new configuration version

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-auth-sts-idp-extended-truststore-4bad2fe3ccc54716cc87138f.yaml

@@ -1,7 +1,7 @@
 apiVersion: "operator.nevis-security.ch/v1"
 kind: "NevisTrustStore"
 metadata:
-  name: "auth-sts-default-tls-trust"
+  name: "auth-sts-idp-extended-truststore"
   namespace: "adn-agov-nevisidm-01-uat"
   labels:
     deploymentTarget: "auth-sts"
@@ -9,6 +9,4 @@ metadata:
     projectKey: "DEFAULT-ADN-AGOV-PROJECT"
     patternId: "4bad2fe3ccc54716cc87138f"
 spec:
-  keystores:
+  keystores: []
-  - name: "idm-default-identity"
-    namespace: "adn-agov-nevisidm-01-uat"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisAuth"
   replicas: 1
-  version: "7.2402.1"
+  version: "8.2411.3"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -27,20 +27,25 @@ spec:
   livenessProbe:
     soap:
       tcpSocket: true
-      initialDelaySeconds: 40
+      periodSeconds: 5
-      periodSeconds: 20
       timeoutSeconds: 4
   readinessProbe:
     management:
       httpGet:
         path: "/nevisauth/liveness"
-      initialDelaySeconds: 40
+      periodSeconds: 5
-      periodSeconds: 30
       timeoutSeconds: 6
+  startupProbe:
+    management:
+      httpGet:
+        path: "/nevisauth/liveness"
+      periodSeconds: 5
+      timeoutSeconds: 6
+      failureThreshold: 50
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-17392f4fc2f29ede0c371af50d06749396d69a29"
+    tag: "r-317ed268556b37656f27fb58fcffd4797cea27e4"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts"
     credentials: "git-credentials"
   keystores:
@@ -49,7 +54,7 @@ spec:
   truststores:
   - "auth-sts-technical-trust-store"
   - "auth-sts-default-default-signer-trust"
-  - "auth-sts-default-tls-trust"
+  - "auth-sts-idp-extended-truststore"
   podSecurity:
     policy: "baseline"
     automountServiceAccountToken: false

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/keys/trust/idp-pem-atb/truststore.pem

@@ -1,17 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIICwjCCAmigAwIBAgIBAjAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1zZWxmc2ln
+MIIEGDCCAwCgAwIBAgIBBDANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQGEwJjaDEQ
-bmVkLWNhMB4XDTIzMDcyMDExMzkzN1oXDTI0MDcxOTExMzkzN1owIDEeMBwGA1UE
+MA4GA1UEChMHQWRub3Z1bTEXMBUGA1UEAxMOYml0ZWlhbS1yb290Q0EwHhcNMjAw
-AwwVYXRic2lnbmVyLnVhdC5hZ292LmNoMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A
+MzA1MTYzMDAwWhcNMzAwMzAzMTYzMDAwWjA0MQswCQYDVQQGEwJjaDEQMA4GA1UE
-MIIBigKCAYEAs8SITgXvwEBI+rmuBr6EkG5qeE9ctRBRLNP693MTpjkCi4rcqfzO
+ChMHQWRub3Z1bTETMBEGA1UEAxMKc2lnbmVyRkVEUzCCASIwDQYJKoZIhvcNAQEB
-//EU4ogDrtLwl99w6mazKuK+73DCfaVTWBdLIN3sqWiX/uU+2pPS3ldymsJcDRhi
+BQADggEPADCCAQoCggEBAJoWqbsYhNXW0mDsDJPAiTN896e4QML9qnt7FIhVKKe3
-ERJAYUZKyw4JlQMAnZrt7DRdEXJH4VshOHRD6Q1TFQEsGVRIW2HakLatz8mxwNbD
+T66lT/nfOkFPUZuKejgbjFFDEDChRJf0Achq7lWGKPrNPnrTxZmU7Bcu86BER76L
-xKdBqQS88x5WJgkI0cMdfOVKf59fH+xa32NSE1c0MYwj98doSNrLIh8n47qk4R2p
+4kDcGF/x03W9fgUgQ7X45CXYeq4vqfpzNC+lkZA1OxbpcXZA/4Z39Z3pm7CWXnAg
-4bUyaGIx1ylXRjRMlx7b0ew/VfkSg8WtnR2DHj5sJ31uqrAXiMFY0slCiX0+Fu3O
+v6nFABKJ9kVAyhuPyb5yIuGHcdLL+068aVp5sxY/6HoXf889+iVFDgTwSXVYKMyZ
-uiul/FH1v2xgT2rH0JhhLt+dCCCqfLLjwuLMSneco6AvcihDaN+AujWSn/aoTWPD
+nZbvvd/IIod4WuiXsOspPS9yj+E9yMvtsUtChghcQ17ubo7S1P8JxAQWXngopH8Y
-BsB1ACKqkcaBBHt3giyEWb5T5J0QA5VfJEKYwBosvdFfUoPOgXTOQVGRnLMKfXSy
+nDeOiesJfR2APDdg7EXWYewARSFr10GxuXoKDjLe148CAwEAAaOCAS8wggErMAkG
-AHUzKiR8Z1x3VwmHT8HJME6BaR8MZP58nFV8k/NpYw7gryNod9n8ZrsK84aLEzmV
+A1UdEwQCMAAwPwYJYIZIAYb4QgENBDIWME5ldmlzIEtleUJveCBHZW5lcmF0ZWQg
-iYnPn1/V4fl9AgMBAAGjUDBOMAsGA1UdDwQEAwIDqDAdBgNVHSUEFjAUBggrBgEF
+Q2VydGlmaWNhdGUgdXNpbmcgT3BlblNTTDALBgNVHQ8EBAMCA6gwHQYDVR0lBBYw
-BQcDAQYIKwYBBQUHAwIwIAYDVR0RBBkwF4IVYXRic2lnbmVyLnVhdC5hZ292LmNo
+FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQ4zYpzY1lB5/bKeg3z1kJO
-MAoGCCqGSM49BAMCA0gAMEUCIQDIYEk1HuQxV83m1FQRfUuUgtOkX1gLDNlNEkCb
+kkdYgDBoBgNVHSMEYTBfgBRRdKau0TH9VQ0E8ob0J+WyYkcs4aE8pDowODELMAkG
-UfWMMAIgd6HpbvTeur7LYGtqztc7FMADJHDNgYyBAOng+xkxHQw=
+A1UEBhMCY2gxEDAOBgNVBAoTB0Fkbm92dW0xFzAVBgNVBAMTDmJpdGVpYW0tcm9v
+dENBggkA+97eIJWmttcwEQYJYIZIAYb4QgEBBAQDAgbAMBUGA1UdEQQOMAyCCnNp
+Z25lckZFRFMwDQYJKoZIhvcNAQELBQADggEBAHGHJ7DzRNdPl6Kiy4rCoQR/nhTa
+VbBsAeB070NpWma2iun3Wf5zIoefbSlPoofP4tOVYUoKtMHTWCYAUnHIEg5H985y
+Ym2MFY0vwgMZ+Jvcs7NCHzK9O/tN+uUjkFNLSCfzTb+K9vyF6lj4L4lQWa5++DZ6
+kWPaDWvwY/NOSoIehmJupmcJlA1qxzlTc+659xoOk1WyhusNkuiOUjFrLQ+tgRnD
+7dGuzJQyBV1Iy/A4IhpN2ootVgrI7NMJ2YetCq7yuipRZka3RoeVhUs8CWFfYRtc
+saTCck7atYyMVlPUf03EppC18ILBmbNzYJ58KT2oQywa7+Sdsqx4+5cOOOU=
 -----END CERTIFICATE-----

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf

@@ -1,8 +1,9 @@
 RTENV_SECURITY_CHECK=no_shell
 
 JAVA_OPTS=(
-    "-Dfile.encoding=UTF-8"
     "-XX:+UseContainerSupport"
+    "-Dfile.encoding=UTF-8"
+    "-Dotel.instrumentation.metro.enabled=false"
     "-XX:MaxRAMPercentage=80.0"
     "-Djava.net.preferIPv4Stack=true"
     "-Djava.net.connectionTimeout=10000"
@@ -12,8 +13,8 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
-    "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-sts-default-tls-trust/truststore.p12"
+    "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-sts-idp-extended-truststore/truststore.p12"
-    "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-sts-default-tls-trust/keypass}"
+    "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-sts-idp-extended-truststore/keypass}"
 )
 

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/esauth4.xml

@@ -54,7 +54,7 @@
         </Domain>
         <AuthState name="Auth_Realm_Main_STS_Check_Trusted_Caller" class="ch.nevis.esauth.auth.states.cache.ReadFromCacheState" final="false" resumeState="true">
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
-            <ResultCond name="miss" next="Auth_Realm_Main_STS_Dispatcher_TokenType"/>
+            <ResultCond name="miss" next="Auth_Realm_Main_STS_Validation_Client_Cert"/>
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
             <ResultCond name="ok" next="Auth_Realm_Main_STS_Dispatcher_TokenType"/>
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
@@ -66,6 +66,25 @@
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
             <property name="sess:agov.techuser.extId" value="#{request.getActorCertAsString()}"/>
         </AuthState>
+        <AuthState name="Auth_Realm_Main_STS_Validation_Client_Cert" class="ch.nevis.idm.authstate.IdmX509State" final="false" resumeState="true">
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <ResultCond name="default" next="Auth_Realm_Main_STS_STS_Audit_Failure"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <ResultCond name="ok" next="Auth_Realm_Main_STS_Validation_Client_Cert_PostProcessing"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <Response value="AUTH_ERROR">
+                <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+                <Gui name="AuthErrorDialog">
+                    <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+                    <GuiElem name="lasterror" type="error" label="#{notes.containsKey('lasterror') ? 'error.login.cert.' : ''}#{notes['lasterror']}"/>
+                </Gui>
+            </Response>
+            <propertyRef name="nevisIDM_Connector"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="user.certificate" value="#{request.getActorCertAsString()}"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="client.name" value="Default"/>
+        </AuthState>
         <AuthState name="Auth_Realm_Main_STS_Dispatcher_TokenType" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false" resumeState="true">
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
             <ResultCond name="SamlAssertion" next="Auth_Realm_Main_STS_Service_Provider_State"/>
@@ -87,13 +106,45 @@
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
             <property name="condition:usernameToken" value="${request:currentResource:/nevisauth/services/sts/username:true}"/>
         </AuthState>
+        <AuthState name="Auth_Realm_Main_STS_STS_Audit_Failure" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <ResultCond name="error" next="Auth_Realm_Main_STS_Authentication_Failed"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <ResultCond name="ok" next="Auth_Realm_Main_STS_Authentication_Failed"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <Response value="AUTH_ERROR">
+                <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+                <Arg name="ch.nevis.isiweb4.response.status" value="403"/>
+            </Response>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="scriptTraceGroup" value="AGOV-ACCT"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="script" value="file:///var/opt/nevisauth/default/conf/sts_audit_failure.groovy"/>
+        </AuthState>
+        <AuthState name="Auth_Realm_Main_STS_Validation_Client_Cert_PostProcessing" class="ch.nevis.idm.authstate.IdmGetPropertiesState" final="false" resumeState="true">
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <ResultCond name="default" next="Auth_Realm_Main_STS_STS_Audit_Failure"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <ResultCond name="ok" next="Auth_Realm_Main_STS_Check_Impersonator"/>
+            <propertyRef name="nevisIDM_Connector"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="detaillevel.default" value="EXCLUDE"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="chooseDefaultProfile" value="true"/>
+        </AuthState>
+        <AuthState name="nevisIDM_Connector" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="false">
+            <!-- source: pattern://8d94681ba6da73f92618e32d -->
+            <property name="login.service.connection.0" value="https://idm.adn-agov-nevisidm-admin-01-uat:8989/nevisidm/services/v1/LoginService"/>
+            <!-- source: pattern://8d94681ba6da73f92618e32d -->
+            <property name="admin.service.connection.0" value="https://idm.adn-agov-nevisidm-admin-01-uat:8989/nevisidm/services/v1/AdminService"/>
+        </AuthState>
         <AuthState name="Auth_Realm_Main_STS_Service_Provider_State" class="ch.nevis.esauth.auth.states.saml.ServiceProviderState" final="false" resumeState="true">
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
             <ResultCond name="default" next="Auth_Realm_Main_STS_STS_Audit_Failure"/>
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
             <ResultCond name="ok" next="Auth_Realm_Main_STS_Verify_User_extID" authLevel="auth.weak"/>
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
-            <property name="consumerURL" value="https://me.agov-w.azure.adnovum.net/login/saml2/sso/agovidp"/>
+            <property name="consumerURL" value="https://me.agov-d.azure.adnovum.net/login/saml2/sso/agovidp"/>
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
             <property name="in.verify" value="Assertion"/>
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
@@ -103,7 +154,7 @@
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
             <property name="in.max_age" value="30"/>
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
-            <property name="in.audience" value="https://me.agov-w.azure.adnovum.net/account/api/saml2/service-provider-metadata/agovidpdirect"/>
+            <property name="in.audience" value="https://me.agov-d.azure.adnovum.net/account/api/saml2/service-provider-metadata/agovidpdirect"/>
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
             <property name="in.keystoreref" value="Auth_Realm_Main_STS"/>
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
@@ -174,21 +225,6 @@
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
             <property name="detaillevel.default" value="EXCLUDE"/>
         </AuthState>
-        <AuthState name="Auth_Realm_Main_STS_STS_Audit_Failure" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
-            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
-            <ResultCond name="error" next="Auth_Realm_Main_STS_Authentication_Failed"/>
-            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
-            <ResultCond name="ok" next="Auth_Realm_Main_STS_Authentication_Failed"/>
-            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
-            <Response value="AUTH_ERROR">
-                <!-- source: pattern://5d7dc3d51416356293a239f7 -->
-                <Arg name="ch.nevis.isiweb4.response.status" value="403"/>
-            </Response>
-            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
-            <property name="scriptTraceGroup" value="AGOV-ACCT"/>
-            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
-            <property name="script" value="file:///var/opt/nevisauth/default/conf/sts_audit_failure.groovy"/>
-        </AuthState>
         <AuthState name="Auth_Realm_Main_STS_Verify_User_extID" class="ch.nevis.idm.authstate.IdmUserVerifyState" final="false" resumeState="true">
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
             <ResultCond name="clientNotFound" next="Auth_Realm_Main_STS_STS_Audit_Failure"/>
@@ -207,6 +243,31 @@
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
             <property name="client.name" value="agov"/>
         </AuthState>
+        <AuthState name="Auth_Realm_Main_STS_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false" resumeState="true">
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <Response value="AUTH_ERROR">
+                <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+                <Gui name="Error">
+                    <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+                    <GuiElem name="info" type="error" label="error_99"/>
+                    <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+                    <GuiElem name="submit" type="button" label="continue.button.label"/>
+                </Gui>
+            </Response>
+        </AuthState>
+        <AuthState name="Auth_Realm_Main_STS_Check_Impersonator" class="ch.nevis.esauth.auth.states.standard.ConditionalDispatcherState" final="false" resumeState="true">
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <ResultCond name="default" next="Auth_Realm_Main_STS_STS_Audit_Failure"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <ResultCond name="isImpersonator" next="Auth_Realm_Main_STS_Clear_Session"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <Response value="AUTH_ERROR">
+                <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+                <Arg name="ch.nevis.isiweb4.response.status" value="403"/>
+            </Response>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="condition:isImpersonator" value="${response/actualRoles/^.*(nevisIdm\.Impersonator).*$}"/>
+        </AuthState>
         <AuthState name="Auth_Realm_Main_STS_Verify_Shadow_User_Error" class="ch.nevis.esauth.auth.states.standard.AuthLogout" final="true" resumeState="true">
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
             <Response value="AUTH_ERROR">
@@ -232,24 +293,6 @@
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
             <property name="cred.type" value="CONTEXT_PASSWORD"/>
         </AuthState>
-        <AuthState name="nevisIDM_Connector" class="ch.nevis.esauth.auth.states.standard.AuthGeneric" final="false">
-            <!-- source: pattern://8d94681ba6da73f92618e32d -->
-            <property name="login.service.connection.0" value="https://idm:8989/nevisidm/services/v1/LoginService"/>
-            <!-- source: pattern://8d94681ba6da73f92618e32d -->
-            <property name="admin.service.connection.0" value="https://idm:8989/nevisidm/services/v1/AdminService"/>
-        </AuthState>
-        <AuthState name="Auth_Realm_Main_STS_Authentication_Failed" class="ch.nevis.esauth.auth.states.standard.AuthError" final="false" resumeState="true">
-            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
-            <Response value="AUTH_ERROR">
-                <!-- source: pattern://5d7dc3d51416356293a239f7 -->
-                <Gui name="Error">
-                    <!-- source: pattern://5d7dc3d51416356293a239f7 -->
-                    <GuiElem name="info" type="error" label="error_99"/>
-                    <!-- source: pattern://5d7dc3d51416356293a239f7 -->
-                    <GuiElem name="submit" type="button" label="continue.button.label"/>
-                </Gui>
-            </Response>
-        </AuthState>
         <AuthState name="Auth_Realm_Main_STS_Verify_User_extID_IdmGetPropertiesState" class="ch.nevis.idm.authstate.IdmGetPropertiesState" final="false" resumeState="true">
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
             <ResultCond name="SOAP:showGui" next="Auth_Realm_Main_STS_STS_Audit_Success"/>
@@ -271,6 +314,43 @@
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
             <property name="chooseDefaultProfile" value="true"/>
         </AuthState>
+        <AuthState name="Auth_Realm_Main_STS_Clear_Session" class="ch.nevis.esauth.auth.states.standard.TransformAttributes" final="false" resumeState="true">
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <ResultCond name="ok" next="Auth_Realm_Main_STS_Cache_Trusted_Caller"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <Response value="AUTH_ERROR">
+                <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+                <Arg name="ch.nevis.isiweb4.response.status" value="403"/>
+            </Response>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="sess:agov.techuser.extId" value="${sess:ch.adnovum.nevisidm.user.extId}"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="sess:ch.adnovum.nevisidm.clientExtId" value=""/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="sess:ch.adnovum.nevisidm.clientId" value=""/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="sess:ch.adnovum.nevisidm.clientName" value=""/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="sess:ch.adnovum.nevisidm.profileExtId" value=""/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="sess:ch.adnovum.nevisidm.profileId" value=""/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="sess:ch.adnovum.nevisidm.profileName" value=""/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="sess:ch.adnovum.nevisidm.user.clientExtId" value=""/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="sess:ch.adnovum.nevisidm.user.extId" value=""/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="sess:ch.adnovum.nevisidm.user.loginId" value=""/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="sess:ch.adnovum.nevisidm.userDto" value=""/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="sess:ch.adnovum.nevisidm.userExtId" value=""/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="sess:ch.nevis.idm.User.extId" value=""/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="removeOnEmptyValue" value="true"/>
+        </AuthState>
         <AuthState name="Auth_Realm_Main_STS_STS_Audit_Success" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false" resumeState="true">
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
             <ResultCond name="error" next="Auth_Realm_Main_STS_Authentication_Failed"/>
@@ -286,6 +366,26 @@
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
             <property name="script" value="file:///var/opt/nevisauth/default/conf/sts_audit_success.groovy"/>
         </AuthState>
+        <AuthState name="Auth_Realm_Main_STS_Cache_Trusted_Caller" class="ch.nevis.esauth.auth.states.cache.WriteToCacheState" final="false" resumeState="true">
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <ResultCond name="failed" next="Auth_Realm_Main_STS_STS_Audit_Failure"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <ResultCond name="ok" next="Auth_Realm_Main_STS_Dispatcher_TokenType"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <Response value="AUTH_ERROR"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="cacheSpace" value="TechAuthCache"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="hashAlgorithm" value="SHA-512"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="maxAge" value="3600"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="maxEntries" value="2"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="overwriteOldEntries" value="false"/>
+            <!-- source: pattern://5d7dc3d51416356293a239f7 -->
+            <property name="#{request.getActorCertAsString()}" value="${sess:agov.techuser.extId}"/>
+        </AuthState>
         <AuthState name="Auth_Realm_Main_STS_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false" resumeState="true">
             <!-- source: pattern://5d7dc3d51416356293a239f7 -->
             <Response value="AUTH_DONE">

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/logging.yml

@@ -12,6 +12,8 @@ Configuration:
         onMismatch: "ACCEPT"
   Loggers:
     Logger:
+    - name: "ProductAnalytics"
+      level: "INFO"
     - name: "EsAuthStart"
       level: "INFO"
     - name: "org.apache.catalina.loader.WebappClassLoader"
@@ -22,6 +24,8 @@ Configuration:
       level: "FATAL"
     - name: "AGOV-ACCT"
       level: "DEBUG"
+    - name: "AgovCaptcha"
+      level: "DEBUG"
     - name: "AuthEngine"
       level: "INFO"
     - name: "AuthPerf"
@@ -31,7 +35,7 @@ Configuration:
     - name: "OpTrace"
       level: "DEBUG"
     - name: "Recovery"
-      level: "INFO"
+      level: "DEBUG"
     - name: "Script"
       level: "DEBUG"
     - name: "SessCoord"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/nevisauth.yml

@@ -3,6 +3,7 @@ server:
   protocol: "https"
   port: "8991"
   host: "0.0.0.0"
+  max-threads: "200"
   tls:
     keystore: "/var/opt/keys/own/auth-sts-default-identity/keystore.p12"
     keystore-passphrase: "${exec:/var/opt/keys/own/auth-sts-default-identity/keypass}"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-idp-extended-truststore-7022472ae407577ae604bbb8.yaml

@@ -1,7 +1,7 @@
 apiVersion: "operator.nevis-security.ch/v1"
 kind: "NevisTrustStore"
 metadata:
-  name: "auth-default-tls-trust"
+  name: "auth-idp-extended-truststore"
   namespace: "adn-agov-nevisidm-01-uat"
   labels:
     deploymentTarget: "auth"
@@ -9,6 +9,4 @@ metadata:
     projectKey: "DEFAULT-ADN-AGOV-PROJECT"
     patternId: "7022472ae407577ae604bbb8"
 spec:
-  keystores:
+  keystores: []
-  - name: "idm-default-identity"
-    namespace: "adn-agov-nevisidm-01-uat"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-internal-idp-auth-signer-trust-7022472ae407577ae604bbb8.yaml

@@ -1,7 +1,7 @@
 apiVersion: "operator.nevis-security.ch/v1"
 kind: "NevisTrustStore"
 metadata:
-  name: "auth-default-default-signer-trust"
+  name: "auth-internal-idp-auth-signer-trust"
   namespace: "adn-agov-nevisidm-01-uat"
   labels:
     deploymentTarget: "auth"
@@ -12,3 +12,5 @@ spec:
   keystores:
   - name: "auth-sh4r3d-internal-idp-auth-signer"
     namespace: "adn-agov-nevisidm-01-uat"
+  - name: "auth-sts-sh4r3d-internal-idp-auth-signer"
+    namespace: "adn-agov-nevisidm-01-uat"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-auth-technical-trust-store-7022472ae407577ae604bbb8.yaml

@@ -12,6 +12,8 @@ spec:
   keystores:
   - name: "proxy-idp-notused-auth-realm-identity"
     namespace: "adn-agov-nevisidm-01-uat"
+  - name: "proxy-idp-auth-realm-main-idp-identity"
+    namespace: "adn-agov-nevisidm-01-uat"
   - name: "proxy-idp-auth-realm-mobile-fido-uaf-identity"
     namespace: "adn-agov-nevisidm-01-uat"
   - name: "proxy-idp-auth-realm-recovery-identity"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisAuth"
   replicas: 1
-  version: "7.2402.1"
+  version: "8.2411.3"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -27,20 +27,25 @@ spec:
   livenessProbe:
     soap:
       tcpSocket: true
-      initialDelaySeconds: 40
+      periodSeconds: 5
-      periodSeconds: 20
       timeoutSeconds: 4
   readinessProbe:
     management:
       httpGet:
         path: "/nevisauth/liveness"
-      initialDelaySeconds: 40
+      periodSeconds: 5
-      periodSeconds: 30
       timeoutSeconds: 6
+  startupProbe:
+    management:
+      httpGet:
+        path: "/nevisauth/liveness"
+      periodSeconds: 5
+      timeoutSeconds: 6
+      failureThreshold: 50
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-b8b0f093d7a2c6d564f85fc11747986a0bd36b92"
+    tag: "r-0a95034444af9c2e5b4a8c12cc3a0f444f6b0447"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
     credentials: "git-credentials"
   keystores:
@@ -48,9 +53,9 @@ spec:
   - "auth-auth-realm-mobile-fido-uaf-tls-client-nevisfido"
   - "auth-default-identity"
   truststores:
-  - "auth-default-tls-trust"
   - "auth-auth-realm-mobile-fido-uaf-tls-trust-nevisfido"
-  - "auth-default-default-signer-trust"
+  - "auth-idp-extended-truststore"
+  - "auth-internal-idp-auth-signer-trust"
   - "auth-technical-trust-store"
   podSecurity:
     policy: "baseline"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/cert.pem

@@ -1,17 +1,32 @@
 -----BEGIN CERTIFICATE-----
-MIICwzCCAmigAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1zZWxmc2ln
+MIIFjTCCA3WgAwIBAgIUezb8qY+kCx4eW1J9g24Y+bsf+kYwDQYJKoZIhvcNAQEL
-bmVkLWNhMB4XDTIzMDcyMDExMzcyNloXDTI0MDcxOTExMzcyNlowIDEeMBwGA1UE
+BQAwVjELMAkGA1UEBhMCY2gxEDAOBgNVBAoMB0Fkbm92dW0xDTALBgNVBAsMBEFH
-AwwVaWRwc2lnbmVyLnVhdC5hZ292LmNoMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A
+T1YxJjAkBgNVBAMMHWF1dGguYWdvdi13LmF6dXJlLmFkbm92dW0ubmV0MB4XDTI0
-MIIBigKCAYEA28fXdfRLtrzS0F5Hp5zEzPFfpNXKpIrbJaWdqwiuY6VIrzAJW0Wo
+MDgxOTExNTE0N1oXDTM0MDgxNzExNTE0N1owVjELMAkGA1UEBhMCY2gxEDAOBgNV
-FMuV2IHnU7sO8+B05Z20wq3x5JAbgYlBFnfdub/CYmyykAf0Rxz9irc9qbXBmX0A
+BAoMB0Fkbm92dW0xDTALBgNVBAsMBEFHT1YxJjAkBgNVBAMMHWF1dGguYWdvdi13
-G+JhQLxLcfyqlmFyLsjaxT3nUrytP+604LtzesnC3N7gfGtmSKgclym1s2ZVWkAK
+LmF6dXJlLmFkbm92dW0ubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
-4VXAZsM5HBnW1feHxSv3UTzvorW7PWkbmy4LU8SDoSraHgB/pBaiJRG8SMTjBHho
+AgEA1wWp33BH4/HjxovF60ac3LYCr0OuRq37K7vZrFZ0CxdnrZNgOTqW6PK72aOZ
-TTdFLPmH/N9dt5N1oJginnY9GvRJD8Qj1lrsTZOtv8ttKhnQkmymly+NCt7+wGIa
+rrL/9GHS7kr+6ORrtRcaQYJttqFWkyQVIQyb5wTRT8rAaugFFCon+FhIPNbrPU3l
-7HQQawqBIvflGG+R1OdQx7Q20/y5EfO4V3zJgq3p+gz9AziGPHEy+2s+i5LME1AI
+PSqNEnxYCPsjA32qfAg96gHhn1ZpSe/SYOguB6mAOh+5vCFAvGOTfL9Gugayqe8L
-D6vLfDN8cnTCdgqZGhAkRMBHtOydJd3dpJ0tgjnrdUpla2PoWp1B/v/Plneb9L5v
+3IAs7caDrEqB+sGo52P47Pz3fFnwlKnDZTFd2pOx43JYSNTE4bYBIOWwaTuN1MPM
-aMNqtuQA852dR14lP7+EeRLe9vJvzm9eBdF0JrDUm1K2Xy66i5gdzOoJngnRpl5J
+1XcDZXJ1eEab/euwJ6zDdTE09h+ZGEo89ogJmC0Ragpi/7SyY2431QaoC9q4tlen
-nNSweT+A8dn9AgMBAAGjUDBOMAsGA1UdDwQEAwIDqDAdBgNVHSUEFjAUBggrBgEF
+tQegWJWTMU/KhzdUamd9jJGa8bL7uO2edvHh+f0dIZxd/hPq0LteKiDXe258tpci
-BQcDAQYIKwYBBQUHAwIwIAYDVR0RBBkwF4IVaWRwc2lnbmVyLnVhdC5hZ292LmNo
+0laY/9SHgDNJv366dnL0HwkpqUZrKhGv+3EMqwCsqHN7Dhswz8AMWOShvdOPkGjF
-MAoGCCqGSM49BAMCA0kAMEYCIQCarOXKlJ0DVxVPGyj3oPMHWCJB+Xyee+j7k1gu
+gFJhdvGay1gyM1RFhlcEhl3yEdkVWAP3dJkmlSRotdZRsgfpgQHuWE5K5C96fSny
-OC93CQIhAICIzY/yCbST5V502Bt3vRCZMCmzhzXIGTol2PEoby6H
+yiRN4+LpYkZksFsGoWiMcpCIY2/s7uuv4Xo3Ql63gPL/dDjSCNHeXAI0BqGpVk9D
+dopXU06dfsY5p46Su3ku8do2QMpMi/b1bCtSOrpRKrr/4GJcr8OKyNsTNaFdh/Mm
+xhJ6+U3JkMNuAWcUAVxiNpF25R+xPV+kO+zDs+8IwJtMutcCAwEAAaNTMFEwHQYD
+VR0OBBYEFPvUI3yPIDXHsmoSRBzTlFcKVVA9MB8GA1UdIwQYMBaAFPvUI3yPIDXH
+smoSRBzTlFcKVVA9MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB
+AGzBJmppDmQPapUAI+bHpsXIxA+Uk3fFJIUDbzn2q3kkjWzszldBGJ+R+dmA/ROE
+rokT9oNggvoSGzf5Lyu9oniB8FoWxp2mWRzXiTXsuz0ZLmT3ZxOah1g9MtXLD567
+mdeKgjMFCM82OIRMsazdCtb43fJ0mvjuZ2Dv0Dt6O5I9TOWzTSx+ieGj2q/ZIQzl
+3sfNcIuovVHjiiGl5wpHVQfUeRhRyB2xnetfe+UqdJVjJm3WXpomdJh6GxGYnH78
+ZhnD6TJLhb41s5WF7dSxAQhTYJJuTTsF68bQEL787Mccqi4Ft4GqtF+vYTSAjWcM
+jVjXbd1Bk0gHqsCl+TxJg8VfBiauFf5WP96xnVw8Hx9aOMVNejLWVjYE/ExVyW8g
+94SJsL+cXjMjlZeL60yY9vgd59BHBOxBBq+5Qbx5bcfaIvXgaxt6sm1dk40D+YzR
+UqFMJtGMvPfRl+2yUQ36VinQxyFbbf6Yq4s/E0We5aRPp2CFiRqmtip9Chvk/7fP
++b8zZvJgTUJZFWtvVNs6QqOu/yOxtFpWzfHmlvp3ticepBuT6bKtUJHtEnHheCCX
+FF4MB65pTI/NrDVOec6PgRChz3UPGBEAtjjTCQUOe4HKQmOKedZKts51LuvHSuRu
+S9JPohzGT95cglskfqPn51n5hJOOTnMfg/Qj6uXQZU9+
 -----END CERTIFICATE-----

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/key.pem

@@ -1,42 +1,54 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIHazBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUXJ4RUaby0ltJyJMX
+MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQU95KG57RacAYBmkeQ
-fUO+2LAlu7cCAggAMB0GCWCGSAFlAwQBKgQQ0YfRZzwcjphTKuPQxktTuASCBxCG
+DIe1bZS0sbkCAggAMB0GCWCGSAFlAwQBKgQQyxdAya9Sd4oHLO1pzVWcYASCCVDT
-+b55W3IEKc/Yqf+zIRHBgvCY+w+l7vSMQqtDYOtiUBdxZWewy+IoV4Pw0X/ORT6k
+ozdXT3vjyqMzza4QKaMD4ywSAzGhQRM/TnxU5JbRLNMpdtq76Mfet2pv++UUjcof
-Jk8RXTG7hXb4GtuRmgVJeyxsf+8vhrtVpyelLLYkTalAjjvtT2YAukltALLpFMQm
+16EsdOOpDQdxdzQWmwGUNwjkX5YyWTaAefV8l9n6Bp8LV0XabS9We3g5Jr1KjuzP
-Zm42rW0HrVRtn6k7osbe5zL4whyhikohXamPJpTTrImP8fMzYyxfiHx2Y7Tnc66N
+O/xJgB2o6BcD/WRPeOaANSGoyWce4rCkpDwqxrp+tY9EK19SoCZG9Zy2hnPPH2Hc
-SMxBaQ3m2HClE6+6rkcPv/oC9V74GGYpCk0EcH7gsRLQFj3IlJTVxQoCP44ldzhq
+QgtgCAzqaXIp49KIXHn/Uo532lIz3WqkkhzVakwgAKLKIvc/SwgP0eSXLvPjeJYS
-fyWYe1DneH6IJLXID3Igca26ZXU9rTcfqAsBmVACq0GKdgXAFSUAhF6onqXjzpGQ
+L8DngPP0YD7IPgIs7WmMNNE7or69e7mO0miUOl7xStNHzHpLmtLNbYI7Pk6NLT7N
-/m7Vl3JbNPvrcgxzKBJsj9Z/Hv4qKz2yVpe3OMchTdxpI5k383y1F4rw8i4GSWIL
+kWfh2+E21R7llsW57boMACXVr7N3CHOlZQhUNViyjPayo1njVnp6gGzuIxluhHJY
-+A+t5M26WJw2uHx/k2RL1jyeXH2gR3IA72AffDU+f3jqd9pOqxXKSIhGq/KOK5Vk
+CL070oqBeEYVfvE07HQ4Qd0BL5c02pdrKjdzBYyLwzSNKn2RzgS2R/XtEqdmOUo+
-SiJ4IesVz26bfwjXEKcQk5qIpDBGjfSkYgMXxlQwOwTIoRn+1FM7Txox6tsVj4/v
+iuRngv9D1UPSI2xlFhv84778ktEeSf8l1nLltqhPJAmJUjSAcu/zjN4Q+HXqMRaF
-RnaorVayq5W1fk3t5EfNLprSFDO9T6OxFKvfzKMghdrKFNa5a3oqr3RDZSCE0tca
+IocDV4I7CaXDc2E0YdU8uHuzzUHLflJ2OZwU5N7tkoVOtAYHKUwCP4J/zpLSe2V2
-m9jQ9bp1ooD8/EUWsBxG4eJxe9B+yG3QAkudOoklJYTE9ysHBl2cPOIOksqrD76G
+MIh40IVJK4gzb+iyBiOnsnKKQCKMPbS4lH8zC2S486MgjgbhlZeFg0nOF955c61l
-agezGRazfqFVCmOtlye7bzQXv/AgDa/ve5E1f9jjueop2OwbvoEzCsrSYCWh3uiM
+Sb4MBrexU4s1TUg/fDpYt6jPZoKivN72jzi60kV43gBFHmP3X4SRAUQ4Y3h5NFF8
-C2IkvtSI6gW+9C8H1ofElKtDlRft/lMuviLCb3u7xsu2r7v/va2aYy4Lh6B5xARt
+h2p4wvYRsYEexjJU/+WJG4Yi1wSi3oEqD161a6vPOsKBLBdLRo1vgnQdGFx/k83X
-G7A4ZX0cxoI2N/T2FgHwJ8p7lTXJ8KuTGv0jrno9MBdKqo+HBtRTbFoi63qZ7EtL
+vjPlI2eEUMPCntNBbrTy8eUSJz/0OH2phztZpHuh5cfy4ErUi19d9ywZUlhurGvX
-MJS63MK4kSXcwyJ4+pnH0bI1wXf5qK7TVoWG6ZAWw385xaohXZZ6JK/z1WNbpfCU
+dC7ouTEqRZLkkSCfGTQM0q0O4JQJTLb5N4gWdZxQd2UwGv3jCK7m5eWx3bTdhhXi
-hlvjjdLxmNE5R/kmiKjp6zPhfR6+z73QXX9s3ZZv9fAV1mZcLwcucNnMRdJcYSVU
+179DoSpYBCJF3msn0ROO6PxsccH0w/I6KMi3QNmsDlXhDr6XIBya8CU0lx9lp0pl
-bNwAqnxhIoIZZB5H0c+jLfpaGyzVeAUzI3ljCekUlvutXFNSur6TI2ZmViiwIhuw
+5q62D26Ylr2fovd3qKKbwP6RaZarCzKLO6dWdyMqtUwVlX2FDCFd/SPGWc2TmuVS
-82A084eZ9qOBA+z64Xo9VJqWgdj99b45JNExcsmvbXG1REB8QAKzzGzadtwnc6VV
+vLb981Zm13AfYtNUSfusroDp3TEuvl7cwozg7p33SQhuCmgKnxMd0iXd5QQZjrR0
-iWuK9SPbIqOp2Sa6FEa/VxbgDOUiv20G5irs5Kp0iU+yRKerG/ejvBAn4o3M94wv
+t+y22dHrD1agkkoFMLz/+d+930J0sY4odG/HbL2Bv8ZelVUjA8XSFoGBEA+rfQCg
-hDwSmn80uu5NJtHuta+9u2jM6yyNl4ghXLxTl9gfbnpzI4wuX+4xhhdNm6HCNqcG
+DGmLh5a+/yfzxCEKWVLqmwHWbSkub8bXdl6EKEyaO9qo1KCLAf3tArQx45sqw8bK
-IzPUFS207YKR0QTaHB5x3ItVpp6Rjpb5lOtEpmff7qO/69ljtNLRe+VEdqLrQoK7
+8AYq2mrNIiMDhHub+XEEC0Aw2lZkJOrwwMEsTcZWfBvj56MdRNXuZMvPdarTbnDx
-9IsIaXqBp719nyG3z90KwBigRGl1ljDF3plT1slERdfMsdVdT8duwHc8mevR/H+t
+zzxatqIwfvpOy/S2Poyrc6GuprbZCM6N+cDLdWQqAHVwAlx77NhiJ6s3vUnE3vB7
-VG0DkUmGAamyr2plyZiDtzfly/qhG9de4WCRLckVJvMkzwrpmtN+DIB26a1mQwrA
+aHgmXU+a8uPA64tKKaRNQJ31f7viCkWJXEbbEhVTzCvFcoqbKPPMm9w7nO8PMUTu
-OuKaCBrQj/1G7EnHuNDWOFOtbHUqitQ9OukNCTi5/7JMp6FY2bIyE58Hoj88m4Hy
+BmwSFEKhd3BDKZavqTHKi66fF3A5ALFYAkMw/AlvinMitb9s+7WlWQrdvSFkqHsY
-wMMzkFYkh5NJ82ysUdewX99vTJjgD0qKFoDBqB1REEOWi8J14vdGmejhq0A5rq0q
+wNQ1ankleYd24/8ZllvsQpleLMepDSxP6zUMpXSHbTKp5MZeoCaaY1RCkg7aOduz
-2tBAyVSbK8gFfY7pQCGpHSerlR8YGpS01KBDct+MlkIout6SrvWxUhwnx9Lmi09f
+brnD7lRAfLp0H72nxVgC7n6VjidOSruF7k9WIN9VVbP0ZVL/QtkKRWd/hEmtMNaH
-Kk/170DJXXhWlkTu8mylAF7A9vEzsST3GZgnaWkXIeFDKiXUD1w+io1K2ziZbiZZ
+ELg2ekdm3zvdBuvtr0jNiCxbhTr3j5OWQkT/BjZxHpZfA14XEROJC2Slo3PxUwBH
-Im3dSe6dxsWZkYF+wjpnTjS7op3Q6gOJ3mkkGpBWOtOzGiFNIP/7epSr3eVInHdo
+0lE0cICWTeaeYcCX8ofawN+t1Qa6UD0sLl2670Kc7pozkJM4ul19rGA2KsHX89gE
-F4HgET5h2VknsXMKdzU0YDcXsDdWwwwyHqKIM9b37mqA6c3bMwTB1+ykrznudnAP
+CaB1CkhFCqZhPbqX9yonv9XZtLb8Of8rBNVd/2QKN4/tOXcMYshzakSfSSIsyxxt
-8jpqPz6mUqvwzqPoi3e2bNxPwnYgguFrUIqYgiydfZQ3AZsQGTVTq6Jjp/+7K9xv
+QgMPRfz0nJTtP7v8ZbwIO+ayGoUeH7aYKhQ6Ku3qW9XuYiy+oMTIOToCSddnEI5t
-yCuwjpuEtz5ZNchcwrJoj8Yet9saYSGBaUu10Ks0/PGIHKbznVQJHCBofAmE6WQb
+JNuPkT9kzA9stkRbFV5kBvrv5LWprWDXdA/wyAWG7txncWj6UzGlP8C3KhtMHLHv
-cIveRYphfVjbIa+VxpLJRaMj5ymZSViBtHx6Gwjsnq2NR5H1qBt79qXWzRk7ulJy
+CiOXrE8UJdNNeT52dYI9slg+tzcCfz3sqMr9zXratvT6JMzrQZqCSis8vIx18TIK
-cpVasv7Gi3W8SIEbcDvlWUgc8jJOXPmhQ63BS4+eyYNgrSxFY4XYhUZ2Cwi8wXvm
+N5yDWHDFUOeNpo7aRqd5goW3qProwfZDjBXiqE4J+AJ5wc73PuftHt2l00zvLDWs
-w1MUisDiIIdTapE/rux+bjB5MnEJC/IICvk8NAH5PuSODm/DE34MdlxA/nUP7Cm4
+SFIRvXbavNBA7GxpVtN8Qxmk6Lm0u0pBiastndowgAI5OIQVuwoA21vXyC5n9pMd
-ssLvI9IK2hzhASqt71gxoOJUnEptPzabMOYm5hIOksfz+0vjO0grgrVXV4UgTmpz
+bPJsmiPyme62OkCWmAjBNDLNVViwKMH8BxmLKJxX+6ysNsn0YY1+9YfI/zC3j4jM
-T3gvIRwg13vkvKxEfpvGJG5aEkCsZS15/MTsF9FPYiYPYeKOOdIGNzYoRbmqGjIg
+OYsK1c0NvFIv5aUxRQZLTJJt9C299jGNvdAJsfdp4LHejzZUjnx3nguz/l6RI1Vb
-5KyeELDKiulsilGFeRnxM97xpVI3DtezQHTr/N37wsJBeCZyOxGa6j/1rf4ZvgGi
+vjQ1qDRPhkgErGXSHsCoCt+z5Y6mq17JWEX/FiXBWQbfSGoG/ZvoOqiBybCQ3HNl
-lkHVmCZYqHYlow6qOS8/lIKpHdhBaEmr6ciZ8fiIA4GeYU0GwzdAd8YuNYqF0dxF
+o9QM1sNQ5fUZDh0TgwkJB91rZXPwi828RklMW8VZszZir5gziTnndhw0ADLCZZ6z
-zWupzSNScKSE1nmu0NIdbanhs78Z2q9vqm/B5ueFCQ==
+nA0vZAI7sjoEeIgiJq3egrsSLq2ZQRQsh5QF+Xo2QktleGvPrtMv//ZyGz4l59yc
+wX/7DtABurFhVs3KdYohcqXk2v5jJCMs+j9YDn6540QR6yXcbifp9ySqhm/PeH91
+UuL16YKxoV6QBZIGE0vjdUitGKNsS+H4ibD/0ZHYG+VcyL90eIrBq61CjfIO79O0
+L9+G4gKB91stXwtpqZWXTrlzrnjloZOPhqyQN/bs/liWQ6qy0a6Cd6nbWc141An1
+zEiOihbwLJ4ziCut+bq5lwyw6z/wWEhaVNnYspEEBr2URLMHbnBceS6zXoePT0ur
+9mQQLitmtlANlJ93vBDPhCaEjkK1v5J7MmIHQzyLSQGuLdXwz50piJukWru3aNax
+skloghJYeTMILEcGAszvyVtcvPqkrJnZXx4Qp7Luj5HK9THr78v3T4nWzirfqxPZ
+x70xRyhsC2lLcIrJ+3jkXj44edIqdh3Wvi30L2x2iUFyZ0ojQJQDo/+5b+p9k36L
+Dk8ktpeIa/BE3NsfcFaWn9bvRkQ6UAQcNn1zmkavfw5TLI4C1PnD/WUpPHZdhzNV
+K87CsUawxjEg0uCCaViShF6bD9mOWQxE3SM9yNizjTmotF6KrgkT16y/qZ17KGQM
+hJ5PraGu9jvg+L/MrQpr91eyJaeh9JFl9dM/SPM0mXo5q813bdMmqD4cc3YWCLee
+dHtmaKJ08KD1cJqHBz0DRLVV+zH00BMoYt5HZ5DmHFU1zhDekWZLhilbyWt8+z1E
+bzsoEAfZvyfvF7fJuxQ/HhYdR6TX5H+aNzZZivVc6g==
 -----END ENCRYPTED PRIVATE KEY-----

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/own/idp-pem-signer/keystore.pem

@@ -1,60 +1,87 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIIHazBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQUXJ4RUaby0ltJyJMX
+MIIJqzBVBgkqhkiG9w0BBQ0wSDAnBgkqhkiG9w0BBQwwGgQU95KG57RacAYBmkeQ
-fUO+2LAlu7cCAggAMB0GCWCGSAFlAwQBKgQQ0YfRZzwcjphTKuPQxktTuASCBxCG
+DIe1bZS0sbkCAggAMB0GCWCGSAFlAwQBKgQQyxdAya9Sd4oHLO1pzVWcYASCCVDT
-+b55W3IEKc/Yqf+zIRHBgvCY+w+l7vSMQqtDYOtiUBdxZWewy+IoV4Pw0X/ORT6k
+ozdXT3vjyqMzza4QKaMD4ywSAzGhQRM/TnxU5JbRLNMpdtq76Mfet2pv++UUjcof
-Jk8RXTG7hXb4GtuRmgVJeyxsf+8vhrtVpyelLLYkTalAjjvtT2YAukltALLpFMQm
+16EsdOOpDQdxdzQWmwGUNwjkX5YyWTaAefV8l9n6Bp8LV0XabS9We3g5Jr1KjuzP
-Zm42rW0HrVRtn6k7osbe5zL4whyhikohXamPJpTTrImP8fMzYyxfiHx2Y7Tnc66N
+O/xJgB2o6BcD/WRPeOaANSGoyWce4rCkpDwqxrp+tY9EK19SoCZG9Zy2hnPPH2Hc
-SMxBaQ3m2HClE6+6rkcPv/oC9V74GGYpCk0EcH7gsRLQFj3IlJTVxQoCP44ldzhq
+QgtgCAzqaXIp49KIXHn/Uo532lIz3WqkkhzVakwgAKLKIvc/SwgP0eSXLvPjeJYS
-fyWYe1DneH6IJLXID3Igca26ZXU9rTcfqAsBmVACq0GKdgXAFSUAhF6onqXjzpGQ
+L8DngPP0YD7IPgIs7WmMNNE7or69e7mO0miUOl7xStNHzHpLmtLNbYI7Pk6NLT7N
-/m7Vl3JbNPvrcgxzKBJsj9Z/Hv4qKz2yVpe3OMchTdxpI5k383y1F4rw8i4GSWIL
+kWfh2+E21R7llsW57boMACXVr7N3CHOlZQhUNViyjPayo1njVnp6gGzuIxluhHJY
-+A+t5M26WJw2uHx/k2RL1jyeXH2gR3IA72AffDU+f3jqd9pOqxXKSIhGq/KOK5Vk
+CL070oqBeEYVfvE07HQ4Qd0BL5c02pdrKjdzBYyLwzSNKn2RzgS2R/XtEqdmOUo+
-SiJ4IesVz26bfwjXEKcQk5qIpDBGjfSkYgMXxlQwOwTIoRn+1FM7Txox6tsVj4/v
+iuRngv9D1UPSI2xlFhv84778ktEeSf8l1nLltqhPJAmJUjSAcu/zjN4Q+HXqMRaF
-RnaorVayq5W1fk3t5EfNLprSFDO9T6OxFKvfzKMghdrKFNa5a3oqr3RDZSCE0tca
+IocDV4I7CaXDc2E0YdU8uHuzzUHLflJ2OZwU5N7tkoVOtAYHKUwCP4J/zpLSe2V2
-m9jQ9bp1ooD8/EUWsBxG4eJxe9B+yG3QAkudOoklJYTE9ysHBl2cPOIOksqrD76G
+MIh40IVJK4gzb+iyBiOnsnKKQCKMPbS4lH8zC2S486MgjgbhlZeFg0nOF955c61l
-agezGRazfqFVCmOtlye7bzQXv/AgDa/ve5E1f9jjueop2OwbvoEzCsrSYCWh3uiM
+Sb4MBrexU4s1TUg/fDpYt6jPZoKivN72jzi60kV43gBFHmP3X4SRAUQ4Y3h5NFF8
-C2IkvtSI6gW+9C8H1ofElKtDlRft/lMuviLCb3u7xsu2r7v/va2aYy4Lh6B5xARt
+h2p4wvYRsYEexjJU/+WJG4Yi1wSi3oEqD161a6vPOsKBLBdLRo1vgnQdGFx/k83X
-G7A4ZX0cxoI2N/T2FgHwJ8p7lTXJ8KuTGv0jrno9MBdKqo+HBtRTbFoi63qZ7EtL
+vjPlI2eEUMPCntNBbrTy8eUSJz/0OH2phztZpHuh5cfy4ErUi19d9ywZUlhurGvX
-MJS63MK4kSXcwyJ4+pnH0bI1wXf5qK7TVoWG6ZAWw385xaohXZZ6JK/z1WNbpfCU
+dC7ouTEqRZLkkSCfGTQM0q0O4JQJTLb5N4gWdZxQd2UwGv3jCK7m5eWx3bTdhhXi
-hlvjjdLxmNE5R/kmiKjp6zPhfR6+z73QXX9s3ZZv9fAV1mZcLwcucNnMRdJcYSVU
+179DoSpYBCJF3msn0ROO6PxsccH0w/I6KMi3QNmsDlXhDr6XIBya8CU0lx9lp0pl
-bNwAqnxhIoIZZB5H0c+jLfpaGyzVeAUzI3ljCekUlvutXFNSur6TI2ZmViiwIhuw
+5q62D26Ylr2fovd3qKKbwP6RaZarCzKLO6dWdyMqtUwVlX2FDCFd/SPGWc2TmuVS
-82A084eZ9qOBA+z64Xo9VJqWgdj99b45JNExcsmvbXG1REB8QAKzzGzadtwnc6VV
+vLb981Zm13AfYtNUSfusroDp3TEuvl7cwozg7p33SQhuCmgKnxMd0iXd5QQZjrR0
-iWuK9SPbIqOp2Sa6FEa/VxbgDOUiv20G5irs5Kp0iU+yRKerG/ejvBAn4o3M94wv
+t+y22dHrD1agkkoFMLz/+d+930J0sY4odG/HbL2Bv8ZelVUjA8XSFoGBEA+rfQCg
-hDwSmn80uu5NJtHuta+9u2jM6yyNl4ghXLxTl9gfbnpzI4wuX+4xhhdNm6HCNqcG
+DGmLh5a+/yfzxCEKWVLqmwHWbSkub8bXdl6EKEyaO9qo1KCLAf3tArQx45sqw8bK
-IzPUFS207YKR0QTaHB5x3ItVpp6Rjpb5lOtEpmff7qO/69ljtNLRe+VEdqLrQoK7
+8AYq2mrNIiMDhHub+XEEC0Aw2lZkJOrwwMEsTcZWfBvj56MdRNXuZMvPdarTbnDx
-9IsIaXqBp719nyG3z90KwBigRGl1ljDF3plT1slERdfMsdVdT8duwHc8mevR/H+t
+zzxatqIwfvpOy/S2Poyrc6GuprbZCM6N+cDLdWQqAHVwAlx77NhiJ6s3vUnE3vB7
-VG0DkUmGAamyr2plyZiDtzfly/qhG9de4WCRLckVJvMkzwrpmtN+DIB26a1mQwrA
+aHgmXU+a8uPA64tKKaRNQJ31f7viCkWJXEbbEhVTzCvFcoqbKPPMm9w7nO8PMUTu
-OuKaCBrQj/1G7EnHuNDWOFOtbHUqitQ9OukNCTi5/7JMp6FY2bIyE58Hoj88m4Hy
+BmwSFEKhd3BDKZavqTHKi66fF3A5ALFYAkMw/AlvinMitb9s+7WlWQrdvSFkqHsY
-wMMzkFYkh5NJ82ysUdewX99vTJjgD0qKFoDBqB1REEOWi8J14vdGmejhq0A5rq0q
+wNQ1ankleYd24/8ZllvsQpleLMepDSxP6zUMpXSHbTKp5MZeoCaaY1RCkg7aOduz
-2tBAyVSbK8gFfY7pQCGpHSerlR8YGpS01KBDct+MlkIout6SrvWxUhwnx9Lmi09f
+brnD7lRAfLp0H72nxVgC7n6VjidOSruF7k9WIN9VVbP0ZVL/QtkKRWd/hEmtMNaH
-Kk/170DJXXhWlkTu8mylAF7A9vEzsST3GZgnaWkXIeFDKiXUD1w+io1K2ziZbiZZ
+ELg2ekdm3zvdBuvtr0jNiCxbhTr3j5OWQkT/BjZxHpZfA14XEROJC2Slo3PxUwBH
-Im3dSe6dxsWZkYF+wjpnTjS7op3Q6gOJ3mkkGpBWOtOzGiFNIP/7epSr3eVInHdo
+0lE0cICWTeaeYcCX8ofawN+t1Qa6UD0sLl2670Kc7pozkJM4ul19rGA2KsHX89gE
-F4HgET5h2VknsXMKdzU0YDcXsDdWwwwyHqKIM9b37mqA6c3bMwTB1+ykrznudnAP
+CaB1CkhFCqZhPbqX9yonv9XZtLb8Of8rBNVd/2QKN4/tOXcMYshzakSfSSIsyxxt
-8jpqPz6mUqvwzqPoi3e2bNxPwnYgguFrUIqYgiydfZQ3AZsQGTVTq6Jjp/+7K9xv
+QgMPRfz0nJTtP7v8ZbwIO+ayGoUeH7aYKhQ6Ku3qW9XuYiy+oMTIOToCSddnEI5t
-yCuwjpuEtz5ZNchcwrJoj8Yet9saYSGBaUu10Ks0/PGIHKbznVQJHCBofAmE6WQb
+JNuPkT9kzA9stkRbFV5kBvrv5LWprWDXdA/wyAWG7txncWj6UzGlP8C3KhtMHLHv
-cIveRYphfVjbIa+VxpLJRaMj5ymZSViBtHx6Gwjsnq2NR5H1qBt79qXWzRk7ulJy
+CiOXrE8UJdNNeT52dYI9slg+tzcCfz3sqMr9zXratvT6JMzrQZqCSis8vIx18TIK
-cpVasv7Gi3W8SIEbcDvlWUgc8jJOXPmhQ63BS4+eyYNgrSxFY4XYhUZ2Cwi8wXvm
+N5yDWHDFUOeNpo7aRqd5goW3qProwfZDjBXiqE4J+AJ5wc73PuftHt2l00zvLDWs
-w1MUisDiIIdTapE/rux+bjB5MnEJC/IICvk8NAH5PuSODm/DE34MdlxA/nUP7Cm4
+SFIRvXbavNBA7GxpVtN8Qxmk6Lm0u0pBiastndowgAI5OIQVuwoA21vXyC5n9pMd
-ssLvI9IK2hzhASqt71gxoOJUnEptPzabMOYm5hIOksfz+0vjO0grgrVXV4UgTmpz
+bPJsmiPyme62OkCWmAjBNDLNVViwKMH8BxmLKJxX+6ysNsn0YY1+9YfI/zC3j4jM
-T3gvIRwg13vkvKxEfpvGJG5aEkCsZS15/MTsF9FPYiYPYeKOOdIGNzYoRbmqGjIg
+OYsK1c0NvFIv5aUxRQZLTJJt9C299jGNvdAJsfdp4LHejzZUjnx3nguz/l6RI1Vb
-5KyeELDKiulsilGFeRnxM97xpVI3DtezQHTr/N37wsJBeCZyOxGa6j/1rf4ZvgGi
+vjQ1qDRPhkgErGXSHsCoCt+z5Y6mq17JWEX/FiXBWQbfSGoG/ZvoOqiBybCQ3HNl
-lkHVmCZYqHYlow6qOS8/lIKpHdhBaEmr6ciZ8fiIA4GeYU0GwzdAd8YuNYqF0dxF
+o9QM1sNQ5fUZDh0TgwkJB91rZXPwi828RklMW8VZszZir5gziTnndhw0ADLCZZ6z
-zWupzSNScKSE1nmu0NIdbanhs78Z2q9vqm/B5ueFCQ==
+nA0vZAI7sjoEeIgiJq3egrsSLq2ZQRQsh5QF+Xo2QktleGvPrtMv//ZyGz4l59yc
+wX/7DtABurFhVs3KdYohcqXk2v5jJCMs+j9YDn6540QR6yXcbifp9ySqhm/PeH91
+UuL16YKxoV6QBZIGE0vjdUitGKNsS+H4ibD/0ZHYG+VcyL90eIrBq61CjfIO79O0
+L9+G4gKB91stXwtpqZWXTrlzrnjloZOPhqyQN/bs/liWQ6qy0a6Cd6nbWc141An1
+zEiOihbwLJ4ziCut+bq5lwyw6z/wWEhaVNnYspEEBr2URLMHbnBceS6zXoePT0ur
+9mQQLitmtlANlJ93vBDPhCaEjkK1v5J7MmIHQzyLSQGuLdXwz50piJukWru3aNax
+skloghJYeTMILEcGAszvyVtcvPqkrJnZXx4Qp7Luj5HK9THr78v3T4nWzirfqxPZ
+x70xRyhsC2lLcIrJ+3jkXj44edIqdh3Wvi30L2x2iUFyZ0ojQJQDo/+5b+p9k36L
+Dk8ktpeIa/BE3NsfcFaWn9bvRkQ6UAQcNn1zmkavfw5TLI4C1PnD/WUpPHZdhzNV
+K87CsUawxjEg0uCCaViShF6bD9mOWQxE3SM9yNizjTmotF6KrgkT16y/qZ17KGQM
+hJ5PraGu9jvg+L/MrQpr91eyJaeh9JFl9dM/SPM0mXo5q813bdMmqD4cc3YWCLee
+dHtmaKJ08KD1cJqHBz0DRLVV+zH00BMoYt5HZ5DmHFU1zhDekWZLhilbyWt8+z1E
+bzsoEAfZvyfvF7fJuxQ/HhYdR6TX5H+aNzZZivVc6g==
 -----END ENCRYPTED PRIVATE KEY-----
 
 -----BEGIN CERTIFICATE-----
-MIICwzCCAmigAwIBAgIBATAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1zZWxmc2ln
+MIIFjTCCA3WgAwIBAgIUezb8qY+kCx4eW1J9g24Y+bsf+kYwDQYJKoZIhvcNAQEL
-bmVkLWNhMB4XDTIzMDcyMDExMzcyNloXDTI0MDcxOTExMzcyNlowIDEeMBwGA1UE
+BQAwVjELMAkGA1UEBhMCY2gxEDAOBgNVBAoMB0Fkbm92dW0xDTALBgNVBAsMBEFH
-AwwVaWRwc2lnbmVyLnVhdC5hZ292LmNoMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A
+T1YxJjAkBgNVBAMMHWF1dGguYWdvdi13LmF6dXJlLmFkbm92dW0ubmV0MB4XDTI0
-MIIBigKCAYEA28fXdfRLtrzS0F5Hp5zEzPFfpNXKpIrbJaWdqwiuY6VIrzAJW0Wo
+MDgxOTExNTE0N1oXDTM0MDgxNzExNTE0N1owVjELMAkGA1UEBhMCY2gxEDAOBgNV
-FMuV2IHnU7sO8+B05Z20wq3x5JAbgYlBFnfdub/CYmyykAf0Rxz9irc9qbXBmX0A
+BAoMB0Fkbm92dW0xDTALBgNVBAsMBEFHT1YxJjAkBgNVBAMMHWF1dGguYWdvdi13
-G+JhQLxLcfyqlmFyLsjaxT3nUrytP+604LtzesnC3N7gfGtmSKgclym1s2ZVWkAK
+LmF6dXJlLmFkbm92dW0ubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
-4VXAZsM5HBnW1feHxSv3UTzvorW7PWkbmy4LU8SDoSraHgB/pBaiJRG8SMTjBHho
+AgEA1wWp33BH4/HjxovF60ac3LYCr0OuRq37K7vZrFZ0CxdnrZNgOTqW6PK72aOZ
-TTdFLPmH/N9dt5N1oJginnY9GvRJD8Qj1lrsTZOtv8ttKhnQkmymly+NCt7+wGIa
+rrL/9GHS7kr+6ORrtRcaQYJttqFWkyQVIQyb5wTRT8rAaugFFCon+FhIPNbrPU3l
-7HQQawqBIvflGG+R1OdQx7Q20/y5EfO4V3zJgq3p+gz9AziGPHEy+2s+i5LME1AI
+PSqNEnxYCPsjA32qfAg96gHhn1ZpSe/SYOguB6mAOh+5vCFAvGOTfL9Gugayqe8L
-D6vLfDN8cnTCdgqZGhAkRMBHtOydJd3dpJ0tgjnrdUpla2PoWp1B/v/Plneb9L5v
+3IAs7caDrEqB+sGo52P47Pz3fFnwlKnDZTFd2pOx43JYSNTE4bYBIOWwaTuN1MPM
-aMNqtuQA852dR14lP7+EeRLe9vJvzm9eBdF0JrDUm1K2Xy66i5gdzOoJngnRpl5J
+1XcDZXJ1eEab/euwJ6zDdTE09h+ZGEo89ogJmC0Ragpi/7SyY2431QaoC9q4tlen
-nNSweT+A8dn9AgMBAAGjUDBOMAsGA1UdDwQEAwIDqDAdBgNVHSUEFjAUBggrBgEF
+tQegWJWTMU/KhzdUamd9jJGa8bL7uO2edvHh+f0dIZxd/hPq0LteKiDXe258tpci
-BQcDAQYIKwYBBQUHAwIwIAYDVR0RBBkwF4IVaWRwc2lnbmVyLnVhdC5hZ292LmNo
+0laY/9SHgDNJv366dnL0HwkpqUZrKhGv+3EMqwCsqHN7Dhswz8AMWOShvdOPkGjF
-MAoGCCqGSM49BAMCA0kAMEYCIQCarOXKlJ0DVxVPGyj3oPMHWCJB+Xyee+j7k1gu
+gFJhdvGay1gyM1RFhlcEhl3yEdkVWAP3dJkmlSRotdZRsgfpgQHuWE5K5C96fSny
-OC93CQIhAICIzY/yCbST5V502Bt3vRCZMCmzhzXIGTol2PEoby6H
+yiRN4+LpYkZksFsGoWiMcpCIY2/s7uuv4Xo3Ql63gPL/dDjSCNHeXAI0BqGpVk9D
+dopXU06dfsY5p46Su3ku8do2QMpMi/b1bCtSOrpRKrr/4GJcr8OKyNsTNaFdh/Mm
+xhJ6+U3JkMNuAWcUAVxiNpF25R+xPV+kO+zDs+8IwJtMutcCAwEAAaNTMFEwHQYD
+VR0OBBYEFPvUI3yPIDXHsmoSRBzTlFcKVVA9MB8GA1UdIwQYMBaAFPvUI3yPIDXH
+smoSRBzTlFcKVVA9MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB
+AGzBJmppDmQPapUAI+bHpsXIxA+Uk3fFJIUDbzn2q3kkjWzszldBGJ+R+dmA/ROE
+rokT9oNggvoSGzf5Lyu9oniB8FoWxp2mWRzXiTXsuz0ZLmT3ZxOah1g9MtXLD567
+mdeKgjMFCM82OIRMsazdCtb43fJ0mvjuZ2Dv0Dt6O5I9TOWzTSx+ieGj2q/ZIQzl
+3sfNcIuovVHjiiGl5wpHVQfUeRhRyB2xnetfe+UqdJVjJm3WXpomdJh6GxGYnH78
+ZhnD6TJLhb41s5WF7dSxAQhTYJJuTTsF68bQEL787Mccqi4Ft4GqtF+vYTSAjWcM
+jVjXbd1Bk0gHqsCl+TxJg8VfBiauFf5WP96xnVw8Hx9aOMVNejLWVjYE/ExVyW8g
+94SJsL+cXjMjlZeL60yY9vgd59BHBOxBBq+5Qbx5bcfaIvXgaxt6sm1dk40D+YzR
+UqFMJtGMvPfRl+2yUQ36VinQxyFbbf6Yq4s/E0We5aRPp2CFiRqmtip9Chvk/7fP
++b8zZvJgTUJZFWtvVNs6QqOu/yOxtFpWzfHmlvp3ticepBuT6bKtUJHtEnHheCCX
+FF4MB65pTI/NrDVOec6PgRChz3UPGBEAtjjTCQUOe4HKQmOKedZKts51LuvHSuRu
+S9JPohzGT95cglskfqPn51n5hJOOTnMfg/Qj6uXQZU9+
 -----END CERTIFICATE-----

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/keys/trust/idp-pem-atb/truststore.pem

@@ -1,17 +1,24 @@
 -----BEGIN CERTIFICATE-----
-MIICwjCCAmigAwIBAgIBAjAKBggqhkjOPQQDAjAYMRYwFAYDVQQDEw1zZWxmc2ln
+MIIEGDCCAwCgAwIBAgIBBDANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQGEwJjaDEQ
-bmVkLWNhMB4XDTIzMDcyMDExMzkzN1oXDTI0MDcxOTExMzkzN1owIDEeMBwGA1UE
+MA4GA1UEChMHQWRub3Z1bTEXMBUGA1UEAxMOYml0ZWlhbS1yb290Q0EwHhcNMjAw
-AwwVYXRic2lnbmVyLnVhdC5hZ292LmNoMIIBojANBgkqhkiG9w0BAQEFAAOCAY8A
+MzA1MTYzMDAwWhcNMzAwMzAzMTYzMDAwWjA0MQswCQYDVQQGEwJjaDEQMA4GA1UE
-MIIBigKCAYEAs8SITgXvwEBI+rmuBr6EkG5qeE9ctRBRLNP693MTpjkCi4rcqfzO
+ChMHQWRub3Z1bTETMBEGA1UEAxMKc2lnbmVyRkVEUzCCASIwDQYJKoZIhvcNAQEB
-//EU4ogDrtLwl99w6mazKuK+73DCfaVTWBdLIN3sqWiX/uU+2pPS3ldymsJcDRhi
+BQADggEPADCCAQoCggEBAJoWqbsYhNXW0mDsDJPAiTN896e4QML9qnt7FIhVKKe3
-ERJAYUZKyw4JlQMAnZrt7DRdEXJH4VshOHRD6Q1TFQEsGVRIW2HakLatz8mxwNbD
+T66lT/nfOkFPUZuKejgbjFFDEDChRJf0Achq7lWGKPrNPnrTxZmU7Bcu86BER76L
-xKdBqQS88x5WJgkI0cMdfOVKf59fH+xa32NSE1c0MYwj98doSNrLIh8n47qk4R2p
+4kDcGF/x03W9fgUgQ7X45CXYeq4vqfpzNC+lkZA1OxbpcXZA/4Z39Z3pm7CWXnAg
-4bUyaGIx1ylXRjRMlx7b0ew/VfkSg8WtnR2DHj5sJ31uqrAXiMFY0slCiX0+Fu3O
+v6nFABKJ9kVAyhuPyb5yIuGHcdLL+068aVp5sxY/6HoXf889+iVFDgTwSXVYKMyZ
-uiul/FH1v2xgT2rH0JhhLt+dCCCqfLLjwuLMSneco6AvcihDaN+AujWSn/aoTWPD
+nZbvvd/IIod4WuiXsOspPS9yj+E9yMvtsUtChghcQ17ubo7S1P8JxAQWXngopH8Y
-BsB1ACKqkcaBBHt3giyEWb5T5J0QA5VfJEKYwBosvdFfUoPOgXTOQVGRnLMKfXSy
+nDeOiesJfR2APDdg7EXWYewARSFr10GxuXoKDjLe148CAwEAAaOCAS8wggErMAkG
-AHUzKiR8Z1x3VwmHT8HJME6BaR8MZP58nFV8k/NpYw7gryNod9n8ZrsK84aLEzmV
+A1UdEwQCMAAwPwYJYIZIAYb4QgENBDIWME5ldmlzIEtleUJveCBHZW5lcmF0ZWQg
-iYnPn1/V4fl9AgMBAAGjUDBOMAsGA1UdDwQEAwIDqDAdBgNVHSUEFjAUBggrBgEF
+Q2VydGlmaWNhdGUgdXNpbmcgT3BlblNTTDALBgNVHQ8EBAMCA6gwHQYDVR0lBBYw
-BQcDAQYIKwYBBQUHAwIwIAYDVR0RBBkwF4IVYXRic2lnbmVyLnVhdC5hZ292LmNo
+FAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQ4zYpzY1lB5/bKeg3z1kJO
-MAoGCCqGSM49BAMCA0gAMEUCIQDIYEk1HuQxV83m1FQRfUuUgtOkX1gLDNlNEkCb
+kkdYgDBoBgNVHSMEYTBfgBRRdKau0TH9VQ0E8ob0J+WyYkcs4aE8pDowODELMAkG
-UfWMMAIgd6HpbvTeur7LYGtqztc7FMADJHDNgYyBAOng+xkxHQw=
+A1UEBhMCY2gxEDAOBgNVBAoTB0Fkbm92dW0xFzAVBgNVBAMTDmJpdGVpYW0tcm9v
+dENBggkA+97eIJWmttcwEQYJYIZIAYb4QgEBBAQDAgbAMBUGA1UdEQQOMAyCCnNp
+Z25lckZFRFMwDQYJKoZIhvcNAQELBQADggEBAHGHJ7DzRNdPl6Kiy4rCoQR/nhTa
+VbBsAeB070NpWma2iun3Wf5zIoefbSlPoofP4tOVYUoKtMHTWCYAUnHIEg5H985y
+Ym2MFY0vwgMZ+Jvcs7NCHzK9O/tN+uUjkFNLSCfzTb+K9vyF6lj4L4lQWa5++DZ6
+kWPaDWvwY/NOSoIehmJupmcJlA1qxzlTc+659xoOk1WyhusNkuiOUjFrLQ+tgRnD
+7dGuzJQyBV1Iy/A4IhpN2ootVgrI7NMJ2YetCq7yuipRZka3RoeVhUs8CWFfYRtc
+saTCck7atYyMVlPUf03EppC18ILBmbNzYJ58KT2oQywa7+Sdsqx4+5cOOOU=
 -----END CERTIFICATE-----

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict.properties

@@ -1,5 +1,15 @@
 
 accept.button.label=Accept
+agov-ident.done.message=Your AGOV account is now ready for use. Please close this page.
+agov-ident.done.title=Done
+agov-ident.failed.instruction=You need an AGOV account and pass the suggested data verification to successfully finish the on-boarding. Please try again.
+agov-ident.failed.message=Onboarding cancelled or data verification postponed
+agov-ident.failed.title=Verification needed
+agov-ident.invalid-url.instruction=The link you used to access this page isn't valid. Please make sure you use it as received without any typos or click it directly on the page, where it is published.
+agov-ident.invalid-url.message=Link can't be processed
+agov-ident.invalid-url.title=Invalid Link
+agov-ident.onboarding=Registration & Verification
+agov-ident.retry=Try again
 button.submit=Submit
 cancel.button.label=Cancel
 continue.button.label=Continue
@@ -40,7 +50,7 @@ fido2_auth.instruction2=An authentication window will appear
 fido2_auth.instruction3=Follow the instructions
 fido2_auth.skipInstructions=Skip instructions next time
 fido2_auth.switchLogin=SWITCH TO LOGIN WITH
-footer.link=https://agov.ch/?c=contact&l=en
+footer.link=https://agov.ch
 footer.link.label=Contact
 footer.text=Authentication service of Swiss authorities AGOV - a collaboration between cantons, their municipalities, and the federal administration. -
 general.AGOVAccessApp=AGOV access app
@@ -55,22 +65,37 @@ general.edit=Edit
 general.email=Email
 general.email.address=Email address
 general.entryCode=Code entry
+general.fieldRequired=Field required.
 general.getStarted=Get started
 general.goAGOVHelp=Go to AGOV help
 general.goAccessApp=Login with AGOV access
+general.goToAccessApp=Go to AGOV access app
 general.help=Help
-general.help.link=https://agov.ch/pages/help_en.html
+general.help.link=https://agov.ch/help
 general.login=Login
+general.login.accessApp=Login with Access App
+general.login.securityKey=Login with Security Key
 general.loginSecurityKey=Start Security key login
+general.moreOptions=MORE OPTIONS
 general.or=OR
-general.otherOptions=OTHER OPTIONS
+general.otherLoginMethods=Other login methods
 general.recovery=Recovery
+general.recovery.help.link=https://help.agov.ch/?c=100recovery
+general.recoveryCode.downloadPdf=Download as PDF
+general.recoveryCode.inputLabel=Recovery code
+general.recoveryCode.repeatCodeError=The code you entered was incorrect. Please ensure you have stored it correctly, then continue to resubmit.
+general.recoveryCode.repeatCodeModal.description=A lost or incorrectly stored recovery code can make it more difficult to recover your account. To ensure you have recorded your code correctly, please repeat it below.
+general.recoveryCode.repeatCodeModal.title=Repeat recovery code
+general.recoveryCode.reveal=Reveal recovery code
 general.recoveryOngoing=Ongoing recovery
 general.register=Register
 general.registerNow=Register now!
 general.registration=Registration
+general.registration.dontHaveAnAccountYet=Don't have an AGOV account yet?
+general.registration.seeOptions=See registration options
 general.securityKey=Security key
 general.skip.content=Skip to main content
+general.wrongPhoneNumber=Please enter a valid phone number
 generic.auth.error.message=There was a service interruption. We are working on it.
 generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists.
 generic.auth.error.subtitle=Something went wrong
@@ -84,10 +109,11 @@ language.de=Deutsch
 language.en=English
 language.fr=Français
 language.it=Italiano
+language.rm=Rumantsch
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
 loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
-loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
+loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
@@ -101,9 +127,12 @@ mauth_usernameless.banner.error=Authentication interrupted.<br>Please try again
 mauth_usernameless.banner.info=Scan successful.<br>Please continue in the AGOV access app.
 mauth_usernameless.banner.success=Authentication successful!<br>Please wait to be logged in.
 mauth_usernameless.cannotLogin=Lost access to your app / security key?
+mauth_usernameless.cannotLogin.accessApp=Lost access to your app?
+mauth_usernameless.cannotLogin.securityKey=Lost access to your security key?
 mauth_usernameless.hideQR=Hide QR code
 mauth_usernameless.instructions=Log in by scanning the QR code with your AGOV access app
-mauth_usernameless.noAccount=Don't have an AGOV-Login yet?
+mauth_usernameless.noAccount=Don't have an AGOV account yet?
+mauth_usernameless.selectLoginMethod=Select login method
 mauth_usernameless.showQR=Show QR code
 mauth_usernameless.startRecovery=Start account recovery
 mauth_usernameless.useSecurityKey=Use a security key to log in
@@ -185,6 +214,19 @@ prompt.newpassword=New Password
 prompt.newpassword.confirm=Confirm Password
 prompt.password=Password
 prompt.userid=User-ID
+providePhoneNumber.banner=Phone number must be able to receive SMS.<br>This phone number will not be used to contact you.
+providePhoneNumber.description=AGOV now supports recovery with your phone number. This will allow you to continue with an SMS during recovery if you have lost access to your recovery code.
+providePhoneNumber.errorBanner=Phone numbers do not match. Please try again.
+providePhoneNumber.inputLabel=Phone number (optional)
+providePhoneNumber.laterModal.description1=Without a phone number, a recovery of your account might take up to 4 days if you lose access to your recovery code.
+providePhoneNumber.laterModal.description2=Adding a phone number helps you to recover your account in a matter of minutes.
+providePhoneNumber.laterModal.description3=This phone number will not be used to contact you.
+providePhoneNumber.laterModal.title=Continue without a phone number?
+providePhoneNumber.modal.description=An incorrectly stored phone number can make it more difficult to recover your account. To ensure you have recorded your phone number correctly, please repeat it below.
+providePhoneNumber.modal.inputLabel=Phone number
+providePhoneNumber.modal.title=Repeat phone number
+providePhoneNumber.saveButtonText=Save
+providePhoneNumber.title=Add phone number
 pwreset.done.info=Your password was successfully changed. Please click on continue to log in.
 pwreset.email.sent=If your user ID exists, an email to reset your password has been sent to you.
 pwreset.info.linktext=Password forgotten
@@ -192,6 +234,7 @@ pwreset.noticket=Your password reset link is no longer valid. Please generate a
 recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered
 recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process.
 recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you.
+recovery_check_code.banner.lockedError=Too many invalid input attempts. Please try again in a few minutes.
 recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again.
 recovery_check_code.enterRecoveryCode=Enter recovery code
 recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me.
@@ -201,9 +244,11 @@ recovery_check_code.invalid.code.tooLong=The code is too long
 recovery_check_code.noAccess=I do not have access to my code
 recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
 recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
-recovery_check_noCode.banner.error=Too many attempts or your recovery code has expired.
+recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
-recovery_check_noCode.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
+recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
-recovery_check_noCode.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
+recovery_check_noCode.banner.error=Too many attempts.
+recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
+recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
 recovery_code.banner.error=Please reveal your new code to be able to continue.
 recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place.
 recovery_code.newRecoveryCode=Introducing Recovery Code
@@ -215,10 +260,8 @@ recovery_fidokey_auth.instruction2=Please use !!!SECURITY_KEY_NAME!!! to follow
 recovery_fidokey_auth.keyRegistered=Security key already registered
 recovery_intro_email.banner.error=The link you used has expired. Please enter your email address to receive a new link.
 recovery_intro_email.banner.info=Please enter your email address, so we can send you a link to start the recovery process.
-recovery_intro_email.captchaUnchecked=Please tick the captcha field
 recovery_intro_email.important=Important:
 recovery_intro_email.process=The recovery process should only be used if you have lost access to your login factors (deleted AGOV access app, lost security key, lost phone, etc.).
-recovery_intro_email.siteProtectedWithRecaptcha=This site is protected by reCAPTCHA and the <a class='link' href='https://policies.google.com/privacy' target='_blank'>Google Privacy Policy</a> and <a class='link' href='https://policies.google.com/terms' target='_blank'>Terms of Service</a> apply.
 recovery_intro_email_sent.banner.button=Didn't receive the email?
 recovery_intro_email_sent.banner.success=Thank you! You will receive an email with a recovery link and instructions shortly.
 recovery_on_going.finishRecovery=Finish recovery
@@ -233,13 +276,13 @@ recovery_questionnaire_loginfactor.no=No
 recovery_questionnaire_loginfactor.question=Have you registered more than one login factor (AGOV access app or security key) to your account?
 recovery_questionnaire_loginfactor.yes=Yes
 recovery_questionnaire_no_recovery.explanation1=Based on your answers, the AGOV recovery option does not seem necessary right now.
-recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit <a class='link' href='www.agov.ch/help' target='_blank'>www.agov.ch/help</a> for support articles.
+recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> for support articles.
-recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit <a class='link' href='www.agov.ch/me' target='_blank'>www.agov.ch/me</a> and test if you can log in successfully.
+recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> and test if you can log in successfully.
-recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit <a class='link' href='www.agov.ch/me' target='_blank'>www.agov.ch/me</a> to remove the one you have lost access to.
+recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> to remove the one you have lost access to.
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_de.properties

