VrxyUXhN5Uh5leT7sDbHPx3pzlX WqU6YDSvrQqXQWVbatM7e+t6jrZeUeXNpcZempyP7HYz6upqK2onA8lzVDbk o8NuonTt6XTCe0Vjrna33f58sFjQghRYnXNpys+ouBgZh8Zs1p90krI2U5dJ iV9H7XnQVyJD0ou2pnuKqszt3j5kGz3kMIKnHPe8uXEgyC40qu5r/XiXNIIO PZuO2NLeqh/Ok651Pm4VcTpZepu139mNV7xx6neHkQK56qq9VCWhvr+0olad Ggn91eUkBkb/XJkY8eR0KsZRsbWqqAdIZs7e7DQeVGnmOOM8Yymxy6Xp4c3x eOxps3N31KpRJQ6Fl25r25Yb1XAcsZPTuWqWfLo6pPlJ1/ArcplXRwf20GSK vVmrOymO9MmuVGwnKymabtqUEBSlrbkf6XS7tG3gE/CdRhLGs5HZ3/THy2N4 1s89/xIYF2HTRWu9OO/uy+0m715mrY7u8BTPjCtCezxCm2WptlaKk8UpCvdM MvP6y2S+3vPlY8+PO+VSI9Klir0oMwCs50YDn08bVdqOqbazF4fOsD0Z0lxv Dpxne6hvfafaDt1Sc9/qN61urdVw9jJ3MmouPpc6aMpu6Jj2NudJz2pR9V4d G86xOlhrtelMNJyJVO/UzVUf10/aiuuG4gEZ+xIY6nbp+a69n07kjY7re7R3 3KXfpWhUSval08SJJ3rbVsebzWGwFNRi8zRdb9fd5LyNGL5T4Y6ljbmXJ+NL 9ZRIpbXc7V9q2GeGVEXEOrcPa5dhn+5y+qE97lcaYXURBZFL9319sNxvpOmm VJJNdcUHGwYtW+dtKz6DwXaPpxNlbbvowPaMtu9UDqVB4o3rWB1rVhKxR0e1 i71zq9SYcB6j8rta0uP74WLaPo2XF2PihHjbprpFyDx5Xdh7CZMsm2etVkm4 hdPsLprjRXPvKD3fEV3rLDWX5b7OXaTGYFBcDs7qoKl18JahmlWpI3akLt3o iqGyOpfWwDyVkK+e1t36inVC4WS3xcQ8LqqrYrI6y8eKPzJLVUUz111F7lHV zchdF0/0UnYOvt4uXujdoszblc7pEDkHLra3wbjRaR63s2rtjPW5OpsypS0X LqNaY7ubi5SHPHZSatiHqeS4C+wOZG5rMJVxd44nRm2+LvuHctxSW0g3qomh j9tbTt711XrJ5UfJ0MVUC43odVIFM1QNqdWqOCJfHHesamN0XDgWv2m1z1wS r62L6FR6wjHpTfVSR2Z8URo1Br3lhkIVnWVj79TeDjSseIkh64O4djmM981I H9lRuVOkS95iuOydOLWxiSdiAqFUwmMmPinV6ZYa1S/0eXve9iUIWTJkIrVN PxCTpdiIFsphu9suZJEpDmdTfcNzMo205am/ajuG11kDSjcFKhorXCkots1w 0JIRO90o/LkU23pVrXFxba4suZ4amHik1Ktm4yBUZqPFfCxUbM6frQdjx6GG lUHpsBS7jZ0zn9KWbCwWI2ZeP60meyt0ux4I5jytRdKozVaCkX3WITVljQtj 0k4Ft3YRZYyM9QzVgbDGx+15vK9qJXxo1qelc7136MWBVTme4s7Ors36qyU6 N4rddbIaNjvCqWqrzcShWpHO4mJjsJtO+tgMe3F0NIVqMFR6+mg7kceT9fA0 2DrxyOFKfVM4zlqT7phBpR6eMm4SlymXX1a2Z392YTszgelxWtRcqd7qTK+M uu247Fw508Oi3Ugax/5Sb3Vbh27Fm62WnFLe72ghpmxz1IRcpF9Sg4132q/Q OTzJesu97Fv1Di22LEhX9aYwjFz52DuuvSkqzS7zRussL7bxRTUoN2Jbc3O5 rnIrngmZymYX+AFLGxP71Cypx/poL9L1MCwXVWDokbYvJevLwULe0bc3desi Uee1xiz1ebm5StrqcYC7tcuySJfFkbxxpsalWffnwkoYjMbDuLGR9qOuo52G U66BF82wf/A4KrGcmbjqe7VaT9Z0ZdpoOWttuhwxTRmyca1USvq9fjdkICtp W6NaZbKyDvuqXpTtM+KGfIMqedOLVJ8UG76wNKVWR6gH/XUHWjv6JBYAVPvy 0jV2xWTgr9zKlkbL+oTWbGV0CtYoDouUtxj5ttagLzW/POiea5fNFHKDlSoY iSQsQ4R6m3GrMfajmT6Pgp5d9nvd/qm8mzbUzsGNu5Q023ET1+g0eG5lrqSw pbEXaw0ctFkV0eQQFaedqm6xs4ZUb/RWFbGnVpOWMe0zfE1QTaNNMcq20xl1 IIsuHoPwtNf6C3k+7mwFbe3ptLOij+OWP2upjW2fX7RjXlxsluzMDzQ7Rp3+ qUQVfdebbdauOdbAQQYure+TRXe9lyquv1VKkbStLDW5K3eOg8lS7nDitEvX inwXd86mutxy1IK/OOV2byYn1QYXTVx6NFraS61zLtdW54oTrwI5modtdTvs nuUJJy+iUzVK1FVizvVt1elDpr2YdwQ1wO2xHAYc110uW9yCPjiVVnvaG81s U/OCSmJpk3k1PszPDUVSDu1AQmMniQSnSc3ZRvsQG316bu0r4oLvaJq+PPHh ImT10FZKzVndcC7zlboKm+cLe+lWSnRdHzO2U17W2aVNSdHKb5t1un7onNqT A1+eDdr9LV8pjZO9NhXMnjMpBftt4m96banpnabitujKy0NrMmpL69mEMhuj nVsecltISmKMonOFDY4JNwm6thlFTtdQDwu9OfWlSXOx3nfmzLG7FPZMNOx0 LsLOcKnLae1hr8yVx50NxxTrB3pS49y4GQciN3PNruYdjo36emKeL7y03yyl qRctg00v5kbnkYFXlNE/lobjQYVO9lxt4RcrQknV2CbNHeKF6M+KdOvEOLOE EWuXSbUytby5zhk779Bv1/pMcxVS+Ox0KjtDnxddTpI7rcVmuhCqNREvqvr5 sjdp1zyt5CnkjD3pwJrWLgqLm2VXb4rzQ+nUHVGdg8LVt/3jSTa2FZmry5e5 H8g9ozaMLpuRuVm2ishqB7puTapBq6rWuXBgWe6qI3QDRjDHlLcX9q6H9olT ms4TPD6MwUAWh81uGUKAVLGgIhfrtlb2hlolNC+tuTrV9VGFgRhrn/weJW82 9mU9vDSD0raJtlFjRO80UezKpUZSwtPqqb4ab2RJxKeqW2wLzT1TZIv7JrIT edMc0CWqth16yrgkyUOJbrJDeT4NzqHVwo0eXT5w7KbdX1UrurhQxwe3uQ0m ZcfpdhrNc9/pzurhPKHY3V7onkqiO9PaEKro/ojB3nk2TYyBs/TZzeg03Zgm