@@ -1,5 +1,15 @@
 
 accept.button.label=Akzeptieren
+agov-ident.done.message=Ihr AGOV-Konto ist nun einsatzbereit. Bitte schliessen Sie diese Seite.
+agov-ident.done.title=Fertig
+agov-ident.failed.instruction=Sie benötigen ein AGOV-Konto und müssen die vorgeschlagene Datenüberprüfung bestehen, um das Onboarding erfolgreich abzuschliessen. Bitte versuchen Sie es erneut.
+agov-ident.failed.message=Onboarding abgebrochen oder Verifikation der Daten verschoben
+agov-ident.failed.title=Verifikation erforderlich
+agov-ident.invalid-url.instruction=Der Link, den Sie für den Zugriff auf diese Seite verwendet haben, ist ungültig. Bitte stellen Sie sicher, dass Sie ihn so verwenden, wie Sie ihn erhalten haben, ohne Tippfehler, oder klicken Sie ihn direkt auf der Seite an, auf der er veröffentlicht ist.
+agov-ident.invalid-url.message=Link kann nicht verarbeitet werden
+agov-ident.invalid-url.title=Ungültiger Link
+agov-ident.onboarding=Registrierung & Verifikation
+agov-ident.retry=Versuchen Sie es erneut
 button.submit=Senden
 cancel.button.label=Abbrechen
 continue.button.label=Weiter
@@ -40,7 +50,7 @@ fido2_auth.instruction2=Ein Authentifizierungsfenster wird erscheinen
 fido2_auth.instruction3=Folgen Sie den Anweisungen
 fido2_auth.skipInstructions=Anweisungen nächstes Mal überspringen
 fido2_auth.switchLogin=WECHSEL ZU LOGIN MIT
-footer.link=https://agov.ch/?c=contact&l=de
+footer.link=https://agov.ch
 footer.link.label=Kontakt
 footer.text=Authentifizierungsdienst der Schweizer Behörden AGOV – eine Zusammenarbeit zwischen den Kantonen, deren Gemeinden und der Bundesverwaltung. -
 general.AGOVAccessApp=AGOV access App
@@ -53,24 +63,39 @@ general.contactSupport=Support kontaktieren
 general.continue=Weiter
 general.edit=Ändern
 general.email=E-Mail
-general.email.address=E-Mailadresse
+general.email.address=E-Mail-Adresse
 general.entryCode=Code-Eingabe
-general.getStarted=Get started
+general.fieldRequired=Erforderliches Feld.
+general.getStarted=Los geht's
 general.goAGOVHelp=Weiter zur AGOV help
 general.goAccessApp=Login mit AGOV access
+general.goToAccessApp=Zur AGOV access App wechseln
 general.help=Hilfe
-general.help.link=https://agov.ch/pages/help_de.html
+general.help.link=https://agov.ch/help
 general.login=Login
+general.login.accessApp=Login mit AGOV access App
+general.login.securityKey=Login mit Sicherheitsschlüssel
 general.loginSecurityKey=Sicherheitsschlüssel-Login starten
+general.moreOptions=WEITERE OPTIONEN
 general.or=ODER
-general.otherOptions=WEITERE OPTIONEN
+general.otherLoginMethods=Andere Login-Methoden
 general.recovery=Wiederherstellung
+general.recovery.help.link=https://help.agov.ch/?c=100recovery
+general.recoveryCode.downloadPdf=Als PDF herunterladen
+general.recoveryCode.inputLabel=Wiederherstellungscode
+general.recoveryCode.repeatCodeError=Der von Ihnen eingegebene Code war nicht korrekt. Bitte vergewissern Sie sich, dass Sie ihn richtig abgespeichert haben, und fahren Sie dann mit der erneuten Eingabe fort.
+general.recoveryCode.repeatCodeModal.description=Ein verlorener oder falsch gespeicherter Wiederherstellungscode kann die Wiederherstellung Ihres Kontos erschweren. Um sicherzustellen, dass Sie Ihren Code richtig gespeichert haben, wiederholen Sie ihn bitte unten.
+general.recoveryCode.repeatCodeModal.title=Wiederherstellungscode wiederholen
+general.recoveryCode.reveal=Wiederherstellungscode enthüllen
 general.recoveryOngoing=Wiederherstellung nicht abgeschlossen
 general.register=Registrieren
 general.registerNow=Jetzt registrieren!
 general.registration=Registrierung
+general.registration.dontHaveAnAccountYet=Haben Sie noch kein AGOV-Konto?
+general.registration.seeOptions=Registrierungsoptionen ansehen
 general.securityKey=Sicherheitsschlüssel
 general.skip.content=Direkt zum Hauptteil
+general.wrongPhoneNumber=Bitte geben Sie eine gültige Telefonnummer ein
 generic.auth.error.message=Es gab eine Service-Unterbrechung. Wir arbeiten daran.
 generic.auth.error.next.steps=Versuchen Sie es bitte später noch einmal. Bitte besuchen Sie die AGOV-Hilfe, wenn das Problem weiterhin besteht.
 generic.auth.error.subtitle=Etwas ist schiefgegangen
@@ -84,10 +109,11 @@ language.de=Deutsch
 language.en=English
 language.fr=Français
 language.it=Italiano
+language.rm=Rumantsch
 languageDropdown.aria.label=Sprache wählen
 loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
 loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
-loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben.
+loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
 loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
 loainfo.later=Später
 loainfo.startNow=Möchten Sie den Prozess jetzt starten?
@@ -101,9 +127,12 @@ mauth_usernameless.banner.error=Authentifizierung unterbrochen.<br>Bitte versuch
 mauth_usernameless.banner.info=Scan erfolgreich.<br>Bitte fahren Sie in der AGOV access App fort.
 mauth_usernameless.banner.success=Authentifizierung erfolgreich!<br>Bitte warten Sie, bis Sie eingeloggt werden.
 mauth_usernameless.cannotLogin=Zugriff auf App / Sicherheitsschl&uuml;ssel verloren?
+mauth_usernameless.cannotLogin.accessApp=Zugriff auf App verloren?
+mauth_usernameless.cannotLogin.securityKey=Zugriff auf Sicherheitsschl&uuml;ssel verloren?
 mauth_usernameless.hideQR=QR-Code ausblenden
 mauth_usernameless.instructions=Melden Sie sich an, indem Sie den QR-Code mit Ihrer AGOV access App scannen
-mauth_usernameless.noAccount=Haben Sie noch kein AGOV-Login?
+mauth_usernameless.noAccount=Haben Sie noch kein AGOV-Konto?
+mauth_usernameless.selectLoginMethod=Login-Methode w&auml;hlen
 mauth_usernameless.showQR=QR-Code anzeigen
 mauth_usernameless.startRecovery=Kontowiederherstellung starten
 mauth_usernameless.useSecurityKey=Verwenden Sie einen Sicherheitsschl&uuml;ssel, um sich anzumelden
@@ -185,13 +214,27 @@ prompt.newpassword=Neues Passwort
 prompt.newpassword.confirm=Passwort best&auml;tigen
 prompt.password=Passwort
 prompt.userid=Benutzer-ID
+providePhoneNumber.banner=Die Mobilnummer muss f&uuml;r den Empfang von SMS geeignet sein.<br>Diese Mobilnummer wird nicht verwendet, um Sie zu kontaktieren.
+providePhoneNumber.description=AGOV erlaubt nun die Wiederherstellung mittels Mobilnummer. So k&ouml;nnen Sie w&auml;hrend der Wiederherstellung mit einer SMS fortfahren, wenn Sie Ihren Wiederherstellungscode verloren haben.
+providePhoneNumber.errorBanner=Die Mobilnummern stimmen nicht &uuml;berein. Bitte versuchen Sie es erneut.
+providePhoneNumber.inputLabel=Mobilnummer (optional)
+providePhoneNumber.laterModal.description1=Ohne Mobilnummer kann die Wiederherstellung Ihres Kontos bis zu 4 Tage dauern, wenn Sie Ihren Wiederherstellungscode verlieren.
+providePhoneNumber.laterModal.description2=Durch Hinzuf&uuml;gen einer Mobilnummer k&ouml;nnen Sie Ihr Konto in wenigen Minuten wiederherstellen.
+providePhoneNumber.laterModal.description3=Diese Mobilnummer wird nicht verwendet, um Sie zu kontaktieren.
+providePhoneNumber.laterModal.title=Ohne Mobilnummer weiterfahren?
+providePhoneNumber.modal.description=Eine falsch gespeicherte Mobilnummer kann die Wiederherstellung Ihres Kontos erschweren. Um sicherzustellen, dass Sie Ihre Mobilnummer richtig gespeichert haben, wiederholen Sie sie bitte unten.
+providePhoneNumber.modal.inputLabel=Mobilnummer
+providePhoneNumber.modal.title=Mobilnummer wiederholen
+providePhoneNumber.saveButtonText=Speichern
+providePhoneNumber.title=Mobilnummer angeben
 pwreset.done.info=Ihr Passwort wurde erfolgreich ge&auml;ndert. Bitte klicken Sie auf Weiter, um sich einzuloggen.
 pwreset.email.sent=Wenn Ihre Benutzer-ID existiert, haben Sie eine E-Mail erhalten, um Ihr Passwort zurückzusetzen..
 pwreset.info.linktext=Passwort vergessen
 pwreset.noticket=Ihr Link ist nicht mehr g&uuml;ltig. Bitte generieren Sie ein Neuen.
-recovery_accessapp_auth.accessAppRegistered=AGOV access app schon registriert
+recovery_accessapp_auth.accessAppRegistered=AGOV access App schon registriert
 recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um Sie zu identifizieren.
+recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um sich zu identifizieren.
+recovery_check_code.banner.lockedError=Zu viele Fehlversuche. Bitte versuchen Sie es in ein paar Minuten noch einmal.
 recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut.
 recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben
 recovery_check_code.instruction=Bitte geben Sie unten Ihren pers&ouml;nlichen 12-stelligen Wiederherstellungscode ein. Sie haben den Wiederherstellungscode in einer PDF-Datei bei der Registrierung oder in AGOV me erhalten.
@@ -201,9 +244,11 @@ recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
 recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
 recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen k&ouml;nnen?
 recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen k&ouml;nnen, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterst&uuml;tzen.
-recovery_check_noCode.banner.error=Zu viele Versuche oder Ihr Wiederherstellungscode ist abgelaufen.
+recovery_check_code.too_many_tries.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist m&ouml;glicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
-recovery_check_noCode.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist m&ouml;glicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
+recovery_check_code.too_many_tries.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterst&uuml;tzen.
-recovery_check_noCode.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterst&uuml;tzen.
+recovery_check_noCode.banner.error=Zu viele Versuche.
+recovery_check_noCode.instruction1=M&ouml;glicherweise haben Sie zu oft versucht, den Wiederherstellungscode einzugeben.
+recovery_check_noCode.instruction2=Bitte schliessen Sie den Webbrowser und starten Sie die Kontowiederherstellung in zehn Minuten erneut auf <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
 recovery_code.banner.error=Bitte enth&uuml;llen Sie den Code, um fortfahren zu k&ouml;nnen.
 recovery_code.instruction=Der Wiederherstellungscode hilft Ihnen, Zugriff auf Ihr AGOV-Login zu erhalten, falls Sie alle Ihre Login-Faktoren verloren haben. Bitte bewahren Sie den Wiederherstellungscode an einem sicheren Ort auf.
 recovery_code.newRecoveryCode=Einf&uuml;hrung von Wiederherstellungscode
@@ -211,14 +256,12 @@ recovery_code.validUntil=G&uuml;ltig bis:
 recovery_fidokey_auth.button=Schl&uuml;sselauthentifizierung starten
 recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schl&uuml;sselauthentifizierung starten"
 recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschl&uuml;ssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um Sie zu identifizieren.
+recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um sich zu identifizieren.
 recovery_fidokey_auth.keyRegistered=Sicherheitsschl&uuml;ssel schon registriert
 recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten.
 recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken k&ouml;nnen, mit dem Sie den Wiederherstellungsprozess starten.
-recovery_intro_email.captchaUnchecked=Bitte kreuzen Sie das Captcha-Feld an
 recovery_intro_email.important=Wichtig:
 recovery_intro_email.process=Der Wiederherstellungsprozess sollte nur verwendet werden, wenn Sie den Zugriff auf Ihre Login-Faktoren verloren haben (gel&ouml;schte AGOV access App, verlorener Sicherheitsschl&uuml;ssel, verlorenes Telefon usw.).
-recovery_intro_email.siteProtectedWithRecaptcha=Diese Seite ist durch reCAPTCHA gesch&uuml;tzt, und es gelten die <a class='link' href='https://policies.google.com/privacy' target='_blank'>Datenschutzerkl&auml;rung</a> sowie die <a class='link' href='https://policies.google.com/terms' target='_blank'>Nutzungsbedingungen</a> von Google.
 recovery_intro_email_sent.banner.button=Keine E-Mail erhalten?
 recovery_intro_email_sent.banner.success=Vielen Dank! Sie werden in K&uuml;rze eine E-Mail mit einem Wiederherstellungslink und Anweisungen erhalten.
 recovery_on_going.finishRecovery=Wiederherstellung abschliessen
@@ -230,21 +273,21 @@ recovery_questionnaire_instructions.instruction1=Geben Sie die E-Mail-Adresse Ih
 recovery_questionnaire_instructions.instruction2=Folgen Sie den Schritten zur Wiederherstellung Ihres Kontos (die Schritte variieren je nach Verifizierungsstufe Ihres Kontos)
 recovery_questionnaire_loginfactor.banner.error=Bitte w&auml;hlen Sie eine Antwort.
 recovery_questionnaire_loginfactor.no=Nein
-recovery_questionnaire_loginfactor.question=Haben Sie mehr als einen Loginfaktor (AGOV Access App oder Sicherheitsschl&uuml;ssel) f&uuml;r Ihren AGOV-Login registriert?
+recovery_questionnaire_loginfactor.question=Haben Sie mehr als einen Loginfaktor (AGOV access App oder Sicherheitsschl&uuml;ssel) f&uuml;r Ihren AGOV-Login registriert?
 recovery_questionnaire_loginfactor.yes=Ja
 recovery_questionnaire_no_recovery.explanation1=Ausgehend von Ihren Antworten scheint eine Wiederherstellung Ihres AGOV-Logins im Moment nicht notwendig zu sein.
-recovery_questionnaire_no_recovery.explanation2=Falls Sie weitere Informationen ben&ouml;tigen, besuchen Sie bitte <a class='link' href='www.agov.ch/help' target='_blank'>www.agov.ch/help</a> f&uuml;r Support-Artikel.
+recovery_questionnaire_no_recovery.explanation2=Falls Sie weitere Informationen ben&ouml;tigen, besuchen Sie bitte <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> f&uuml;r Support-Artikel.
-recovery_questionnaire_no_recovery.instruction1=Wenn Sie Probleme haben, sich bei einer Anwendung anzumelden, besuchen Sie bitte <a class='link' href='www.agov.ch/me' target='_blank'>www.agov.ch/me</a> und testen Sie, ob Sie sich erfolgreich anmelden k&ouml;nnen.
+recovery_questionnaire_no_recovery.instruction1=Wenn Sie Probleme haben, sich bei einer Anwendung anzumelden, besuchen Sie bitte <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> und testen Sie, ob Sie sich erfolgreich anmelden k&ouml;nnen.
-recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren registriert haben, aber den Zugriff zu einem von ihnen verloren haben, besuchen Sie bitte <a class='link' href='www.agov.ch/me' target='_blank'>www.agov.ch/me</a>, um den verlorenen Loginfaktor zu entfernen.
+recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren registriert haben, aber den Zugriff zu einem von ihnen verloren haben, besuchen Sie bitte <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a>, um den verlorenen Loginfaktor zu entfernen.
 recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschl&uuml;ssel habe
 recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschl&uuml;ssel)
 recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen
-recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht oder zur&uuml;ckgesetzt
+recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht, neu installiert oder zur&uuml;ckgesetzt
 recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschl&uuml;ssel verloren
 recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu &uuml;bertragen
 recovery_questionnaire_reason_selection.answer6=Ich habe die PIN f&uuml;r meine AGOV access App vergessen
 recovery_questionnaire_reason_selection.answer7=Ich habe meine Sicherheitsschl&uuml;ssel oder AGOV access Apps, hatte aber Probleme beim Einloggen
-recovery_questionnaire_reason_selection.answer8=Ich habe den Zugriff auf alle meine Sicherheitsschl&uuml;ssel und Apps verloren
+recovery_questionnaire_reason_selection.answer8=Ich habe den Zugriff auf alle meine Sicherheitsschl&uuml;ssel und AGOV access Apps verloren
 recovery_questionnaire_reason_selection.answer9=Ich habe Probleme mit einem meiner Loginfaktoren (gel&ouml;scht, zur&uuml;ckgesetzt, vergessene PIN)
 recovery_questionnaire_reason_selection.banner.error=Bitte w&auml;hlen Sie einen Grund aus.
 recovery_questionnaire_reason_selection.instruction=Bitte w&auml;hlen Sie einen Grund wieso Sie den AGOV recovery Prozess starten:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_en.properties

@@ -1,5 +1,15 @@
 
 accept.button.label=Accept
+agov-ident.done.message=Your AGOV account is now ready for use. Please close this page.
+agov-ident.done.title=Done
+agov-ident.failed.instruction=You need an AGOV account and pass the suggested data verification to successfully finish the on-boarding. Please try again.
+agov-ident.failed.message=Onboarding cancelled or data verification postponed
+agov-ident.failed.title=Verification needed
+agov-ident.invalid-url.instruction=The link you used to access this page isn't valid. Please make sure you use it as received without any typos or click it directly on the page, where it is published.
+agov-ident.invalid-url.message=Link can't be processed
+agov-ident.invalid-url.title=Invalid Link
+agov-ident.onboarding=Registration & Verification
+agov-ident.retry=Try again
 button.submit=Submit
 cancel.button.label=Cancel
 continue.button.label=Continue
@@ -40,7 +50,7 @@ fido2_auth.instruction2=An authentication window will appear
 fido2_auth.instruction3=Follow the instructions
 fido2_auth.skipInstructions=Skip instructions next time
 fido2_auth.switchLogin=SWITCH TO LOGIN WITH
-footer.link=https://agov.ch/?c=contact&l=en
+footer.link=https://agov.ch
 footer.link.label=Contact
 footer.text=Authentication service of Swiss authorities AGOV - a collaboration between cantons, their municipalities, and the federal administration. -
 general.AGOVAccessApp=AGOV access app
@@ -55,22 +65,37 @@ general.edit=Edit
 general.email=Email
 general.email.address=Email address
 general.entryCode=Code entry
+general.fieldRequired=Field required.
 general.getStarted=Get started
 general.goAGOVHelp=Go to AGOV help
 general.goAccessApp=Login with AGOV access
+general.goToAccessApp=Go to AGOV access app
 general.help=Help
-general.help.link=https://agov.ch/pages/help_en.html
+general.help.link=https://agov.ch/help
 general.login=Login
+general.login.accessApp=Login with Access App
+general.login.securityKey=Login with Security Key
 general.loginSecurityKey=Start Security key login
+general.moreOptions=MORE OPTIONS
 general.or=OR
-general.otherOptions=OTHER OPTIONS
+general.otherLoginMethods=Other login methods
 general.recovery=Recovery
+general.recovery.help.link=https://help.agov.ch/?c=100recovery
+general.recoveryCode.downloadPdf=Download as PDF
+general.recoveryCode.inputLabel=Recovery code
+general.recoveryCode.repeatCodeError=The code you entered was incorrect. Please ensure you have stored it correctly, then continue to resubmit.
+general.recoveryCode.repeatCodeModal.description=A lost or incorrectly stored recovery code can make it more difficult to recover your account. To ensure you have recorded your code correctly, please repeat it below.
+general.recoveryCode.repeatCodeModal.title=Repeat recovery code
+general.recoveryCode.reveal=Reveal recovery code
 general.recoveryOngoing=Ongoing recovery
 general.register=Register
 general.registerNow=Register now!
 general.registration=Registration
+general.registration.dontHaveAnAccountYet=Don't have an AGOV account yet?
+general.registration.seeOptions=See registration options
 general.securityKey=Security key
 general.skip.content=Skip to main content
+general.wrongPhoneNumber=Please enter a valid phone number
 generic.auth.error.message=There was a service interruption. We are working on it.
 generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists.
 generic.auth.error.subtitle=Something went wrong
@@ -84,10 +109,11 @@ language.de=Deutsch
 language.en=English
 language.fr=Français
 language.it=Italiano
+language.rm=Rumantsch
 languageDropdown.aria.label=Select language
 loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
 loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
-loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
+loainfo.description.400=To access the application we need you to add your SSN (AHV) number.
 loainfo.helper=Your data needs to be verified!
 loainfo.later=Later
 loainfo.startNow=Do you want to start the process now?
@@ -101,9 +127,12 @@ mauth_usernameless.banner.error=Authentication interrupted.<br>Please try again
 mauth_usernameless.banner.info=Scan successful.<br>Please continue in the AGOV access app.
 mauth_usernameless.banner.success=Authentication successful!<br>Please wait to be logged in.
 mauth_usernameless.cannotLogin=Lost access to your app / security key?
+mauth_usernameless.cannotLogin.accessApp=Lost access to your app?
+mauth_usernameless.cannotLogin.securityKey=Lost access to your security key?
 mauth_usernameless.hideQR=Hide QR code
 mauth_usernameless.instructions=Log in by scanning the QR code with your AGOV access app
-mauth_usernameless.noAccount=Don't have an AGOV-Login yet?
+mauth_usernameless.noAccount=Don't have an AGOV account yet?
+mauth_usernameless.selectLoginMethod=Select login method
 mauth_usernameless.showQR=Show QR code
 mauth_usernameless.startRecovery=Start account recovery
 mauth_usernameless.useSecurityKey=Use a security key to log in
@@ -185,6 +214,19 @@ prompt.newpassword=New Password
 prompt.newpassword.confirm=Confirm Password
 prompt.password=Password
 prompt.userid=User-ID
+providePhoneNumber.banner=Phone number must be able to receive SMS.<br>This phone number will not be used to contact you.
+providePhoneNumber.description=AGOV now supports recovery with your phone number. This will allow you to continue with an SMS during recovery if you have lost access to your recovery code.
+providePhoneNumber.errorBanner=Phone numbers do not match. Please try again.
+providePhoneNumber.inputLabel=Phone number (optional)
+providePhoneNumber.laterModal.description1=Without a phone number, a recovery of your account might take up to 4 days if you lose access to your recovery code.
+providePhoneNumber.laterModal.description2=Adding a phone number helps you to recover your account in a matter of minutes.
+providePhoneNumber.laterModal.description3=This phone number will not be used to contact you.
+providePhoneNumber.laterModal.title=Continue without a phone number?
+providePhoneNumber.modal.description=An incorrectly stored phone number can make it more difficult to recover your account. To ensure you have recorded your phone number correctly, please repeat it below.
+providePhoneNumber.modal.inputLabel=Phone number
+providePhoneNumber.modal.title=Repeat phone number
+providePhoneNumber.saveButtonText=Save
+providePhoneNumber.title=Add phone number
 pwreset.done.info=Your password was successfully changed. Please click on continue to log in.
 pwreset.email.sent=If your user ID exists, an email to reset your password has been sent to you.
 pwreset.info.linktext=Password forgotten
@@ -192,6 +234,7 @@ pwreset.noticket=Your password reset link is no longer valid. Please generate a
 recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered
 recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process.
 recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you.
+recovery_check_code.banner.lockedError=Too many invalid input attempts. Please try again in a few minutes.
 recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again.
 recovery_check_code.enterRecoveryCode=Enter recovery code
 recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me.
@@ -201,9 +244,11 @@ recovery_check_code.invalid.code.tooLong=The code is too long
 recovery_check_code.noAccess=I do not have access to my code
 recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
 recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
-recovery_check_noCode.banner.error=Too many attempts or your recovery code has expired.
+recovery_check_code.too_many_tries.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
-recovery_check_noCode.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
+recovery_check_code.too_many_tries.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
-recovery_check_noCode.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
+recovery_check_noCode.banner.error=Too many attempts.
+recovery_check_noCode.instruction1=You might have tried to enter the recovery code too many times.
+recovery_check_noCode.instruction2=Please close the web browser and start the account recovery again in ten minutes from <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
 recovery_code.banner.error=Please reveal your new code to be able to continue.
 recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place.
 recovery_code.newRecoveryCode=Introducing Recovery Code
@@ -215,10 +260,8 @@ recovery_fidokey_auth.instruction2=Please use !!!SECURITY_KEY_NAME!!! to follow
 recovery_fidokey_auth.keyRegistered=Security key already registered
 recovery_intro_email.banner.error=The link you used has expired. Please enter your email address to receive a new link.
 recovery_intro_email.banner.info=Please enter your email address, so we can send you a link to start the recovery process.
-recovery_intro_email.captchaUnchecked=Please tick the captcha field
 recovery_intro_email.important=Important:
 recovery_intro_email.process=The recovery process should only be used if you have lost access to your login factors (deleted AGOV access app, lost security key, lost phone, etc.).
-recovery_intro_email.siteProtectedWithRecaptcha=This site is protected by reCAPTCHA and the <a class='link' href='https://policies.google.com/privacy' target='_blank'>Google Privacy Policy</a> and <a class='link' href='https://policies.google.com/terms' target='_blank'>Terms of Service</a> apply.
 recovery_intro_email_sent.banner.button=Didn't receive the email?
 recovery_intro_email_sent.banner.success=Thank you! You will receive an email with a recovery link and instructions shortly.
 recovery_on_going.finishRecovery=Finish recovery
@@ -233,13 +276,13 @@ recovery_questionnaire_loginfactor.no=No
 recovery_questionnaire_loginfactor.question=Have you registered more than one login factor (AGOV access app or security key) to your account?
 recovery_questionnaire_loginfactor.yes=Yes
 recovery_questionnaire_no_recovery.explanation1=Based on your answers, the AGOV recovery option does not seem necessary right now.
-recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit <a class='link' href='www.agov.ch/help' target='_blank'>www.agov.ch/help</a> for support articles.
+recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> for support articles.
-recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit <a class='link' href='www.agov.ch/me' target='_blank'>www.agov.ch/me</a> and test if you can log in successfully.
+recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> and test if you can log in successfully.
-recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit <a class='link' href='www.agov.ch/me' target='_blank'>www.agov.ch/me</a> to remove the one you have lost access to.
+recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> to remove the one you have lost access to.
 recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
 recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
 recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
-recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
+recovery_questionnaire_reason_selection.answer3=I have deleted, reinstalled, or reset my AGOV access app
 recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
 recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
 recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_fr.properties

@@ -1,5 +1,15 @@
 
 accept.button.label=Accepter
+agov-ident.done.message=Votre compte AGOV est maintenant prêt à être utilisé. Veuillez fermer cette page.
+agov-ident.done.title=Terminé
+agov-ident.failed.instruction=Vous avez besoin d'un compte AGOV et de passer la vérification des données suggérée pour terminer avec succès l'enregistrement. Veuillez réessayer.
+agov-ident.failed.message=Enregistrement annulé ou vérification des données reportée
+agov-ident.failed.title=Vérification requise
+agov-ident.invalid-url.instruction=Le lien que vous avez utilisé pour accéder à cette page n'est pas valide. Veillez l'utiliser tel qu'il a été reçu, sans fautes de frappe, ou cliquez directement sur la page où il est publié.
+agov-ident.invalid-url.message=Le lien ne peut pas être traité
+agov-ident.invalid-url.title=Lien non valide
+agov-ident.onboarding=Enregistrement et vérification
+agov-ident.retry=Essayez à nouveau
 button.submit=Envoyer
 cancel.button.label=Abandonner
 continue.button.label=Continuer
@@ -40,7 +50,7 @@ fido2_auth.instruction2=Une fenêtre d'authentification s'affichera
 fido2_auth.instruction3=Suivez les instructions
 fido2_auth.skipInstructions=Passer les instructions la fois suivante
 fido2_auth.switchLogin=S'AUTHENTIFIER AVEC
-footer.link=https://agov.ch/?c=contact&l=fr
+footer.link=https://agov.ch
 footer.link.label=Contact
 footer.text=Service d'authentification des autorités suisses AGOV - une collaboration entre les cantons, leurs communes et l'administration fédérale. -
 general.AGOVAccessApp=Application AGOV access
@@ -55,22 +65,37 @@ general.edit=Editer
 general.email=E-mail
 general.email.address=Adresse e-mail
 general.entryCode=Entrer le code
+general.fieldRequired=Champ requis.
 general.getStarted=Démarrer
 general.goAGOVHelp=Rendez-vous sur AGOV help
 general.goAccessApp=Login avec AGOV access
+general.goToAccessApp=Allez sur votre application AGOV access
 general.help=Aide
-general.help.link=https://agov.ch/pages/help_fr.html
+general.help.link=https://agov.ch/help
 general.login=Login
+general.login.accessApp=Connexion avec l'application AGOV access
+general.login.securityKey=Connexion avec la clé de sécurité
 general.loginSecurityKey=Démarrer la connexion avec la clé de sécurité
+general.moreOptions=PLUS D'OPTIONS
 general.or=OU
-general.otherOptions=AUTRES OPTIONS
+general.otherLoginMethods=Autres méthodes de connexion
 general.recovery=Récupération
+general.recovery.help.link=https://help.agov.ch/?c=100recovery
+general.recoveryCode.downloadPdf=Télécharger en format PDF
+general.recoveryCode.inputLabel=Code de récupération
+general.recoveryCode.repeatCodeError=Le code que vous avez saisi est incorrect. Veuillez vous assurer que vous l'avez enregistré correctement, puis essayer de le soumettre à nouveau.
+general.recoveryCode.repeatCodeModal.description=Un code de récupération perdu ou mal enregistré peut rendre la récupération de votre compte plus difficile. Pour vous assurer que vous avez correctement enregistré votre code, veuillez le répéter ci-dessous.
+general.recoveryCode.repeatCodeModal.title=Répéter le code de récupération
+general.recoveryCode.reveal=Révéler le code de récupération
 general.recoveryOngoing=Récupération en cours
 general.register=Créer un compte
 general.registerNow=Enregistrez-vous dès maintenant!
 general.registration=Enregistrement
+general.registration.dontHaveAnAccountYet=Vous n'avez pas de compte AGOV ?
+general.registration.seeOptions=Voir les options d'enregistrement
 general.securityKey=Clé de sécurité
 general.skip.content=Passer au contenu principal
+general.wrongPhoneNumber=Veuillez saisir un numéro de téléphone valable
 generic.auth.error.message=Une interruption de service s’est produite. Nous nous employons à résoudre le problème.
 generic.auth.error.next.steps=Veuillez réessayer plus tard. Veuillez vous rendre sur AGOV help si le problème persiste.
 generic.auth.error.subtitle=Un problème s’est produit
@@ -84,10 +109,11 @@ language.de=Deutsch
 language.en=English
 language.fr=Français
 language.it=Italiano
+language.rm=Rumantsch
 languageDropdown.aria.label=Sélectionner la langue
 loainfo.description.200=Pour accéder à l'application, nous devons vérifier vos données. Ce processus peut prendre jusqu'à 2 ou 3 jours.
 loainfo.description.300=Pour accéder à l'application, nous devons vérifier vos données par le biais de l'une des deux procédures suivantes. Vous pouvez choisir la procédure que vous préférez à l'étape suivante.
-loainfo.description.400=Pour accéder à l'application, vous devez ajouter votre numéro AVS.
+loainfo.description.400=Veuillez saisir votre numéro AVS pour accéder à l'application.
 loainfo.helper=Vos données doivent être vérifiées!
 loainfo.later=Plus tard
 loainfo.startNow=Voulez-vous commencer le processus maintenant?
@@ -101,9 +127,12 @@ mauth_usernameless.banner.error=Authentification interrompue.<br>Veuillez r&eacu
 mauth_usernameless.banner.info=Scan r&eacute;ussi!<br> Veuillez continuer dans l'application AGOV access.
 mauth_usernameless.banner.success=Authentification r&eacute;ussie!<br>Veuillez attendre d'&ecirc;tre connect&eacute;.
 mauth_usernameless.cannotLogin=Avez-vous perdu l'acc&egrave;s &agrave; votre application / votre cl&eacute; de s&eacute;curit&eacute; ?
+mauth_usernameless.cannotLogin.accessApp=Vous avez perdu l'acc&egrave;s &agrave; votre application AGOV access ?
+mauth_usernameless.cannotLogin.securityKey=Avez-vous perdu l'acc&egrave;s &agrave; votre cl&eacute; de s&eacute;curit&eacute; ?
 mauth_usernameless.hideQR=Cacher le code QR
 mauth_usernameless.instructions=Connectez-vous en scannant le code QR avec l'application AGOV access
-mauth_usernameless.noAccount=Vous n'avez pas encore d'AGOV-Login ?
+mauth_usernameless.noAccount=Vous n'avez pas de compte AGOV ?
+mauth_usernameless.selectLoginMethod=S&eacute;l&eacute;ctionner la m&eacute;thode de connexion
 mauth_usernameless.showQR=Afficher le code QR
 mauth_usernameless.startRecovery=Commencer la r&eacute;cup&eacute;ration du compte
 mauth_usernameless.useSecurityKey=Utiliser une cl&eacute; de s&eacute;curit&eacute; pour se connecter
@@ -185,25 +214,41 @@ prompt.newpassword=Nouveau mot de passe
 prompt.newpassword.confirm=Confirmez le mot de passe
 prompt.password=Mot de passe
 prompt.userid=ID de l&#39;utilisateur
+providePhoneNumber.banner=Ce num&eacute;ro de t&eacute;l&eacute;phone doit pouvoir recevoir des SMS.<br>Ce num&eacute;ro de t&eacute;l&eacute;phone ne sera pas utilis&eacute; pour vous contacter.
+providePhoneNumber.description=AGOV prend d&eacute;sormais en charge la r&eacute;cup&eacute;ration avec votre num&eacute;ro de t&eacute;l&eacute;phone. Cela vous permettra de vous envoyer un SMS pendant la r&eacute;cup&eacute;ration si vous avez perdu l'acc&egrave;s &agrave; votre code de r&eacute;cup&eacute;ration.
+providePhoneNumber.errorBanner=Les num&eacute;ros de t&eacute;l&eacute;phone fournies ne correspondent pas. Veuillez r&eacute;essayer.
+providePhoneNumber.inputLabel=Num&eacute;ro de t&eacute;l&eacute;phone (facultatif)
+providePhoneNumber.laterModal.description1=Sans num&eacute;ro de t&eacute;l&eacute;phone, la r&eacute;cup&eacute;ration de votre compte peut prendre jusqu'&agrave; 4 jours si vous perdez l'acc&egrave;s &agrave; votre code de r&eacute;cup&eacute;ration.
+providePhoneNumber.laterModal.description2=Ajouter un num&eacute;ro de t&eacute;l&eacute;phone vous permet de r&eacute;cup&eacute;rer votre compte en quelques minutes.
+providePhoneNumber.laterModal.description3=Ce num&eacute;ro de t&eacute;l&eacute;phone ne sera pas utilis&eacute; pour vous contacter.
+providePhoneNumber.laterModal.title=Continuer sans num&eacute;ro de t&eacute;l&eacute;phone ?
+providePhoneNumber.modal.description=Un num&eacute;ro de t&eacute;l&eacute;phone mal enregistr&eacute; peut rendre plus difficile la r&eacute;cup&eacute;ration de votre compte. Pour vous assurer que vous avez correctement enregistr&eacute; votre num&eacute;ro de t&eacute;l&eacute;phone, veuillez le r&eacute;p&eacute;ter ci-dessous.
+providePhoneNumber.modal.inputLabel=Num&eacute;ro de t&eacute;l&eacute;phone
+providePhoneNumber.modal.title=R&eacute;p&eacute;ter votre num&eacute;ro de t&eacute;l&eacute;phone
+providePhoneNumber.saveButtonText=Sauvegarder
+providePhoneNumber.title=Ajouter le num&eacute;ro de t&eacute;l&eacute;phone
 pwreset.done.info=Votre mot de passe a &eacute;t&eacute; chang&eacute avec succ&egrave;s. Veuillez cliquer sur continuer pour vous connecter.
 pwreset.email.sent=Si votre identifiant n'existe pas, vous avez reçu un courriel pour réinitialiser votre mot de passe.
 pwreset.info.linktext=Mot de passe oublié
 pwreset.noticket=Votre lien n&apos;est plus valide. Veuillez en g&eacute;n&eacute;rer un nouveau.
 recovery_accessapp_auth.accessAppRegistered=L'application AGOV access est d&eacute;j&agrave; enregistr&eacute;e
-recovery_accessapp_auth.instruction1=Vous avez d&eacute;j&agrave; enregistr&eacute; une nouvelle AGOV access app !!!ACCESS_APP_NAME!!! dans le cadre du processus de r&eacute;cup&eacute;ration.
+recovery_accessapp_auth.instruction1=Vous avez d&eacute;j&agrave; enregistr&eacute; une nouvelle application AGOV access !!!ACCESS_APP_NAME!!! dans le cadre du processus de r&eacute;cup&eacute;ration.
 recovery_accessapp_auth.instruction2=Veuillez utiliser !!!ACCESS_APP_NAME!!! pour vous identifier.
+recovery_check_code.banner.lockedError=Trop de saisies erron&eacute;es. Veuillez r&eacute;essayer dans quelques minutes.
 recovery_check_code.codeIncorrect=Le code saisi est incorrect. Veuillez r&eacute;essayer.
 recovery_check_code.enterRecoveryCode=Saisir le code de r&eacute;cup&eacute;ration
-recovery_check_code.instruction=Veuillez saisir votre code de r&eacute;cup&eacute;ration &agrave; douze chiffres. Lors de votre inscription, vous avez re&ccedil;u le code de r&eacute;cup&eacute;ration sous la forme d&rsquo;un fichier PDF ou dans AGOV me.
+recovery_check_code.instruction=Veuillez saisir votre code de r&eacute;cup&eacute;ration &agrave; douze chiffres. Lors de votre inscription, vous avez re&ccedil;u le code de r&eacute;cup&eacute;ration sous la forme d&rsquo;un fichier PDF ou dans &laquo; AGOV me &raquo;.
 recovery_check_code.invalid.code=Le code est invalide
 recovery_check_code.invalid.code.required=Code requis
 recovery_check_code.invalid.code.tooLong=Le code est trop long
 recovery_check_code.noAccess=Je n&rsquo;ai pas acc&egrave;s &agrave; mon code de r&eacute;cup&eacute;ration
 recovery_check_code.noCodeAccess=&Ecirc;tes-vous s&ucirc;r de ne pas avoir acc&egrave;s &agrave; votre code de r&eacute;cup&eacute;ration ?
 recovery_check_code.noCodeAccessInstructions=En cas de perte de votre code de r&eacute;cup&eacute;ration, veuillez vous rendre sur AGOV help et contacter le service d&rsquo;assistance AGOV. Un agent pourra vous aider dans le processus de r&eacute;cup&eacute;ration.
-recovery_check_noCode.banner.error=Trop de tentatives ou expiration de votre code de r&eacute;cup&eacute;ration.
+recovery_check_code.too_many_tries.instruction1=Le code de r&eacute;cup&eacute;ration que vous avez saisi a peut-&ecirc;tre expir&eacute; ou vous avez peut-&ecirc;tre essay&eacute; de le saisir trop de fois.
-recovery_check_noCode.instruction1=Le code de r&eacute;cup&eacute;ration que vous avez saisi a peut-&ecirc;tre expir&eacute; ou vous avez peut-&ecirc;tre essay&eacute; de le saisir trop de fois.
+recovery_check_code.too_many_tries.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d&rsquo;assistance. Un agent pourra vous aider dans le processus de r&eacute;cup&eacute;ration.
-recovery_check_noCode.instruction2=Veuillez vous rendre sur AGOV help et contacter le service d&rsquo;assistance. Un agent pourra vous aider dans le processus de r&eacute;cup&eacute;ration.
+recovery_check_noCode.banner.error=Trop de tentatives.
+recovery_check_noCode.instruction1=Vous avez peut-&ecirc;tre essay&eacute; de saisir le code de r&eacute;cup&eacute;ration trop de fois.
+recovery_check_noCode.instruction2=Veuillez fermer le navigateur web et recommencer la r&eacute;cup&eacute;ration du compte dans dix minutes &agrave; partir de <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
 recovery_code.banner.error=Veuillez indiquer votre nouveau code pour pouvoir continuer.
 recovery_code.instruction=Les codes de r&eacute;cup&eacute;ration vous permettent d'acc&eacute;der &agrave; votre compte au cas o&ugrave; vous auriez perdu tous vos identifiants. Conservez le code de r&eacute;cup&eacute;ration en lieu s&ucirc;r.
 recovery_code.newRecoveryCode=Introduction du code de r&eacute;cup&eacute;ration
@@ -215,10 +260,8 @@ recovery_fidokey_auth.instruction2=Veuillez utiliser !!!SECURITY_KEY_NAME!!! pou
 recovery_fidokey_auth.keyRegistered=Cl&eacute; de s&eacute;curit&eacute; d&eacute;j&agrave; enregistr&eacute;e
 recovery_intro_email.banner.error=Le lien que vous avez utilis&eacute; a expir&eacute;. Veuillez saisir votre adresse e-mail pour recevoir un nouveau lien.
 recovery_intro_email.banner.info=Veuillez saisir votre adresse e-mail. Nous vous enverrons un e-mail vous permettant de d&eacute;marrer le processus de r&eacute;cup&eacute;ration.
-recovery_intro_email.captchaUnchecked=Veuillez cocher la case captcha
 recovery_intro_email.important=Important:
 recovery_intro_email.process=Le processus de r&eacute;cup&eacute;ration ne doit &ecirc;tre utilis&eacute; que si vous avez perdu l'acc&egrave;s &agrave; vos facteurs de connexion (application AGOV access supprim&eacute;e, cl&eacute; de s&eacute;curit&eacute; perdue, t&eacute;l&eacute;phone perdu, etc.).
-recovery_intro_email.siteProtectedWithRecaptcha=Ce site est prot&eacute;g&eacute; par reCAPTCHA: les <a class=&rsquo;link&rsquo; href=&rsquo;https://policies.google.com/privacy&rsquo; target=&rsquo;_blank&rsquo;>r&egrave;gles de confidentialit&eacute;</a> et <a class=&rsquo;link&rsquo; href=&rsquo;https://policies.google.com/terms&rsquo; target=&rsquo;_blank&rsquo;>conditions d&rsquo;utilisation</a> de Google s&rsquo;appliquent.
 recovery_intro_email_sent.banner.button=Vous n&rsquo;avez pas re&ccedil;u l'email?
 recovery_intro_email_sent.banner.success=Merci! Vous recevrez dans un instant un e-mail contenant un lien de r&eacute;cup&eacute;ration et des instructions.
 recovery_on_going.finishRecovery=Terminer la r&eacute;cup&eacute;ration
@@ -233,13 +276,13 @@ recovery_questionnaire_loginfactor.no=Non
 recovery_questionnaire_loginfactor.question=Avez-vous enregistr&eacute; plus d'un facteur d'authentification (application AGOV access ou cl&eacute; de s&eacute;curit&eacute;) sur votre compte ?
 recovery_questionnaire_loginfactor.yes=Oui
 recovery_questionnaire_no_recovery.explanation1=D'apr&egrave;s vos r&eacute;ponses, l'option de r&eacute;cup&eacute;ration d'AGOV ne semble pas n&eacute;cessaire pour l'instant.
-recovery_questionnaire_no_recovery.explanation2=Si vous avez besoin de plus amples informations, veuillez consulter <a class='link' href='www.agov.ch/help' target='_blank'>www.agov.ch/help</a> pour obtenir des articles de soutien.
+recovery_questionnaire_no_recovery.explanation2=Si vous avez besoin de plus amples informations, veuillez consulter <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> pour obtenir des articles de soutien.
-recovery_questionnaire_no_recovery.instruction1=Si vous rencontrez des difficult&eacute;s pour vous connecter &agrave; une application, visitez <a class='link' href='www.agov.ch/me' target='_blank'>www.agov.ch/me</a> et v&eacute;rifiez si vous pouvez vous connecter avec succ&egrave;s.
+recovery_questionnaire_no_recovery.instruction1=Si vous rencontrez des difficult&eacute;s pour vous connecter &agrave; une application, visitez <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> et v&eacute;rifiez si vous pouvez vous connecter avec succ&egrave;s.
-recovery_questionnaire_no_recovery.instruction2=Si vous avez enregistr&eacute; plusieurs facteurs de connexion mais que vous avez perdu l'acc&egrave;s &agrave; l'un d'entre eux, veuillez consulter <a class='link' href='www.agov.ch/me' target='_blank'>www.agov.ch/me</a> pour supprimer celui auquel vous avez perdu l'acc&egrave;s.
+recovery_questionnaire_no_recovery.instruction2=Si vous avez enregistr&eacute; plusieurs facteurs de connexion mais que vous avez perdu l'acc&egrave;s &agrave; l'un d'entre eux, veuillez consulter <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> pour supprimer celui auquel vous avez perdu l'acc&egrave;s.
 recovery_questionnaire_reason_selection.answer1=Je n'arrive pas &agrave; me connecter, m&ecirc;me si j'ai mon application / ma cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer10=J'ai perdu l'un de mes facteurs d'authentification (application AGOV access ou cl&eacute; de s&eacute;curit&eacute;)
 recovery_questionnaire_reason_selection.answer2=Je n'ai pas pu terminer mon inscription
-recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute; ou r&eacute;initialis&eacute; mon application AGOV access
+recovery_questionnaire_reason_selection.answer3=J'ai supprim&eacute;, r&eacute;install&eacute; ou r&eacute;initialis&eacute; mon application AGOV access
 recovery_questionnaire_reason_selection.answer4=J'ai perdu mon t&eacute;l&eacute;phone / cl&eacute; de s&eacute;curit&eacute;
 recovery_questionnaire_reason_selection.answer5=J'ai un nouveau t&eacute;l&eacute;phone et j'ai oubli&eacute; de transf&eacute;rer mon application AGOV access
 recovery_questionnaire_reason_selection.answer6=J'ai oubli&eacute; mon PIN pour l'application AGOV access

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/LitDict_it.properties

@@ -1,5 +1,15 @@
 
 accept.button.label=Accettare
+agov-ident.done.message=Il vostro conto AGOV è ora pronto per l'uso. Può chiudere questa pagina.
+agov-ident.done.title=Finito
+agov-ident.failed.instruction=Per completare la registrazione è necessario disporre di un account AGOV e superare la verifica dei dati suggerita. Riprova.
+agov-ident.failed.message=Registrazione annullata o verifica dei dati posticipata
+agov-ident.failed.title=Verifica necessaria
+agov-ident.invalid-url.instruction=Il link utilizzato per accedere a questa pagina non è valido. Assicuratevi di utilizzarlo come ricevuto, senza errori di battitura, oppure cliccate direttamente sulla pagina in cui è pubblicato.
+agov-ident.invalid-url.message=Il link non può essere elaborato
+agov-ident.invalid-url.title=Link non valido
+agov-ident.onboarding=Registrazione e verifica
+agov-ident.retry=Riprova
 button.submit=Continua
 cancel.button.label=Abortire
 continue.button.label=Continua
@@ -40,7 +50,7 @@ fido2_auth.instruction2=A breve si aprirà una finestra per l'autenticazio
 fido2_auth.instruction3=Seguire le istruzioni.
 fido2_auth.skipInstructions=Non mostrare più le istruzioni
 fido2_auth.switchLogin=ACCEDERE CON
-footer.link=https://agov.ch/?c=contact&l=it
+footer.link=https://agov.ch
 footer.link.label=Contatto
 footer.text=Servizio di autenticazione delle autorità Svizzere AGOV - una collaborazione tra Cantoni, Comuni e l'Amministrazione federale. -
 general.AGOVAccessApp=App AGOV access
@@ -55,22 +65,37 @@ general.edit=Modificare
 general.email=e-mail
 general.email.address=Indirizzo e-mail
 general.entryCode=Codice
+general.fieldRequired=Campo obbligatorio.
 general.getStarted=Iniziare
 general.goAGOVHelp=Vai ad AGOV help
 general.goAccessApp=Login con AGOV access
+general.goToAccessApp=Vai all'app AGOV access
 general.help=Aiuto
-general.help.link=https://agov.ch/pages/help_it.html
+general.help.link=https://agov.ch/help
 general.login=Accedere
+general.login.accessApp=Accesso con l'App AGOV access
+general.login.securityKey=Login con la chiave di sicurezza
 general.loginSecurityKey=Iniziare il login con la chiave di sicurezza
+general.moreOptions=ALTRE OPZIONI
 general.or=O
-general.otherOptions=ALTRE OPZIONI
+general.otherLoginMethods=Altri metodi di login
 general.recovery=Ripristino
+general.recovery.help.link=https://help.agov.ch/?c=100recovery
+general.recoveryCode.downloadPdf=Salva come PDF
+general.recoveryCode.inputLabel=Codice di ripristino
+general.recoveryCode.repeatCodeError=Il codice inserito non è corretto. Assicurati di averlo memorizzato correttamente, quindi riprova a inviarlo.
+general.recoveryCode.repeatCodeModal.description=Un codice di ripristino perso o memorizzato in modo errato può rendere più difficile il recupero del tuo account. Per assicurarti di aver registrato correttamente il codice, inseriscilo di nuovo qui sotto.
+general.recoveryCode.repeatCodeModal.title=Ripeti il codice di ripristino
+general.recoveryCode.reveal=Mostri il codice di ripristino
 general.recoveryOngoing=Ripristino in corso
 general.register=Registrarsi
 general.registerNow=Si registri ora!
 general.registration=Registrazione
+general.registration.dontHaveAnAccountYet=Non ha ancora un AGOV account?
+general.registration.seeOptions=Vedere le opzioni di registrazione
 general.securityKey=Chiave di sicurezza
 general.skip.content=Vai al contenuto principale
+general.wrongPhoneNumber=Inserire un numero di cellulare valido
 generic.auth.error.message=Si è verificata un’interruzione. Stiamo lavorando per ripristinare l’esercizio.
 generic.auth.error.next.steps=Riprovare più tardi. Se il problema persiste, consultare AGOV help.
 generic.auth.error.subtitle=Qualcosa non ha funzionato.
@@ -84,10 +109,11 @@ language.de=Deutsch
 language.en=English
 language.fr=Français
 language.it=Italiano
+language.rm=Rumantsch
 languageDropdown.aria.label=Selezionare la lingua
 loainfo.description.200=Per accedere all'app è necessaria una verifica dei dati. La procedura può richiedere fino a 2–3 giorni lavorativi.
 loainfo.description.300=Per accedere all'app dobbiamo verificare i suoi dati tramite uno dei due processi. Al prossimo passaggio, può selezionare la procedura di verifica desiderata.
-loainfo.description.400=Per acceddere all'applicazione deve inserire il numero AVS.
+loainfo.description.400=Per accedere all'applicazione è necessario inserire il numero AVS.
 loainfo.helper=I dati devono essere verificati!
 loainfo.later=Più tardi
 loainfo.startNow=Iniziare la procedura?
@@ -101,9 +127,12 @@ mauth_usernameless.banner.error=Autenticazione interrotta.<br>Riprovare dopo che
 mauth_usernameless.banner.info=La scansione &egrave; stata eseguita.<br>Continuare nell'app AGOV access.
 mauth_usernameless.banner.success=Autenticazione riuscita!<br>Aspettare di essere connessi.
 mauth_usernameless.cannotLogin=Ha perso l'accesso alla sua app/chiave di sicurezza?
+mauth_usernameless.cannotLogin.accessApp=Ha perso l'accesso al suo App AGOV access?
+mauth_usernameless.cannotLogin.securityKey=Ha perso l'accesso alla sua chiave di sicurezza?
 mauth_usernameless.hideQR=Nascondi il codice QR
 mauth_usernameless.instructions=Per accedere, scansionare il codice QR con l'app AGOV access.
-mauth_usernameless.noAccount=Non ha ancora un AGOV-Login ?
+mauth_usernameless.noAccount=Non ha ancora un AGOV account?
+mauth_usernameless.selectLoginMethod=Selezionare il metodo di login
 mauth_usernameless.showQR=Visualizza il codice QR
 mauth_usernameless.startRecovery=Inizia il recupero dell'account
 mauth_usernameless.useSecurityKey=Accedere utilizzando una chiave di sicurezza.
@@ -185,13 +214,27 @@ prompt.newpassword=Nuova Password
 prompt.newpassword.confirm=Conferma password
 prompt.password=Password
 prompt.userid=Nome utente
-pwreset.done.info=Your password was successfully changed. Please click on continue to log in.
+providePhoneNumber.banner=Il numero di telefono deve essere in grado di ricevere SMS.<br>Questo numero di telefono non sar&agrave; utilizzato per contattarti.
+providePhoneNumber.description=AGOV ora supporta il ripristino tramite il tuo numero di telefono. Questo ti permetter&agrave; di continuare con un SMS durante il ripristino se hai perso l'accesso al tuo codice di ripristino.
+providePhoneNumber.errorBanner=Il numero di telefono non corrispondono. Si prega di riprovare.
+providePhoneNumber.inputLabel=Numero di telefono (facoltativo)
+providePhoneNumber.laterModal.description1=Senza un numero di telefono, il recupero del tuo account potrebbe richiedere fino a 4 giorni se perdi l'accesso al codice di ripristino.
+providePhoneNumber.laterModal.description2=Aggiungere un numero di telefono ti aiuta a recuperare il tuo account in pochi minuti.
+providePhoneNumber.laterModal.description3=Questo numero di telefono non sar&agrave; utilizzato per contattarti.
+providePhoneNumber.laterModal.title=Continuare senza un numero di telefono?
+providePhoneNumber.modal.description=Un numero di telefono memorizzato in modo errato pu&ograve; rendere pi&ugrave; difficile il recupero del tuo account. Per assicurarti di aver registrato correttamente il tuo numero di telefono, inseriscilo di nuovo qui sotto.
+providePhoneNumber.modal.inputLabel=Numero di telefono
+providePhoneNumber.modal.title=Ripetere il numero di telefono
+providePhoneNumber.saveButtonText=Salva
+providePhoneNumber.title=Aggiungi numero di telefono
+pwreset.done.info=La password &egrave; stata modificata con successo. Fare clic su continua per accedere.
 pwreset.email.sent=Se il vostro ID utente esiste, vi è stata inviata un'e-mail per reimpostare la password.
-pwreset.info.linktext=Password forgotten
+pwreset.info.linktext=Password dimenticata
-pwreset.noticket=Your password reset ticket is no longer valid. Please generate a new one.
+pwreset.noticket=Il biglietto per la reimpostazione della password non &egrave; pi&ugrave; valido. Si prega di generarne uno nuovo.
 recovery_accessapp_auth.accessAppRegistered=App di accesso AGOV gi&agrave; registrata
-recovery_accessapp_auth.instruction1=Ha gi&agrave; registrato una nuova app di accesso AGOV !!!SECURITY_KEY_NAME!!! come parte del processo di recupero. 
+recovery_accessapp_auth.instruction1=Ha gi&agrave; registrato una nuova app AGOV access !!!SECURITY_KEY_NAME!!! come parte del processo di recupero.
 recovery_accessapp_auth.instruction2=Si prega di usare !!!ACCESS_APP_NAME!!! per l'identificazione.
+recovery_check_code.banner.lockedError=Troppi tentativi di inserimento non validi. Riprovare tra qualche minuto.
 recovery_check_code.codeIncorrect=Il codice inserito non &egrave; corretto. Riprovare.
 recovery_check_code.enterRecoveryCode=Inserisca il codice di recupero
 recovery_check_code.instruction=Inserire qui sotto il codice di ripristino a 12 caratteri alfanumerici. Ha ricevuto questo codice in un file PDF al momento della registration o in AGOV me.
@@ -201,10 +244,12 @@ recovery_check_code.invalid.code.tooLong=Il codice &egrave; troppo lungo
 recovery_check_code.noAccess=Non ho il mio codice.
 recovery_check_code.noCodeAccess=Conferma di non avere il codice di ripristino?
 recovery_check_code.noCodeAccessInstructions=Se non ha pi&ugrave; il codice di ripristino, acceda ad AGOV help per contattare il supporto AGOV, che la assister&agrave; nel processo di ripristino.
-recovery_check_noCode.banner.error=Troppi tentativi o codice di ripristino scaduto
+recovery_check_code.too_many_tries.instruction1=Il codice di ripristino inserito pu&ograve; essere scaduto o &egrave; stato inserito troppe volte.
-recovery_check_noCode.instruction1=Il codice di ripristino inserito pu&ograve; essere scaduto o &egrave; stato inserito troppe volte. 
+recovery_check_code.too_many_tries.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
-recovery_check_noCode.instruction2=Si prega di andare alla guida di AGOV aiuto per contattare un agente dell'assistenza. Saranno in grado di aiutarla con il processo di recupero.
+recovery_check_noCode.banner.error=Troppi tentativi.
-recovery_code.banner.error=Per procedere, inserire il nuovo codice.
+recovery_check_noCode.instruction1=Potresti aver tentato di inserire il codice di ripristino troppe volte.
+recovery_check_noCode.instruction2=Chiudi il browser web e inizia nuovamente il processo di ripristino dell'account tra dieci minuti da <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
+recovery_code.banner.error=La preghiamo di rivelare il suo nuovo codice per poter continuare.
 recovery_code.instruction=Il codice di ripristino le aiuta ad accedere al suo conto in caso in cui lei abbia perso le credentiali di accesso. Per favore, conservi il codice di ripristino in un luogo sicuro.
 recovery_code.newRecoveryCode=Introduzione del codice di ripristino
 recovery_code.validUntil=Valido fino a:
@@ -215,10 +260,8 @@ recovery_fidokey_auth.instruction2=Si prega di usare !!!SECURITY_KEY_NAME!!! per
 recovery_fidokey_auth.keyRegistered=Chiave di sicurezza gi&agrave; registrata
 recovery_intro_email.banner.error=Il link utilizzato &egrave; scaduto. Per ricevere un nuovo link, inserire l&rsquo;indirizzo e-mail.
 recovery_intro_email.banner.info=Per ricevere il link e avviare il processo di ripristino, inserire l&rsquo;indirizzo e-mail.
-recovery_intro_email.captchaUnchecked=Per favore selezioni il campo captcha
 recovery_intro_email.important=Importante:
-recovery_intro_email.process=Il processo di ripristino deve essere utilizzato solo se ha perso l'accesso ai suoi fattori di accesso (app di accesso AGOV eliminata, chiave di sicurezza persa, telefono smarrito, ecc.).
+recovery_intro_email.process=Il processo di ripristino deve essere utilizzato solo se ha perso l'accesso ai suoi fattori di accesso (app AGOV access eliminata, chiave di sicurezza persa, telefono smarrito, ecc.).
-recovery_intro_email.siteProtectedWithRecaptcha=Questo sito &egrave; protetto da reCAPTCHA. Si applicano le <a class='link' href='https://policies.google.com/privacy' target='_blank'>norme sulla privacy</a> e i <a class='link' href='https://policies.google.com/terms' target='_blank'>termini di servizio di Google</a>. 
 recovery_intro_email_sent.banner.button=Non avete ricevuto l'e-mail?
 recovery_intro_email_sent.banner.success=Grazie! &Egrave; stata inviata un&rsquo;e-mail contenente il codice di ripristino e le istruzioni.
 recovery_on_going.finishRecovery=Completare il ripristino
@@ -230,21 +273,21 @@ recovery_questionnaire_instructions.instruction1=Si prega di fornire l'indirizzo
 recovery_questionnaire_instructions.instruction2=Si prega di seguire i passaggi per recuperare il suo account (i passaggi varieranno a seconda del livello di verifica dell'account)
 recovery_questionnaire_loginfactor.banner.error=Si prega di selezionare una risposta.
 recovery_questionnaire_loginfactor.no=No
-recovery_questionnaire_loginfactor.question=Ha registrato pi&ugrave; di un fattore di accesso (app di accesso AGOV o chiave di sicurezza) al suo account?
+recovery_questionnaire_loginfactor.question=Ha registrato pi&ugrave; di un fattore di accesso (app AGOV access o chiave di sicurezza) al suo account?
 recovery_questionnaire_loginfactor.yes=Si
 recovery_questionnaire_no_recovery.explanation1=In base alle sue risposte, l'opzione di ripristino AGOV non sembra necessaria al momento.
-recovery_questionnaire_no_recovery.explanation2=Se ha bisogno di ulteriori informazioni, visiti <a class='link' href='www.agov.ch/help' target='_blank'>www.agov.ch/help</a> per articoli di supporto.
+recovery_questionnaire_no_recovery.explanation2=Se ha bisogno di ulteriori informazioni, visiti <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> per articoli di supporto.
-recovery_questionnaire_no_recovery.instruction1=Se riscontra problemi di accesso a un'applicazione, visiti <a class='link' href='www.agov.ch/me' target='_blank'>www.agov.ch/me</a> e verifichi se pu&ograve; accedere con successo.
+recovery_questionnaire_no_recovery.instruction1=Se riscontra problemi di accesso a un'applicazione, visiti <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> e verifichi se pu&ograve; accedere con successo.
-recovery_questionnaire_no_recovery.instruction2=Se ha registrato pi&ugrave; fattori di accesso ma ha perso l'accesso a uno di essi, visit <a class='link' href='www.agov.ch/me' target='_blank'>www.agov.ch/me</a> per rimuovere quello a cui ha perso l'accesso.
+recovery_questionnaire_no_recovery.instruction2=Se ha registrato pi&ugrave; fattori di accesso ma ha perso l'accesso a uno di essi, visit <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> per rimuovere quello a cui ha perso l'accesso.
 recovery_questionnaire_reason_selection.answer1=Ho problemi ad accedere, anche se ho la mia app/chiave di sicurezza
-recovery_questionnaire_reason_selection.answer10=Ho perso uno dei miei fattori di accesso (app di accesso AGOV o chiave di sicurezza)
+recovery_questionnaire_reason_selection.answer10=Ho perso uno dei miei fattori di accesso (app AGOV access o chiave di sicurezza)
 recovery_questionnaire_reason_selection.answer2=Non sono riuscito a completare la registrazione
-recovery_questionnaire_reason_selection.answer3=Ho eliminato o reimpostato la mia app di accesso AGOV
+recovery_questionnaire_reason_selection.answer3=Ho eliminato, reinstallato o reimpostato la mia app AGOV access
 recovery_questionnaire_reason_selection.answer4=Ho perso il telefono/la chiave di sicurezza
-recovery_questionnaire_reason_selection.answer5=Ho un nuovo telefono e ho dimenticato di trasferire la mia app di accesso AGOV
+recovery_questionnaire_reason_selection.answer5=Ho un nuovo telefono e ho dimenticato di trasferire la mia app AGOV access
-recovery_questionnaire_reason_selection.answer6=Ho dimenticato il PIN dell'app di accesso AGOV
+recovery_questionnaire_reason_selection.answer6=Ho dimenticato il PIN dell'app AGOV access
 recovery_questionnaire_reason_selection.answer7=Ho i miei token di sicurezza o le mie app, ma ho avuto problemi ad accedere
-recovery_questionnaire_reason_selection.answer8=Ho perso l'accesso a tutte le mie chiavi di sicurezza e alle app di accesso AGOV
+recovery_questionnaire_reason_selection.answer8=Ho perso l'accesso a tutte le mie chiavi di sicurezza e alle app AGOV access
 recovery_questionnaire_reason_selection.answer9=Ho problemi con uno dei miei fattori di accesso (PIN cancellato, reimpostato, dimenticato)
 recovery_questionnaire_reason_selection.banner.error=Si prega di selezionare il motivo.
 recovery_questionnaire_reason_selection.instruction=Si prega di selezionare il motivo per cui sta avviando il processo di recupero:
@@ -260,7 +303,7 @@ title.logout.confirmation=Logout
 title.logout.reminder=Logout
 title.oauth.consent=Autorizzazione del client
 title.pwchange.label=Cambiare Password
-title.pwreset=Password Forgotten
+title.pwreset=Password Dimenticata
 title.saml.failed=Error
 title.timeout.page=Logout
 user_input.invalid.email=Inserire un'e-mail valida.