qhTZdWc1Apbbn04C/lIenkx8iIUpFdRcVimb8/6qNusK7jmZtk4LZ1OfdM3T OVFWpSXT1dtG2beXnHw5rCunetTZ2AGq7Iv7JepRmyGEztWFr1RLIzY+RKxV pE19vTkGQaxU3GF9K4ahGjf6YnU+8rwu1/PrnaTL40oymFjTMYWUirycSdUi OjHialTeVbn1qFzqlHjDGtWrXDQah12/wVTHfM9xB43WsXfaCIllrNygr2KN YoJOry/0OKNdWh753bxW9OwZXpfrCa8WV9Uh1x2zjCAppRkwDX3WoOutjtQw Wa58WqvxZkGtZzWZrpT6vbi5vuwlj40Hu7NV30P+pfJNc4TakcNVEsVIehW/ 3duOrONk2Sga7UW/3J2VOOpYcn2+FeAVR7drjJw4tD4PD8fo4Kv21K+N1zwk d4vehR9Wff/UoDuH6qp5rtoLTq1NBFqkOuq0sjlMenEFXQ6lslzRe9phxTaD 2O6Vpyta43cXO3EqHbFiLcOmcenNztL5zMplTyhNbUQFpag879VgUPvCjpe7 xZbdrXx0ap4WiVHVS1FzwNTKWy2eN1ieawvTiWHR1YbpnV0x5DlENUbsrju+ SJ1DRe2URvMV9D8pHeJVPD2LxiQETnRKvH3lOFDsCrjlcquv417NVaodLMoG MBTmFFxMfjPvdPdIqADXaZ35YnkxHU+VfnhZdgdLcVw1W63OQpUSbxNHvb61 GJdXshhvj1aFOvCVzmzfmDYVGexQKw6Hg8X66NMm5Hmd6Yqp+cO4MucPdSBc o0geh+7xVNsDalmbxXkb16hZ53hpFs8asx7oXr+/bjX604bmL6fTiA+mxbHH amuuujTG4kSI6iYIs35xmqUkGUn1Lr+YUEc+rtSZU3cZ9baxu6gpSNLGx8ni gOeyXKmNRoJ0GaGwjYqotI/dTZh0pcm0NCp7O6/H8yuqvxufz02tOjCWe3cO LhcA/R+JgD2VHr3oGocj7tMnXpKjmShUS5irWSNnz3c7Q5vTyyWW6iOjLtCr oDQf4rWCe532pVKrq2y/fGbp8yYQ42ZjHwDoLyzJ6V3Kl1K1qgxLvFUTXXXe UKmj2t3RmrwLjvJe1BjXY91gsVnsI6vWbYh1Q90Jy/p4VlXm1dEE0Le6lw+j bcIfJK+udfUT5V5i0R21nLKUYNVv06XZeR1UJaGhm3tppmB6b+4Oo6646C2A ux3Hmn+gUYd3ee9SlPBkQUWVuL1pVHebUpHdNqeD5aRe2sv2ZbkLZ2Vzte9N 2t7Qp9f6ZMn5o8Mp7C/qznxZ1aJpdFYlg1pr8mAubmsDWRRYgFR/L25aJ25W m4Sl40FDpTVTbk5nHBpYrDI+JLRuQ7JQ9lt+1TLNvUPxfbe1Sqb1Ux343+ms jI6jOu3FaNhClWXdlo/6CfW0aVVqT3dHtcGO2vPR3A7xOYqaHoojyuGcacka 2ZWteBAgbNTt7my3N47SqXFZqYfaqNs2Zg19ddnO1sHE4ufaqRdfuLoVsDtn cVhSRgfPpJm+WK7xrFU+O7G7jk9rZbKw6Ub1pC4W/E6oNabCHm/F0ypZ9zbM YrGb+kbTW/Er2aMWncGJG/3w/HmtclK1pjP6+/nz57//K8+fX0ugfz9//gMx //38+d/Pn//9/Pn/jefPLUHiaVmWOYFFNFZYJCqWzWGDQYyJBUGgRBqZnM1a rC2TLULM2bSIBNHiEHwXTIPlMTkLy0uCRHa6GQlhcgLHtGxyRAHYJcOyLNl/ M20LsxxNtsxlmQGTxQrmEJL/y86fy798/lxgFVOhOcU0MY1421QsViTnNEVJ VlhZpGmRAyekLINjbAkxSDLTDXiLnIcweMWkMcaSLNMWMjFLDuYKHNy1QbwC JyvgyJZE04ZC0QYnSJwii+C6koEsizWIg2NGNAxsCAYCWqSIoHPWoGmBFWRy +MO2ZVm0WEFCJgUQYInklDPZsYc+bJ4mp7chCxRNC7plEDkBKEqAFEiSJZYj x6jIXj/LiDIvW5QBDUG/JrIYURBoy7CRQDZFTYVnyflSW+EsrAgCo4DyZFEG e+FFGjOGyVusaRuUBOMDBtGsAAIzMC8giWPBesjRaIUTwQoYjAyYjSmz5DiP wpsSYyNsSBjMhJYpGinkjLGJJMFgeB7TNk+6NCTFMsgPKyiKKIACsIxtA9sc wwoG9E+zNG/bEkyUMsEmWZ6VTHIAgGEMCaTNmDIncTbieGKGnCzQhohlciBK kmmGhgkhWbIkzDEiC1ogx5bAtVjRJgf0aOjHEIT/v73vWJJlV5Lb56/UohJA AplYltaiq0v2DqlKa11fT/e6xgVtSOMzksaZxbs2c9+55/RJAUR4uCNDRInN TJzH/IrrNG6He+QWOxALrDAzl2QSWxMIL1FGKS0MdkLJIGduXpLFBm7FVAkX aZXbUGb2m48U2VAxz8eqKI4y7G0gPZhWAGnoFHYKW5OHmRZRYtJYWlgKl1Tb RISRASfH0idMpo9EzlROlSUy9NKIuXg2zpQUEZ5QJkZhO6wQ0kgXMulcMXcQ axEqEWZwVxngwWDNgAJpvMTizoADP2WiDQKMbyJsjGK+AJYcV8xhU1anTjHD WIZRLjVTd+HZidCZxwqWRCkngojJWpn9ZkcjTEU6lL7STD0OnJ+yxME5y7ze PAvwC0vTiqynYXnfBBo8YqSdZjq71db5cSpcnvsuzBMdRA5Lw2wDXwisnotg 3DC8jIlJ2jBDVOZ+4oI41HBdJj4yLQLGlWghkkQlzGfKoxB7lzJP2UVpkDNN 3ioPhh77QZLgrQOZh0HmYLEqkKz3SJmoFRuNUOuEUkxpVxkzI/EPrgmTiZwH z9Lwjwj3Z3aOY/aUzPDnIjQBcYCJesx1wvYzbTr2bSqweHiXwKaJ9NLUwbmZ JqrgRCoXNkjh2YGfSSOwoSpSJjFCS6ylZtKZljLGtvlW5llmE8/kUZAzwThR OhGwNont8GM/TXHPUKaRgHP7LJHIA1iRzBzQAo8aMukLIOXlzGdT8DVrmcAO T0+ltEy1Egn+yGXYgCROfVzAxSqF7eTY2RCeCTCMfOxCFMS4RepkDPzUuQRM CfwN5r/lsc+/wMy2KBCsaMrxKtyyFJuGmBHIbzoIzApvEDnnmMGWJXlgbcR8 woSv61yKP0ozZs4DtkTkRMbsWz8J4LFA5dAHloUa5pXiZUzKzFppYF82JdZo riv+Q2eZ/KbPahUnaRYAdHwrZOqFoQ1MEmimSLNcB+GLmYZAM9iPYDK+NCBf iQXx8nEb/mDi55b5Vyx7wCv4fmrzJPCZpRcBHKMYsJux1CD45glhOyyjo/Rt