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/Recovery_getCredentials.groovy

@@ -1,62 +0,0 @@
-import ch.nevis.idm.client.IdmRestClient
-import ch.nevis.idm.client.IdmRestClientFactory
-import groovy.json.JsonSlurper
-import java.time.ZonedDateTime
-import java.time.format.DateTimeFormatter
-import java.time.ZoneId
-import ch.nevis.esauth.auth.engine.AuthResponse
-import groovy.xml.XmlSlurper
-
-IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters)
-
-String baseUrl = parameters.get('baseUrl')
-String clientExtId = session.get('ch.adnovum.nevisidm.user.clientExtId')
-String userExtId = session.get('ch.adnovum.nevisidm.user.extId')
-String endPoint = "$baseUrl/api/core/v1/$clientExtId/users/$userExtId/fido2"
-String endPointFidoUAF = "$baseUrl/api/core/v1/$clientExtId/users/$userExtId/generic-credentials"
-
-def userDto = new XmlSlurper().parseText(session['ch.adnovum.nevisidm.userDto'])
-def hasRecoveryRole = userDto.'**'.find { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-AccountStatus' && node.name.text() == 'recovery' }
-if (hasRecoveryRole != null) {
-  String result
-  try {
-     result = idmRestClient.get(endPoint)
-     resultFidoUAF = idmRestClient.get(endPointFidoUAF)
-
-  def json = new JsonSlurper().parseText(result)
-LOG.info('Result fido2: ' + json)
-
-    def login=false
-    json['items'].each {
-     if ("active".equals(it.stateName)) {
-         response.setSessionAttribute('agov.recovery.securityKey', it.userFriendlyName)
-         response.setResult('loginWithFido2')
-         login=true
-         return
-      }
-
-   }
-   if (login) {
-     return
-   }
-   def jsonFidoUAF = new JsonSlurper().parseText(resultFidoUAF)
-   LOG.info('Result fidoUAF: ' + jsonFidoUAF)
-      jsonFidoUAF['items'].each {
-        if ("active".equals(it.stateName)) {
-          response.setSessionAttribute('agov.recovery.accessapp', it.properties.fidouaf_name)
-          response.setResult('loginWithFidoUAF')
-          login=true
-          return
-        }
-     }
-     if (login) {
-       return
-     }
-  } catch(Exception e) {
-    LOG.error(e.toString())
-    response.setResult('failed')
-   return
-  }
-
-}
-response.setResult('ok')

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/SendSamlResponseWithAssertion.groovy

@@ -1,3 +1,12 @@
+import java.time.Duration
+
+// authentication cookie map
+def AUTHENTICATON_URN_TO_COOKIE_MAPPER = [
+		'urn:qa.agov.ch:names:tc:authfactor:accessapp'  :     'accessApp',
+        'urn:qa.agov.ch:names:tc:authfactor:fido'       :     'securityKey',
+		'urn:qa.agov.ch:names:tc:authfactor:eid'        :     'eid'  
+]
+
 // Accounting
 def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown'
 def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown'
@@ -10,6 +19,28 @@ def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTi
 
 LOG.info("Event='AUTHENTICATION', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
 
+def session = request.getAuthSession(true)
+
+// BUNDBITBK-4824: Address was missing after bmid verification
+def loa_str = session.get('agov.actualRoleLevel')
+
+if(loa_str){
+    int loa = loa_str as int
+
+    // Best Token Available only if account's AQlevel is high enough
+    if ((session.getAttribute('agov.appAddressRequired') == 'true') && (loa < 200)) {
+        LOG.debug("Best Token: Address requested but account has to low AQ (${loa})")
+        session.setAttribute('agov.appAddressRequired', 'false')
+    }
+    if ((session.getAttribute('agov.appSvnrAllowed') == 'true') && (loa < 400)) {
+        LOG.debug("Best Token: SVNr requested but account has to low AQ (${loa})")
+        session.setAttribute('agov.appSvnrAllowed', 'false')
+    }
+}
+
+// BUNDBITBK-5005: Set cookie to remember the last authentication method
+def agovAuthMethodCookie = "LOGINMETHOD=${AUTHENTICATON_URN_TO_COOKIE_MAPPER[session.getAttribute('authenticatedWith')]}; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=1800; SameSite=Strict; Secure; HttpOnly"
+response.setHeader('Set-Cookie2', agovAuthMethodCookie)
 
 // delete the login cookie
 def agovLoginCookie = "agovLogin=deleted; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=0; SameSite=Strict; Secure; HttpOnly"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/askMobileNumber.groovy

@@ -0,0 +1,109 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+import ch.nevis.idm.client.IdmRestClient
+import ch.nevis.idm.client.IdmRestClientFactory
+import ch.nevis.idm.client.HTTPRequestWrapper
+
+import groovy.json.JsonSlurper
+import groovy.xml.XmlSlurper
+
+def getHeader(String name) {
+    def inctx = request.getLoginContext()
+    // case-insensitive lookup of HTTP headers
+    def map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER)
+    map.putAll(inctx)
+    return map['connection.HttpHeader.' + name]
+}
+
+
+// Accounting
+def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown'
+def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown'
+def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'
+def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+
+IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters)
+
+String clientExtId = session.get('ch.adnovum.nevisidm.user.clientExtId')
+String userExtId = session.get('ch.adnovum.nevisidm.user.extId')
+String mobile = session.get('ch.nevis.idm.User.mobile')
+
+String baseUrl = parameters.get('baseUrl')
+String endPoint = "${baseUrl}/core/v1/${clientExtId}/users/${userExtId}"
+
+
+if (!(parameters.get('ask_mobile_number_enabled')?.toLowerCase()?.trim() == "true")) {
+    LOG.debug("Feature 'ask mobile number' is disabled")
+    response.setResult('done')
+    return
+}
+
+if (mobile) {
+    LOG.debug("User '${user}' has already registered a mobile number")
+    response.setResult('done')
+    return
+}
+
+def agovSkipAskingMobileCookieValue = 'missing'
+
+if (getHeader('cookie') != null) {
+    def cookies = getHeader('cookie')
+    if (cookies.matches('^.*agovSkipAskingMobile=([^;]+).*$')) {
+        agovSkipAskingMobileCookieValue = cookies.replaceAll('^.*agovSkipAskingMobile=([^;]+).*$', '$1')
+    }
+}
+if (agovSkipAskingMobileCookieValue == 'true') {
+    // Don't aske the user again...
+    LOG.info("Event='SKIPPEDMOBILENUMBER', Requester='${requester}', RequestId='${requestId}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
+    response.setResult('done')
+    return
+}
+
+
+if (!inargs['submit'] && (!inargs['mobile'] || !inargs['mobile'].isEmpty()) && inargs['language'] && inargs['language'] != session['ch.nevis.session.user.language']) {
+    // language switch, nothing else to do, just display again the GUI
+    response.setStatus(AuthResponse.AUTH_CONTINUE)
+    return
+}
+
+if (inargs['submit'] && (!inargs['mobile'] || inargs['mobile'].isEmpty()) && inargs['skip']) {
+    // no mobile, and user wants to skip it
+
+    LOG.info("Event='NOMOBILENUMBER', Requester='${requester}', RequestId='${requestId}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', Persistent='${ inargs['skip'] == 'persistent' ? true : false }'")
+    
+    if (inargs['skip'] == 'persistent') {
+        // persistent cookie for 30d;
+        def agovSkipAskingMobileCookie = "agovSkipAskingMobile=true; Domain=${parameters.get('cookie.domain')}; Path=/; Max-Age=2592000; SameSite=Strict; Secure; HttpOnly"
+        // setHeader doesn't support multiple headers with the same name, so we use
+        // a different one, and rewrite it in the proxy with Lua
+        response.setHeader('Set-Cookie2', agovSkipAskingMobileCookie)
+    }
+
+    response.setResult('done')
+    return
+}
+
+
+
+if (inargs['submit'] && inargs['mobile'] && !inargs['mobile'].isEmpty()) {
+    // IMPORTANT/haburger/2024-DEC-09: the pattern must be the same as ch.adnovum.agov.common.util.InputPatterns.PHONE_NUMBER_PATTERN
+    if (!inargs['mobile'].replaceAll('\\s', '').matches('^(?:\\+[0-9]+)?$')) {
+        LOG.warn("Event='MOBILEFAILED', Requester='${requester}', RequestId='${requestId}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='User provided invalid number (${inargs['mobile']})'")
+      response.setResult('done')
+      return
+    }
+    String result
+    // mobile is also stored without spaces
+    def patchBdy = "{\"contacts\":{\"mobile\":\"${inargs['mobile'].replaceAll('\\s', '')}\"},\"modificationComment\":\"added mobile number from user during request ${requestId}\"}"
+    try {
+        result = idmRestClient.patch(endPoint, patchBdy)
+    } catch(Exception e) {
+        LOG.warn("Event='MOBILEFAILED', Requester='${requester}', RequestId='${requestId}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='failed to save number (${e})'")
+    }
+    response.setResult('done')
+    return
+}
+
+
+// we should ask the user
+response.setStatus(AuthResponse.AUTH_CONTINUE)

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/authorization.groovy

@@ -167,7 +167,8 @@ def i2r = [:]
 
 // issuer to ResultCond name
 def i2e = [:]
-i2e.put('https://trustbroker.agov-w.azure.adnovum.net', 'forbidden_0')
+i2e.put('https://trustbroker.agov-epr-lab.azure.adnovum.net', 'forbidden_0')
+i2e.put('https://trustbroker-idp.agov-epr-lab.azure.adnovum.net', 'forbidden_1')
 
 
 if (!i2r.isEmpty() && !hasAnyRequiredRole(i2r, issuer)) {

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/checkloa.groovy

@@ -2,9 +2,8 @@ import org.codehaus.groovy.runtime.StackTraceUtils
 import groovy.xml.XmlSlurper
 
 def getUserAGOVLoiRoles() {
-  // set attibutes from DTO: -> AGOVaq
+  // we take the roles from actualRoles
-  def list = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto'))
+  return request.getActualRoles().findAll { role -> role.startsWith('AGOV-Loi.') }.collect({ role -> role.substring(9) })
-  return list.'**'.findAll { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-Loi' }.collect({ node -> node.name.text() })
 }
 
 def getUserAGOVRecoveryRoles() {
@@ -68,6 +67,35 @@ def getUserIdVerificationForRecovery() {
   return result
 }
 
+def getAqLevelBasedOnIdVerificationForRecovery(idVerification, highestRoleLevelNumber) {
+  def result = 'urn:qa.agov.ch:names:tc:ac:classes:'
+
+  switch (idVerification) {
+    case 'None':
+      result = result.concat('100')
+      break
+    case 'SimpleLetter':
+      result = result.concat('200')
+      break
+    case 'Video':
+    case 'VideoSelfPaid':
+    case 'Bmid':
+    case 'BmidSelfPaid':
+    case 'Counter':
+      result = result.concat((highestRoleLevelNumber == 400) ? '400' : '300')
+      break
+	case 'Eid':
+	  result = result.concat('400')
+	  break
+    default:
+      LOG.warn("unexpected idVerification for recovery on account: ${idVerification}")
+      // safest default, should work in any case
+      result = result.concat('' + highestRoleLevelNumber)
+  }
+
+  return result
+}
+
 def getUserMustRecoverValidFrom() {
   // set attibutes from DTO: -> validFrom
   def payload = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto'))
@@ -86,132 +114,159 @@ def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?:
 
 try {
   // beef
-  def session = request.getAuthSession(true)
+  def s = request.getAuthSession(true)
   def highestRoleLevelNumber = 0
-  def requestedRoleLevelNumber = session.get('agov.requestedRoleLevel').toInteger()
+
-  def adressVerificationList = getUserAGOVLoiIdVerification('200')
+  if (!session.get('agov.requestedRoleLevel')) {
-  def adressVerification = 'None'
+    LOG.error("IDP: internal error: agov.requestedRoleLevel not set in session")
-  if (adressVerificationList && !adressVerificationList.isEmpty()) {
+    response.setResult('error');
-    adressVerification = adressVerificationList[0]
+    return
   }
+  def requestedRoleLevelNumber = session.get('agov.requestedRoleLevel').toInteger()
 
-  LOG.debug('Requested role level '+ requestedRoleLevelNumber)
+  def authenticationMethod = session.get('authenticatedWith')
-  LOG.debug('idVerification: ' + getUserAGOVLoiIdVerification())
+  if (!authenticationMethod) {
-  LOG.debug('adressVerification : ' + adressVerification)
+    LOG.error("IDP: internal error: authenticationMethod not set in session")
-
-  def idVerificationMethodList = getUserAGOVLoiIdVerification()
-
-  session.setAttribute('idVerification', idVerificationMethodList.isEmpty() ? 'None' : idVerificationMethodList.last())
-  session.setAttribute('agov.adressVerification', '' + adressVerification)
-
-
-  if (requestedRoleLevelNumber == 0) {
-    // AuthnFailed_Zero_RoleLvl
     response.setResult('error');
     return
   }
 
-  if (session.get('ch.adnovum.nevisidm.profileExtId') == '') {
+  // data transformations needed for SAML and OIDC
-    LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', errorMessage='Account without Profile', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
-
-    session.setAttribute('contextClassRefToSet', 'urn:qa.agov.ch:names:tc:ac:classes:100')
-    response.setResult('ok')
-    return
-  }
-
   // Transform sex to number
   if(session.get('ch.nevis.idm.User.gender') == 'MALE'){
-          session.setAttribute('ch.nevis.idm.User.gender', '1')
+    s.setAttribute('ch.nevis.idm.User.gender', '1')
   }
   if(session.get('ch.nevis.idm.User.gender') == 'FEMALE'){
-          session.setAttribute('ch.nevis.idm.User.gender', '2')
+    s.setAttribute('ch.nevis.idm.User.gender', '2')
   }
-  if(session.get('ch.nevis.idm.User.gender') == 'OTHER'){
+  if(s.get('ch.nevis.idm.User.gender') == 'OTHER'){
     session.setAttribute('ch.nevis.idm.User.gender', '3')
   }
 
 
+  // handle accounts qa attributes, and set them in session
+  // account itself, only needed if not authenticated with e-ID
+  if (!'urn:qa.agov.ch:names:tc:authfactor:eid'.equalsIgnoreCase(authenticationMethod)) {
+    def idVerificationList = getUserAGOVLoiIdVerification()
+    def idVerification = 'None'
+    if (idVerificationList && !idVerificationList.isEmpty()) {
+      idVerification = idVerificationList.last()
+    }
+    s.setAttribute('idVerification', idVerification)
+
+    // contextClassRefToSet based on highest level-role assigned to default profile
     for (String role : getUserAGOVLoiRoles()) {
       if (role.startsWith('level')) {
         def roleLevel = role.substring(5)
         int roleLevelNumber = Integer.parseInt(roleLevel)
-    if (highestRoleLevelNumber == 0) {
+
-      highestRoleLevelNumber = roleLevelNumber
-    }
         if (highestRoleLevelNumber< roleLevelNumber) {
           highestRoleLevelNumber=roleLevelNumber
         }
       }
     }
-  LOG.debug('Highest role Level' + highestRoleLevelNumber.toString() +' contextclassref' + requestedRoleLevelNumber.toString()) 
+
-  LOG.debug(' Compare' + (highestRoleLevelNumber>=requestedRoleLevelNumber)) 
+    LOG.debug('CheckLoa: Highest role Level ' + highestRoleLevelNumber.toString() +' contextclassref ' + requestedRoleLevelNumber.toString())
+    LOG.debug('CheckLoa: Compare ' + (highestRoleLevelNumber>=requestedRoleLevelNumber))
 
     //set attribute Actual Role Level
-  session.setAttribute('agov.actualRoleLevel', '' + highestRoleLevelNumber)
+    s.setAttribute('agov.actualRoleLevel', '' + highestRoleLevelNumber)
-  LOG.debug('actual role level (agov) '+ highestRoleLevelNumber)
+    LOG.debug('CheckLoa: actual role level (agov) '+ highestRoleLevelNumber)
-
-  if (highestRoleLevelNumber > 0) {
-    // set attribute contextClassRefToSet
-    session.setAttribute('contextClassRefToSet','urn:qa.agov.ch:names:tc:ac:classes:' .concat(highestRoleLevelNumber.toString()))
-  } else {
-    // by default 100
-    session.setAttribute('contextClassRefToSet','urn:qa.agov.ch:names:tc:ac:classes:100' ) 
-  }
-
-  // no login for users with a recovery role
-  for (String role : getUserAGOVRecoveryRoles()) {
-    if (role == 'mustRecover') {
-      session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:mustRecover')
-      session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown' ) 
-
-      def origIdVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()) ?: 'None'
-      if (highestRoleLevelNumber < 300) {
-        // plus 100, if mustRecover
-        highestRoleLevelNumber += 100
-      }
-      session.setAttribute('agov.recovery.currentAgovAq', 'urn:qa.agov.ch:names:tc:ac:classes:'.concat(highestRoleLevelNumber.toString()) )
-
-      def idVerification = getUserIdVerificationForRecovery() ?: origIdVerification
-      session.setAttribute('agov.recovery.currentIdVerification', '' + idVerification )
-
-      def validFrom = getUserMustRecoverValidFrom() ?: ''
-      session.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', '' + validFrom ) 
-
-      response.setResult('exit.2')
-      return
-
-    } else if (role == 'recovery') {
-      session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recovery')
-      session.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown') 
-      session.setAttribute('agov.recovery.currentAgovAq', session.getAttribute('contextClassRefToSet') ?: 'urn:qa.agov.ch:names:tc:ac:classes:100' )
-      LOG.debug('idVerification2= '+ getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()))
-      def idVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString())
-      session.setAttribute('agov.recovery.currentIdVerification', (idVerification.isEmpty() ? 'None' : idVerification.first()))
-      def validFrom = getUserAGOVLoiValidFrom('level'.concat(highestRoleLevelNumber.toString())) ?: ''
-      session.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', validFrom) 
-
-      response.setResult('exit.2')
-      return
-    } 
-  }
-
-  if (highestRoleLevelNumber>=requestedRoleLevelNumber) { 
 
     // set attribute ValidFrom and ValidTo (only for higher than 100)
     if (highestRoleLevelNumber > 100) {
       def validFrom = getUserAGOVLoiValidFrom('level'.concat(highestRoleLevelNumber.toString()))
       def validTo = getUserAGOVLoiValidTo('level'.concat(highestRoleLevelNumber.toString()))
 
-      LOG.debug('ValidFrom :' + validFrom)
+      LOG.debug('CheckLoa: ValidFrom :' + validFrom)
-      LOG.debug('ValidTo :' + validTo)
+      LOG.debug('CheckLoa: ValidTo :' + validTo)
 
       if(validFrom != '') {
-        session.setAttribute('ValidFrom', '' + validFrom) 
+        s.setAttribute('ValidFrom', '' + validFrom)
       }
       if(validTo != '') {
-        session.setAttribute('ValidTo', '' + validTo) 
+        s.setAttribute('ValidTo', '' + validTo)
       }
     }
+    if (highestRoleLevelNumber > 0) {
+      // set attribute contextClassRefToSet
+      s.setAttribute('contextClassRefToSet','urn:qa.agov.ch:names:tc:ac:classes:' .concat(highestRoleLevelNumber.toString()))
+    } else {
+      // by default 100
+      s.setAttribute('contextClassRefToSet','urn:qa.agov.ch:names:tc:ac:classes:100' )
+    }
+  }
+  // address related, needed in any case (also e-ID)
+  def adressVerificationList = getUserAGOVLoiIdVerification('200')
+  def adressVerification = 'None'
+  if (adressVerificationList && !adressVerificationList.isEmpty()) {
+    adressVerification = adressVerificationList[0]
+  }
+  s.setAttribute('agov.adressVerification', '' + adressVerification)
+
+  if (!session.get('ch.adnovum.nevisidm.profileExtId')) {
+    LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', errorMessage='Account without Profile', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
+
+    // if the account has no profile, we must not return address or svnr
+    s.setAttribute('agov.appAddressRequired', 'false')
+    s.setAttribute('agov.appSvnrAllowed', 'false')
+
+    response.setResult('ok')
+    return
+  }
+
+  // no login for users with a recovery role (but onyl when not logging in with e-Id)
+  // TODO/haburger/2025-07-01: automatic recovery if logging in with e-Id
+  if (!'urn:qa.agov.ch:names:tc:authfactor:eid'.equalsIgnoreCase(authenticationMethod)) {
+    // no login for users with a recovery role
+    def recoveryRoleList = getUserAGOVRecoveryRoles()
+
+    if (recoveryRoleList.contains('mustRecover')) {
+      s.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:mustRecover')
+      s.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown' )
+
+      def origIdVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()) ?: 'None'
+      def idVerification = getUserIdVerificationForRecovery() ?: origIdVerification
+      s.setAttribute('agov.recovery.currentIdVerification', '' + idVerification )
+
+      // align currentAgovAq with the method selected for idVerification
+      def currentAgovAqForRecovery = getAqLevelBasedOnIdVerificationForRecovery(idVerification, highestRoleLevelNumber)
+      s.setAttribute('agov.recovery.currentAgovAq', '' + currentAgovAqForRecovery)
+
+      def validFrom = getUserMustRecoverValidFrom() ?: ''
+      s.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', '' + validFrom )
+
+      LOG.debug("CheckLoa: mustRecover: origIdVerification=${origIdVerification}, idVerification=${idVerification}, currentAgovAqForRecovery=${currentAgovAqForRecovery}")
+
+      response.setResult('exit.2')
+      return
+
+    } else if (recoveryRoleList.contains('recovery')) {
+      if (recoveryRoleList.contains('recoveryCascade')) {
+        s.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recoveryCascade')
+      } else {
+        s.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recovery')
+      }
+      s.setAttribute('agov.recovery.authenticatedWith', session.getAttribute('authenticatedWith') ?: 'unknown')
+      s.setAttribute('agov.recovery.currentAgovAq', session.getAttribute('contextClassRefToSet') ?: 'urn:qa.agov.ch:names:tc:ac:classes:100' )
+      LOG.debug('CheckLoa: idVerification2= '+ getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString()))
+      def idVerification = getUserAGOVLoiIdVerification(highestRoleLevelNumber.toString())
+      s.setAttribute('agov.recovery.currentIdVerification', (idVerification.isEmpty() ? 'None' : idVerification.first()))
+      def validFrom = getUserAGOVLoiValidFrom('level'.concat(highestRoleLevelNumber.toString())) ?: ''
+      s.setAttribute('agov.recovery.currentAgovAqRoleValidFrom', validFrom)
+
+      response.setResult('exit.2')
+      return
+    }
+  } else {
+    // authenticated with e-ID, we adjust highestRoleLevelNumber to e-ID login
+    highestRoleLevelNumber = 500
+    s.setAttribute('agov.actualRoleLevel', '' + highestRoleLevelNumber)
+    LOG.debug('CheckLoa: actual role level (agov) '+ highestRoleLevelNumber)
+  }
+
+  // verifiy that AQ level is high enough
+  if (highestRoleLevelNumber>=requestedRoleLevelNumber) {
     response.setResult('ok')
     return;
   } else {

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/countries.xml

@@ -1,250 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<country-names>
-	<country code="af" en="Afghanistan" de="Afghanistan" fr="Afghanistan" it="Afghanistan"/>
-	<country code="al" en="Albania" de="Albanien" fr="Albanie" it="Albania"/>
-	<country code="dz" en="Algeria" de="Algerien" fr="Algérie" it="Algeria"/>
-	<country code="as" en="American Samoa" de="Amerikanisch-Samoa" fr="Samoa américaines" it="Samoa Americane"/>
-	<country code="ad" en="Andorra" de="Andorra" fr="Andorre" it="Andorra"/>
-	<country code="ao" en="Angola" de="Angola" fr="Angola" it="Angola"/>
-	<country code="ai" en="Anguilla" de="Anguilla" fr="Anguilla" it="Anguilla"/>
-	<country code="aq" en="Antarctica" de="Antarktis" fr="Antarctique" it="Antartide"/>
-	<country code="ag" en="Antigua and Barbuda" de="Antigua und Barbuda" fr="Antigua-et-Barbuda" it="Antigua e Barbuda"/>
-	<country code="ar" en="Argentina" de="Argentinien" fr="Argentine" it="Argentina"/>
-	<country code="am" en="Armenia" de="Armenien" fr="Arménie" it="Armenia"/>
-	<country code="aw" en="Aruba" de="Aruba" fr="Aruba" it="Aruba"/>
-	<country code="au" en="Australia" de="Australien" fr="Australie" it="Australia"/>
-	<country code="at" en="Austria" de="Österreich" fr="Autriche" it="Austria"/>
-	<country code="az" en="Azerbaijan" de="Aserbaidschan" fr="Azerbaïdjan" it="Azerbaigian"/>
-	<country code="bs" en="Bahamas" de="Bahamas" fr="Bahamas" it="Bahamas"/>
-	<country code="bh" en="Bahrain" de="Bahrain" fr="Bahreïn" it="Bahrein"/>
-	<country code="bd" en="Bangladesh" de="Bangladesch" fr="Bangladesh" it="Bangladesh"/>
-	<country code="bb" en="Barbados" de="Barbados" fr="Barbade" it="Barbados"/>
-	<country code="by" en="Belarus" de="Belarus" fr="Bélarus" it="Bielorussia"/>
-	<country code="be" en="Belgium" de="Belgien" fr="Belgique" it="Belgio"/>
-	<country code="bz" en="Belize" de="Belize" fr="Belize" it="Belize"/>
-	<country code="bj" en="Benin" de="Benin" fr="Bénin" it="Benin"/>
-	<country code="bm" en="Bermuda" de="Bermudas" fr="Bermudes" it="Bermuda"/>
-	<country code="bt" en="Bhutan" de="Bhutan" fr="Bhoutan" it="Bhutan"/>
-	<country code="bo" en="Bolivia" de="Bolivien" fr="Bolivie" it="Bolivia"/>
-	<country code="ba" en="Bosnia-Herzegovina" de="Bosnien-Herzegowina" fr="Bosnie et Herzégovine" it="Bosnia ed Erzegovina"/>
-	<country code="bw" en="Botswana" de="Botsuana" fr="Botswana" it="Botswana"/>
-	<country code="bv" en="Bouvet Island" de="Bouvetinsel" fr="Île Bouvet" it="Isola Bouvet"/>
-	<country code="br" en="Brazil" de="Brasilien" fr="Brésil" it="Brasile"/>
-	<country code="io" en="British Indian Ocean Territory" de="Britisches Territorium im Indischen Ozean" fr="Territoire britannique de l’océan Indien" it="Territorio Britannico dell’Oceano Indiano"/>
-	<country code="bn" en="Brunei" de="Brunei" fr="Brunei" it="Brunei"/>
-	<country code="bg" en="Bulgaria" de="Bulgarien" fr="Bulgarie" it="Bulgaria"/>
-	<country code="bf" en="Burkina Faso" de="Burkina Faso" fr="Burkina Faso " it="Burkina Faso"/>
-	<country code="bi" en="Burundi" de="Burundi" fr="Burundi" it="Burundi"/>
-	<country code="kh" en="Cambodia" de="Kambodscha" fr="Cambodge" it="Cambogia"/>
-	<country code="cm" en="Cameroon" de="Kamerun" fr="Cameroun" it="Camerun"/>
-	<country code="ca" en="Canada" de="Kanada" fr="Canada" it="Canada"/>
-	<country code="cv" en="Cape Verde" de="Cabo Verde" fr="Cabo Verde" it="Capo Verde"/>
-	<country code="ky" en="Cayman Islands" de="Kaiman-Inseln" fr="Îles Caïmans" it="Isole Cayman"/>
-	<country code="cf" en="Central African Republic" de="Zentralafrikanische Republik" fr="République centrafricaine" it="Repubblica Centrafricana"/>
-	<country code="td" en="Chad" de="Tschad" fr="Tchad" it="Ciad"/>
-	<country code="cl" en="Chile" de="Chile" fr="Chili" it="Cile"/>
-	<country code="cn" en="China (People's Republic OF)" de="China (Volksrepublik)" fr="Chine (République populaire de Chine)" it="Cina, Repubblica popolare cinese"/>
-	<country code="cx" en="Christmas Island (Indian Ocean)" de="Weihnachtsinsel (Indischer Ozean)" fr="Île Christmas (océan Indien)" it="Isola di Natale"/>
-	<country code="cc" en="Cocos (Keeling) Island" de="Kokosinseln (Keeling)" fr="Îles Cocos" it="Isole Cocos (Keeling)"/>
-	<country code="co" en="Colombia" de="Kolumbien" fr="Colombie" it="Colombia"/>
-	<country code="km" en="Comoros" de="Komoren" fr="Comores" it="Comore"/>
-	<country code="cg" en="Congo (Republic)" de="Kongo (Republik)" fr="République du Congo" it="Repubblica del Congo"/>
-	<country code="cd" en="Congo, Democratic Republic" de="Kongo, Demokratische Republik" fr="République démocratique du Congo" it="Repubblica democratica del Congo"/>
-	<country code="ck" en="Cook Islands" de="Cookinseln" fr="Îles Cook" it="Isole Cook"/>
-	<country code="cr" en="Costa Rica" de="Costa Rica" fr="Costa Rica" it="Costa Rica"/>
-	<country code="hr" en="Croatia" de="Kroatien" fr="Croatie" it="Croazia"/>
-	<country code="cu" en="Cuba" de="Kuba" fr="Cuba" it="Cuba"/>
-	<country code="cw" en="Curaçao" de="Curaçao" fr="Curaçao" it="Curaçao"/>
-	<country code="cy" en="Cyprus" de="Zypern" fr="Chypre" it="Cipro"/>
-	<country code="cz" en="Czech Republic" de="Tschechische Republik" fr="Tchéquie" it="Repubblica Ceca"/>
-	<country code="dk" en="Denmark" de="Dänemark" fr="Danemark" it="Danimarca"/>
-	<country code="dj" en="Djibouti" de="Dschibuti" fr="Djibouti" it="Gibuti"/>
-	<country code="dm" en="Dominica" de="Dominica" fr="Dominique" it="Dominica"/>
-	<country code="do" en="Dominican Republic" de="Dominikanische Republik" fr="République dominicaine" it="Repubblica Dominicana"/>
-	<country code="ec" en="Ecuador" de="Ecuador" fr="Équateur" it="Ecuador"/>
-	<country code="eg" en="Egypt" de="Ägypten" fr="Égypte" it="Egitto"/>
-	<country code="sv" en="El Salvador" de="El Salvador" fr="El Salvador" it="El Salvador"/>
-	<country code="gq" en="Equatorial Guinea" de="Äquatorialguinea" fr="Guinée équatoriale" it="Guinea equatoriale"/>
-	<country code="er" en="Eritrea" de="Eritrea" fr="Érythrée" it="Eritrea"/>
-	<country code="ee" en="Estonia" de="Estland" fr="Estonie" it="Estonia"/>
-	<country code="et" en="Ethiopia" de="Äthiopien" fr="Éthiopie" it="Etiopia"/>
-	<country code="fk" en="Falkland Islands" de="Falklandinseln" fr="Îles Falkland" it="Isole Falkland"/>
-	<country code="fo" en="Faroe Islands" de="Färöerinseln" fr="Îles Féroé" it="Isole Faroe"/>
-	<country code="fj" en="Fiji" de="Fidschi" fr="Fidji" it="Figi"/>
-	<country code="fi" en="Finland" de="Finnland" fr="Finlande" it="Finlandia"/>
-	<country code="fr" en="France" de="Frankreich" fr="France" it="Francia"/>
-	<country code="gf" en="French Guiana" de="Französisch-Guayana" fr="Guyane française" it="Guyana francese"/>
-	<country code="pf" en="French Polynesia" de="Französisch-Polynesien" fr="Polynésie française" it="Polinesia francese"/>
-	<country code="ga" en="Gabon" de="Gabun" fr="Gabon" it="Gabon"/>
-	<country code="gm" en="Gambia" de="Gambia" fr="Gambie" it="Gambia"/>
-	<country code="ge" en="Georgia" de="Georgien" fr="Géorgie" it="Georgia"/>
-	<country code="de" en="Germany" de="Deutschland" fr="Allemagne" it="Germania"/>
-	<country code="gh" en="Ghana" de="Ghana" fr="Ghana" it="Ghana"/>
-	<country code="gi" en="Gibraltar" de="Gibraltar" fr="Gibraltar" it="Gibilterra"/>
-	<country code="gb" en="Great Britain and Northern Ireland" de="Grossbritannien und Nordirland" fr="Royaume-Uni" it="Regno Unito"/>
-	<country code="gr" en="Greece" de="Griechenland" fr="Grèce" it="Grecia"/>
-	<country code="gl" en="Greenland" de="Grönland" fr="Groenland" it="Groenlandia"/>
-	<country code="gd" en="Grenada" de="Grenada" fr="Grenade" it="Grenada"/>
-	<country code="gp" en="Guadeloupe" de="Guadeloupe" fr="Guadeloupe" it="Guadalupa"/>
-	<country code="gu" en="Guam" de="Guam" fr="Guam" it="Guam"/>
-	<country code="gt" en="Guatemala" de="Guatemala" fr="Guatemala" it="Guatemala"/>
-	<country code="gg" en="Guernsey" de="Guernsey" fr="Guernesey" it="Guernsey"/>
-	<country code="gn" en="Guinea (Republic)" de="Guinea (Republik)" fr="République de Guinée" it="Guinea"/>
-	<country code="gw" en="Guinea-Bissau" de="Guinea-Bissau" fr="Guinée-Bissau" it="Guinea-Bissau"/>
-	<country code="gy" en="Guyana" de="Guyana" fr="Guyana" it="Guyana"/>
-	<country code="ht" en="Haiti" de="Haiti" fr="Haïti" it="Haiti"/>
-	<country code="hm" en="Heard AND McDonald Islands" de="Heard- und McDonald-Inseln" fr="Îles Heard et McDonald" it="Isola Heard e Isole McDonald"/>
-	<country code="hn" en="Honduras" de="Honduras" fr="Honduras" it="Honduras"/>
-	<country code="hk" en="Hong Kong" de="Hongkong" fr="Hong Kong" it="Hong Kong"/>
-	<country code="hu" en="Hungary" de="Ungarn" fr="Hongrie" it="Ungheria"/>
-	<country code="is" en="Iceland" de="Island" fr="Islande" it="Islanda"/>
-	<country code="in" en="India" de="Indien" fr="Inde" it="India"/>
-	<country code="id" en="Indonesia" de="Indonesien" fr="Indonésie" it="Indonesia"/>
-	<country code="ir" en="Iran" de="Iran" fr="Iran" it="Iran"/>
-	<country code="iq" en="Iraq" de="Irak" fr="Irak" it="Iraq"/>
-	<country code="ie" en="Ireland" de="Irland" fr="Irlande" it="Irlanda"/>
-	<country code="im" en="Island OF Man" de="Isle of Man" fr="Île de Man" it="Isola di Man"/>
-	<country code="il" en="Israel" de="Israel" fr="Israël" it="Israele"/>
-	<country code="it" en="Italy" de="Italien" fr="Italie" it="Italia"/>
-	<country code="ci" en="Ivory Coast" de="Côte d'Ivoire" fr="Côte d’Ivoire" it="Costa d’Avorio"/>
-	<country code="jm" en="Jamaica" de="Jamaika" fr="Jamaïque" it="Giamaica"/>
-	<country code="jp" en="Japan" de="Japan" fr="Japon" it="Giappone"/>
-	<country code="je" en="Jersey" de="Jersey" fr="Jersey" it="Jersey"/>
-	<country code="jo" en="Jordan" de="Jordanien" fr="Jordanie" it="Giordania"/>
-	<country code="kz" en="Kazakhstan" de="Kasachstan" fr="Kazakhstan" it="Kazakstan"/>
-	<country code="ke" en="Kenya" de="Kenia" fr="Kenya" it="Kenya"/>
-	<country code="ki" en="Kiribati" de="Kiribati" fr="Kiribati" it="Kiribati"/>
-	<country code="kp" en="Korea, Democratic People's Republic of (North Korea)" de="Korea, Demokratische Volksrepublik (Nordkorea)" fr="République populaire démocratique de Corée (Corée du Nord)" it="Repubblica popolare democratica di Corea (Corea del Nord)"/>
-	<country code="kr" en="Korea, Republic of (South Korea)" de="Korea, Republik (Südkorea)" fr="République de Corée (Corée du Sud)" it="Repubblica di Corea (Corea del Sud)"/>
-	<country code="xk" en="Kosovo / Unmik" de="Kosovo / UNMIK" fr="Kosovo" it="Kosovo / UNMIK"/>
-	<country code="kw" en="Kuwait" de="Kuwait" fr="Koweït" it="Kuwait"/>
-	<country code="kg" en="Kyrgyzstan" de="Kirgisistan" fr="Kirghizistan" it="Kirghizistan"/>
-	<country code="la" en="Laos" de="Laos" fr="Laos" it="Laos"/>
-	<country code="lv" en="Latvia" de="Lettland" fr="Lettonie" it="Lettonia"/>
-	<country code="lb" en="Lebanon" de="Libanon" fr="Liban" it="Libano"/>
-	<country code="ls" en="Lesotho" de="Lesotho" fr="Lesotho" it="Lesotho"/>
-	<country code="lr" en="Liberia" de="Liberia" fr="Libéria" it="Liberia"/>
-	<country code="ly" en="Libya" de="Libyen" fr="Libye" it="Libia"/>
-	<country code="li" en="Liechtenstein" de="Liechtenstein" fr="Liechtenstein" it="Liechtenstein"/>
-	<country code="lt" en="Lithuania" de="Litauen" fr="Lituanie" it="Lituania"/>
-	<country code="lu" en="Luxembourg" de="Luxemburg" fr="Luxembourg" it="Lussemburgo"/>
-	<country code="mo" en="Macao" de="Macao" fr="Macao" it="Macao"/>
-	<country code="mk" en="Macedonia, the Former Yugoslav Republic of" de="Mazedonien, ehemalige jugoslawische Republik" fr="Macédoine du Nord" it="Macedonia del Nord"/>
-	<country code="mg" en="Madagascar" de="Madagaskar" fr="Madagascar" it="Madagascar"/>
-	<country code="mw" en="Malawi" de="Malawi" fr="Malawi" it="Malawi"/>
-	<country code="my" en="Malaysia" de="Malaysia" fr="Malaisie" it="Malaysia"/>
-	<country code="mv" en="Maldives" de="Malediven" fr="Maldives" it="Maldive"/>
-	<country code="ml" en="Mali" de="Mali" fr="Mali" it="Mali"/>
-	<country code="mt" en="Malta" de="Malta" fr="Malte" it="Malta"/>
-	<country code="mp" en="Mariana Islands" de="Marianen" fr="Îles Mariannes" it="Isole Marianne"/>
-	<country code="mh" en="Marshall Islands" de="Marshallinseln" fr="Îles Marshall" it="Isole Marshall"/>
-	<country code="mq" en="Martinique" de="Martinique" fr="Martinique" it="Martinica"/>
-	<country code="mr" en="Mauritania" de="Mauretanien" fr="Mauritanie" it="Mauritania"/>
-	<country code="mu" en="Mauritius Island" de="Mauritius" fr="Île Maurice" it="Maurizio"/>
-	<country code="yt" en="Mayotte" de="Mayotte" fr="Mayotte" it="Mayotte"/>
-	<country code="mx" en="Mexico" de="Mexiko" fr="Mexique" it="Messico"/>
-	<country code="fm" en="Micronesia (Federated States OF)" de="Mikronesien (Föderierte Staaten von)" fr="États fédérés de Micronésie" it="Stati Federati di Micronesia"/>
-	<country code="md" en="Moldova" de="Moldau" fr="Moldavie" it="Moldova"/>
-	<country code="mc" en="Monaco" de="Monaco" fr="Monaco" it="Monaco"/>
-	<country code="mn" en="Mongolia" de="Mongolei" fr="Mongolie" it="Mongolia"/>
-	<country code="me" en="Montenegro, Republic" de="Montenegro, Republik" fr="Monténégro" it="Montenegro"/>
-	<country code="ms" en="Montserrat" de="Montserrat" fr="Montserrat" it="Montserrat"/>
-	<country code="ma" en="Morocco" de="Marokko" fr="Maroc" it="Marocco"/>
-	<country code="mz" en="Mozambique" de="Mosambik" fr="Mozambique" it="Mozambico"/>
-	<country code="mm" en="Myanmar (Union of)" de="Myanmar (Union)" fr="Myanmar" it="Myanmar"/>
-	<country code="na" en="Namibia" de="Namibia" fr="Namibie" it="Namibia"/>
-	<country code="nr" en="Nauru" de="Nauru" fr="Nauru" it="Nauru"/>
-	<country code="np" en="Nepal" de="Nepal" fr="Népal" it="Nepal"/>
-	<country code="nl" en="Netherlands" de="Niederlande" fr="Pays-Bas" it="Paesi Bassi"/>
-	<country code="nc" en="New Caledonia" de="Neukaledonien" fr="Nouvelle-Calédonie" it="Nuova Caledonia"/>
-	<country code="nz" en="New Zealand" de="Neuseeland" fr="Nouvelle-Zélande" it="Nuova Zelanda"/>
-	<country code="ni" en="Nicaragua" de="Nicaragua" fr="Nicaragua" it="Nicaragua"/>
-	<country code="ne" en="Niger" de="Niger" fr="Niger" it="Niger"/>
-	<country code="ng" en="Nigeria" de="Nigeria" fr="Nigéria" it="Nigeria"/>
-	<country code="nu" en="Niua" de="Niue" fr="Nioué" it="Isole Niua"/>
-	<country code="nf" en="Norfolk Island" de="Norfolkinsel" fr="Île Norfolk" it="Isola Norfolk"/>
-	<country code="no" en="Norway" de="Norwegen" fr="Norvège" it="Norvegia"/>
-	<country code="om" en="Oman" de="Oman" fr="Oman" it="Oman"/>
-	<country code="pk" en="Pakistan" de="Pakistan" fr="Pakistan" it="Pakistan"/>
-	<country code="pw" en="Palau" de="Palau" fr="Palaos" it="Palau"/>
-	<country code="ps" en="Palestine" de="Palästina" fr="Palestine" it="Palestina"/>
-	<country code="pa" en="Panama" de="Panama" fr="Panama" it="Panama"/>
-	<country code="pg" en="Papua New Guinea" de="Papua-Neuguinea" fr="Papouasie-Nouvelle-Guinée" it="Papua Nuova Guinea"/>
-	<country code="py" en="Paraguay" de="Paraguay" fr="Paraguay" it="Paraguay"/>
-	<country code="pe" en="Peru" de="Peru" fr="Pérou" it="Perù"/>
-	<country code="ph" en="Philippines" de="Philippinen" fr="Philippines" it="Filippine"/>
-	<country code="pn" en="Pitcairn" de="Pitcairn" fr="Îles Pitcairn" it="Isole Pitcairn"/>
-	<country code="pl" en="Poland" de="Polen" fr="Pologne" it="Polonia"/>
-	<country code="pt" en="Portugal" de="Portugal" fr="Portugal" it="Portogallo"/>
-	<country code="pr" en="Puerto Rico" de="Puerto Rico" fr="Porto Rico" it="Porto Rico"/>
-	<country code="qa" en="Qatar" de="Katar" fr="Qatar" it="Qatar"/>
-	<country code="re" en="Réunion" de="Réunion" fr="La Réunion" it="Isola della Riunione"/>
-	<country code="ro" en="Romania" de="Rumänien" fr="Roumanie" it="Romania"/>
-	<country code="ru" en="Russian Federation" de="Russische Föderation" fr="Russie" it="Russia"/>
-	<country code="rw" en="Rwanda" de="Ruanda" fr="Rwanda" it="Ruanda"/>
-	<country code="sb" en="Salomon Islands" de="Salomoninseln" fr="Îles Salomon" it="Isole Salomone"/>
-	<country code="sm" en="San Marino" de="San Marino" fr="Saint-Marin" it="San Marino"/>
-	<country code="sa" en="Saudi Arabia" de="Saudi-Arabien" fr="Arabie saoudite" it="Arabia Saudita"/>
-	<country code="sn" en="Senegal" de="Senegal" fr="Sénégal" it="Senegal"/>
-	<country code="rs" en="Serbia, Republic" de="Serbien, Republik" fr="Serbie" it="Serbia"/>
-	<country code="sc" en="Seychelles" de="Seychellen" fr="Seychelles" it="Seychelles"/>
-	<country code="sl" en="Sierra Leone" de="Sierra Leone" fr="Sierra Leone" it="Sierra Leone"/>
-	<country code="sg" en="Singapore" de="Singapur" fr="Singapour" it="Singapore"/>
-	<country code="sk" en="Slovak Republic" de="Slowakei" fr="Slovaquie" it="Slovacchia"/>
-	<country code="si" en="Slovenia" de="Slowenien" fr="Slovénie" it="Slovenia"/>
-	<country code="so" en="Somalia" de="Somalia" fr="Somalie" it="Somalia"/>
-	<country code="za" en="South Africa" de="Südafrika" fr="Afrique du Sud" it="Sudafrica"/>
-	<country code="gs" en="South Georgia AND the south Sandwich Islands" de="Südgeorgien und die Südlichen Sandwichinseln" fr="Îles Géorgie du Sud et Sandwich du Sud" it="Georgia del Sud e Sandwich Australi"/>
-	<country code="ss" en="South Sudan" de="Südsudan" fr="Soudan du Sud" it="Sudan del Sud"/>
-	<country code="es" en="Spain" de="Spanien" fr="Espagne" it="Spagna"/>
-	<country code="lk" en="Sri Lanka" de="Sri Lanka" fr="Sri Lanka" it="Sri Lanka"/>
-	<country code="bl" en="St. Barthélemy" de="St. Barthélemy" fr="Saint-Barthélemy" it="Saint Barthélemy"/>
-	<country code="kn" en="St. Christopher (St. Kitts) and Nevis" de="St. Kitts und Nevis" fr="Saint-Christophe-et-Niévès" it="Saint Kitts e Nevis"/>
-	<country code="sh" en="St. Helena, Ascension and Tristan da Cunha" de="St. Helena, Ascension und Tristan da Cunha" fr="Sainte-Hélène, Ascension et Tristan da Cunha" it="Sant’Elena, Ascensione e Tristan da Cunha"/>
-	<country code="lc" en="St. Lucia" de="St. Lucia" fr="Sainte-Lucie" it="Santa Lucia"/>
-	<country code="sx" en="St. Maarten" de="Sint Maarten" fr="Sint-Maarten" it="Sint Maarten"/>
-	<country code="mf" en="St. Martin" de="St. Martin" fr="Saint-Martin" it="Saint Martin"/>
-	<country code="pm" en="St. Pierre and Miquelon" de="St. Pierre und Miquelon" fr="Saint-Pierre-et-Miquelon" it="Saint-Pierre e Miquelon"/>
-	<country code="st" en="St. Tome and Principe" de="São Tomé und Príncipe" fr="Sao Tomé-et-Principe" it="São Tomé e Príncipe"/>
-	<country code="vc" en="St. Vincent and the Grenadines" de="St. Vincent und die Grenadinen" fr="Saint-Vincent-et-les-Grenadines" it="Saint Vincent e Grenadine"/>
-	<country code="sd" en="Sudan" de="Sudan" fr="Soudan" it="Sudan"/>
-	<country code="sr" en="Suriname" de="Suriname" fr="Suriname" it="Suriname"/>
-	<country code="sj" en="Svalbard and Jan Mayen Island" de="Svalbard und Jan Mayen-Insel" fr="Svalbard et Jan Mayen" it="Svalbard e Jan Mayen"/>
-	<country code="sz" en="Swaziland" de="Eswatini" fr="Swaziland" it="Eswatini"/>
-	<country code="se" en="Sweden" de="Schweden" fr="Suède" it="Svezia"/>
-	<country code="ch" en="Switzerland" de="Schweiz" fr="Suisse" it="Svizzera"/>
-	<country code="sy" en="Syria" de="Syrien" fr="Syrie" it="Siria"/>
-	<country code="tw" en="Taiwan (Chinese Taipei)" de="Taiwan (Chinesisches Taipei)" fr="Taïwan (Taipei chinois)" it="Taiwan (Taipei cinese)"/>
-	<country code="tj" en="Tajikistan" de="Tadschikistan" fr="Tadjikistan" it="Tagikistan"/>
-	<country code="tz" en="Tanzania" de="Tansania" fr="Tanzanie" it="Tanzania"/>
-	<country code="th" en="Thailand" de="Thailand" fr="Thaïlande" it="Thailandia"/>
-	<country code="tl" en="Timor-Leste" de="Timor-Leste" fr="Timor-Leste" it="Timor-Leste"/>
-	<country code="tg" en="Togo" de="Togo" fr="Togo" it="Togo"/>
-	<country code="tk" en="Tokelau" de="Tokelau" fr="Tokélaou" it="Tokelau"/>
-	<country code="to" en="Tonga" de="Tonga" fr="Tonga" it="Tonga"/>
-	<country code="tt" en="Trinidad and Tobago" de="Trinidad und Tobago" fr="Trinité-et-Tobago" it="Trinidad e Tobago"/>
-	<country code="tn" en="Tunisia" de="Tunesien" fr="Tunisie" it="Tunisia"/>
-	<country code="tr" en="Turkey" de="Türkiye" fr="Turquie" it="Turchia"/>
-	<country code="tm" en="Turkmenistan" de="Turkmenistan" fr="Turkménistan" it="Turkmenistan"/>
-	<country code="tc" en="Turks and Caicos" de="Turks- und Caicosinseln" fr="Turks-et-Caïcos" it="Isole Turks e Caicos"/>
-	<country code="tv" en="Tuvalu" de="Tuvalu" fr="Tuvalu" it="Tuvalu"/>
-	<country code="ug" en="Uganda" de="Uganda" fr="Ouganda" it="Uganda"/>
-	<country code="ua" en="Ukraine" de="Ukraine" fr="Ukraine" it="Ucraina"/>
-	<country code="ae" en="United Arab Emirates" de="Vereinigte Arabische Emirate" fr="Émirats arabes unis" it="Emirati Arabi Uniti"/>
-	<country code="um" en="United States Minor Outlying Islands" de="United States Minor Outlying Islands" fr="Îles mineures éloignées des États-Unis" it="Isole Minori Esterne degli Stati Uniti"/>
-	<country code="us" en="United States of America" de="Vereinigte Staaten von Amerika" fr="États-Unis d’Amérique" it="Stati Uniti"/>
-	<country code="uy" en="Uruguay" de="Uruguay" fr="Uruguay" it="Uruguay"/>
-	<country code="uz" en="Uzbekistan" de="Usbekistan" fr="Ouzbékistan" it="Uzbekistan"/>
-	<country code="vu" en="Vanuatu" de="Vanuatu" fr="Vanuatu" it="Vanuatu"/>
-	<country code="va" en="Vatican City State" de="Vatikanstadt" fr="Saint-Siège (Cité du Vatican)" it="Città del Vaticano"/>
-	<country code="ve" en="Venezuela" de="Venezuela" fr="Venezuela" it="Venezuela"/>
-	<country code="vn" en="Vietnam" de="Vietnam" fr="Vietnam" it="Vietnam"/>
-	<country code="vi" en="Virgin Islands (USA)" de="Jungferninseln (USA)" fr="Îles Vierges américaines" it="Isole Vergini"/>
-	<country code="vg" en="Virgin Islands, British (Tortola)" de="British Virgin Islands (Tortola)" fr="Îles Vierges britanniques (Tortola)" it="Isole Vergini britanniche"/>
-	<country code="wf" en="Wallis and Futuna Islands" de="Wallis und Futuna" fr="Îles Wallis-et-Futuna" it="Wallis e Futuna"/>
-	<country code="eh" en="Western Sahara" de="Westsahara" fr="Sahara occidental" it="Sahara occidentale"/>
-	<country code="ws" en="Western Samoa" de="Samoa" fr="Samoa" it="Samoa occidentale"/>
-	<country code="ye" en="Yemen" de="Jemen" fr="Yémen" it="Yemen"/>
-	<country code="zm" en="Zambia" de="Sambia" fr="Zambie" it="Zambia"/>
-	<country code="zw" en="Zimbabwe" de="Simbabwe" fr="Zimbabwe" it="Zimbabwe" />
-</country-names>

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_compare_and_update_idm_attributes.groovy

@@ -0,0 +1,158 @@
+import java.text.SimpleDateFormat
+import groovy.text.SimpleTemplateEngine
+
+import ch.nevis.idm.client.IdmRestClient
+import ch.nevis.idm.client.IdmRestClientFactory
+
+def getDateWithoutTimestamp(String date){
+    def result = date
+    if(date.matches('^[0-9-]+[+]{1}.*')){
+        result = date.replaceAll('[+]{1}.*', "")
+    }
+    return result
+}
+
+// NOTE/aca/2025/06/19: We could also reload the data from idm after the update instead of updating the session variables manualy -> probably better and less error-prone
+def compareAndUpdateSessionVariables(sess, keys, isProperty){
+    def updatedKeys = []
+    for(key in keys){
+        def idmkey = isProperty ? "ch.nevis.idm.User.prop.$key" : "ch.nevis.idm.User.$key"
+        def eidValue = session["agov.eid.User.$key"] ?: ""
+        def idmValue = session[idmkey] ?: ""
+        if(!idmValue || eidValue != idmValue){
+            sess.setAttribute(idmkey, eidValue)
+            updatedKeys.add(key)
+        }
+    }
+    return updatedKeys
+}
+
+// TODO/haburger/2025-07-01: we should also set the verificationMethod, etc. of the level400 role
+String user_update_dto_template = '''
+{
+    "name": {
+        "firstName": "$firstName",
+        "familyName": "$familyName"
+    },
+    "properties": {
+        "svnr": "$svnr",
+        "placeOfBirth": "$placeOfBirth",
+        "nationality": "$nationality",
+        "eIdNumber": "$eIdNumber"
+    },
+    "gender": "$gender",
+    "birthDate": "$birthDate",
+
+    "modificationComment": "updated user information with eid attributes during request $request"
+}
+'''
+
+// Accounting
+def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown'
+def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown'
+def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown'
+def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'
+def credentialType = session['authenticatedWith'] ?: 'unknown'
+def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+
+
+
+def sess = request.getAuthSession(true)
+
+// Convert EID gender format to IDM
+if(sess.get('agov.eid.User.gender') == '1'){
+    sess.setAttribute('agov.eid.User.gender', 'MALE')
+}
+if(sess.get('agov.eid.User.gender') == '2'){
+    sess.setAttribute('agov.eid.User.gender', 'FEMALE')
+}
+if(sess.get('agov.eid.User.gender') == '3'){
+    sess.setAttribute('agov.eid.User.gender', 'OTHER')
+}
+
+// Compare eid and idm attributes + update idm session variables if they differ 
+def attributesToAudit = compareAndUpdateSessionVariables(sess, ["firstName", "lastName", "gender"], false)
+// NOTE/aca/2025/06/14/: Potentally Throw a DATA ERROR if the properties are different? -> should the svnr number ever change?
+def propertiesToAudit = compareAndUpdateSessionVariables(sess, ["svnr", "eIdNumber", "nationality", "placeOfBirth"], true)
+
+
+// Handle birthdate seperately, since it can contain a timestamp -> we probably don't want to update if only the timestamp is wrong
+String eidBirthdate = getDateWithoutTimestamp(session["agov.eid.User.birthDate"] ?: "")
+String idmBirthdate = getDateWithoutTimestamp(session["ch.nevis.idm.User.birthDate"] ?: "")
+LOG.debug("eidBirthdate: $eidBirthdate    idmBirthdate: $idmBirthdate")
+if(eidBirthdate != idmBirthdate){
+    sess.setAttribute("ch.nevis.idm.User.birthDate", eidBirthdate)
+    // For some reson IdmGetPropertyState uses a different date format than IdmSetPropertyState?
+    //def date = new SimpleDateFormat('yyyy-MM-dd').parse(eidBirthdate)
+    //def idmFromatedBirthDate = new SimpleDateFormat('dd.MM.yyyy').format(date) 
+    //sess.setAttribute("ch.nevis.idm.User.birthDate.idmFormat", idmFromatedBirthDate)
+    attributesToAudit.add("birthDate") 
+}
+
+// Check if we need to update IDM
+def auditedRequired = attributesToAudit.size() > 0 || propertiesToAudit.size() > 0
+
+if(auditedRequired){
+    // update attributes in idm & transition to User notification
+    IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters)
+
+    String baseUrl = parameters.get("baseUrl")
+    String clientExtId = parameters.get("clientExtId")
+    String endPoint = "$baseUrl/api/core/v1"
+    String userExtId = sess.getAttribute("ch.nevis.idm.User.extId")
+
+    String requestUrl = "$endPoint/$clientExtId/users/$userExtId"
+
+
+    
+    def binding = [
+        "firstName":        sess.getAttribute('agov.eid.User.firstName'), 
+        "familyName":       sess.getAttribute('agov.eid.User.lastName'),
+        "svnr":             sess.getAttribute('agov.eid.User.svnr'),
+        "placeOfBirth":     sess.getAttribute('agov.eid.User.placeOfBirth'),
+        "nationality":      sess.getAttribute('agov.eid.User.nationality'),
+        "eIdNumber":        sess.getAttribute('agov.eid.User.eIdNumber'),
+        "gender":           sess.getAttribute('agov.eid.User.gender').toLowerCase(),
+        "birthDate":        sess.getAttribute('agov.eid.User.birthDate'),
+        "request":          requestId
+        ]
+
+    def templateEngine = new SimpleTemplateEngine()
+    def userUpdateDto = templateEngine.createTemplate(user_update_dto_template).make(binding).toString()
+
+    try {
+        idmRestClient.patch(requestUrl, userUpdateDto)
+    
+    }catch(Exception e) {
+        LOG.error("Failed to update User data in IDM: ${e}")
+        LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to update User data in IDM'")
+        response.setResult('error')
+        return
+    }
+    String printKeys = attributesToAudit.toListString()
+    LOG.debug("AuditedAttributes: $printKeys")
+ 
+    // Transform gender back to number
+    if(sess.get('ch.nevis.idm.User.gender') == 'MALE'){
+        sess.setAttribute('ch.nevis.idm.User.gender', '1')
+    }
+    if(sess.get('ch.nevis.idm.User.gender') == 'FEMALE'){
+        sess.setAttribute('ch.nevis.idm.User.gender', '2')
+    }
+    if(sess.get('ch.nevis.idm.User.gender') == 'OTHER'){
+        sess.setAttribute('ch.nevis.idm.User.gender', '3')
+    }
+
+    response.setResult('audited')
+}else{
+    // Attributes match & no notification needed => continue by updating the linking credential and sending the saml assertion
+    // NOTE/aca/2025/06/19: We skip checking the account state, recovery code, mobile number and LoA
+     LOG.debug("No Audit Required: Logging user in")
+    response.setResult('noChange')
+}
+
+
+
+
+

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_fetch_linked_accounts.groovy

@@ -0,0 +1,203 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+import ch.nevis.idm.client.IdmRestClient
+import ch.nevis.idm.client.IdmRestClientFactory
+import ch.nevis.idm.client.HTTPRequestWrapper
+
+import groovy.json.JsonSlurper
+import groovy.json.JsonBuilder
+
+
+
+def getHeader(String name) {
+	def inctx = request.getLoginContext()
+	// case-insensitive lookup of HTTP headers
+	def map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER)
+	map.putAll(inctx)
+	return map['connection.HttpHeader.' + name]
+}
+
+def clearEidSession(){
+    def s = request.getAuthSession(true)
+    s.removeAttribute('agov.eid.verification')
+    s.removeAttribute('agov.eid.verification.id')
+    s.removeAttribute('agov.eid.verification.link')
+    s.removeAttribute('agov.eid.linkedAccountsDto')
+    s.removeAttribute('agov.eid.User.birthDate')
+    s.removeAttribute('agov.eid.User.eIdNumber')
+    s.removeAttribute('agov.eid.User.firstName')
+    s.removeAttribute('agov.eid.User.lastName')
+    s.removeAttribute('agov.eid.User.gender')
+    s.removeAttribute('agov.eid.User.nationality')
+    s.removeAttribute('agov.eid.User.placeOfBirth')
+    s.removeAttribute('agov.eid.User.svnr')
+    s.removeAttribute('agov.eid.User.origin')
+}
+
+def getAccounts(json, String svnr) {
+    def idm_users_dto = json["Resources"]
+    def accounts = [:]
+    def frontend_dto = []
+
+    for(user in idm_users_dto){
+
+        def credentials_dto = user["urn:nevis:idm:scim:schemas:v1:extension:User"]["credentials"]
+        if(!credentials_dto){
+            LOG.warn("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${extId}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='AGOV account has no credentials'")
+        }
+
+        for(cred in credentials_dto){
+			def foundCredential = false
+            def extId = user["externalId"]
+            //TODO/aca/2025/06/11: Can we have multiple email adresses? -> if yes search for primary
+            String email = user["emails"][0]["value"]
+			if(cred["type"] == "SAMLFEDERATION" && cred["issuerNameId"] == svnr){
+                // we found a second federation credential in one AGOV account -> Throw data error
+                if(foundCredential){
+                    LOG.error("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${extId}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Multiple EId linking credentials found in one AGOV account'")
+                    return [null,null]
+                }
+
+                // extract login info
+                def firstLogin = true
+                if(cred["credentialLoginInfo"]){
+                    if(cred["credentialLoginInfo"]["lastLogin"] && cred["credentialLoginInfo"]["lastLogin"] != ""){
+                        firstLogin = false
+                    }
+                }
+
+                //NOTE/aca/2025/06/11: Assume that this is sanitized when registered.
+				def accountName = cred['subjectNameId']
+                def credentialExtId = cred['extId']
+                 
+                accounts.put(email, [ "extId": extId, "credentialExtId": cred['extId'], "firstLogin": firstLogin ] )
+                frontend_dto.add(["email": email, "description": accountName])
+
+                foundCredential=true
+			}
+        }
+    }
+    return [ accounts, [ "accounts": frontend_dto ] ]
+}
+
+def sess = request.getAuthSession(true)
+IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters)
+
+// Accounting
+def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown'
+def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown'
+def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown'
+def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'
+def credentialType = session['authenticatedWith'] ?: 'unknown'
+def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+
+
+if(inargs['submit'] && inargs['login'] && inargs['login'] != ''){
+    LOG.debug("Account with email: ${inargs['login']} was selceted -> Continuing")
+    
+    def accounts = new JsonSlurper().parseText(session['agov.eid.linkedAccountsDto'])
+    def account = accounts.get( inargs['login'].trim() )
+
+    sess.setAttribute('agov.eid.linkingCredentialExtId', account["credentialExtId"])
+    sess.setAttribute('agov.eid.linkedAccountExtId', account["extId"])
+
+    if(account["firstLogin"]){
+        response.setResult('firstLogin')
+        return
+    }
+
+    response.setResult('ok')
+    return
+}
+
+if(inargs['cancelEid'] && inargs['cancelEid'] == 'cancel'){
+    LOG.debug("Account selection was canceled: back to initial login screen")
+    clearEidSession()
+    response.setResult('backToVerification')
+    return
+}
+
+
+if(getHeader('Content-Type') == 'application/json'){
+    String account_selection_dto = session['agov.eid.linkedAccountsFrontendDto']
+
+    response.setContent(account_selection_dto.toString())
+	response.setContentType('application/json')
+	response.setHttpStatusCode(200)
+	response.setIsDirectResponse(true)
+	response.setStatus(AuthResponse.AUTH_CONTINUE)
+	return
+}
+
+
+String baseUrl = parameters.get("baseUrl")
+String clientExtId = parameters.get("clientExtId")
+String endPoint = "$baseUrl/api/scim/v1/$clientExtId/Users"
+
+// Fetch account identifier
+String svnr = sess.getAttribute("agov.eid.User.svnr")
+LOG.debug("search for accounts with SVNR: $svnr")
+
+// Pepare GET request
+String attributes = "externalId,emails,urn:nevis:idm:scim:schemas:v1:extension:User.credentials.type,urn:nevis:idm:scim:schemas:v1:extension:User.credentials.issuerNameId,urn:nevis:idm:scim:schemas:v1:extension:User.credentials.subjectNameId,urn:nevis:idm:scim:schemas:v1:extension:User.credentials.extId,urn:nevis:idm:scim:schemas:v1:extension:User.credentials.credentialLoginInfo.lastLogin"
+String filter = "urn:nevis:idm:scim:schemas:v1:extension:User.credentials.type=='SAMLFEDERATION'%20AND%20urn:nevis:idm:scim:schemas:v1:extension:User.credentials.issuerNameId=='$svnr'"
+
+String requestUrl = "$endPoint?count=20&attributes=$attributes&filter=$filter"
+
+String scimResponse
+try {
+
+    scimResponse = idmRestClient.get(requestUrl)
+    
+    //TODO/aca/2025/06/11: Fetch more pages if more than 20 entries have been found
+
+    LOG.debug("SCIM Response: $scimResponse")
+
+    def json = new JsonSlurper().parseText(scimResponse)
+    def (accounts, frontend_dto) = getAccounts(json, svnr)
+
+    // unrecoverable DATA ERROR happend
+    if(!accounts){
+        response.setResult('error')
+        return
+    }
+
+    def numAccounts = accounts.size()
+
+    LOG.debug("Linked accounts found: " + frontend_dto.toString())
+
+    if(numAccounts == 0){
+        //TODO/aca/2025-06-10: Implement next step
+        // Redirect to an error page or linking page when that's ready and decided
+        sess.setAttribute("eid.placeholder.text", "EId: No AGOV Account found case not implemented yet")
+        response.setResult('noAccount')
+        return
+    }else if(numAccounts == 1){
+        // One account found -> continue with loading attributes from idm (+ notification if it is the first login)
+        def account = accounts.values().first()
+        sess.setAttribute('agov.eid.linkingCredentialExtId', account["credentialExtId"])
+        sess.setAttribute('agov.eid.linkedAccountExtId', account["extId"])
+
+        if(account["firstLogin"]){
+            response.setResult('firstLogin')
+            return
+        }
+
+        response.setResult('ok')
+        return
+    }else{
+        // Multiple accounts found -> Dispatch the account selection screen
+        sess.setAttribute('agov.eid.linkedAccountsDto', new JsonBuilder(accounts).toString())
+        sess.setAttribute('agov.eid.linkedAccountsFrontendDto', new JsonBuilder(frontend_dto).toString())
+
+        LOG.debug("Show GUI")
+        response.setStatus(AuthResponse.AUTH_CONTINUE)
+        return
+    }
+    
+} catch(Exception e) {
+    LOG.error("Fetching Agov Accounts Failed: ${e}")
+    sess.setAttribute("eid.placeholder.text", "EId: An exception occured while fetching the AGOV accounts\n: ${e}")
+    response.setResult('error')
+    return
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_notify_user_first_login.groovy

@@ -0,0 +1,38 @@
+import ch.nevis.idm.client.IdmRestClient
+import ch.nevis.idm.client.IdmRestClientFactory
+
+
+String user_notification_dto = '''
+{
+    "clientExtId": "{{clientExtId}}",
+    "userExtId": "{{userExtId}}",
+    "notificationType": "userNotification4",
+    "sendingMethod": [
+        "Email"
+    ],
+    "async": false
+}
+'''
+
+IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters)
+def sess = request.getAuthSession(true)
+
+String baseUrl = parameters.get("baseUrl")
+String clientExtId = parameters.get("clientExtId")
+String endPoint = "$baseUrl/api/notification/v1/"
+
+String userExtId = sess.getAttribute("agov.eid.linkedAccountExtId")
+
+String restRequest = user_notification_dto.replaceAll("\\{\\{clientExtId}}", clientExtId).replaceAll("\\{\\{userExtId}}", userExtId)
+
+try {
+    idmRestClient.post(endPoint, restRequest)
+    
+}catch(Exception e) {
+    LOG.error("Failed to send User Notification: First Login: ${e}")
+    response.setResult('error')
+    return
+}
+
+response.setResult('ok')
+return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_notify_user_idm_change.groovy

@@ -0,0 +1,38 @@
+import ch.nevis.idm.client.IdmRestClient
+import ch.nevis.idm.client.IdmRestClientFactory
+
+
+String user_notification_dto = '''
+{
+    "clientExtId": "{{clientExtId}}",
+    "userExtId": "{{userExtId}}",
+    "notificationType": "userNotification3",
+    "sendingMethod": [
+        "Email"
+    ],
+    "async": false
+}
+'''
+
+IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters)
+def sess = request.getAuthSession(true)
+
+String baseUrl = parameters.get("baseUrl")
+String clientExtId = parameters.get("clientExtId")
+String endPoint = "$baseUrl/api/notification/v1/"
+
+String userExtId = sess.getAttribute("ch.nevis.idm.User.extId")
+
+String restRequest = user_notification_dto.replaceAll("\\{\\{clientExtId}}", clientExtId).replaceAll("\\{\\{userExtId}}", userExtId)
+
+try {
+    idmRestClient.post(endPoint, restRequest)
+    
+}catch(Exception e) {
+    LOG.error("Failed to send User Notification: Idm Update with EId data: ${e}")
+    response.setResult('error')
+    return
+}
+
+response.setResult('ok')
+return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_registration.groovy

@@ -0,0 +1,17 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+
+if(inargs['cancel']){
+    LOG.debug("Account registration canceled: Send response with error")
+    response.setResult('back')
+    return
+}
+
+if(inargs['register'] == "agov"){
+    LOG.debug("AGOV account registration was selected")
+    response.setResult('register')
+    return
+}
+
+LOG.debug("Show GUI")
+response.setStatus(AuthResponse.AUTH_CONTINUE)
+return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_update_login_info.groovy

@@ -0,0 +1,36 @@
+import ch.nevis.idm.client.IdmRestClient
+import ch.nevis.idm.client.IdmRestClientFactory
+
+
+String login_info_update_dto = '''
+{
+    "success": true,
+    "credentialExtId": "{{credentialExtId}}"
+}
+'''
+
+IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters)
+def sess = request.getAuthSession(true)
+
+String baseUrl = parameters.get("baseUrl")
+String clientExtId = parameters.get("clientExtId")
+String endPoint = "$baseUrl/api/core/v1"
+
+String userExtId = sess.getAttribute("ch.nevis.idm.User.extId")
+String linkingCredentialExtId = sess.getAttribute("agov.eid.linkingCredentialExtId")
+
+String requestUrl = "$endPoint/$clientExtId/users/$userExtId/login-info"
+
+String restRequest = login_info_update_dto.replaceAll("\\{\\{credentialExtId}}", linkingCredentialExtId)
+
+try {
+    idmRestClient.post(requestUrl, restRequest)
+    
+}catch(Exception e) {
+    LOG.error("Failed to Update Linking Credential info: ${e}")
+    response.setResult('error')
+    return
+}
+
+response.setResult('ok')
+return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_verification_auth.groovy

@@ -0,0 +1,454 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+import ch.nevis.esauth.sess.Session
+import ch.nevis.esauth.util.httpclient.api.HttpClient
+import groovy.json.JsonSlurper
+import io.opentelemetry.api.trace.Span
+
+import java.time.LocalDate
+import java.time.ZoneId
+import java.time.ZoneOffset
+
+import com.fasterxml.uuid.Generators
+
+def getHeader(String name) {
+	def inctx = request.getLoginContext()
+	// case-insensitive lookup of HTTP headers
+	def map = new TreeMap<>(String.CASE_INSENSITIVE_ORDER)
+	map.putAll(inctx)
+	return map['connection.HttpHeader.' + name]
+}
+
+// returns true on success and false on failure
+def getNewVerification(Session sess, HttpClient httpClient, String verification_request_template, String traceparent){
+	// Initialize the verification session on the verifier
+	def endPoint = "${parameters.get('eidVerifierBaseUrl')}/api/v1/verifications"
+
+	try {
+		def httpResponse = Http.post()
+				.url(endPoint)
+				.header("Accept", "application/json")
+				.header("traceparent", traceparent)
+				.entity(Http.entity()
+						.content(verification_request_template.replaceAll("\\{\\{UUID}}", UUID.randomUUID().toString()))
+						.contentType("application/json")
+						.build())
+				.build()
+				.send(httpClient)
+
+
+		if (httpResponse.code() != 200) {
+			LOG.debug("Result: ${httpResponse}")
+			return false
+		}
+
+		def json = new JsonSlurper().parseText(httpResponse.bodyAsString())
+		LOG.debug("Result: ${json}")
+
+		sess.setAttribute('agov.eid.verification', 'true')
+		sess.setAttribute('agov.eid.verification.id', json.id)
+		sess.setAttribute('agov.eid.verification.link', json.verification_url)
+
+
+        //  TODO/aca/2025-04-04:This could probably also be INITIATED, once the verifier supports this status
+		if (json.state != 'PENDING') {
+			return false
+		}
+	}
+	catch (Exception e) {
+		LOG.error("Eid verification failed: $e")
+		return false
+	}
+    return true
+}
+
+def clearEidSession(){
+    def s = request.getAuthSession(true)
+    s.removeAttribute('agov.eid.verification')
+    s.removeAttribute('agov.eid.verification.id')
+    s.removeAttribute('agov.eid.verification.link')
+}
+
+def verification_request_template = '''
+{ "presentation_definition": {
+    "id": "{{UUID}}",
+    "name": "AGOV Verification",
+    "purpose": "AGOV Login",
+    "format": {
+      "vc+sd-jwt": {
+        "sd-jwt_alg_values": [
+          "ES256"
+        ],
+        "kb-jwt_alg_values": [
+          "ES256"
+        ]
+      }
+    },
+    "input_descriptors": [
+      {
+        "id": "agov-all-attributes",
+        "name": "AGOV Identity Verification",
+        "purpose": "verification and authentication",
+        "format": {
+          "vc+sd-jwt": {
+            "sd-jwt_alg_values": [
+              "ES256"
+            ],
+            "kb-jwt_alg_values": [
+              "ES256"
+            ]
+          }
+        },
+        "constraints": {
+          "fields": [
+            {
+              "path": [
+                "$.family_name"
+              ]
+            },
+            {
+              "path": [
+                "$.given_name"
+              ]
+            },
+            {
+              "path": [
+                "$.birth_date"
+              ]
+            },
+            {
+              "path": [
+                "$.sex"
+              ]
+            },
+            {
+              "path": [
+                "$.place_of_origin"
+              ]
+            },
+            {
+              "path": [
+                "$.birth_place"
+              ]
+            },
+            {
+              "path": [
+                "$.nationality"
+              ]
+            },
+            {
+              "path": [
+                "$.personal_administrative_number"
+              ]
+            },
+            {
+              "path": [
+                "$.document_number"
+              ]
+            },
+            {
+              "path": [
+                "$.issuance_date"
+              ]
+            },
+            {
+              "path": [
+                "$.expiry_date"
+              ]
+            },
+            {
+              "path": [
+                "$.issuing_authority"
+              ]
+            },
+            {
+              "path": [
+                "$.issuing_country"
+              ]
+            }
+          ]
+        }
+      }
+    ]
+  }
+}
+'''
+
+def ERROR_CODE_TO_STATUS_MAPPER = [
+		'CREDENTIAL_INVALID'               : 'FAILED',
+		'JWT_EXPIRED'                      : 'ERROR',
+		'INVALID_FORMAT'                   : 'ERROR',
+		'CREDENTIAL_EXPIRED'               : 'FAILED',
+		'MISSING_NONCE'                    : 'ERROR',
+		'UNSUPPORTED_FORMAT'               : 'ERROR',
+		'CREDENTIAL_REVOKED'               : 'FAILED',
+		'CREDENTIAL_SUSPENDED'             : 'FAILED',
+		'HOLDER_BINDING_MISMATCH'          : 'ERROR',
+		'CREDENTIAL_MISSING_DATA'          : 'FAILED',
+		'UNRESOLVABLE_STATUS_LIST'         : 'ERROR',
+		'PUBLIC_KEY_OF_ISSUER_UNRESOLVABLE': 'ERROR',
+		'CLIENT_REJECTED'                  : 'CANCELED',
+		'ISSUER_NOT_ACCEPTED'              : 'ERROR'
+]
+
+// ---------------
+// check, whether we are still processing the correct AuthnRequest
+// or if the frontend requested a timeout
+if ( (inargs.containsKey('authRequestId') && (inargs['authRequestId'] != session['ch.nevis.auth.saml.request.id'])) || inargs['oid4vp'] == 'TIMEOUT') {
+	// wrong request, "force" a timeout
+	LOG.debug('authentication timeout enforced, due to concurrent requests (authRequestId missmatch) -> return a 408')
+
+	response.setIsDirectResponse(true)
+	response.setContentType('text/html; charset=UTF-8')
+	response.setContent('Timeout')
+	response.setHttpStatusCode(205)
+	response.setHeader('IDP-AUTH', 'Timeout')
+
+	// CONTINUE to keep the other request beeing processed
+	response.setStatus(AuthResponse.AUTH_CONTINUE)
+	return
+}
+
+def sess = request.getAuthSession(true)
+
+if (inargs['oid4vp'] == 'ERROR') {
+    LOG.debug("oid4vp error")
+	response.setResult('error')
+	return
+}
+
+if (inargs['oid4vp'] == 'SUCCEEDED') {
+    LOG.debug("oid4vp succeeded")
+	response.setResult('ok')
+	return
+}
+
+// switch to access App
+if (inargs['accessApp'] == 'accessApp') {
+    //TODO/aca/2025/06/19: In theory we could also land here when we send 'SUCCESS' to the frontend -> would be better to  clear all session vaiables that can be set in this Authstate
+    //TODO/aca/2025/06/19: Should we here rather set the LOGINMETHOD cookie and send an error assertion, since otherwise we might swich states too often and Nevis will kill the session?
+    clearEidSession()
+    LOG.debug("Switch to Access App")
+    sess.setAttribute('agov.lastLoginMethod', 'accessApp')
+	response.setResult('agovLogin')
+	return
+}
+
+// switch to fido2
+if (inargs['securityKey'] == 'securityKey') {
+    clearEidSession()
+    LOG.debug("Switch to Security Key")
+    sess.setAttribute('agov.lastLoginMethod', 'securityKey')
+	response.setResult('agovLogin')
+	return
+}
+
+// switch to registration
+if (inargs['fallback'] == 'register') {
+    clearEidSession()
+    LOG.debug("Switch to registration")
+	response.setResult('register')
+	return
+}
+
+
+HttpClient httpClient = HttpClients.create(parameters)
+def spanCtxt = Span.current().getSpanContext()
+def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
+
+
+if (getHeader('Content-Type') == 'application/json' && inargs.containsKey('o.id.v')) {
+    LOG.debug("Request Status Update")
+	// request for a status update from the verifier
+	def result
+
+    // FE requested a new verification
+    if (inargs['o.id.v'] == 'NEW' || inargs['o.id.v'] == 'RESET') {
+        LOG.debug("Initializing new verification")
+	    if(!getNewVerification(sess, httpClient, verification_request_template, traceparent)){
+            response.setResult('error') 
+            return
+        }
+    }
+
+	def idvalue = (!inargs['o.id.v'] || inargs['o.id.v'] == 'NEW' || inargs['o.id.v'] == 'RESET') ? session['agov.eid.verification.id'] : inargs['o.id.v']
+
+    LOG.error("IDValSent: " + idvalue)
+
+    // check, whether we are still processing the same verification request or if a new one was generated in e.g. another Tab
+    if(inargs['o.id.v'] && inargs['o.id.v'] != 'NEW' && inargs['o.id.v'] != 'RESET' && inargs['o.id.v'] != session['agov.eid.verification.id']){
+        // wrong request, tell fe to stop polling and request a timeout
+        LOG.debug('authentication timeout enforced, due to concurrent requests (verificationRequest missmatch) -> Notify FE & then return a 408')
+        result = """{
+				"oid4vp": {
+					"status": "TIMEOUT",
+					"verification_url": "${session['agov.eid.verification.link']}",
+					"id": "${idvalue}",
+					"error_code": "REQUEST-MISMATCH",
+					"error_message": "Request Mismatch Detected: Forcing Timeout"
+				}}"""
+
+        response.setContent(result.toString())
+	    response.setContentType('application/json')
+	    response.setHttpStatusCode(200)
+	    response.setIsDirectResponse(true)
+	    response.setStatus(AuthResponse.AUTH_CONTINUE)
+	    return
+    }
+
+	try {
+		def endPoint = "${parameters.get('eidVerifierBaseUrl')}/api/v1/verifications/${idvalue}"
+
+		def httpResponse = Http.get()
+				.url(endPoint)
+				.header("Accept", "application/json")
+				.header("traceparent", traceparent)
+				.build()
+				.send(httpClient)
+
+
+        // 404 -> request a new verification
+        if(httpResponse.code() == 404){
+            // Frontend should know that we are starting a new request and not recieve an error
+            def status = "FAILED"
+            // Delete session variable to start a new verification
+            sess.removeAttribute('agov.eid.verification')
+
+            result = """{
+				"oid4vp": {
+					"status": "${status}",
+					"verification_url": "",
+					"id": "",
+					"error_code": "HTTP-ERROR",
+					"error_message": "Faild to verify status of verification, http status: ${httpResponse.code()}"
+				}}"""
+			LOG.warn("<== Response: ${httpResponse.code()}")
+		}
+		else if (httpResponse.code() != 200) {
+			LOG.debug("Result: ${httpResponse}")
+            
+            def status = "ERROR"
+            
+			result = """{
+				"oid4vp": {
+					"status": "${status}",
+					"verification_url": "${session['agov.eid.verification.link']}",
+					"id": "${idvalue}",
+					"error_code": "HTTP-ERROR",
+					"error_message": "failed to verify status of verification ${idvalue}, http status: ${httpResponse.code()}"
+				}}"""
+			LOG.warn("<== Response: ${httpResponse.code()}")
+		}
+		else {
+
+			def json = new JsonSlurper().parseText(httpResponse.bodyAsString())
+            LOG.debug(httpResponse.bodyAsString())
+			if (json.state == 'SUCCESS') {
+				def claims = json.wallet_response.credential_subject_data
+                LOG.debug("Store user data in session")
+				
+                def validFrom = LocalDate.parse(claims.issuance_date, DateTimeFormatter.ISO_LOCAL_DATE).atStartOfDay(ZoneId.systemDefault()).format(DateTimeFormatter.ISO_OFFSET_DATE_TIME)
+                def validTo = LocalDate.parse(claims.expiry_date, DateTimeFormatter.ISO_LOCAL_DATE).atTime(23,59,59).atOffset(ZoneOffset.systemDefault()).format(DateTimeFormatter.ISO_OFFSET_DATE_TIME)
+
+                sess.setAttribute('agov.eid.User.firstName', claims.given_name)
+				sess.setAttribute('agov.eid.User.lastName', claims.family_name)
+				sess.setAttribute('agov.eid.User.birthDate', claims.birth_date)
+				sess.setAttribute('agov.eid.User.gender', claims.sex)
+				sess.setAttribute('agov.eid.User.svnr', claims.personal_administrative_number.replace('.',''))
+				sess.setAttribute('agov.eid.User.placeOfBirth', claims.birth_place)
+				sess.setAttribute('agov.eid.User.eIdNumber', claims.document_number)
+                // Simpler for later comparison -> Is converted again to upper case in the saml assertion
+				sess.setAttribute('agov.eid.User.nationality', claims.nationality.toString().toLowerCase())
+
+				sess.setAttribute('ValidFrom', validFrom)
+				sess.setAttribute('ValidTo', validTo)
+				sess.setAttribute('authenticatedWith', "urn:qa.agov.ch:names:tc:authfactor:eid")
+				sess.setAttribute('idVerification', "Eid")
+
+                // BUNDBITBK-5203 Dynamic aq levels
+                def requestedRoleLevel = session['agov.requestedRoleLevel']
+                if(requestedRoleLevel == "600"){
+                    sess.setAttribute('contextClassRefToSet', "urn:qa.agov.ch:names:tc:ac:classes:600")
+                }else{
+                    sess.setAttribute('contextClassRefToSet', "urn:qa.agov.ch:names:tc:ac:classes:500")
+                }
+
+                // subjectUUID v5
+                def namespace = UUID.fromString(parameters.get('eidUUIDNamespace'))
+                def uuid = Generators.nameBasedGenerator(namespace).generate(claims.personal_administrative_number)
+                 LOG.debug("UUID derived from svnr: ${uuid}")
+                String uuidString = uuid.toString()
+                sess.setAttribute('agov.subjectUUID', '' + uuidString)
+
+				response.setUserId(uuidString)
+                sess.setAttribute('ch.adnovum.nevisidm.user.extId', uuidString)
+				response.setLoginId(claims.document_number)
+				response.setAuthLevel("EID")
+
+				result = """{
+				"oid4vp": {
+					"status": "SUCCEEDED",
+					"verification_url": "${session['agov.eid.verification.link']}",
+					"id": "${idvalue}",
+					"error_code": "NONE"
+				}}"""
+			}
+			else if (json.state == 'FAILED') {
+				LOG
+						.error("Eid verification failed: ${json.wallet_response.error_code} (${json.wallet_response.error_description})")
+                       
+                def status = ERROR_CODE_TO_STATUS_MAPPER[json.wallet_response.error_code] ?: 'ERROR'
+
+                // Send new request & return variables with new id and url
+                if(status == 'FAILED' || status == 'CANCELED'){
+                    // Delete session variable to start a new verification
+                    sess.removeAttribute('agov.eid.verification')
+
+                    // Clear variables for for a cleaner result
+                    sess.removeAttribute('agov.eid.verification.link')
+                }
+
+				result = """{
+				"oid4vp": {
+					"status": "${status}",
+					"verification_url": "${session['agov.eid.verification.link']}",
+					"id": "${idvalue}",
+					"error_code": "${json.wallet_response.error_code}",
+					"error_message": "${json.wallet_response.error_description}"
+				}}"""
+			}
+			else {
+				result = """{
+				"oid4vp": {
+					"status": "${inargs['o.id.v'] == 'NEW' || inargs['o.id.v'] == 'RESET' ? 'INITIATED' : 'PENDING'}",
+					"verification_url": "${session['agov.eid.verification.link']}",
+					"id": "${idvalue}",
+					"error_code": "NONE"
+				}}"""
+			}
+		}
+
+	}
+	catch (Exception e) {
+		LOG.error("Eid verification failed: ${e}")
+		result = """{
+				"oid4vp": {
+					"status": "ERROR",
+					"verification_url": "${session['agov.eid.verification.link']}",
+					"id": "${idvalue}",
+					"error_code": "HTTP-ERROR",
+					"error_message": "failed to verify status of verification ${idvalue}, http exception"
+				}}"""
+	}
+
+	response.setContent(result.toString())
+	response.setContentType('application/json')
+	response.setHttpStatusCode(200)
+	response.setIsDirectResponse(true)
+	response.setStatus(AuthResponse.AUTH_CONTINUE)
+	return
+}
+
+// if we reach this place, display GUI
+LOG.debug("Show GUI")
+response.setStatus(AuthResponse.AUTH_CONTINUE)
+return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureAccountState.groovy