wjyvLNJpkjvYBWwr9nKfCfV5DpdKTZTFzIFSAASjgMAB4NLBe/gUykpCJEI0 k3eyOMK/XGA8hqMg9ZlZE7h/4oPxc8McOTwbLplphX1xgJgMrw7ojUUeKG2C wNdYb4/5UHgXhG46f0I89mHYKZPRBdM2Y2YFO+bVCzBPRyxNDcMb3C1PUg8r YS2CROTbyMY2AdiQpYrcxhoABxOPCYWSxS1gDil2AnyB5gSDB3nwfMG7BywE C0MEVpcm8HQmEad4cJcFjDhGsIzFt8zr0475vZED0kkV554jrsBcDG4D0gPM NimrEsCABJPNAkS6WGqJpcmZTw0kBlwELLCSDmvnwXkQTONv7RF+oQJsD6K6 dSzDMhk4OdiPzcIgZpiUgbE+WFOaIbQI5vd7UjBzj5m0AJQ4hyHhmXIhsI2+ 0S5hMmsMY4HfIMQwYxp+4NPKEeGwzR78CihnmbuWhrAUH9dK4zTJWE6Ww4Wx x1YEuKSWAmatHAES4MOiNp0AlXOEGqZdhxqhTIkMfmFDnwmGIXNn8dgsRfsm dGehVkA+uFTm+3hRhC7ERpNoZgkjqObA7kDBkhJSBlqmhv0i9jqZIE4ZXDPN sTDWxkGGq6Wwf0SmkCnTeeLDAfDuDm8eS/ImuLbEIyLkaOZKAp6YDAmzg1vn QFrABKwh8pj2/K1gSbFpLFIxMkAMgWtZQ1iD4xjsao4HjvhTgURMIE7BTQRs zYNnIHQg9oNG2SwO8L6xL5iQqzR2EjEI0YUFdHgHhxWPSAvojnGCaBaDEbP4 Q2BVEt/6eCqbIUAm8DoYSwgnSaJMas1iNFa05DYC8UGsx1uAMOWx8zSiAB5a KNavIV5FIgNlwH3BWdIIK+98xbKhQKkksKzaw5sC1gKrDXY+8EJ4WBjqAMEs Zxqg4gronIUYsG0QGpixDzJE9MmzHMwARprkrIrDrobKQyAGUwAbzJgMDmB3 ZGoJy15APMERghSX/IZ/EnlYXMzCHR8h0AcTtJ6CdVtgUsoqvRQg5jKWfsUq s8zbBZmSQEZEVAe/jeKEQKSYYc46Hj/THshBjJt//RExXoBgBIbJ6kEaIrTC IABLCoQY62CMBsn0gf9MUM5SY+PQ0yyscbhcmvlgFBl4j2BxYmgEtAkkiJ+D oASIDEBiGbH6LLUGjFMEYGG+D6oLFPFzn0Vc+MMwAlz4AsYMjpVa30lWssCX 8hwgxxRwC4JsmOUnpAvwCmD+IVhgxAq2PMD/MvnSJ+TDl3wbg87ZiCVH1iD6 BazkcxDnSYgrYpfxCg4UGuiDjSVgKVJtbCwz9Unt4EXAKpXmgOQMOGSDOAHt kg4mx4AoPZBmvFuOWJ1l4DYRaHriY7cUU5chNUAwFRM+fR9YB3oicQM/gK+n eBfgjQc+6CMgASQiAJKE1Egk7uTnjMqCQc1I+K0C2rPaRODlsUiAaGhELGbo yW+9D2RQEIJ2x2kOUgEOzOztVDJ+wV4000gN/R/ME0RLpKS32H/sJ0BVxCnY AlYEgYnRI8abYN0QsI3Ab7oMTpwK1nSAl32zNSVeC/4BtwNbh+OB5oP75wI6 hgYCcsmnjYGcoCSg4Fg1rJFW1KhYFG3BvwxLVIDskQfUQdQQ3CMw28DBQPW3 nMNAfEgWOkkLz8vwxEAoiAgAsIJ5KOVjj0Lr5QLay8LygYSGieBYwYzhADbI QhyL/YFvihTkKYaGcNQ+qYvjHDwsgGKJsTYxghE4JXDRwlcAzxEiNtAgYk40 RRXWNYM2h/BOyKUyYwweKSe990IYDatPYZgwF50j9sUIjOA7WI+QlRvgv6B2 AH5sAUszdKQDCLMkR+i3kYdrs0SJpTcR9BPiE9NW49AB76EBcwXDjKhnATtk WArmxvKPIDbgCWnmudhGCHQa3umz1g72DcqZ4VXAVhPJgt2UVTMst2BJhxV8 9zCSCeAG2AbZB2YGDMMqhqDI+D0jARgRQht9AnwPLw6poBNKXcW6F80yPzBj vJ9hwSswDusCh5MshHE6g0wQlIZ4Yzw22BHL/BIDX2Imus4Vn9CBdopY+F4e h4gYwBJsfATSHAa4IGFD+yyhBtqT2PoZhZWB0VuZxYjCWA/wYbyWB5cGiCff MzkIEuw4xAwdBgvmIBEAdggsAER6s8F2wE8hjE3IUjeXhB5IvgBZBRpBpyLi IxazUtBBs0KpwxkzGBKCdgwqK8BdZSpIMQyL2yKEc1hizJIGSG3Q1Qgbhb+S s5wViMtCXugbuBWUKB4shYCCn0MaZ6liRaXKQHHAxXLYJYJGwGoWSCxIGPBO 0H4B7pGkwDeYq4N5gMrBA2D2UNCC6fyg3x5222DvsKcwDKwkqIdBgMVypI7F kvKLp4hjAQmv+pJMMLCMNacWjuhhi6UBQ4CNIOoawD/rxfDMrORgCSnQBcsL Fhux8CkHdcuAERlIAWJlaDw8OPgcGBV4lYRsAaUEG6KwhwoHcYqZ7Y9lAv+F TQYIUjBV4QRL+mERzsOix/i7gC+WLPCII4QssgxTSU5ei8APtsBabLwUbp6y qhSUSrB0LM4QWDIsn2SdKiDE4WbEc8VaBfA+8rZvbRloDuCF9d4J63fwUsJA SbGQAXoZWsjCJmDEPmQDOATQA7+A6oZcZQ22D/UOMupDmkAuIIb5JGpQSVp5 8B3wEjhJboG2JsOixTApLD9LHaNEwfQQIxKEHUvazappBO4cEAAhBliHOEP4 9HlYApL3LU8DRoN1QZ6l7CsBxqvJGkBflAEBhwoFqYnIv6BMEw9eB9bPmpNM 8KCPFYyQ5wyuAsxBSkEBGDK4Qw4wyID5s5xcwV1hVZ4MYOJxGoAVQCJIjQAO XzbAecARNiPzWXsVMeffQqoixkVxQO4AJZ1BWnuwyhwoKuAFCMfwYUCGwt7l PnxeCbAT4MK3zgssB6aOCBdoZcEdWHUeSFaHaZZJSKwd1DmiCZ5LCf6tFCoR r5QkvuaDsaKKZQI+412MxweOwpRT1mHpGIpfAt5z7GKOBWehIvYQvFPDgGVC cAK+QrDiH3gV+BCcBxYI7WwU8BcUjtalwF1xCQHgAYkymQphSnAE9v9gHRQ2 k3WaMXtNOOKCMx4AArSVTxwBsOgZYPF4HEYxhnzQf5lBgIG/QpzB1aDOoUwA GnBY53/PUAxL6BAVEBtzVhtnGSg3K/9ZOQwYhWrVPICCiTFAMybjHlhohBiN C0C9mQRBWiaZCXkiDH0DywGfy3LESaA3wkqKiIENB6hnCK88bJGMw4gLmgdC QCUSDvhyELPCSoEfsOAUPgdRYCnbFYJfRBrEcm5QZQrFALoHFIdFzJBE+Cmf JBBGygMhSMmIhy4s76NfCLJ0mKwhFVU84cRlsMCeJrFi5TD2zwROpODqGhsC R4OyQVDlngNxIlbKgyP5POWCj0IrUM6xelwnCJQIb3h8p40PGemyVPKEAaGB /SES0lASfriZYgUdPZanjTwX8wyL6CQLavBSkOshgpNSUBmQCSYIWY8dRDwo MHAt2pegE1hwPth6RO2MmJwKBHD2wICsQnzEwpPvAaug4cANIYq0z4eBgotg kWGQAKmxEPBZ7UHUkiCmCFUZD0ojBGjLQjKgkDJ4YvIXBaUVY/8ABux/Qr4D EfctDvWAEFwclcOYgXmwKTgXZTfPYGUGaQbGCQGR5zxdwnZoLDbWwDCGwEK9 lKiMddYATRAfBFZ2J4EM94FEvkRw9RlEvmXSChsbW54Okr9T4EB0Yff5ISKM E8CkhHIPKCKdcInicRFisbRfs8bOwNAQybHkMFMgG3lfjCdgLWEMleIy1taF CRkkT2YBJUAAlqNmhieA3wpqDdGr4XGIv2D82CjP8CBMJzzqFaCFIbkK2CIw LgwdD6ERvVP8RMTaKgXhrYGsgMmUrV0AWzwShY5U8M/Ypo7BHyIFbEqyGtJA RsQqxwaAt+SgmgByxJQ4BFaCPMPUnIfrC+AUdAeIHbAKpAoqOnFGZj4lAQSX BjOHZ0D+xjymCyQL1VMZQrsA1nnib2DzOf4IBMzx+B3EIUFABxiwohTcV2NH EBAFTzzhJ3hU+HhEkQC6j8gFFgT9xCMbMirYNLbbOsheSlXBY0OeB4KksZg4 IgtPqE6FA2H0Qgh8ym0IXlC4EBGTBzo8SMFmhizzBD+IDLSJhRoT5MoOF2FV bg6whPxPoa9yQGlEkg8z9SHBLNiiBcvDdktsN4Q5QijCcGTYUYbFxblkhxAo DQ9w+6/9gzfAbcCb5P+/Yqwo/H9TjDUeP/9DMdb4p1qp1D7P/+NirKD//r8p xlp1V3iyX/XzX78Yq1TxxiJ8rxoP11pXdz/rSudjk6lKB0Ewah4HP2K92l7T 5++mdLzu1WiWPe/TeaNeLFVaNf8gW9nUc39BY/6sn4PX61bZ3ip/6/b2PxRj PX8rtdVgsbDGrVQ7n6bZbCAq2X73O/OU/9fYRT83p4fjaRocZJIMe4tNPTuP dKf1FvfO+W9w6AwPh/m1dr3Y5+6xmvZfp+ZrVjq/TlUv2m/Pk/1oLCvvFBH7 3E9ao7ik1vNbdzN+m92ul71F6RD/jpq70b263o2jwelTiqtvO6iNBguvNZ2s ZtXh9pDMG2CAnVVDy1U6Uo+t/078Yuk1zMJbRQTHxehwuTcOx+IjutTSazCK d83HuOtdx83p3+x4KKyW8n77VLf9cz1fZLfFqypugal/ln+PqDSe2Z+f4nN1 fw1bg0q6Cza7bOY/K62TF1jT+ISVH71v9K+Pd7UUXfZRoTvRplWsHqqTycQ+ zflcsXbSi5PdQfmj6XGatIqvqagUKiuv3WoUmrtmIQmquti6yeeheZmsm62p eGbRINwca/fm6FAa7vPyeHtj2e0Ze9pOXvto/5ftpfcyencpd7bFXlo53hYb k1Uma9Vr9k7N5Gfe1RVfPgd7OSsUZs1k2m/2uvFqEBeGYXtcXCXjs1fo/AWd 0+/7PmxHch2lq2GpuZ0aLf7ezWE8E9e8W0/Op/VY2/01mjbvSrXl7ZSsr7+z 5qZS9prdrQmX16sYLubba6HaKl8eeho8Nz/XRTV91eW5fwiL0708F2wcif5P NWxeV6/ZsLqpn1rHhZfv9P1UrayK/Tokjpm7/V0PputBdji9/Oun01/mrc7P X/YXbn/ndlGPZ4vrtXWvt+ebtmwVj17yGQ6KslHJgdFRpf6XNWxviaXe+lGr 0t+I/m70ErfBK8o6r9ng6jcX+93Vzn4OLfXbleuLd0oXdbX6AOEGrUKpuLJq fQpXy/f9HIfBq32elvdxOPzZ6uap7q4De9rK/b76F097r8Etic7eqpJ+0tL+ UapO1lfRaBV3s81vuRGtzbNRml7Sn+CU1uPla9kfZrL9Kj0O0avnH05hqnfT Xe3gjR/xZVwUh8PwVrktd8OO7l7V7FKuuqTT7n1Gq+J9I955fHWja3h5ll+9 /TIX43zZkNf0U396yUVfiqLfeK02q/dTD+6Tn3ZWnr5L+3h5bb9+mke1vNY/ w3OxmxYKQT8ofvrzpaovzrukWGlevedALI+bZWUYdxZdvV/u2vdZ63ndt8J1 pWbW28vu9757zU/FuLvPJ5Xdb5ZNg6gw+JR+3aN4WHi/w4rtJaddN+38mvx1 enevD3PLN+uTqU5Fzc5X80rfdT7zUr7234uNbtTM8lrbFmH993J74K0v02fW Vf6z4J/2vda59+LptOpOdufOvt48qctw1/AjM10k684sak1ORTkttIL6uthO B7uPN1GNdbU82V96yao0Xtbn29j/OabyPhiee+vxMCsNfrYD5dvBo3CaVwuf eaH6PG0mo09f5/tpwdttioduJsrVYN061Eub6vJ5H+nqpp9VruWC6A27l8u2 Dzq52v617+a6253ft7Pp2O56V8qysndY9FrTcHUu/an6W5ZXh+Zb1g+7++mv XVluBs0o/t2lpbgp+/VRoVW6rdTRPtvv0iz/3ands+o1TX19vV9G7Sw8qN0w nNVl9ZZ0e9OrGfSvz878M0j2qmb6fm9b6WaVde15iybN0l3U1Oc0fXv3xsvY NPlMHvtEmEtYejU79t6YjP+W4T67d8fV3m37Us+LbrRtuaVOYrS4zbP57bW6 mHCuvPO2/5H926R8i85ngPE+nT1/as+CHVQa9/prXl+EfrJo1xv5Ntimy5+V 2Y7due/CupOFUyP0Oo35sGmuv+2/57y0E9ON6QxaP/fnfvuKRvtdoTrL9FPP hovS77nyKcbGr11vU3MaF8q139+29Pa/9d3Qdtr92e7wN+3fh72ubaqb7ujz uRRPOoN7fF3MuudddC29puPw1862831Hjzrucrv8br3i4zi//06zfBxlj2BV uyh13xzKh8HkdDu9Ch+RjdpMjmn1ZqN6q1zZvrqnir8TbtC0j/pm6Q3F6r5o dAPzSf6K6lTY9WdpcP6b5uH0VU7bTTkR/dqhL+qnYzKui9Cl3bRyqS/6+bw7 nSddrxJMVkl5OpfD6W0st4fq+TDLQvVY78e78brXC+3icDS1jvz5CZ+VSTG9 yZ9P/iwHjfg0lOey11tF+SFv550wX/jTyaMv4/bt9v78LM6rSFVPy3bbzESp 3v/bXPfFdjsansPg/C6Ye2vemTacF+5vj8Hj8fy7T4fmMJ2We5vGIihfXuKv