@@ -26,7 +26,7 @@ String level100RoleExtid = parameters.get('level100.roleExtid')
 
 String baseUrl = "${parameters.get('idm.baseUrl')}/core/v1/$clientExtId"
 boolean audited = false
-String agovAq100AuthEndpoint = null
+String aq100AuthRestURL = null
 String endpoint = null
 
 // 1) create the profile if needed
@@ -79,14 +79,14 @@ if (!Arrays.stream(response.getActualRoles()).filter( r -> r.contains('AGOV-Loi.
 		LOG.warn("Event='DATAERROR', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='created missing AGOVaq 100 role'")
 		audited = true
 	}
-	agovAq100AuthEndpoint = result.getLocation()
+	aq100AuthRestURL = result.getLocation()
 }
 
 
 // 3) set the AQ level 100 verification to None
 if (!session['ch.adnovum.nevisidm.userDto'].contains("<properties><name>idVerification</name><value>None</value><scopeName>AGOV-Loi,level100</scopeName></properties>")) {
 
-	if (agovAq100AuthEndpoint == null) {
+	if (aq100AuthRestURL == null) {
 		endpoint = "${baseUrl}/profiles/${profileExtId}/authorizations"
 
 		def result = idmRestClient.get(endpoint)
@@ -94,12 +94,13 @@ if (!session['ch.adnovum.nevisidm.userDto'].contains("<properties><name>idVerifi
 
 		json['items'].eachWithIndex { az, i ->
 			if (az.roleExtId == level100RoleExtid) {
-				agovAq100AuthEndpoint = "${endpoint}/${az.extId}"
+				aq100AuthRestURL = "${endpoint}/${az.extId}"
 			}
 		}
 	}
 
-	endpoint = "${agovAq100AuthEndpoint}/properties"
+
+    endpoint = "${aq100AuthRestURL}/properties"
 
 	def patchRequest = new HTTPRequestWrapper()
 	patchRequest.addToHeaders('Content-Type',  ['application/json'])

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/ensureRecoveryCode.groovy

@@ -1,9 +1,10 @@
 import ch.nevis.esauth.auth.engine.AuthResponse
-import ch.nevis.idm.client.IdmRestClient
+import ch.nevis.esauth.util.httpclient.api.HttpClient
-import ch.nevis.idm.client.IdmRestClientFactory
+
-import ch.nevis.idm.client.HTTPRequestWrapper
+import io.opentelemetry.api.trace.Span
 
 import groovy.json.JsonSlurper
+import groovy.xml.XmlSlurper
 
 // Accounting
 def requester = session['ch.nevis.auth.saml.request.scoping.requesterId'] ?: 'unknown'
@@ -18,7 +19,9 @@ def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?:
 
 
 
-IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters)
+HttpClient httpClient = HttpClients.create(parameters)
+def spanCtxt = Span.current().getSpanContext()
+def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
 
 String clientExtId = session.get('ch.adnovum.nevisidm.user.clientExtId')
 String userExtId = session.get('ch.adnovum.nevisidm.user.extId')
@@ -26,8 +29,18 @@ String sessionId = session.get('ch.nevis.session.conversationId')
 
 String endPoint = "${parameters.get('utility-service.baseUrl')}/api/v1/recovery/code"
 
+def userDto = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto'))
+def recoveryCredential = userDto.'**'.find {node -> node.name() == 'credentials' && node.type.text() == 'CONTEXT_PASSWORD' && node.context.text() == 'RECOVERY'}
+
+// Only for aq 100, skip for the rest
+if (Arrays.stream(response.getActualRoles()).filter( r -> r.matches('^.*AGOV-Loi\\.level[2345]00.*$')).findAny().isPresent()) {
+	LOG.debug("Account '${user}' has a higher AQ-level than 100, no need to check code")
+	response.setResult('done')
+	return
+}
+
 // 1a) check if user has a credential
-if (session['ch.nevis.idm.User.cred.context_password1.state'] == 'ACTIVE' ) {
+if ( recoveryCredential != null ) {
 	LOG.debug("Account '${user}' has an active recovery code, no need to create new code")
 	response.setResult('done')
 	return
@@ -40,6 +53,12 @@ if (Arrays.stream(response.getActualRoles()).filter( r -> r.contains('AGOV-Accou
 	return
 }
 
+// 1c) don't do it for mobile phones (BUNDBITBK-4445)
+if (userAgent =~ /(iPhone|Android)/ ) {
+	LOG.debug("User '${user}' used a mobile phone, recovery code creation skipped")
+	response.setResult('done')
+	return
+}
 
 // 2) set cookie for recoveryCode
 if (outargs.containsKey('out.JWTToken')) {
@@ -53,21 +72,26 @@ if (outargs.containsKey('out.JWTToken')) {
 if (!session['agov.new.recovery.code.generated']) {
 	inargs.remove('submit')
 	try {
-		def postRequest = new HTTPRequestWrapper()
+		def httpResponse = Http.post()
-		postRequest.addToHeaders('Content-Type',  ['application/json'])
+			.url(endPoint)
+			.header("Accept", "application/json")
+			.header("traceparent", traceparent)
+			.entity(Http.entity()
+				.content("{\"userExtId\":\"$userExtId\",\"userSessionId\": \"$sessionId\"}")
+				.contentType("application/json")
+				.build())
+			.build()
+			.send(httpClient)
 
-		postRequest.setPayLoad("{\"userExtId\":\"$userExtId\",\"userSessionId\": \"$sessionId\"}".getBytes('UTF-8'))
 
-        def result = idmRestClient.postWithResponse(endPoint, postRequest)
+		if (httpResponse.code() != 200) {
-		if (result.getStatusCode() != 200) {
+            LOG.debug("Result: ${httpResponse}")
-            LOG.debug("Payload: ${new String(postRequest.getPayLoad())}")
+			LOG.warn("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create code (http status code ${httpResponse.code()})")
-            LOG.debug("Result: ${result}")
-			LOG.warn("Event='RCVRY-CODE', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', reason='Failed to create code (http status code ${result.getStatusCode()})")
 			response.setResult('failed')
 			return
 		}
 
-		def json = new JsonSlurper().parseText(new String(result.getPayLoad(), 'UTF-8'))
+		def json = new JsonSlurper().parseText(httpResponse.bodyAsString())
 
 		notes.setProperty('agov.new.recovery.code', json['recoveryCode']['code'].replaceAll('^(....)(....)(.*)$', '$1-$2-$3'))
 		LOG.debug("agov.new.recovery.code: ${notes['agov.new.recovery.code']}")

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf

@@ -1,8 +1,9 @@
 RTENV_SECURITY_CHECK=no_shell
 
 JAVA_OPTS=(
-    "-Dfile.encoding=UTF-8"
     "-XX:+UseContainerSupport"
+    "-Dfile.encoding=UTF-8"
+    "-Dotel.instrumentation.metro.enabled=false"
     "-XX:MaxRAMPercentage=80.0"
     "-Djava.net.preferIPv4Stack=true"
     "-Djava.net.connectionTimeout=10000"
@@ -12,8 +13,8 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
-    "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-default-tls-trust/truststore.p12"
+    "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-idp-extended-truststore/truststore.p12"
-    "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-default-tls-trust/keypass}"
+    "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-idp-extended-truststore/keypass}"
 )
 

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fetch_country_name.groovy

@@ -0,0 +1,39 @@
+import groovy.json.JsonSlurper
+import io.opentelemetry.api.trace.Span
+
+def sess = request.getAuthSession(true)
+
+def spanCtxt = Span.current().getSpanContext()
+def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
+def jsonSlurper = new JsonSlurper()
+
+
+def lang = (session['ch.nevis.idm.User.language']?:'DE').trim()
+def endppoint = "${parameters.get('baseurl')}/api/v1/countries?lang=${lang.toUpperCase()}"
+def countryCode = (session['ch.nevis.idm.User.country']?:'CH').trim().toLowerCase()
+
+try {
+  LOG.debug("UTILITY: Countries: Request url: ${endppoint}")
+
+  def httpClient = HttpClients.create(parameters)
+  def httpResponse = Http.get().url(endppoint).header('traceparent', traceparent).build().send(httpClient)
+
+  LOG.debug('UTILITY: Countries: Response Message: ' + httpResponse.reasonPhrase())
+  LOG.debug('UTILITY: Countries: Response Status Code: ' + httpResponse.code())
+  LOG.debug('UTILITY: Countries: Response: ' + httpResponse.bodyAsString())
+
+  if (httpResponse.code() == 200) {
+    def json = jsonSlurper.parseText(httpResponse.bodyAsString())
+    // {"country.af":"Afghanistan","country.al":"Albanie"... }
+    def countryName = json["country.${countryCode}"]
+    LOG.debug("UTILITY: Countries: countryName for ${countryCode}: ${countryName}")
+    if (countryName) {
+      sess.setAttribute('agov.countryName', countryName)
+    }
+  } else {
+    LOG.warn("UTILITY: Countries: Failed to fetch country translations. (httpResponse.code: ${httpResponse.code()})")
+  }
+} catch (Exception e) {
+  LOG.warn("UTILITY: Countries: Failed to fetch country translations. (${e})")
+}
+response.setResult('ok')

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_auth.groovy

@@ -98,9 +98,12 @@ if (path == '/nevisfido/fido2/attestation/options') {
     }
     post(connection, json)
     def responseCode = connection.responseCode
+    def responseText = responseCode == 200 ? connection.inputStream.text : '{"allowCredentials":[]}'
+    def jsonResponse = new JsonSlurper().parseText(responseText)
+    def numOfKeys = jsonResponse.allowCredentials ? jsonResponse.allowCredentials.size() : 0
 
-    // non existing account, or account without FIDO2 key case
+    // non existing account, account without FIDO2 key , or account with disabled FIDO2 key case
-    if (responseCode == 404 || responseCode == 400) {
+    if (responseCode == 404 || responseCode == 400 || numOfKeys == 0) {
 
       LOG.debug("Fido2Auth: <== Response: ${responseCode}")
 
@@ -113,12 +116,19 @@ if (path == '/nevisfido/fido2/attestation/options') {
       def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
       def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
       def tAuth = System.currentTimeMillis() - (request.getSession(true).getCreationTime().getEpochSecond() * 1000)
+      def details = "no account (404)"
+      if (responseCode == 400 ) {
+        details = "no fido2 keys for account (400)"    
+      } else if (responseCode == 200) {
+        details = "no active fido2 key for account (200, empty allowCredentials array)"    
+      }
+      
+      LOG.info("Event='NOACCOUNT', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${session['ch.nevis.idm.User.email']}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}', Details='${details}'")
 
-      LOG.info("Event='NOACCOUNT', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${session['ch.nevis.idm.User.email']}, CredentialType='${credentialType}', tAuth=${tAuth}ms, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
       // returning a fake options structure, which shouldn't leak whether the user account exists or not
       // keyId is unique per environment and email, fido2SessionId and challenge are renewed each time
       def keyId = UUID.nameUUIDFromBytes("${parameters['rpId']}.${session['ch.nevis.idm.User.email']}".getBytes())
-      def responseText = """{"status": "ok",
+      responseText = """{"status": "ok",
                          "errorMessage": "",
                          "fido2SessionId": "${UUID.randomUUID()}",
                          "challenge": "${base64url(UUID.randomUUID())}",
@@ -132,17 +142,10 @@ if (path == '/nevisfido/fido2/attestation/options') {
                            }
                          ],
                          "userVerification": "required"}"""
-
-      response.setContent(responseText) // return response from nevisFIDO "as-is"
-      response.setContentType('application/json')
-      response.setHttpStatusCode(200)
-      response.setIsDirectResponse(true)
-      return
     }
 
-    def responseText = connection.inputStream.text
     LOG.debug("Fido2Auth: <== Response: ${responseCode} : ${responseText}")
-    response.setContent(responseText) // return response from nevisFIDO "as-is"
+    response.setContent(responseText)
     response.setContentType('application/json')
     response.setHttpStatusCode(200)
     response.setIsDirectResponse(true)

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_fetchcaptchainfos.groovy

@@ -1,28 +1,29 @@
 import groovy.json.JsonSlurper
+import io.opentelemetry.api.trace.Span
 
 def url = parameters.get('url')
+def realIpHttpHeaderName = parameters.get('realIpHttpHeaderName') ?: 'X-Real-IP'
+def ip = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
 
 try {
-  session.remove('agov.fido2.X-ReCAPTCHA-Integration')
+  def spanCtxt = Span.current().getSpanContext()
+  def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
+
   def jsonSlurper = new JsonSlurper()
   def httpClient = HttpClients.create(parameters)
-  def httpResponse = Http.get().url(url).build().send(httpClient)
+  def httpResponse = Http.get().url(url).header('traceparent', traceparent)
-  LOG.info('Response Message: ' + httpResponse.reasonPhrase())
+                         .header(realIpHttpHeaderName, ip).build().send(httpClient)
-  LOG.info('Response Status Code: ' + httpResponse.code())
+
-  LOG.info('Response: ' + httpResponse.bodyAsString())
+  LOG.debug('Response Status Code: ' + httpResponse.code())
+  LOG.debug('Response: ' + httpResponse.bodyAsString())
 
   if (httpResponse.code() == 200) {
     def json = jsonSlurper.parseText(httpResponse.bodyAsString())
-    response.setSessionAttribute('agov.fido2.json.accountUrl', json.accountUrl)
+
-    response.setSessionAttribute('agov.fido2.json.registrationUrl', json.registrationUrl)
+    response.setSessionAttribute('agov.fido2.captchaSettings.enabled', String.valueOf(json.friendlyCaptureClientSettings.enabled))
-    response.setSessionAttribute('agov.fido2.json.captchaSettings.enabled', String.valueOf(json.captchaSettings.enabled))
+    response.setSessionAttribute('agov.fido2.captchaSettings.siteKey', json.friendlyCaptureClientSettings.siteKey)
-    response.setSessionAttribute('agov.fido2.json.captchaSettings.reCaptchaInvisibleSiteKey', json.captchaSettings.reCaptchaInvisibleSiteKey)
+    response.setSessionAttribute('agov.fido2.captchaSettings.puzzleUrl', json.friendlyCaptureClientSettings.puzzleUrl)
-    response.setSessionAttribute('agov.fido2.json.captchaSettings.reCaptchaVisibleSiteKey', json.captchaSettings.reCaptchaVisibleSiteKey)
+
-    if (session.get('agov.fido2.X-ReCAPTCHA-Integration') == null) {
-      response.setSessionAttribute('agov.fido2.X-ReCAPTCHA-Integration', 'INVISIBLE')
-    } else {
-      response.setSessionAttribute('agov.fido2.X-ReCAPTCHA-Integration', 'VISIBLE')
-    }
     response.setResult('ok')
   } else {
     LOG.error('Unexcpected HTTP response code: ' + httpResponse.code())

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/fido2_fetchcaptcharesult.groovy

@@ -1,53 +1,63 @@
+import io.opentelemetry.api.trace.Span
 
 def url = parameters.get('url')
-def email = inargs['email']
+
+def email = inargs['userInputValue_prompt.email']
+def token = inargs['captcha_response']?: 'MISSING'
+def enabled = (session['agov.fido2.captchaSettings.enabled']?:'true').toBoolean()
+
 def ip = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
 def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
 
-def payload = '{ "email": "' + inargs['userInputValue_prompt.email'] + '", "action": "LOGIN", "userIp": "' + ip + '", "userAgent": "' + userAgent + '"}'
+def payload = "{ \"userIp\": \"${ip}\", \"email\": \"${email}\", \"userAgent\": \"${userAgent}\" }"
 
-LOG.info('Token: ' + inargs['recaptcha_response'])
+LOG.debug('Token: ' + token)
-LOG.info('Integration: ' + session['agov.fido2.X-ReCAPTCHA-Integration'])
+LOG.debug('Payload: ' + payload)
-LOG.info('Payload: ' + payload)
 
 try {
 
+  if (!enabled) {
+    LOG.info("FriendlyCAPTCHA is disabled, allowing operation for ${payload}")
+    response.setResult('ok')
+    return
+  }
+
+  def spanCtxt = Span.current().getSpanContext()
+  def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
+
   def httpClient = HttpClients.create(parameters)
   def httpResponse = Http.post()
           .url(url)
           .header("Accept", "application/json")
-          .header("X-ReCAPTCHA-Token", inargs['recaptcha_response'])
+          .header("X-FriendlyCAPTCHA-Token", token)
-          .header("X-ReCAPTCHA-Integration", session['agov.fido2.X-ReCAPTCHA-Integration'])
+          .header("traceparent", traceparent)
           .entity(Http.entity()
                   .content(payload)
                   .contentType("application/json")
-               //   .charSet("utf-8")
                   .build())
           .build()
           .send(httpClient)
 
-  LOG.info('Response Message: ' + httpResponse.reasonPhrase())
+  LOG.debug('Response Status Code: ' + httpResponse.code())
-  LOG.info('Response Status Code: ' + httpResponse.code())
+  LOG.debug('Response: ' + httpResponse.bodyAsString())
-  LOG.info('Response: ' + httpResponse.bodyAsString())
 
   if (httpResponse.code() == 200) {
       if (httpResponse.bodyAsString().contains('SUCCESSFUL')) {
           response.setResult('ok')
           return
        } else {
-
+       LOG.warn("Friendly captcha not successful for '{ \"userIp\": \"${ip}\", \"email\": \"${email}\", \"userAgent\": \"${userAgent}\" }'")
-       response.setSessionAttribute('agov.fido2.X-ReCAPTCHA-Integration', 'VISIBLE')
        response.setResult('exit.1')
        return      
      }
   } else {
-    LOG.error('Unexcpected HTTP response code: ' + httpResponse.code())
+    LOG.error("Friendly captcha failed with statuscode ${httpResponse.code()} for '{ \"userIp\": \"${ip}\", \"email\": \"${email}\", \"userAgent\": \"${userAgent}\" }'")
     response.setResult('error')
     response.setError(1, 'Unexpected HTTP reponse')
   }
 } catch (all) {
   // Handle exception and set the transition
-  LOG.error('error: ' + all, all)
+  LOG.error("Friendly captcha failed with a general error '${all}' for '{ \"userIp\": \"${ip}\", \"email\": \"${email}\", \"userAgent\": \"${userAgent}\" }', service-url: ${url}")
   response.setResult('error')
   response.setError(1, 'Exception during HTTP call')
 }

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/handleRedirectRecovery.groovy

@@ -4,11 +4,11 @@ if(outargs.containsKey('saml.SAMLResponse')) {
      def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown'
      def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown'
      def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'
-     def credentialType = session['authenticatedWith'] ?: 'unknown'
+     def credentialType = session['agov.recovery.authenticatedWith'] ?: 'unknown'
      def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
      def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
 
-     LOG.info("Event='GOTORECOVERY', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
+     LOG.info("Event='GOTORECOVERY', Requester='${requester}', RequestId='${requestId}', RequestedAq=${requestedAq}, User=${user}, CredentialType='${credentialType}', SourceIp=${sourceIp}, UserAgent='${userAgent}', AccountAq='${session['agov.recovery.currentAgovAq']}', AuthCtxClass='${session['agov.recovery.authnContextClassRef']}', RecoveryCodeStatus='${session['agov.recovery.codeStatus']}', RecoveryCodeDetailStatus='${session['agov.recovery.codeDetailStatus']}'")     
      
      // Redirect
      response.addOutArg('nevis.transfer.destination', parameters.get('agovmedirecturl'))

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/handleRedirectRegistration.groovy

@@ -19,7 +19,15 @@ if(outargs.containsKey('saml.SAMLResponse')) {
      response.removeOutArg('saml.SAMLResponse')
 }
 else {
-    response.setResult('ok')
+  if (session['agov.eidAllowed'] && session['agov.eidAllowed'] == 'true') {
+    if (session['agov.lastLoginMethod'] && !(session['agov.lastLoginMethod'] == 'eid')) {
+      response.setResult('agovLogin')
+    } else {
+      response.setResult('eidLogin')
+    }
+  } else {
+    response.setResult('agovLogin')
+  }
 }
 
 

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/idp_dispatcher.groovy

@@ -31,16 +31,33 @@ def redirect(String url) {
  * @return text content of Issuer element converted or null
  */
 String getIssuer(GPathResult xml) {
-    return (xml.depthFirst().find { GPathResult node -> "Issuer".equalsIgnoreCase(node.name()) } as NodeChild)?.text()
+    return xml.depthFirst().find { GPathResult node -> {
+        node.name().endsWith(":Issuer") || node.name().equalsIgnoreCase("Issuer")
+      }
+    }?.text()
 }
 
 String getIssuer(String value) {
+    if (value == null) {
+        return
+    }
+    String text
+    byte[] decoded
     def parser = new XmlSlurper()
-    byte[] decoded = value.decodeBase64()
+    // if value is raw xml then continue otherwise try to parse the base64 encoding
-    String text = new String(decoded)
+    if (value.startsWith("<")) {
+        text = new String(value)
+    }
+    else {
+        decoded = value.decodeBase64()
+        text = new String(decoded)
+        LOG.info("received SAML request $value")
+    }
+
+    // after decoded, if redirect binding, we need to parse string to xml
     if (text.startsWith("<")) {
-        LOG.debug("assuming POST binding")
+        LOG.debug("assuming POST/SOAP binding")
-        // plain String (POST parameter)
+        // plain String (POST/SOAP parameter)
         def xml = parser.parseText(text)
         return getIssuer(xml)
     }
@@ -58,9 +75,18 @@ def dispatchIssuer(i2s, String issuer) {
     if (result == null) {
         LOG.info("No SP found for issuer '$issuer'. Hint: check SAML SP Connector patterns.")
     }
+    
+    // dispatch different idp if artifact binding is enabled
+    if(parameters.get('epdMode') == 'artifact' && result == 'epd'){
+        LOG.debug("EPD: Artifact mode")
+        result = result + "_artifact"
+    }else{
+        LOG.debug("EPD: POST mode")
+    }
     response.setResult(result)
     session.put("saml.inbound.issuer", issuer)
     session.put('saml.idp.result', result) // remember decision for sub-sequent requests without a SAML message
+    
 }
 
 def dispatchMessage(i2s, String message) {
@@ -91,7 +117,8 @@ if (request.getSession(false) == null) {
 def i2s = new TreeMap<String, String>(String.CASE_INSENSITIVE_ORDER)
 
 
-i2s.put('https://trustbroker.agov-w.azure.adnovum.net', 'state0')
+i2s.put(parameters.get('atb'), 'main')
+i2s.put(parameters.get('epd_atb'), 'epd')
 
 if (parameters.get('spInitiated') == 'true' && inargs.containsKey('SAMLRequest')) { // SP-initiated authentication
     LOG.debug("found SAMLRequest parameter for SP-initiated authentication")
@@ -107,6 +134,20 @@ if (inargs.containsKey('SAMLResponse')) { // response to IDP-initiated SAML Logo
     return
 }
 
+if (parameters.get('spInitiated') == 'true' && inargs.containsKey('soapheader')) { // SP-initiated SOAP with soapheader
+    LOG.debug("found soapheader parameter for SP-initiated")
+    String message = inargs.get('soapheader')
+    dispatchMessage(i2s, message)
+    return
+}
+
+if (parameters.get('spInitiated') == 'true' && inargs.containsKey('')) { // SP-initiated SOAP with empty
+    LOG.debug("found empty parameter for SP-initiated SOAP message")
+    String message = inargs.get('')
+    dispatchMessage(i2s, message)
+    return
+}
+
 String issuer = inargs['Issuer'] ?: inargs['issuer']
 if (parameters.get('idpInitiated') == 'true' && issuer != null) { // IDP-initiated authentication
     LOG.debug("found Issuer parameter for IDP-initiated authentication")

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/idp_status_check.groovy

@@ -11,6 +11,16 @@ def getHeader(String name) {
     return map['connection.HttpHeader.' + name]
 }
 
+def getCookie(String name){
+    cookies = getHeader('cookie')
+    if (cookies != null) {
+        if (cookies.matches('^.*'+"${name}"+'=([^;]+).*$')) {
+            return cookies.replaceAll('^.*'+"${name}"+'=([^;]+).*$', '$1')
+        }
+    }
+    return null
+}
+
 def sha256(String input) {
   // we do not catch NoSuchAlgorithmException, as every implementation of the Java platform is required to support SHA-256
   def digestBytes = MessageDigest.getInstance('SHA-256').digest(input.getBytes())
@@ -77,7 +87,17 @@ if (inargs['SAMLRequest'] != null) {
       // process it the same way, as if frontend triggered a reload
       request.getInArgs().setProperty('onReload', 'now')
 
+      def eidEnabled = parameters.get('eidEnabled') == "true"
+      def requestedLoa = s.getAttribute("agov.requestedRoleLevel")
+
+      // TODO: use a different flag to check if this is a eid request since eid can now also be used for lower aq
+      if( eidEnabled && ( requestedLoa == "600" || requestedLoa == "500" || s.getAttribute('agov.lastLoginMethod') == 'eid' ) ){
+        // EID request -> goto correct state
+        response.setResult('continueEidAfterRepost')
+      }else{
         response.setResult('continueAfterRepost')
+      }
+
       return
     }
     // else, the new replaces the on-going one
@@ -92,6 +112,13 @@ if (inargs['SAMLRequest'] != null) {
   // we set/update a login Cookie
   def agovLoginCookie = "agovLogin=${System.currentTimeMillis()}; Domain=${parameters.get('cookie.domain')}; Path=/; SameSite=Strict; Secure; HttpOnly"
   response.setHeader('Set-Cookie', agovLoginCookie)
+
+  // we check if a login method cookie has been set, if so save it to the session
+  def lastLoginMethod = getCookie('LOGINMETHOD')
+  if(lastLoginMethod != null){
+    s.setAttribute('agov.lastLoginMethod', lastLoginMethod)
+  }
+
   response.setResult('ok')
   return
 }
@@ -120,14 +147,12 @@ if (inargs.containsKey('o.fidoUafSessionId.v')) {
 }
 else {
     // authentication timeout reached, or SSO-Endpoint bookmarked -> return a 404
-    def agovLoginCookie = 'missing'
 
-    if (getHeader('cookie') != null) {
+    def agovLoginCookie = getCookie('agovLogin')
-        def cookies = getHeader('cookie')
+    if (agovLoginCookie == null) {
-        if (cookies.matches('^.*agovLogin=([^;]+).*$')) {
+        agovLoginCookie = 'missing'
-            agovLoginCookie = cookies.replaceAll('^.*agovLogin=([^;]+).*$', '$1')
-        }
     }
+
     LOG.debug("agovLoginCookie: ${agovLoginCookie}")
     if (agovLoginCookie == 'missing' || agovLoginCookie == 'deleted') {
         LOG.debug('SSO-Endpoint bookmarked -> return a 404')

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/logRecoveryReason.groovy

@@ -0,0 +1,10 @@
+def requester = 'unknown'
+def requestId = session['ch.nevis.auth.saml.request.id'] ?: 'unknown'
+def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'
+def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+def reason = session['agov.recovery.reason'] ?: 'unknown'
+
+LOG.info("Event='RECOVERY-REASON', Requester='${requester}', RequestId='${requestId}', User=${user}, SourceIp=${sourceIp}, UserAgent='${userAgent}', Reason='${reason}'")
+
+response.setResult('ok')

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/logging.yml

@@ -12,6 +12,8 @@ Configuration:
         onMismatch: "ACCEPT"
   Loggers:
     Logger:
+    - name: "ProductAnalytics"
+      level: "INFO"
     - name: "EsAuthStart"
       level: "INFO"
     - name: "org.apache.catalina.loader.WebappClassLoader"
@@ -22,6 +24,8 @@ Configuration:
       level: "FATAL"
     - name: "AGOV-ACCT"
       level: "DEBUG"
+    - name: "AgovCaptcha"
+      level: "DEBUG"
     - name: "AuthEngine"
       level: "INFO"
     - name: "AuthPerf"
@@ -31,7 +35,7 @@ Configuration:
     - name: "OpTrace"
       level: "DEBUG"
     - name: "Recovery"
-      level: "INFO"
+      level: "DEBUG"
     - name: "Script"
       level: "DEBUG"
     - name: "SessCoord"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/mobile_nless_auth.groovy

@@ -82,6 +82,7 @@ if (inargs['fidoUafDone'] == 'true' ||
 if (inargs['fallback'] == 'fallback') {
     response.setResult('fido2')
 }
+
 // dispatch to recovery
 if (inargs['fallback'] == 'recovery') {
     response.addOutArg('nevis.transfer.destination', parameters.get('recoveryurl'))
@@ -103,3 +104,10 @@ if (inargs.containsKey('onReload')) {
 if (inargs['fallback'] == 'register') {
    response.setResult('registration')
 }
+
+// change to eid
+// temporary for demo
+if (inargs.containsKey('swiyu')) {
+    clearFidoUAFSession()
+    response.setResult('eidLogin')
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/nevisauth.yml

@@ -3,6 +3,7 @@ server:
   protocol: "https"
   port: "8991"
   host: "0.0.0.0"
+  max-threads: "200"
   tls:
     keystore: "/var/opt/keys/own/auth-default-identity/keystore.p12"
     keystore-passphrase: "${exec:/var/opt/keys/own/auth-default-identity/keypass}"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/questionnaireLfProcessing.groovy

@@ -0,0 +1,25 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+
+if (inargs['cancel'] && inargs['cancel'] == 'cancel') {
+  def s = request.getAuthSession(true)
+  s.removeAttribute('agov.recovery.moreThanOneLf')
+
+  response.setResult('doCancel')
+  return
+}
+
+if (inargs['continue'] && inargs['continue'] == 'yes') {
+  response.setSessionAttribute('agov.recovery.moreThanOneLf', 'yes')
+  response.setResult('loginFactorYes')
+  return
+}
+
+if (inargs['continue'] && inargs['continue'] == 'no') {
+  response.setSessionAttribute('agov.recovery.moreThanOneLf', 'no')
+  response.setResult('loginFactorNo')
+  return
+}
+
+// if we reach this, display the GUI again
+response.setStatus(AuthResponse.AUTH_CONTINUE)
+return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/questionnaireReasonProcessing.groovy

@@ -0,0 +1,28 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+
+if (inargs['reason']) {
+  response.setSessionAttribute('agov.recovery.reason', '' + inargs['reason'])
+}
+
+if (inargs['cancel'] && inargs['cancel'] == 'cancel') {
+  def s = request.getAuthSession(true)
+  s.removeAttribute('agov.recovery.moreThanOneLf')
+  s.removeAttribute('agov.recovery.reason')
+
+  response.setResult('doCancel')
+  return
+}
+
+if (inargs['continue'] && inargs['continue'] == 'yes') {
+  response.setResult('validReasons')
+  return
+}
+
+if (inargs['continue'] && inargs['continue'] == 'no') {
+  response.setResult('invalidReasons')
+  return
+}
+
+// if we reach this, display the GUI again
+response.setStatus(AuthResponse.AUTH_CONTINUE)
+return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery-prepareRedirect.groovy

@@ -0,0 +1,22 @@
+if (session['agov.recovery.redirectDone']) {
+  // user navigated back from AGOV.me, go again for the code
+
+  // clean up SAML state first, 
+  // IdentityProviderState sets session attributes as follows
+  //   <IDP-State-Name>-session-participants.<SAML-RP-ISSUER> = <ACS-URL>
+  // State name contains the name of the pattern 'Recovery_redirectAgovMe'
+  def s = request.getAuthSession(true)
+  def sessionKeySet = new HashSet(session.keySet()) 
+  sessionKeySet.each { key -> 
+    if ( key ==~ /.*Recovery_redirectAgovMe-session-participants.*/ ) {
+      LOG.debug("Deleted session attribute '${key}'")
+      s.removeAttribute(key)
+    }
+  }
+  s.removeAttribute('agov.recovery.redirectDone')
+  response.setResult('back')
+} else {
+  // redirect
+  response.setSessionAttribute('agov.recovery.redirectDone', 'true')
+  response.setResult('redirect')
+}

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery-processing.groovy

@@ -1,5 +1,9 @@
-import org.codehaus.groovy.runtime.StackTraceUtils
+import groovy.json.JsonSlurper
 import groovy.xml.XmlSlurper
+import org.codehaus.groovy.runtime.StackTraceUtils
+
+import ch.nevis.idm.client.IdmRestClient
+import ch.nevis.idm.client.IdmRestClientFactory
 
 
 // AGOVaq conversion
@@ -11,13 +15,8 @@ def maxLoiRoleToCtxClssConvertorMap = [
     "level500": "urn:qa.agov.ch:names:tc:ac:classes:500"
 ]
 
-def maxLoiRecoveryStepupMap = [
+// https://docs.nevis.net/nevisidm/Developer-Guide/SOAP-Interface/Interface-specification/Value-types#enum-value-types
-    "level100": "level200",
+def blockingCredentialStates = ['DISABLED', 'EXPIRED', 'LOCKED', 'ARCHIVED', 'RESET_CODE']
-    "level200": "level300",
-    "level300": "level300",
-    "level400": "level400",
-    "level500": "level500"
-]
 
 def getUserIdVerificationForRecovery(currentLoaRole) {
   // application is AGOV-AccountStatus
@@ -49,6 +48,32 @@ def getUserIdVerificationForRecovery(currentLoaRole) {
   return result
 }
 
+def getAqLevelBasedOnIdVerificationForRecovery(idVerification, highestRoleLevel) {
+  def result = 'level'
+
+  switch (idVerification) {
+    case 'None':
+      result = result.concat('100')
+      break
+    case 'SimpleLetter':
+      result = result.concat('200')
+      break
+    case 'Video':
+    case 'VideoSelfPaid':
+    case 'Bmid':
+    case 'BmidSelfPaid':
+    case 'Counter':
+      result = result.concat((highestRoleLevel == 'level400') ? '400' : '300')
+      break
+    default:
+      LOG.warn("unexpected idVerification for recovery on account: ${idVerification}")
+      // safest default, should work in any case
+      result = highestRoleLevel
+  }
+
+  return result
+}
+
 def getUserMustRecoverValidFrom() {
   // set attibutes from DTO: -> validFrom
   def payload = new XmlSlurper().parseText(session.get('ch.adnovum.nevisidm.userDto'))
@@ -56,6 +81,42 @@ def getUserMustRecoverValidFrom() {
   return (authzNode) ? ((authzNode.validFrom && !authzNode.validFrom.text().isEmpty()) ? authzNode.validFrom?.text() : authzNode.ctlCreDat?.text()) : ''
 }
 
+def userHasNewLoginFactor() {
+  IdmRestClient idmRestClient = IdmRestClientFactory.get(parameters)
+
+  String baseUrl = parameters.get('baseUrl')
+  String clientExtId = session.get('ch.adnovum.nevisidm.user.clientExtId')
+  String userExtId = session.get('ch.adnovum.nevisidm.user.extId')
+  String baseEndPoint = "$baseUrl/api/core/v1/$clientExtId/users/$userExtId"
+
+  response.setSessionAttribute('agov.recovery.newLoginFactor', 'NONE')
+
+  try {
+     def credInfoArray = new JsonSlurper().parseText(idmRestClient.get("$baseEndPoint/generic-credentials"))
+
+     def accessApp = credInfoArray['items'].find( it -> it.stateName == "active")
+     if (accessApp) {
+       response.setSessionAttribute('agov.recovery.accessapp', accessApp.properties.fidouaf_name)
+       response.setSessionAttribute('agov.recovery.accessapp.dispatchTargetId', accessApp.identification.replaceAll('dispatch_target_', ''))
+       response.setSessionAttribute('agov.recovery.newLoginFactor', 'ACCESS_APP')
+       return true
+     }
+
+     credInfoArray = new JsonSlurper().parseText(idmRestClient.get("$baseEndPoint/fido2"))
+
+     def fido2Key = credInfoArray['items'].find( it -> it.stateName == "active")
+     if (fido2Key) {
+       response.setSessionAttribute('agov.recovery.securityKey', fido2Key.userFriendlyName)
+       response.setSessionAttribute('agov.recovery.newLoginFactor', 'FIDO2')
+       return true
+     }
+
+  } catch(Exception e) {
+    LOG.error(e.toString())
+  }
+  return false
+}
+
 
 // for autditing
 def user = session['ch.adnovum.nevisidm.user.extId'] ?: 'unknown'
@@ -69,13 +130,19 @@ if (session['ch.adnovum.nevisidm.userDto'] != null && notes['lasterror'] == null
   try {
     def userDto = new XmlSlurper().parseText(session['ch.adnovum.nevisidm.userDto'])
     def userState = userDto.state
+    def recoveryCode = userDto.'**'.find {node -> node.name() == 'credentials' && node.type.text() == 'CONTEXT_PASSWORD' && node.context.text() == 'RECOVERY'}
+
     LOG.debug("Recovery: Dto is '${userDto}")
     LOG.debug("Recovery: state is '${userState}")
-    def session = request.getAuthSession(true)
+    LOG.debug("Recovery: RecoveryCode is '${recoveryCode ? recoveryCode : 'none'}'") 
 
     if (userState == 'ACTIVE') {
 
-      session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recovery')
+      response.setSessionAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recovery')
+      response.setSessionAttribute('agov.recovery.authenticatedWith', 'urn:qa.agov.ch:names:tc:authfactor:email')
+      response.setSessionAttribute('agov.recovery.codeStatus', 'notNeeded')
+      response.setSessionAttribute('agov.recovery.codeDetailStatus', 'n/a')
+      response.setSessionAttribute('agov.recovery.newLoginFactor', 'NONE')
 
       def maxLoiList =   userDto.'**'.findAll { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-Loi' }.collect({ node -> node.name.text() })
       maxLoi = (maxLoiList == null || maxLoiList.isEmpty()) ? null : maxLoiList.sort().last()
@@ -83,6 +150,10 @@ if (session['ch.adnovum.nevisidm.userDto'] != null && notes['lasterror'] == null
       def idVerification = null
       def agovAqValidFrom = null
       if (maxLoi) {
+        if (maxLoi != 'level100') {
+          response.setSessionAttribute('agov.recovery.codeDetailStatus', '' + maxLoi)
+        }
+
         idVerification = userDto.'**'.find { node -> node.name() == 'properties' && node.name.text() == 'idVerification' && node.scopeName.text() == 'AGOV-Loi,' + maxLoi}?.value?.text()
         idVerification = idVerification ?: 'None'
         agovAqValidFrom = userDto.'**'.find { node -> node.name() == 'authorizations' && node.role.name.text() == maxLoi}?.validFrom?.text()
@@ -93,24 +164,30 @@ if (session['ch.adnovum.nevisidm.userDto'] != null && notes['lasterror'] == null
 
       def hasRecoveryRole = userDto.'**'.find { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-AccountStatus' && node.name.text() == 'recovery' }
 
+      def hasRecoveryCascadeRole = userDto.'**'.find { node -> node.name() == 'roles' && node.applicationName.text() == 'AGOV-AccountStatus' && node.name.text() == 'recoveryCascade' }
+
+      def hasNewLoginFactor = hasRecoveryRole && userHasNewLoginFactor()
 
       if (mustRecover) {
         // attributes are defined over the mustRecover authorization
-        session.setAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:mustRecover')
+        response.setSessionAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:mustRecover')
+        response.setSessionAttribute('agov.recovery.codeDetailStatus', 'mustRecover')
 
-        def recoveryVerification = userDto.'**'.find { node -> node.name() == 'properties' && node.name.text() == 'idVerification' && node.scopeName.text() == 'AGOV-AccountStatus,mustRecover' }?.value?.text() 
         idVerification = getUserIdVerificationForRecovery(maxLoi ?: 'level100') ?: idVerification
 
         agovAqValidFrom = getUserMustRecoverValidFrom()
 
-        maxLoi = maxLoiRecoveryStepupMap[maxLoi ?: 'level100'] ?: 'level100'
+        maxLoi = getAqLevelBasedOnIdVerificationForRecovery(idVerification, maxLoi)
-
+      } else if (hasRecoveryCascadeRole && hasNewLoginFactor) {
+        response.setSessionAttribute('agov.recovery.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:recoveryCascade')
       }
 
       LOG.debug("Recovery: MaxLoi is '${maxLoi}'")
       LOG.debug("Recovery: IdVerification is  ${idVerification}")
       LOG.debug("Recovery: agovAqValidFrom is ${agovAqValidFrom}")
+      LOG.debug("Recovery: mustRecover is '${mustRecover}'")
       LOG.debug("Recovery: hasRecoveryRole is '${hasRecoveryRole}'")
+      LOG.debug("Recovery: hasNewLoginFactor is '${hasNewLoginFactor}'")
 
       if (maxLoi != null) {       
         if (maxLoiRoleToCtxClssConvertorMap.containsKey(maxLoi)) {
@@ -119,15 +196,30 @@ if (session['ch.adnovum.nevisidm.userDto'] != null && notes['lasterror'] == null
           response.setSessionAttribute('agov.recovery.currentIdVerification', '' + idVerification)
           response.setSessionAttribute('agov.recovery.currentAgovAqRoleValidFrom', '' + agovAqValidFrom)
 
-          if ((maxLoi == 'level100') && (mustRecover == null)) {
+          if ((maxLoi == 'level100') && (mustRecover == null) && !hasNewLoginFactor) {
-            // mustRecover role not set, so code needs to be checked
+            // AQ100 accounts need to use the recovery code, if they can
+            // check the status of recoveryCode credential
+            if (recoveryCode && !blockingCredentialStates.contains(recoveryCode.state.text())) {
               LOG.debug("Recovery: emailAndCode")
-            response.setSessionAttribute('agov.recovery.authenticatedWith', 'urn:qa.agov.ch:names:tc:authfactor:emailAndCode')
               response.setResult('needCode')
               return
+            } else {
+              LOG.warn("AGOVaq100 recovery: skipped Recovery-Code check '${recoveryCode ? recoveryCode.state.text() : 'MISSING'}'")
+              response.setSessionAttribute('agov.recovery.codeStatus', 'skipped')
+              response.setSessionAttribute('agov.recovery.codeDetailStatus', "unusable (state: ${recoveryCode ? recoveryCode.state.text() : 'MISSING'})")
+              response.setResult('ok')
+              return
+            }
+
+          } else if ((maxLoi == 'level100') && hasNewLoginFactor) {
+            LOG.debug("Recovery: new Login Factor")
+            response.setSessionAttribute('agov.recovery.codeStatus', 'skipped')
+            response.setSessionAttribute('agov.recovery.codeDetailStatus', "new login factor already registered (${session['agov.recovery.newLoginFactor']})")
+            response.setResult('ok')
+            return
+
           } else {
             LOG.debug("Recovery: email")
-            response.setSessionAttribute('agov.recovery.authenticatedWith', 'urn:qa.agov.ch:names:tc:authfactor:email')
             response.setResult('ok')
             return
           }

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_fetchcaptchainfos.groovy

@@ -1,29 +1,30 @@
-//import ch.nevis.esauth.util.httpclient.api.HttpClients
-//import ch.nevis.esauth.util.httpclient.api.Http
 import groovy.json.JsonSlurper
+import io.opentelemetry.api.trace.Span
 
 def url = parameters.get('url')
+def realIpHttpHeaderName = parameters.get('realIpHttpHeaderName') ?: 'X-Real-IP'
+def ip = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
 
 try {
+  def spanCtxt = Span.current().getSpanContext()
+  def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
+
   def jsonSlurper = new JsonSlurper()
   def httpClient = HttpClients.create(parameters)
-  def httpResponse = Http.get().url(url).build().send(httpClient)
+  def httpResponse = Http.get().url(url).header('traceparent', traceparent)
-  LOG.info('Response Message: ' + httpResponse.reasonPhrase())
+                         .header(realIpHttpHeaderName, ip).build().send(httpClient)
-  LOG.info('Response Status Code: ' + httpResponse.code())
+
-  LOG.info('Response: ' + httpResponse.bodyAsString())
+  LOG.debug('Response Status Code: ' + httpResponse.code())
+  LOG.debug('Response: ' + httpResponse.bodyAsString())
 
   if (httpResponse.code() == 200) {
     def json = jsonSlurper.parseText(httpResponse.bodyAsString())
-    response.setSessionAttribute('agov.recovery.json.accountUrl', json.accountUrl)
+
-    response.setSessionAttribute('agov.recovery.json.registrationUrl', json.registrationUrl)
+    response.setSessionAttribute('agov.recovery.captchaSettings.enabled', String.valueOf(json.friendlyCaptureClientSettings.enabled))
-    response.setSessionAttribute('agov.recovery.json.captchaSettings.enabled', String.valueOf(json.captchaSettings.enabled))
+    response.setSessionAttribute('agov.recovery.captchaSettings.siteKey', json.friendlyCaptureClientSettings.siteKey)
-    response.setSessionAttribute('agov.recovery.json.captchaSettings.reCaptchaInvisibleSiteKey', json.captchaSettings.reCaptchaInvisibleSiteKey)
+    response.setSessionAttribute('agov.recovery.captchaSettings.puzzleUrl', json.friendlyCaptureClientSettings.puzzleUrl)
-    response.setSessionAttribute('agov.recovery.json.captchaSettings.reCaptchaVisibleSiteKey', json.captchaSettings.reCaptchaVisibleSiteKey)
+
-    if (session.get('agov.recovery.X-ReCAPTCHA-Integration') == null) {
+
-      response.setSessionAttribute('agov.recovery.X-ReCAPTCHA-Integration', 'INVISIBLE')
-    } else {
-      response.setSessionAttribute('agov.recovery.X-ReCAPTCHA-Integration', 'VISIBLE')
-    }
     response.setResult('ok')
   } else {
     LOG.error('Unexcpected HTTP response code: ' + httpResponse.code())

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_fetchcaptcharesult.groovy

@@ -1,52 +1,63 @@
-//import ch.nevis.esauth.util.httpclient.api.HttpClients
+import io.opentelemetry.api.trace.Span
-//import ch.nevis.esauth.util.httpclient.api.Http
 
 def url = parameters.get('url')
-def email = inargs['email']
-def payload = '{ "email": "' + inargs['email'] + '", "action": "LOGIN", "userIp": "' + session.get('agov.recovery.ip') + '", "userAgent": "' + session.get('agov.recovery.userAgent') + '"}'
 
-LOG.info('Token: ' + inargs['recaptcha_response'])
+def email = inargs['email']
-LOG.info('Integration: ' + session['agov.recovery.X-ReCAPTCHA-Integration'])
+def token = inargs['captcha_response']?: 'MISSING'
-LOG.info('Payload: ' + payload)
+def enabled = (session['agov.recovery.captchaSettings.enabled']?:'true').toBoolean()
+
+def ip = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
+def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
+
+def payload = "{ \"userIp\": \"${ip}\", \"email\": \"${email}\", \"userAgent\": \"${userAgent}\" }"
+
+LOG.debug('Token: ' + token)
+LOG.debug('Payload: ' + payload)
 
 try {
 
+  if (!enabled) {
+    LOG.info("FriendlyCAPTCHA is disabled, allowing operation for ${payload}")
+    response.setResult('ok')
+    return
+  }
+
+  def spanCtxt = Span.current().getSpanContext()
+  def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
+
   def httpClient = HttpClients.create(parameters)
   def httpResponse = Http.post()
           .url(url)
           .header("Accept", "application/json")
-          .header("X-ReCAPTCHA-Token", inargs['recaptcha_response'])
+          .header("X-FriendlyCAPTCHA-Token", token)
-          .header("X-ReCAPTCHA-Integration", session['agov.recovery.X-ReCAPTCHA-Integration'])
+          .header("traceparent", traceparent)
           .entity(Http.entity()
                   .content(payload)
                   .contentType("application/json")
-               //   .charSet("utf-8")
                   .build())
           .build()
           .send(httpClient)
 
-  LOG.info('Response Message: ' + httpResponse.reasonPhrase())
+  LOG.debug('Response Status Code: ' + httpResponse.code())
-  LOG.info('Response Status Code: ' + httpResponse.code())
+  LOG.debug('Response: ' + httpResponse.bodyAsString())
-  LOG.info('Response: ' + httpResponse.bodyAsString())
 
   if (httpResponse.code() == 200) {
       if (httpResponse.bodyAsString().contains('SUCCESSFUL')) {
           response.setResult('ok')
           return
        } else {
-
+       LOG.warn("Friendly captcha not successful for '{ \"userIp\": \"${ip}\", \"email\": \"${email}\", \"userAgent\": \"${userAgent}\" }'")
-       response.setSessionAttribute('agov.recovery.X-ReCAPTCHA-Integration', 'VISIBLE')
        response.setResult('exit.1')
        return      
      }
   } else {
-    LOG.error('Unexcpected HTTP response code: ' + httpResponse.code())
+    LOG.error("Friendly captcha failed with statuscode ${httpResponse.code()} for '{ \"userIp\": \"${ip}\", \"email\": \"${email}\", \"userAgent\": \"${userAgent}\" }'")
     response.setResult('error')
     response.setError(1, 'Unexpected HTTP reponse')
   }
 } catch (all) {
   // Handle exception and set the transition
-  LOG.error('error: ' + all, all)
+  LOG.error("Friendly captcha failed with a general error '${all}' for '{ \"userIp\": \"${ip}\", \"email\": \"${email}\", \"userAgent\": \"${userAgent}\" }', service-url: ${url}")
   response.setResult('error')
   response.setError(1, 'Exception during HTTP call')
 }

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_fido2_auth.groovy

@@ -8,7 +8,6 @@ if (inargs.containsKey('cancel_fido2')) {
 
 def showGui() {
     response.setGuiName('recovery_fidokey_auth') // name is the trigger for including the JS
-    //response.setGuiName('fido2_auth') // name is the trigger for including the JS
     response.setGuiLabel('title.login.fido2')
     response.addInfoGuiField('info', 'info.login.fido2', null)
     response.addHiddenGuiField('authRequestId', 'not used', session['ch.nevis.auth.saml.request.id'])
@@ -18,7 +17,6 @@ def showGui() {
         response.addErrorGuiField('lasterror', notes['lasterrorinfo'], notes['lasterror'])
     }
     if (parameters.containsKey('cancel')) {
-        // TODO koenig 20221021: replace with specific label
         response.addButtonGuiField('cancel_fido2', 'cancel.login.fido2.button.label', 'true')
     }
 }
@@ -42,12 +40,14 @@ def post(connection, json) {
     connection.getOutputStream().write(body.getBytes())
 }
 
-String userExtId = session['ch.adnovum.nevisidm.user.extId'] ?: session['ch.nevis.idm.User.extId'] ?: request.getUserId() ?: notes['userid']
+String userExtId = session['ch.adnovum.nevisidm.user.extId'] ?: session['ch.nevis.idm.User.extId']
 if (userExtId == null) {
     LOG.error("missing extId of nevisIDM user. check your authentication flow.")
+    notes.setProperty('lasterror', '1')
+    notes.setProperty('lasterrorinfo', 'missing extId of nevisIDM user')
+    response.setResult('error')
+    return
 }
-// without the user extId this script won't work and we can fail with a System Error
-Objects.requireNonNull(userExtId)
 
 def path = getPath()
 if (path == null) {
@@ -65,32 +65,17 @@ if (path == '/nevisfido/fido2/attestation/options') {
     }
     post(connection, json)
     def responseCode = connection.responseCode
-// account without FIDO2 case
+
     if (responseCode == 400) {
-      def responseText = '''{"status": "ok",
+        LOG.error("FIDO2 options call failed for '${userExtId}'")
-	                         "errorMessage": "",
+        notes.setProperty('lasterror', '1')
-	                         "fido2SessionId": "270312ae-8d74-4ded-ad89-5310da2d2e6f",
+        notes.setProperty('lasterrorinfo', 'missing extId of nevisIDM user')
-	                         "challenge": "tKCqUM6URnykri1ZFz-3ww",
+        response.setResult('error')
-	                         "timeout": 300000,
-	                         "rpId": "agov-d.azure.adnovum.net",
-	                         "allowCredentials": [
-		                     {
-			                    "type": "public-key",
-			                    "id": "WVzzUwxOf-1doTGkrdRHWPDbETTawkULLPsEiwiQwA2AFC4_YgL5OVmJJOT2OulAZSq_tvOfNlMSRKRXyXH2kw",
-			                    "transports": []
-		                     }
-	                                             ],
-	                         "userVerification": "preferred"}'''
-	  LOG.info("<== Response: ${responseCode}")
-      response.setContent(responseText) // return response from nevisFIDO "as-is"
-      response.setContentType('application/json')
-      response.setHttpStatusCode(200)
-      response.setIsDirectResponse(true)
         return
     }
 
     def responseText = connection.inputStream.text
-    LOG.info("<== Response: ${responseCode} : ${responseText}")
+    LOG.debug("<== Response: ${responseCode} : ${responseText}")
     response.setContent(responseText) // return response from nevisFIDO "as-is"
     response.setContentType('application/json')
     response.setHttpStatusCode(200)
@@ -100,21 +85,6 @@ if (path == '/nevisfido/fido2/attestation/options') {
 
 if (path == '/nevisfido/fido2/assertion/result') {
 
-  if (inargs.containsKey('authRequestId') && (inargs['authRequestId'] != session['ch.nevis.auth.saml.request.id'])) {
-    // wrong request, "force" a timeout
-    LOG.info('authentication timeout enforced, due to concurrent requests')
-
-    response.setIsDirectResponse(true)
-    response.setContentType('text/html; charset=UTF-8')
-    response.setContent('Timeout')
-    response.setHttpStatusCode(205)
-    response.setHeader('IDP-AUTH', 'Timeout')
-
-    // CONTINUE to keep the other request beeing processed
-    response.setStatus(AuthResponse.AUTH_CONTINUE)
-    return
-  }
-
     def userHandleValue = userExtId.getBytes().encodeBase64Url().toString()
     LOG.info("encoded userHandle: ${userHandleValue}")
     json {
@@ -132,15 +102,13 @@ if (path == '/nevisfido/fido2/assertion/result') {
     // test if credentials exist
     if (responseCode != 400) {
         def responseText = connection.inputStream.text
-        LOG.info("<== Response: ${responseCode} : ${responseText}")
+        LOG.debug("<== Response: ${responseCode} : ${responseText}")
         if (responseCode == 200 && new JsonSlurper().parseText(responseText).status == 'ok') {
+            response.setSessionAttribute('agov.recovery.authenticatedWith', 'urn:qa.agov.ch:names:tc:authfactor:fido')
             response.setResult('ok')
             return
         }
     }
-    //response.setHttpStatusCode(400)
-    //response.setIsDirectResponse(true)
-    // DEFINE how to handel error
     notes.setProperty('lasterror', '1')
     notes.setProperty('lasterrorinfo', 'FIDO2 authentication failed')
     response.setResult('error')

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_handlecode.groovy

@@ -1,4 +1,5 @@
 import ch.nevis.esauth.auth.engine.AuthResponse
+
 if (inargs['cancel'] == 'cancel') {
       //cleanSession()
       response.setStatus(AuthResponse.AUTH_ERROR)

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_ongoing.groovy

@@ -1,4 +1,22 @@
+import ch.nevis.esauth.auth.engine.AuthResponse
+
 if (inargs['recovery'] != null && inargs['recovery'] == 'recovery' ) {
+  // clean up SAML state, to make sure the redirect will really be processed 
+  // IdentityProviderState sets session attributes as follows
+  //   <IDP-State-Name>-session-participants.<SAML-RP-ISSUER> = <ACS-URL>
+  // State name contains the name of the pattern 'Recovery_redirectAgovMe'
+  def s = request.getAuthSession(true)
+  def sessionKeySet = new HashSet(session.keySet()) 
+  sessionKeySet.each { key -> 
+    if ( key ==~ /.*Recovery_redirectAgovMe-session-participants.*/ ) {
+      LOG.debug("Deleted session attribute '${key}'")
+      s.removeAttribute(key)
+    }
+  }
   response.setResult('ok')
   return
 }
+
+// if we reach this, display the GUI again
+response.setStatus(AuthResponse.AUTH_CONTINUE)
+return

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/recovery_sendemail031.groovy

@@ -1,19 +1,19 @@
-//import ch.nevis.esauth.util.httpclient.api.HttpClient;
+import io.opentelemetry.api.trace.Span
-//import ch.nevis.esauth.util.httpclient.api.HttpClients;
-//import ch.nevis.esauth.util.httpclient.api.Http;
 
 def url = parameters.get('url')
-//def payload = parameters.get('json')
-//def url = "https://me.agov-d.azure.adnovum.net:48081/utility/api/v1/email/031"
 def email = inargs['email']
 def language = session['ch.nevis.session.user.language'] ?: 'en'
 def payload = '{ "email": "' + email + '", "language": "' + language + '"}'
 
 try {
+  def spanCtxt = Span.current().getSpanContext()
+  def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
+
   def httpClient = HttpClients.create(parameters)
   def httpResponse = Http.post()
           .url(url)
           .header("Accept", "application/json")
+          .header("traceparent", traceparent)
           .entity(Http.entity()
                   .content(payload)
                   .contentType("application/json")

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/requestedrolelevel.groovy

@@ -1,8 +1,6 @@
 import groovy.xml.XmlSlurper
 import groovy.json.JsonSlurper
-//import ch.nevis.esauth.util.httpclient.api.HttpClients
+import io.opentelemetry.api.trace.Span
-//import ch.nevis.esauth.util.httpclient.api.Http
-
 
 int getRequestedLevel(String authnContextClassRef, def roleList){
   if (!authnContextClassRef) {
@@ -28,7 +26,13 @@ int getRequestedLevel(String authnContextClassRef, def roleList){
 
 def session = request.getAuthSession(true)
 def context = session.get('ch.nevis.auth.saml.request.authnContextClassRef')
-def roleLevels = [100,200,300,400]
+if (!context || context == '' || context == 'null') {
+  // EPD call, we set a default of aq300
+  session.setAttribute('ch.nevis.auth.saml.request.authnContextClassRef', 'urn:qa.agov.ch:names:tc:ac:classes:300')
+  conext = 'urn:qa.agov.ch:names:tc:ac:classes:300'
+}
+
+def roleLevels = [100,200,300,400,500,600]
 def requestedRoleLevelNumber = getRequestedLevel(context, roleLevels)
 
 //set attribute Requested Role Level
@@ -46,61 +50,108 @@ def requestedAq = session['agov.requestedRoleLevel'] ?: 'unknown'
 def sourceIp = request.getLoginContext()['connection.HttpHeader.X-Real-IP'] ?: 'unknown'
 def userAgent = request.getLoginContext()['connection.HttpHeader.user-agent'] ?: request.getLoginContext()['connection.HttpHeader.User-Agent'] ?: 'unknown'
 
-LOG.info("Event='AUTHREQUEST', Requester='${requester}', RequestId='${requestId}', ReplacedRequestId='${replacedRequestId}', RequestedAq=${requestedAq}, SourceIp=${sourceIp}, UserAgent='${userAgent}'")
+def bestTokenAddressWhitelist = ',' + (parameters.get('bestTokenAddressWhitelist') ?: '').replaceAll('\\s','') + ','
+def appRequiresBestTokenWithAddress = bestTokenAddressWhitelist.contains(','+requester+',')
 
+def bestTokenSvnrWhitelist = ',' + (parameters.get('bestTokenSvnrWhitelist') ?: '').replaceAll('\\s','') + ','
+def appRequiresBestTokenWithSvnr = bestTokenSvnrWhitelist.contains(','+requester+',')
+
+LOG.info("Event='AUTHREQUEST', Requester='${requester}', RequestId='${requestId}', ReplacedRequestId='${replacedRequestId}', RequestedAq=${requestedAq}, BestTokenRequired='svnr: ${appRequiresBestTokenWithSvnr}; address: ${appRequiresBestTokenWithAddress}', SourceIp=${sourceIp}, UserAgent='${userAgent}'")
 
-def appAddressRequiredWhitelist = ',' + (parameters.get('appAddressRequired.whitelist') ?: '').replaceAll('\\s','') + ','
-def appIsOnappAddressRequiredWhitelist = appAddressRequiredWhitelist.contains(','+requester+',')
 
 if (requestedRoleLevelNumber == 0 || session.get('ch.nevis.auth.saml.request.scoping.requesterId') == null) {
   response.setResult('error');
   return
 }
 
+def eidEnabled = parameters.get('eidEnabled') == "true"
+// TODO/aca/2025-06-05: add a condition to check if the client actually allows eid
+def eidAllowed = eidEnabled
+// set session variable to later decide to which loginmethods we can switch
+session.setAttribute('agov.eidAllowed', eidAllowed.toString())
+
+
+// if aq400 or less is requested then we need to decide which login method to show first
+// The default login method is eid. If eid is not allowed we prefer fido uaf.
+def ok_transition = eidAllowed ? 'exit.1' : 'ok'
+
+// if there is a login method cookie set form a previous login -> use that instead of the default
+def lastLoginMethod = session.get('agov.lastLoginMethod')
+if(lastLoginMethod != null || lastLoginMethod != ""){
+    if(lastLoginMethod == "accessApp" || lastLoginMethod == "securityKey"){
+        ok_transition = 'ok'
+    }
+}else{
+    session.setAttribute('agov.lastLoginMethod', eidAllowed ? "accessApp" : "eid")
+}
+// NOTE: if the last login method was eid, but eid is not allowed, we will default to fido uaf
+
 try {
+      def spanCtxt = Span.current().getSpanContext()
+      def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
       def jsonSlurper = new JsonSlurper()
       def url = parameters.get('url') + '?entity-id=' + session.get('ch.nevis.auth.saml.request.scoping.requesterId')
       LOG.debug('Request url: ' + url)
       def httpClient = HttpClients.create(parameters)
-      def httpResponse = Http.get().url(url).build().send(httpClient)
+      def httpResponse = Http.get().url(url).header('traceparent', traceparent).build().send(httpClient)
       LOG.debug('Response Message: ' + httpResponse.reasonPhrase())
       LOG.debug('Response Status Code: ' + httpResponse.code())
       LOG.debug('Response: ' + httpResponse.bodyAsString())
 
       if (httpResponse.code() == 200) {
         def json = jsonSlurper.parseText(httpResponse.bodyAsString())
-        LOG.debug('AdressRequired: ' + json.addrRequired)
-        LOG.debug('SvnrAllowed: ' + json.svnrAllowed)
-        LOG.debug('appAddressRequiredWhitelist applies: ' + appIsOnappAddressRequiredWhitelist)
-
-        // address will be returned to the application if allowed by connect (json.addrRequired) 
-        // and the authRequest was done with at least AGOVaq 200
-        // BITBKAGOVSUP-362: or whitelisted to receive the address
-        session.setAttribute('agov.appAddressRequired', '' + (json.addrRequired && ((requestedRoleLevelNumber >= 200) || appIsOnappAddressRequiredWhitelist)))
-
-        // address will be returned to the application if allowed by connect (json.svnrAllowed) 
-        // and the authRequest was done with at least AGOVaq 300
-        session.setAttribute('agov.appSvnrAllowed', '' + (json.svnrAllowed && requestedRoleLevelNumber >= 300))
 
         session.setAttribute('agov.appDisplayNameDE', '' + json.displayNameDe)
         session.setAttribute('agov.appDisplayNameFR', '' + json.displayNameFr)
         session.setAttribute('agov.appDisplayNameIT', '' + json.displayNameIt)
         session.setAttribute('agov.appDisplayNameEN', '' + json.displayNameEn)
-        response.setResult('ok')
+        session.setAttribute('agov.appDisplayNameRM', '' + ((json.appDisplayNameRM) ? json.appDisplayNameRM : json.appDisplayNameDE))
+
+        // if aq500 or 600 is requested -> the only available login method is eid -> continue directly there
+        // if eid is disabled -> show an error page
+        if (requestedRoleLevelNumber == 600 || requestedRoleLevelNumber == 500) {
+            if(eidEnabled){
+                session.setAttribute('agov.appSvnrAllowed', 'true')
+                response.setResult('exit.1')
+                return
+            }else{
+                response.setResult('error')
+                response.setError(9073, "LoA 600 not supported")
+                return
+            }
+
+        }
+
+        LOG.debug('AdressRequired: ' + json.addrRequired)
+        LOG.debug('SvnrAllowed: ' + json.svnrAllowed)
+        LOG.debug('appRequiresBestTokenWithAddress: ' + appRequiresBestTokenWithAddress)
+        LOG.debug('appRequiresBestTokenWithSvnr: ' + appRequiresBestTokenWithSvnr)
+
+        // address will be returned to the application if allowed by connect (json.addrRequired)
+        // and the authRequest was done with at least AGOVaq 200
+        // BUNDBITBK-4307: or best token for address is enabled
+        session.setAttribute('agov.appAddressRequired', '' + (json.addrRequired && ((requestedRoleLevelNumber >= 200) || appRequiresBestTokenWithAddress)))
+
+        // address will be returned to the application if allowed by connect (json.svnrAllowed)
+        // and the authRequest was done with at least AGOVaq 300
+        // BUNDBITBK-4307: or best token for svnr is enabled
+        session.setAttribute('agov.appSvnrAllowed', '' + (json.svnrAllowed && ((requestedRoleLevelNumber >= 300) || appRequiresBestTokenWithSvnr)))
+
+        response.setResult(ok_transition)
         return
       } else {
         LOG.warn("Failed to fetch connect meta data for relying party '${session.get('ch.nevis.auth.saml.request.scoping.requesterId')}'")
         LOG.warn('Unexcpected HTTP response code: ' + httpResponse.code())
 
         if ( requestedRoleLevelNumber == 100) {
-           session.setAttribute('agov.appAddressRequired', '' + appIsOnappAddressRequiredWhitelist)
+           session.setAttribute('agov.appAddressRequired', '' + appRequiresBestTokenWithAddress)
            session.setAttribute('agov.appSvnrAllowed', 'false')
-           response.setResult('ok')
+           response.setResult(ok_transition)
         }
         else if ( requestedRoleLevelNumber == 200) {
            session.setAttribute('agov.appAddressRequired', 'true')
            session.setAttribute('agov.appSvnrAllowed', 'false')
-           response.setResult('ok')
+           response.setResult(ok_transition)
         }
         else {
           response.setResult('error')
@@ -111,15 +162,16 @@ try {
 
 } catch (Exception e) {
   LOG.error("Failed to fetch connect meta data for relying party '${session.get('ch.nevis.auth.saml.request.scoping.requesterId')}'", e)
+  session.setAttribute('agov.eidAllowed', 'false')
   if ( requestedRoleLevelNumber == 100) {
-     session.setAttribute('agov.appAddressRequired', '' + appIsOnappAddressRequiredWhitelist)
+     session.setAttribute('agov.appAddressRequired', '' + appRequiresBestTokenWithAddress)
      session.setAttribute('agov.appSvnrAllowed', 'false')
-     response.setResult('ok')
+     response.setResult(ok_transition)
   }
   else if ( requestedRoleLevelNumber == 200) {
      session.setAttribute('agov.appAddressRequired', 'true')
      session.setAttribute('agov.appSvnrAllowed', 'false')
-     response.setResult('ok')
+     response.setResult(ok_transition)
   }
   else {
     response.setResult('error')

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-fido-uaf-extended-frontent-truststore-ca92034f995b39fde562293c.yaml