tQxbsuW/3bhT6O4H9V27MX4ft7fP8ncQFUuzZ333yL3zbzeZy9kUePlcJ7bX HWzU+6+fTX9WtX3HncX4x1/e3NP0F0do+cK+MbbP4uCGhbyNZ/nbO656QTce NGrv++l+vD78TvC3rk3CwG9dgreyn8l9OW0ufHtsjj8Nvf5dxI8RByAmt/6s c1ZedzF/3s6D+H18hL/5tLiIf37/XkfrPilYx/X3nJ6TfthNj6vs2CmO82tw WpRu/lW9a7qaFgfe7q+cbgu94v60/Tk8L9lO12vCraqNy8/xPX4O1u+2ac/m 11a3966Vd/1HeTEJ1+7ZzERhFK4OXq/j9u5x3E1tbXEbf+r7+UHniFWt2+bZ bC1mx0Jb9f+Ow+g+RMj6LbbSdsU9llmhs1hHp82Pp+rFn0Y80oVtr7LvX8Pd JD2PR29zXMxun1frM7otZuV2/bQ6PoeT38JgauxvrVddpO1yvRCpH2/6Pm7e G7FTy2GwG5za2Jtly22Gr/h8WrnzeHwuraqLv1fr8ar9nlL5VxqlBZd3zbM7 HOWjlndttndF8fH94qtZLwT+cTno1RvuaD9/u+I7j1ZmfIsu1c/P4/NwNr81 Zxf/2X1kh+Wj03Jy7RXGj99L8/LzfD0fqlK8/Talr88u3bTX+aX889N4dINd oyXGHR0U7bn9t5hWR8dOpR423/GttPD6s3CzTC+1+XqvysGP/PzFlU9po5Xx o2Pj9DSnXfRcRsHn3Dtdh71r5s9q5e7gt1oDESjcfc/OfsvJLZADbZfP7ii6 HZftzeiyhwjdgTfFy9vjXD/d1OYx+b28VvVjaV8vxPXBctKfd95p1duFi/u9 +vsz9x/l69/zWSo2R9ddWpvIydrWnFuUrmUxevy83CZv/hUiuxLFZN1cDvJz td+YHDm/qLrXrWor7Hwahcq02rxOE9c8B3/q9afPs+cinTbU8jhoP00sBz/F zs+mPrLZc/O517aDg9eo7oLHYjQ6Xlwj0fvicPgZZLd2M/7Mz8tjEnxuu23+ h0icJZvlO/9UCyE2oziXzUoy0KuJ9zcoDiG839fJ3+z31T8v1GUg25FfL1i3 N8fj+7dbHu8rg4+chfrorwY2+/1cnp1Cb3L7mcncm+ZLt762jj+fU7Ka79ne a3q4q/W2qaYIsNdMVqq9+d9t303avdf4mM+Oy2zbetQHYfzKajdPZeVmabLc dW9GDZfl989uPO9V8veze7nL29D2Dst+I4OzJdt5fRl2f67vn3LXN8WBPS5d oeKJSanUlcfD5RNMT8+4VJr1NosmnurTLgZDFeej2v6nYEzrEOtXXe/t/u84 aeibnm86HxiF145dqX89PD+hLJyHqe3Wtxs5K57daL0bmb5xi2pdP25bMZyP NvkqbHyejZ/ibfiOot/RoNH33Gz3nqUtCxt8jAev0nNrBwOdv356k19VmT6d 6YZV97eoD/v7dmRHhyHI+TANn7/NqFg+Cq8z3bSnt8P7paoFWdOPdffQrRUL /voWtuf1MCyXRv3L9R23u61ac55v5js7L9c3xfI6xps/Gl70ugw/p5voR+L8 rl72g1JX3BdA0MP10RH3Wqfs7Pm56I6Hy+p4fDKd5NbezW/7WzgchcfTzjvc Nrpynf29Tt2KKY3Nq4noMmkcq8dRXFN1sW52yvI1GIbhXHwa9ZPqJuFkfPiU 98/1aXyaeXo6nE9LFf1Y/t2KfV382DDt32v753Y+fy9mU/kbd5Woubjslg+V 1Ia6H12fr/HrtLy03fjqBY+7umXjQ/b7OwoRSPKksKhm4/L5qe7Z87QbHPI9 SPy1OxOd8u+11Cqadb28C57iFq2Ks6Z3qRVlMVoEdnKML5dTeuzVq9O/XP9V d9dXP69GeXOyX/TrcaF/rSymhZ4r37fnv899032GUcV6n8Nfc/fziRuXT6tT eO2H7+vynlYa7fmpvPsT23VV/RZKlWd6xjNM/i5/MilMk2TlDwb3rDHte/ex yMJs8ncVre22sfy0/janWmt76d7bn+30vB231r9FVwqOM3vuLrJi9Kq3o+RY PE/sb8sP6l73vewEhXhj6kH8Wdw+8nWoNUbBa9FZ3qa6bXqX0SEcxu1Jfe8m aa/5fB9K99T0T0c99MPdzqvdl39N0+yKmStkp2AxuryW0/3Q/M7Gs3M4Opjc 1EsrkRfWrUXytuPi71Zt8860N9iWgmQfezoX5ZpenV/V6/PditJuuZx8fpcX vzfZgzHZ2fr06e8v3fhxDf7ep7L+/DTl63gaZjvxl25nnl23/7brR/CW4qDL m2lccu9zWm4/s9duu3rGsn+V5rAobpeNzl8CSn+sjV6P96gULybjxfHsVTaF SkvJV7jfHPMwrGwWYvDoTffNdFR/Ta0afPLZ9LCsj/r5ZLRb3Vrhj5idbb17 7i83v7H2xh/n+64dV83gcm7l9W53NR+D6i/suXFVeelcH3Sf9eXw3Wjcb/Ym 9/ZeLS6qxaL++9sUeyMolulx8zlM29H2PpzeO/G6Udg065PGqzNp/9jwZNqV 56Ff9f+qpcHl8rMu74tzfXj9yjN1+tg7FeIwvsyOfrfW3vX0clJtD2RpsYp2 11OnM16NJ7VXU4zGYaExHg5Ub1Yf5MG0+tabuPQc9iZe3Exq5dMofkQ6YnbW 4vpr70F502gcm7dG+dapNW+dsL7q7SepNNdzokQz/zSvb82D5UfJG5p3kB4K B8gdUdE9/wGB+Zvdq/2uf6kGYQ96XSbt7uw06h7tj9+5n2uNRljc/h6e9XJo 9t7l3qvmn7wWl39Hn9+sVLz3P7VyZZN+zn8T9XgeBp3a6md3a8hHsj+d1TBa iuoqiLr99rq8UC/PH9ezIF4pc2k9y6JbzM+9y7Q1uT4K1fu99o7PtXnY7ZfH z9nrr/C4+PC4aiYPflOn/mmhUm/Kfivz37rR0ND3c6aUKx9rgzdc5bO5rg7L 31ptM62MHo/ZwX+V2iZ0i+3gr55/9no1vk+8C6TZojoO5LVain5+ICLWr7R1 OVUGt2pt5KL79ac5HOyvafGgp9eyO98Hi1EHkXZbXPZnk513rG4a98Zy0g5E Q043j0s2DV/qs/Fb4/6t6+Ybv/9pTf9afndyeRwGdWvr+14vuv36+nmYrFde TfZPo3PlWuieJvd+sT04Pfe17JA3XL0tNlNTnseFtImwE/Wbo4nuZp9n4afc mLZHZm3tz8c732fN3ftiTgWz2G6T/XtTXKfvWHf/utXVz0wtEl1bdIJJmrWr 