@@ -11,4 +11,146 @@ metadata:
 spec:
   keystores: []
   extraCerts:
-  - "- Swiss Goverment Root CA II\n-----BEGIN CERTIFICATE-----\nMIIIODCCBiCgAwIBAgIQDp8XmaWxPZzL7Abro/AOaTANBgkqhkiG9w0BAQsFADCB\npzELMAkGA1UEBhMCQ0gxOzA5BgNVBAoTMlRoZSBGZWRlcmFsIEF1dGhvcml0aWVz\nIG9mIHRoZSBTd2lzcyBDb25mZWRlcmF0aW9uMREwDwYDVQQLEwhTZXJ2aWNlczEi\nMCAGA1UECxMZQ2VydGlmaWNhdGlvbiBBdXRob3JpdGllczEkMCIGA1UEAxMbU3dp\nc3MgR292ZXJubWVudCBSb290IENBIElJMB4XDTExMDIxNjA5MDAwMFoXDTM1MDIx\nNjA4NTk1OVowgacxCzAJBgNVBAYTAkNIMTswOQYDVQQKEzJUaGUgRmVkZXJhbCBB\ndXRob3JpdGllcyBvZiB0aGUgU3dpc3MgQ29uZmVkZXJhdGlvbjERMA8GA1UECxMI\nU2VydmljZXMxIjAgBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxJDAi\nBgNVBAMTG1N3aXNzIEdvdmVybm1lbnQgUm9vdCBDQSBJSTCCAiIwDQYJKoZIhvcN\nAQEBBQADggIPADCCAgoCggIBAKksEu2/wCLphugcN4KDm2gFbxbjiKgBD8txnn9H\nkEvMJXfI8NdpLpFoVyGysgchM+5MpDclmEy0RjJO1vlri1GK7yw38pjV9dS0t+cA\nyu/BE16Uq267nL36a4+r+B42Vmk4ZjrQ9DMNADkCqMUcCyG3XCAMYdCtrs6OXtk6\n6d7/R3x4Vw4ccfRgHN3bmhgpr9mAo5+FhGMzke+9dO7dA3rI+uCE5tm9Tn76bk92\n0V0+qOiHRZB5862u9cJdEU0p94gTydWTcwGr3e39r3f7aU7vj1Icz/UsWmzs/oKb\n23w5q3UjfjiQT5SOLWJYnvfncvyUW3JWxZ2jrqu1tsDXdlAAPD9HiJJaYNS/Mhum\nlEANdnnpPM7ksx3HjPXohjG52CtQSoASidcsUIDmZy+2k5ytrAVSIlMgmQ69l8bh\n2nOpHYnyxFnmh+ZWKw6VAhqHxnn+mWrpdOzwEvkUKCCVljovXVe1b/+TvLYoaiyk\nKHhGYa9BJKTz+gSO8YoZopFz4nePtKf5nP9uUey9H5YT6GORXodob+vYfC4QT1AY\nkMe3dO8zwIHfM+MakytVBCx80iu3Ywz+rXu9tjqXuT0DI3RzA6YsWQBs1dXo7K9C\nzNN/cItgYOeyoLaKUkz+CpbLzzqwWAjuHELJhndCbj+0rJAAWEIcQMRuuEXIvDM2\n370nAgMBAAGjggJcMIICWDAPBgNVHRMBAf8EBTADAQH/MIGdBgNVHSAEgZUwgZIw\ngY8GCGCFdAERAxUBMIGCMEQGCCsGAQUFBwIBFjhodHRwOi8vd3d3LnBraS5hZG1p\nbi5jaC9jcHMvQ1BTXzJfMTZfNzU2XzFfMTdfM18yMV8xLnBkZjA6BggrBgEFBQcC\nAjAuGixUaGlzIGlzIHRoZSBTd2lzcyBHb3Zlcm5tZW50IFJvb3QgQ0EgSUkgQ1BT\nLjCBjwYDVR0fBIGHMIGEMIGBoH+gfYZ7bGRhcDovL2FkbWluZGlyLmFkbWluLmNo\nOjM4OS9jbj1Td2lzcyUyMEdvdmVybm1lbnQlMjBSb290JTIwQ0ElMjBJSSxvdT1D\nZXJ0aWZpY2F0aW9uJTIwQXV0aG9yaXRpZXMsb3U9U2VydmljZXMsbz1BZG1pbixj\nPUNIMB0GA1UdDgQWBBTlhG+JaT12ABd/wau9rl/BfbrhYjAOBgNVHQ8BAf8EBAMC\nAQYwgeMGA1UdIwSB2zCB2IAU5YRviWk9dgAXf8Grva5fwX264WKhga2kgaowgacx\nCzAJBgNVBAYTAkNIMTswOQYDVQQKEzJUaGUgRmVkZXJhbCBBdXRob3JpdGllcyBv\nZiB0aGUgU3dpc3MgQ29uZmVkZXJhdGlvbjERMA8GA1UECxMIU2VydmljZXMxIjAg\nBgNVBAsTGUNlcnRpZmljYXRpb24gQXV0aG9yaXRpZXMxJDAiBgNVBAMTG1N3aXNz\nIEdvdmVybm1lbnQgUm9vdCBDQSBJSYIQDp8XmaWxPZzL7Abro/AOaTANBgkqhkiG\n9w0BAQsFAAOCAgEAgzdXdck4UL9BBpZwwtnH17BaAM2jQE/T0vmKh5GyictdpLxv\nTz5U9so8s8RMi8c+9NnEYt3HVZ7R+dJE5x5Pz+juKxyoAfAzB/vhOxTTz1CRXtjq\nQsZ5WIWq+9zbcMqV+fQOYgJwaUQtaE/RcOooUma3cd4l6KGnb7ChJsfXyiBk3MBz\nPBCiFB70rcE+FJA5NmOIbyjgYKWR92Lkms/StXGeXTv2mSztkToInLSEhUnj4bqm\ntmiztrZPS1xTCldsoQeS9mKeqPqK1vNrpw+yK2a9r0JHCE/o13yfhg/6WoO+LW8A\nBLV2hxav3U86lrQ0V7fi/0H/3kIcZsWF68JyH7gcTu4X8mLvCgSsm6uh8u7uokAk\nHEfeQosYtKlXs088YjIcrWxErbzVHGM4Pckzpvu8KDdERuN6YvqASDXinhuIGUyz\nQf3ud+BZgBphHjWkQXqzwY1E6cUhWems00TKdoU2FEYKHhY0psQ0d8OCOEghAv4S\nbNrX6rDs9s0szPObCmOA0/ULfQQthA3C2Uwrl/HVVPePswrivVg8mfKvORuQ+Tvn\nt0XnWmp9wZ8UbzBXmBmgB0Pr7tEIhtdJnBIKADsPp0GxSquQs9S9CeeID54kDiv7\nYT1VmdNY5LjHffQVTWUOGHlBybvpmsFZGEQ0YtXoOHvKhRiYhnnNfbpH25U=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNV\nBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE\nCgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2Vy\ndGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMB4XDTE3MDUzMTE4MTQzN1oXDTQy\nMDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4G\nA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQD\nDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvq\nM0fNTPl9fb69LT3w23jhhqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssuf\nOePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7wcXHswxzpY6IXFJ3vG2fThVUCAtZJycxa\n4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTOZw+oz12WGQvE43LrrdF9\nHSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+B6KjBSYR\naZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcA\nb9ZhCBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQ\nGp8hLH94t2S42Oim9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQV\nPWKchjgGAGYS5Fl2WlPAApiiECtoRHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMO\npgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+SlmJuwgUHfbSguPvuUCYHBBXtSu\nUDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48+qvWBkofZ6aY\nMBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV\nHSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa4\n9QaAJadz20ZpqJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBW\ns47LCp1Jjr+kxJG7ZhcFUZh1++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5\nSm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nxY/hoLVUE0fKNsKTPvDxeH3jnpaAg\ncLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2GguDKBAdRUNf/ktUM\n79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDzOFSz\n/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXt\nll9ldDz7CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEm\nKf7GUmG6sXP/wwyc5WxqlD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKK\nQbNmC1r7fSOl8hqw/96bg5Qu0T/fkreRrwU7ZcegbLHNYhLDkBvjJc40vG93drEQ\nw/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1hlMYegouCRw2n5H9gooi\nS9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX9hwJ1C07\nmKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQsw\nCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91\nbmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwg\nUm9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRaFw00MjA1MDkwOTU4MzNaMG0xCzAJ\nBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBGb3Vu\nZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2JhbCBS\nb290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4ni\neUqjFqdrVCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4W\np2OQ0jnUsYd4XxiWD1AbNTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8E\nBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7T\nrYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0EAwMDaAAwZQIwJsdpW9zV\n57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtkAjEA2zQg\nMgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV\nBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04g\nUk9PVCBDQSBHMjAeFw0xNzAyMDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJ\nBgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJ\nR04gUk9PVCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDF\ndRmRfUR0dIf+DjuW3NgBFszuY5HnC2/OOwppGnzC46+CjobXXo9X69MhWf05N0Iw\nvlDqtg+piNguLWkh59E3GE59kdUWX2tbAMI5Qw02hVK5U2UPHULlj88F0+7cDBrZ\nuIt4ImfkabBoxTzkbFpG583H+u/E7Eu9aqSs/cwoUe+StCmrqzWaTOTECMYmzPhp\nn+Sc8CnTXPnGFiWeI8MgwT0PPzhAsP6CRDiqWhqKa2NYOLQV07YRaXseVO6MGiKs\ncpc/I1mbySKEwQdPzH/iV8oScLumZfNpdWO9lfsbl83kqK/20U6o2YpxJM02PbyW\nxPFsqa7lzw1uKA2wDrXKUXt4FMMgL3/7FFXhEZn91QqhngLjYl/rNUssuHLoPj1P\nrCy7Lobio3aP5ZMqz6WryFyNSwb/EkaseMsUBzXgqd+L6a8VTxaJW732jcZZroiF\nDsGJ6x9nxUWO/203Nit4ZoORUSs9/1F3dmKh7Gc+PoGD4FapUB8fepmrY7+EF3fx\nDTvf95xhszWYijqy7DwaNz9+j5LP2RIUZNoQAhVB/0/E6xyjyfqZ90bp4RjZsbgy\nLcsUDFDYg2WD7rlcz8sFWkz6GZdr1l0T08JcVLwyc6B49fFtHsufpaafItzRUZ6C\neWRgKRM+o/1Pcmqr4tTluCRVLERLiohEnMqE0yo7AgMBAAGjQjBAMA8GA1UdEwEB\n/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSCIS1mxteg4BXrzkwJ\nd8RgnlRuAzANBgkqhkiG9w0BAQsFAAOCAgEAYN4auOfyYILVAzOBywaK8SJJ6ejq\nkX/GM15oGQOGO0MBzwdw5AgeZYWR5hEit/UCI46uuR59H35s5r0l1ZUa8gWmr4UC\nb6741jH/JclKyMeKqdmfS0mbEVeZkkMR3rYzpMzXjWR91M08KCy0mpbqTfXERMQl\nqiCA2ClV9+BB/AYm/7k29UMUA2Z44RGx2iBfRgB4ACGlHgAoYXhvqAEBj500mv/0\nOJD7uNGzcgbJceaBxXntC6Z58hMLnPddDnskk7RI24Zf3lCGeOdA5jGokHZwYa+c\nNywRtYK3qq4kNFtyDGkNzVmf9nGvnAvRCjj5BiKDUyUM/FHE5r7iOZULJK2v0ZXk\nltd0ZGtxTgI8qoXzIKNDOXZbbFD+mpwUHmUUihW9o4JFWklWatKcsWMy5WHgUyIO\npwpJ6st+H6jiYoD2EEVSmAYY3qXNL3+q1Ok+CHLsIwMCPKaq2LxndD0UF/tUSxfj\n03k9bWtJySgOLnRQvwzZRjoQhsmnP+mg7H/rpXdYaXHmgwo38oZJar55CJD2AhZk\nPuXaTH4MNMn5X7azKFGnpyuqSfqNZSlO42sTp5SjLVFteAxEy9/eCG/Oo2Sr05WE\n1LlSVHJ7liXMvGnjSG4N0MedJ5qq+BOS3R7fY581qRY27Iy4g/Q9iY/NtBde17MX\nQRBdJ3NghVdJIgc=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYD\nVQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBU\nZWNobm9sb2dpZXMgTGltaXRlZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBH\nMTAeFw0xODAyMTgxODMwMDBaFw00MzAyMTgxODMwMDBaMGcxCzAJBgNVBAYTAklO\nMRMwEQYDVQQLEwplbVNpZ24gUEtJMSUwIwYDVQQKExxlTXVkaHJhIFRlY2hub2xv\nZ2llcyBMaW1pdGVkMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEcxMIIBIjAN\nBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0u76WaK7p1b1TST0Bsew+eeuGQz\nf2N4aLTNLnF115sgxk0pvLZoYIr3IZpWNVrzdr3YzZr/k1ZLpVkGoZM0Kd0WNHVO\n8oG0x5ZOrRkVUkr+PHB1cM2vK6sVmjM8qrOLqs1D/fXqcP/tzxE7lM5OMhbTI0Aq\nd7OvPAEsbO2ZLIvZTmmYsvePQbAyeGHWDV/D+qJAkh1cF+ZwPjXnorfCYuKrpDhM\ntTk1b+oDafo6VGiFbdbyL0NVHpENDtjVaqSW0RM8LHhQ6DqS0hdW5TUaQBw+jSzt\nOd9C4INBdN+jzcKGYEho42kLVACL5HZpIQ15TjQIXhTCzLG3rdd8cIrHhQIDAQAB\no0IwQDAdBgNVHQ4EFgQU++8Nhp6w492pufEhF38+/PB3KxowDgYDVR0PAQH/BAQD\nAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFn/8oz1h31x\nPaOfG1vR2vjTnGs2vZupYeveFix0PZ7mddrXuqe8QhfnPZHr5X3dPpzxz5KsbEjM\nwiI/aTvFthUvozXGaCocV685743QNcMYDHsAVhzNixl03r4PEuDQqqE/AjSxcM6d\nGNYIAwlG7mDgfrbESQRRfXBgvKqy/3lyeqYdPV8q+Mri/Tm3R7nrft8EI6/6nAYH\n6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeihU80Bv2noWgby\nRQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxx\niN66zB+Afko=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQG\nEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNo\nbm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g\nRzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4MTgzMDAwWjBrMQswCQYDVQQGEwJJ\nTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9s\nb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMw\ndjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQjpQy4LRL1KPOxst3iAhKAnjlfSU2fySU0\nWXTsuwYc58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyzdc6LBtCGI79G1Y4PPwT01xyS\nfvalY8L1X44uT6EYGQIrMgqCZH0Wk9GjQjBAMB0GA1UdDgQWBBR8XQKEE9TMipuB\nzhccLikenEhjQjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggq\nhkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+DCBeQyh+KTOgNG3qxrdWB\nCUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7jHvrZQnD\n+JbNR6iC8hZVdyR+EhCVBCyj\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkG\nA1UEBhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEg\nSW5jMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAw\nMFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UEBhMCVVMxEzARBgNVBAsTCmVtU2ln\nbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNpZ24gUm9v\ndCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+upufGZ\nBczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZ\nHdPIWoU/Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH\n3DspVpNqs8FqOp099cGXOFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvH\nGPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4VI5b2P/AgNBbeCsbEBEV5f6f9vtKppa+c\nxSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleoomslMuoaJuvimUnzYnu3Yy1\naylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+XJGFehiq\nTbUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL\nBQADggEBAMJKVvoVIXsoounlHfv4LcQ5lkFMOycsxGwYFYDGrK9HWS8mC+M2sO87\n/kOXSTKZEhVb3xEp/6tT+LvBeA+snFOvV71ojD1pM/CjoCNjO2RnIkSt1XHLVip4\nkqNPEjE2NuLe/gDEo2APJ62gsIq1NnpSob0n9CAnYuhNlCQT5AoE6TyrLshDCUrG\nYQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9wC68AivTxEDkigcxHpvOJpkT\n+xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQBmIMMMAVSKeo\nWXzhriKi4gp6D/piq1JM4fHfyr6DDUI=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQG\nEwJVUzETMBEGA1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMx\nIDAeBgNVBAMTF2VtU2lnbiBFQ0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAw\nMFoXDTQzMDIxODE4MzAwMFowWjELMAkGA1UEBhMCVVMxEzARBgNVBAsTCmVtU2ln\nbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMSAwHgYDVQQDExdlbVNpZ24gRUND\nIFJvb3QgQ0EgLSBDMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABP2lYa57JhAd6bci\nMK4G9IGzsUJxlTm801Ljr6/58pc1kjZGDoeVjbk5Wum739D+yAdBPLtVb4Ojavti\nsIGJAnB9SMVK4+kiVCJNk7tCDK93nCOmfddhEc5lx/h//vXyqaNCMEAwHQYDVR0O\nBBYEFPtaSNCAIEDyqOkAB2kZd6fmw/TPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMB\nAf8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMQC02C8Cif22TGK6Q04ThHK1rt0c\n3ta13FaPWEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwUZOR8loMRnLDRWmFLpg9J\n0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUQ==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQEL\nBQAwbzELMAkGA1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJ\nSG9uZyBLb25nMRYwFAYDVQQKEw1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25n\na29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2MDMwMjI5NDZaFw00MjA2MDMwMjI5\nNDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtvbmcxEjAQBgNVBAcT\nCUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMXSG9u\nZ2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK\nAoICAQCziNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFO\ndem1p+/l6TWZ5Mwc50tfjTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mI\nVoBc+L0sPOFMV4i707mV78vH9toxdCim5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV\n9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOesL4jpNrcyCse2m5FHomY\n2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj0mRiikKY\nvLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+Tt\nbNe/JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZb\nx39ri1UbSsUgYT2uy1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+\nl2oBlKN8W4UdKjk60FSh0Tlxnf0h+bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YK\nTE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsGxVd7GYYKecsAyVKvQv83j+Gj\nHno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwIDAQABo2MwYTAP\nBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e\ni9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEw\nDQYJKoZIhvcNAQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG\n7BJ8dNVI0lkUmcDrudHr9EgwW62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCk\nMpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWldy8joRTnU+kLBEUx3XZL7av9YROXr\ngZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov+BS5gLNdTaqX4fnk\nGMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDceqFS\n3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJm\nOzj/2ZQw9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+\nl6mc1X5VTMbeRRAc6uk7nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6c\nJfTzPV4e0hz5sy229zdcxsshTrD3mUcYhcErulWuBurQB7Lcq9CClnXO0lD+mefP\nL5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB60PZ2Pierc+xYw5F9KBa\nLJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fqdBb9HxEG\nmpv0\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICQDCCAeWgAwIBAgIMAVRI7yH9l1kN9QQKMAoGCCqGSM49BAMCMHExCzAJBgNV\nBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRk\nLjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25vIFJv\nb3QgQ0EgMjAxNzAeFw0xNzA4MjIxMjA3MDZaFw00MjA4MjIxMjA3MDZaMHExCzAJ\nBgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMg\nTHRkLjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25v\nIFJvb3QgQ0EgMjAxNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJbcPYrYsHtv\nxie+RJCxs1YVe45DJH0ahFnuY2iyxl6H0BVIHqiQrb1TotreOpCmYF9oMrWGQd+H\nWyx7xf58etqjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G\nA1UdDgQWBBSHERUI0arBeAyxr87GyZDvvzAEwDAfBgNVHSMEGDAWgBSHERUI0arB\neAyxr87GyZDvvzAEwDAKBggqhkjOPQQDAgNJADBGAiEAtVfd14pVCzbhhkT61Nlo\njbjcI4qKDdQvfepz7L9NbKgCIQDLpbQS+ue16M9+k/zzNY9vTlp8tLxOsvxyqltZ\n+efcMQ==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIGFDCCA/ygAwIBAgIIG3Dp0v+ubHEwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UE\nBhMCRVMxQjBABgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1h\ncHJvZmVzaW9uYWwgQ0lGIEE2MjYzNDA2ODAeFw0xNDA5MjMxNTIyMDdaFw0zNjA1\nMDUxNTIyMDdaMFExCzAJBgNVBAYTAkVTMUIwQAYDVQQDDDlBdXRvcmlkYWQgZGUg\nQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBBNjI2MzQwNjgwggIi\nMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDDUtd9\nthDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQM\ncas9UX4PB99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefG\nL9ItWY16Ck6WaVICqjaY7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15i\nNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqHECNZXyAFGUftaI6SEspd/NYrspI8IM/h\nX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyIplD9amML9ZMWGxmPsu2b\nm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctXMbScyJCy\nZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirja\nEbsXLZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/T\nKI8xWVvTyQKmtFLKbpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF\n6NkBiDkal4ZkQdU7hwxu+g/GvUgUvzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVh\nOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMB0GA1UdDgQWBBRlzeurNR4APn7VdMAc\ntHNHDhpkLzASBgNVHRMBAf8ECDAGAQH/AgEBMIGmBgNVHSAEgZ4wgZswgZgGBFUd\nIAAwgY8wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuZmlybWFwcm9mZXNpb25hbC5j\nb20vY3BzMFwGCCsGAQUFBwICMFAeTgBQAGEAcwBlAG8AIABkAGUAIABsAGEAIABC\nAG8AbgBhAG4AbwB2AGEAIAA0ADcAIABCAGEAcgBjAGUAbABvAG4AYQAgADAAOAAw\nADEANzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAHSHKAIrdx9m\niWTtj3QuRhy7qPj4Cx2Dtjqn6EWKB7fgPiDL4QjbEwj4KKE1soCzC1HA01aajTNF\nSa9J8OA9B3pFE1r/yJfY0xgsfZb43aJlQ3CTkBW6kN/oGbDbLIpgD7dvlAceHabJ\nhfa9NPhAeGIQcDq+fUs5gakQ1JZBu/hfHAsdCPKxsIl68veg4MSPi3i1O1ilI45P\nVf42O+AMt8oqMEEgtIDNrvx2ZnOorm7hfNoD6JQg5iKj0B+QXSBTFCZX2lSX3xZE\nEAEeiGaPcjiT3SC3NL7X8e5jjkd5KAb881lFJWAiMxujX6i6KtoaPc1A6ozuBRWV\n1aUsIC+nmCjuRfzxuIgALI9C2lHVnOUTaHFFQ4ueCyE8S1wF3BqfmI7avSKecs2t\nCsvMo2ebKHTEm9caPARYpoKdrcd7b/+Alun4jWq9GJAd/0kakFI3ky88Al2CdgtR\n5xbHV/g4+afNmyJU72OwFW1TZQNKXkqgsqeOSQBZONXH9IBk9W6VULgRfhVwOEqw\nf9DEMnDAGf/JOC0ULGb0QkTmVXYbgBVX/8Cnp6o5qtjTcNAuuuuUavpfNIbnYrX9\nivAwhZTJryQCL2/W3Wf+47BVTwSYT6RBVuKT0Gro1vP7ZeDOdcQxWQzugsgMYDNK\nGbqEZycPvEJdvSRUDewdcAZfpLz6IHxV\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEM\nBQAwaTELMAkGA1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRG\nT1JNIENvcnAuMTIwMAYDVQQDDClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0\naW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4NDJaFw0zNzA4MTgyMzU5NTlaMGkx\nCzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVTUyBQTEFURk9STSBD\nb3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlvbiBB\ndXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVA\niQqrDZBbUGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH\n38dq6SZeWYp34+hInDEW+j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lE\nHoSTGEq0n+USZGnQJoViAbbJAh2+g1G7XNr4rRVqmfeSVPc0W+m/6imBEtRTkZaz\nkVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2aacp+yPOiNgSnABIqKYP\nszuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4Yb8Obtoq\nvC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHf\nnZ3zVHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaG\nYQ5fG8Ir4ozVu53BA0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo\n0es+nPxdGoMuK8u180SdOqcXYZaicdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3a\nCJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejyYhbLgGvtPe31HzClrkvJE+2K\nAQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNVHQ4EFgQU0p+I\n36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB\nAf8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoN\nqo0hV4/GPnrK21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatj\ncu3cvuzHV+YwIHHW1xDBE1UBjCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm\n+LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bxhYTeodoS76TiEJd6eN4MUZeoIUCL\nhr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTgE34h5prCy8VCZLQe\nlHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTHD8z7\np/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8\npiKCk5XQA76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLR\nLBT/DShycpWbXgnbiUSYqqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX\n5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oGI/hGoiLtk/bdmuYqh7GYVPEi92tF4+KO\ndh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmgkpzNNIaRkPpkUZ3+/uul\n9XXeifdy\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYD\nVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf\nBgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3\nYXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x\nNzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYDVQQGEwJVUzERMA8G\nA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0\nd2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF\nQ0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABH77bOYj43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoN\nFWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqmP62jQzBBMA8GA1UdEwEB/wQFMAMBAf8w\nDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt0UrrdaVKEJmzsaGLSvcw\nCgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjzRM4q3wgh\nDDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIF2jCCA8KgAwIBAgIMBfcOhtpJ80Y1LrqyMA0GCSqGSIb3DQEBCwUAMIGIMQsw\nCQYDVQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28x\nITAfBgNVBAoMGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1\nc3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMx\nOTM0MTJaFw00MjA4MjMxOTM0MTJaMIGIMQswCQYDVQQGEwJVUzERMA8GA1UECAwI\nSWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2ZSBI\nb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZp\nY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB\nALldUShLPDeS0YLOvR29zd24q88KPuFd5dyqCblXAj7mY2Hf8g+CY66j96xz0Xzn\nswuvCAAJWX/NKSqIk4cXGIDtiLK0thAfLdZfVaITXdHG6wZWiYj+rDKd/VzDBcdu\n7oaJuogDnXIhhpCujwOl3J+IKMujkkkP7NAP4m1ET4BqstTnoApTAbqOl5F2brz8\n1Ws25kCI1nsvXwXoLG0R8+eyvpJETNKXpP7ScoFDB5zpET71ixpZfR9oWN0EACyW\n80OzfpgZdNmcc9kYvkHHNHnZ9GLCQ7mzJ7Aiy/k9UscwR7PJPrhq4ufogXBeQotP\nJqX+OsIgbrv4Fo7NDKm0G2x2EOFYeUY+VM6AqFcJNykbmROPDMjWLBz7BegIlT1l\nRtzuzWniTY+HKE40Cz7PFNm73bZQmq131BnW2hqIyE4bJ3XYsgjxroMwuREOzYfw\nhI0Vcnyh78zyiGG69Gm7DIwLdVcEuE4qFC49DxweMqZiNu5m4iK4BUBjECLzMx10\ncoos9TkpoNPnG4CELcU9402x/RpvumUHO1jsQkUm+9jaJXLE9gCxInm943xZYkqc\nBW89zubWR2OZxiRvchLIrH+QtAuRcOi35hYQcRfO3gZPSEF9NUqjifLJS3tBEW1n\ntwiYTOURGa5CgNz7kAXU+FDKvuStx8KU1xad5hePrzb7AgMBAAGjQjBAMA8GA1Ud\nEwEB/wQFMAMBAf8wHQYDVR0OBBYEFJngGWcNYtt2s9o9uFvo/ULSMQ6HMA4GA1Ud\nDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAmHNw4rDT7TnsTGDZqRKGFx6W\n0OhUKDtkLSGm+J1WE2pIPU/HPinbbViDVD2HfSMF1OQc3Og4ZYbFdada2zUFvXfe\nuyk3QAUHw5RSn8pk3fEbK9xGChACMf1KaA0HZJDmHvUqoai7PF35owgLEQzxPy0Q\nlG/+4jSHg9bP5Rs1bdID4bANqKCqRieCNqcVtgimQlRXtpla4gt5kNdXElE1GYhB\naCXUNxeEFfsBctyV3lImIJgm4nb1J2/6ADtKYdkNy1GTKv0WBpanI5ojSP5RvbbE\nsLFUzt5sQa0WZ37b/TjNuThOssFgy50X31ieemKyJo90lZvkWx3SD92YHJtZuSPT\nMaCm/zjdzyBP6VhWOmfD0faZmZ26NraAL4hHT4a/RDqA5Dccprrql5gR0IRiR2Qe\nqu5AvzSxnI9O4fKSTx+O856X3vOmeWqJcU9LJxdI/uz0UA9PSX3MReO9ekDFQdxh\nVicGaeVyQYHTtgGJoC86cnn+OjC/QezHYj6RS8fZMXZC+fc8Y+wmjHMMfRod6qh8\nh6jCJ3zhM0EPz8/8AKAigJ5Kp28AsEFFtyLKaEjFQqKu3R3y4G5OBVixwJAWKqQ9\nEEC+j2Jjg6mcgn0tAumDMHzLJ8n9HmYAsC7TIS+OMxZsmO0QqAfWzJPP29FpHOTK\nyeC2nOnOcXHebD8WpHk=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICnTCCAiSgAwIBAgIMCL2Fl2yZJ6SAaEc7MAoGCCqGSM49BAMDMIGRMQswCQYD\nVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf\nBgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3\nYXZlIEdsb2JhbCBFQ0MgUDM4NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x\nNzA4MjMxOTM2NDNaFw00MjA4MjMxOTM2NDNaMIGRMQswCQYDVQQGEwJVUzERMA8G\nA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0\nd2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF\nQ0MgUDM4NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTB2MBAGByqGSM49AgEGBSuB\nBAAiA2IABGvaDXU1CDFHBa5FmVXxERMuSvgQMSOjfoPTfygIOiYaOs+Xgh+AtycJ\nj9GOMMQKmw6sWASr9zZ9lCOkmwqKi6vr/TklZvFe/oyujUF5nQlgziip04pt89ZF\n1PKYhDhloKNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwYAMB0G\nA1UdDgQWBBRVqYSJ0sEyvRjLbKYHTsjnnb6CkDAKBggqhkjOPQQDAwNnADBkAjA3\nAZKXRRJ+oPM+rRk6ct30UJMDEr5E0k9BpIycnR+j9sKS50gU/k6bpZFXrsY3crsC\nMGclCrEMXu6pY5Jv5ZAL/mYiykf9ijH3g/56vxC+GCsej/YpHpRZ744hN8tRmKVu\nSw==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQsw\nCQYDVQQGEwJFUzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgw\nFgYDVQRhDA9WQVRFUy1RMjgyNjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1S\nQ00gU0VSVklET1JFUyBTRUdVUk9TMB4XDTE4MTIyMDA5MzczM1oXDTQzMTIyMDA5\nMzczM1oweDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQtUkNNMQ4wDAYDVQQL\nDAVDZXJlczEYMBYGA1UEYQwPVkFURVMtUTI4MjYwMDRKMSwwKgYDVQQDDCNBQyBS\nQUlaIEZOTVQtUkNNIFNFUlZJRE9SRVMgU0VHVVJPUzB2MBAGByqGSM49AgEGBSuB\nBAAiA2IABPa6V1PIyqvfNkpSIeSX0oNnnvBlUdBeh8dHsVnyV0ebAAKTRBdp20LH\nsbI6GA60XYyzZl2hNPk2LEnb80b8s0RpRBNm/dfF/a82Tc4DTQdxz69qBdKiQ1oK\nUm8BA06Oi6NCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD\nVR0OBBYEFAG5L++/EYZg8k/QQW6rcx/n0m5JMAoGCCqGSM49BAMDA2kAMGYCMQCu\nSuMrQMN0EfKVrRYj3k4MGuZdpSRea0R7/DjiT8ucRRcRTBQnJlU5dUoDzBOQn5IC\nMQD6SmxgiHPz7riYYqnOK8LZiqZwMR2vsJRM60/G49HzYqc8/5MuB1xJAWdpEgJy\nv+c=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFVjCCAz6gAwIBAgIUQ+NxE9izWRRdt86M/TX9b7wFjUUwDQYJKoZIhvcNAQEL\nBQAwQzELMAkGA1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4x\nFjAUBgNVBAMTDXZUcnVzIFJvb3QgQ0EwHhcNMTgwNzMxMDcyNDA1WhcNNDMwNzMx\nMDcyNDA1WjBDMQswCQYDVQQGEwJDTjEcMBoGA1UEChMTaVRydXNDaGluYSBDby4s\nTHRkLjEWMBQGA1UEAxMNdlRydXMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQAD\nggIPADCCAgoCggIBAL1VfGHTuB0EYgWgrmy3cLRB6ksDXhA/kFocizuwZotsSKYc\nIrrVQJLuM7IjWcmOvFjai57QGfIvWcaMY1q6n6MLsLOaXLoRuBLpDLvPbmyAhykU\nAyyNJJrIZIO1aqwTLDPxn9wsYTwaP3BVm60AUn/PBLn+NvqcwBauYv6WTEN+VRS+\nGrPSbcKvdmaVayqwlHeFXgQPYh1jdfdr58tbmnDsPmcF8P4HCIDPKNsFxhQnL4Z9\n8Cfe/+Z+M0jnCx5Y0ScrUw5XSmXX+6KAYPxMvDVTAWqXcoKv8R1w6Jz1717CbMdH\nflqUhSZNO7rrTOiwCcJlwp2dCZtOtZcFrPUGoPc2BX70kLJrxLT5ZOrpGgrIDajt\nJ8nU57O5q4IikCc9Kuh8kO+8T/3iCiSn3mUkpF3qwHYw03dQ+A0Em5Q2AXPKBlim\n0zvc+gRGE1WKyURHuFE5Gi7oNOJ5y1lKCn+8pu8fA2dqWSslYpPZUxlmPCdiKYZN\npGvu/9ROutW04o5IWgAZCfEF2c6Rsffr6TlP9m8EQ5pV9T4FFL2/s1m02I4zhKOQ\nUqqzApVg+QxMaPnu1RcN+HFXtSXkKe5lXa/R7jwXC1pDxaWG6iSe4gUH3DRCEpHW\nOXSuTEGC2/KmSNGzm/MzqvOmwMVO9fSddmPmAsYiS8GVP1BkLFTltvA8Kc9XAgMB\nAAGjQjBAMB0GA1UdDgQWBBRUYnBj8XWEQ1iO0RYgscasGrz2iTAPBgNVHRMBAf8E\nBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAKbqSSaet\n8PFww+SX8J+pJdVrnjT+5hpk9jprUrIQeBqfTNqK2uwcN1LgQkv7bHbKJAs5EhWd\nnxEt/Hlk3ODg9d3gV8mlsnZwUKT+twpw1aA08XXXTUm6EdGz2OyC/+sOxL9kLX1j\nbhd47F18iMjrjld22VkE+rxSH0Ws8HqA7Oxvdq6R2xCOBNyS36D25q5J08FsEhvM\nKar5CKXiNxTKsbhm7xqC5PD48acWabfbqWE8n/Uxy+QARsIvdLGx14HuqCaVvIiv\nTDUHKgLKeBRtRytAVunLKmChZwOgzoy8sHJnxDHO2zTlJQNgJXtxmOTAGytfdELS\nS8VZCAeHvsXDf+eW2eHcKJfWjwXj9ZtOyh1QRwVTsMo554WgicEFOwE30z9J4nfr\nI8iIZjs9OXYhRvHsXyO466JmdXTBQPfYaJqT4i2pLr0cox7IdMakLXogqzu4sEb9\nb91fUlV1YvCXoHzXOP0l382gmxDPi7g4Xl7FtKYCNqEeXxzP4padKar9mK5S4fNB\nUvupLnKWnyfjqnN9+BojZns7q2WwMgFLFT49ok8MKzWixtlnEjUwzXYuFrOZnk1P\nTi07NEPhmg4NpGaXutIcSkwsKouLgU9xGqndXHt7CMUADTdA43x7VF8vhV929ven\nsBxXVsFy6K2ir40zSbofitzmdHxghm+Hl3s=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICDzCCAZWgAwIBAgIUbmq8WapTvpg5Z6LSa6Q75m0c1towCgYIKoZIzj0EAwMw\nRzELMAkGA1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xGjAY\nBgNVBAMTEXZUcnVzIEVDQyBSb290IENBMB4XDTE4MDczMTA3MjY0NFoXDTQzMDcz\nMTA3MjY0NFowRzELMAkGA1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28u\nLEx0ZC4xGjAYBgNVBAMTEXZUcnVzIEVDQyBSb290IENBMHYwEAYHKoZIzj0CAQYF\nK4EEACIDYgAEZVBKrox5lkqqHAjDo6LN/llWQXf9JpRCux3NCNtzslt188+cToL0\nv/hhJoVs1oVbcnDS/dtitN9Ti72xRFhiQgnH+n9bEOf+QP3A2MMrMudwpremIFUd\ne4BdS49nTPEQo0IwQDAdBgNVHQ4EFgQUmDnNvtiyjPeyq+GtJK97fKHbH88wDwYD\nVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDaAAwZQIw\nV53dVvHH4+m4SVBrm2nDb+zDfSXkV5UTQJtS0zvzQBm8JsctBp61ezaf9SXUY2sA\nAjEA6dPGnlaaKsyh2j/IZivTWJwghfqrkYpwcBE4YGQLYgmRWAD5Tfs0aNoJrSEG\nGJTO\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFajCCA1KgAwIBAgIQLd2szmKXlKFD6LDNdmpeYDANBgkqhkiG9w0BAQsFADBP\nMQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0\nZC4xGzAZBgNVBAMMEkhpUEtJIFJvb3QgQ0EgLSBHMTAeFw0xOTAyMjIwOTQ2MDRa\nFw0zNzEyMzExNTU5NTlaME8xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3\nYSBUZWxlY29tIENvLiwgTHRkLjEbMBkGA1UEAwwSSGlQS0kgUm9vdCBDQSAtIEcx\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9B5/UnMyDHPkvRN0o9Qw\nqNCuS9i233VHZvR85zkEHmpwINJaR3JnVfSl6J3VHiGh8Ge6zCFovkRTv4354twv\nVcg3Px+kwJyz5HdcoEb+d/oaoDjq7Zpy3iu9lFc6uux55199QmQ5eiY29yTw1S+6\nlZgRZq2XNdZ1AYDgr/SEYYwNHl98h5ZeQa/rh+r4XfEuiAU+TCK72h8q3VJGZDnz\nQs7ZngyzsHeXZJzA9KMuH5UHsBffMNsAGJZMoYFL3QRtU6M9/Aes1MU3guvklQgZ\nKILSQjqj2FPseYlgSGDIcpJQ3AOPgz+yQlda22rpEZfdhSi8MEyr48KxRURHH+CK\nFgeW0iEPU8DtqX7UTuybCeyvQqww1r/REEXgphaypcXTT3OUM3ECoWqj1jOXTyFj\nHluP2cFeRXF3D4FdXyGarYPM+l7WjSNfGz1BryB1ZlpK9p/7qxj3ccC2HTHsOyDr\ny+K49a6SsvfhhEvyovKTmiKe0xRvNlS9H15ZFblzqMF8b3ti6RZsR1pl8w4Rm0bZ\n/W3c1pzAtH2lsN0/Vm+h+fbkEkj9Bn8SV7apI09bA8PgcSojt/ewsTu8mL3WmKgM\na/aOEmem8rJY5AIJEzypuxC00jBF8ez3ABHfZfjcK0NVvxaXxA/VLGGEqnKG/uY6\nfsI/fe78LxQ+5oXdUG+3Se0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNV\nHQ4EFgQU8ncX+l6o/vY9cdVouslGDDjYr7AwDgYDVR0PAQH/BAQDAgGGMA0GCSqG\nSIb3DQEBCwUAA4ICAQBQUfB13HAE4/+qddRxosuej6ip0691x1TPOhwEmSKsxBHi\n7zNKpiMdDg1H2DfHb680f0+BazVP6XKlMeJ45/dOlBhbQH3PayFUhuaVevvGyuqc\nSE5XCV0vrPSltJczWNWseanMX/mF+lLFjfiRFOs6DRfQUsJ748JzjkZ4Bjgs6Fza\nZsT0pPBWGTMpWmWSBUdGSquEwx4noR8RkpkndZMPvDY7l1ePJlsMu5wP1G4wB9Tc\nXzZoZjmDlicmisjEOf6aIW/Vcobpf2Lll07QJNBAsNB1CI69aO4I1258EHBGG3zg\niLKecoaZAeO/n0kZtCW+VmWuF2PlHt/o/0elv+EmBYTksMCv5wiZqAxeJoBF1Pho\nL5aPruJKHJwWDBNvOIf2u8g0X5IDUXlwpt/L9ZlNec1OvFefQ05rLisY+GpzjLrF\nNe85akEez3GoorKGB1s6yeHvP2UEgEcyRHCVTjFnanRbEEV16rCf0OY1/k6fi8wr\nkkVbbiVghUbN0aqwdmaTd5a+g744tiROJgvM7XpWGuDpWsZkrUx6AEhEL7lAuxM+\nvhV4nYWBSipX3tUZQ9rbyltHhoMLP7YNdnhzeSJesYAfz77RP1YQmCuVh6EfnWQU\nYDksswBVLuT1sw5XxJFBAJw/6KXf6vb/yPCtbVKoF6ubYfwSUTXkJf2vqmqGOQ==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUA\nMEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYD\nVQQDExNHbG9iYWxTaWduIFJvb3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMy\nMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt\nc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08EsCVeJ\nOaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQG\nvGIFAha/r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud\n316HCkD7rRlr+/fKYIje2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo\n0q3v84RLHIf8E6M6cqJaESvWJ3En7YEtbWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSE\ny132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvjK8Cd+RTyG/FWaha/LIWF\nzXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD412lPFzYE\n+cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCN\nI/onccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzs\nx2sZy/N78CsHpdlseVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqa\nByFrgY/bxFn63iLABJzjqls2k+g9vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC\n4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV\nHQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEMBQADggIBAHx4\n7PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg\nJuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti\n2kM3S+LGteWygxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIk\npnnpHs6i58FZFZ8d4kuaPp92CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRF\nFRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZmOUdkLG5NrmJ7v2B0GbhWrJKsFjLt\nrWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qqJZ4d16GLuc1CLgSk\nZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwyeqiv5\nu+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP\n4vkYxboznxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6\nN3ec592kD3ZDZopD8p/7DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3\nvouXsXgxT7PntgMTzlSdriVZzH81Xwj3QEUxeCp6\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYx\nCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQD\nExNHbG9iYWxTaWduIFJvb3QgRTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAw\nMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2Ex\nHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA\nIgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkBjtjq\nR+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGdd\nyXqBPCCjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud\nDgQWBBQxCpCPtsad0kRLgLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ\n7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZkvLtoURMMA/cVi4RguYv/Uo7njLwcAjA8\n+RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+CAezNIm8BZ/3Hobui3A=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIF7zCCA9egAwIBAgIIDdPjvGz5a7EwDQYJKoZIhvcNAQELBQAwgYQxEjAQBgNV\nBAUTCUc2MzI4NzUxMDELMAkGA1UEBhMCRVMxJzAlBgNVBAoTHkFORiBBdXRvcmlk\nYWQgZGUgQ2VydGlmaWNhY2lvbjEUMBIGA1UECxMLQU5GIENBIFJhaXoxIjAgBgNV\nBAMTGUFORiBTZWN1cmUgU2VydmVyIFJvb3QgQ0EwHhcNMTkwOTA0MTAwMDM4WhcN\nMzkwODMwMTAwMDM4WjCBhDESMBAGA1UEBRMJRzYzMjg3NTEwMQswCQYDVQQGEwJF\nUzEnMCUGA1UEChMeQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uMRQwEgYD\nVQQLEwtBTkYgQ0EgUmFpejEiMCAGA1UEAxMZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9v\ndCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANvrayvmZFSVgpCj\ncqQZAZ2cC4Ffc0m6p6zzBE57lgvsEeBbphzOG9INgxwruJ4dfkUyYA8H6XdYfp9q\nyGFOtibBTI3/TO80sh9l2Ll49a2pcbnvT1gdpd50IJeh7WhM3pIXS7yr/2WanvtH\n2Vdy8wmhrnZEE26cLUQ5vPnHO6RYPUG9tMJJo8gN0pcvB2VSAKduyK9o7PQUlrZX\nH1bDOZ8rbeTzPvY1ZNoMHKGESy9LS+IsJJ1tk0DrtSOOMspvRdOoiXsezx76W0OL\nzc2oD2rKDF65nkeP8Nm2CgtYZRczuSPkdxl9y0oukntPLxB3sY0vaJxizOBQ+OyR\np1RMVwnVdmPF6GUe7m1qzwmd+nxPrWAI/VaZDxUse6mAq4xhj0oHdkLePfTdsiQz\nW7i1o0TJrH93PB0j7IKppuLIBkwC/qxcmZkLLxCKpvR/1Yd0DVlJRfbwcVw5Kda/\nSiOL9V8BY9KHcyi1Swr1+KuCLH5zJTIdC2MKF4EA/7Z2Xue0sUDKIbvVgFHlSFJn\nLNJhiQcND85Cd8BEc5xEUKDbEAotlRyBr+Qc5RQe8TZBAQIvfXOn3kLMTOmJDVb3\nn5HUA8ZsyY/b2BzgQJhdZpmYgG4t/wHFzstGH6wCxkPmrqKEPMVOHj1tyRRM4y5B\nu8o5vzY8KhmqQYdOpc5LMnndkEl/AgMBAAGjYzBhMB8GA1UdIwQYMBaAFJxf0Gxj\no1+TypOYCK2Mh6UsXME3MB0GA1UdDgQWBBScX9BsY6Nfk8qTmAitjIelLFzBNzAO\nBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC\nAgEATh65isagmD9uw2nAalxJUqzLK114OMHVVISfk/CHGT0sZonrDUL8zPB1hT+L\n9IBdeeUXZ701guLyPI59WzbLWoAAKfLOKyzxj6ptBZNscsdW699QIyjlRRA96Gej\nrw5VD5AJYu9LWaL2U/HANeQvwSS9eS9OICI7/RogsKQOLHDtdD+4E5UGUcjohybK\npFtqFiGS3XNgnhAY3jyB6ugYw3yJ8otQPr0R4hUDqDZ9MwFsSBXXiJCZBMXM5gf0\nvPSQ7RPi6ovDj6MzD8EpTBNO2hVWcXNyglD2mjN8orGoGjR0ZVzO0eurU+AagNjq\nOknkJjCb5RyKqKkVMoaZkgoQI1YS4PbOTOK7vtuNknMBZi9iPrJyJ0U27U1W45eZ\n/zo1PqVUSlJZS2Db7v54EX9K3BR5YLZrZAPbFYPhor72I5dQ8AkzNqdxliXzuUJ9\n2zg/LFis6ELhDtjTO0wugumDLmsx2d1Hhk9tl5EuT+IocTUW0fJz/iUrB0ckYyfI\n+PbZa/wSMVYIwFNCr5zQM378BvAxRAMU8Vjq8moNqRGyg77FGr8H6lnco4g175x2\nMjxNBiLOFeXdntiP2t7SxDnlF4HPOEfrf4htWRvfn0IUrn7PqLBmZdo3r5+qPeoo\ntt7VMVgWglvquxl1AnMaykgaIZOQCo6ThKd9OyMYkomgjaw=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFszCCA5ugAwIBAgIUEwLV4kBMkkaGFmddtLu7sms+/BMwDQYJKoZIhvcNAQEL\nBQAwYTELMAkGA1UEBhMCVE4xNzA1BgNVBAoMLkFnZW5jZSBOYXRpb25hbGUgZGUg\nQ2VydGlmaWNhdGlvbiBFbGVjdHJvbmlxdWUxGTAXBgNVBAMMEFR1blRydXN0IFJv\nb3QgQ0EwHhcNMTkwNDI2MDg1NzU2WhcNNDQwNDI2MDg1NzU2WjBhMQswCQYDVQQG\nEwJUTjE3MDUGA1UECgwuQWdlbmNlIE5hdGlvbmFsZSBkZSBDZXJ0aWZpY2F0aW9u\nIEVsZWN0cm9uaXF1ZTEZMBcGA1UEAwwQVHVuVHJ1c3QgUm9vdCBDQTCCAiIwDQYJ\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMPN0/y9BFPdDCA61YguBUtB9YOCfvdZ\nn56eY+hz2vYGqU8ftPkLHzmMmiDQfgbU7DTZhrx1W4eI8NLZ1KMKsmwb60ksPqxd\n2JQDoOw05TDENX37Jk0bbjBU2PWARZw5rZzJJQRNmpA+TkBuimvNKWfGzC3gdOgF\nVwpIUPp6Q9p+7FuaDmJ2/uqdHYVy7BG7NegfJ7/Boce7SBbdVtfMTqDhuazb1YMZ\nGoXRlJfXyqNlC/M4+QKu3fZnz8k/9YosRxqZbwUN/dAdgjH8KcwAWJeRTIAAHDOF\nli/LQcKLEITDCSSJH7UP2dl3RxiSlGBcx5kDPP73lad9UKGAwqmDrViWVSHbhlnU\nr8a83YFuB9tgYv7sEG7aaAH0gxupPqJbI9dkxt/con3YS7qC0lH4Zr8GRuR5KiY2\neY8fTpkdso8MDhz/yV3A/ZAQprE38806JG60hZC/gLkMjNWb1sjxVj8agIl6qeIb\nMlEsPvLfe/ZdeikZjuXIvTZxi11Mwh0/rViizz1wTaZQmCXcI/m4WEEIcb9PuISg\njwBUFfyRbVinljvrS5YnzWuioYasDXxU5mZMZl+QviGaAkYt5IPCgLnPSz7ofzwB\n7I9ezX/SKEIBlYrilz0QIX32nRzFNKHsLA4KUiwSVXAkPcvCFDVDXSdOvsC9qnyW\n5/yeYa1E0wCXAgMBAAGjYzBhMB0GA1UdDgQWBBQGmpsfU33x9aTI04Y+oXNZtPdE\nITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFAaamx9TffH1pMjThj6hc1m0\n90QhMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAqgVutt0Vyb+z\nxiD2BkewhpMl0425yAA/l/VSJ4hxyXT968pk21vvHl26v9Hr7lxpuhbI87mP0zYu\nQEkHDVneixCwSQXi/5E/S7fdAo74gShczNxtr18UnH1YeA32gAm56Q6XKRm4t+v4\nFstVEuTGfbvE7Pi1HE4+Z7/FXxttbUcoqgRYYdZ2vyJ/0Adqp2RT8JeNnYA/u8EH\n22Wv5psymsNUk8QcCMNE+3tjEUPRahphanltkE8pjkcFwRJpadbGNjHh/PqAulxP\nxOu3Mqz4dWEX1xAZufHSCe96Qp1bWgvUxpVOKs7/B9dPfhgGiPEZtdmYu65xxBzn\ndFlY7wyJz4sfdZMaBBSSSFCp61cpABbjNhzI+L/wM9VBD8TMPN3pM0MBkRArHtG5\nXc0yGYuPjCB31yLEQtyEFpslbei0VXF/sHyz03FJuc9SpAQ/3D2gu68zngowYI7b\nnV2UqL1g52KAdoGDDIzMMEZJ4gzSqK/rYXHv5yJiqfdcZGyfFoxnNidF9Ql7v/YQ\nCvGwjVRDjAS6oz/v4jXH+XTgbzRB0L9zZVcg+ZtnemZoJE6AZb0QmQZZ8mWvuMZH\nu/2QeItBcy6vVR/cO5JyboTT0GFMDcx2V+IthSIVNg3rAZ3r2OvEhJn7wAzMMujj\nd9qDRIueVSjAi1jTkD5OGwDxFa2DK5o=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICZTCCAeugAwIBAgIQeI8nXIESUiClBNAt3bpz9DAKBggqhkjOPQQDAzB0MQsw\nCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScw\nJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAXBgNVBAMT\nEENlcnR1bSBFQy0zODQgQ0EwHhcNMTgwMzI2MDcyNDU0WhcNNDMwMzI2MDcyNDU0\nWjB0MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBT\nLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxGTAX\nBgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATE\nKI6rGFtqvm5kN2PkzeyrOvfMobgOgknXhimfoZTy42B4mIF4Bk3y7JoOV2CDn7Tm\nFy8as10CW4kjPMIRBSqniBMY81CE1700LCeJVf/OTOffph8oxPBUw7l8t1Ot68Kj\nQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI0GZnQkdjrzife81r1HfS+8\nEF9LMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjADVS2m5hjEfO/J\nUG7BJw+ch69u1RsIGL2SKcHvlJF40jocVYli5RsJHrpka/F2tNQCMQC0QoSZ/6vn\nnvuRlydd3LBbMHHOXjgaatkl5+r3YZJW+OraNsKHZZYuciUvf9/DE8k=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFwDCCA6igAwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6\nMQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEu\nMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNV\nBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwHhcNMTgwMzE2MTIxMDEzWhcNNDMw\nMzE2MTIxMDEzWjB6MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEg\nU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRo\nb3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQDRLY67tzbqbTeRn06TpwXkKQMlzhyC93yZ\nn0EGze2jusDbCSzBfN8pfktlL5On1AFrAygYo9idBcEq2EXxkd7fO9CAAozPOA/q\np1x4EaTByIVcJdPTsuclzxFUl6s1wB52HO8AU5853BSlLCIls3Jy/I2z5T4IHhQq\nNwuIPMqw9MjCoa68wb4pZ1Xi/K1ZXP69VyywkI3C7Te2fJmItdUDmj0VDT06qKhF\n8JVOJVkdzZhpu9PMMsmN74H+rX2Ju7pgE8pllWeg8xn2A1bUatMn4qGtg/BKEiJ3\nHAVz4hlxQsDsdUaakFjgao4rpUYwBI4Zshfjvqm6f1bxJAPXsiEodg42MEx51UGa\nmqi4NboMOvJEGyCI98Ul1z3G4z5D3Yf+xOr1Uz5MZf87Sst4WmsXXw3Hw09Omiqi\n7VdNIuJGmj8PkTQkfVXjjJU30xrwCSss0smNtA0Aq2cpKNgB9RkEth2+dv5yXMSF\nytKAQd8FqKPVhJBPC/PgP5sZ0jeJP/J7UhyM9uH3PAeXjA6iWYEMspA90+NZRu0P\nqafegGtaqge2Gcu8V/OXIXoMsSt0Puvap2ctTMSYnjYJdmZm/Bo/6khUHL4wvYBQ\nv3y1zgD2DGHZ5yQD4OMBgQ692IU0iL2yNqh7XAjlRICMb/gv1SHKHRzQ+8S1h9E6\nTsd2tTVItQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSM+xx1\nvALTn04uSNn5YFSqxLNP+jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQAD\nggIBAEii1QALLtA/vBzVtVRJHlpr9OTy4EA34MwUe7nJ+jW1dReTagVphZzNTxl4\nWxmB82M+w85bj/UvXgF2Ez8sALnNllI5SW0ETsXpD4YN4fqzX4IS8TrOZgYkNCvo\nzMrnadyHncI013nR03e4qllY/p0m+jiGPp2Kh2RX5Rc64vmNueMzeMGQ2Ljdt4NR\n5MTMI9UGfOZR0800McD2RrsLrfw9EAUqO0qRJe6M1ISHgCq8CYyqOhNf6DR5UMEQ\nGfnTKB7U0VEwKbOukGfWHwpjscWpxkIxYxeU72nLL/qMFH3EQxiJ2fAyQOaA4kZf\n5ePBAFmo+eggvIksDkc0C+pXwlM2/KfUrzHN/gLldfq5Jwn58/U7yn2fqSLLiMmq\n0Uc9NneoWWRrJ8/vJ8HjJLWG965+Mk2weWjROeiQWMODvA8s1pfrzgzhIMfatz7D\nP78v3DSk+yshzWePS/Tj6tQ/50+6uaWTRRxmHyH6ZF5v4HaUMst19W7l9o/HuKTM\nqJZ9ZPskWkoDbGs4xugDQ5r3V7mzKWmTOPQD8rv7gmsHINFSH5pkAnuYZttcTVoP\n0ISVoDwUQwbKytu4QTbaakRnh6+v40URFWkIsr4WOZckbxJF0WddCajJFdr60qZf\nE2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyRVJ12AMXDuDjb\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkG\nA1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkw\nFwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYx\nMDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAhBgNVBAoTGmUtY29tbWVyY2UgbW9u\naXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAyMDIwMIICIjANBgkq\nhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWiD59b\nRatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9Z\nYybNpyrOVPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3\nQWPKzv9pj2gOlTblzLmMCcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPw\nyJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCmfecqQjuCgGOlYx8ZzHyyZqjC0203b+J+\nBlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKAA1GqtH6qRNdDYfOiaxaJ\nSaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9ORJitHHmkH\nr96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj0\n4KlGDfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9Me\ndKZssCz3AwyIDMvUclOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIw\nq7ejMZdnrY8XD2zHc+0klGvIg5rQmjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2\nnKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\nAQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1UdIwQYMBaAFNwu\nH9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA\nVC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJC\nXtzoRlgHNQIw4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd\n6IwPS3BD0IL/qMy/pJTAvoe9iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf\n+I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS8cE54+X1+NZK3TTN+2/BT+MAi1bi\nkvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2HcqtbepBEX4tdJP7\nwry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxSvTOB\nTI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6C\nMUO+1918oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn\n4rnvyOL2NSl6dPrFf4IFYqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+I\naFvowdlxfv1k7/9nR4hYJS8+hge9+6jlgqispdNpQ80xiEmEU5LAsTkbOYMBMMTy\nqfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICWTCCAd+gAwIBAgIQZvI9r4fei7FK6gxXMQHC7DAKBggqhkjOPQQDAzBlMQsw\nCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYD\nVQQDEy1NaWNyb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw\nMTcwHhcNMTkxMjE4MjMwNjQ1WhcNNDIwNzE4MjMxNjA0WjBlMQswCQYDVQQGEwJV\nUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNy\nb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwdjAQBgcq\nhkjOPQIBBgUrgQQAIgNiAATUvD0CQnVBEyPNgASGAlEvaqiBYgtlzPbKnR5vSmZR\nogPZnZH6thaxjG7efM3beaYvzrvOcS/lpaso7GMEZpn4+vKTEAXhgShC48Zo9OYb\nhGBKia/teQ87zvH2RPUBeMCjVDBSMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8E\nBTADAQH/MB0GA1UdDgQWBBTIy5lycFIM+Oa+sgRXKSrPQhDtNTAQBgkrBgEEAYI3\nFQEEAwIBADAKBggqhkjOPQQDAwNoADBlAjBY8k3qDPlfXu5gKcs68tvWMoQZP3zV\nL8KxzJOuULsJMsbG7X7JNpQS5GiFBqIb0C8CMQCZ6Ra0DvpWSNSkMBaReNtUjGUB\niudQZsIxtzm6uBoiB078a1QWIP8rtedMDE2mT3M=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFqDCCA5CgAwIBAgIQHtOXCV/YtLNHcB6qvn9FszANBgkqhkiG9w0BAQwFADBl\nMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYw\nNAYDVQQDEy1NaWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5\nIDIwMTcwHhcNMTkxMjE4MjI1MTIyWhcNNDIwNzE4MjMwMDIzWjBlMQswCQYDVQQG\nEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1N\naWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwggIi\nMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKW76UM4wplZEWCpW9R2LBifOZ\nNt9GkMml7Xhqb0eRaPgnZ1AzHaGm++DlQ6OEAlcBXZxIQIJTELy/xztokLaCLeX0\nZdDMbRnMlfl7rEqUrQ7eS0MdhweSE5CAg2Q1OQT85elss7YfUJQ4ZVBcF0a5toW1\nHLUX6NZFndiyJrDKxHBKrmCk3bPZ7Pw71VdyvD/IybLeS2v4I2wDwAW9lcfNcztm\ngGTjGqwu+UcF8ga2m3P1eDNbx6H7JyqhtJqRjJHTOoI+dkC0zVJhUXAoP8XFWvLJ\njEm7FFtNyP9nTUwSlq31/niol4fX/V4ggNyhSyL71Imtus5Hl0dVe49FyGcohJUc\naDDv70ngNXtk55iwlNpNhTs+VcQor1fznhPbRiefHqJeRIOkpcrVE7NLP8TjwuaG\nYaRSMLl6IE9vDzhTyzMMEyuP1pq9KsgtsRx9S1HKR9FIJ3Jdh+vVReZIZZ2vUpC6\nW6IYZVcSn2i51BVrlMRpIpj0M+Dt+VGOQVDJNE92kKz8OMHY4Xu54+OU4UZpyw4K\nUGsTuqwPN1q3ErWQgR5WrlcihtnJ0tHXUeOrO8ZV/R4O03QK0dqq6mm4lyiPSMQH\n+FJDOvTKVTUssKZqwJz58oHhEmrARdlns87/I6KJClTUFLkqqNfs+avNJVgyeY+Q\nW5g5xAgGwax/Dj0ApQIDAQABo1QwUjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/\nBAUwAwEB/zAdBgNVHQ4EFgQUCctZf4aycI8awznjwNnpv7tNsiMwEAYJKwYBBAGC\nNxUBBAMCAQAwDQYJKoZIhvcNAQEMBQADggIBAKyvPl3CEZaJjqPnktaXFbgToqZC\nLgLNFgVZJ8og6Lq46BrsTaiXVq5lQ7GPAJtSzVXNUzltYkyLDVt8LkS/gxCP81OC\ngMNPOsduET/m4xaRhPtthH80dK2Jp86519efhGSSvpWhrQlTM93uCupKUY5vVau6\ntZRGrox/2KJQJWVggEbbMwSubLWYdFQl3JPk+ONVFT24bcMKpBLBaYVu32TxU5nh\nSnUgnZUP5NbcA/FZGOhHibJXWpS2qdgXKxdJ5XbLwVaZOjex/2kskZGT4d9Mozd2\nTaGf+G0eHdP67Pv0RR0Tbc/3WeUiJ3IrhvNXuzDtJE3cfVa7o7P4NHmJweDyAmH3\npvwPuxwXC65B2Xy9J6P9LjrRk5Sxcx0ki69bIImtt2dmefU6xqaWM/5TkshGsRGR\nxpl/j8nWZjEgQRCHLQzWwa80mMpkg/sTV9HB8Dx6jKXB/ZUhoHHBk2dxEuqPiApp\nGWSZI1b7rCoucL5mxAyE7+WL85MB+GqQk2dLsmijtWKP6T+MejteD+eMuMZ87zf9\ndOLITzNy4ZQ5bb0Sr74MTnB8G2+NszKTc0QWbej09+CVgI+WXTik9KveCjCHk9hN\nAHFiRSdLOkKEW39lt2c0Ui2cFmuqqNh7o0JMcccMyj6D5KbvtwEwXlGjefVwaaZB\nRA+GsCyRxj3qrg+E\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDcjCCAlqgAwIBAgIUZvnHwa/swlG07VOX5uaCwysckBYwDQYJKoZIhvcNAQEL\nBQAwUTELMAkGA1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28u\nLCBMdGQuMR0wGwYDVQQDExRTZWN1cmVTaWduIFJvb3QgQ0ExMjAeFw0yMDA0MDgw\nNTM2NDZaFw00MDA0MDgwNTM2NDZaMFExCzAJBgNVBAYTAkpQMSMwIQYDVQQKExpD\neWJlcnRydXN0IEphcGFuIENvLiwgTHRkLjEdMBsGA1UEAxMUU2VjdXJlU2lnbiBS\nb290IENBMTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6OcE3emhF\nKxS06+QT61d1I02PJC0W6K6OyX2kVzsqdiUzg2zqMoqUm048luT9Ub+ZyZN+v/mt\np7JIKwccJ/VMvHASd6SFVLX9kHrko+RRWAPNEHl57muTH2SOa2SroxPjcf59q5zd\nJ1M3s6oYwlkm7Fsf0uZlfO+TvdhYXAvA42VvPMfKWeP+bl+sg779XSVOKik71gur\nFzJ4pOE+lEa+Ym6b3kaosRbnhW70CEBFEaCeVESE99g2zvVQR9wsMJvuwPWW0v4J\nhscGWa5Pro4RmHvzC1KqYiaqId+OJTN5lxZJjfU+1UefNzFJM3IFTQy2VYzxV4+K\nh9GtxRESOaCtAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD\nAgEGMB0GA1UdDgQWBBRXNPN0zwRL1SXm8UC2LEzZLemgrTANBgkqhkiG9w0BAQsF\nAAOCAQEAPrvbFxbS8hQBICw4g0utvsqFepq2m2um4fylOqyttCg6r9cBg0krY6Ld\nmmQOmFxv3Y67ilQiLUoT865AQ9tPkbeGGuwAtEGBpE/6aouIs3YIcipJQMPTw4WJ\nmBClnW8Zt7vPemVV2zfrPIpyMpcemik+rY3moxtt9XUa5rBouVui7mlHJzWhhpmA\n8zNL4WukJsPvdFlseqJkth5Ew1DgDzk9qTPxpfPSvWKErI4cqc1avTc7bgoitPQV\n55FYxTpE05Uo2cBl6XLK0A+9H7MV2anjpEcJnuDLN/v9vZfVvhgaaaI5gdka9at/\nyOPiZwud9AzqVN/Ssq+xIvEg37xEHA==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFcjCCA1qgAwIBAgIUZNtaDCBO6Ncpd8hQJ6JaJ90t8sswDQYJKoZIhvcNAQEM\nBQAwUTELMAkGA1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28u\nLCBMdGQuMR0wGwYDVQQDExRTZWN1cmVTaWduIFJvb3QgQ0ExNDAeFw0yMDA0MDgw\nNzA2MTlaFw00NTA0MDgwNzA2MTlaMFExCzAJBgNVBAYTAkpQMSMwIQYDVQQKExpD\neWJlcnRydXN0IEphcGFuIENvLiwgTHRkLjEdMBsGA1UEAxMUU2VjdXJlU2lnbiBS\nb290IENBMTQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDF0nqh1oq/\nFjHQmNE6lPxauG4iwWL3pwon71D2LrGeaBLwbCRjOfHw3xDG3rdSINVSW0KZnvOg\nvlIfX8xnbacuUKLBl422+JX1sLrcneC+y9/3OPJH9aaakpUqYllQC6KxNedlsmGy\n6pJxaeQp8E+BgQQ8sqVb1MWoWWd7VRxJq3qdwudzTe/NCcLEVxLbAQ4jeQkHO6Lo\n/IrPj8BGJJw4J+CDnRugv3gVEOuGTgpa/d/aLIJ+7sr2KeH6caH3iGicnPCNvg9J\nkdjqOvn90Ghx2+m1K06Ckm9mH+Dw3EzsytHqunQG+bOEkJTRX45zGRBdAuVwpcAQ\n0BB8b8VYSbSwbprafZX1zNoCr7gsfXmPvkPx+SgojQlD+Ajda8iLLCSxjVIHvXib\ny8posqTdDEx5YMaZ0ZPxMBoH064iwurO8YQJzOAUbn8/ftKChazcqRZOhaBgy/ac\n18izju3Gm5h1DVXoX+WViwKkrkMpKBGk5hIwAUt1ax5mnXkvpXYvHUC0bcl9eQjs\n0Wq2XSqypWa9a4X0dFbD9ed1Uigspf9mR6XU/v6eVL9lfgHWMI+lNpyiUBzuOIAB\nSMbHdPTGrMNASRZhdCyvjG817XsYAFs2PJxQDcqSMxDxJklt33UkN4Ii1+iW/RVL\nApY+B3KVfqs9TC7XyvDf4Fg/LS8EmjijAQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD\nAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUBpOjCl4oaTeqYR3r6/wtbyPk\n86AwDQYJKoZIhvcNAQEMBQADggIBAJaAcgkGfpzMkwQWu6A6jZJOtxEaCnFxEM0E\nrX+lRVAQZk5KQaID2RFPeje5S+LGjzJmdSX7684/AykmjbgWHfYfM25I5uj4V7Ib\ned87hwriZLoAymzvftAj63iP/2SbNDefNWWipAA9EiOWWF3KY4fGoweITedpdopT\nzfFP7ELyk+OZpDc8h7hi2/DsHzc/N19DzFGdtfCXwreFamgLRB7lUe6TzktuhsHS\nDCRZNhqfLJGP4xjblJUK7ZGqDpncllPjYYPGFrojutzdfhrGe0K22VoF3Jpf1d+4\n2kd92jjbrDnVHmtsKheMYc2xbXIBw8MgAGJoFjHVdqqGuw6qnsb58Nn4DSEC5MUo\nFlkRudlpcyqSeLiSV5sI8jrlL5WwWLdrIBRtFO8KvH7YVdiI2i/6GaX7i+B/OfVy\nK4XELKzvGUWSTLNhB9xNH27SgRNcmvMSZ4PPmz+Ln52kuaiWA3rF7iDeM9ovnhp6\ndB7h7sxaOgTdsxoEqBRjrLdHEoOabPXm6RUVkRqEGQ6UROcSjiVbgGcZ3GOTEAtl\nLor6CZpO2oYofaphNdgOpygau1LgePhsumywbrmHXumZNTfxPWQrqaA0k89jL9WB\n365jJ6UeTo3cKXhZ+PmhIIynJkBugnLNeLLIjzwec+fBH7/PzqUqm9tEZDKgu39c\nJRNItX+S\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICIzCCAamgAwIBAgIUFhXHw9hJp75pDIqI7fBw+d23PocwCgYIKoZIzj0EAwMw\nUTELMAkGA1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28uLCBM\ndGQuMR0wGwYDVQQDExRTZWN1cmVTaWduIFJvb3QgQ0ExNTAeFw0yMDA0MDgwODMy\nNTZaFw00NTA0MDgwODMyNTZaMFExCzAJBgNVBAYTAkpQMSMwIQYDVQQKExpDeWJl\ncnRydXN0IEphcGFuIENvLiwgTHRkLjEdMBsGA1UEAxMUU2VjdXJlU2lnbiBSb290\nIENBMTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQLUHSNZDKZmbPSYAi4Io5GdCx4\nwCtELW1fHcmuS1Iggz24FG1Th2CeX2yF2wYUleDHKP+dX+Sq8bOLbe1PL0vJSpSR\nZHX+AezB2Ot6lHhWGENfa4HL9rzatAy2KZMIaY+jQjBAMA8GA1UdEwEB/wQFMAMB\nAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTrQciu/NWeUUj1vYv0hyCTQSvT\n9DAKBggqhkjOPQQDAwNoADBlAjEA2S6Jfl5OpBEHvVnCB96rMjhTKkZEBhd6zlHp\n4P9mLQlO4E/0BdGF9jVg3PVys0Z9AjBEmEYagoUeYWmJSwdLZrWeqrqgHkHZAXQ6\nbkU6iYAZezKYVWOr62Nuk22rGwlgMU4=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFdDCCA1ygAwIBAgIQVW9l47TZkGobCdFsPsBsIDANBgkqhkiG9w0BAQsFADBU\nMQswCQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRI\nT1JJVFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0ExMB4XDTE5MTIxOTAz\nMTYxN1oXDTQ0MTIxMjAzMTYxN1owVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJF\nSUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2Jh\nbCBSb290IENBMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPFmCL3Z\nxRVhy4QEQaVpN3cdwbB7+sN3SJATcmTRuHyQNZ0YeYjjlwE8R4HyDqKYDZ4/N+AZ\nspDyRhySsTphzvq3Rp4Dhtczbu33RYx2N95ulpH3134rhxfVizXuhJFyV9xgw8O5\n58dnJCNPYwpj9mZ9S1WnP3hkSWkSl+BMDdMJoDIwOvqfwPKcxRIqLhy1BDPapDgR\nat7GGPZHOiJBhyL8xIkoVNiMpTAK+BcWyqw3/XmnkRd4OJmtWO2y3syJfQOcs4ll\n5+M7sSKGjwZteAf9kRJ/sGsciQ35uMt0WwfCyPQ10WRjeulumijWML3mG90Vr4Tq\nnMfK9Q7q8l0ph49pczm+LiRvRSGsxdRpJQaDrXpIhRMsDQa4bHlW/KNnMoH1V6XK\nV0Jp6VwkYe/iMBhORJhVb3rCk9gZtt58R4oRTklH2yiUAguUSiz5EtBP6DF+bHq/\npj+bOT0CFqMYs2esWz8sgytnOYFcuX6U1WTdno9uruh8W7TXakdI136z1C2OVnZO\nz2nxbkRs1CTqjSShGL+9V/6pmTW12xB3uD1IutbB5/EjPtffhZ0nPNRAvQoMvfXn\njSXWgXSHRtQpdaJCbPdzied9v3pKH9MiyRVVz99vfFXQpIsHETdfg6YmV6YBW37+\nWGgHqel62bno/1Afq8K0wM7o6v0PvY1NuLxxAgMBAAGjQjBAMB0GA1UdDgQWBBTF\n7+3M2I0hxkjk49cULqcWk+WYATAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE\nAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAUoKsITQfI/Ki2Pm4rzc2IInRNwPWaZ+4\nYRC6ojGYWUfo0Q0lHhVBDOAqVdVXUsv45Mdpox1NcQJeXyFFYEhcCY5JEMEE3Kli\nawLwQ8hOnThJdMkycFRtwUf8jrQ2ntScvd0g1lPJGKm1Vrl2i5VnZu69mP6u775u\n+2D2/VnGKhs/I0qUJDAnyIm860Qkmss9vk/Ves6OF8tiwdneHg56/0OGNFK8YT88\nX7vZdrRTvJez/opMEi4r89fO4aL/3Xtw+zuhTaRjAv04l5U/BXCga99igUOLtFkN\nSoxUnMW7gZ/NfaXvCyUeOiDbHPwfmGcCCtRzRBPbUYQaVQNW4AB+dAb/OMRyHdOo\nP2gxXdMJxy6MW2Pg6Nwe0uxhHvLe5e/2mXZgLR6UcnHGCyoyx5JO1UbXHfmpGQrI\n+pXObSOYqgs4rZpWDW+N8TEAiMEXnM0ZNjX+VVOg4DwzX5Ze4jLp3zO7Bkqp2IRz\nznfSxqxx4VyjHQy7Ct9f4qNx2No3WqB4K/TUfet27fJhcKVlmtOJNBir+3I+17Q9\neVzYH6Eze9mCUAyTF6ps3MKCuwJXNq+YJyo5UOGwifUll35HaBC07HPKs5fRJNz2\nYqAo07WjuGS3iGJCz51TzZm+ZGiPTx4SSPfSKcOYKMryMguTjClPPGAyzQWWYezy\nr/6zcCwupvI=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICJTCCAaugAwIBAgIQLBcIfWQqwP6FGFkGz7RK6zAKBggqhkjOPQQDAzBUMQsw\nCQYDVQQGEwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJ\nVFkxHTAbBgNVBAMMFEJKQ0EgR2xvYmFsIFJvb3QgQ0EyMB4XDTE5MTIxOTAzMTgy\nMVoXDTQ0MTIxMjAzMTgyMVowVDELMAkGA1UEBhMCQ04xJjAkBgNVBAoMHUJFSUpJ\nTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRCSkNBIEdsb2JhbCBS\nb290IENBMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ3LgJGNU2e1uVCxA/jlSR9B\nIgmwUVJY1is0j8USRhTFiy8shP8sbqjV8QnjAyEUxEM9fMEsxEtqSs3ph+B99iK+\n+kpRuDCK/eHeGBIK9ke35xe/J4rUQUyWPGCWwf0VHKNCMEAwHQYDVR0OBBYEFNJK\nsVF/BvDRgh9Obl+rg/xI1LCRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD\nAgEGMAoGCCqGSM49BAMDA2gAMGUCMBq8W9f+qdJUDkpd0m2xQNz0Q9XSSpkZElaA\n94M04TVOSG0ED1cxMDAtsaqdAzjbBgIxAMvMh1PLet8gUXOQwKhbYdDFUDn9hf7B\n43j4ptZLvZuHjw/l1lOWqzzIQNph91Oj9w==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICCTCCAY6gAwIBAgINAgPluILrIPglJ209ZjAKBggqhkjOPQQDAzBHMQswCQYD\nVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG\nA1UEAxMLR1RTIFJvb3QgUjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw\nWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz\nIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjOPQIBBgUrgQQAIgNi\nAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout736G\njOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2ADDL2\n4CejQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW\nBBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEA9uEglRR7\nVKOQFhG/hMjqb2sXnh5GmCCbn9MN2azTL818+FsuVbu/3ZL3pAzcMeGiAjEA/Jdm\nZuVDFhOD3cffL74UOO0BzrEXGhF16b0DjyZ+hOXJYKaV11RZt+cRLInUue4X\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIB3DCCAYOgAwIBAgINAgPlfvU/k/2lCSGypjAKBggqhkjOPQQDAjBQMSQwIgYD\nVQQLExtHbG9iYWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2Jh\nbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTIxMTEzMDAwMDAwWhcNMzgw\nMTE5MDMxNDA3WjBQMSQwIgYDVQQLExtHbG9iYWxTaWduIEVDQyBSb290IENBIC0g\nUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wWTAT\nBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS4xnnTj2wlDp8uORkcA6SumuU5BwkWymOx\nuYb4ilfBV85C+nOh92VC/x7BALJucw7/xyHlGKSq2XE/qNS5zowdo0IwQDAOBgNV\nHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVLB7rUW44kB/\n+wpu+74zyTyjhNUwCgYIKoZIzj0EAwIDRwAwRAIgIk90crlgr/HmnKAWBVBfw147\nbmF0774BxL4YSFlhgjICICadVGNA3jdgUM/I2O2dgq43mLyjj0xMqTQrbO/7lZsm\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQsw\nCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU\nMBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw\nMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp\nY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUA\nA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaMf/vo\n27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7w\nCl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjw\nTcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0Pfybl\nqAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtcvfaH\nszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4Zor8\nY/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUspzBmk\nMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92\nwO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70p\naDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrN\nVjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQID\nAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E\nFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBAJ+qQibb\nC5u+/x6Wki4+omVKapi6Ist9wTrYggoGxval3sBOh2Z5ofmmWJyq+bXmYOfg6LEe\nQkEzCzc9zolwFcq1JKjPa7XSQCGYzyI0zzvFIoTgxQ6KfF2I5DUkzps+GlQebtuy\nh6f88/qBVRRiClmpIgUxPoLW7ttXNLwzldMXG+gnoot7TiYaelpkttGsN/H9oPM4\n7HLwEXWdyzRSjeZ2axfG34arJ45JK3VmgRAhpuo+9K4l/3wV3s6MJT/KYnAK9y8J\nZgfIPxz88NtFMN9iiMG1D53Dn0reWVlHxYciNuaCp+0KueIHoI17eko8cdLiA6Ef\nMgfdG+RCzgwARWGAtQsgWSl4vflVy2PFPEz0tv/bal8xa5meLMFrUKTX5hgUvYU/\nZ6tGn6D/Qqc6f1zLXbBwHSs09dR2CQzreExZBfMzQsNhFRAbd03OIozUhfJFfbdT\n6u9AWpQKXCBfTkBdYiJ23//OYb2MI3jSNwLgjt7RETeJ9r/tSQdirpLsQBqvFAnZ\n0E6yove+7u7Y/9waLd64NnHi/Hm3lCXRSHNboTXns5lndcEZOitHTtNCjv0xyBZm\n2tIMPNuzjsmhDYAPexZ3FL//2wmUspO8IFgV6dtxQ/PeEMMA3KgqlbbC1j+Qa3bb\nbP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3gm3c\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFVzCCAz+gAwIBAgINAgPlrsWNBCUaqxElqjANBgkqhkiG9w0BAQwFADBHMQsw\nCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU\nMBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw\nMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp\nY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUA\nA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3LvCvpt\nnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3KgGjSY\n6Dlo7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9BuXvAu\nMC6C/Pq8tBcKSOWIm8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOdre7k\nRXuJVfeKH2JShBKzwkCX44ofR5GmdFrS+LFjKBC4swm4VndAoiaYecb+3yXuPuWg\nf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7MkogwTZq9TwtImoS1mKPV\n+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJGr61K8Yzo\ndDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqjx5RW\nIr9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsRnTKa\nG73VululycslaVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0kzCq\ngc7dGtxRcw1PcOnlthYhGXmy5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9OktwID\nAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E\nFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQADggIBAB/Kzt3H\nvqGf2SdMC9wXmBFqiN495nFWcrKeGk6c1SuYJF2ba3uwM4IJvd8lRuqYnrYb/oM8\n0mJhwQTtzuDFycgTE1XnqGOtjHsB/ncw4c5omwX4Eu55MaBBRTUoCnGkJE+M3DyC\nB19m3H0Q/gxhswWV7uGugQ+o+MePTagjAiZrHYNSVc61LwDKgEDg4XSsYPWHgJ2u\nNmSRXbBoGOqKYcl3qJfEycel/FVL8/B/uWU9J2jQzGv6U53hkRrJXRqWbTKH7QMg\nyALOWr7Z6v2yTcQvG99fevX4i8buMTolUVVnjWQye+mew4K6Ki3pHrTgSAai/Gev\nHyICc/sgCq+dVEuhzf9gR7A/Xe8bVr2XIZYtCtFenTgCR2y59PYjJbigapordwj6\nxLEokCZYCDzifqrXPW+6MYgKBesntaFJ7qBFVHvmJ2WZICGoo7z7GJa7Um8M7YNR\nTOlZ4iBgxcJlkoKM8xAfDoqXvneCbT+PHV28SSe9zE8P4c52hgQjxcCMElv924Sg\nJPFI/2R80L5cFtHvma3AH/vLrrw4IgYmZNralw4/KBVEqE8AyvCazM90arQ+POuV\n7LXTWtiBmelDGDfrs7vRWGJB82bSj6p4lVQgw1oudCvV0b4YacCs1aTPObpRhANl\n6WLAYv7YTVWW4tAR+kg0Eeye7QUd5MjWHYbL\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYD\nVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG\nA1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw\nWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz\nIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQAIgNi\nAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzuhXyi\nQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvR\nHYqjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW\nBBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D\n9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/Cr8deVl5c1RxYIigL9zC2L7F8AjEA8GE8\np/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh4rsUecrNIdSUtUlD\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFdDCCA1ygAwIBAgIPAWdfJ9b+euPkrL4JWwWeMA0GCSqGSIb3DQEBCwUAMEQx\nCzAJBgNVBAYTAkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UE\nAwwQVGVsaWEgUm9vdCBDQSB2MjAeFw0xODExMjkxMTU1NTRaFw00MzExMjkxMTU1\nNTRaMEQxCzAJBgNVBAYTAkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZ\nMBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2MjCCAiIwDQYJKoZIhvcNAQEBBQADggIP\nADCCAgoCggIBALLQPwe84nvQa5n44ndp586dpAO8gm2h/oFlH0wnrI4AuhZ76zBq\nAMCzdGh+sq/H1WKzej9Qyow2RCRj0jbpDIX2Q3bVTKFgcmfiKDOlyzG4OiIjNLh9\nvVYiQJ3q9HsDrWj8soFPmNB06o3lfc1jw6P23pLCWBnglrvFxKk9pXSW/q/5iaq9\nlRdU2HhE8Qx3FZLgmEKnpNaqIJLNwaCzlrI6hEKNfdWV5Nbb6WLEWLN5xYzTNTOD\nn3WhUidhOPFZPY5Q4L15POdslv5e2QJltI5c0BE0312/UqeBAMN/mUWZFdUXyApT\n7GPzmX3MaRKGwhfwAZ6/hLzRUssbkmbOpFPlob/E2wnW5olWK8jjfN7j/4nlNW4o\n6GwLI1GpJQXrSPjdscr6bAhR77cYbETKJuFzxokGgeWKrLDiKca5JLNrRBH0pUPC\nTEPlcDaMtjNXepUugqD0XBCzYYP2AgWGLnwtbNwDRm41k9V6lS/eINhbfpSQBGq6\nWT0EBXWdN6IOLj3rwaRSg/7Qa9RmjtzG6RJOHSpXqhC8fF6CfaamyfItufUXJ63R\nDolUK5X6wK0dmBR4M0KGCqlztft0DbcbMBnEWg4cJ7faGND/isgFuvGqHKI3t+ZI\npEYslOqodmJHixBTB0hXbOKSTbauBcvcwUpej6w9GU7C7WB1K9vBykLVAgMBAAGj\nYzBhMB8GA1UdIwQYMBaAFHKs5DN5qkWH9v2sHZ7Wxy+G2CQ5MB0GA1UdDgQWBBRy\nrOQzeapFh/b9rB2e1scvhtgkOTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw\nAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAoDtZpwmUPjaE0n4vOaWWl/oRrfxn83EJ\n8rKJhGdEr7nv7ZbsnGTbMjBvZ5qsfl+yqwE2foH65IRe0qw24GtixX1LDoJt0nZi\n0f6X+J8wfBj5tFJ3gh1229MdqfDBmgC9bXXYfef6xzijnHDoRnkDry5023X4blMM\nA8iZGok1GTzTyVR8qPAs5m4HeW9q4ebqkYJpCh3DflminmtGFZhb069GHWLIzoBS\nSRE/yQQSwxN8PzuKlts8oB4KtItUsiRnDe+Cy748fdHif64W1lZYudogsYMVoe+K\nTTJvQS8TUoKU1xrBeKJR3Stwbbca+few4GeXVtt8YVMJAygCQMez2P2ccGrGKMOF\n6eLtGpOg3kuYooQ+BXcBlj37tCAPnHICehIv1aO6UXivKitEZU61/Qrowc15h2Er\n3oBXRb9n8ZuRXqWk7FlIEA04x7D6w0RtBPV4UBySllva9bguulvP5fBqnUsvWHMt\nTy3EHD70sz+rFQ47GUGKpMFXEmZxTPpT41frYpUJnlTd0cI8Vzy9OK2YZLe4A5pT\nVmBds9hCG1xLEooc6+t9xnppxyd/pPiL8uSUZodL6ZQHCRJ5irLrdATczvREWeAW\nysUsWNc8e89ihmpQfTU2Zqf7N+cox9jQraVplI/owd8k+BsHMYeB2F326CjYSlKA\nrBPuUBQemMc=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIC2zCCAmCgAwIBAgIQfMmPK4TX3+oPyWWa00tNljAKBggqhkjOPQQDAzBIMQsw\nCQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRS\nVVNUIEJSIFJvb3QgQ0EgMSAyMDIwMB4XDTIwMDIxMTA5NDUwMFoXDTM1MDIxMTA5\nNDQ1OVowSDELMAkGA1UEBhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEiMCAG\nA1UEAxMZRC1UUlVTVCBCUiBSb290IENBIDEgMjAyMDB2MBAGByqGSM49AgEGBSuB\nBAAiA2IABMbLxyjR+4T1mu9CFCDhQ2tuda38KwOE1HaTJddZO0Flax7mNCq7dPYS\nzuht56vkPE4/RAiLzRZxy7+SmfSk1zxQVFKQhYN4lGdnoxwJGT11NIXe7WB9xwy0\nQVK5buXuQqOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHOREKv/\nVbNafAkl1bK6CKBrqx9tMA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6g\nPKA6hjhodHRwOi8vY3JsLmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X2JyX3Jvb3Rf\nY2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVjdG9yeS5kLXRydXN0Lm5l\ndC9DTj1ELVRSVVNUJTIwQlIlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxPPUQtVHJ1\nc3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjO\nPQQDAwNpADBmAjEAlJAtE/rhY/hhY+ithXhUkZy4kzg+GkHaQBZTQgjKL47xPoFW\nwKrY7RjEsK70PvomAjEA8yjixtsrmfu3Ubgko6SUeho/5jbiA1czijDLgsfWFBHV\ndWNbFJWcHwHP2NVypw87\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIC2zCCAmCgAwIBAgIQXwJB13qHfEwDo6yWjfv/0DAKBggqhkjOPQQDAzBIMQsw\nCQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRS\nVVNUIEVWIFJvb3QgQ0EgMSAyMDIwMB4XDTIwMDIxMTEwMDAwMFoXDTM1MDIxMTA5\nNTk1OVowSDELMAkGA1UEBhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEiMCAG\nA1UEAxMZRC1UUlVTVCBFViBSb290IENBIDEgMjAyMDB2MBAGByqGSM49AgEGBSuB\nBAAiA2IABPEL3YZDIBnfl4XoIkqbz52Yv7QFJsnL46bSj8WeeHsxiamJrSc8ZRCC\n/N/DnU7wMyPE0jL1HLDfMxddxfCxivnvubcUyilKwg+pf3VlSSowZ/Rk99Yad9rD\nwpdhQntJraOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFH8QARY3\nOqQo5FD4pPfsazK2/umLMA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6g\nPKA6hjhodHRwOi8vY3JsLmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X2V2X3Jvb3Rf\nY2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVjdG9yeS5kLXRydXN0Lm5l\ndC9DTj1ELVRSVVNUJTIwRVYlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxPPUQtVHJ1\nc3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjO\nPQQDAwNpADBmAjEAyjzGKnXCXnViOTYAYFqLwZOZzNnbQTs7h5kXO9XMT8oi96CA\ny/m0sRtW9XLS/BnRAjEAkfcwkz8QRitxpNA7RJvAKQIFskF3UfN5Wp6OFKBOQtJb\ngfM0agPnIjhQW+0ZT0MW\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFpDCCA4ygAwIBAgIQOcqTHO9D88aOk8f0ZIk4fjANBgkqhkiG9w0BAQsFADBs\nMQswCQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl\nc2VhcmNoIEluc3RpdHV0aW9ucyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBSU0Eg\nUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTEwNTUzOFoXDTQ1MDIxMzEwNTUzN1owbDEL\nMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl\nYXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgUlNBIFJv\nb3QgQ0EgMjAyMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIvC569l\nmwVnlskNJLnQDmT8zuIkGCyEf3dRywQRNrhe7Wlxp57kJQmXZ8FHws+RFjZiPTgE\n4VGC/6zStGndLuwRo0Xua2s7TL+MjaQenRG56Tj5eg4MmOIjHdFOY9TnuEFE+2uv\na9of08WRiFukiZLRgeaMOVig1mlDqa2YUlhu2wr7a89o+uOkXjpFc5gH6l8Cct4M\npbOfrqkdtx2z/IpZ525yZa31MJQjB/OCFks1mJxTuy/K5FrZx40d/JiZ+yykgmvw\nKh+OC19xXFyuQnspiYHLA6OZyoieC0AJQTPb5lh6/a6ZcMBaD9YThnEvdmn8kN3b\nLW7R8pv1GmuebxWMevBLKKAiOIAkbDakO/IwkfN4E8/BPzWr8R0RI7VDIp4BkrcY\nAuUR0YLbFQDMYTfBKnya4dC6s1BG7oKsnTH4+yPiAwBIcKMJJnkVU2DzOFytOOqB\nAGMUuTNe3QvboEUHGjMJ+E20pwKmafTCWQWIZYVWrkvL4N48fS0ayOn7H6NhStYq\nE613TBoYm5EPWNgGVMWX+Ko/IIqmhaZ39qb8HOLubpQzKoNQhArlT4b4UEV4AIHr\nW2jjJo3Me1xR9BQsQL4aYB16cmEdH2MtiKrOokWQCPxrvrNQKlr9qEgYRtaQQJKQ\nCoReaDH46+0N0x3GfZkYVVYnZS6NRcUk7M7jAgMBAAGjQjBAMA8GA1UdEwEB/wQF\nMAMBAf8wHQYDVR0OBBYEFApII6ZgpJIKM+qTW8VX6iVNvRLuMA4GA1UdDwEB/wQE\nAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAPpBIqm5iFSVmewzVjIuJndftTgfvnNAU\nX15QvWiWkKQUEapobQk1OUAJ2vQJLDSle1mESSmXdMgHHkdt8s4cUCbjnj1AUz/3\nf5Z2EMVGpdAgS1D0NTsY9FVqQRtHBmg8uwkIYtlfVUKqrFOFrJVWNlar5AWMxaja\nH6NpvVMPxP/cyuN+8kyIhkdGGvMA9YCRotxDQpSbIPDRzbLrLFPCU3hKTwSUQZqP\nJzLB5UkZv/HywouoCjkxKLR9YjYsTewfM7Z+d21+UPCfDtcRj88YxeMn/ibvBZ3P\nzzfF0HvaO7AWhAw6k9a+F9sPPg4ZeAnHqQJyIkv3N3a6dcSFA1pj1bF1BcK5vZSt\njBWZp5N99sXzqnTPBIWUmAD04vnKJGW/4GKvyMX6ssmeVkjaef2WdhW+o45WxLM0\n/L5H9MG0qPzVMIho7suuyWPEdr6sOBjhXlzPrjoiUevRi7PzKzMHVIf6tLITe7pT\nBGIBnfHAT+7hOtSLIBD6Alfm78ELt5BGnBkpjNxvoEppaZS3JGWg/6w/zgH7IS79\naPib8qXPMThcFarmlwDB31qlpzmq6YR/PFGoOtmUW4y/Twhx5duoXNTSpv4Ao8YW\nxw/ogM4cKGR0GQjTQuPOAF1/sdwTsOEFy9EgqoZ0njnnkf3/W9b3raYvAwtt41dU\n63ZTGI0RmLo=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICVDCCAdugAwIBAgIQZ3SdjXfYO2rbIvT/WeK/zjAKBggqhkjOPQQDAzBsMQsw\nCQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2Vh\ncmNoIEluc3RpdHV0aW9ucyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBFQ0MgUm9v\ndCBDQSAyMDIxMB4XDTIxMDIxOTExMDExMFoXDTQ1MDIxMzExMDEwOVowbDELMAkG\nA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj\naCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgRUNDIFJvb3Qg\nQ0EgMjAyMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABDgI/rGgltJ6rK9JOtDA4MM7\nKKrxcm1lAEeIhPyaJmuqS7psBAqIXhfyVYf8MLA04jRYVxqEU+kw2anylnTDUR9Y\nSTHMmE5gEYd103KUkE+bECUqqHgtvpBBWJAVcqeht6NCMEAwDwYDVR0TAQH/BAUw\nAwEB/zAdBgNVHQ4EFgQUyRtTgRL+BNUW0aq8mm+3oJUZbsowDgYDVR0PAQH/BAQD\nAgGGMAoGCCqGSM49BAMDA2cAMGQCMBHervjcToiwqfAircJRQO9gcS3ujwLEXQNw\nSaSS6sUUiHCm0w2wqsosQJz76YJumgIwK0eaB8bRwoF8yguWGEEbo/QwCZ61IygN\nnxS2PFOiTAZpffpskcYqSUXm7LcT4Tps\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQsw\nCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg\nR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00\nMDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5ldCBT\nZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNSRyBSb290IFgyMHYw\nEAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0HttwW\n+1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9\nItgKbppbd9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T\nAQH/BAUwAwEB/zAdBgNVHQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZI\nzj0EAwMDaAAwZQIwe3lORlCEwkSHRhtFcP9Ymd70/aTSVaYgLXTWNLxBo1BfASdW\ntL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1\n/q4AaOeMSQ+2b1tbFfLn\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFZjCCA06gAwIBAgIQCPm0eKj6ftpqMzeJ3nzPijANBgkqhkiG9w0BAQwFADBN\nMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMT\nHERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcN\nNDYwMTE0MjM1OTU5WjBNMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQs\nIEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwggIi\nMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz0PTJeRGd/fxmgefM1eS87IE+\najWOLrfn3q/5B03PMJ3qCQuZvWxX2hhKuHisOjmopkisLnLlvevxGs3npAOpPxG0\n2C+JFvuUAT27L/gTBaF4HI4o4EXgg/RZG5Wzrn4DReW+wkL+7vI8toUTmDKdFqgp\nwgscONyfMXdcvyej/Cestyu9dJsXLfKB2l2w4SMXPohKEiPQ6s+d3gMXsUJKoBZM\npG2T6T867jp8nVid9E6P/DsjyG244gXazOvswzH016cpVIDPRFtMbzCe88zdH5RD\nnU1/cHAN1DrRN/BsnZvAFJNY781BOHW8EwOVfH/jXOnVDdXifBBiqmvwPXbzP6Po\nsMH976pXTayGpxi0KcEsDr9kvimM2AItzVwv8n/vFfQMFawKsPHTDU9qTXeXAaDx\nZre3zu/O7Oyldcqs4+Fj97ihBMi8ez9dLRYiVu1ISf6nL3kwJZu6ay0/nTvEF+cd\nLvvyz6b84xQslpghjLSR6Rlgg/IwKwZzUNWYOwbpx4oMYIwo+FKbbuH2TbsGJJvX\nKyY//SovcfXWJL5/MZ4PbeiPT02jP/816t9JXkGPhvnxd3lLG7SjXi/7RgLQZhNe\nXoVPzthwiHvOAbWWl9fNff2C+MIkwcoBOU+NosEUQB+cZtUMCUbW8tDRSHZWOkPL\ntgoRObqME2wGtZ7P6wIDAQABo0IwQDAdBgNVHQ4EFgQUUTMc7TZArxfTJc1paPKv\nTiM+s0EwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN\nAQEMBQADggIBAGCmr1tfV9qJ20tQqcQjNSH/0GEwhJG3PxDPJY7Jv0Y02cEhJhxw\nGXIeo8mH/qlDZJY6yFMECrZBu8RHANmfGBg7sg7zNOok992vIGCukihfNudd5N7H\nPNtQOa27PShNlnx2xlv0wdsUpasZYgcYQF+Xkdycx6u1UQ3maVNVzDl92sURVXLF\nO4uJ+DQtpBflF+aZfTCIITfNMBc9uPK8qHWgQ9w+iUuQrm0D4ByjoJYJu32jtyoQ\nREtGBzRj7TG5BO6jm5qu5jF49OokYTurWGT/u4cnYiWB39yhL/btp/96j1EuMPik\nAdKFOV8BmZZvWltwGUb+hmA+rYAQCd05JS9Yf7vSdPD3Rh9GOUrYU9DzLjtxpdRv\n/PNn5AeP3SYZ4Y1b+qOTEZvpyDrDVWiakuFSdjjo4bq9+0/V77PnSIMx8IIh47a+\np6tv75/fTM8BuGJqIz3nCU2AG3swpMPdB380vqQmsvZB6Akd4yCYqjdP//fx4ilw\nMUc/dNAUFvohigLVigmUdy7yWSiLfFCSCmZ4OIN1xLVaqBHG5cGdZlXPU8Sv13WF\nqUITVuwhd4GTWgzqltlJyqEI8pc7bZsEGCREjnwB8twl2F6GmrE52/WRMmrRpnCK\novfepEWFJqgejF0pW8hL2JpqA15w8oVPbEtoL8pU9ozaMv7Da4M/OMZ+\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQsw\nCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURp\nZ2lDZXJ0IFRMUyBFQ0MgUDM4NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2\nMDExNDIzNTk1OVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJ\nbmMuMSYwJAYDVQQDEx1EaWdpQ2VydCBUTFMgRUNDIFAzODQgUm9vdCBHNTB2MBAG\nByqGSM49AgEGBSuBBAAiA2IABMFEoc8Rl1Ca3iOCNQfN0MsYndLxf3c1TzvdlHJS\n7cI7+Oz6e2tYIOyZrsn8aLN1udsJ7MgT9U7GCh1mMEy7H0cKPGEQQil8pQgO4CLp\n0zVozptjn4S1mU1YoI71VOeVyaNCMEAwHQYDVR0OBBYEFMFRRVBZqz7nLFr6ICIS\nB4CIfBFqMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49\nBAMDA2gAMGUCMQCJao1H5+z8blUD2WdsJk6Dxv3J+ysTvLd6jLRl0mlpYxNjOyZQ\nLgGheQaRnUi/wr4CMEfDFXuxoJGZSZOoPHzoRgaLLPIxAJSdYsiJvRmEFOml+wG4\nDXZDjC5Ty3zfDBeWUA==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFRzCCAy+gAwIBAgIRAI4P+UuQcWhlM1T01EQ5t+AwDQYJKoZIhvcNAQELBQAw\nPTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCUNlcnRhaW5seTEaMBgGA1UEAxMRQ2Vy\ndGFpbmx5IFJvb3QgUjEwHhcNMjEwNDAxMDAwMDAwWhcNNDYwNDAxMDAwMDAwWjA9\nMQswCQYDVQQGEwJVUzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0\nYWlubHkgUm9vdCBSMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANA2\n1B/q3avk0bbm+yLA3RMNansiExyXPGhjZjKcA7WNpIGD2ngwEc/csiu+kr+O5MQT\nvqRoTNoCaBZ0vrLdBORrKt03H2As2/X3oXyVtwxwhi7xOu9S98zTm/mLvg7fMbed\naFySpvXl8wo0tf97ouSHocavFwDvA5HtqRxOcT3Si2yJ9HiG5mpJoM610rCrm/b0\n1C7jcvk2xusVtyWMOvwlDbMicyF0yEqWYZL1LwsYpfSt4u5BvQF5+paMjRcCMLT5\nr3gajLQ2EBAHBXDQ9DGQilHFhiZ5shGIXsXwClTNSaa/ApzSRKft43jvRl5tcdF5\ncBxGX1HpyTfcX35pe0HfNEXgO4T0oYoKNp43zGJS4YkNKPl6I7ENPT2a/Z2B7yyQ\nwHtETrtJ4A5KVpK8y7XdeReJkd5hiXSSqOMyhb5OhaRLWcsrxXiOcVTQAjeZjOVJ\n6uBUcqQRBi8LjMFbvrWhsFNunLhgkR9Za/kt9JQKl7XsxXYDVBtlUrpMklZRNaBA\n2CnbrlJ2Oy0wQJuK0EJWtLeIAaSHO1OWzaMWj/Nmqhexx2DgwUMFDO6bW2BvBlyH\nWyf5QBGenDPBt+U1VwV/J84XIIwc/PH72jEpSe31C4SnT8H2TsIonPru4K8H+zMR\neiFPCyEQtkA6qyI6BJyLm4SGcprSp6XEtHWRqSsjAgMBAAGjQjBAMA4GA1UdDwEB\n/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTgqj8ljZ9EXME66C6u\nd0yEPmcM9DANBgkqhkiG9w0BAQsFAAOCAgEAuVevuBLaV4OPaAszHQNTVfSVcOQr\nPbA56/qJYv331hgELyE03fFo8NWWWt7CgKPBjcZq91l3rhVkz1t5BXdm6ozTaw3d\n8VkswTOlMIAVRQdFGjEitpIAq5lNOo93r6kiyi9jyhXWx8bwPWz8HA2YEGGeEaIi\n1wrykXprOQ4vMMM2SZ/g6Q8CRFA3lFV96p/2O7qUpUzpvD5RtOjKkjZUbVwlKNrd\nrRT90+7iIgXr0PK3aBLXWopBGsaSpVo7Y0VPv+E6dyIvXL9G+VoDhRNCX8reU9di\ntaY1BMJH/5n9hN9czulegChB8n3nHpDYT3Y+gjwN/KUD+nsa2UUeYNrEjvn8K8l7\nlcUq/6qJ34IxD3L/DCfXCh5WAFAeDJDBlrXYFIW7pw0WwfgHJBu6haEaBQmAupVj\nyTrsJZ9/nbqkRxWbRHDxakvWOF5D8xh+UG7pWijmZeZ3Gzr9Hb4DJqPb1OG7fpYn\nKx3upPvaJVQTA945xsMfTZDsjxtK0hzthZU4UHlG1sGQUDGpXJpuHfUzVounmdLy\nyCwzk5Iwx06MZTMQZBf9JBeW0Y3COmor6xOLRPIh80oat3df1+2IpHLlOR+Vnb5n\nwXARPbv0+Em34yaXOp/SX3z7wJl8OSngex2/DaeP0ik0biQVy96QXr8axGbqwua6\nOV+KmalBWQewLK8=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIB9zCCAX2gAwIBAgIQBiUzsUcDMydc+Y2aub/M+DAKBggqhkjOPQQDAzA9MQsw\nCQYDVQQGEwJVUzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0YWlu\nbHkgUm9vdCBFMTAeFw0yMTA0MDEwMDAwMDBaFw00NjA0MDEwMDAwMDBaMD0xCzAJ\nBgNVBAYTAlVTMRIwEAYDVQQKEwlDZXJ0YWlubHkxGjAYBgNVBAMTEUNlcnRhaW5s\neSBSb290IEUxMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3m/4fxzf7flHh4axpMCK\n+IKXgOqPyEpeKn2IaKcBYhSRJHpcnqMXfYqGITQYUBsQ3tA3SybHGWCA6TS9YBk2\nQNYphwk8kXr2vBMj3VlOBF7PyAIcGFPBMdjaIOlEjeR2o0IwQDAOBgNVHQ8BAf8E\nBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ygYy2R17ikq6+2uI1g4\nhevIIgcwCgYIKoZIzj0EAwMDaAAwZQIxALGOWiDDshliTd6wT99u0nCK8Z9+aozm\nut6Dacpps6kFtZaSF4fC0urQe87YQVt8rgIwRt7qy12a7DLCZRawTDBcMPPaTnOG\nBtjOiQRINzf43TNRnXCve1XYAS59BWQOhriR\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFpTCCA42gAwIBAgIUZPYOZXdhaqs7tOqFhLuxibhxkw8wDQYJKoZIhvcNAQEM\nBQAwWjELMAkGA1UEBhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dp\nZXMsIEluYy4xJDAiBgNVBAMMG1RydXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHMzAe\nFw0yMTA1MjAwMjEwMTlaFw00NjA1MTkwMjEwMTlaMFoxCzAJBgNVBAYTAkNOMSUw\nIwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMSQwIgYDVQQDDBtU\ncnVzdEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzMwggIiMA0GCSqGSIb3DQEBAQUAA4IC\nDwAwggIKAoICAQDAMYJhkuSUGwoqZdC+BqmHO1ES6nBBruL7dOoKjbmzTNyPtxNS\nT1QY4SxzlZHFZjtqz6xjbYdT8PfxObegQ2OwxANdV6nnRM7EoYNl9lA+sX4WuDqK\nAtCWHwDNBSHvBm3dIZwZQ0WhxeiAysKtQGIXBsaqvPPW5vxQfmZCHzyLpnl5hkA1\nnyDvP+uLRx+PjsXUjrYsyUQE49RDdT/VP68czH5GX6zfZBCK70bwkPAPLfSIC7Ep\nqq+FqklYqL9joDiR5rPmd2jE+SoZhLsO4fWvieylL1AgdB4SQXMeJNnKziyhWTXA\nyB1GJ2Faj/lN03J5Zh6fFZAhLf3ti1ZwA0pJPn9pMRJpxx5cynoTi+jm9WAPzJMs\nhH/x/Gr8m0ed262IPfN2dTPXS6TIi/n1Q1hPy8gDVI+lhXgEGvNz8teHHUGf59gX\nzhqcD0r83ERoVGjiQTz+LISGNzzNPy+i2+f3VANfWdP3kXjHi3dqFuVJhZBFcnAv\nkV34PmVACxmZySYgWmjBNb9Pp1Hx2BErW+Canig7CjoKH8GB5S7wprlppYiU5msT\nf9FkPz2ccEblooV7WIQn3MSAPmeamseaMQ4w7OYXQJXZRe0Blqq/DPNL0WP3E1jA\nuPP6Z92bfW1K/zJMtSU7/xxnD4UiWQWRkUF3gdCFTIcQcf+eQxuulXUtgQIDAQAB\no2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFEDk5PIj7zjKsK5Xf/Ih\nMBY027ySMB0GA1UdDgQWBBRA5OTyI+84yrCuV3/yITAWNNu8kjAOBgNVHQ8BAf8E\nBAMCAQYwDQYJKoZIhvcNAQEMBQADggIBACY7UeFNOPMyGLS0XuFlXsSUT9SnYaP4\nwM8zAQLpw6o1D/GUE3d3NZ4tVlFEbuHGLige/9rsR82XRBf34EzC4Xx8MnpmyFq2\nXFNFV1pF1AWZLy4jVe5jaN/TG3inEpQGAHUNcoTpLrxaatXeL1nHo+zSh2bbt1S1\nJKv0Q3jbSwTEb93mPmY+KfJLaHEih6D4sTNjduMNhXJEIlU/HHzp/LgV6FL6qj6j\nITk1dImmasI5+njPtqzn59ZW/yOSLlALqbUHM/Q4X6RJpstlcHboCoWASzY9M/eV\nVHUl2qzEc4Jl6VL1XP04lQJqaTDFHApXB64ipCz5xUG3uOyfT0gA+QEEVcys+TIx\nxHWVBqB/0Y0n3bOppHKH/lmLmnp0Ft0WpWIp6zqW3IunaFnT63eROfjXy9mPX1on\nAX1daBli2MjN9LdyR75bl87yraKZk62Uy5P2EgmVtqvXO9A/EcswFi55gORngS1d\n7XB4tmBZrOFdRWOPyN9yaFvqHbgB8X7754qz41SgOAngPN5C8sLtLpvzHzW2Ntjj\ngKGLzZlkD8Kqq7HK9W+eQ42EVJmzbsASZthwEPEGNTNDqJwuuhQxzhB/HIbjj9LV\n+Hfsm6vxL2PZQl/gZ4FkkfGXL/xuJvYz+NO1+MRiqzFRJQJ6+N1rZdVtTTDIZbpo\nFGWsJwt0ivKH\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICVTCCAdygAwIBAgIUTyNkuI6XY57GU4HBdk7LKnQV1tcwCgYIKoZIzj0EAwMw\nWjELMAkGA1UEBhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dpZXMs\nIEluYy4xJDAiBgNVBAMMG1RydXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHNDAeFw0y\nMTA1MjAwMjEwMjJaFw00NjA1MTkwMjEwMjJaMFoxCzAJBgNVBAYTAkNOMSUwIwYD\nVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMSQwIgYDVQQDDBtUcnVz\ndEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATx\ns8045CVD5d4ZCbuBeaIVXxVjAd7Cq92zphtnS4CDr5nLrBfbK5bKfFJV4hrhPVbw\nLxYI+hW8m7tH5j/uqOFMjPXTNvk4XatwmkcN4oFBButJ+bAp3TPsUKV/eSm4IJij\nYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUpbtKl86zK3+kMd6Xg1mD\npm9xy94wHQYDVR0OBBYEFKW7SpfOsyt/pDHel4NZg6ZvccveMA4GA1UdDwEB/wQE\nAwIBBjAKBggqhkjOPQQDAwNnADBkAjBe8usGzEkxn0AAbbd+NvBNEU/zy4k6LHiR\nUKNbwMp1JvK/kF0LgoxgKJ/GcJpo5PECMFxYDlZ2z1jD1xCMuo6u47xkdUfFVZDj\n/bpV6wfEU6s3qe4hsiFbYI89MvHVI5TWWA==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICHTCCAaOgAwIBAgIUQ3CCd89NXTTxyq4yLzf39H91oJ4wCgYIKoZIzj0EAwMw\nTjELMAkGA1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29t\nbVNjb3BlIFB1YmxpYyBUcnVzdCBFQ0MgUm9vdC0wMTAeFw0yMTA0MjgxNzM1NDNa\nFw00NjA0MjgxNzM1NDJaME4xCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21tU2Nv\ncGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3QgRUNDIFJvb3QtMDEw\ndjAQBgcqhkjOPQIBBgUrgQQAIgNiAARLNumuV16ocNfQj3Rid8NeeqrltqLxeP0C\nflfdkXmcbLlSiFS8LwS+uM32ENEp7LXQoMPwiXAZu1FlxUOcw5tjnSCDPgYLpkJE\nhRGnSjot6dZoL0hOUysHP029uax3OVejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD\nVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSOB2LAUN3GGQYARnQE9/OufXVNMDAKBggq\nhkjOPQQDAwNoADBlAjEAnDPfQeMjqEI2Jpc1XHvr20v4qotzVRVcrHgpD7oh2MSg\n2NED3W3ROT3Ek2DS43KyAjB8xX6I01D1HiXo+k515liWpDVfG2XqYZpwI7UNo5uS\nUm9poIyNStDuiw7LR47QjRE=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICHDCCAaOgAwIBAgIUKP2ZYEFHpgE6yhR7H+/5aAiDXX0wCgYIKoZIzj0EAwMw\nTjELMAkGA1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29t\nbVNjb3BlIFB1YmxpYyBUcnVzdCBFQ0MgUm9vdC0wMjAeFw0yMTA0MjgxNzQ0NTRa\nFw00NjA0MjgxNzQ0NTNaME4xCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21tU2Nv\ncGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3QgRUNDIFJvb3QtMDIw\ndjAQBgcqhkjOPQIBBgUrgQQAIgNiAAR4MIHoYx7l63FRD/cHB8o5mXxO1Q/MMDAL\nj2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU\nv4RDsNuESgMjGWdqb8FuvAY5N9GIIvejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD\nVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTmGHX/72DehKT1RsfeSlXjMjZ59TAKBggq\nhkjOPQQDAwNnADBkAjAmc0l6tqvmSfR9Uj/UQQSugEODZXW5hYA4O9Zv5JOGq4/n\nich/m35rChJVYaoR4HkCMHfoMXGsPHED1oQmHhS48zs73u1Z/GtMMH9ZzkXpc2AV\nmkzw5l4lIhVtwodZ0LKOag==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFbDCCA1SgAwIBAgIUPgNJgXUWdDGOTKvVxZAplsU5EN0wDQYJKoZIhvcNAQEL\nBQAwTjELMAkGA1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwi\nQ29tbVNjb3BlIFB1YmxpYyBUcnVzdCBSU0EgUm9vdC0wMTAeFw0yMTA0MjgxNjQ1\nNTRaFw00NjA0MjgxNjQ1NTNaME4xCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21t\nU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3QgUlNBIFJvb3Qt\nMDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwSGWjDR1C45FtnYSk\nYZYSwu3D2iM0GXb26v1VWvZVAVMP8syMl0+5UMuzAURWlv2bKOx7dAvnQmtVzslh\nsuitQDy6uUEKBU8bJoWPQ7VAtYXR1HHcg0Hz9kXHgKKEUJdGzqAMxGBWBB0HW0al\nDrJLpA6lfO741GIDuZNqihS4cPgugkY4Iw50x2tBt9Apo52AsH53k2NC+zSDO3Oj\nWiE260f6GBfZumbCk6SP/F2krfxQapWsvCQz0b2If4b19bJzKo98rwjyGpg/qYFl\nP8GMicWWMJoKz/TUyDTtnS+8jTiGU+6Xn6myY5QXjQ/cZip8UlF1y5mO6D1cv547\nKI2DAg+pn3LiLCuz3GaXAEDQpFSOm117RTYm1nJD68/A6g3czhLmfTifBSeolz7p\nUcZsBSjBAg/pGG3svZwG1KdJ9FQFa2ww8esD1eo9anbCyxooSU1/ZOD6K9pzg4H/\nkQO9lLvkuI6cMmPNn7togbGEW682v3fuHX/3SZtS7NJ3Wn2RnU3COS3kuoL4b/JO\nHg9O5j9ZpSPcPYeoKFgo0fEbNttPxP/hjFtyjMcmAyejOQoBqsCyMWCDIqFPEgkB\nEa801M/XrmLTBQe0MXXgDW1XT2mH+VepuhX2yFJtocucH+X8eKg1mp9BFM6ltM6U\nCBwJrVbl2rZJmkrqYxhTnCwuwwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G\nA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUN12mmnQywsL5x6YVEFm45P3luG0wDQYJ\nKoZIhvcNAQELBQADggIBAK+nz97/4L1CjU3lIpbfaOp9TSp90K09FlxD533Ahuh6\nNWPxzIHIxgvoLlI1pKZJkGNRrDSsBTtXAOnTYtPZKdVUvhwQkZyybf5Z/Xn36lbQ\nnmhUQo8mUuJM3y+Xpi/SB5io82BdS5pYV4jvguX6r2yBS5KPQJqTRlnLX3gWsWc+\nQgvfKNmwrZggvkN80V4aCRckjXtdlemrwWCrWxhkgPut4AZ9HcpZuPN4KWfGVh2v\ntrV0KnahP/t1MJ+UXjulYPPLXAziDslg+MkfFoom3ecnf+slpoq9uC02EJqxWE2a\naE9gVOX2RhOOiKy8IUISrcZKiX2bwdgt6ZYD9KJ0DLwAHb/WNyVntHKLr4W96ioD\nj8z7PEQkguIBpQtZtjSNMgsSDesnwv1B10A8ckYpwIzqug/xBpMu95yo9GA+o/E4\nXo4TwbM6l4c/ksp4qRyv0LAbJh6+cOx69TOY6lz/KwsETkPdY34Op054A5U+1C0w\nlREQKC6/oAI+/15Z0wUOlV9TRe9rh9VIzRamloPh37MG88EU26fsHItdkJANclHn\nYfkUyq+Dj7+vsQpZXdxc1+SWrVtgHdqul7I52Qb1dgAT+GhMIbA1xNxVssnBQVoc\nicCMb3SgazNNtQEo/a2tiRc7ppqEvOuM6sRxJKi6KfkIsidWNTJf6jn7MZrVGczw\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFbDCCA1SgAwIBAgIUVBa/O345lXGN0aoApYYNK496BU4wDQYJKoZIhvcNAQEL\nBQAwTjELMAkGA1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwi\nQ29tbVNjb3BlIFB1YmxpYyBUcnVzdCBSU0EgUm9vdC0wMjAeFw0yMTA0MjgxNzE2\nNDNaFw00NjA0MjgxNzE2NDJaME4xCzAJBgNVBAYTAlVTMRIwEAYDVQQKDAlDb21t\nU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3QgUlNBIFJvb3Qt\nMDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDh+g77aAASyE3VrCLE\nNQE7xVTlWXZjpX/rwcRqmL0yjReA61260WI9JSMZNRTpf4mnG2I81lDnNJUDMrG0\nkyI9p+Kx7eZ7Ti6Hmw0zdQreqjXnfuU2mKKuJZ6VszKWpCtYHu8//mI0SFHRtI1C\nrWDaSWqVcN3SAOLMV2MCe5bdSZdbkk6V0/nLKR8YSvgBKtJjCW4k6YnS5cciTNxz\nhkcAqg2Ijq6FfUrpuzNPDlJwnZXjfG2WWy09X6GDRl224yW4fKcZgBzqZUPckXk2\nLHR88mcGyYnJ27/aaL8j7dxrrSiDeS/sOKUNNwFnJ5rpM9kzXzehxfCrPfp4sOcs\nn/Y+n2Dg70jpkEUeBVF4GiwSLFworA2iI540jwXmojPOEXcT1A6kHkIfhs1w/tku\nFT0du7jyU1fbzMZ0KZwYszZ1OC4PVKH4kh+Jlk+71O6d6Ts2QrUKOyrUZHk2EOH5\nkQMreyBUzQ0ZGshBMjTRsJnhkB4BQDa1t/qp5Xd1pCKBXbCL5CcSD1SIxtuFdOa3\nwNemKfrb3vOTlycEVS8KbzfFPROvCgCpLIscgSjX74Yxqa7ybrjKaixUR9gqiC6v\nwQcQeKwRoi9C8DfF8rhW3Q5iLc4tVn5V8qdE9isy9COoR+jUKgF4z2rDN6ieZdIs\n5fq6M8EGRPbmz6UNp2YINIos8wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G\nA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUR9DnsSL/nSz12Vdgs7GxcJXvYXowDQYJ\nKoZIhvcNAQELBQADggIBAIZpsU0v6Z9PIpNojuQhmaPORVMbc0RTAIFhzTHjCLqB\nKCh6krm2qMhDnscTJk3C2OVVnJJdUNjCK9v+5qiXz1I6JMNlZFxHMaNlNRPDk7n3\n+VGXu6TwYofF1gbTl4MgqX67tiHCpQ2EAOHyJxCDut0DgdXdaMNmEMjRdrSzbyme\nAPnCKfWxkxlSaRosTKCL4BWaMS/TiJVZbuXEs1DIFAhKm4sTg7GkcrI7djNB3Nyq\npgdvHSQSn8h2vS/ZjvQs7rfSOBAkNlEv41xdgSGn2rtO/+YHqP65DSdsu3BaVXoT\n6fEqSWnHX4dXTEN5bTpl6TBcQe7rd6VzEojov32u5cSoHw2OHG1QAk8mGEPej1WF\nsQs3BWDJVTkSBKEqz3EWnzZRSb9wO55nnPt7eck5HHisd5FUmrh1CoFSl+NmYWvt\nPjgelmFV4ZFUjO2MJB+ByRCac5krFk5yAD9UG/iNuovnFNa2RU9g7Jauwy8CTl2d\nlklyALKrdVwPaFsdZcJfMw8eD/A7hvWwTruc9+olBdytoptLFwG+Qt81IR2tq670\nv64fG9PiO/yzcnMcmyiQiRM9HcEARwmWmjgb3bHPDcK0RPOWlc4yOo80nOAXx17O\nrg3bhzjlP1v9mxnhMUF6cKojawHhRUzNlM47ni3niAIi9G7oyOzWPPO5std3eqx7\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBM\nMS4wLAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIx\nMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00\nMTA0MTcwOTIxMDlaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBD\nQSBSU0EgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMIICIjAN\nBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtoAOxHm9BYx9sKOdTSJNy/BBl01Z\n4NH+VoyX8te9j2y3I49f1cTYQcvyAh5x5en2XssIKl4w8i1mx4QbZFc4nXUtVsYv\nYe+W/CBGvevUez8/fEc4BKkbqlLfEzfTFRVOvV98r61jx3ncCHvVoOX3W3WsgFWZ\nkmGbzSoXfduP9LVq6hdKZChmFSlsAvFr1bqjM9xaZ6cF4r9lthawEO3NUDPJcFDs\nGY6wx/J0W2tExn2WuZgIWWbeKQGb9Cpt0xU6kGpn8bRrZtkh68rZYnxGEFzedUln\nnkL5/nWpo63/dgpnQOPF943HhZpZnmKaau1Fh5hnstVKPNe0OwANwI8f4UDErmwh\n3El+fsqyjW22v5MvoVw+j8rtgI5Y4dtXz4U2OLJxpAmMkokIiEjxQGMYsluMWuPD\n0xeqqxmjLBvk1cbiZnrXghmmOxYsL3GHX0WelXOTwkKBIROW1527k2gV+p2kHYzy\ngeBYBr3JtuP2iV2J+axEoctr+hbxx1A9JNr3w+SH1VbxT5Aw+kUJWdo0zuATHAR8\nANSbhqRAvNncTFd+rrcztl524WWLZt+NyteYr842mIycg5kDcPOvdO3GDjbnvezB\nc6eUWsuSZIKmAMFwoW4sKeFYV+xafJlrJaSQOoD0IJ2azsct+bJLKZWD6TWNp0lI\npw9MGZHQ9b8Q4HECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU\ndEmZ0f+0emhFdcN+tNzMzjkz2ggwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB\nDAUAA4ICAQAjQ1MkYlxt/T7Cz1UAbMVWiLkO3TriJQ2VSpfKgInuKs1l+NsW4AmS\n4BjHeJi78+xCUvuppILXTdiK/ORO/auQxDh1MoSf/7OwKwIzNsAQkG8dnK/haZPs\no0UvFJ/1TCplQ3IM98P4lYsU84UgYt1UU90s3BiVaU+DR3BAM1h3Egyi61IxHkzJ\nqM7F78PRreBrAwA0JrRUITWXAdxfG/F851X6LWh3e9NpzNMOa7pNdkTWwhWaJuyw\nxfW70Xp0wmzNxbVe9kzmWy2B27O3Opee7c9GslA9hGCZcbUztVdF5kJHdWoOsAgM\nrr3e97sPWD2PAzHoPYJQyi9eDF20l74gNAf0xBLh7tew2VktafcxBPTy+av5EzH4\nAXcOPUIjJsyacmdRIXrMPIWo6iFqO9taPKU0nprALN+AnCng33eU0aKAQv9qTFsR\n0PXNor6uzFFcw9VUewyu1rkGd4Di7wcaaMxZUa1+XGdrudviB0JbuAEFWDlN5LuY\no7Ey7Nmj1m+UI/87tyll5gfp77YZ6ufCOB0yiJA8EytuzO+rdwY0d4RPcuSBhPm5\ndDTedk+SKlOxJTnbPP/lPqYO5Wue/9vsL3SD3460s6neFE3/MaNFcyT6lSnMEpcE\noji2jbDwN/zIIX8/syQbPYtuzE2wFg2WHYMfRsCbvUOZ58SWLs5fyQ==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4w\nLAYDVQQDDCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0w\nCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0\nMTcwOTI2MjJaMEwxLjAsBgNVBAMMJUF0b3MgVHJ1c3RlZFJvb3QgUm9vdCBDQSBF\nQ0MgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYTAkRFMHYwEAYHKoZI\nzj0CAQYFK4EEACIDYgAEloZYKDcKZ9Cg3iQZGeHkBQcfl+3oZIK59sRxUM6KDP/X\ntXa7oWyTbIOiaG6l2b4siJVBzV3dscqDY4PMwL502eCdpO5KTlbgmClBk1IQ1SQ4\nAjJn8ZQSb+/Xxd4u/RmAo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2\nKCXWfeBmmnoJsmo7jjPXNtNPojAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMD\naAAwZQIwW5kp85wxtolrbNa9d+F851F+uDrNozZffPc8dz7kUK2o59JZDCaOMDtu\nCCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGYa3cpetskz2VAv9LcjBHo\n9H1/IISpQuQo\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICejCCAgCgAwIBAgIQMZch7a+JQn81QYehZ1ZMbTAKBggqhkjOPQQDAzBuMQsw\nCQYDVQQGEwJFUzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25hbCBTQTEYMBYGA1UE\nYQwPVkFURVMtQTYyNjM0MDY4MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFMIENB\nIFJPT1QtQSBXRUIwHhcNMjIwNDA2MDkwMTM2WhcNNDcwMzMxMDkwMTM2WjBuMQsw\nCQYDVQQGEwJFUzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25hbCBTQTEYMBYGA1UE\nYQwPVkFURVMtQTYyNjM0MDY4MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFMIENB\nIFJPT1QtQSBXRUIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARHU+osEaR3xyrq89Zf\ne9MEkVz6iMYiuYMQYneEMy3pA4jU4DP37XcsSmDq5G+tbbT4TIqk5B/K6k84Si6C\ncyvHZpsKjECcfIr28jlgst7L7Ljkb+qbXbdTkBgyVcUgt5SjYzBhMA8GA1UdEwEB\n/wQFMAMBAf8wHwYDVR0jBBgwFoAUk+FDY1w8ndYn81LsF7Kpryz3dvgwHQYDVR0O\nBBYEFJPhQ2NcPJ3WJ/NS7Beyqa8s93b4MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjO\nPQQDAwNoADBlAjAdfKR7w4l1M+E7qUW/Runpod3JIha3RxEL2Jq68cgLcFBTApFw\nhVmpHqTm6iMxoAACMQD94vizrxa5HnPEluPBMBnYfubDl94cT7iJLzPrSA8Z94dG\nXSaQpYXFuXqUPoeovQA=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQsw\nCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxT\nU0wuY29tIFRMUyBFQ0MgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2\nMDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3Jh\ndGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3QgQ0EgMjAyMjB2MBAG\nByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWyJGYm\nacCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFN\nSeR7T5v15wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME\nGDAWgBSJjy+j6CugFFR781a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NW\nuCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp\n15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w7deedWo1dlJF4AIxAMeN\nb0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5Zn6g6g==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBO\nMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQD\nDBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloX\nDTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jw\nb3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJvb3QgQ0EgMjAyMjCC\nAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u9nTP\nL3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OY\nt6/wNr/y7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0ins\nS657Lb85/bRi3pZ7QcacoOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3\nPnxEX4MN8/HdIGkWCVDi1FW24IBydm5MR7d1VVm0U3TZlMZBrViKMWYPHqIbKUBO\nL9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDGD6C1vBdOSHtRwvzpXGk3\nR2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEWTO6Af77w\ndr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS\n+YCk8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYS\nd66UNHsef8JmAOSqg+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoG\nAtUjHBPW6dvbxrB6y3snm/vg1UYk7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2f\ngTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0j\nBBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsuN+7jhHonLs0Z\nNbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt\nhEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsM\nQtfhWsSWTVTNj8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvf\nR4iyrT7gJ4eLSYwfqUdYe5byiB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJ\nDPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjUo3KUQyxi4U5cMj29TH0ZR6LDSeeW\nP4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqoENjwuSfr98t67wVy\nlrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7EgkaibMOlq\nbLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2w\nAgDHbICivRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3q\nr5nsLFR+jM4uElZI7xc7P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sji\nMho6/4UIyYOf8kpIEFR3N+2ivEC+5BB09+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU\n98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBf\nMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQD\nEy1TZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYw\nHhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEY\nMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1Ymxp\nYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQCTvtU2UnXYASOgHEdCSe5jtrch/cSV1UgrJnwUUxDa\nef0rty2k1Cz66jLdScK5vQ9IPXtamFSvnl0xdE8H/FAh3aTPaE8bEmNtJZlMKpnz\nSDBh+oF8HqcIStw+KxwfGExxqjWMrfhu6DtK2eWUAtaJhBOqbchPM8xQljeSM9xf\niOefVNlI8JhD1mb9nxc4Q8UBUQvX4yMPFF1bFOdLvt30yNoDN9HWOaEhUTCDsG3X\nME6WW5HwcCSrv0WBZEMNvSE6Lzzpng3LILVCJ8zab5vuZDCQOc2TZYEhMbUjUDM3\nIuM47fgxMMxF/mL50V0yeUKH32rMVhlATc6qu/m1dkmU8Sf4kaWD5QazYw6A3OAS\nVYCmO2a0OYctyPDQ0RTp5A1NDvZdV3LFOxxHVp3i1fuBYYzMTYCQNFu31xR13NgE\nSJ/AwSiItOkcyqex8Va3e0lMWeUgFaiEAin6OJRpmkkGj80feRQXEgyDet4fsZfu\n+Zd4KKTIRJLpfSYFplhym3kT2BFfrsU4YjRosoYwjviQYZ4ybPUHNs2iTG7sijbt\n8uaZFURww3y8nDnAtOFr94MlI1fZEoDlSfB1D++N6xybVCi0ITz8fAr/73trdf+L\nHaAZBav6+CuBQug4urv7qv094PPK306Xlynt8xhW6aWWrL3DkJiy4Pmi1KZHQ3xt\nzwIDAQABo0IwQDAdBgNVHQ4EFgQUVnNYZJX5khqwEioEYnmhQBWIIUkwDgYDVR0P\nAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAC9c\nmTz8Bl6MlC5w6tIyMY208FHVvArzZJ8HXtXBc2hkeqK5Duj5XYUtqDdFqij0lgVQ\nYKlJfp/imTYpE0RHap1VIDzYm/EDMrraQKFz6oOht0SmDpkBm+S8f74TlH7Kph52\ngDY9hAaLMyZlbcp+nv4fjFg4exqDsQ+8FxG75gbMY/qB8oFM2gsQa6H61SilzwZA\nFv97fRheORKkU55+MkIQpiGRqRxOF3yEvJ+M0ejf5lG5Nkc/kLnHvALcWxxPDkjB\nJYOcCj+esQMzEhonrPcibCTRAUH4WAP+JWgiH5paPHxsnnVI84HxZmduTILA7rpX\nDhjvLpr3Etiga+kFpaHpaPi8TD8SHkXoUsCjvxInebnMMTzD9joiFgOgyY9mpFui\nTdaBJQbpdqQACj7LzTWb4OE4y2BThihCQRxEV+ioratF4yUQvNs+ZUH7G6aXD+u5\ndHn5HrwdVw1Hr8Mvn4dGp+smWg9WY7ViYG4A++MnESLn/pmPNPW56MORcr3Ywx65\nLvKRRFHQV80MNNVIIb/bE/FmJUNS0nAiNs2fxBx1IK1jcmMGDw4nztJqDby1ORrp\n0XZ60Vzk50lJLVU3aPAaOpg+VBeHVOmmJ1CJeyAvP/+/oYtKR5j/K3tJPsMpRmAY\nQqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQsw\nCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T\nZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcN\nMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5WjBfMQswCQYDVQQGEwJHQjEYMBYG\nA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBT\nZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA\nIgNiAAR2+pmpbiDt+dd34wc7qNs9Xzjoq1WmVk/WSOrsfy2qw7LFeeyZYX8QeccC\nWvkEN/U0NSt3zn8gj1KjAIns1aeibVvjS5KToID1AZTc8GgHHs3u/iVStSBDHBv+\n6xnOQ6OjQjBAMB0GA1UdDgQWBBTRItpMWfFLXyY4qp3W7usNw/upYTAOBgNVHQ8B\nAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjAn7qRa\nqCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RHlAFWovgzJQxC36oCMB3q\n4S6ILuH5px0CMk7yn2xVdOOurvulGu7t0vzCAxHrRVxgED1cf5kDW21USAGKcw==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICQjCCAcmgAwIBAgIQNjqWjMlcsljN0AFdxeVXADAKBggqhkjOPQQDAzBjMQsw\nCQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBH\nbWJIMSswKQYDVQQDDCJUZWxla29tIFNlY3VyaXR5IFRMUyBFQ0MgUm9vdCAyMDIw\nMB4XDTIwMDgyNTA3NDgyMFoXDTQ1MDgyNTIzNTk1OVowYzELMAkGA1UEBhMCREUx\nJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkgR21iSDErMCkGA1UE\nAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgRUNDIFJvb3QgMjAyMDB2MBAGByqGSM49\nAgEGBSuBBAAiA2IABM6//leov9Wq9xCazbzREaK9Z0LMkOsVGJDZos0MKiXrPk/O\ntdKPD/M12kOLAoC+b1EkHQ9rK8qfwm9QMuU3ILYg/4gND21Ju9sGpIeQkpT0CdDP\nf8iAC8GXs7s1J8nCG6NCMEAwHQYDVR0OBBYEFONyzG6VmUex5rNhTNHLq+O6zd6f\nMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cA\nMGQCMHVSi7ekEE+uShCLsoRbQuHmKjYC2qBuGT8lv9pZMo7k+5Dck2TOrbRBR2Di\nz6fLHgIwN0GMZt9Ba9aDAEH9L1r3ULRn0SyocddDypwnJJGDSA3PzfdUga/sf+Rn\n27iQ7t0l\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFjTCCA3WgAwIBAgIQQAE0jMIAAAAAAAAAATzyxjANBgkqhkiG9w0BAQwFADBQ\nMQswCQYDVQQGEwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMRAwDgYDVQQLEwdSb290\nIENBMRswGQYDVQQDExJUV0NBIENZQkVSIFJvb3QgQ0EwHhcNMjIxMTIyMDY1NDI5\nWhcNNDcxMTIyMTU1OTU5WjBQMQswCQYDVQQGEwJUVzESMBAGA1UEChMJVEFJV0FO\nLUNBMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJUV0NBIENZQkVSIFJvb3Qg\nQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDG+Moe2Qkgfh1sTs6P\n40czRJzHyWmqOlt47nDSkvgEs1JSHWdyKKHfi12VCv7qze33Kc7wb3+szT3vsxxF\navcokPFhV8UMxKNQXd7UtcsZyoC5dc4pztKFIuwCY8xEMCDa6pFbVuYdHNWdZsc/\n34bKS1PE2Y2yHer43CdTo0fhYcx9tbD47nORxc5zb87uEB8aBs/pJ2DFTxnk684i\nJkXXYJndzk834H/nY62wuFm40AZoNWDTNq5xQwTxaWV4fPMf88oon1oglWa0zbfu\nj3ikRRjpJi+NmykosaS3Om251Bw4ckVYsV7r8Cibt4LK/c/WMw+f+5eesRycnupf\nXtuq3VTpMCEobY5583WSjCb+3MX2w7DfRFlDo7YDKPYIMKoNM+HvnKkHIuNZW0CP\n2oi3aQiotyMuRAlZN1vH4xfyIutuOVLF3lSnmMlLIJXcRolftBL5hSmO68gnFSDA\nS9TMfAxsNAwmmyYxpjyn9tnQS6Jk/zuZQXLB4HCX8SS7K8R0IrGsayIyJNN4KsDA\noS/xUgXJP+92ZuJF2A09rZXIx4kmyA+upwMu+8Ff+iDhcK2wZSA3M2Cw1a/XDBzC\nkHDXShi8fgGwsOsVHkQGzaRP6AzRwyAQ4VRlnrZR0Bp2a0JaWHY06rc3Ga4udfmW\n5cFZ95RXKSWNOkyrTZpB0F8mAwIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYD\nVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSdhWEUfMFib5do5E83QOGt4A1WNzAd\nBgNVHQ4EFgQUnYVhFHzBYm+XaORPN0DhreANVjcwDQYJKoZIhvcNAQEMBQADggIB\nAGSPesRiDrWIzLjHhg6hShbNcAu3p4ULs3a2D6f/CIsLJc+o1IN1KriWiLb73y0t\ntGlTITVX1olNc79pj3CjYcya2x6a4CD4bLubIp1dhDGaLIrdaqHXKGnK/nZVekZn\n68xDiBaiA9a5F/gZbG0jAn/xX9AKKSM70aoK7akXJlQKTcKlTfjF/biBzysseKNn\nTKkHmvPfXvt89YnNdJdhEGoHK4Fa0o635yDRIG4kqIQnoVesqlVYL9zZyvpoBJ7t\nRCT5dEA7IzOrg1oYJkK2bVS1FmAwbLGg+LhBoF1JSdJlBTrq/p1hvIbZv97Tujqx\nf36SNI7JAG7cmL3c7IAFrQI932XtCwP39xaEBDG6k5TY8hL4iuO/Qq+n1M0RFxbI\nQh0UqEL20kCGoE8jypZFVmAGzbdVAaYBlGX+bgUJurSkquLvWL69J1bY73NxW0Qz\n8ppy6rBePm6pUlvscG21h483XjyMnM7k8M4MZ0HMzvaAq07MTFb1wWFZk7Q+ptq4\nNxKfKjLji7gh7MMrZQzvIt6IKTtM1/r+t+FHvpw+PoP7UV31aPcuIYXcv/Fa4nzX\nxeSDwWrruoBa3lwtcHb4yOWHh8qgnaHlIhInD0Q9HWzq1MKLL295q39QpsQZp6F6\nt5b5wR9iWqJDB0BeJsas7a5wFsWqynKKTbDPAYsDP27X\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFqTCCA5GgAwIBAgIQaSYJfoBLTKCnjHhiU19abzANBgkqhkiG9w0BAQ0FADBI\nMQswCQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlE\nLVRSVVNUIEVWIFJvb3QgQ0EgMiAyMDIzMB4XDTIzMDUwOTA5MTAzM1oXDTM4MDUw\nOTA5MTAzMlowSDELMAkGA1UEBhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEi\nMCAGA1UEAxMZRC1UUlVTVCBFViBSb290IENBIDIgMjAyMzCCAiIwDQYJKoZIhvcN\nAQEBBQADggIPADCCAgoCggIBANiOo4mAC7JXUtypU0w3uX9jFxPvp1sjW2l1sJkK\nF8GLxNuo4MwxusLyzV3pt/gdr2rElYfXR8mV2IIEUD2BCP/kPbOx1sWy/YgJ25yE\n7CUXFId/MHibaljJtnMoPDT3mfd/06b4HEV8rSyMlD/YZxBTfiLNTiVR8CUkNRFe\nEMbsh2aJgWi6zCudR3Mfvc2RpHJqnKIbGKBv7FD0fUDCqDDPvXPIEysQEx6Lmqg6\nlHPTGGkKSv/BAQP/eX+1SH977ugpbzZMlWGG2Pmic4ruri+W7mjNPU0oQvlFKzIb\nRlUWaqZLKfm7lVa/Rh3sHZMdwGWyH6FDrlaeoLGPaxK3YG14C8qKXO0elg6DpkiV\njTujIcSuWMYAsoS0I6SWhjW42J7YrDRJmGOVxcttSEfi8i4YHtAxq9107PncjLgc\njmgjutDzUNzPZY9zOjLHfP7KgiJPvo5iR2blzYfi6NUPGJ/lBHJLRjwQ8kTCZFZx\nTnXonMkmdMV9WdEKWw9t/p51HBjGGjp82A0EzM23RWV6sY+4roRIPrN6TagD4uJ+\nARZZaBhDM7DS3LAaQzXupdqpRlyuhoFBAUp0JuyfBr/CBTdkdXgpaP3F9ev+R/nk\nhbDhezGdpn9yo7nELC7MmVcOIQxFAZRl62UJxmMiCzNJkkg8/M3OsD6Onov4/knF\nNXJHAgMBAAGjgY4wgYswDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUqvyREBuH\nkV8Wub9PS5FeAByxMoAwDgYDVR0PAQH/BAQDAgEGMEkGA1UdHwRCMEAwPqA8oDqG\nOGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfZXZfcm9vdF9jYV8y\nXzIwMjMuY3JsMA0GCSqGSIb3DQEBDQUAA4ICAQCTy6UfmRHsmg1fLBWTxj++EI14\nQvBukEdHjqOSMo1wj/Zbjb6JzkcBahsgIIlbyIIQbODnmaprxiqgYzWRaoUlrRc4\npZt+UPJ26oUFKidBK7GB0aL2QHWpDsvxVUjY7NHss+jOFKE17MJeNRqrphYBBo7q\n3C+jisosketSjl8MmxfPy3MHGcRqwnNU73xDUmPBEcrCRbH0O1P1aa4846XerOhU\nt7KR/aypH/KH5BfGSah82ApB9PI+53c0BFLd6IHyTS9URZ0V4U/M5d40VxDJI3IX\ncI1QcB9WbMy5/zpaT2N6w25lBx2Eof+pDGOJbbJAiDnXH3dotfyc1dZnaVuodNv8\nifYbMvekJKZ2t0dT741Jj6m2g1qllpBFYfXeA08mD6iL8AOWsKwV0HFaanuU5nCT\n2vFp4LJiTZ6P/4mdm13NRemUAiKN4DV/6PEEeXFsVIP4M7kFMhtYVRFP0OUnR3Hs\n7dpn1mKmS00PaaLJvOwiS5THaJQXfuKOKD62xur1NGyfN4gHONuGcfrNlUhDbqNP\ngofXNJhuS5N5YHVpD/Aa1VP6IQzCP+k/HxiMkl14p3ZnGbuy6n/pcAlWVqOwDAst\nNl7F6cTVg8uGF5csbBNvh1qvSaYd2804BC5f4ko1Di1L+KIkBI3Y4WNeApI02phh\nXBxvWHZks/wCuPWdCg==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFqTCCA5GgAwIBAgIQczswBEhb2U14LnNLyaHcZjANBgkqhkiG9w0BAQ0FADBI\nMQswCQYDVQQGEwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlE\nLVRSVVNUIEJSIFJvb3QgQ0EgMiAyMDIzMB4XDTIzMDUwOTA4NTYzMVoXDTM4MDUw\nOTA4NTYzMFowSDELMAkGA1UEBhMCREUxFTATBgNVBAoTDEQtVHJ1c3QgR21iSDEi\nMCAGA1UEAxMZRC1UUlVTVCBCUiBSb290IENBIDIgMjAyMzCCAiIwDQYJKoZIhvcN\nAQEBBQADggIPADCCAgoCggIBAK7/CVmRgApKaOYkP7in5Mg6CjoWzckjYaCTcfKr\ni3OPoGdlYNJUa2NRb0kz4HIHE304zQaSBylSa053bATTlfrdTIzZXcFhfUvnKLNE\ngXtRr90zsWh81k5M/itoucpmacTsXld/9w3HnDY25QdgrMBM6ghs7wZ8T1soegj8\nk12b9py0i4a6Ibn08OhZWiihNIQaJZG2tY/vsvmA+vk9PBFy2OMvhnbFeSzBqZCT\nRphny4NqoFAjpzv2gTng7fC5v2Xx2Mt6++9zA84A9H3X4F07ZrjcjrqDy4d2A/wl\n2ecjbwb9Z/Pg/4S8R7+1FhhGaRTMBffb00msa8yr5LULQyReS2tNZ9/WtT5PeB+U\ncSTq3nD88ZP+npNa5JRal1QMNXtfbO4AHyTsA7oC9Xb0n9Sa7YUsOCIvx9gvdhFP\n/Wxc6PWOJ4d/GUohR5AdeY0cW/jPSoXk7bNbjb7EZChdQcRurDhaTyN0dKkSw/bS\nuREVMweR2Ds3OmMwBtHFIjYoYiMQ4EbMl6zWK11kJNXuHA7e+whadSr2Y23OC0K+\n0bpwHJwh5Q8xaRfX/Aq03u2AnMuStIv13lmiWAmlY0cL4UEyNEHZmrHZqLAbWt4N\nDfTisl01gLmB1IRpkQLLddCNxbU9CZEJjxShFHR5PtbJFR2kWVki3PaKRT08EtY+\nXTIvAgMBAAGjgY4wgYswDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUZ5Dw1t61\nGNVGKX5cq/ieCLxklRAwDgYDVR0PAQH/BAQDAgEGMEkGA1UdHwRCMEAwPqA8oDqG\nOGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfYnJfcm9vdF9jYV8y\nXzIwMjMuY3JsMA0GCSqGSIb3DQEBDQUAA4ICAQA097N3U9swFrktpSHxQCF16+tI\nFoE9c+CeJyrrd6kTpGoKWloUMz1oH4Guaf2Mn2VsNELZLdB/eBaxOqwjMa1ef67n\nriv6uvw8l5VAk1/DLQOj7aRvU9f6QA4w9QAgLABMjDu0ox+2v5Eyq6+SmNMW5tTR\nVFxDWy6u71cqqLRvpO8NVhTaIasgdp4D/Ca4nj8+AybmTNudX0KEPUUDAxxZiMrc\nLmEkWqTqJwtzEr5SswrPMhfiHocaFpVIbVrg0M8JkiZmkdijYQ6qgYF/6FKC0ULn\n4B0Y+qSFNueG4A3rvNTJ1jxD8V1Jbn6Bm2m1iWKPiFLY1/4nwSPFyysCu7Ff/vtD\nhQNGvl3GyiEm/9cCnnRK3PgTFbGBVzbLZVzRHTF36SXDw7IyN9XxmAnkbWOACKsG\nkoHU6XCPpz+y7YaMgmo1yEJagtFSGkUPFaUA8JR7ZSdXOUPPfH/mvTWze/EZTN46\nls/pdu4D58JDUjxqgejBWoC9EV2Ta/vH5mQ/u2kc6d0li690yVRAysuTEwrt+2aS\nEcr1wPrYg1UDfNPFIkZ1cGt5SAYqgpq/5usWDiJFAbzdNpQ0qTUmiteXue4Icr80\nknCDgKs4qllo3UCkGJCy89UDyibK79XH4I9TjvAA46jtn/mtd+ArY0+ew+43u3gJ\nhJ65bvspmZDogNOfJA==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFszCCA5ugAwIBAgIQIZxULej27HF3+k7ow3BXlzANBgkqhkiG9w0BAQwFADBj\nMQswCQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0\neSBHbWJIMSswKQYDVQQDDCJUZWxla29tIFNlY3VyaXR5IFRMUyBSU0EgUm9vdCAy\nMDIzMB4XDTIzMDMyODEyMTY0NVoXDTQ4MDMyNzIzNTk1OVowYzELMAkGA1UEBhMC\nREUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkgR21iSDErMCkG\nA1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgUlNBIFJvb3QgMjAyMzCCAiIwDQYJ\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBAO01oYGA88tKaVvC+1GDrib94W7zgRJ9\ncUD/h3VCKSHtgVIs3xLBGYSJwb3FKNXVS2xE1kzbB5ZKVXrKNoIENqil/Cf2SfHV\ncp6R+SPWcHu79ZvB7JPPGeplfohwoHP89v+1VmLhc2o0mD6CuKyVU/QBoCcHcqMA\nU6DksquDOFczJZSfvkgdmOGjup5czQRxUX11eKvzWarE4GC+j4NSuHUaQTXtvPM6\nY+mpFEXX5lLRbtLevOP1Czvm4MS9Q2QTps70mDdsipWol8hHD/BeEIvnHRz+sTug\nBTNoBUGCwQMrAcjnj02r6LX2zWtEtefdi+zqJbQAIldNsLGyMcEWzv/9FIS3R/qy\n8XDe24tsNlikfLMR0cN3f1+2JeANxdKz+bi4d9s3cXFH42AYTyS2dTd4uaNir73J\nco4vzLuu2+QVUhkHM/tqty1LkCiCc/4YizWN26cEar7qwU02OxY2kTLvtkCJkUPg\n8qKrBC7m8kwOFjQgrIfBLX7JZkcXFBGk8/ehJImr2BrIoVyxo/eMbcgByU/J7MT8\nrFEz0ciD0cmfHdRHNCk+y7AO+oMLKFjlKdw/fKifybYKu6boRhYPluV75Gp6SG12\nmAWl3G0eQh5C2hrgUve1g8Aae3g1LDj1H/1Joy7SWWO/gLCMk3PLNaaZlSJhZQNg\n+y+TS/qanIA7AgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtqeX\ngj10hZv3PJ+TmpV5dVKMbUcwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS2\np5eCPXSFm/c8n5OalXl1UoxtRzANBgkqhkiG9w0BAQwFAAOCAgEAqMxhpr51nhVQ\npGv7qHBFfLp+sVr8WyP6Cnf4mHGCDG3gXkaqk/QeoMPhk9tLrbKmXauw1GLLXrtm\n9S3ul0A8Yute1hTWjOKWi0FpkzXmuZlrYrShF2Y0pmtjxrlO8iLpWA1WQdH6DErw\nM807u20hOq6OcrXDSvvpfeWxm4bu4uB9tPcy/SKE8YXJN3nptT+/XOR0so8RYgDd\nGGah2XsjX/GO1WfoVNpbOms2b/mBsTNHM3dA+VKq3dSDz4V4mZqTuXNnQkYRIer+\nCqkbGmVps4+uFrb2S1ayLfmlyOw7YqPta9BO1UAJpB+Y1zqlklkg5LB9zVtzaL1t\nxKITDmcZuI1CfmwMmm6gJC3VRRvcxAIU/oVbZZfKTpBQCHpCNfnqwmbU+AGuHrS+\nw6jv/naaoqYfRvaE7fzbzsQCzndILIyy7MMAo+wsVRjBfhnu4S/yrYObnqsZ38aK\nL4x35bcF7DvB7L6Gs4a8wPfc5+pbrrLMtTWGS9DiP7bY+A4A7l3j941Y/8+LN+lj\nX273CXE2whJdV/LItM3z7gLfEdxquVeEHVlNjM7IDiPCtyaaEBRx/pOyiriA8A4Q\nntOoUAw3gi/q4Iqd4Sw5/7W0cwDk90imc6y/st53BIe0o82bNSQ3+pCTE4FCxpgm\ndTdmQRCsu/WU48IxK63nI1bMNSWSs1A=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UE\nAwwJQUNDVlJBSVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQsw\nCQYDVQQGEwJFUzAeFw0xMTA1MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQ\nBgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwHUEtJQUNDVjENMAsGA1UECgwEQUND\nVjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCb\nqau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gMjmoY\nHtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWo\nG2ioPej0RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpA\nlHPrzg5XPAOBOp0KoVdDaaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhr\nIA8wKFSVf+DuzgpmndFALW4ir50awQUZ0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/\n0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDGWuzndN9wrqODJerWx5eH\nk6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs78yM2x/47\n4KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMO\nm3WR5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpa\ncXpkatcnYGMN285J9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPl\nuUsXQA+xtrn13k/c4LOsOxFwYIRKQ26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYI\nKwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRwOi8vd3d3LmFjY3YuZXMvZmls\nZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEuY3J0MB8GCCsG\nAQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2\nVuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeT\nVfZW6oHlNsyMHj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIG\nCCsGAQUFBwICMIIBFB6CARAAQQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUA\ncgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBhAO0AegAgAGQAZQAgAGwAYQAgAEEA\nQwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUAYwBuAG8AbABvAGcA\n7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBjAHQA\ncgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAA\nQwBQAFMAIABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUA\nczAwBggrBgEFBQcCARYkaHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2Mu\naHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRt\naW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2MV9kZXIuY3JsMA4GA1Ud\nDwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZIhvcNAQEF\nBQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdp\nD70ER9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gU\nJyCpZET/LtZ1qmxNYEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+m\nAM/EKXMRNt6GGT6d7hmKG9Ww7Y49nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepD\nvV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJTS+xJlsndQAJxGJ3KQhfnlms\ntn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3sCPdK6jT2iWH\n7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h\nI6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szA\nh1xA2syVP1XgNce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xF\nd3+YJ5oyXSrjhO7FmGYvliAd3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2H\npPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3pEfbRD0tVNEYqi4Y7\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UE\nBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8w\nMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290\nIENBMB4XDTExMDkyMjExMjIwMloXDTMwMDkyMjExMjIwMlowazELMAkGA1UEBhMC\nSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1\nODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENB\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNv\nUTufClrJwkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX\n4ay8IMKx4INRimlNAJZaby/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9\nKK3giq0itFZljoZUj5NDKd45RnijMCO6zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/\ngCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1fYVEiVRvjRuPjPdA1Yprb\nrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2oxgkg4YQ\n51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2F\nbe8lEfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxe\nKF+w6D9Fz8+vm2/7hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4F\nv6MGn8i1zeQf1xcGDXqVdFUNaBr8EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbn\nfpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5jF66CyCU3nuDuP/jVo23Eek7\njPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLYiDrIn3hm7Ynz\nezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt\nifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQAL\ne3KHwGCmSUyIWOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70\njsNjLiNmsGe+b7bAEzlgqqI0JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDz\nWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKxK3JCaKygvU5a2hi/a5iB0P2avl4V\nSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+Xlff1ANATIGk0k9j\npwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC4yyX\nX04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+Ok\nfcvHlXHo2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7R\nK4X9p2jIugErsWx0Hbhzlefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btU\nZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJU\nLysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaT\nLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UE\nBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz\ndCBDb21tZXJjaWFsMB4XDTEwMDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDEL\nMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp\ncm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6EqdbDuKP\nHx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yr\nba0F8PrVC8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPAL\nMeIrJmqbTFeurCA+ukV6BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1\nyHp52UKqK39c/s4mT6NmgTWvRLpUHhwwMmWd5jyTXlBOeuM61G7MGvv50jeuJCqr\nVwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNVHQ4EFgQUnZPGU4teyq8/\nnx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ\nKoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYG\nXUPGhi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNj\nvbz4YYCanrHOQnDiqX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivt\nZ8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9g\nN53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclNmsxZt9YC\nnlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UE\nBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVz\ndCBOZXR3b3JraW5nMB4XDTEwMDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDEL\nMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZp\ncm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SEHi3y\nYJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbua\nkCNrmreIdIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRL\nQESxG9fhwoXA3hA/Pe24/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp\n6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gbh+0t+nvujArjqWaJGctB+d1ENmHP4ndG\nyH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNVHQ4EFgQUBx/S55zawm6i\nQLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJ\nKoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfO\ntDIuUFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzu\nQY0x2+c06lkh1QF612S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZ\nLgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4u\nolu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfxojfHRZ48\nx3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UE\nBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVz\ndCBQcmVtaXVtMB4XDTEwMDEyOTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkG\nA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1U\ncnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxBLf\nqV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtnBKAQ\nJG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ\n+jjeRFcV5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrS\ns8PhaJyJ+HoAVt70VZVs+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5\nHMQxK9VfvFMSF5yZVylmd2EhMQcuJUmdGPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d7\n70O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5Rp9EixAqnOEhss/n/fauG\nV+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NIS+LI+H+S\nqHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S\n5u046uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4Ia\nC1nEWTJ3s7xgaVY5/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TX\nOwF0lkLgAOIua+rF7nKsu7/+6qqo+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYE\nFJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/\nBAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByvMiPIs0laUZx2\nKI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg\nNt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B\n8OWycvpEgjNC6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQ\nMKSOyARiqcTtNd56l+0OOF6SL5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc\n0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK+4w1IX2COPKpVJEZNZOUbWo6xbLQ\nu4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmVBtWVyuEklut89pMF\nu+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFgIxpH\nYoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8\nGKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO\nRtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6e\nKeC2uAloGRwYQw==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMC\nVVMxFDASBgNVBAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQ\ncmVtaXVtIEVDQzAeFw0xMDAxMjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJ\nBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1UcnVzdDEgMB4GA1UEAwwXQWZmaXJt\nVHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNMF4bFZ0D\n0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQN8O9\nss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0G\nA1UdDgQWBBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4G\nA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs\naobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6I\nflc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UE\nAwwVQXRvcyBUcnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQG\nEwJERTAeFw0xMTA3MDcxNDU4MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMM\nFUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsGA1UECgwEQXRvczELMAkGA1UEBhMC\nREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVhTuXbyo7LjvPpvMp\nNb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr54rM\nVD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+\nSZFhyBH+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ\n4J7sVaE3IqKHBAUsR320HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0L\ncp2AMBYHlT8oDv3FdU9T1nSatCQujgKRz3bFmx5VdJx4IbHwLfELn8LVlhgf8FQi\neowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7Rl+lwrrw7GWzbITAPBgNV\nHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZbNshMBgG\nA1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3\nDQEBCwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8j\nvZfza1zv7v1Apt+hk6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kP\nDpFrdRbhIfzYJsdHt6bPWHJxfrrhTZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pc\nmaHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYVqL2Gns2D\nlmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv\nKrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd\nMBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg\nQ2xhc3MgMiBSb290IENBMB4XDTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1ow\nTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw\nHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB\nBQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1g1Lr\n6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPV\nL4O2fuPn9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC91\n1K2GScuVr1QGbNgGE41b/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHx\nMlAQTn/0hpPshNOOvEu/XAFOBz3cFIqUCqTqc/sLUegTBxj6DvEr0VQVfTzh97QZ\nQmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeffawrbD02TTqigzXsu8lkB\narcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgIzRFo1clr\nUs3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLi\nFRhnBkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRS\nP/TizPJhk9H9Z2vXUq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN\n9SG9dKpN6nIDSdvHXx1iY8f93ZHsM+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxP\nAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFMmAd+BikoL1Rpzz\nuvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAU18h\n9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s\nA20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3t\nOluwlN5E40EIosHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo\n+fsicdl9sz1Gv7SEr5AcD48Saq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7\nKcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYdDnkM/crqJIByw5c/8nerQyIKx+u2\nDISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWDLfJ6v9r9jv6ly0Us\nH8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0oyLQ\nI+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK7\n5t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h\n3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPz\nY11aWOIv4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEd\nMBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3Mg\nQ2xhc3MgMyBSb290IENBMB4XDTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFow\nTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1eXBhc3MgQVMtOTgzMTYzMzI3MSAw\nHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEB\nBQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRHsJ8Y\nZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3E\nN3coTRiR5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9\ntznDDgFHmV0ST9tD+leh7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX\n0DJq1l1sDPGzbjniazEuOQAnFN44wOwZZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c\n/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH2xc519woe2v1n/MuwU8X\nKhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV/afmiSTY\nzIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvS\nO1UQRwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D\n34xFMFbG02SrZvPAXpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgP\nK9Dx2hzLabjKSWJtyNBjYt1gD1iqj6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3\nAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEe4zf/lb+74suwv\nTg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAACAj\nQTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV\ncSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXS\nIGrs/CIBKM+GuIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2\nHJLw5QY33KbmkJs4j1xrG0aGQ0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsa\nO5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8ZORK15FTAaggiG6cX0S5y2CBNOxv\n033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2KSb12tjE8nVhz36u\ndmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz6MkE\nkbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg41\n3OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD\nu79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq\n4/g7u9xN12TyUb7mqqta6THuBrxzvxNiCp/HuZc=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNV\nBAYTAlNLMRMwEQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMu\nMRkwFwYDVQQDExBDQSBEaXNpZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQy\nMDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sxEzARBgNVBAcTCkJyYXRpc2xhdmEx\nEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERpc2lnIFJvb3QgUjIw\nggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbCw3Oe\nNcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNH\nPWSb6WiaxswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3I\nx2ymrdMxp7zo5eFm1tL7A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbe\nQTg06ov80egEFGEtQX6sx3dOy1FU+16SGBsEWmjGycT6txOgmLcRK7fWV8x8nhfR\nyyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqVg8NTEQxzHQuyRpDRQjrO\nQG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa5Beny912\nH9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJ\nQfYEkoopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUD\ni/ZnWejBBhG93c+AAk9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORs\nnLMOPReisjQS1n6yqEm70XooQL6iFh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1\nrqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud\nDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5uQu0wDQYJKoZI\nhvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM\ntCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqf\nGopTpti72TVVsRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkb\nlvdhuDvEK7Z4bLQjb/D907JedR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka\n+elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W81k/BfDxujRNt+3vrMNDcTa/F1bal\nTFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjxmHHEt38OFdAlab0i\nnSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01utI3\ngzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18Dr\nG5gPcFw0sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3Os\nzMOl6W8KjptlwlCFtaOgUxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8x\nL4ysEr3vQCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNV\nBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4X\nDTA3MDYyOTE1MTMwNVoXDTI3MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQ\nBgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwIQ2VydGlnbmEwggEiMA0GCSqGSIb3\nDQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7qXOEm7RFHYeGifBZ4\nQCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyHGxny\ngQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbw\nzBfsV1/pogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q\n130yGLMLLGq/jj8UEYkgDncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2\nJsglrgVKtOdjLPOMFlN+XPsRGgjBRmKfIrjxwo1p3Po6WAbfAgMBAAGjgbwwgbkw\nDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQtCRZvgHyUtVF9lo53BEw\nZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJBgNVBAYT\nAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzj\nAQ/JSP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG\n9w0BAQUFAAOCAQEAhQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8h\nbV6lUmPOEvjvKtpv6zf+EwLHyzs+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFnc\nfca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1kluPBS1xp81HlDQwY9qcEQCYsuu\nHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w\nt0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw\nWyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT\nAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBD\nQTAeFw0wNjA3MDQxNzIwMDRaFw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJP\nMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTCC\nASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7IJUqOtdu0KBuqV5Do\n0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHHrfAQ\nUySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5d\nRdY4zTW2ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQ\nOA7+j0xbm0bqQfWwCHTD0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwv\nJoIQ4uNllAoEwF73XVv4EOLQunpL+943AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08C\nAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0O\nBBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IBAQA+0hyJ\nLjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecY\nMnQ8SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ\n44gx+FkagQnIl6Z0x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6I\nJd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNw\ni/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5VaZVDADlN\n9u6wWk5JRFRYX0KD\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBM\nMSIwIAYDVQQKExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5D\nZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBU\ncnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIyMTIwNzM3WhcNMjkxMjMxMTIwNzM3\nWjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMg\nUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MSIw\nIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rH\nUV+rpDKmYYe2bg+G0jACl/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LM\nTXPb865Px1bVWqeWifrzq2jUI4ZZJ88JJ7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVU\nBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4fOQtf/WsX+sWn7Et0brM\nkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0cvW0QM8x\nAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNV\nHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNV\nHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15y\nsHhE49wcrwn9I0j6vSrEuVUEtRCjjSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfL\nI9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1mS1FhIrlQgnXdAIv94nYmem8\nJ9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY\nVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI\n03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCB\ngTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G\nA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNV\nBAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEyMDEwMDAw\nMDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3Jl\nYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01P\nRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0\naG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3\nUcEbVASY06m/weaKXTuH+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI\n2GqGd0S7WWaXUF601CxwRM/aN5VCaTwwxHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8\nQ5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV4EajcNxo2f8ESIl33rXp\n+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA1KGzqSX+\nDT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5O\nnKVIrLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW\n/zAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6g\nPKA6hjhodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9u\nQXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOCAQEAPpiem/Yb6dc5t3iuHXIY\nSdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CPOGEIqB6BCsAv\nIC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/\nRxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4\nzJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd\nBA6+C4OmF4O5MBKgxTMVBbkN+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IB\nZQ==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTEL\nMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE\nBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMT\nIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwMzA2MDAw\nMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy\nZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09N\nT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlv\nbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSR\nFtSrYpn1PlILBs5BAH+X4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0J\ncfRK9ChQtP6IHG4/bC8vCVlbpVsLM5niwz2J+Wos77LTBumjQjBAMB0GA1UdDgQW\nBBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/\nBAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDm\nfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdv\nGDeAU/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBl\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv\nb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzExMTEwMDAwMDAwWjBlMQswCQYDVQQG\nEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl\ncnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7c\nJpSIqvTO9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYP\nmDI2dsze3Tyoou9q+yHyUmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+\nwRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4\nVYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpyoeb6pNnVFzF1roV9Iq4/\nAUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whfGHdPAgMB\nAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW\nBBRF66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun\npyGd823IDzANBgkqhkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRC\ndWKuh+vy1dneVrOfzM4UKLkNl2BcEkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTf\nfwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38FnSbNd67IJKusm7Xi+fT8r87cm\nNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx\nH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe\n+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBl\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv\nb3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQG\nEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl\ncnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSA\nn61UQbVH35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4Htecc\nbiJVMWWXvdMX0h5i89vqbFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9Hp\nEgjAALAcKxHad3A2m67OeYfcgnDmCXRwVWmvo2ifv922ebPynXApVfSr/5Vh88lA\nbx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OPYLfykqGxvYmJHzDNw6Yu\nYjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+RnlTGNAgMB\nAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQW\nBBTOw0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPI\nQW5pJ6d1Ee88hjZv0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I\n0jJmwYrA8y8678Dj1JGG0VDjA9tzd29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4Gni\nlmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAWhsI6yLETcDbYz+70CjTVW0z9\nB5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv\nON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo\nIhNzbM8m9Yop5w==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw\nCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu\nZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg\nRzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV\nUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu\nY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq\nhkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf\nZn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q\nRSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/\nBAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD\nAwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY\nJjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv\n6pZjamVFkpUBtA==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\nCSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\nnh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\nT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\ngdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\nBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\nTLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\nDQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\nhMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\nPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\nYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\nCAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH\nMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI\n2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx\n1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ\nq2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz\ntCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ\nvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP\nBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV\n5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY\n1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4\nNeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG\nFdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91\n8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe\npLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl\nMrY=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQsw\nCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu\nZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAe\nFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVTMRUw\nEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20x\nIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0CAQYF\nK4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FG\nfp4tn+6OYwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPO\nZ9wj/wMco+I+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAd\nBgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIx\nAK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/\noAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8\nsycX\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\nRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm\n+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW\nPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM\nxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB\nIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3\nhzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg\nEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\nMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA\nFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec\nnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z\neM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF\nhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\nYzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe\nvEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n+OkuE6N36B9K\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg\nRzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV\nUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu\nY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y\nithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If\nxp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV\nySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO\nDCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ\njdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/\nCNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi\nEhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM\nfRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY\nuKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK\nchYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t\n9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB\nhjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD\nggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2\nSV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd\n+SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc\nfFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa\nsjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N\ncCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N\n0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie\n4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI\nr/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1\n/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm\ngKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRF\nMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBD\nbGFzcyAzIENBIDIgMjAwOTAeFw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NTha\nME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxJzAlBgNVBAMM\nHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIwDQYJKoZIhvcNAQEB\nBQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOADER03\nUAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42\ntSHKXzlABF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9R\nySPocq60vFYJfxLLHLGvKZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsM\nlFqVlNpQmvH/pStmMaTJOKDfHR+4CS7zp+hnUquVH+BGPtikw8paxTGA6Eian5Rp\n/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUCAwEAAaOCARowggEWMA8G\nA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ4PGEMA4G\nA1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVj\ndG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUy\nMENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRl\ncmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3Js\nL2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmwwDQYJKoZIhvcNAQEL\nBQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm2H6NMLVwMeni\nacfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0\no3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4K\nzCUqNQT4YJEVdT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8\nPIWmawomDeCTmGCufsYkl4phX5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3Y\nJohw1+qRzT65ysCQblrGXnRl11z+o+I=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRF\nMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBD\nbGFzcyAzIENBIDIgRVYgMjAwOTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUw\nNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxELVRydXN0IEdtYkgxKjAoBgNV\nBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAwOTCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfSegpn\nljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM0\n3TP1YtHhzRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6Z\nqQTMFexgaDbtCHu39b+T7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lR\np75mpoo6Kr3HGrHhFPC+Oh25z1uxav60sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8\nHgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure3511H3a6UCAwEAAaOCASQw\nggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyvcop9Ntea\nHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFw\nOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xh\nc3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E\nRT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQt\ndHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDku\nY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+PPoeUSbrh/Yp\n3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05\nnsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNF\nCSuGdXzfX2lXANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7na\nxpeG0ILD5EJt/rDiZE4OJudANCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqX\nKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVvw9y4AyHqnxbxLFS1\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMC\nVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0\nLm5ldC9DUFMgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW\nKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsGA1UEAxMkRW50cnVzdCBSb290IENl\ncnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0MloXDTI2MTEyNzIw\nNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMTkw\nNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSBy\nZWZlcmVuY2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNV\nBAMTJEVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJ\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBALaVtkNC+sZtKm9I35RMOVcF7sN5EUFo\nNu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYszA9u3g3s+IIRe7bJWKKf4\n4LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOwwCj0Yzfv9\nKlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGI\nrb68j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi\n94DkZfs0Nw4pgHBNrziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOB\nsDCBrTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAi\ngA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1MzQyWjAfBgNVHSMEGDAWgBRo\nkORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DHhmak8fdLQ/uE\nvW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA\nA4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9t\nO1KzKtvn1ISMY/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6Zua\nAGAT/3B+XxFNSRuzFVJ7yVTav52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP\n9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/\neu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m\n0vdXcDazv/wor3ElhVsT/h5/WrQ8\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBe\nMQswCQYDVQQGEwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0\nZC4xKjAoBgNVBAsMIWVQS0kgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe\nFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMxMjdaMF4xCzAJBgNVBAYTAlRXMSMw\nIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEqMCgGA1UECwwhZVBL\nSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEF\nAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAH\nSyZbCUNsIZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAh\nijHyl3SJCRImHJ7K2RKilTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3X\nDZoTM1PRYfl61dd4s5oz9wCGzh1NlDivqOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1\nTBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX12ruOzjjK9SXDrkb5wdJ\nfzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0OWQqraffA\nsgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uU\nWH1+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLS\nnT0IFaUQAS2zMnaolQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pH\ndmX2Os+PYhcZewoozRrSgx4hxyy/vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJip\nNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXiZo1jDiVN1Rmy5nk3pyKdVDEC\nAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/QkqiMAwGA1UdEwQF\nMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH\nClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGB\nuvl2ICO1J2B01GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6Yl\nPwZpVnPDimZI+ymBV3QGypzqKOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkP\nJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdVxrsStZf0X4OFunHB2WyBEXYKCrC/\ngpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEPNXubrjlpC2JgQCA2\nj6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+rGNm6\n5ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUB\no2M3IUxExJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS\n/jQ6fbjpKdx2qcgw+BRxgMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2z\nGp1iro2C6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTE\nW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+D\nhNQ+IIX3Sj0rnP0qCglN6oH4EZw=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G\nA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp\nZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4\nMTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG\nA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8\nRgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT\ngHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm\nKPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd\nQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ\nXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw\nDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o\nLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU\nRUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp\njjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK\n6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX\nmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs\nMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH\nWD9f\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx\nEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT\nEUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp\nZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz\nNTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH\nEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE\nAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw\nDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD\nE6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH\n/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy\nDfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh\nGkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR\ntDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA\nAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE\nFDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX\nWWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu\n9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr\ngIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo\n2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO\nLPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI\n4uJEvlz36hz1\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4\nMQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6\nZW5wZS5jb20wHhcNMDcxMjEzMTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYD\nVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5j\nb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ03rKDx6sp4boFmVq\nscIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAKClaO\nxdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6H\nLmYRY2xU+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFX\nuaOKmMPsOzTFlUFpfnXCPCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQD\nyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxTOTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+\nJrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbKF7jJeodWLBoBHmy+E60Q\nrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK0GqfvEyN\nBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8L\nhij+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIB\nQFqNeb+Lz0vPqhbBleStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+\nHMh3/1uaD7euBUbl8agW7EekFwIDAQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2lu\nZm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+SVpFTlBFIFMuQS4gLSBDSUYg\nQTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBGNjIgUzgxQzBB\nBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx\nMCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\nAQYwHQYDVR0OBBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUA\nA4ICAQB4pgwWSp9MiDrAyw6lFn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWb\nlaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbgakEyrkgPH7UIBzg/YsfqikuFgba56\nawmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8qhT/AQKM6WfxZSzwo\nJNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Csg1lw\nLDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCT\nVyvehQP5aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGk\nLhObNA5me0mrZJfQRsN5nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJb\nUjWumDqtujWTI6cfSN01RpiyEGjkpTHCClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/\nQnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+\nnaM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGls\nQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD\nVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0\nZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0G\nCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTAeFw0wOTA2MTYxMTMwMThaFw0y\nOTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UEBwwIQnVkYXBlc3Qx\nFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUtU3pp\nZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o\ndTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvP\nkd6mJviZpWNwrZuuyjNAfW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tc\ncbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG0IMZfcChEhyVbUr02MelTTMuhTlAdX4U\nfIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKApxn1ntxVUwOXewdI/5n7\nN4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm1HxdrtbC\nxkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1\n+rUCAwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G\nA1UdDgQWBBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPM\nPcu1SCOhGnqmKrs0aDAbBgNVHREEFDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqG\nSIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0olZMEyL/azXm4Q5DwpL7v8u8h\nmLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfXI/OMn74dseGk\nddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775\ntyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c\n2Pm2G2JwCz02yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5t\nHMN1Rq41Bab2XD0h7lbwyYIiLXpUq3DDfSJlgnCW\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQG\nEwJIVTERMA8GA1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3\nMDUGA1UECwwuVGFuw7pzw610dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNl\ncnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBBcmFueSAoQ2xhc3MgR29sZCkgRsWR\ndGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgxMjA2MTUwODIxWjCB\npzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxOZXRM\nb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlm\naWNhdGlvbiBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNz\nIEdvbGQpIEbFkXRhbsO6c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A\nMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrT\nlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw/HpYzY6b7cNGbIRwXdrz\nAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAkH3B5r9s5\nVA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRG\nILdwfzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2\nBJtr+UBdADTHLpl1neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAG\nAQH/AgEEMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2M\nU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwWqZw8UQCgwBEIBaeZ5m8BiFRh\nbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTtaYtOUZcTh5m2C\n+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC\nbLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2F\nuLjbvrW5KfnaNwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2\nXjG4Kvte9nHfRCaexOYNkbQudZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQEL\nBQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc\nBgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00\nMjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM\naW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEgRzMwggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakEPBtV\nwedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWe\nrNrwU8lmPNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF341\n68Xfuw6cwI2H44g4hWf6Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh\n4Pw5qlPafX7PGglTvF0FBM+hSo+LdoINofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXp\nUhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/lg6AnhF4EwfWQvTA9xO+o\nabw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV7qJZjqlc\n3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/G\nKubX9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSt\nhfbZxbGL0eUQMk1fiyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KO\nTk0k+17kBL5yG6YnLUlamXrXXAkgt3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOt\nzCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB\nBjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZIhvcNAQELBQAD\nggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC\nMTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2\ncDMT/uFPpiN3GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUN\nqXsCHKnQO18LwIE6PWThv6ctTr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5\nYCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP+V04ikkwj+3x6xn0dxoxGE1nVGwv\nb2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh3jRJjehZrJ3ydlo2\n8hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fawx/k\nNSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNj\nZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp\nq1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFt\nnh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x\nGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv\nb3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV\nBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W\nYWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa\nGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg\nFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J\nWpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB\nrrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp\n+ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1\nksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i\nUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz\nPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og\n/zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH\noycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI\nyV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud\nEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2\nA8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL\nMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT\nElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f\nBluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn\ng/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl\nfF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K\nWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha\nB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc\nhLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR\nTUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD\nmbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z\nohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y\n4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza\n8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQEL\nBQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc\nBgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00\nMjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM\naW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIgRzMwggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFhZiFf\nqq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMW\nn4rjyduYNM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ym\nc5GQYaYDFCDy54ejiK2toIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+\nO7q414AB+6XrW7PFXmAqMaCvN+ggOp+oMiwMzAkd056OXbxMmO7FGmh77FOm6RQ1\no9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+lV0POKa2Mq1W/xPtbAd0j\nIaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZoL1NesNKq\nIcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz\n8eQQsSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43eh\nvNURG3YBZwjgQQvD6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l\n7ZizlWNof/k19N+IxWA1ksB8aRxhlRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALG\ncC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB\nBjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZIhvcNAQELBQAD\nggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66\nAarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RC\nroijQ1h5fq7KpVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0Ga\nW/ZZGYjeVYg3UQt4XAoeo0L9x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4n\nlv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgzdWqTHBLmYF5vHX/JHyPLhGGfHoJE\n+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6XU/IyAgkwo1jwDQHV\ncsaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+NwmNtd\ndbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNg\nKCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM\nHVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4\nWSr2Rz0ZiC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x\nGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv\nb3QgQ0EgMzAeFw0wNjExMjQxOTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNV\nBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W\nYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDM\nV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNggDhoB\n4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUr\nH556VOijKTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd\n8lyyBTNvijbO0BNO/79KDDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9Cabwv\nvWhDFlaJKjdhkf2mrk7AyxRllDdLkgbvBNDInIjbC3uBr7E9KsRlOni27tyAsdLT\nmZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwpp5ijJUMv7/FfJuGITfhe\nbtfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8nT8KKdjc\nT5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDt\nWAEXMJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZ\nc6tsgLjoC2SToJyMGf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A\n4iLItLRkT9a6fUg+qGkM17uGcclzuD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYD\nVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHTBgkrBgEEAb5YAAMwgcUwgZMG\nCCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmljYXRlIGNvbnN0\naXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0\naWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVu\ndC4wLQYIKwYBBQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2Nw\nczALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4G\nA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4ywLQoUmkRzBFMQswCQYDVQQGEwJC\nTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UEAxMSUXVvVmFkaXMg\nUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZVqyM0\n7ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSem\nd1o417+shvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd\n+LJ2w/w4E6oM3kJpK27zPOuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B\n4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadN\nt54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp8kokUvd0/bpO5qgdAm6x\nDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBCbjPsMZ57\nk8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6s\nzHXug/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0j\nWy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeT\nmJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK\n4SVhM7JZG+Ju1zdXtg2pEto=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQEL\nBQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc\nBgNVBAMTFVF1b1ZhZGlzIFJvb3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00\nMjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM\naW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMgRzMwggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286IxSR\n/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNu\nFoM7pmRLMon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXR\nU7Ox7sWTaYI+FrUoRqHe6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+c\nra1AdHkrAj80//ogaX3T7mH1urPnMNA3I4ZyYUUpSFlob3emLoG+B01vr87ERROR\nFHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3UVDmrJqMz6nWB2i3ND0/k\nA9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f75li59wzw\neyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634Ryl\nsSqiMd5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBp\nVzgeAVuNVejH38DMdyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0Q\nA4XN8f+MFrXBsj6IbGB/kE+V9/YtrQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+\nydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB\nBjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZIhvcNAQELBQAD\nggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px\nKGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnI\nFUBhynLWcKzSt/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5Wvv\noxXqA/4Ti2Tk08HS6IT7SdEQTXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFg\nu/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9DuDcpmvJRPpq3t/O5jrFc/ZSXPsoaP\n0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGibIh6BJpsQBJFxwAYf\n3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmDhPbl\n8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+\nDhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN\nPlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/\nywaZWWDYWGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBK\nMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x\nGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkx\nMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3Qg\nQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwgQ0EwggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jxYDiJ\niQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa\n/FHtaMbQbqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJ\njnIFHovdRIWCQtBJwB1g8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnI\nHmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYVHDGA76oYa8J719rO+TMg1fW9ajMtgQT7\nsFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi0XPnj3pDAgMBAAGjgZ0w\ngZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF\nMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCsw\nKaAnoCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsG\nAQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0L\nURYD7xh8yOOvaliTFGCRsoTciE6+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXO\nH0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cnCDpOGR86p1hcF895P4vkp9Mm\nI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY\niNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc\nf8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBI\nMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24x\nFzAVBgNVBAMTDlNlY3VyZVRydXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIz\nMTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAeBgNVBAoTF1NlY3VyZVRydXN0IENv\ncnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCCASIwDQYJKoZIhvcN\nAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQXOZEz\nZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO\n0gMdA+9tDWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIao\nwW8xQmxSPmjL8xk037uHGFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj\n7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b01k/unK8RCSc43Oz969XL0Imnal0ugBS\n8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmHursCAwEAAaOBnTCBmjAT\nBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB\n/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCeg\nJYYjaHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGC\nNxUBBAMCAQAwDQYJKoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt3\n6Z3q059c4EVlew3KW+JwULKUBRSuSceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/\n3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHfmbx8IVQr5Fiiu1cprp6poxkm\nD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS\nCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR\n3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDEl\nMCMGA1UEChMcU0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMe\nU2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoX\nDTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRy\ndXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3VyaXR5IENvbW11bmlj\nYXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANAV\nOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGr\nzbl+dp+++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVM\nVAX3NuRFg3sUZdbcDE3R3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQ\nhNBqyjoGADdH5H5XTz+L62e4iKrFvlNVspHEfbmwhRkGeC7bYRr6hfVKkaHnFtWO\nojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1KEOtOghY6rCcMU/Gt1SSw\nawNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8QIH4D5cs\nOPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3\nDQEBCwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpF\ncoJxDjrSzG+ntKEju/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXc\nokgfGT+Ok+vx+hfuzU7jBBJV1uXk3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8\nt/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR50S+kDFy\n1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/\nSjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx\nEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT\nHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs\nZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw\nMFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6\nb25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj\naG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp\nY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg\nnLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1\nHOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N\nHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN\ndloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0\nHZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO\nBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G\nCSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU\nsHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3\n4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg\n8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K\npL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1\nmMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx\nEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT\nHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs\nZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5\nMDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD\nVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy\nZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy\ndmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p\nOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2\n8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K\nTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe\nhRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk\n6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw\nDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q\nAdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI\nbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB\nve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z\nqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd\niEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn\n0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN\nsSi6\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV\nBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2ln\nbiBHb2xkIENBIC0gRzIwHhcNMDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBF\nMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dpc3NTaWduIEFHMR8wHQYDVQQDExZT\nd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC\nCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUqt2/8\n76LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+\nbbqBHH5CjCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c\n6bM8K8vzARO/Ws/BtQpgvd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqE\nemA8atufK+ze3gE/bk3lUIbLtK/tREDFylqM2tIrfKjuvqblCqoOpd8FUrdVxyJd\nMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvRAiTysybUa9oEVeXBCsdt\nMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuendjIj3o02y\nMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69y\nFGkOpeUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPi\naG59je883WX0XaxR7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxM\ngI93e2CaHt+28kgeDrpOVG2Y4OGiGqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCB\nqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUWyV7\nlqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64OfPAeGZe6Drn\n8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov\nL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe6\n45R88a7A3hfm5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczO\nUYrHUDFu4Up+GC9pWbY9ZIEr44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5\nO1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOfMke6UiI0HTJ6CVanfCU2qT1L2sCC\nbwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6mGu6uLftIdxf+u+yv\nGPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxpmo/a\n77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCC\nhdiDyyJkvC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid3\n92qgQmwLOM7XdVAyksLfKzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEpp\nLd6leNcG2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+w\nZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+htt\nQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAw\nNzEUMBIGA1UECgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJv\nb3QgQ0EgdjEwHhcNMDcxMDE4MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYD\nVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwWVGVsaWFTb25lcmEgUm9vdCBDQSB2\nMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+6yfwIaPzaSZVfp3F\nVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA3GV1\n7CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+X\nZ75Ljo1kB1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+\n/jXh7VB7qTCNGdMJjmhnXb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs\n81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxHoLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkm\ndtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3F0fUTPHSiXk+TT2YqGHe\nOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJoWjiUIMu\nsDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4\npgd7gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fs\nslESl1MpWtTwEhDcTwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQ\narMCpgKIv7NHfirZ1fpoeDVNAgMBAAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYD\nVR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qWDNXr+nuqF+gTEjANBgkqhkiG\n9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNmzqjMDfz1mgbl\ndxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx\n0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1Tj\nTQpgcmLNkQfWpb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBed\nY2gea+zDTYa4EzAvXUYNR0PVG6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7\nQ4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpcc41teyWRyu5FrgZLAMzTsVlQ2jqI\nOylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOTJsjrDNYmiLbAJM+7\nvVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2qReW\nt88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcn\nHL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx\nSK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx\nKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd\nBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl\nYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1\nOTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy\naXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50\nZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G\nCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd\nAqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC\nFoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi\n1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq\njnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ\nwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj\nQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/\nWSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy\nNsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC\nuvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw\nIEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6\ng1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN\n9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP\nBSeOE6Fuwg==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx\nKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd\nBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl\nYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1\nOTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy\naXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50\nZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G\nCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN\n8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/\nRLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4\nhqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5\nZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM\nEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj\nQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1\nA/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy\nWL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ\n1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30\n6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT\n91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml\ne9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p\nTpPDpFQUWw==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcx\nEjAQBgNVBAoTCVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMT\nVFdDQSBHbG9iYWwgUm9vdCBDQTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5\nNTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQKEwlUQUlXQU4tQ0ExEDAOBgNVBAsT\nB1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3QgQ0EwggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2CnJfF\n10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz\n0ALfUPZVr2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfCh\nMBwqoJimFb3u/Rk28OKRQ4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbH\nzIh1HrtsBv+baz4X7GGqcXzGHaL3SekVtTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc\n46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1WKKD+u4ZqyPpcC1jcxkt2\nyKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99sy2sbZCi\nlaLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYP\noA/pyJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQA\nBDzfuBSO6N+pjWxnkjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcE\nqYSjMq+u7msXi7Kx/mzhkIyIqJdIzshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm\n4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB\n/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6gcFGn90xHNcgL\n1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn\nLhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WF\nH6vPNOw/KP4M8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNo\nRI2T9GRwoD2dKAXDOXC4Ynsg/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+\nnile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlglPx4mI88k1HtQJAH32RjJMtOcQWh\n15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryPA9gK8kxkRr05YuWW\n6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3mi4TW\nnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5j\nwa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWz\naGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmy\nKwbQBM0=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzES\nMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFU\nV0NBIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMz\nWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJVEFJV0FO\nLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlm\naWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB\nAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFE\nAcK0HMMxQhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HH\nK3XLfJ+utdGdIzdjp9xCoi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeX\nRfwZVzsrb+RH9JlF/h3x+JejiB03HFyP4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/z\nrX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1ry+UPizgN7gr8/g+YnzAx\n3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV\nHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkq\nhkiG9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeC\nMErJk/9q56YAf4lCmtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdls\nXebQ79NqZp4VKIV66IIArB6nCWlWQtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62D\nlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKuD8z7fDvn\naspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ\nYiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCB\nhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G\nA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV\nBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMTE5\nMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0IxGzAZBgNVBAgT\nEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR\nQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNh\ndGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR\n6FSS0gpWsawNJN3Fz0RndJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8X\npz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZFGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC\n9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+5eNu/Nio5JIk2kNrYrhV\n/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pGx8cgoLEf\nZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z\n+pUX2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7w\nqP/0uK3pN/u6uPQLOvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZah\nSL0896+1DSJMwBGB7FY79tOi4lu3sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVIC\nu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+CGCe01a60y1Dma/RMhnEw6abf\nFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5WdYgGq/yapiq\ncrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E\nFgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB\n/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvl\nwFTPoCWOAvn9sKIN9SCYPBMtrFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM\n4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV\n2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSgtZx8jb8uk2Intzna\nFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwWsRqZ\nCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiK\nboHGhfKppC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmcke\njkk9u+UJueBPSZI9FoJAzMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yL\nS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWb\nQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl\n0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB\nNVOFBkpdn627G190\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB\niDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl\ncnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV\nBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw\nMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV\nBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU\naGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy\ndGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK\nAoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B\n3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY\ntJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/\nFp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2\nVN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT\n79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6\nc0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT\nYo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l\nc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee\nUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE\nHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd\nBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G\nA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF\nUp/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO\nVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3\nATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs\n8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR\niQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze\nSf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ\nXHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/\nqS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB\nVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB\nL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG\njjxDah2nGN59PRbxYvnKkKj9\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDEL\nMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl\neSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT\nJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAwMjAx\nMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT\nCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUg\nVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlm\naWNhdGlvbiBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqflo\nI+d61SRvU8Za2EurxtW20eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinng\no4N+LZfQYcTxmdwlkWOrfzCjtHDix6EznPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0G\nA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNVHQ8BAf8EBAMCAQYwDwYD\nVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMB\nzzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbW\nRNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEk\nMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpH\nbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoX\nDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMbR2xvYmFsU2lnbiBFQ0MgUm9vdCBD\nQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQDEwpHbG9iYWxTaWdu\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6SFkc\n8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8ke\nhOvRnkmSh5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD\nVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYI\nKoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg\n515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnO\nxwy8p2Fp8fc74SrL+SvzZpA3\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK\nMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu\nVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw\nMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw\nJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT\n3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU\n+ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp\nS0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1\nbVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi\nT0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL\nvYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK\nVsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK\ndHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT\nc+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv\nl7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N\niGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB\n/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD\nggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH\n6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt\nLRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93\nnAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3\n+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK\nW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT\nAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq\nl1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG\n4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ\nmUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A\n7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBN\nMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVu\nVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcN\nMzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0\nMSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBSb290IENBIDEwggIi\nMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTyP4o7\nekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGy\nRBb06tD6Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlS\nbdsHyo+1W/CD80/HLaXIrcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF\n/YTLNiCBWS2ab21ISGHKTN9T0a9SvESfqy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R\n3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoSmJxZZoY+rfGwyj4GD3vw\nEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFnol57plzy\n9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9V\nGxyhLrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ\n2fjXctscvG29ZV/viDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsV\nWaFHVCkugyhfHMKiq3IXAAaOReyL4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gD\nW/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/\nBAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMwDQYJKoZIhvcN\nAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj\nt2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHV\nDRDtfULAj+7AmgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9\nTaDKQGXSc3z1i9kKlT/YPyNtGtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8G\nlwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFtm6/n6J91eEyrRjuazr8FGF1NFTwW\nmhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMxNRF4eKLg6TCMf4Df\nWN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4Mhn5\n+bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJ\ntshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhA\nGaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv\n8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJD\nTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9y\naXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkx\nMjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEwMC4GA1UECgwnQ2hpbmEgRmluYW5j\naWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNBIEVWIFJP\nT1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnVBU03\nsQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpL\nTIpTUnrD7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5\n/ZOkVIBMUtRSqy5J35DNuF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp\n7hZZLDRJGqgG16iI0gNyejLi6mhNbiyWZXvKWfry4t3uMCz7zEasxGPrb382KzRz\nEpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7xzbh72fROdOXW3NiGUgt\nhxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9fpy25IGvP\na931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqot\naK8KgWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNg\nTnYGmE69g60dWIolhdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfV\nPKPtl8MeNPo4+QgO48BdK4PRVmrJtqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hv\ncWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAfBgNVHSMEGDAWgBTj/i39KNAL\ntbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAd\nBgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB\nACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObT\nej/tUxPQ4i9qecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdL\njOztUmCypAbqTuv0axn96/Ua4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBS\nESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sGE5uPhnEFtC+NiWYzKXZUmhH4J/qy\nP5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfXBDrDMlI1Dlb4pd19\nxIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjnaH9d\nCi77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN\n5mydLIhyPDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe\n/v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+Z\nAAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ\n5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC\nVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50\ncnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs\nIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz\ndCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy\nNTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu\ndHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt\ndGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0\naG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj\nYXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T\nRU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN\ncCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW\nwcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1\nU1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0\njaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP\nBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN\nBgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/\njTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ\nRkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v\n1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R\nnAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH\nVHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkG\nA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3\nd3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVu\ndHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEzMDEGA1UEAxMq\nRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRUMxMB4XDTEy\nMTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYwFAYD\nVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0\nL2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0g\nZm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBD\nZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEVDMTB2MBAGByqGSM49AgEGBSuBBAAi\nA2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHyAsWfoPZb1YsGGYZPUxBt\nByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef9eNi1KlH\nBz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O\nBBYEFLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVC\nR98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nX\nhTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBt\nMQswCQYDVQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUg\nRm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9i\nYWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAwMzJaFw0zOTEyMDExNTEwMzFaMG0x\nCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQLExlPSVNURSBG\nb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh\nbCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3\nHEokKtaXscriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGx\nWuR51jIjK+FTzJlFXHtPrby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX\n1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNk\nu7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4oQnc/nSMbsrY9gBQHTC5P\n99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvgGUpuuy9r\nM2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw\nAwEB/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUB\nBAMCAQAwDQYJKoZIhvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrgh\ncViXfa43FK8+5/ea4n32cZiZBKpDdHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5\ngSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0VQreUGdNZtGn//3ZwLWoo4rO\nZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEuiHZeeevJuQHHf\naPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic\nNc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQEL\nBQAwUTELMAkGA1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6\nZW5pb3dhIFMuQS4xGDAWBgNVBAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkw\nNzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJBgNVBAYTAlBMMSgwJgYDVQQKDB9L\ncmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYDVQQDDA9TWkFGSVIg\nUk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5QqEvN\nQLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT\n3PSQ1hNKDJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw\n3gAeqDRHu5rr/gsUvTaE2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr6\n3fE9biCloBK0TXC5ztdyO4mTp4CEHCdJckm1/zuVnsHMyAHs6A6KCpbns6aH5db5\nBSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwiieDhZNRnvDF5YTy7ykHN\nXGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD\nAgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsF\nAAOCAQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw\n8PRBEew/R40/cof5O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOG\nnXkZ7/e7DDWQw4rtTw/1zBLZpD67oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCP\noky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul4+vJhaAlIDf7js4MNIThPIGy\nd05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6+/NNIxuZMzSg\nLvWpCz/UXeHPhJ/iGcJfitYgHuNztw==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCB\ngDELMAkGA1UEBhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMu\nQS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIG\nA1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29yayBDQSAyMCIYDzIwMTExMDA2MDgz\nOTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQTDEiMCAGA1UEChMZ\nVW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRp\nZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3\nb3JrIENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWA\nDGSdhhuWZGc/IjoedQF97/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn\n0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+oCgCXhVqqndwpyeI1B+twTUrWwbNWuKFB\nOJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40bRr5HMNUuctHFY9rnY3lE\nfktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2puTRZCr+E\nSv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1m\no130GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02i\nsx7QBlrd9pPPV3WZ9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOW\nOZV7bIBaTxNyxtd9KXpEulKkKtVBRgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgez\nTv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pyehizKV/Ma5ciSixqClnrDvFAS\nadgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vMBhBgu4M1t15n\n3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD\nAQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMC\nAQYwDQYJKoZIhvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQ\nF/xlhMcQSZDe28cmk4gmb3DWAl45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTf\nCVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuAL55MYIR4PSFk1vtBHxgP58l1cb29\nXN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMoclm2q8KMZiYcdywm\ndjWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tMpkT/\nWjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jb\nAoJnwTnbw3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksq\nP/ujmv5zMnHCnsZy4YpoJ/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Ko\nb7a6bINDd82Kkhehnlt4Fj1F4jNy3eFmypnTycUm/Q1oBEauttmbjL4ZvrHG8hnj\nXALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLXis7VmFxWlgPF7ncGNf/P\n5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7zAYspsbi\nDrW5viSP\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5\nMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g\nUm9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG\nA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg\nQ0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl\nui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j\nQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr\nttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr\nBqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM\nYyRIHN8wfdVoOw==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE\nBhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ\nIENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0\nMTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV\nBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w\nHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF\nAAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj\nDp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj\nTnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u\nKU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj\nqcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm\nMUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12\nZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP\nzgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk\nL30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC\njGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA\nHQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC\nAwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB\n/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg\np8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm\nDRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5\nCOmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry\nL3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf\nJWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg\nIHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io\n2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV\n09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ\nXR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq\nT8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe\nMTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF\nADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\nb24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL\nMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv\nb3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK\ngXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ\nW0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg\n1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K\n8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r\n2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me\nz/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR\n8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj\nmUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz\n7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6\n+XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI\n0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB\nAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm\nUjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2\nLIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY\n+gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS\nk5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl\n7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm\nbtmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl\nurR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+\nfUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63\nn749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE\n76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H\n9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT\n4PsJYGw=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF\nADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\nb24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL\nMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv\nb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj\nca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM\n9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw\nIFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6\nVOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L\n93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm\njgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\nAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA\nA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI\nU5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs\nN+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv\no/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU\n5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy\nrqXRfboQnoZsG4q5WTP468SQvvG5\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5\nMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g\nUm9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG\nA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg\nQ0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi\n9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk\nM6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB\n/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB\nMAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw\nCkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW\n1KyLa2tJElMzrdfkviT8tQp21KW8EA==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1Ix\nDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5k\nIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMT\nN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9v\ndENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAxMTIxWjCBpjELMAkG\nA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNh\nZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkx\nQDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1\ndGlvbnMgUm9vdENBIDIwMTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC\nAQDC+Kk/G4n8PDwEXT2QNrCROnk8ZlrvbTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA\n4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+ehiGsxr/CL0BgzuNtFajT0\nAoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+6PAQZe10\n4S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06C\nojXdFPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV\n9Cz82XBST3i4vTwri5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrD\ngfgXy5I2XdGj2HUb4Ysn6npIQf1FGQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6\nY5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2fu/Z8VFRfS0myGlZYeCsargq\nNhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9muiNX6hME6wGko\nLfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc\nBw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNV\nHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVd\nctA4GGqd83EkVAswDQYJKoZIhvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0I\nXtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+D1hYc2Ryx+hFjtyp8iY/xnmMsVMI\nM4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrMd/K4kPFox/la/vot\n9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+yd+2V\nZ5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/ea\nj8GsGsVn82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnh\nX9izjFk0WaSrT2y7HxjbdavYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQ\nl033DlZdwJVqwjbDG2jJ9SrcR5q+ss7FJej6A7na+RZukYT1HCjI/CbM1xyQVqdf\nbzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evIIVM4\npcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHK\ne7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0\nvm9qp/UsQu0yrbYhnr68\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEg\nMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2Jh\nbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQx\nMjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSNjET\nMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCAiIwDQYJ\nKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQssgrRI\nxutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1k\nZguSgMpE3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxD\naNc9PIrFsmbVkJq3MQbFvuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJw\nLnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqMPKq0pPbzlUoSB239jLKJz9CgYXfIWHSw\n1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+azayOeSsJDa38O+2HBNX\nk7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05OWgtH8wY2\nSXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/h\nbguyCLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4n\nWUx2OVvq+aWh2IMP0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpY\nrZxCRXluDocZXFSxZba/jJvcE+kNb7gu3GduyYsRtYQUigAZcIN5kZeR1Bonvzce\nMgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD\nAQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNVHSMEGDAWgBSu\nbAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN\nnsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGt\nIxg93eFyRJa0lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr61\n55wsTLxDKZmOMNOsIeDjHfrYBzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLj\nvUYAGm0CuiVdjaExUd1URhxN25mW7xocBFymFe944Hn+Xds+qkxV/ZoVqW/hpvvf\ncDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr3TsTjxKM4kEaSHpz\noHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB10jZp\nnOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfs\npA9MRf/TuTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+v\nJJUEeKgDu+6B5dpffItKoZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R\n8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+tJDfLRVpOoERIyNiwmcUVhAn21klJwGW4\n5hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzAN\nBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl\nc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hl\nbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgRUNDIFJv\nb3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEwMzcxMlowgaoxCzAJ\nBgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmljIEFj\nYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5\nMUQwQgYDVQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0\ndXRpb25zIEVDQyBSb290Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKg\nQehLgoRc4vgxEZmGZE4JJS+dQS8KrjVPdJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJa\njq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoKVlp8aQuqgAkkbH7BRqNC\nMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFLQi\nC4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaep\nlSTAGiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7Sof\nTUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIx\nGDAWBgNVBAcTD0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxp\nbXNlbCB2ZSBUZWtub2xvamlrIEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0w\nKwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24gTWVya2V6aSAtIEthbXUgU00xNjA0\nBgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRpZmlrYXNpIC0gU3Vy\ndW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYDVQQG\nEwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXll\nIEJpbGltc2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklU\nQUsxLTArBgNVBAsTJEthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBT\nTTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11IFNNIFNTTCBLb2sgU2VydGlmaWthc2kg\nLSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr3UwM6q7\na9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y86Ij5iySr\nLqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INr\nN3wcwv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2X\nYacQuFWQfw4tJzh03+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/\niSIzL+aFCr2lqBs23tPcLG07xxO9WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4f\nAJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQUZT/HiobGPN08VFw1+DrtUgxH\nV8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL\nBQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh\nAHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPf\nIPP54+M638yclNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4\nlzwDGrpDxpa5RXI4s6ehlj2Re37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c\n8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0jq5Rm+K37DwhuJi1/FwcJsoz7UMCf\nlo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAw\nWjELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAw\nMiA0ODE0NjMwODEwMDAzNjEZMBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0x\nMzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjdaMFoxCzAJBgNVBAYTAkZSMRIwEAYD\nVQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYzMDgxMDAwMzYxGTAX\nBgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw\nggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sO\nty3tRQgXstmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9M\nCiBtnyN6tMbaLOQdLNyzKNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPu\nI9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8JXrJhFwLrN1CTivngqIkicuQstDuI7pm\nTLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16XdG+RCYyKfHx9WzMfgIh\nC59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq4NYKpkDf\nePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3Yz\nIoejwpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWT\nCo/1VTp2lc5ZmIoJlXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1k\nJWumIWmbat10TWuXekG9qxf5kBdIjzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5\nhwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp//TBt2dzhauH8XwIDAQABo4IB\nGjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE\nFBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of\n1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczov\nL3d3d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilo\ndHRwOi8vY3JsLmNlcnRpZ25hLmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYr\naHR0cDovL2NybC5kaGlteW90aXMuY29tL2NlcnRpZ25hcm9vdGNhLmNybDANBgkq\nhkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOItOoldaDgvUSILSo3L\n6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxPTGRG\nHVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH6\n0BGM+RFq7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncB\nlA2c5uk5jR+mUYyZDDl34bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdi\no2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1\ngPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS6Cvu5zHbugRqh5jnxV/v\nfaci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaYtlu3zM63\nNwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayh\njWZSaX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw\n3kAP+HwV96LOPNdeE4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBH\nMQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBF\neHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMx\nMDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNV\nBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrsiWog\nD4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvS\nsPGP2KxFRv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aop\nO2z6+I9tTcg1367r3CTueUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dk\nsHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR59mzLC52LqGj3n5qiAno8geK+LLNEOfi\nc0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH0mK1lTnj8/FtDw5lhIpj\nVMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KRel7sFsLz\nKuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/\nTuDvB0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41G\nsx2VYVdWf6/wFlthWG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs\n1+lvK9JKBZP8nm9rZ/+I8U6laUpSNwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQD\nfwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS3H5aBZ8eNJr34RQwDwYDVR0T\nAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBADaN\nl8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR\nap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQ\nVBcZEhrxH9cMaVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5\nc6sq1WnIeJEmMX3ixzDx/BR4dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp\n4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb+7lsq+KePRXBOy5nAliRn+/4Qh8s\nt2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOWF3sGPjLtx7dCvHaj\n2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwiGpWO\nvpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2C\nxR9GUeOcGMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmx\ncmtpzyKEC2IPrNkZAJSidjzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbM\nfjKaiJUINlK73nZfdklJrX+9ZSCyycErdhh2n1ax\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9\nMQswCQYDVQQGEwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBH\nbG9iYWwgRzIgUm9vdDAeFw0xNjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0x\nCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDEbMBkGA1UEAwwSVUNBIEds\nb2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxeYr\nb3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmToni9\nkmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzm\nVHqUwCoV8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/R\nVogvGjqNO7uCEeBHANBSh6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDc\nC/Vkw85DvG1xudLeJ1uK6NjGruFZfc8oLTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIj\ntm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/R+zvWr9LesGtOxdQXGLY\nD0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBeKW4bHAyv\nj5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6Dl\nNaBa4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6\niIis7nCs+dwp4wwcOxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznP\nO6Q0ibd5Ei9Hxeepl2n8pndntd978XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/\nBAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFIHEjMz15DD/pQwIX4wV\nZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo5sOASD0Ee/oj\nL3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5\n1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl\n1qnN3e92mI0ADs0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oU\nb3n09tDh05S60FdRvScFDcH9yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LV\nPtateJLbXDzz2K36uGt/xDYotgIVilQsnLAXc47QN6MUPJiVAAwpBVueSUmxX8fj\ny88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHojhJi6IjMtX9Gl8Cb\nEGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZkbxqg\nDMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI\n+Vg7RE+xygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGy\nYiGqhkCyLmTTX8jjfhFnRR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bX\nUB+K+wb1whnw0A==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMC\nVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T\nU0wgQ29ycG9yYXRpb24xNDAyBgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZp\nY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNTIzWhcNNDEwMjEyMTgx\nNTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv\ndXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NMLmNv\nbSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49\nAgEGBSuBBAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMA\nVIbc/R/fALhBYlzccBYy3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1Kthku\nWnBaBu2+8KGwytAJKaNjMGEwHQYDVR0OBBYEFFvKXuXe0oGqzagtZFG22XKbl+ZP\nMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe5d7SgarNqC1kUbbZcpuX\n5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZ\nytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZg\nh5Mmm7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg==\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMC\nVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9T\nU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0\naW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEyMTgxNDAzWhcNNDEwMjEyMTgxNDAz\nWjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hvdXN0\nb24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNvbSBS\nb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB\nBAAiA2IABEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI\n7Z4INcgn64mMU1jrYor+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPg\nCemB+vNH06NjMGEwHQYDVR0OBBYEFILRhXMw5zUE044CkvvlpNHEIejNMA8GA1Ud\nEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTTjgKS++Wk0cQh6M0wDgYD\nVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCWe+0F+S8T\nkdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+\ngA0z5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE\nBhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQK\nDA9TU0wgQ29ycG9yYXRpb24xMTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZp\nY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYwMjEyMTczOTM5WhcNNDEwMjEyMTcz\nOTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAOBgNVBAcMB0hv\ndXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv\nbSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcN\nAQEBBQADggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2R\nxFdHaxh3a3by/ZPkPQ/CFp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aX\nqhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcC\nC52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/geoeOy3ZExqysdBP+lSgQ3\n6YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkpk8zruFvh\n/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrF\nYD3ZfBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93E\nJNyAKoFBbZQ+yODJgUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVc\nUS4cK38acijnALXRdMbX5J+tB5O2UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8\nZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi81xtZPCvM8hnIk2snYxnP/Okm\n+Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4sbE6x/c+cCbqi\nM+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV\nHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4G\nA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGV\ncpNxJK1ok1iOMq8bs3AD/CUrdIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBc\nHadm47GUBwwyOabqG7B52B2ccETjit3E+ZUfijhDPwGFpUenPUayvOUiaPd7nNgs\nPgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAslu1OJD7OAUN5F7kR/\nq5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjqerQ0\ncuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jr\na6x+3uxjMxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90I\nH37hVZkLId6Tngr75qNJvTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/Y\nK9f1JmzJBjSWFupwWRoyeXkLtoh/D1JIPb9s2KJELtFOt3JY04kTlf5Eq/jXixtu\nnLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406ywKBjYZC6VWg3dGq2ktuf\noYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA8ShY\nIc2wBlX7Jz9TkHCpBB5XJ7k=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4\nWhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu\nZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY\nMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc\nh77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+\n0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U\nA5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW\nT8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH\nB5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC\nB5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv\nKBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn\nOlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn\njh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw\nqHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI\nrU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV\nHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq\nhkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL\nubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ\n3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK\nNFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5\nORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur\nTkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC\njNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc\noyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq\n4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA\nmRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d\nemyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIICODCCAb6gAwIBAgIJANZdm7N4gS7rMAoGCCqGSM49BAMDMGExCzAJBgNVBAYT\nAkpQMSUwIwYDVQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYD\nVQQDEyJTZWN1cml0eSBDb21tdW5pY2F0aW9uIEVDQyBSb290Q0ExMB4XDTE2MDYx\nNjA1MTUyOFoXDTM4MDExODA1MTUyOFowYTELMAkGA1UEBhMCSlAxJTAjBgNVBAoT\nHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKzApBgNVBAMTIlNlY3VyaXR5\nIENvbW11bmljYXRpb24gRUNDIFJvb3RDQTEwdjAQBgcqhkjOPQIBBgUrgQQAIgNi\nAASkpW9gAwPDvTH00xecK4R1rOX9PVdu12O/5gSJko6BnOPpR27KkBLIE+Cnnfdl\ndB9sELLo5OnvbYUymUSxXv3MdhDYW72ixvnWQuRXdtyQwjWpS4g8EkdtXP9JTxpK\nULGjQjBAMB0GA1UdDgQWBBSGHOf+LaVKiwj+KBH6vqNm+GBZLzAOBgNVHQ8BAf8E\nBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjAVXUI9/Lbu\n9zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3LsnNdo4gIxwwCMQDAqy0O\nbe0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70eN9k=\n-----END CERTIFICATE-----\n"
+  - "-----BEGIN CERTIFICATE-----\nMIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsx\nCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJ\nWiBGTk1ULVJDTTAeFw0wODEwMjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJ\nBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBG\nTk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALpxgHpMhm5/\nyBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcfqQgf\nBBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAz\nWHFctPVrbtQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxF\ntBDXaEAUwED653cXeuYLj2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z\n374jNUUeAlz+taibmSXaXvMiwzn15Cou08YfxGyqxRxqAQVKL9LFwag0Jl1mpdIC\nIfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mwWsXmo8RZZUc1g16p6DUL\nmbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnTtOmlcYF7\nwk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peS\nMKGJ47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2\nZSysV4999AeU14ECll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMet\nUqIJ5G+GR4of6ygnXYMgrwTJbFaai0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUw\nAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPd9xf3E6Jobd2Sn9R2gzL+H\nYJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1odHRwOi8vd3d3\nLmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD\nnFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1\nRXxlDPiyN8+sD8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYM\nLVN0V2Ue1bLdI4E7pWYjJ2cJj+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf\n77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrTQfv6MooqtyuGC2mDOL7Nii4LcK2N\nJpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW+YJF1DngoABd15jm\nfZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7Ixjp\n6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp\n1txyM/1d8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B\n9kiABdcPUXmsEKvU7ANm5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wok\nRqEIr9baRRmW1FMdW4R58MD3R++Lj8UGrp1MYp3/RgT408m2ECVAdf4WqslKYIYv\nuu8wd+RU4riEmViAqhOLUTpPSPaLtrM=\n-----END CERTIFICATE-----\n"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-idp-extended-truststore-ca92034f995b39fde562293c.yaml