883iIrr9qQkOyTz+7JNaqe4t9LiqIcfq+W5QE2rwrh7WC38Wn9s70wrvw9P+ Lm75cfyarOJe2Kw6mTTPPzpx7Q4W87YF1a3Xgp/O6145nlsyWR7M4/rZTi7d IXzmWLgf6p0ffSuP+0l27g0Ki5n57TdDfR9tpu+xfy17tnHMx9m79cpvWXzW q2NuC/NROjxEFfP5GWwO3UdQ1Z113L5AZQkxj/sV3Z6dd4X7ThW19Or3NB89 dDr5Sc7n63zYHo2nhatSfnlxr07y+aH/am+jdzTdxdU458nF8z1bqfrxNEpO abHjXcPh4Xbo1MahldfT42VHDgCpq2o9a1WKrwqU0W/WG15/q5WkON1V13+D RevZGxcbfVDQJPDiXc2UVudWub/UvyKu3+crX7cGPWdb4/Pptm3t/y5Zc1bq LMWoJRuzabN12Q/Pp0V/+rmMf389X9fc5ceF5dSm42q6ia/luYE9nf3PvVhO V+9fyIx+A3pyVZN3v1Ao9IJDvhmd/w6T87iSep/3et57KrN5z9qvtG7rm0v7 dNi60VnmZQNOp1eH8qf1aLV+/Mq+YMV9NlmLjwwejZ6q/5Y9p/JTtz4XJ5ts 1z+N3aC+OqX537HRG7gkVt3TtbR87VII0/JzlYSjrT/YjmzfbkajZSUurb3D btW8/oWNRJSmh8Nzt1iUzlH5MB9llwvi2vBRC+rx/JO0K91iKxmXfz7vYS+6 jqvtg6s+kqcn3eR42jbm1a6t7KPDJasdfl/j0sof2/MomZXsvLp+NJrV0aAi QjEGZ0m6Qe3S883ib5S1+559DW/XpXrJ6fG+OJppcXpsBIlquWKyKmkjIvGu NMaX/fIFtaQPv01E6H7v8Yoem7R7l847VzrZM7SbRev9GbWOc/+3p8Jdttq2 773RJFzln3XvUgny1fR3cxKmN7f5NLzo3aibt4/RoegdzGp52VTn+9Pv+dMY jdztWulu4sUbPGwTTnabddYL7u/rTYxjFbcfNf91+RmNf87JpgYkfXnH0uFv e15X3/65N7G1jn6I2uFUagbz2tEN7zcFBDgmG1k53kvt+tGeQ+F6fr1tmr1S bFc9b9M5ze+VRnEVvTJ7H47mY13Ekh8+ZuA6Yh+UG2PTLC8LhXXaXjcL6W9Q L0/2A1PpF0v3+P7ndZ5+feOPbtDQ+1vBjlYQ7suofZnV6ycbqlFx5veH4lgq jDtm17ZnrKvUrW6zXbi63rM08KzafoQed4ezVt7YFJ+P+LDdP4aVUqfyeCWu NLmF63Vn9FduwlT+/oLOse9O23Xr2U4bsc1WXl8HZjbu/fiP6+mz3LzMZ/s3 W5YGjZYDr6i8/bB7KPzUWu48KDzf5dFi0RjsO+b1AA2Rk4H0RGGCaDoovvpB ubbe3sby3QcQXxubdm2804/N6VArPv9nJcjbXm0VrL1OtRX9uwj5f/jf/8wi 5P/+6e/fRcj/i2X+dxHyv4uQ/12E/F+xCNlnZU2WyyhgPse3XlgH+HfkmHEp tJemnO2RCSGySFk/NTIyQSw4cShKfJBtG4eBNmHsx1brxIgw931cIEhlmEZR 6FltrM188x154DIlmBzlgjiQxnAEwX9aEbL9l4uQWRacZtZFYSh1rnUaWsOR ROyujw0wac5kSc+G8MT0O8tD4YcyybFRoZ8rVsvo0LkgZJVnwsk1zlmrHGQT W3zr7JuO6OUpuzFnTEPmtBhOgWJukgtUzqkpTjMDSKURFj1NBRNglU6kECaB x0udceSMCnLWErK4N5Ypa6jiwGLzwFmYTWO1yv3MhazaYa0Bm/QLZSN23pbC 05FSGSsgsZMhk9EdDCMLTcRBR2GcBamSIW6R+EmQ4wewixykJfBTzMsUHitc 8zhPHCfPJLi4ybTIcmYNCSVSbbRxMszxNxSnXCQJbcpFOmRiZ2qUJ3xWuEVZ pNli2+Swpm8Vso9FwLvyMknEruAGUKdYHBCzpTxLI5khZ7wkj33rZwZ0OmWt bKR8lXwHW2VYjyx0kisQ+mmgBd7B5/SPSOZhqlmqkVjPhNjPQGsndOhHOWsM tB9nvhMyiAQT37XgVKHIzy0HuuA9ZSgyVoCKBG/i6QRvzMJz5fwgjlhC6eNn OUlFWUlDMjbH3jEXDujNiUwGb2Njw2EJRnsuYZ1Lzjb60sGiJEdZ+TbAvZQf KmnhfoEIJeeJBGnM3vKpNXmcaTZf18oL8HOxybCxcR4xyzLIcyxowJkezoSR dJxxFUc5p385mYs0CljvZoVmgpv2bBKFKo05z0fkiC4cU2IAFTY3JlaJDmgc WKzUpU4nbMdujcg4lE0ksH/nsSpGJiydEzD6JI849cBleaY1fyzlbBo/TTl6 xrHYmuN5jGF+bozdTlIvgO1y9hp7oGujEgUXYk2diMJMZyaDU2BHOP6HyeMu syFTH3Fvq6MIu8zKDJHKJOE4OT9k7h8wKINVW+bTMtvPpECgJPYjZvnpMMLr RFgtvLlSSeblrIKhrULCMElUs1APlszMZ8EpHzk77KechGSwIIIFIlgtkckY jpvFngq+w1J0rFJtfSxpmiJgm8jFTvP+acY6aLaTx21hTRmrMZkImsE7ZOw8 xz1VQhqgjLAsA+PwBtYSAHFdopiBx7RlGzEvVrPoC2aY5BJeK8OQ01J8i2f3 FauTFWvZuAEO9xQi5iyihKOutEvTQHHaMYt4FDcGrsQ5cl4Aw8fyCqUCllqk KcxTcwBgGGS5yWLYFefvwOcCGRuYaP6tzkjSFM8n/BR4gBiBB0s5Lyh2Kg2B ijExjfMSmLjIWmHnhznH3UWcLZWELIz3Q8k0XI9jmwKWWiMGYa8yvKFlmU8Y CZazw3NgaVhc7SNApfw1XCp3TLFNc85rIRmCK4EZ+YA1A9PHCgFJsoSd4g3L iSJfKlb4R6xacHgLG1s4HYfOSM5nADoqF7nAAUVpaYJVE/gLHN8R+AwBWQgk Uqzp+bbFd8yUh09FuR+nnmKep8bzSCwNIMPAFGJAU/at1eWGRwoYw6LEjMNh lGaZkU78EIjFlgDw/8DwEWTCmRFJmNsk5tzKDLYEkAqj+DucjvmzNkqkdIpp xpxWmCLaSE/j6W0EILYpCwW14DQ+x/FdBE4DQ9YSjNKwSOs7cSRPLHaY/REU rF96Pis5sKVJKAXLCn24cQBnYL1haNg9gcmw2Og8hDlbAjAnJQYsmGH1k5dz 1g5n3kh2+wc+qdCGGW+IUAo0BSymAbA/wj/cTKw+5x9lrCnOlNIe8JcLkuI1 k9jBCPw0jF1oOApKmixziTXaAdT+qTgF7jLNOQtZC4sQEHk6jCPjfPENbrBV