@@ -1,7 +1,7 @@
 apiVersion: "operator.nevis-security.ch/v1"
 kind: "NevisTrustStore"
 metadata:
-  name: "fido-uaf-default-server-trust"
+  name: "fido-uaf-idp-extended-truststore"
   namespace: "adn-agov-nevisidm-01-uat"
   labels:
     deploymentTarget: "fido-uaf"
@@ -9,6 +9,4 @@ metadata:
     projectKey: "DEFAULT-ADN-AGOV-PROJECT"
     patternId: "ca92034f995b39fde562293c"
 spec:
-  keystores:
+  keystores: []
-  - name: "idm-default-identity"
-    namespace: "adn-agov-nevisidm-01-uat"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisFIDO"
   replicas: 1
-  version: "7.2402.1"
+  version: "8.2411.2"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -28,29 +28,37 @@ spec:
     management:
       httpGet:
         path: "/nevisfido/liveness"
-      initialDelaySeconds: 40
+      periodSeconds: 5
-      periodSeconds: 30
       timeoutSeconds: 6
   readinessProbe:
     management:
       httpGet:
         path: "/nevisfido/health"
-      initialDelaySeconds: 40
+      periodSeconds: 5
-      periodSeconds: 30
       timeoutSeconds: 6
+  startupProbe:
+    management:
+      httpGet:
+        path: "/nevisfido/health"
+      periodSeconds: 5
+      timeoutSeconds: 6
+      failureThreshold: 50
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-17392f4fc2f29ede0c371af50d06749396d69a29"
+    tag: "r-0a95034444af9c2e5b4a8c12cc3a0f444f6b0447"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf"
     credentials: "git-credentials"
+  database:
+    name: "fido-uaf"
+    requiredVersion: "8.2411.1"
   keystores:
   - "fido-uaf-default-server-identity"
   - "fido-uaf-default-client-identity"
   truststores:
-  - "fido-uaf-default-server-trust"
   - "fido-uaf-fido-uaf-extended-frontent-truststore"
   - "fido-uaf-internal-idp-auth-signer-trust"
+  - "fido-uaf-idp-extended-truststore"
   podSecurity:
     policy: "baseline"
     automountServiceAccountToken: false

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-nevisfido-uaf-database-9385d1b33aefe975fb1c5914.yaml

@@ -0,0 +1,26 @@
+apiVersion: "operator.nevis-security.ch/v1"
+kind: "NevisDatabase"
+metadata:
+  name: "fido-uaf"
+  namespace: "adn-agov-nevisidm-01-uat"
+  labels:
+    deploymentTarget: "fido-uaf"
+  annotations:
+    projectKey: "DEFAULT-ADN-AGOV-PROJECT"
+    patternId: "9385d1b33aefe975fb1c5914"
+spec:
+  type: "NevisFIDO"
+  databaseType: "MariaDB"
+  version: "8.2411.2"
+  url: "mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat"
+  port: 3306
+  database: "nevisfido_uaf"
+  bootstrap: true
+  migrate: true
+  rootCredentials:
+    name: "root-mariadb-session-store"
+    namespace: "adn-agov-nevisidm-ob-01-uat"
+  podSecurity:
+    policy: "baseline"
+    automountServiceAccountToken: false
+  timeZone: "Europe/Zurich"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf

@@ -2,10 +2,10 @@ RUN_ARGS="--config conf/nevisfido.yml --log-config conf/logging.yml"
 
 JAVA_OPTS=(
     "-XX:+UseContainerSupport"
-    "-XX:MaxRAMPercentage=80.0"
     "-Dignore.me"
+    "-XX:MaxRAMPercentage=80.0"
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/logging.yml

@@ -12,6 +12,8 @@ Configuration:
         onMismatch: "ACCEPT"
   Loggers:
     Logger:
+    - name: "ProductAnalytics"
+      level: "INFO"
     - name: "ch.nevis.auth.fido.application.Application"
       level: "INFO"
     - name: "ch.nevis.auth.fido.api.uaf"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/metadata/metadata.json

@@ -3,8 +3,16 @@
     "aaid" : "F1D0#0001",
     "description" : "Android NEVIS Mobile Authentication PIN Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [],
+    "attestationRootCertificates" : [
-    "attestationTypes" : [ 15880 ],
+      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
+    ],
+    "attestationTypes" : [ 15879, 15880 ],
     "upv" : [ {
       "major" : 1,
       "minor" : 1
@@ -13,12 +21,12 @@
       "userVerification" : 4
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithm" : 9,
+    "authenticationAlgorithms" : [ 2, 9 ],
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 1,
     "matcherProtection" : 1,
-    "publicKeyAlgAndEncoding" : 256,
+    "publicKeyAlgAndEncodings" : [ 257, 259 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -26,8 +34,16 @@
     "aaid" : "F1D0#0002",
     "description" : "Android NEVIS Mobile Authentication Fingerprint Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [],
+    "attestationRootCertificates" : [
-    "attestationTypes" : [ 15880 ],
+      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
+    ],
+    "attestationTypes" : [ 15879, 15880 ],
     "upv" : [ {
       "major" : 1,
       "minor" : 1
@@ -36,12 +52,12 @@
       "userVerification" : 2
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithm" : 9,
+    "authenticationAlgorithms" : [ 2, 9 ],
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 4,
     "matcherProtection" : 2,
-    "publicKeyAlgAndEncoding" : 256,
+    "publicKeyAlgAndEncodings" : [ 257, 259 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -49,8 +65,16 @@
     "aaid" : "F1D0#0003",
     "description" : "Android NEVIS Mobile Authentication Biometric Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [],
+    "attestationRootCertificates" : [
-    "attestationTypes" : [ 15880 ],
+      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
+    ],
+    "attestationTypes" : [ 15879, 15880 ],
     "upv" : [ {
       "major" : 1,
       "minor" : 1
@@ -59,12 +83,12 @@
       "userVerification" : 346
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithm" : 9,
+    "authenticationAlgorithms" : [ 2, 9 ],
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 4,
     "matcherProtection" : 2,
-    "publicKeyAlgAndEncoding" : 256,
+    "publicKeyAlgAndEncodings" : [ 257, 259 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -72,8 +96,16 @@
     "aaid" : "F1D0#0004",
     "description" : "Android NEVIS Mobile Authentication Device Passcode Authenticator",
     "assertionScheme" : "UAFV1TLV",
-    "attestationRootCertificates" : [],
+    "attestationRootCertificates" : [
-    "attestationTypes" : [ 15880 ],
+      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
+    ],
+    "attestationTypes" : [ 15879, 15880 ],
     "upv" : [ {
       "major" : 1,
       "minor" : 1
@@ -82,12 +114,43 @@
       "userVerification" : 132
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithm" : 9,
+    "authenticationAlgorithms" : [ 2, 9 ],
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 4,
     "matcherProtection" : 2,
-    "publicKeyAlgAndEncoding" : 259,
+    "publicKeyAlgAndEncodings" : [ 257, 259 ],
+    "tcDisplay" : 1,
+    "tcDisplayContentType" : "text/plain"
+  },
+  {
+    "aaid" : "F1D0#0005",
+    "description" : "Android NEVIS Mobile Authentication Password Authenticator",
+    "assertionScheme" : "UAFV1TLV",
+    "attestationRootCertificates" : [
+      "MIIFYDCCA0igAwIBAgIJAOj6GWMU0voYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTYwNTI2MTYyODUyWhcNMjYwNTI0MTYyODUyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaOBpjCBozAdBgNVHQ4EFgQUNmHhAHyIBQlRi0RsR/8aTMnqTxIwHwYDVR0jBBgwFoAUNmHhAHyIBQlRi0RsR/8aTMnqTxIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cHM6Ly9hbmRyb2lkLmdvb2dsZWFwaXMuY29tL2F0dGVzdGF0aW9uL2NybC8wDQYJKoZIhvcNAQELBQADggIBACDIw41L3KlXG0aMiS//cqrG+EShHUGo8HNsw30W1kJtjn6UBwRM6jnmiwfBPb8VA91chb2vssAtX2zbTvqBJ9+LBPGCdw/E53Rbf86qhxKaiAHOjpvAy5Y3m00mqC0w/Zwvju1twb4vhLaJ5NkUJYsUS7rmJKHHBnETLi8GFqiEsqTWpG/6ibYCv7rYDBJDcR9W62BW9jfIoBQcxUCUJouMPH25lLNcDc1ssqvC2v7iUgI9LeoM1sNovqPmQUiG9rHli1vXxzCyaMTjwftkJLkf6724DFhuKug2jITV0QkXvaJWF4nUaHOTNA4uJU9WDvZLI1j83A+/xnAJUucIv/zGJ1AMH2boHqF8CY16LpsYgBt6tKxxWH00XcyDCdW2KlBCeqbQPcsFmWyWugxdcekhYsAWyoSf818NUsZdBWBaR/OukXrNLfkQ79IyZohZbvabO/X+MVT3rriAoKc8oE2Uws6DF+60PV7/WIPjNvXySdqspImSN78mflxDqwLqRBYkA3I75qppLGG9rp7UCdRjxMl8ZDBld+7yvHVgt1cVzJx9xnyGCC23UaicMDSXYrB4I4WHXPGjxhZuCuPBLTdOLU8YRvMYdEvYebWHMpvwGCF6bAx3JBpIeOQ1wDB5y0USicV3YgYGmi+NZfhA4URSh77Yd6uuJOJENRaNVTzk",
+      "MIIFHDCCAwSgAwIBAgIJANUP8luj8tazMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMTkxMTIyMjAzNzU4WhcNMzQxMTE4MjAzNzU4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBOMaBc8oumXb2voc7XCWnuXKhBBK3e2KMGz39t7lA3XXRe2ZLLAkLM5y3J7tURkf5a1SutfdOyXAmeE6SRo83Uh6WszodmMkxK5GM4JGrnt4pBisu5igXEydaW7qq2CdC6DOGjG+mEkN8/TA6p3cnoL/sPyz6evdjLlSeJ8rFBH6xWyIZCbrcpYEJzXaUOEaxxXxgYz5/cTiVKN2M1G2okQBUIYSY6bjEL4aUN5cfo7ogP3UvliEo3Eo0YgwuzR2v0KR6C1cZqZJSTnghIC/vAD32KdNQ+c3N+vl2OTsUVMC1GiWkngNx1OO1+kXW+YTnnTUOtOIswUP/Vqd5SYgAImMAfY8U9/iIgkQj6T2W6FsScy94IN9fFhE1UtzmLoBIuUFsVXJMTz+Jucth+IqoWFua9v1R93/k98p41pjtFX+H8DslVgfP097vju4KDlqN64xV1grw3ZLl4CiOe/A91oeLm2UHOq6wn3esB4r2EIQKb6jTVGu5sYCcdWpXr0AUVqcABPdgL+H7qJguBw09ojm6xNIrw2OocrDKsudk/okr/AwqEyPKw9WnMlQgLIKw1rODG2NvU9oR3GVGdMkUBZutL8VuFkERQGt6vQ2OCw0sV47VMkuYbacK/xyZFiRcrPJPb41zgbQj9XAEyLKCHex0SdDrx+tWUDqG8At2JHA==",
+      "MIIFHDCCAwSgAwIBAgIJAMNrfES5rhgxMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjExMTE3MjMxMDQyWhcNMzYxMTEzMjMxMDQyWjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQBTNNZe5cuf8oiq+jV0itTGzWVhSTjOBEk2FQvh11J3o3lna0o7rd8RFHnN00q4hi6TapFhh4qaw/iG6Xg+xOan63niLWIC5GOPFgPeYXM9+nBb3zZzC8ABypYuCusWCmt6Tn3+Pjbz3MTVhRGXuT/TQH4KGFY4PhvzAyXwdjTOCXID+aHud4RLcSySr0Fq/L+R8TWalvM1wJJPhyRjqRCJerGtfBagiALzvhnmY7U1qFcS0NCnKjoO7oFedKdWlZz0YAfu3aGCJd4KHT0MsGiLZez9WP81xYSrKMNEsDK+zK5fVzw6jA7cxmpXcARTnmAuGUeI7VVDhDzKeVOctf3a0qQLwC+d0+xrETZ4r2fRGNw2YEs2W8Qj6oDcfPvq9JySe7pJ6wcHnl5EZ0lwc4xH7Y4Dx9RA1JlfooLMw3tOdJZH0enxPXaydfAD3YifeZpFaUzicHeLzVJLt9dvGB0bHQLE4+EqKFgOZv2EoP686DQqbVS1u+9k0p2xbMA105TBIk7npraa8VM0fnrRKi7wlZKwdH+aNAyhbXRW9xsnODJ+g8eF452zvbiKKngEKirK5LGieoXBX7tZ9D1GNBH2Ob3bKOwwIWdEFle/YF/h6zWgdeoaNGDqVBrLr2+0DtWoiB1aDEjLWl9FmyIUyUm7mD/vFDkzF+wm7cyWpQpCVQ==",
+      "MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgwNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdSSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggjnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGqC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQoVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+OJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/EgsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRiigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+MRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9EaDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5UmAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1UdIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGICW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2GtkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkxoSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mFmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPzlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVwn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1EuzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHovaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHnw1IdYIg2Wxg7yHcQZemFQg==",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrJblQMA0GCSqGSIb3DQEBCwUAMDoxDTALBgNVBAMMBHRlc3QxCzAJBgNVBAYTAkNIMRwwGgYJKoZIhvcNAQkBFg1mYWtlQGFjbWUuY29tMB4XDTI0MDgxOTE0NTg0MFoXDTI1MDgxOTE0NTg0MFowOjENMAsGA1UEAwwEdGVzdDELMAkGA1UEBhMCQ0gxHDAaBgkqhkiG9w0BCQEWDWZha2VAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcWDBNmdq13fYHnhsmLndAW+MfbI6PeU4OenqfbrTtQUxqpyqhP6QccPYKX2SK3JeQo5uuF1jRD/9i9vAXI9NyiMMHSItjt9LjRs7bWnY4lokYGCAcSZooR9fGZX63dBSQo73V7MC8LDFGy5rw6dGDOmh0ktKxFzaT/nav8/Mx8FyG7M9+b5OPIBo2yze5Rd5cdErGJuUYa9No93BBr5tq+JfnmR/gwgCOke97ovhNj+sMu5bt946AxC6t00wNyPNVlJHKi1os0c/pWztTQkoRAx/w0JYKS9Afl0ZnGWQQ5PNLHHecp2GzriBpQAPXq81QTbOh5H7SzvhkaFQ4oxstAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD8GOaeMDqj2mzMmCqR6Cr3ChkbDAkdsBa5lOAikMKs7/tJyaw8iA5yH0nyobC58Jb61IATuxABPUALhP3RiNsUhnQQF/Dh+6CnCTD/2wsZmr8vUvNqyCLom+xkMT6Wayd9LYW4UONARv1qCLVI4RhiAr5kcomwqZnuj2DRF697lbSQDoz3iuKrCyBYSCBhS+k7UXpqpMyB2D6quRuPqh7JNtMjGSeMiNpMXhx5f4kl1YWb8NU93LDwHFR2kwnGmPA3M272VitcJC4dz3itGRKm9EYGd6d5D7kdC6lqpZPSIopChvXDyVrXjQgckvgtSGKscs6AvYgjthJGsR2z3Eao=",
+      "MIIC8jCCAdqgAwIBAgIGAZFrLh2fMA0GCSqGSIb3DQEBCwUAMDoxDjAMBgNVBAMMBXRlc3R5MQswCQYDVQQGEwJVUzEbMBkGCSqGSIb3DQEJARYMYWJjQGFjbWUuY29tMB4XDTI0MDgxOTE1MDc1MFoXDTI1MDgxOTE1MDc1MFowOjEOMAwGA1UEAwwFdGVzdHkxCzAJBgNVBAYTAlVTMRswGQYJKoZIhvcNAQkBFgxhYmNAYWNtZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqitlYBzaxbPF389ZT5xkSS9Le1qdIOuc+dLVpBSWP9PEJhVZROgdOHs5f666iAcBedQm73sew3rpl+02J4fSgGmPkIYm1G2vkIrpt0eB9KzSc0AiLZbrPcFZOLHcOLoqVTfoRhnmAksHDC2f8euNKhCyriK8xlJb/xPfAfCn4r58ZGsQPUS7cJL6FLYh7FjrqfYDS10VOrQvGOALrG5NUj1DdqRq0M+klgs+6oJdUZTtY62BKkWh3N+7moNvrqykpv+ydFUJltgezDcb4Br8Nkw/breSPnomRfyHIcAcfATZcOPJlI8pO0zFZDIz8r7ESMnBhAxNaZgsUhR2XbaqbAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGw5XLY6GeFJMP350+djhcVqAw+E4HZqCJu1BMpYC0qS2D85fFi3gNuV0TnqB52abX1WBDDJK1CA0SPdyo/nX+qQzP6Dba1AVRKpRzdcsDsMDN3eMC08tajHgIIf5tNDv+HGE/MT2br4o5oducmQMOfV1NTJO1xhXYVqbsUnyrq3S6kD9WS8zRl6ruY1rT26eCQ4hTLHPaAiVsoXh5TBRXYCvGlAw7o2d9cmsbySforZ2wgdZwmu43B5eHNnt4NlDxZRyz6iEDP0nT877aB2ffsOKHAkJNuTvF5JSfnVzLmiyfa/7NI1ujfzcpA2UUXoWa7WN0wACiZQot8Zmswonjc="
+    ],
+    "attestationTypes" : [ 15879, 15880 ],
+    "upv" : [ {
+      "major" : 1,
+      "minor" : 1
+    } ],
+    "userVerificationDetails" : [ [ {
+      "userVerification" : 4
+    } ] ],
+    "attachmentHint" : 1,
+    "authenticationAlgorithms" : [ 2, 9 ],
+    "authenticatorVersion" : 1,
+    "isSecondFactorOnly" : false,
+    "keyProtection" : 1,
+    "matcherProtection" : 1,
+    "publicKeyAlgAndEncodings" : [ 257, 259 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -105,12 +168,12 @@
       "userVerification" : 4
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithm" : 2,
+    "authenticationAlgorithms" : [ 2 ],
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 1,
     "matcherProtection" : 1,
-    "publicKeyAlgAndEncoding" : 257,
+    "publicKeyAlgAndEncodings" : [ 257 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -128,12 +191,12 @@
       "userVerification" : 2
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithm" : 2,
+    "authenticationAlgorithms" : [ 2 ],
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 6,
     "matcherProtection" : 2,
-    "publicKeyAlgAndEncoding" : 257,
+    "publicKeyAlgAndEncodings" : [ 257 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -151,12 +214,12 @@
       "userVerification" : 16
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithm" : 2,
+    "authenticationAlgorithms" : [ 2 ],
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 6,
     "matcherProtection" : 2,
-    "publicKeyAlgAndEncoding" : 257,
+    "publicKeyAlgAndEncodings" : [ 257 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
   },
@@ -174,13 +237,35 @@
       "userVerification" : 4
     } ] ],
     "attachmentHint" : 1,
-    "authenticationAlgorithm" : 2,
+    "authenticationAlgorithms" : [ 2 ],
     "authenticatorVersion" : 1,
     "isSecondFactorOnly" : false,
     "keyProtection" : 6,
     "matcherProtection" : 2,
-    "publicKeyAlgAndEncoding" : 257,
+    "publicKeyAlgAndEncodings" : [ 257 ],
     "tcDisplay" : 1,
     "tcDisplayContentType" : "text/plain"
-  }
+  },
-]
+  {
+    "aaid" : "F1D0#1005",
+    "description" : "iOS NEVIS Mobile Authentication Password Authenticator",
+    "assertionScheme" : "UAFV1TLV",
+    "attestationRootCertificates" : [],
+    "attestationTypes" : [ 15880 ],
+    "upv" : [ {
+      "major" : 1,
+      "minor" : 1
+    } ],
+    "userVerificationDetails" : [ [ {
+      "userVerification" : 4
+    } ] ],
+    "attachmentHint" : 1,
+    "authenticationAlgorithms" : [ 2 ],
+    "authenticatorVersion" : 1,
+    "isSecondFactorOnly" : false,
+    "keyProtection" : 1,
+    "matcherProtection" : 1,
+    "publicKeyAlgAndEncodings" : [ 257 ],
+    "tcDisplay" : 1,
+    "tcDisplayContentType" : "text/plain"
+  }]

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/nevisfido.yml

@@ -1,103 +1,43 @@
 server:
   port: 9443
-  host: 0.0.0.0
+  host: "0.0.0.0"
-  protocol: https
+  protocol: "https"
   tls:
-    keystore: /var/opt/keys/own/fido-uaf-default-server-identity/keystore.p12
+    keystore: "/var/opt/keys/own/fido-uaf-default-server-identity/keystore.p12"
-    keystore-passphrase: ${exec:/var/opt/keys/own/fido-uaf-default-server-identity/keypass}
+    keystore-type: "pkcs12"
-    keystore-type: pkcs12
+    keystore-passphrase: "${exec:/var/opt/keys/own/fido-uaf-default-server-identity/keypass}"
-    truststore: /var/opt/keys/trust/fido-uaf-fido-uaf-extended-frontent-truststore/truststore.p12
+    truststore: "/var/opt/keys/trust/fido-uaf-fido-uaf-extended-frontent-truststore/truststore.p12"
-    truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-fido-uaf-extended-frontent-truststore/keypass}
+    truststore-type: "pkcs12"
-    truststore-type: pkcs12
+    truststore-passphrase: "${exec:/var/opt/keys/trust/fido-uaf-fido-uaf-extended-frontent-truststore/keypass}"
-
 management:
   server:
     port: 9089
   healthchecks:
     enabled: true
-
-credential-repository:
-  type: nevisidm
-  rest-url: https://idm:8989/nevisidm
-  administration-url: https://idm:8989/nevisidm/services/v1_46/AdminService
-  keystore: /var/opt/keys/own/fido-uaf-default-client-identity/keystore.p12
-  keystore-passphrase: ${exec:/var/opt/keys/own/fido-uaf-default-client-identity/keypass}
-  keystore-type: pkcs12
-  truststore: /var/opt/keys/trust/fido-uaf-default-server-trust/truststore.p12
-  truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-default-server-trust/keypass}
-  truststore-type: pkcs12
-  admin-service-version: v1_46
-  client-id: cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720
-  user-attribute: extId
-
-session-repository:
-  type: in-memory
-  jdbc-url: 
-  max-connection-lifetime: 
-  user: 
-  password: 
-  schema-user: 
-  schema-user-password: 
-  automatic-db-schema-setup: false
-
 fido-uaf:
   enabled: true
-  app-id: https://auth.agov-w.azure.adnovum.net/nevisfido/uaf/1.1/facets
+  app-id: "https://auth.agov-w.azure.adnovum.net/nevisfido/uaf/1.1/facets"
   facets:
-    - android:apk-key-hash:kb0yJ345nFUmt4nOYK5Li7KvwDDobMKPosY48Uwb0QI
+  - "android:apk-key-hash:kb0yJ345nFUmt4nOYK5Li7KvwDDobMKPosY48Uwb0QI"
-    - ios:bundle-id:ch.agov.accessapp.t
+  - "ios:bundle-id:ch.agov.accessapp.t"
-    - android:apk-key-hash:msmxrDDoIcxmazyIf9aj8uIvRXdH/wX668OQYaYdXpE
+  - "android:apk-key-hash:msmxrDDoIcxmazyIf9aj8uIvRXdH/wX668OQYaYdXpE"
-    - ios:bundle-id:ch.agov.accessapp
+  - "ios:bundle-id:ch.agov.accessapp"
-    - android:apk-key-hash:BFZz7gpBpUUk8rLis19LKpR6ZcIZkdxxFPYOwBSKKQk
+  - "android:apk-key-hash:BFZz7gpBpUUk8rLis19LKpR6ZcIZkdxxFPYOwBSKKQk"
-    - android:apk-key-hash:xoRd0kamp4TSJcvzfWzNoivuNldp+GKI7fjnwX+VEFg
+  - "android:apk-key-hash:xoRd0kamp4TSJcvzfWzNoivuNldp+GKI7fjnwX+VEFg"
-  metadata:
-    path: conf/metadata/metadata.json
   policy:
-    path: conf/policy/
+    path: "conf/policy/"
   timeout:
-    registration: 600s
+    registration: "300s"
-    authentication: 600s
+    authentication: "300s"
-    token-registration: 180s
+    token-registration: "180s"
-    token-authentication: 180s
+    token-deregistration: "180s"
-    token-deregistration: 600s
+    token-authentication: "180s"
+    device-request: "600s"
   transaction-confirmation:
     max-text-length: 2000
-  authorization:
+  metadata:
-    registration:
+    path: "conf/metadata/metadata.json"
-      type: sectoken
+  idm-connection-type: "soap"
-      truststore: /var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12
-      truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}
-      truststore-type: pkcs12
-      username-attribute-names:
-        - loginId
-        - userid
-    authentication:
-      type: none
-    deregistration:
-      type: sectoken
-      truststore: /var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12
-      truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}
-      truststore-type: pkcs12
-      username-attribute-names:
-        - loginId
-        - userid
-    create-dispatch-target:
-      type: sectoken
-      truststore: /var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12
-      truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}
-      truststore-type: pkcs12
-      username-attribute-names:
-        - loginId
-        - userid
-    query-dispatch-target:
-      type: none
-    delete-dispatch-target:
-      type: sectoken
-      truststore: /var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12
-      truststore-passphrase: ${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}
-      truststore-type: pkcs12
-      username-attribute-names:
-        - userid
   dispatchers:
   - type: "firebase-cloud-messaging"
     dry-run: false
@@ -114,3 +54,63 @@ fido-uaf:
     authentication-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/authentication"
     deregistration-redeem-url: "https://auth.agov-w.azure.adnovum.net/nevisfido/token/redeem/deregistration"
     base-url: "ch.agov.access-t://x-callback-url/authenticate"
+  basic-full-attestation:
+    android-verification-level: "strict"
+  authorization:
+    registration:
+      type: "sectoken"
+      truststore: "/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12"
+      truststore-type: "pkcs12"
+      truststore-passphrase: "${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}"
+      username-attribute-names:
+      - "loginId"
+      - "userid"
+    authentication:
+      type: "none"
+    deregistration:
+      type: "sectoken"
+      truststore: "/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12"
+      truststore-type: "pkcs12"
+      truststore-passphrase: "${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}"
+      username-attribute-names:
+      - "loginId"
+      - "userid"
+    create-dispatch-target:
+      type: "sectoken"
+      truststore: "/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12"
+      truststore-type: "pkcs12"
+      truststore-passphrase: "${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}"
+      username-attribute-names:
+      - "loginId"
+      - "userid"
+    query-dispatch-target:
+      type: "none"
+    delete-dispatch-target:
+      type: "sectoken"
+      truststore: "/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/truststore.p12"
+      truststore-type: "pkcs12"
+      truststore-passphrase: "${exec:/var/opt/keys/trust/fido-uaf-internal-idp-auth-signer-trust/keypass}"
+      username-attribute-names:
+      - "userid"
+session-repository:
+  type: "sql"
+  jdbc-url: "jdbc:mariadb://mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat:3306/nevisfido_uaf?sslMode=disable&autocommit=true"
+  max-connection-lifetime: "10m"
+  user: "${exec:/var/opt/nevisfido/default/conf/credentials/dbUser}"
+  password: "${exec:/var/opt/nevisfido/default/conf/credentials/dbPassword}"
+  schema-user: ""
+  schema-user-password: ""
+  automatic-db-schema-setup: false
+credential-repository:
+  type: "nevisidm"
+  client-id: "cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720"
+  user-attribute: "extId"
+  administration-url: "https://idm.adn-agov-nevisidm-admin-01-uat:8989/nevisidm/services/v1_46/AdminService"
+  admin-service-version: "v1_46"
+  rest-url: "https://idm.adn-agov-nevisidm-admin-01-uat:8989/nevisidm"
+  keystore: "/var/opt/keys/own/fido-uaf-default-client-identity/keystore.p12"
+  keystore-type: "pkcs12"
+  keystore-passphrase: "${exec:/var/opt/keys/own/fido-uaf-default-client-identity/keypass}"
+  truststore: "/var/opt/keys/trust/fido-uaf-idp-extended-truststore/truststore.p12"
+  truststore-type: "pkcs12"
+  truststore-passphrase: "${exec:/var/opt/keys/trust/fido-uaf-idp-extended-truststore/keypass}"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-default-signer-trust-087f275433f3973a1421318f.yaml

@@ -1,12 +0,0 @@
-apiVersion: "operator.nevis-security.ch/v1"
-kind: "NevisTrustStore"
-metadata:
-  name: "fido2-default-signer-trust"
-  namespace: "adn-agov-nevisidm-01-uat"
-  labels:
-    deploymentTarget: "fido2"
-  annotations:
-    projectKey: "DEFAULT-ADN-AGOV-PROJECT"
-    patternId: "087f275433f3973a1421318f"
-spec:
-  keystores: []