zooJ8QthmLuKiCnxMlKpiBPCAsfmLMDjNIJTCLYC8CRCFKJbmtCVvyMt4TEZ toklT1gz2INLgS3sOILfRxjUCJsRiAKnRHBEZYZ1MjAQxwIoS+aETVXfii+f WbogBxzwl4tAJH4cwyLCJLMwcw5XA6TlYB5YC1opVpNYiXvDuOCJAk6RWs7d sFkccZ6BkqlFxOXsGisiPC1IvWIVUsDJRCGWH7ePDIec6JzkRAHxETI1B7wB QhzThkOLaBD7gU/rygPsAv4GIokOCXE5UC+SAecRWRUhKrFMiFMVlCE1cRne +p+Sp5hlSfA7T3DUnZTfJhq+1ClsMHcyymBWMdyYRcdJYAxsA1QTWJ0Qz3MD EuCcH6vcS2MWDgO2YYGIYjnHBgZWSg6ekoItBVIZWaU5iohV8AZumbCWEHQF kSj2LOK9z6Idh6jxzU422Dhwt9j3E60DQFmcItQgVkhCjTMujg0sgvW8ToQe AA73Dlm6xcr5CD8C9pBhczkRSFn8jRQxIyfsZ8EXG/B/EhcHDwPaeyz2FmxC Amb2LTcUAJME6+mrnAnThj0dEEDgenBKbFlmA0QQUDzAiOYkMSw/U8MDVpOm 30pgBfww1hFNNct4OTMvJXlkfQaHw+EvhgBHhjrhsdSNlAsxlyHacrYQi64R 1dOMFCEA0rFlUJJ9K4+wVMJ36T8p8Ng2T+WhSfHfCevJBYlaxuFrLhJKIgQC /HLJkWLxPw4Ek1WhMbB4MKwYcdGLOMGI055s5OP2CJLaBz3SFggK0sJBk5yK GOOdE6C4y77DZWFpYJm0KU85VsuxEhP7AqvWYIjJtzFDxJL4kHVucAcWMShG mABuErFUEjYiQdc9mLgMWHgoJF4KrwE7x58BSR3MiUWKhsMGXZICPRDh4Jlw 4DxMQNzBOrXHqSQWa+VcihCFmEru7yMIUSLFQZjj3UwABFbsysDNxmJjjXlj BNTIY810xBqH2NnYRWw45Dt4MkxKq5g9OCTbyBDEOYWU06E4l9BEIuVAwswD I8Mt4IaGJYZs7gE7iei5wCroLWAhGGCCS+csgobpGEHnMcB0hYcFHoDZanrk tyNHoqgZQAhF6Fh0gogckxcgPrIVDfaUhdopyyE5clGnnlUA59xCzAgfO+ZA bjmND4/BKa7CgRaAVilEWrwetlmCPGSJhCcrBhILmhcnwoggyyQWj4NNQ2B+ zGFNPpbWGAd4oK0KAdTCa2uLO+TABzJAKT0YMTgEltGwtU7I/jzOz3PWQWUg CwGHjsFTELzySHxtGxyMQYhsAAvuCctKCU5J5ahhbAl0LBbawa0QaMA3NQv4 OXwuMKyoZOsgMC4D9ZuDCOVelEHb5XArn81pwgBeovMYFMgnbZYQH+zHkdK7 2YjHsSuVZh0rx9fmifZwFwRn/EvhT/HbuAp2iHMaAW1AJngOAJhThBxQKos5 1Qi3CKAHwJKgF8CR8DsAJIgugZVRgZMglYkAkjqYrGLNNbg+1ApHbWEfof1g XqxR5SRkL+MkRwRNRp2UWgNGg8ejNLCKg/sQfb4TW4mk+H+E4Qg0LsgMm5ZF iWcRYED4EMHBlSXfkzXEAVtpQEGxxNyw7hlLiCAH86KqMFnqg+hqBG/lwaYd G71ITlniCCKTQNIwcPocAPod6+l8475ABbCGDeUstAfrsHwZj+XMHNYKxaUI tsFXDrBhC8cORYIMQxnOpTLYp5hF84azfNnpgqoA/ABsBOCRxqzWyhDR8SgQ otxk1m0H2vn4cZ1zcEkWiUAxMIMIK0RShBDwRJBkH/sCi45BLhR4N5QVi+BC 6ElQdMlmBUBphDPaOmgYFhWegoifWs7Ahn+CJYGUAVIVVjSi0WnACaXUd46z r4BW7NoBQWrZ9gkID28WLP7ysE5kM45ltREgUXw5BSJzwuljBr6bsyGSIqOh G0LlZCw/dpzYBUbtxeCsGnwPS8NIZjnVDtwZcorBBhIaMRdXDLnybDaA+EM2 nWbsZ6Zk6OUc3ZqlcAfsOjU9uBLWHFuPkJInOVvTcF4q3oqnSOAJrM5NKDZY fQdLzDXB0BE2JOguTMxHSAAWYzMNq7YUS78BxQhErEQGrw44nCvXGg7uEFjA f2E/rFeHGAefhw1w8iIrxqABwxScQ8LbsHS4NIhyyMG7oF/fGlNQHFi2gf+w HpOdGPD3OH1byPQ73BWhE0ivZcbB0SqDaAa4QLsAr+BgMvG/RcjQxSAiWBHY k7BfjATfEyGHfgKlYdYWlCZmuwz6YIQnz2F24F4+iGbOMxKXK6gB9qRIfAQm 7DtkbMQ2copzGP08TWPCInsPQUlxCKzJOcsVcQGbjX8izRmLoKKQtghjcHIj NbbWV6w/9iHaaOfAhxDgDv6reIjAydGeAOhDZWJrgHQw0QxCFEoTrsQBsHkE q4sB6rgzOxolMfGRxaqIfRbcDYID/INzRSHygCpZwk4ElAOKg0kFp/lxlB0c A7EaIBOzZlbDp1itx/I+zrjERWNoPjweB/JB6ucJRwuz5JRVbxyWzB5KnK0L KwERA1uESbFkN3JeytI4PHn+Za9QyVBmNkbElz5keQjhhSDOIsaArcPAuEwC OR3FCaxcODwBYlwcQv4klLIRuSJ1Yq5hzQpBVrIRm+RRHkIcy8cdx2SCeOcc D4eN9RDt8EAB60JjDlYFHxRgiXhRCGmAGgQNghnUoGQZuR/kPDNLER5g0C7y Mw++iPcBomt2DANC4r8g4KErch4bCSazx9/qZGCFAhei8gNjAaKC+HIKd8De hjHpGTtBQcnTV9MUpFhwwjliCuhMBJqT2u/7A+uEA3hAJ8VYd4+HblaxmQd2 TOFRI84lRghJMmwaZ9lyyGjItiCIrSRbIWIlO0ZkATYrpvjOwthn20WHNTew UwLPt9nPtwwfQg8mJwVbo0SJ4qhFCDD2AksCCFKENjZBy6G7BVUfFJeDFgX2 ahiSZdstCCp4H0gWeGfK9mQq0DBjmB7R2mMLIc4aZX9NrBXiRc4R5D57N4VA MIIoFtbFSYKXY5cyhW0FQ7EptA6oLnBAgO2kXz6Zshkn0RsEgW8BXAMbDVlR yhY7oBpQqwx6BpDwz1Bn71upamOewSA+GA7VBcfLwJgiS9EI1qKs4HRrEFj8 FsIlgjfiD2EAEOqxC8i3U43gwEKKHlwKXAELmMuI7ZywsCqLOGwyYbmnShl/ 8NiCbRV9zxFaQtJscM3AsI+bYQ9CmJ/TIJM+lg+2yncGfXWG4/tSuCoPehDp LFUbS1JZaopYYDOe98JTfM3VgsUCG6iSeGmb40FAYlJEAMdmAyFW3PvKMlgS ++CBVIP2s6FdwjMtVot/j6ANhzrS0tiGDIgkeJLznVsPlgacN9RyOZilZA02 mA0ieEaCyiHKAaQ++yxwK+W3UyYUgGZtf24oNz1EE4g1FkuzfyiQSn97Z5H4 gtElAjsPCBQI3RTBuJUD2c4RcAU9Ngk9CEDHngYcpWw5aNiQ5wIIHJQkwFsq 3hzqJMp41AUrj3ClAHGKE99F6nFcJgQm/ApviRijTch2BzBe/IlhYweEdlo2 Z7QiwPDcEgEPoE5YjAMPTIVDwXOoMciFKMSaJNBzIcSaw0MqwBcn6IYIjJFm 6ydfc2opuDGbfKaxB40MyGf7DM6DZzMHDtemcbEPBqJQriD3gb9WsoFijItC d8VZlEDuByL2hLQIdux+4YBuCGP8GKBYDp34fCi4TMR5s5qn3SJgb8/vDHF+ 6mAM8QAA5Dssz7UWgcGwil1yKiQQGLahY2llBIBhcbbAg8HztcpyqCKeyaYe FhPvBiMTeAwJTMYuJvzEEhgGA451BGrGiKqIIprzo8GdEGjjGHdQIvIAbSCK kNiwrICtYuNYUIPB1hFQXUzjCvmxg+1ekiSGdo/BjjnAOee8ZSwij4R5zKa+ I8cV+B4PZAMevPC/UrJrHgQqHnMZ8Aoghfu6Uq791IMqh6zw2RAr/zYiTDiP HJHYgDgoX4Xs9YnXgcdzaHPIk+GMzULZLhXbC+mLmAKploNcZXgL+JtlhzUE IQhd6zh7GxFL++zRw/aa0kiYAlkmlpSIJOIIaMzZ5eAvQJE8JJH+TiaHSYFc ZN8GhlSl1DK4BLR5wm4yli25vDzgrNNI8aCB7WqgUTjtEwxJm29jURHiUhkQ hKfcGae05yF0q+MBAmKoJ3nQlsE0wWggeAK4o2+/80ldmOJNfSwmrh3xQw6L 3sl9se+xDRxw2irPIMjmwKrv7rN9A4+Zou99HcAlyuBJcFagVOzY/Q7Gw6Yu iBm5ped78DL2wePpzff0gydJ0CKkhpROhh3jRIDVTyH7LA+7HJkU9jpM4By+ xwZLMUwccSvn2ZkU1BkwbYS1mJ+H4OlgXBx0mkt2u8lgCSm/YID2KpAsKBSf 06cR1IKYPYbgJTaRRvCYNheWXedSA5WBSBmyfRw0Cykb7QrmlnlskqgSxWJ+ RCipIQL4HYvc1/FTEIgYNguel2Ehwd/ld+AtRTJBRUK9s+cjwkAcGpHAFA2P H4IQKgwwhAgK5IWa0tjIiKemuDWUEnyMXbrgvcrLQoBnJODu8FilEVJhdxZS HjGYxgOlBgHMYc1Q8jE/J+Wcsk47ixUr+hPF8AmujY3WicFjfvccZNNyRDuu 6kMtQJE5KmkAvc+BrfCtDAgJu/RyAJmREVuDAQ5pLjRVBcDmB7YMXETHLuBs Z8iHLOBykoiy7SDWX+QeO5Py82wef78qZYYNidj2N4Ut8QOfDwNKgW4KZC7m ZxowCaykhTp24FIedBbiRSAzPDI0fPglKTnbfAo2cuThDC6mhc9vaKB8sAYN dMNKJHAKHkB8e0CA+oU2SdkORgF2OEjXYHXS/J/PIgjQmg1QEP3YwY23SFyM QJKBH2BdIjY5hI8BP2MwIS0MKCNEHtA5k+CP4HPf+eUIjZJEC5Q8UsAPxFNY IiSi5UdgoA8INBiXoYiHDfPrrXLfowow1BSbG8R4LpDgMELcwTXoKh5lGd4d 2yalIdeF+ozYTgjvjW3jDG2YHwIBNgrqlI0/FTt8sV+YBeX0EDkMRzaDgfKE n2PnM8AiYQka3oFWZyBtgnb6DeQBPyjx3DX6UvvUU+xJDUyB51DRW2vZThJv CD4q2ehZ+Sn0NNaenxewt3BN5RI26LX8GIUngCSC6OJZL7hIyO+soFc+pGTg 80NcmrL5SRDxAxvCYs6WXLRkYAyw1HqSsZ3wFXK+ui/AxCMEdctueoASrLmF zgZEfxt9S5+D7UOe8nJqOjuEpvymqMACgYDfY1N2XrSxz0/bOgqguey36ZP2 BRRECPVkBBeZ7Y1SIIKX8bMIQpmfxwnZoUk5fVpSxuaSJ8OCbS0R5BV1kg/2 BaaZ5VCuKXigjDwOnLehjwgQwIwSYDDW11IcKjI6wRNecpiIrc19tpk2HNWM e8F5EKm9nHIo5Mdy4jREELaehzqwYfa5SmM2fOKgc4fQLcGBNfkcO7iyKzm/ 9vH7Eic7a3ZNjUCUKbwiJXiIx48R+F9SbhUkNHMYKRg55LblN3ysEwAlztnU NeIxM8EWG41YAwwEjoKn2DhKCJ6ZQFCJqItlJvKIbc3AURAbCQVgZBoRkF1k gLEJ+69YsCXYDxGSPZMQZgM4c4LgBLGUcpOAlynu6lFLRkATWFpGV8vYfxo6 jYIADAPQK/D04HOg9KkPxMcDMd6z2xzMlUwVzoYtAt3EwqcI+qBOKT8kgDSH 7N4t/+lmmlL+xQrUnF9IoF1hDYF2nmKHQ6wryAhCCL9n+z6uEPF83Dl+BwOp Y+dtymNw6pSt8iAOEZ98R/ENrHNgA1grPzABub+I4GAIlAHbQ+Zs3obgyE+C UFT+t6ksdCZ4HqgP8NeLeM7Fc2TwqjjkERq4Fg/RQEfYr5jfKkAiU8AyO/im KufhGlv3xlhYm4Ol8cwpBGKzT6EMORVBsWkozJUd1LADAVtMkjQKTnGHngNV Y/8d3MKH5AE/YRILGLYEA2GjQ4QkPwghjAB53xwIUCTHJuEwA9+GMCtsPMJT yOEInuZpENuLAlGTzI/4sUexIZb7TvqOsAWwutiPAWEQcexHD0HH714IT/BB D+8oIvYM/o6PZ+O5VKYW/AdumYHt4BeKoJyy6Ths99tnmDkCPsMoMBG8GK7F sxc2HqYc/t90vQEL//a8kTJSUiXev9b65r8Be31HeZn0AAA=[rfced] Please review the "Inclusive Language" portion of the online Style Guide <https://www.rfc-editor.org/styleguide/part2/#inclusive_language> and let us know if any changes are needed. Updates of this nature typically result in more precise language, which is helpful for readers. Note that our script did not flag any words in particular, but this should still be reviewed as a best practice. --> </back> </rfc>