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-fido2-idp-extended-truststore-087f275433f3973a1421318f.yaml

@@ -1,7 +1,7 @@
 apiVersion: "operator.nevis-security.ch/v1"
 kind: "NevisTrustStore"
 metadata:
-  name: "fido2-default-server-trust"
+  name: "fido2-idp-extended-truststore"
   namespace: "adn-agov-nevisidm-01-uat"
   labels:
     deploymentTarget: "fido2"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisFIDO"
   replicas: 1
-  version: "7.2402.1"
+  version: "8.2411.2"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -28,20 +28,25 @@ spec:
     management:
       httpGet:
         path: "/nevisfido/liveness"
-      initialDelaySeconds: 40
+      periodSeconds: 5
-      periodSeconds: 30
       timeoutSeconds: 6
   readinessProbe:
     management:
       httpGet:
         path: "/nevisfido/health"
-      initialDelaySeconds: 40
+      periodSeconds: 5
-      periodSeconds: 30
       timeoutSeconds: 6
+  startupProbe:
+    management:
+      httpGet:
+        path: "/nevisfido/health"
+      periodSeconds: 5
+      timeoutSeconds: 6
+      failureThreshold: 50
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-17392f4fc2f29ede0c371af50d06749396d69a29"
+    tag: "r-317ed268556b37656f27fb58fcffd4797cea27e4"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2"
     credentials: "git-credentials"
   keystores:
@@ -49,8 +54,7 @@ spec:
   - "fido2-default-client-identity"
   truststores:
   - "fido2-default-tls-client-trust"
-  - "fido2-default-signer-trust"
+  - "fido2-idp-extended-truststore"
-  - "fido2-default-server-trust"
   podSecurity:
     policy: "baseline"
     automountServiceAccountToken: false

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf

@@ -6,5 +6,5 @@ JAVA_OPTS=(
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=7.2402.1,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/logging.yml

@@ -12,6 +12,8 @@ Configuration:
         onMismatch: "ACCEPT"
   Loggers:
     Logger:
+    - name: "ProductAnalytics"
+      level: "INFO"
     - name: "ch.nevis.auth.fido.application.Application"
       level: "INFO"
     Root:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/nevisfido.yml

@@ -1,51 +1,50 @@
 server:
   port: 9443
-  protocol: https
+  protocol: "https"
   tls:
-    keystore: /var/opt/keys/own/fido2-default-identity/keystore.p12
+    keystore: "/var/opt/keys/own/fido2-default-identity/keystore.p12"
-    keystore-passphrase: ${exec:/var/opt/keys/own/fido2-default-identity/keypass}
+    keystore-passphrase: "${exec:/var/opt/keys/own/fido2-default-identity/keypass}"
-    keystore-type: pkcs12
+    keystore-type: "pkcs12"
-
+    truststore: "/var/opt/keys/trust/fido2-default-tls-client-trust/truststore.p12"
+    truststore-passphrase: "${exec:/var/opt/keys/trust/fido2-default-tls-client-trust/keypass}"
+    truststore-type: "pkcs12"
 management:
   server:
     port: 9089
   healthchecks:
     enabled: true
-
 credential-repository:
-  type: nevisidm
+  type: "nevisidm"
-  client-id: cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720
+  client-id: "cfa9c9b9-119f-4dff-9bb8-86d7c0cf2720"
-  rest-url: https://idm:8989/nevisidm
+  rest-url: "https://idm.adn-agov-nevisidm-admin-01-uat:8989/nevisidm"
-  keystore: /var/opt/keys/own/fido2-default-client-identity/keystore.p12
+  keystore: "/var/opt/keys/own/fido2-default-client-identity/keystore.p12"
-  keystore-passphrase: ${exec:/var/opt/keys/own/fido2-default-client-identity/keypass}
+  keystore-passphrase: "${exec:/var/opt/keys/own/fido2-default-client-identity/keypass}"
-  truststore: /var/opt/keys/trust/fido2-default-server-trust/truststore.p12
+  keystore-type: "pkcs12"
-  truststore-passphrase: ${exec:/var/opt/keys/trust/fido2-default-server-trust/keypass}
+  truststore: "/var/opt/keys/trust/fido2-idp-extended-truststore/truststore.p12"
-  user-attribute: extId
+  truststore-passphrase: "${exec:/var/opt/keys/trust/fido2-idp-extended-truststore/keypass}"
-
+  truststore-type: "pkcs12"
-session-repository:
+  user-attribute: "extId"
-  type: in-memory
-  jdbc-url: 
-  max-connection-lifetime: 
-  user: 
-  password: 
-  schema-user: 
-  schema-user-password: 
-  automatic-db-schema-setup: true
-
 fido2:
   enabled: true
-  rp-name: AGOV-RelPartName
+  rp-name: "AGOV-RelPartName"
-  rp-id: adnovum.net
+  rp-id: "adnovum.net"
   origins:
-    - https://me.agov-w.azure.adnovum.net
+  - "https://ob.agov-w.azure.adnovum.net"
-    - https://nevisidm.agov-w.azure.adnovum.net
+  - "https://auth.agov-w.azure.adnovum.net"
-    - https://auth.agov-w.azure.adnovum.net
+  - "https://nevisidm.agov-w.azure.adnovum.net"
   signature-algorithms:
-    - RS1
+  - "RS1"
-    - RS256
+  - "RS256"
-    - RS384
+  - "RS384"
-    - RS512
+  - "RS512"
-    - ES256
+  - "ES256"
-    - ES384
+  - "ES384"
-    - ES512
+  - "ES512"
-  display-name-source: loginId
+  display-name-source: "email"
+  metadata:
+    allow-listing-enabled: false
+  timeout:
+    user-verification: "300s"
+    no-user-verification: "120s"
+session-repository:
+  type: "in-memory"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-idm-db-2951ead44a7a9362a4545094.yaml

@@ -0,0 +1,28 @@
+apiVersion: "operator.nevis-security.ch/v1"
+kind: "NevisDatabase"
+metadata:
+  name: "idm"
+  namespace: "adn-agov-nevisidm-01-uat"
+  labels:
+    deploymentTarget: "idm"
+    trustImport: "idm-technical-trust-store-1058498828"
+  annotations:
+    projectKey: "DEFAULT-ADN-AGOV-PROJECT"
+    patternId: "2951ead44a7a9362a4545094"
+spec:
+  type: "NevisIDM"
+  databaseType: "MariaDB"
+  version: "8.2411.1"
+  url: "mariadb-agov-uat.mariadb.database.azure.com"
+  port: 3306
+  ssl: true
+  database: "nevisidm_uat"
+  bootstrap: true
+  migrate: true
+  rootCredentials:
+    name: "root-adn-agov-nevisidm-admin-01-uat-idm"
+    namespace: "adn-agov-nevisidm-admin-01-uat"
+  podSecurity:
+    policy: "baseline"
+    automountServiceAccountToken: false
+  timeZone: "Europe/Zurich"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-idm-idp-idm-sectoken-signer-trust-b8a36646f81c3247cdb5d90b.yaml

@@ -1,7 +1,7 @@
 apiVersion: "operator.nevis-security.ch/v1"
 kind: "NevisTrustStore"
 metadata:
-  name: "idm-internal-idp-auth-signer-trust"
+  name: "idm-idp-idm-sectoken-signer-trust"
   namespace: "adn-agov-nevisidm-01-uat"
   labels:
     deploymentTarget: "idm"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisIDM"
   replicas: 1
-  version: "7.2402.2"
+  version: "8.2411.3"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -28,27 +28,35 @@ spec:
     management:
       httpGet:
         path: "/liveness"
-      initialDelaySeconds: 40
+      periodSeconds: 5
-      periodSeconds: 30
       timeoutSeconds: 6
   readinessProbe:
     management:
       httpGet:
         path: "/health"
-      initialDelaySeconds: 40
+      periodSeconds: 5
-      periodSeconds: 30
       timeoutSeconds: 6
+  startupProbe:
+    management:
+      httpGet:
+        path: "/health"
+      periodSeconds: 5
+      timeoutSeconds: 6
+      failureThreshold: 50
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-17392f4fc2f29ede0c371af50d06749396d69a29"
+    tag: "r-a7ea09396ec9921779728521cfa55f36bb60d4da"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm"
     credentials: "git-credentials"
+  database:
+    name: "idm"
+    requiredVersion: "8.2411.1"
   keystores:
   - "idm-default-identity"
   truststores:
+  - "idm-idp-idm-sectoken-signer-trust"
   - "idm-technical-trust-store"
-  - "idm-internal-idp-auth-signer-trust"
   podSecurity:
     policy: "baseline"
     automountServiceAccountToken: false

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/env.conf

@@ -1 +1,8 @@
-JAVA_OPTS="-XX:+UseContainerSupport -XX:MaxRAMPercentage=80.0 -javaagent:/opt/agent/opentelemetry-javaagent.jar -Dotel.javaagent.logging=application -Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties -Dotel.resource.attributes=service.version=7.2402.2,service.instance.id=$HOSTNAME"
+JAVA_OPTS=(
+    "-XX:+UseContainerSupport"
+    "-XX:MaxRAMPercentage=80.0"
+    "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
+    "-Dotel.javaagent.logging=application"
+    "-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
+    "-Dotel.resource.attributes=service.version=8.2411.3,service.instance.id=$HOSTNAME"
+)

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/logging.yml

@@ -20,6 +20,8 @@ Configuration:
         onMismatch: "ACCEPT"
   Loggers:
     Logger:
+    - name: "ProductAnalytics"
+      level: "INFO"
     - name: "ch.nevis.idm.batch.jobs"
       level: "INFO"
       additivity: "false"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/nevisidm-prod.properties

@@ -3,9 +3,9 @@ web.gui.languages.default=de
 # source: pattern://2951ead44a7a9362a4545094
 database.connection.url=jdbc:mariadb://mariadb-agov-uat.mariadb.database.azure.com:3306/nevisidm_uat?pinGlobalTxToPhysicalConnection=1&useMysqlMetadata=true&cachePrepStmts=true&prepStmtCacheSize=1000&useSSL=true&trustStore=/var/opt/keys/trust/idm-db-tls-truststore/truststore.jks
 # source: pattern://2951ead44a7a9362a4545094
-database.connection.username=adndbadmin
+database.connection.username=${exec:/var/opt/nevisidm/default/conf/credentials/dbUser}
 # source: pattern://2951ead44a7a9362a4545094
-database.connection.password=secret://59f191e7aa67a1ed9f7b87d2
+database.connection.password=${exec:/var/opt/nevisidm/default/conf/credentials/dbPassword}
 # source: pattern://b8a36646f81c3247cdb5d90b
 application.mail.smtp.host=greenmail.adn-agov-mail-01-uat.svc
 # source: pattern://b8a36646f81c3247cdb5d90b
@@ -13,6 +13,8 @@ application.mail.smtp.port=3025
 # source: pattern://b8a36646f81c3247cdb5d90b
 application.mail.sender=noreply-agov-uat@adnovum.ch
 # source: pattern://71411a755a625f9b850c6cf5
+application.config.credentialTypesToBeLockedInDatabase=URLTICKET,SAMLFEDERATION,CONTEXTPASSWORD
+# source: pattern://71411a755a625f9b850c6cf5
 application.feature.email.validation.enabled=false
 # source: pattern://71411a755a625f9b850c6cf5, pattern://b8a36646f81c3247cdb5d90b
 application.feature.multiclientmode.enabled=true
@@ -51,7 +53,7 @@ application.modules.event.repeat.count=0
 # source: pattern://71411a755a625f9b850c6cf5
 application.modules.provisioning.enabled=false
 # source: pattern://71411a755a625f9b850c6cf5
-database.connection.pool.size.max=10
+database.connection.pool.size.max=5
 # source: pattern://71411a755a625f9b850c6cf5
 database.connection.pool.size.min=5
 # source: pattern://71411a755a625f9b850c6cf5
@@ -89,6 +91,8 @@ server.host=0.0.0.0
 # source: pattern://b8a36646f81c3247cdb5d90b
 server.tls.enabled=true
 # source: pattern://b8a36646f81c3247cdb5d90b
+server.tls.client-auth=requested
+# source: pattern://b8a36646f81c3247cdb5d90b
 server.tls.keystore=/var/opt/keys/own/idm-default-identity/keystore.p12
 # source: pattern://b8a36646f81c3247cdb5d90b
 server.tls.keystore-passphrase=${exec:/var/opt/keys/own/idm-default-identity/keypass}
@@ -97,7 +101,7 @@ server.tls.truststore=/var/opt/keys/trust/idm-technical-trust-store/truststore.p
 # source: pattern://b8a36646f81c3247cdb5d90b
 server.tls.truststore-passphrase=${exec:/var/opt/keys/trust/idm-technical-trust-store/keypass}
 # source: pattern://b8a36646f81c3247cdb5d90b
-server.auth.ninja.truststore=/var/opt/keys/trust/idm-internal-idp-auth-signer-trust/truststore.jks
+server.auth.ninja.truststore=/var/opt/keys/trust/idm-idp-idm-sectoken-signer-trust/truststore.jks
 # source: pattern://b8a36646f81c3247cdb5d90b
 management.healthchecks.enabled=true
 # source: pattern://b8a36646f81c3247cdb5d90b

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml

@@ -11,7 +11,7 @@ metadata:
 spec:
   type: "NevisLogrend"
   replicas: 1
-  version: "7.2402.0"
+  version: "8.2411.2"
   gitInitVersion: "1.3.0"
   runAsNonRoot: true
   ports:
@@ -28,19 +28,23 @@ spec:
     management:
       httpGet:
         path: "/nevislogrend/liveness"
-      initialDelaySeconds: 40
+      periodSeconds: 5
-      periodSeconds: 30
       timeoutSeconds: 6
   readinessProbe:
     server:
       tcpSocket: true
-      initialDelaySeconds: 40
+      periodSeconds: 5
-      periodSeconds: 20
       timeoutSeconds: 4
+  startupProbe:
+    server:
+      tcpSocket: true
+      periodSeconds: 5
+      timeoutSeconds: 4
+      failureThreshold: 50
   podDisruptionBudget:
     maxUnavailable: "50%"
   git:
-    tag: "r-17392f4fc2f29ede0c371af50d06749396d69a29"
+    tag: "r-0a95034444af9c2e5b4a8c12cc3a0f444f6b0447"
     dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
     credentials: "git-credentials"
   podSecurity:

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/env.conf

@@ -4,11 +4,11 @@ RTENV_SECURITY_CHECK=no_shell
 LOGREND_DEPLOY_TYPE=standalone
 
 JAVA_OPTS=(
-    "-Dfile.encoding=UTF-8"
     "-XX:+UseContainerSupport"
+    "-Dfile.encoding=UTF-8"
     "-XX:MaxRAMPercentage=80.0"
     "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
     "-Dotel.javaagent.logging=application"
     "-Dotel.javaagent.configuration-file=/var/opt/nevislogrend/default/conf/otel.properties"
-    "-Dotel.resource.attributes=service.version=7.2402.0,service.instance.id=$HOSTNAME"
+    "-Dotel.resource.attributes=service.version=8.2411.2,service.instance.id=$HOSTNAME"
 )

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/logging.yml

@@ -11,7 +11,9 @@ Configuration:
         onMatch: "DENY"
         onMismatch: "ACCEPT"
   Loggers:
-    Logger: []
+    Logger:
+    - name: "ProductAnalytics"
+      level: "INFO"
     Root:
       level: "WARN"
       additivity: "false"

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/conf/logrend.properties

@@ -4,12 +4,14 @@ application.gui.litdict=yes
 application.gui.substitution=yes
 application.input.charset=UTF-8
 application.inputs.htmlencode=yes
-application.language.cookie.de=LANG:de:.agov-w.azure.adnovum.net
+application.language.cookie.de=LANG:de:.agov-d.azure.adnovum.net
-application.language.cookie.en=LANG:en:.agov-w.azure.adnovum.net
+application.language.cookie.en=LANG:en:.agov-d.azure.adnovum.net
-application.language.cookie.fr=LANG:fr:.agov-w.azure.adnovum.net
+application.language.cookie.fr=LANG:fr:.agov-d.azure.adnovum.net
-application.language.cookie.it=LANG:it:.agov-w.azure.adnovum.net
+application.language.cookie.it=LANG:it:.agov-d.azure.adnovum.net
+application.language.cookie.rm=LANG:rm:.agov-d.azure.adnovum.net
+application.languages=de,fr,it,rm,en
 application.loginapp.current=
-application.loginapp.default=Auth_Realm_Recovery
+application.loginapp.default=Auth_Realm_Main_IDP
 application.loginapp.override=header:channel
 application.package.name=nevislogrend
 application.render.content.type=text/html; charset=UTF-8
@@ -19,9 +21,11 @@ application.webdata.pathparam=logrendresourcepath
 application.webdata.pathparam.default=/login/resources
 cache.revalidate.delay=-1
 cache.source=file
+env.name=work
 keytag.end=}
 keytag.start=${
 management.healthchecks.enabled=true
+page.title=AGOV Work IdP
 path.config=/var/opt/nevislogrend/default/conf
 path.instance=/var/opt/nevislogrend/default
 server.host=0.0.0.0

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/default.properties

@@ -13,14 +13,22 @@ application.language.source.3=gui
 # source: pattern://4fcfadb4a5c946ead7e6e995
 application.language.source.4=browser
 # source: pattern://4fcfadb4a5c946ead7e6e995
-application.languages=en,de,fr,it
+cache.revalidate.delay=-1
+# source: pattern://4fcfadb4a5c946ead7e6e995
+application.languages=de,fr,it,rm,en
+# source: pattern://4fcfadb4a5c946ead7e6e995, pattern://097929211988398a87bcbb0c
+application.language.cookie.de=LANG:de:.agov-d.azure.adnovum.net
+# source: pattern://4fcfadb4a5c946ead7e6e995, pattern://097929211988398a87bcbb0c
+application.language.cookie.fr=LANG:fr:.agov-d.azure.adnovum.net
+# source: pattern://4fcfadb4a5c946ead7e6e995, pattern://097929211988398a87bcbb0c
+application.language.cookie.it=LANG:it:.agov-d.azure.adnovum.net
+# source: pattern://4fcfadb4a5c946ead7e6e995, pattern://097929211988398a87bcbb0c
+application.language.cookie.rm=LANG:rm:.agov-d.azure.adnovum.net
+# source: pattern://4fcfadb4a5c946ead7e6e995, pattern://097929211988398a87bcbb0c
+application.language.cookie.en=LANG:en:.agov-d.azure.adnovum.net
+# source: pattern://4fcfadb4a5c946ead7e6e995
+env.name=work
+# source: pattern://4fcfadb4a5c946ead7e6e995
+page.title=AGOV Work IdP
 # source: pattern://4fcfadb4a5c946ead7e6e995
 application.languages.default=en
-# source: pattern://097929211988398a87bcbb0c
-application.language.cookie.en=LANG:en:.agov-w.azure.adnovum.net
-# source: pattern://097929211988398a87bcbb0c
-application.language.cookie.de=LANG:de:.agov-w.azure.adnovum.net
-# source: pattern://097929211988398a87bcbb0c
-application.language.cookie.fr=LANG:fr:.agov-w.azure.adnovum.net
-# source: pattern://097929211988398a87bcbb0c
-application.language.cookie.it=LANG:it:.agov-w.azure.adnovum.net

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text.properties

@@ -1,210 +1,253 @@
 
-button.submit=Submit
+agov-ident.done.message=Ihr AGOV-Konto ist nun einsatzbereit. Bitte schliessen Sie diese Seite.
-darkModeSwitch.aria.label=Dark mode toggle
+agov-ident.done.title=Fertig
-error.policy.failed=The new password does not comply with the policy.
+agov-ident.failed.instruction=Sie benötigen ein AGOV-Konto und müssen die vorgeschlagene Datenüberprüfung bestehen, um das Onboarding erfolgreich abzuschliessen. Bitte versuchen Sie es erneut.
-error_1=Please check your input.
+agov-ident.failed.message=Onboarding abgebrochen oder Verifikation der Daten verschoben
-error_10=Please select the correct user account.
+agov-ident.failed.title=Verifikation erforderlich
-error_100=Certificate upload not possible. Certificate already exists. Please contact your helpdesk.
+agov-ident.invalid-url.instruction=Der Link, den Sie für den Zugriff auf diese Seite verwendet haben, ist ungültig. Bitte stellen Sie sicher, dass Sie ihn so verwenden, wie Sie ihn erhalten haben, ohne Tippfehler, oder klicken Sie ihn direkt auf der Seite an, auf der er veröffentlicht ist.
-error_101=The entered email address is not valid.
+agov-ident.invalid-url.message=Link kann nicht verarbeitet werden
-error_11=Please use another certficate or login with another credential type.
+agov-ident.invalid-url.title=Ungültiger Link
-error_2=Please select another login name.
+agov-ident.onboarding=Registrierung & Verifikation
-error_3=Your account will be locked if next authentication fails.
+agov-ident.retry=Versuchen Sie es erneut
-error_4=Your new password does not comply with the security policy. Please choose a different password.
+button.submit=Senden
-error_5=Error in password confirmation.
+darkModeSwitch.aria.label=Dark-Mode-Schalter
-error_50=The new password is too short.
+error.policy.failed=Das neue Passwort stimmt nicht mit der Richtlinie überein.
-error_55=The new password has to differ from old passwords.
+error_1=Bitte überprüfen Sie Ihre Eingaben.
-error_6=Password change required.
+error_10=Bitte wählen Sie das richtige Benutzerkonto aus.
-error_7=Change of login ID required.
+error_100=Zertifikat-Upload nicht möglich. Das Zertifikat existiert bereits. Wenden Sie sich an Ihr Helpdesk.
-error_8=Your account has been locked due to repeated authentication failures.
+error_101=Die eingegebene E-Mail-Adresse ist ungültig.
-error_81=No access card found, access from internet denied.
+error_11=Bitte verwenden Sie ein anderes Zertifikat oder melden Sie sich mit einer anderen Art von Credential an.
-error_83=Your access card is no longer valid. Please contact your advisor to get a new access card.
+error_2=Bitte wählen Sie einen anderen Login-Namen.
-error_9=Session take over failed.
+error_3=Wenn die nächste Authentifizierung fehlschlägt, wird Ihr Konto gesperrt.
-error_97=You are not authorized to access this resource.
+error_4=Ihr neues Passwort verstösst gegen die Sicherheitsrichtlinien. Bitte wählen Sie ein anderes Passwort.
-error_98=Your account has been locked.
+error_5=Fehler bei der Passwortbestätigung.
-error_99=System problems. Please try later.
+error_50=Das neue Passwort ist zu kurz.
-error_9901=You need a valid on-boarding link to access this page.
+error_55=Das neue Passwort muss sich von alten Passwörtern unterscheiden.
-error_9902=The email used for authentication doesn't match the expected one in operations. Please ask for a new on-boarding link.
+error_6=Passwortänderung erforderlich.
-error_9903=The used IdP didn't send us a valid assertion. Please make sure, you use the correct IdP. Ask the support for a new on-boarding link.
+error_7=Änderung der Login-ID erforderlich.
-error_9904=Your link is not valid anymore. Please make sure, that you are using the latest Link received from operations. Ask for a new link, if the problem persists.
+error_8=Ihr Konto wurde aufgrund wiederholter fehlgeschlagener Authentifizierungsversuche gesperrt.
-error_9905=There is a problem with your operations account. Please contact the support.
+error_81=Keine Zugangskarte gefunden, Zugang über das Internet verweigert.
-error_9909=An internal error occured. Please ask the support for a new on-boarding link.
+error_83=Ihre Zugangskarte ist nicht mehr gültig. Bitte wenden Sie sich an Ihre Beratungsperson, um eine neue Zugangskarte zu erhalten.
-errors.duplicateValue=Your account is already linked with another operations access.
+error_9=Übernahme der Sitzung fehlgeschlagen.
-fido2_auth.cancel.fido=The security key authentication was interrupted. Please ensure your FIDO key is registered and your email is correct, then follow the steps below.
+error_97=Sie sind nicht berechtigt, auf diese Ressource zuzugreifen.
-fido2_auth.instruction1=Click on "Continue"
+error_98=Ihr Konto wurde gesperrt.
-fido2_auth.instruction2=An authentication window will appear
+error_99=Systemprobleme: Bitte versuchen Sie es später noch einmal.
-fido2_auth.instruction3=Follow the instructions
+error_9901=Sie benötigen einen gültigen Onboarding-Link, um auf diese Seite zuzugreifen.
-fido2_auth.skipInstructions=Skip instructions next time
+error_9902=Die für die Authentifizierung verwendete E-Mail-Adresse stimmt nicht mit der erwarteten E-Mail-Adresse in Operations überein. Bitte fordern Sie einen neuen Onboarding-Link an.
-fido2_auth.switchLogin=SWITCH TO LOGIN WITH
+error_9903=Der verwendete IdP hat uns keine gültige Assertion gesendet. Bitte stellen Sie sicher, dass Sie den richtigen IdP verwenden. Fordern Sie beim Support einen neuen Onboarding-Link an.
-footer.link=https://agov.ch/?c=contact&l=en
+error_9904=Ihr Link ist nicht mehr gültig. Bitte stellen Sie sicher, dass Sie den neuesten Link verwenden, den Sie von Operations erhalten haben. Fordern Sie einen neuen Link an, falls das Problem weiterhin besteht.
-footer.link.label=Contact
+error_9905=Es gibt ein Problem mit Ihrem Operations-Konto. Kontaktieren Sie bitte den Support.
-footer.text=Authentication service of Swiss authorities AGOV - a collaboration between cantons, their municipalities, and the federal administration. -
+error_9909=Es ist ein interner Fehler aufgetreten. Bitten Sie den Support um einen neuen Onboarding-Link.
-general.AGOVAccessApp=AGOV access app
+errors.duplicateValue=Ihr Konto ist bereits mit einem anderen Operations-Zugang verknüpft.
-general.accessApp=AGOV access app
+fido2_auth.cancel.fido=Die Authentifizierung mit dem Sicherheitsschlüssel wurde unterbrochen. Bitte vergewissern Sie sich, dass Ihr FIDO-Schlüssel registriert ist und Ihre E-Mail korrekt ist.
-general.authenticate=Authenticate
+fido2_auth.instruction1=Klicken Sie auf "Weiter"
-general.back=Back
+fido2_auth.instruction2=Ein Authentifizierungsfenster wird erscheinen
-general.cancel=Cancel
+fido2_auth.instruction3=Folgen Sie den Anweisungen
-general.confirm=Confirm
+fido2_auth.skipInstructions=Anweisungen nächstes Mal überspringen
-general.contactSupport=Contact Support
+fido2_auth.switchLogin=WECHSEL ZU LOGIN MIT
-general.continue=Continue
+footer.link=https://agov.ch
-general.edit=Edit
+footer.link.label=Kontakt
-general.email=Email
+footer.text=Authentifizierungsdienst der Schweizer Behörden AGOV – eine Zusammenarbeit zwischen den Kantonen, deren Gemeinden und der Bundesverwaltung. -
-general.email.address=Email address
+general.AGOVAccessApp=AGOV access App
-general.entryCode=Code entry
+general.accessApp=AGOV access App
-general.getStarted=Get started
+general.authenticate=Authentifizieren
-general.goAGOVHelp=Go to AGOV help
+general.back=Zurück
-general.goAccessApp=Login with AGOV access
+general.cancel=Abbrechen
-general.help=Help
+general.confirm=Bestätigen
-general.help.link=https://agov.ch/pages/help_en.html
+general.contactSupport=Support kontaktieren
+general.continue=Weiter
+general.edit=Ändern
+general.email=E-Mail
+general.email.address=E-Mail-Adresse
+general.entryCode=Code-Eingabe
+general.fieldRequired=Erforderliches Feld.
+general.getStarted=Los geht's
+general.goAGOVHelp=Weiter zur AGOV help
+general.goAccessApp=Login mit AGOV access
+general.goToAccessApp=Zur AGOV access App wechseln
+general.help=Hilfe
+general.help.link=https://agov.ch/help
 general.login=Login
-general.loginSecurityKey=Start Security key login
+general.login.accessApp=Login mit AGOV access App
-general.or=OR
+general.login.securityKey=Login mit Sicherheitsschlüssel
-general.otherOptions=OTHER OPTIONS
+general.loginSecurityKey=Sicherheitsschlüssel-Login starten
-general.recovery=Recovery
+general.moreOptions=WEITERE OPTIONEN
-general.recoveryOngoing=Ongoing recovery
+general.or=ODER
-general.register=Register
+general.otherLoginMethods=Andere Login-Methoden
-general.registerNow=Register now!
+general.recovery=Wiederherstellung
-general.registration=Registration
+general.recovery.help.link=https://help.agov.ch/?c=100recovery
-general.securityKey=Security key
+general.recoveryCode.downloadPdf=Als PDF herunterladen
-general.skip.content=Skip to main content
+general.recoveryCode.inputLabel=Wiederherstellungscode
-generic.auth.error.message=There was a service interruption. We are working on it.
+general.recoveryCode.repeatCodeError=Der von Ihnen eingegebene Code war nicht korrekt. Bitte vergewissern Sie sich, dass Sie ihn richtig abgespeichert haben, und fahren Sie dann mit der erneuten Eingabe fort.
-generic.auth.error.next.steps=Please try again later. Please consult AGOV help if the problem persists.
+general.recoveryCode.repeatCodeModal.description=Ein verlorener oder falsch gespeicherter Wiederherstellungscode kann die Wiederherstellung Ihres Kontos erschweren. Um sicherzustellen, dass Sie Ihren Code richtig gespeichert haben, wiederholen Sie ihn bitte unten.
-generic.auth.error.subtitle=Something went wrong
+general.recoveryCode.repeatCodeModal.title=Wiederherstellungscode wiederholen
-generic.auth.error.title=Error
+general.recoveryCode.reveal=Wiederherstellungscode enthüllen
-info.login=Please enter your authentication information.
+general.recoveryOngoing=Wiederherstellung nicht abgeschlossen
+general.register=Registrieren
+general.registerNow=Jetzt registrieren!
+general.registration=Registrierung
+general.registration.dontHaveAnAccountYet=Haben Sie noch kein AGOV-Konto?
+general.registration.seeOptions=Registrierungsoptionen ansehen
+general.securityKey=Sicherheitsschlüssel
+general.skip.content=Direkt zum Hauptteil
+general.wrongPhoneNumber=Bitte geben Sie eine gültige Telefonnummer ein
+generic.auth.error.message=Es gab eine Service-Unterbrechung. Wir arbeiten daran.
+generic.auth.error.next.steps=Versuchen Sie es bitte später noch einmal. Bitte besuchen Sie die AGOV-Hilfe, wenn das Problem weiterhin besteht.
+generic.auth.error.subtitle=Etwas ist schiefgegangen
+generic.auth.error.title=Fehler
+info.login=Bitte geben Sie Ihre persönlichen Zugangsdaten ein.
 language.de=Deutsch
 language.en=English
 language.fr=Français
 language.it=Italiano
-languageDropdown.aria.label=Select language
+language.rm=Rumantsch
-loainfo.description.200=To access the application, we need to verify your data. The process can take up to 2 - 3 days.
+languageDropdown.aria.label=Sprache wählen
-loainfo.description.300=To access the application we need to verify your data through one of two processes. You can choose your preferred process in the next step.
+loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
-loainfo.description.400=To access the application we need you to add your AHV Number (Swiss Social Security number).
+loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
-loainfo.helper=Your data needs to be verified!
+loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
-loainfo.later=Later
+loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
-loainfo.startNow=Do you want to start the process now?
+loainfo.later=Später
-loainfo.startVerification=Start verification
+loainfo.startNow=Möchten Sie den Prozess jetzt starten?
-loainfo.title=Verify your data
+loainfo.startVerification=Verifikation starten
-mauth_usernameless.EID=Continue with CH E-ID
+loainfo.title=Verifizieren Sie Ihre Daten
-mauth_usernameless.banner.error=Authentication interrupted.<br>Please try again when the page reloads.
+mauth_usernameless.EID=Mit Schweizer E-ID fortfahren
-mauth_usernameless.banner.info=Scan successful.<br>Please continue in the AGOV access app.
+mauth_usernameless.banner.error=Authentifizierung unterbrochen.<br>Bitte versuchen Sie es erneut, nachdem die Seite neu geladen wurde.
-mauth_usernameless.banner.success=Authentication successful!<br>Please wait to be logged in.
+mauth_usernameless.banner.info=Scan erfolgreich.<br>Bitte fahren Sie in der AGOV access App fort.
-mauth_usernameless.cannotLogin=Lost access to your app / security key?
+mauth_usernameless.banner.success=Authentifizierung erfolgreich!<br>Bitte warten Sie, bis Sie eingeloggt werden.
-mauth_usernameless.hideQR=Hide QR code
+mauth_usernameless.cannotLogin=Zugriff auf App / Sicherheitsschl&uuml;ssel verloren?
-mauth_usernameless.instructions=Log in by scanning the QR code with your AGOV access app
+mauth_usernameless.cannotLogin.accessApp=Zugriff auf App verloren?
-mauth_usernameless.noAccount=Don't have an AGOV-Login yet?
+mauth_usernameless.cannotLogin.securityKey=Zugriff auf Sicherheitsschl&uuml;ssel verloren?
-mauth_usernameless.showQR=Show QR code
+mauth_usernameless.hideQR=QR-Code ausblenden
-mauth_usernameless.startRecovery=Start account recovery
+mauth_usernameless.instructions=Melden Sie sich an, indem Sie den QR-Code mit Ihrer AGOV access App scannen
-mauth_usernameless.useSecurityKey=Use a security key to log in
+mauth_usernameless.noAccount=Haben Sie noch kein AGOV-Konto?
-mauth_usernameless.useSecurityKeyInfo=A physical security key offers a secure way to login without having to use a phone.
+mauth_usernameless.selectLoginMethod=Login-Methode w&auml;hlen
-op-admin.login=AGOV op admin
+mauth_usernameless.showQR=QR-Code anzeigen
-op-admin.login.intro.message=Login with your username and password
+mauth_usernameless.startRecovery=Kontowiederherstellung starten
-op-admin.login.loginid=LoginId
+mauth_usernameless.useSecurityKey=Verwenden Sie einen Sicherheitsschl&uuml;ssel, um sich anzumelden
+mauth_usernameless.useSecurityKeyInfo=Ein physischer Sicherheitsschl&uuml;ssel bietet eine sichere M&ouml;glichkeit, sich ohne Telefon anzumelden.
+op-admin.login=AGOV-op-Admin
+op-admin.login.intro.message=Login mit Ihrem Benutzernamen und Passwort
+op-admin.login.loginid=LoginID
 op-admin.login.password=Passwort
 op-admin.login.title=Login
-op-admin.logout=AGOV op admin
+op-admin.logout=AGOV-op-Admin
-op-admin.logout.message=You have successfully logged out.
+op-admin.logout.message=Sie haben sich erfolgreich ausgeloggt.
 op-admin.logout.title=Logout
-op-admin.pwchange.intro.message=Password change required
+op-admin.pwchange.intro.message=Passwort&auml;nderung erforderlich
-op-admin.pwchange.newpassword=New password
+op-admin.pwchange.newpassword=Neues Passwort
-op-admin.pwchange.newpassword2=Repeat new password
+op-admin.pwchange.newpassword2=Neues Passwort wiederholen
-op-admin.pwchange.password=Current password
+op-admin.pwchange.password=Aktuelles Passwort
-op-admin.pwchange.title=Password Change
+op-admin.pwchange.title=&Auml;nderung des Passworts
 op-idmlogin.role.accs-mgmt-idm=IDM accessrights management
 op-idmlogin.role.accs-mgmt-nonidm=Accessrights management
 op-idmlogin.role.idmcfg-mgmt=IDM set-up
-op-idmlogin.role.readonly-access=Default access (readonly)
+op-idmlogin.role.readonly-access=Standardzugriff (Nur Leseberechtigung)
-op-idmlogin.role.support-basic=Support cases (recovery, ...)
+op-idmlogin.role.support-basic=Supportf&auml;lle (Wiederherstellung, ...)
-op-idmlogin.role.support-priv=3rd level support (archiving, off-boarding)
+op-idmlogin.role.support-priv=3rd Level Support (Archivierung, Abmeldungen, ...)
-op-idmlogin.role.usr-mgmt=User management (operations)
+op-idmlogin.role.usr-mgmt=Benutzerverwaltung (Betrieb)
-op-idmlogin.role.usr-unit-mgmt=User and organization management (operations)
+op-idmlogin.role.usr-unit-mgmt=Benutzer- und Organisationsverwaltung (Betrieb)
 op-idmlogin.select=AGOV idm
-op-idmlogin.select.intro=Please select one of the profiles below...
+op-idmlogin.select.intro=Bitte w&auml;hlen Sie ein Profil aus...
-op-idmlogin.select.note=Profiles marked with a * should only be used if required for a specific support or release tasks.
+op-idmlogin.select.note=Mit * markierte Profile sollten nur f&uuml;r bestimmte Support oder Release Aufgaben genutzt werden.
-op-idmlogin.select.title=Profile selection
+op-idmlogin.select.title=Profilauswahl
-op-onboarding.done.message=On-boarding was successfull. You can now use your AGOV operations access. Please close the browser, before accessing on of the operations application.
+op-onboarding.done.message=Das Onboarding war erfolgreich. Sie k&ouml;nnen nun Ihren AGOV-Operations-Zugang verwenden. Bitte schliessen Sie den Browser, bevor Sie auf eine der Operations-Applikationen zugreifen.
-op-onboarding.done.title=DONE
+op-onboarding.done.title=FERTIG
-op-onboarding.failed.title=ERROR
+op-onboarding.failed.title=FEHLER
-op-onboarding.intro.message1=To complete your on-boarding for your AGOV operations access, you need either an AGOV or a FED-LOGIN account.
+op-onboarding.intro.message1=Um das Onboarding f&uuml;r Ihren AGOV-Operations-Zugang abzuschliessen, ben&ouml;tigen Sie entweder ein AGOV- oder ein FED-LOGIN-Konto.
-op-onboarding.intro.message2=After clicking on "Continue", you will be redirected for authentication.
+op-onboarding.intro.message2=Wenn Sie auf &laquo;Weiter&raquo; klicken, werden Sie zur Authentifizierung weitergeleitet.
-op-onboarding.intro.message3=If you are using AGOV, and your account doesn't meet yet the required AGOVaq level, you will be given the possibility to start the required ID verification.
+op-onboarding.intro.message3=Wenn Sie AGOV verwenden und Ihr Konto noch nicht der erforderlichen AGOVaq-Stufe entspricht, erhalten Sie die M&ouml;glichkeit, die erforderliche Identit&auml;tspr&uuml;fung zu starten.
 op-onboarding.intro.title=START
-op-onboarding.onboarding=AGOV op on-boarding
+op-onboarding.onboarding=AGOV-op-Onboarding
-op-onboarding.process.message=During the processing something went wrong. Please contact AGOV support if necessary and ask also for a new on-boarding link.
+op-onboarding.process.message=Bei der Bearbeitung ist etwas schiefgegangen. Wenden Sie sich wenn n&ouml;tig an den AGOV-Support und fordern Sie einen neuen Onboarding-Link an.
-prompt.client=Client
+prompt.client=Mandant
-prompt.newpassword=New Password
+prompt.newpassword=Neues Passwort
-prompt.newpassword.confirm=Confirm Password
+prompt.newpassword.confirm=Passwort best&auml;tigen
-prompt.password=Password
+prompt.password=Passwort
-prompt.userid=User-ID
+prompt.userid=Benutzer-ID
-pwreset.done.info=Your password was successfully changed. Please click on continue to log in.
+providePhoneNumber.banner=Die Mobilnummer muss f&uuml;r den Empfang von SMS geeignet sein.<br>Diese Mobilnummer wird nicht verwendet, um Sie zu kontaktieren.
-pwreset.email.sent=If your user ID exists, an email to reset your password has been sent to you.
+providePhoneNumber.description=AGOV erlaubt nun die Wiederherstellung mittels Mobilnummer. So k&ouml;nnen Sie w&auml;hrend der Wiederherstellung mit einer SMS fortfahren, wenn Sie Ihren Wiederherstellungscode verloren haben.
-pwreset.info.linktext=Password forgotten
+providePhoneNumber.errorBanner=Die Mobilnummern stimmen nicht &uuml;berein. Bitte versuchen Sie es erneut.
-pwreset.noticket=Your password reset link is no longer valid. Please generate a new one.
+providePhoneNumber.inputLabel=Mobilnummer (optional)
-recovery_accessapp_auth.accessAppRegistered=AGOV access app already registered
+providePhoneNumber.laterModal.description1=Ohne Mobilnummer kann die Wiederherstellung Ihres Kontos bis zu 4 Tage dauern, wenn Sie Ihren Wiederherstellungscode verlieren.
-recovery_accessapp_auth.instruction1=You have already registered a new AGOV access app !!!ACCESS_APP_NAME!!! as part of the recovery process.
+providePhoneNumber.laterModal.description2=Durch Hinzuf&uuml;gen einer Mobilnummer k&ouml;nnen Sie Ihr Konto in wenigen Minuten wiederherstellen.
-recovery_accessapp_auth.instruction2=Please use !!!ACCESS_APP_NAME!!! to identify you.
+providePhoneNumber.laterModal.description3=Diese Mobilnummer wird nicht verwendet, um Sie zu kontaktieren.
-recovery_check_code.codeIncorrect=Code entered is incorrect. Please try again.
+providePhoneNumber.laterModal.title=Ohne Mobilnummer weiterfahren?
-recovery_check_code.enterRecoveryCode=Enter recovery code
+providePhoneNumber.modal.description=Eine falsch gespeicherte Mobilnummer kann die Wiederherstellung Ihres Kontos erschweren. Um sicherzustellen, dass Sie Ihre Mobilnummer richtig gespeichert haben, wiederholen Sie sie bitte unten.
-recovery_check_code.instruction=Please enter below your personal 12-digit recovery code. You will have received the recovery code as a PDF file during registration or in AGOV me.
+providePhoneNumber.modal.inputLabel=Mobilnummer
-recovery_check_code.invalid.code=The code is invalid
+providePhoneNumber.modal.title=Mobilnummer wiederholen
-recovery_check_code.invalid.code.required=Code required
+providePhoneNumber.saveButtonText=Speichern
-recovery_check_code.invalid.code.tooLong=The code is too long
+providePhoneNumber.title=Mobilnummer angeben
-recovery_check_code.noAccess=I do not have access to my code
+pwreset.done.info=Ihr Passwort wurde erfolgreich ge&auml;ndert. Bitte klicken Sie auf Weiter, um sich einzuloggen.
-recovery_check_code.noCodeAccess=Are you sure you don't have access to your recovery code?
+pwreset.email.sent=Wenn Ihre Benutzer-ID existiert, haben Sie eine E-Mail erhalten, um Ihr Passwort zurückzusetzen..
-recovery_check_code.noCodeAccessInstructions=If you have lost access to your recovery code please go to AGOV help in order to contact a AGOV support agent. They will be able to help you with the recovery process.
+pwreset.info.linktext=Passwort vergessen
-recovery_check_noCode.banner.error=Too many attempts or your recovery code has expired.
+pwreset.noticket=Ihr Link ist nicht mehr g&uuml;ltig. Bitte generieren Sie ein Neuen.
-recovery_check_noCode.instruction1=The recovery code you have entered might have expired or you might have tried to enter it too many times.
+recovery_accessapp_auth.accessAppRegistered=AGOV access App schon registriert
-recovery_check_noCode.instruction2=Please go to AGOV help in order to contact a support agent. They will be able to help you with the recovery process.
+recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_code.banner.error=Please reveal your new code to be able to continue.
+recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um sich zu identifizieren.
-recovery_code.instruction=Recovery codes help you gain access to your account in case you lost all of your login factors. Please store the recovery code in a safe place.
+recovery_check_code.banner.lockedError=Zu viele Fehlversuche. Bitte versuchen Sie es in ein paar Minuten noch einmal.
-recovery_code.newRecoveryCode=Introducing Recovery Code
+recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut.
-recovery_code.validUntil=Valid until:
+recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben
-recovery_fidokey_auth.button=Start key authentication
+recovery_check_code.instruction=Bitte geben Sie unten Ihren pers&ouml;nlichen 12-stelligen Wiederherstellungscode ein. Sie haben den Wiederherstellungscode in einer PDF-Datei bei der Registrierung oder in AGOV me erhalten.
-recovery_fidokey_auth.fidoInstruction=Click on "Start key authentication"
+recovery_check_code.invalid.code=Code ist ung&uuml;ltig
-recovery_fidokey_auth.instruction1=You have already registered a new security key !!!SECURITY_KEY_NAME!!! as part of the recovery process.
+recovery_check_code.invalid.code.required=Code erforderlich
-recovery_fidokey_auth.instruction2=Please use !!!SECURITY_KEY_NAME!!! to follow the steps below to identify you.
+recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
-recovery_fidokey_auth.keyRegistered=Security key already registered
+recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
-recovery_intro_email.banner.error=The link you used has expired. Please enter your email address to receive a new link.
+recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen k&ouml;nnen?
-recovery_intro_email.banner.info=Please enter your email address, so we can send you a link to start the recovery process.
+recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen k&ouml;nnen, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterst&uuml;tzen.
-recovery_intro_email.captchaUnchecked=Please tick the captcha field
+recovery_check_code.too_many_tries.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist m&ouml;glicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
-recovery_intro_email.important=Important:
+recovery_check_code.too_many_tries.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterst&uuml;tzen.
-recovery_intro_email.process=The recovery process should only be used if you have lost access to your login factors (deleted AGOV access app, lost security key, lost phone, etc.).
+recovery_check_noCode.banner.error=Zu viele Versuche.
-recovery_intro_email.siteProtectedWithRecaptcha=This site is protected by reCAPTCHA and the <a class='link' href='https://policies.google.com/privacy' target='_blank'>Google Privacy Policy</a> and <a class='link' href='https://policies.google.com/terms' target='_blank'>Terms of Service</a> apply.
+recovery_check_noCode.instruction1=M&ouml;glicherweise haben Sie zu oft versucht, den Wiederherstellungscode einzugeben.
-recovery_intro_email_sent.banner.button=Didn't receive the email?
+recovery_check_noCode.instruction2=Bitte schliessen Sie den Webbrowser und starten Sie die Kontowiederherstellung in zehn Minuten erneut auf <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
-recovery_intro_email_sent.banner.success=Thank you! You will receive an email with a recovery link and instructions shortly.
+recovery_code.banner.error=Bitte enth&uuml;llen Sie den Code, um fortfahren zu k&ouml;nnen.
-recovery_on_going.finishRecovery=Finish recovery
+recovery_code.instruction=Der Wiederherstellungscode hilft Ihnen, Zugriff auf Ihr AGOV-Login zu erhalten, falls Sie alle Ihre Login-Faktoren verloren haben. Bitte bewahren Sie den Wiederherstellungscode an einem sicheren Ort auf.
-recovery_on_going.instruction=You have an ongoing recovery process. Part of the recovery process can include an identity verification. To access applications with your AGOV-Login you need to finish the identity verification as well.
+recovery_code.newRecoveryCode=Einf&uuml;hrung von Wiederherstellungscode
-recovery_on_going.title=Please finish your recovery process.
+recovery_code.validUntil=G&uuml;ltig bis:
-recovery_questionnaire_instructions.banner.info=Please note that in certain cases you need access to your recovery code for a successful recovery.
+recovery_fidokey_auth.button=Schl&uuml;sselauthentifizierung starten
-recovery_questionnaire_instructions.explanation=Based on your answers an AGOV-Login recovery seems to be necessary. Please click on continue and follow the instructions on the screen.
+recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schl&uuml;sselauthentifizierung starten"
-recovery_questionnaire_instructions.instruction1=Provide your account email address so we can send you a link to begin the recovery process
+recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschl&uuml;ssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_questionnaire_instructions.instruction2=Follow steps to recover your account (steps will vary depending on your account verification level)
+recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um sich zu identifizieren.
-recovery_questionnaire_loginfactor.banner.error=Please select an answer.
+recovery_fidokey_auth.keyRegistered=Sicherheitsschl&uuml;ssel schon registriert
-recovery_questionnaire_loginfactor.no=No
+recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten.
-recovery_questionnaire_loginfactor.question=Have you registered more than one login factor (AGOV access app or security key) to your account?
+recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken k&ouml;nnen, mit dem Sie den Wiederherstellungsprozess starten.
-recovery_questionnaire_loginfactor.yes=Yes
+recovery_intro_email.important=Wichtig:
-recovery_questionnaire_no_recovery.explanation1=Based on your answers, the AGOV recovery option does not seem necessary right now.
+recovery_intro_email.process=Der Wiederherstellungsprozess sollte nur verwendet werden, wenn Sie den Zugriff auf Ihre Login-Faktoren verloren haben (gel&ouml;schte AGOV access App, verlorener Sicherheitsschl&uuml;ssel, verlorenes Telefon usw.).
-recovery_questionnaire_no_recovery.explanation2=Should you need further information, please visit <a class='link' href='www.agov.ch/help' target='_blank'>www.agov.ch/help</a> for support articles.
+recovery_intro_email_sent.banner.button=Keine E-Mail erhalten?
-recovery_questionnaire_no_recovery.instruction1=If you have issues logging in to an application, please visit <a class='link' href='www.agov.ch/me' target='_blank'>www.agov.ch/me</a> and test if you can log in successfully.
+recovery_intro_email_sent.banner.success=Vielen Dank! Sie werden in K&uuml;rze eine E-Mail mit einem Wiederherstellungslink und Anweisungen erhalten.
-recovery_questionnaire_no_recovery.instruction2=If you have several login factors registered but lost access to one of them, please visit <a class='link' href='www.agov.ch/me' target='_blank'>www.agov.ch/me</a> to remove the one you have lost access to.
+recovery_on_going.finishRecovery=Wiederherstellung abschliessen
-recovery_questionnaire_reason_selection.answer1=I have trouble logging in, even though I have my app / security key
+recovery_on_going.instruction=Sie haben einen laufenden Wiederherstellungsprozess. Der Wiederherstellungsprozess kann eine Identit&auml;tspr&uuml;fung umfassen. Um mit Ihrem AGOV-Login auf Applikationen zugreifen zu k&ouml;nnen, m&uuml;ssen Sie auch die Identit&auml;tspr&uuml;fung abschliessen.
-recovery_questionnaire_reason_selection.answer10=I lost one of my login factors (AGOV access app or security key)
+recovery_on_going.title=Bitte schliessen Sie Ihren Wiederherstellungsprozess ab.
-recovery_questionnaire_reason_selection.answer2=I was unable to finish my registration
+recovery_questionnaire_instructions.banner.info=Bitte beachten Sie, dass Sie in bestimmten F&auml;llen f&uuml;r eine erfolgreiche Wiederherstellung Zugang zu Ihrem Wiederherstellungscode ben&ouml;tigen.
-recovery_questionnaire_reason_selection.answer3=I have deleted or reset my AGOV access app
+recovery_questionnaire_instructions.explanation=Aufgrund Ihrer Antworten scheint eine Wiederherstellung Ihres AGOV-Logins erforderlich zu sein. Bitte klicken Sie auf Weiter und folgen Sie den Anweisungen auf dem Bildschirm.
-recovery_questionnaire_reason_selection.answer4=I have lost my phone / security key
+recovery_questionnaire_instructions.instruction1=Geben Sie die E-Mail-Adresse Ihres AGOV-Logins an, damit wir Ihnen einen Link senden k&ouml;nnen, um den Wiederherstellungsprozess zu beginnen
-recovery_questionnaire_reason_selection.answer5=I have a new phone and forgot to transfer my AGOV access app
+recovery_questionnaire_instructions.instruction2=Folgen Sie den Schritten zur Wiederherstellung Ihres Kontos (die Schritte variieren je nach Verifizierungsstufe Ihres Kontos)
-recovery_questionnaire_reason_selection.answer6=I forgot my PIN for the AGOV access app
+recovery_questionnaire_loginfactor.banner.error=Bitte w&auml;hlen Sie eine Antwort.
-recovery_questionnaire_reason_selection.answer7=I have my security keys or apps but had trouble logging in
+recovery_questionnaire_loginfactor.no=Nein
-recovery_questionnaire_reason_selection.answer8=I lost access to all my security keys and AGOV access apps
+recovery_questionnaire_loginfactor.question=Haben Sie mehr als einen Loginfaktor (AGOV access App oder Sicherheitsschl&uuml;ssel) f&uuml;r Ihren AGOV-Login registriert?
-recovery_questionnaire_reason_selection.answer9=I have issues with one of my login factors (deleted, reset, forgotten PIN)
+recovery_questionnaire_loginfactor.yes=Ja
-recovery_questionnaire_reason_selection.banner.error=Please select a reason.
+recovery_questionnaire_no_recovery.explanation1=Ausgehend von Ihren Antworten scheint eine Wiederherstellung Ihres AGOV-Logins im Moment nicht notwendig zu sein.
-recovery_questionnaire_reason_selection.instruction=Please select the reason you are starting the recovery process:
+recovery_questionnaire_no_recovery.explanation2=Falls Sie weitere Informationen ben&ouml;tigen, besuchen Sie bitte <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> f&uuml;r Support-Artikel.
-recovery_start_info.banner.warning=You will not be able to use your account until the recovery process has been concluded.
+recovery_questionnaire_no_recovery.instruction1=Wenn Sie Probleme haben, sich bei einer Anwendung anzumelden, besuchen Sie bitte <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> und testen Sie, ob Sie sich erfolgreich anmelden k&ouml;nnen.
-recovery_start_info.instruction=During the recovery process you will register a new login factor. If  your account contains any verified information you might also have to go through a verification process to finish the recovery.
+recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren registriert haben, aber den Zugriff zu einem von ihnen verloren haben, besuchen Sie bitte <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a>, um den verlorenen Loginfaktor zu entfernen.
-recovery_start_info.title=You are about to start the recovery process
+recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschl&uuml;ssel habe
+recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschl&uuml;ssel)
+recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen
+recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht, neu installiert oder zur&uuml;ckgesetzt
+recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschl&uuml;ssel verloren
+recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu &uuml;bertragen
+recovery_questionnaire_reason_selection.answer6=Ich habe die PIN f&uuml;r meine AGOV access App vergessen
+recovery_questionnaire_reason_selection.answer7=Ich habe meine Sicherheitsschl&uuml;ssel oder AGOV access Apps, hatte aber Probleme beim Einloggen
+recovery_questionnaire_reason_selection.answer8=Ich habe den Zugriff auf alle meine Sicherheitsschl&uuml;ssel und AGOV access Apps verloren
+recovery_questionnaire_reason_selection.answer9=Ich habe Probleme mit einem meiner Loginfaktoren (gel&ouml;scht, zur&uuml;ckgesetzt, vergessene PIN)
+recovery_questionnaire_reason_selection.banner.error=Bitte w&auml;hlen Sie einen Grund aus.
+recovery_questionnaire_reason_selection.instruction=Bitte w&auml;hlen Sie einen Grund wieso Sie den AGOV recovery Prozess starten:
+recovery_start_info.banner.warning=Sie k&ouml;nnen Ihr Konto nicht nutzen, bis der Wiederherstellungsprozess abgeschlossen ist.
+recovery_start_info.instruction=W&auml;hrend des Wiederherstellungsprozesses werden Sie einen neuen Login-Faktor registrieren. Wenn Ihr Konto verifizierte Informationen enth&auml;lt, m&uuml;ssen Sie zum Abschluss des Wiederherstellungsprozesses m&ouml;glicherweise auch einen Verifikationsprozess durchlaufen.
+recovery_start_info.title=Sie sind dabei, den Wiederherstellungsprozess zu starten
 title=NEVIS SSO Portal
 title.login=Login
-title.pwchange.label=Password Change
+title.pwchange.label=Passwort &auml;ndern
-title.pwreset=Password Forgotten
+title.pwreset=Passwort Vergesssen
-user_input.invalid.email=Please enter a valid email address
+user_input.invalid.email=Bitte geben Sie eine g&uuml;ltige E-Mail ein
-user_input.invalid.email.required=Field required
+user_input.invalid.email.required=Erforderliches Feld
-user_input.invalid.email.tooLong=Input is too long
+user_input.invalid.email.tooLong=Eingabe zu lang

DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/resources/conf/text_de.properties

@@ -1,4 +1,14 @@
 
+agov-ident.done.message=Ihr AGOV-Konto ist nun einsatzbereit. Bitte schliessen Sie diese Seite.
+agov-ident.done.title=Fertig
+agov-ident.failed.instruction=Sie benötigen ein AGOV-Konto und müssen die vorgeschlagene Datenüberprüfung bestehen, um das Onboarding erfolgreich abzuschliessen. Bitte versuchen Sie es erneut.
+agov-ident.failed.message=Onboarding abgebrochen oder Verifikation der Daten verschoben
+agov-ident.failed.title=Verifikation erforderlich
+agov-ident.invalid-url.instruction=Der Link, den Sie für den Zugriff auf diese Seite verwendet haben, ist ungültig. Bitte stellen Sie sicher, dass Sie ihn so verwenden, wie Sie ihn erhalten haben, ohne Tippfehler, oder klicken Sie ihn direkt auf der Seite an, auf der er veröffentlicht ist.
+agov-ident.invalid-url.message=Link kann nicht verarbeitet werden
+agov-ident.invalid-url.title=Ungültiger Link
+agov-ident.onboarding=Registrierung & Verifikation
+agov-ident.retry=Versuchen Sie es erneut
 button.submit=Senden
 darkModeSwitch.aria.label=Dark-Mode-Schalter
 error.policy.failed=Das neue Passwort stimmt nicht mit der Richtlinie überein.
@@ -35,7 +45,7 @@ fido2_auth.instruction2=Ein Authentifizierungsfenster wird erscheinen
 fido2_auth.instruction3=Folgen Sie den Anweisungen
 fido2_auth.skipInstructions=Anweisungen nächstes Mal überspringen
 fido2_auth.switchLogin=WECHSEL ZU LOGIN MIT
-footer.link=https://agov.ch/?c=contact&l=de
+footer.link=https://agov.ch
 footer.link.label=Kontakt
 footer.text=Authentifizierungsdienst der Schweizer Behörden AGOV – eine Zusammenarbeit zwischen den Kantonen, deren Gemeinden und der Bundesverwaltung. -
 general.AGOVAccessApp=AGOV access App
@@ -48,24 +58,39 @@ general.contactSupport=Support kontaktieren
 general.continue=Weiter
 general.edit=Ändern
 general.email=E-Mail
-general.email.address=E-Mailadresse
+general.email.address=E-Mail-Adresse
 general.entryCode=Code-Eingabe
-general.getStarted=Get started
+general.fieldRequired=Erforderliches Feld.
+general.getStarted=Los geht's
 general.goAGOVHelp=Weiter zur AGOV help
 general.goAccessApp=Login mit AGOV access
+general.goToAccessApp=Zur AGOV access App wechseln
 general.help=Hilfe
-general.help.link=https://agov.ch/pages/help_de.html
+general.help.link=https://agov.ch/help
 general.login=Login
+general.login.accessApp=Login mit AGOV access App
+general.login.securityKey=Login mit Sicherheitsschlüssel
 general.loginSecurityKey=Sicherheitsschlüssel-Login starten
+general.moreOptions=WEITERE OPTIONEN
 general.or=ODER
-general.otherOptions=WEITERE OPTIONEN
+general.otherLoginMethods=Andere Login-Methoden
 general.recovery=Wiederherstellung
+general.recovery.help.link=https://help.agov.ch/?c=100recovery
+general.recoveryCode.downloadPdf=Als PDF herunterladen
+general.recoveryCode.inputLabel=Wiederherstellungscode
+general.recoveryCode.repeatCodeError=Der von Ihnen eingegebene Code war nicht korrekt. Bitte vergewissern Sie sich, dass Sie ihn richtig abgespeichert haben, und fahren Sie dann mit der erneuten Eingabe fort.
+general.recoveryCode.repeatCodeModal.description=Ein verlorener oder falsch gespeicherter Wiederherstellungscode kann die Wiederherstellung Ihres Kontos erschweren. Um sicherzustellen, dass Sie Ihren Code richtig gespeichert haben, wiederholen Sie ihn bitte unten.
+general.recoveryCode.repeatCodeModal.title=Wiederherstellungscode wiederholen
+general.recoveryCode.reveal=Wiederherstellungscode enthüllen
 general.recoveryOngoing=Wiederherstellung nicht abgeschlossen
 general.register=Registrieren
 general.registerNow=Jetzt registrieren!
 general.registration=Registrierung
+general.registration.dontHaveAnAccountYet=Haben Sie noch kein AGOV-Konto?
+general.registration.seeOptions=Registrierungsoptionen ansehen
 general.securityKey=Sicherheitsschlüssel
 general.skip.content=Direkt zum Hauptteil
+general.wrongPhoneNumber=Bitte geben Sie eine gültige Telefonnummer ein
 generic.auth.error.message=Es gab eine Service-Unterbrechung. Wir arbeiten daran.
 generic.auth.error.next.steps=Versuchen Sie es bitte später noch einmal. Bitte besuchen Sie die AGOV-Hilfe, wenn das Problem weiterhin besteht.
 generic.auth.error.subtitle=Etwas ist schiefgegangen
@@ -75,10 +100,11 @@ language.de=Deutsch
 language.en=English
 language.fr=Français
 language.it=Italiano
+language.rm=Rumantsch
 languageDropdown.aria.label=Sprache wählen
 loainfo.description.200=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben verifizieren. Der Vorgang kann bis zu 2 - 3 Tage dauern.
 loainfo.description.300=Um auf diese Applikation zuzugreifen, müssen wir Ihre Angaben durch einen von zwei Vorgängen verifizieren. Sie können die bevorzugte Methode im nächsten Schritt auswählen.
-loainfo.description.400=Für den Zugang zu dieser Anwendung müssen Sie Ihre AHV-Nummer angeben.
+loainfo.description.400=Bitte AHV-Nummer angeben, um auf die Applikation zuzugreifen.
 loainfo.helper=Ihre persönlichen Daten müssen überprüft werden!
 loainfo.later=Später
 loainfo.startNow=Möchten Sie den Prozess jetzt starten?
@@ -89,9 +115,12 @@ mauth_usernameless.banner.error=Authentifizierung unterbrochen.<br>Bitte versuch
 mauth_usernameless.banner.info=Scan erfolgreich.<br>Bitte fahren Sie in der AGOV access App fort.
 mauth_usernameless.banner.success=Authentifizierung erfolgreich!<br>Bitte warten Sie, bis Sie eingeloggt werden.
 mauth_usernameless.cannotLogin=Zugriff auf App / Sicherheitsschl&uuml;ssel verloren?
+mauth_usernameless.cannotLogin.accessApp=Zugriff auf App verloren?
+mauth_usernameless.cannotLogin.securityKey=Zugriff auf Sicherheitsschl&uuml;ssel verloren?
 mauth_usernameless.hideQR=QR-Code ausblenden
 mauth_usernameless.instructions=Melden Sie sich an, indem Sie den QR-Code mit Ihrer AGOV access App scannen
-mauth_usernameless.noAccount=Haben Sie noch kein AGOV-Login?
+mauth_usernameless.noAccount=Haben Sie noch kein AGOV-Konto?
+mauth_usernameless.selectLoginMethod=Login-Methode w&auml;hlen
 mauth_usernameless.showQR=QR-Code anzeigen
 mauth_usernameless.startRecovery=Kontowiederherstellung starten
 mauth_usernameless.useSecurityKey=Verwenden Sie einen Sicherheitsschl&uuml;ssel, um sich anzumelden
@@ -135,13 +164,27 @@ prompt.newpassword=Neues Passwort
 prompt.newpassword.confirm=Passwort best&auml;tigen
 prompt.password=Passwort
 prompt.userid=Benutzer-ID
+providePhoneNumber.banner=Die Mobilnummer muss f&uuml;r den Empfang von SMS geeignet sein.<br>Diese Mobilnummer wird nicht verwendet, um Sie zu kontaktieren.
+providePhoneNumber.description=AGOV erlaubt nun die Wiederherstellung mittels Mobilnummer. So k&ouml;nnen Sie w&auml;hrend der Wiederherstellung mit einer SMS fortfahren, wenn Sie Ihren Wiederherstellungscode verloren haben.
+providePhoneNumber.errorBanner=Die Mobilnummern stimmen nicht &uuml;berein. Bitte versuchen Sie es erneut.
+providePhoneNumber.inputLabel=Mobilnummer (optional)
+providePhoneNumber.laterModal.description1=Ohne Mobilnummer kann die Wiederherstellung Ihres Kontos bis zu 4 Tage dauern, wenn Sie Ihren Wiederherstellungscode verlieren.
+providePhoneNumber.laterModal.description2=Durch Hinzuf&uuml;gen einer Mobilnummer k&ouml;nnen Sie Ihr Konto in wenigen Minuten wiederherstellen.
+providePhoneNumber.laterModal.description3=Diese Mobilnummer wird nicht verwendet, um Sie zu kontaktieren.
+providePhoneNumber.laterModal.title=Ohne Mobilnummer weiterfahren?
+providePhoneNumber.modal.description=Eine falsch gespeicherte Mobilnummer kann die Wiederherstellung Ihres Kontos erschweren. Um sicherzustellen, dass Sie Ihre Mobilnummer richtig gespeichert haben, wiederholen Sie sie bitte unten.
+providePhoneNumber.modal.inputLabel=Mobilnummer
+providePhoneNumber.modal.title=Mobilnummer wiederholen
+providePhoneNumber.saveButtonText=Speichern
+providePhoneNumber.title=Mobilnummer angeben
 pwreset.done.info=Ihr Passwort wurde erfolgreich ge&auml;ndert. Bitte klicken Sie auf Weiter, um sich einzuloggen.
 pwreset.email.sent=Wenn Ihre Benutzer-ID existiert, haben Sie eine E-Mail erhalten, um Ihr Passwort zurückzusetzen..
 pwreset.info.linktext=Passwort vergessen
 pwreset.noticket=Ihr Link ist nicht mehr g&uuml;ltig. Bitte generieren Sie ein Neuen.
-recovery_accessapp_auth.accessAppRegistered=AGOV access app schon registriert
+recovery_accessapp_auth.accessAppRegistered=AGOV access App schon registriert
 recovery_accessapp_auth.instruction1=Sie haben bereits eine neue AGOV access App !!!ACCESS_APP_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um Sie zu identifizieren.
+recovery_accessapp_auth.instruction2=Verwenden Sie !!!ACCESS_APP_NAME!!! um sich zu identifizieren.
+recovery_check_code.banner.lockedError=Zu viele Fehlversuche. Bitte versuchen Sie es in ein paar Minuten noch einmal.
 recovery_check_code.codeIncorrect=Der eingegebene Code ist nicht korrekt. Bitte versuchen Sie es erneut.
 recovery_check_code.enterRecoveryCode=Wiederherstellungscode eingeben
 recovery_check_code.instruction=Bitte geben Sie unten Ihren pers&ouml;nlichen 12-stelligen Wiederherstellungscode ein. Sie haben den Wiederherstellungscode in einer PDF-Datei bei der Registrierung oder in AGOV me erhalten.
@@ -151,9 +194,11 @@ recovery_check_code.invalid.code.tooLong=Eingegebener Code ist zu lang
 recovery_check_code.noAccess=Ich kann auf meinen Code nicht zugreifen
 recovery_check_code.noCodeAccess=Sind Sie sicher, dass Sie auf Ihren Wiederherstellungscode nicht zugreifen k&ouml;nnen?
 recovery_check_code.noCodeAccessInstructions=Wenn Sie auf Ihren Wiederherstellungscode nicht mehr zugreifen k&ouml;nnen, gehen Sie bitte zur AGOV-Hilfe, um jemanden vom AGOV-Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterst&uuml;tzen.
-recovery_check_noCode.banner.error=Zu viele Versuche oder Ihr Wiederherstellungscode ist abgelaufen.
+recovery_check_code.too_many_tries.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist m&ouml;glicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
-recovery_check_noCode.instruction1=Der von Ihnen eingegebene Wiederherstellungscode ist m&ouml;glicherweise abgelaufen oder Sie haben zu oft versucht, einen Code einzugeben.
+recovery_check_code.too_many_tries.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterst&uuml;tzen.
-recovery_check_noCode.instruction2=Gehen Sie bitte zur AGOV-Hilfe, um jemanden vom Support zu kontaktieren. Die Person wird Sie beim Wiederherstellungsprozess unterst&uuml;tzen.
+recovery_check_noCode.banner.error=Zu viele Versuche.
+recovery_check_noCode.instruction1=M&ouml;glicherweise haben Sie zu oft versucht, den Wiederherstellungscode einzugeben.
+recovery_check_noCode.instruction2=Bitte schliessen Sie den Webbrowser und starten Sie die Kontowiederherstellung in zehn Minuten erneut auf <a class='link' href='https://agov.ch/me'>https://agov.ch/me</a>.
 recovery_code.banner.error=Bitte enth&uuml;llen Sie den Code, um fortfahren zu k&ouml;nnen.
 recovery_code.instruction=Der Wiederherstellungscode hilft Ihnen, Zugriff auf Ihr AGOV-Login zu erhalten, falls Sie alle Ihre Login-Faktoren verloren haben. Bitte bewahren Sie den Wiederherstellungscode an einem sicheren Ort auf.
 recovery_code.newRecoveryCode=Einf&uuml;hrung von Wiederherstellungscode
@@ -161,14 +206,12 @@ recovery_code.validUntil=G&uuml;ltig bis:
 recovery_fidokey_auth.button=Schl&uuml;sselauthentifizierung starten
 recovery_fidokey_auth.fidoInstruction=Klicken Sie auf "Schl&uuml;sselauthentifizierung starten"
 recovery_fidokey_auth.instruction1=Sie haben bereits einen neuen Sicherheitsschl&uuml;ssel !!!SECURITY_KEY_NAME!!! im Rahmen des Wiederherstellungsprozesses registriert.
-recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um Sie zu identifizieren.
+recovery_fidokey_auth.instruction2=Bitte verwenden Sie !!!SECURITY_KEY_NAME!!! und befolgen Sie die untenstehenden Schritte, um sich zu identifizieren.
 recovery_fidokey_auth.keyRegistered=Sicherheitsschl&uuml;ssel schon registriert
 recovery_intro_email.banner.error=Der von Ihnen verwendete Link ist abgelaufen. Bitte geben Sie Ihre E-Mail-Adresse ein, um einen neuen Link zu erhalten.
 recovery_intro_email.banner.info=Bitte geben Sie Ihre E-Mail-Adresse ein, damit wir Ihnen einen Link schicken k&ouml;nnen, mit dem Sie den Wiederherstellungsprozess starten.
-recovery_intro_email.captchaUnchecked=Bitte kreuzen Sie das Captcha-Feld an
 recovery_intro_email.important=Wichtig:
 recovery_intro_email.process=Der Wiederherstellungsprozess sollte nur verwendet werden, wenn Sie den Zugriff auf Ihre Login-Faktoren verloren haben (gel&ouml;schte AGOV access App, verlorener Sicherheitsschl&uuml;ssel, verlorenes Telefon usw.).
-recovery_intro_email.siteProtectedWithRecaptcha=Diese Seite ist durch reCAPTCHA gesch&uuml;tzt, und es gelten die <a class='link' href='https://policies.google.com/privacy' target='_blank'>Datenschutzerkl&auml;rung</a> sowie die <a class='link' href='https://policies.google.com/terms' target='_blank'>Nutzungsbedingungen</a> von Google.
 recovery_intro_email_sent.banner.button=Keine E-Mail erhalten?
 recovery_intro_email_sent.banner.success=Vielen Dank! Sie werden in K&uuml;rze eine E-Mail mit einem Wiederherstellungslink und Anweisungen erhalten.
 recovery_on_going.finishRecovery=Wiederherstellung abschliessen
@@ -180,21 +223,21 @@ recovery_questionnaire_instructions.instruction1=Geben Sie die E-Mail-Adresse Ih
 recovery_questionnaire_instructions.instruction2=Folgen Sie den Schritten zur Wiederherstellung Ihres Kontos (die Schritte variieren je nach Verifizierungsstufe Ihres Kontos)
 recovery_questionnaire_loginfactor.banner.error=Bitte w&auml;hlen Sie eine Antwort.
 recovery_questionnaire_loginfactor.no=Nein
-recovery_questionnaire_loginfactor.question=Haben Sie mehr als einen Loginfaktor (AGOV Access App oder Sicherheitsschl&uuml;ssel) f&uuml;r Ihren AGOV-Login registriert?
+recovery_questionnaire_loginfactor.question=Haben Sie mehr als einen Loginfaktor (AGOV access App oder Sicherheitsschl&uuml;ssel) f&uuml;r Ihren AGOV-Login registriert?
 recovery_questionnaire_loginfactor.yes=Ja
 recovery_questionnaire_no_recovery.explanation1=Ausgehend von Ihren Antworten scheint eine Wiederherstellung Ihres AGOV-Logins im Moment nicht notwendig zu sein.
-recovery_questionnaire_no_recovery.explanation2=Falls Sie weitere Informationen ben&ouml;tigen, besuchen Sie bitte <a class='link' href='www.agov.ch/help' target='_blank'>www.agov.ch/help</a> f&uuml;r Support-Artikel.
+recovery_questionnaire_no_recovery.explanation2=Falls Sie weitere Informationen ben&ouml;tigen, besuchen Sie bitte <a class='link' href='https://agov.ch/help' target='_blank'>https://agov.ch/help</a> f&uuml;r Support-Artikel.
-recovery_questionnaire_no_recovery.instruction1=Wenn Sie Probleme haben, sich bei einer Anwendung anzumelden, besuchen Sie bitte <a class='link' href='www.agov.ch/me' target='_blank'>www.agov.ch/me</a> und testen Sie, ob Sie sich erfolgreich anmelden k&ouml;nnen.
+recovery_questionnaire_no_recovery.instruction1=Wenn Sie Probleme haben, sich bei einer Anwendung anzumelden, besuchen Sie bitte <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a> und testen Sie, ob Sie sich erfolgreich anmelden k&ouml;nnen.
-recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren registriert haben, aber den Zugriff zu einem von ihnen verloren haben, besuchen Sie bitte <a class='link' href='www.agov.ch/me' target='_blank'>www.agov.ch/me</a>, um den verlorenen Loginfaktor zu entfernen.
+recovery_questionnaire_no_recovery.instruction2=Wenn Sie mehrere Loginfaktoren registriert haben, aber den Zugriff zu einem von ihnen verloren haben, besuchen Sie bitte <a class='link' href='https://agov.ch/me' target='_blank'>https://agov.ch/me</a>, um den verlorenen Loginfaktor zu entfernen.
 recovery_questionnaire_reason_selection.answer1=Ich habe Probleme mich anzumelden, obwohl ich meine App / meinen Sicherheitsschl&uuml;ssel habe
 recovery_questionnaire_reason_selection.answer10=Ich habe einen meiner Loginfaktoren verloren (AGOV access App oder Sicherheitsschl&uuml;ssel)
 recovery_questionnaire_reason_selection.answer2=Ich konnte meine Registrierung nicht abschliessen
-recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht oder zur&uuml;ckgesetzt
+recovery_questionnaire_reason_selection.answer3=Ich habe meine AGOV access App gel&ouml;scht, neu installiert oder zur&uuml;ckgesetzt
 recovery_questionnaire_reason_selection.answer4=Ich habe mein Telefon / Sicherheitsschl&uuml;ssel verloren
 recovery_questionnaire_reason_selection.answer5=Ich habe ein neues Telefon und habe vergessen, meine AGOV access App zu &uuml;bertragen
 recovery_questionnaire_reason_selection.answer6=Ich habe die PIN f&uuml;r meine AGOV access App vergessen
 recovery_questionnaire_reason_selection.answer7=Ich habe meine Sicherheitsschl&uuml;ssel oder AGOV access Apps, hatte aber Probleme beim Einloggen
-recovery_questionnaire_reason_selection.answer8=Ich habe den Zugriff auf alle meine Sicherheitsschl&uuml;ssel und Apps verloren
+recovery_questionnaire_reason_selection.answer8=Ich habe den Zugriff auf alle meine Sicherheitsschl&uuml;ssel und AGOV access Apps verloren
 recovery_questionnaire_reason_selection.answer9=Ich habe Probleme mit einem meiner Loginfaktoren (gel&ouml;scht, zur&uuml;ckgesetzt, vergessene PIN)
 recovery_questionnaire_reason_selection.banner.error=Bitte w&auml;hlen Sie einen Grund aus.
 recovery_questionnaire_reason_selection.instruction=Bitte w&auml;hlen Sie einen Grund wieso Sie den AGOV recovery Prozess starten: