From 597304206100cacddf177c1820a851cf46408fff Mon Sep 17 00:00:00 2001
From: Joachim Van Herwegen <joachimvh@gmail.com>
Date: Mon, 9 Feb 2026 11:18:20 +0100
Subject: [PATCH] feat: Update access requests to use PAT

---
 documentation/access-request-management.md    | 163 ++++------
 .../figures/access_grants_requests_fsm.png    | Bin 50825 -> 0 bytes
 documentation/getting-started.md              |   6 +
 .../uma/config/resources/storage/default.json |   4 +
 .../uma/config/routes/accessrequests.json     |   3 +-
 packages/uma/config/routes/resources.json     |   1 +
 packages/uma/package.json                     |   1 +
 .../src/controller/AccessRequestController.ts | 248 +++++++++++++--
 packages/uma/src/controller/BaseController.ts |  80 ++---
 .../src/controller/PolicyRequestController.ts |   1 -
 packages/uma/src/routes/BaseHandler.ts        |  22 +-
 .../uma/src/routes/ResourceRegistration.ts    |  16 +
 packages/uma/src/ucp/util/Vocabularies.ts     |  12 +
 packages/uma/src/util/routeSpecific/delete.ts |  58 +---
 packages/uma/src/util/routeSpecific/get.ts    | 102 ++----
 packages/uma/src/util/routeSpecific/patch.ts  | 117 +------
 packages/uma/src/util/routeSpecific/post.ts   |  55 +---
 .../AccessRequestController.test.ts           | 297 ++++++++++++++++++
 .../unit/routes/ResourceRegistration.test.ts  |   9 +-
 test/integration/AccessRequests.test.ts       | 265 ++++++++++++++++
 test/integration/Policies.test.ts             |   3 +-
 test/util/ServerUtil.ts                       |   1 +
 yarn.lock                                     |   1 +
 23 files changed, 973 insertions(+), 492 deletions(-)
 delete mode 100644 documentation/figures/access_grants_requests_fsm.png
 create mode 100644 packages/uma/test/unit/controller/AccessRequestController.test.ts
 create mode 100644 test/integration/AccessRequests.test.ts

diff --git a/documentation/access-request-management.md b/documentation/access-request-management.md
index a13452b..5feb4b4 100644
--- a/documentation/access-request-management.md
+++ b/documentation/access-request-management.md
@@ -1,134 +1,85 @@
 # Access Request Management
 
-This document describes the *access request administration endpoint*.
-It contains the methods to describe how to create, read, update and delete access requests.
-Example cURL-requests are provided for ease of use.
-
-The general flow of access requests and grants looks like this:
-
-![Access requests and grants flow](./figures/access_grants_requests_fsm.png)
+Access requests can be used for users to request access to certain resources.
+The Resource Owner (RO) can then decide to grant or deny this access.
 
-The document makes use of these parties and identifiers:
+This API is a work in progress, and will probably change in the future.
 
-- **Resource Owner**: `https://pod.example.com/profile/card#me`
-- **Authorization Server**: `http://localhost:4000`
-- **Resource Server**: `http://localhost:3000/resources`
-- **Requesting Party**: `https://example.pod.knows.idlab.ugent.be/profile/card#me`
+In the default configuration of the UMA server, the endpoint can be found at `/uma/requests`.
 
-The examples provided below make use of `text/turtle` and `application/sparql-update` messages.
-The access request used in the examples below looks like this:
+All requests require an **Authorization** header to identify the user performing the request.
+The available options are described in
+the [getting started documentation](getting-started.md#authenticating-as-resource-owner).
 
-```turtle
-@prefix sotw: <https://w3id.org/force/sotw#> .
-@prefix odrl: <http://www.w3.org/ns/odrl/2/> .
-@prefix ex: <http://example.org/> .
+## Requesting access
 
-ex:request a sotw:EvaluationRequest ;
-      sotw:requestedTarget <http://localhost:3000/resources/resource.txt> ;
-      sotw:requestedAction odrl:read ;
-      sotw:requestingParty <https://example.pod.knows.idlab.ugent.be/profile/card#me> ;
-      ex:requestStatus ex:requested .
+A user can request access to a resource by performing a POST request to the endpoint.
+The body of this request should be a JSON object,
+describing the resource and the requested scopes:
+```json
+{
+  "resource_id": "http://example.org/document",
+  "resource_scopes": [ "http://www.w3.org/ns/odrl/2/read" ]
+}
 ```
 
-## Supported endpoints
-
-The current implementation supports the following requests to the `uma/requests` and `/uma/requests/:id` endpoints
-
-- [**GET**](#reading-access-requests)
-- [**POST**](#creating-access-requests)
-- [**PATCH**](#managing-access-requests)
-- [**DELETE**](#deleting-access-requests)
+The `resource_id` field needs to be the identifier of the resource as known by the AS.
+At the time of writing this is the same identifier as the one used by the RS.
 
-## Creating access requests
+This request will generate a request to allow the user creating this request to perform those scopes.
 
-Create an access request/multiple access requests by sending a **POST** request to `uma/requests`.
-Apart from its `Authorization` header, the `Content-Type` header must be set to the RDF serialization format in which the body is written.
-The accepted formats are those accepted by the [N3 Parser](https://github.com/rdfjs/N3.js/?tab=readme-ov-file#parsing), represented by the following content types:
+### Constraints
 
-- `text/turtle`
-- `application/trig`
-- `application/n-triples`
-- `application/n-quads`
-- `text/n3`
-
-The body is expected to represent a valid ODRL access request.
-No sanitization is currently applied.
-Upon success, the server responds with **status code 201**.
-Bad requests, possibly due to improper access request definition, will respond with **status code 400** (to be implemented) <!-- TODO: implement -->
-When the access requested has been validated (to be implemented), but the storage fails, the response will have **status code 500**.
+In case the user wants to request access, but with certain constraints,
+these can be added in an additional field of the request:
+```json
+{
+  "resource_id": "http://example.org/document",
+  "resource_scopes": [ "http://www.w3.org/ns/odrl/2/read" ],
+  "constraints": [
+    [ "http://www.w3.org/ns/odrl/2/purpose", "http://www.w3.org/ns/odrl/2/eq", "http://example.org/purpose" ]
+  ]
+}
+```
 
-### Example POST request
+## Viewing requests
 
-This example creates an access request `ex:request` for the RP `https://example.pod.knows.idlab.ugent.be/profile/card#me`:
+By performing a GET request to the endpoint, a user can see all requests they have created,
+and all requests that target a resource they are the owner of.
+This way a RO can see if there are still pending requests.
 
-```shell-session
-curl --location 'http://localhost:4000/uma/requests' \
---header 'Authorization: https://example.pod.knows.idlab.ugent.be/profile/card#me' \
---header 'Content-Type: text/turtle' \
---data-raw '
+An example request would look as follows:
+```turtle
 @prefix sotw: <https://w3id.org/force/sotw#> .
 @prefix odrl: <http://www.w3.org/ns/odrl/2/> .
-@prefix dcterms: <http://purl.org/dc/terms/> .
-@prefix ex: <http://example.org/> .
-@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
-
-ex:request a sotw:EvaluationRequest ;
-      sotw:requestedTarget <http://localhost:3000/resources/resource.txt> ;
-      sotw:requestedAction odrl:write ;
-      sotw:requestingParty <https://example.pod.knows.idlab.ugent.be/profile/card#me> ;
-      ex:requestStatus ex:requested .'
-```
-
-## Reading access requests
-
-To read policies, a single endpoint is currently implemented.
-This endpoint currently returns the list of access requests where the WebID provided in the `Authorization` header is marked as the requesting party.
-An example request to this endpoint is:
-
-```shell-session
-curl -X GET --location 'http://localhost:4000/uma/requests' \
---header 'Authorization: https://example.pod.knows.idlab.ugent.be/profile/card#me'
-```
-
-## Managing access requests
-
-The RO can accept or deny the access requests, which is done by updating the status triple.
 
-Updating policies can be done through a **PATCH** request.
-The body must hold the content type `application/json`.
-The example below shows how to update the access request's status from `requested` to `accepted`:
-
-```shell-session
-curl -X PATCH --location 'http://localhost:4000/uma/requests/http%3A%2F%2Fexample.org%2Frequest' \
---header 'Authorization: https://pod.example.com/profile/card#me' \
---header 'Content-Type: application/json' \
---data-raw '{ "status": "accepted" }' # can be changed to `denied` too.
+<http://example.org/request> a sotw:EvaluationRequest ;
+      sotw:requestedTarget <http://example.org/document> ;
+      sotw:requestedAction odrl:read ;
+      sotw:requestingParty <https://example.org/bob> ;
+      sotw:requestStatus sotw:requested .
 ```
 
-Once an access request's status has been changed from `requested` to `accepted`, the backend will automatically create a new policy including the correct rules to allow the RP access to the resource.
-After this, the RP will be able to use the resource following the UMA protocol.
-
-## Deleting access requests
+There are no notifications, so the RO has to perform this request to discover a new request was made.
+Similarly, a user has to perform this request to find out if the request was granted.
 
-Currently, access requests cannot be deleted. The reason being that it from a governance decision a decision need to be made who is allowed to delete it.
+## Granting or rejecting requests
 
-Is it the requesting party? Or is it the resource owner?
-From the start. It makes more sense for the RP. However, if the RO made a decision, it does not make sense that the RP can remove this.
+A RO can accept or deny a request by performing a PATCH request targeting the URL of a single request.
+This URL is formed by appending the URL-encoded string of the request identifier to the endpoint.
+For example, in the above case this would be `/uma/requests/http%3A%2F%2Fexample.org%2Frequest`.
 
+The body of the PATCH request needs to be either `{ "status": "accepted" }` or `{ "status": "denied" }`.
+In case the RO accepts the request,
+a new policy will automatically be generated to grant the requested scopes to the requestee.
 
-## Important Notes
+## Implementation Notes
 
-### Undefined behavior for **PATCH/DELETE** request
+* Request can not be deleted, as it is not yet clear who should be responsible for this.
+* Requests can not be modified once accepted or denied.
+* The generated policies can be found and modified through the policy API as usual.
 
-Upon the first **PATCH** request which changes an access request's status from `requested` to `accepted` a new policy and permission are created.
-When a new **PATCH** request would change the status to denied, nothing is currently done with the policy.
-Even when the access request would be deleted, the backend currently doesn't do anything to the policy.
-This is undefined behavior and should be treated as such.
-This works in both directions: if the policy is changed in some way, nothing is changed to the access request either.
 
-## Future work
 
-### Discrepancies between [earlier descriptions](https://github.com/bramcomyn/loama/blob/feat/odrl/documentation/access_grants_vs_dsnp.md) and this implementation
-
-This file counts as authorative resource for the access request management.
-Other documentation should point to this file as the latest and correct documentation.
+This document describes the *access request administration endpoint*.
+It contains the methods to describe how to create, read, update and delete access requests.
diff --git a/documentation/figures/access_grants_requests_fsm.png b/documentation/figures/access_grants_requests_fsm.png
deleted file mode 100644
index bcf2b6efc45eb1c2f84c8bc49668cfffe1350905..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 50825
zcmeFYWm{ZL(>081f=h6B3(nx~?gR_2!3UQ>Ah^2>?hxD^g1ZKHXK;63IIsKt7te<|
zruUwn-BQ)7s#etwRaTVxjD(K_0Riz@Mp|4I0s;;Q0Rat<0R4Vv;Rkuz`xl~vw2m_b
z1aZ&D2hwg5DENNUU0GgTVq*JBSyhdkf>J<G2pSrOk%<`z8Tsw)?fv)j^K%RgOgwx7
z3oF~8;E)(l$;ima{r&yR%L@nuY8zXLj7t)imLJ==n4h0#=LYQT>}cy7mz0!rc6K`Z
zhS)g*!C-J{ZA(SRXm)8`|H6TXhli1oQDbA{!s=F7z;Yi11Sy1!xQMzt<cWT;==Rr7
z1%Gtq;W;Mz=m%ckg!n&K=EJHU47v+4SDP(XXBE&#%`XB7(IB9NArK(^O~@Qv%i%Wx
z9~Y3M5HRCLKvJ0hT{!T=d<RAab7sQ8{DgS#U&R~q(c`_%L;QX*@E2bR3hKYE+C+mN
z9p2l7sF2#AZKFsUNXY-XmZO;d--DxqA<D-us`}&qdzLVSCOjJi%zy0xF$m3lckOMN
z|C>V@G#&)hN85j!45G}Lzx;yof5ZNq^Zx_^`O)sWK>IldApYl$@xNiaj)dX<_uLJ4
zgsvk(R2zQ8|E=dckQDlV&;5VP`G3-Zfck&R_W#Zf>3>k5TF#P0GH<_q=TX_2>v#3=
z<nHuRol(em4(;DU8nY_6qV(?!v=-La%zYNIZhohQ3#1bqUQ~a_M7<H_%K58``hQ>i
za$0#zTG|_*$_iy6j^@N+m<6dpiDXv9UtA56b_KQDm59H4r7awDmSC2TKRjF;O;hZe
zMiSn7xq$~3cXyFr(#MGBK^}gjrPgp)jqul=*5v>GFz;PHj<*Y?o|Zb_@fdmdHn&ka
z5>IGR;8?JUuiiZ^YyJ%!&ids4PZw0Qs5d(NozwUEu0=azXniY!$m7t-^@^=kmo=XC
zYH?;L4G9$vN{BqhC!#gUFuMgbFhW4nWssm#I5BRJ#WH^t>+-V&98BU21C6%84RzAM
z+gOWz=O}qKRQu%%Cs%34Vd9UeD-(;s%Fr@A1N1wlph0^U1XGf;OQ*VTh8=Oeaofp-
z0r7XGwYBLZj#=w@zqf;JSx}{@g|iu<m>PH&2lUDZDRc=dGuFVTp7GMRf<hHMGH1kD
zOT$QC?xTXbE+f~&e!H1EUMlu-OS^~YX0#g&htD3ITxpy2I{$<qoBUSh%)r~?**0}%
zIdxj4S(^E%E2_<CN6qjU!0Ig)4F9M`22=BtnUaA^(<0*PoGTCcf;scoCubg)mH!IW
z#hrdOO@T#L?$3CQ7|Fli+xy?YXZ#7}#jBrt5LXHHbG&WaLtjKOujkYUSgUm&22xIs
zvX~JLAkr`5ChD=wgc5qiRdtMe=6_nndpxVRI%~nLOVr#i72|D5gDsFZgpff8DN>gX
zWmq{l4%sI;f9m_E|4g9rdT1)$e&%>k?^XNPEoo&#J<ypl(u)|i9IyM7LzK{3ITYs`
zXg9;)WbaLS{qnI<pN2?jQ!*ZTj|17Vqg(_tFC<d(r!9(31mfqtkccp>Ry#$?9SME+
zkbE~*{>tcCU3~p*KHWUC0{TQ7(42>7k*{K~;GdE!q$YhPB8|Fvf)X_M4vN;Rs0&bO
zh!ev|>}q`dL5p20?h)xysJcDwbxc6N`#ppHTV5h<?(~2}wwWePYhg)2`|KV}J7!sK
zOX{Sw{o*JOuUGpG*#x^!3BhRTov-`4(yFy!hoUB)4<_*YRQmN32wKQE__&DgTr&wM
zW9TV`i7l5XzrQYOJcTXg__%K`Pc_VNlV*EXTazf!ofaV6T0TA(X0ZPndQ_6@@#6gL
zz&PMrT+u<o4mr-7<(OEb^<Tcl2sn_clp)r@rW98ssSt1;Bi=>1y3oM<EgO|K%Y#cl
zdc;{P@oFn_>5NrA;dUC|AYmb)*aY=uzB6I)RoaJ$fX^K{S9Q)aPmfb7TS3!8R+iV>
z<;q(dHJrKBkomXHi{HKml=Ij@+2eigH&x|2URz7e*T($szyr53FRzT#r6yj@;10RD
z^&|et4(=-gbW@h**YP+yHUb!}1%3bwhHt^@b;O||krZ)h0SE2a1)62-Tr&n0cAp$j
z1)D`hC`$fykYJ&`+9-|3^N)9X-uj6w&@I1`-OJ&0`!&*S7pb#m=S0c;(w=Se=Fl`Y
z>XIQo@=uAZVQ{IwbD3B>=VO!WA*|yzvABBRyd3!Ur!3!948P&DMMJ%x1YivnJ#&^E
zhW-bz#s}%m_WSSBd=au=17KTqA*G?!AVW-8Mf~4Bcsf_E2_&a+0Yg5ZYah-$#Z1l$
zDX}%hK^nf!qN;Y3Krv7H+4)0)C*Q$RV!<;iyzy2oY%#wZHw)c>2-y_TEvR@@Knu5Y
zxEB5&JtkB`X#Sjf1ofq(^5DBC>y#ptG3O2$Z29`H2icwpIntjti^u(A`E!ffkrd2L
z%HqL3W*qs(G+|T^xpRPt8XNNKTiC0{hqk=RD<(lcaq~N9zEKvWo0^j|%DSW8ZBhS}
zXmYlJgCE_ipl(M4ao1ut?et&51%DLRQSPpFJMtslNpxm1d;wQEEy;R5E~4~RHLm@(
zvz<Jx`6T`;XU{TJ;*Y$|7<v-Ae>>_-xC#(!Z)u^`=8nL#56H_2*~f=`3AI>&+8qD3
zggq;jag9ug;=g8&wYlBH>e5a<fe>i-1W?$Gyyimoo7d(GFSrTAUZxdFrS*!?os<A*
zENl&cPEOY0FDVTJR1dv@ogW(sj3csCR7)f@fHsxCaW5mgm+@z?$pZ5Kwj04_nckdU
z1f8oiGwXuMa*v>vCK@MRm8WO^r<90!`6aFjv5C>~Eb8r{#0g&tldx=ZWt?j`wi}6j
zmnqdfDBQbVJ{h5}vX9z95p0JuX-u-aSvs{(YS9q^(neSk7)N@fa2nE$HNjZ^10Fc0
z|Mq0I|9v9GYFt84UpdldUxxO@H1T>y)Z<XODJ{;O!tluIl;cIbC!DtBpI>A+aj&Wv
z1m|1>oy?j!H`%{cSBmxjl=S~%_U)Q?Ntkc@M6(wdKLNVampTp{Kj>PRI3zeJ7mcs}
z!A9_u_N2PgKjT&la86U4@$$^hzowvxUW>bUXr9=5+448nW;K*F`;2^;br9NN+jx!U
z^!wjpa4A;Vc{gD~e+r?bf9DbLQ4^|Z;50Jjx`zBA{wvhfNU@0;oYW{RKgD{<-I~58
z5n@7R=Eq7#|Gd;5T&<L}u5^Ty=9LHLmX~@MyrpCm-B+3Hn@&BLT7*kIx^Vsp#2V##
z<mGTTS)rkN>^{ja7%i?e>2sYtyZIVv<R`gp^h}@-RbCpNNEyX*4x&$ctka{5t?;?a
z%~*w1wO?*RG4qw68@f1n{TET|W(YI$=J1;#4`!|0RH;sLUIzp}7H%AQ5m~JQn=0HL
zT~}Yn8>q!y?(7;cDB8LisExJTg$=_^a}xW~Y$Mh2L%($!4(2vMxbM&S?uzT%y_{fy
zp$6V`=+Z9dL|Fl989Ig>mNa13)cUnG<I+m9)?dGGLeR@9bKOi-Q_71)@B#CVd&Qh)
zXCxXtY4=&|;eiUdYHB_e&Fk#(=*V|$KdAZToNp!B-K(i(KPt$Pq?R_bgY9;`!h*;g
z$Q4z1H{J3#IvB4nHa;qh1$%uc`&_cr)|<ADbDKMiWGtzXq>htqPV9+S9J&2_4X@^(
zaqL}_{X4Bk9<8xRdPW-igbC|Qu9CdD2U0qQPlq9Bd%LQX(?hkx#UT}b{!UXKDyZIR
z>k8|iszem&%g@gc{Y!O0=|=8<Uo|3Y>43>xnw(YBB?Za~6rHagea@eH@^}x7$*B|$
z$qj$cedS|+JW()I6LRm4BKQZOv9GB7OR{hZv%J=p98P8|=>uOwat+R48cMPx&hU{M
z17p8<N6*S-^!uQ;8`n~>AajIwGl`BZyxLaG8?hVF;O;ltLN=I>Vv;>RhH#ssXwsa3
zi)GrgrzcU(lBP(s<c_ER(Z_t=>CpJR+RoY@fTmg{Y~&H4euF5tgFHpnu#rRLw3mab
zBbKeab40ETEOU0XdX{^v6wa9L0wenw$i1o4%&DUZ@S4R{<prAx!iVh?2cAN^_!0kB
zlIx^D$;7y*yj%5b_sx3)-vM55)ZF^*g@s@9D{H;?r8D8H=9mD}eaczg@}Z8hw^YY2
z4ib43ONZa(wy7<$W`xrk@QF+~?p+Qa<klKGqHb(J4Hlz1_cd1~(mu>(-bPnJC_Y3L
zjU*d6zVSpgyUWE;xJCBf77=2cPIt4OkM%q>{;)Zwh#I&)!x%w{+cVn9UF$qguqS22
z=jG_qwAOv-#SL?;vvSR~dFx7rWO?ie0}P%)PQ(441(Y|<5NZ_dF~0){akbTi&~Yay
zwxu`}7tWu-1cWcj&NLKXaFBrO117ItX9xK|8(Bt%eX!?khV3j+v!2B!kiCtS!UV&B
zRDhFD95Jt-gAS6{9JDC&hG1tkFp^iDSoKI(ie38s5?9hLU>yTx+W6^=^D3Rk@kXL4
z{``w{CT{*Dzp5GJd<4FC3d)`B7L(jxCL31Q(;)_wyIsHy?Z&8z+ICX_m`)=|Sj(V!
zX-yQ+-q*5eZ&Im0^T3oc(~S3O@<LadV67MO9mi=H`x!Q@*orkL@FAD@=p<zl_5Mf6
zTZUc#Z)#w>*E$Q2kka81s?bq7YUcEWw_|Ho>&p3rz?e?!Zs06*+S8{dh8}@z_?BS6
zDBkA{+iygef-fMoMw=aH9w9fpnP>mr{;~LuDA#IQ|1+@n^vtsbH+j5-PtkG%y@O%!
z_R*fDyi^1VqVBzOE{$qBnnoCMY$n}c+5S?KjiN<3O26w7H6<slef=MlJK%Vx!lP~t
zX5n>dzW~wWvJ1cy|GS+G87|_zWx>62T(w2P+IZLa3&WeD*(yox@!x-WnWJ775<<Ou
zt8Uag=;A}oYmMv5_q8b}Q9{Nzc%L!G*!L})g15{@Q#-2qPN7qgxRCf`NYpAC?|`E8
zj~Gp<tbX(1I&D9|;F!5sZl_a**vKo1JcE=k&13YFxD9nxPhziK00Ex7TDnp4FcAb0
z1U%p-b7x$K$F~5d;uReke>v9b2EGEn#vT)Du7Q^g^=BbvaJBzx+Hc>y=l%N11bPjv
z-O!^i*Qy#Zxr@!|owz~+Oa=!<Mvca&ATMg6&e`^%@#I;)ug$BTw05(OQU5$1$>Ld%
z$ZFSVLk|`BX><|-;tk+$fNP@ErU5BUh4G2dkwRnd6An~Q$D4^GOvC;fqBDtGSUCW6
z=b$^w2iFxK-4M>}pq#Yvh~w?>A`~TW1!P#aC9hYK3uuidjgFtQb3u3uZ=4~hFCR%8
zT2yPl*lC$QCOQW*dQx4<N>Gd4(4)1XBWm{PV!GV{cFqKMRISe0qDtS|eS8z4bwTi1
zafUZD)znC?b$lCuj&>m#E&ovz1+o}^kMv({>};VwKSgHA3uETa9Zhnx6J5tjt=J!e
zd9Hdd((%-O*ZtCKak(*(GYp;wOS^%Y3>lH|JWeICj~3@Wa#_Xn!Gr}|7qRCOj-Onl
z;s*JHQ4iZ4ZVqK04O<%s_|l<hnT0o$K4#tonBe}k!`b2jB(c=VvqZH@ur!@ytW+Dn
zmTucu*4%YKFC9z!mYc||)nTb@x8=j(NUd==eHtJ8NAZhd4kGqY20Pxo%wAQZ`|*BY
zhg8Y79U|&kwB}3V>&@Z6<Zi4Zuz1;a1mYM#t~`nx?~onjVLW{sQBoQ2lI)&Hi>hL#
zPJAjKnzsl8#WOLsx7CzeJ>ZB{O6t6D^zOWzEbIb#DUEgC0tRKvJH;<%-IFx~6X|*z
z`wpS?ddCKDx2m$mu((Ojy<kdz0P8B98?v*eKtjyxC}SBn=HUibZ&bMGP+K|SGzY7}
zP=GU;`-fOJ*Q#fq_-6sC?p=#a74t?@s5l8Ftb^mnkfJ9ye3u+O518Oj68E%8rs7JW
znge+8&->NjvnO6%_B}CtB*TUKR9j$AFQia#q*QF7OsLbE9`+GWMJ?B_ttc2qn<?zT
zNr{l1M_NQ>@z;v#LyZ|;&dnUzP6i1S)ps88>;qsB!F+stcb5-y=bV;nT!~IgMJl<W
zI|_OjIpz3cT4yt@N|?qt*T*b=ufFq&d<EoX@!zcQKRHsoW*|Sffx%5uhEoW!3k<~9
z>#BsO;6N?o`T5O&UaK=xY_0)doFKAUn+{th`8gi3lo)rq57Aoe&m!?b+kmc?KFm_(
zzm7!K;+fz6=HAU^4dzJlqML<YPnU|8VUg{T2Td7z6EmL}OM>nu>vSDp5fP39h3o%B
zT?4gm4W(MgUG$f8I`H8HoOu(A6J|=?o$*0cmPawc?p#*lGREWM2YJ187Fg%eK40c@
zq9B*UW8XE4WqrQ6sRc!C#r+cBk0r0!=+`}gi`PqaLV4p2&~neEW;6!p*iM_sB2(Pl
z3dV}vB#nYb&QHBGRH8QfTVN*k3+V_Um-%P$G*2Htpj=6VhW{h)p1yPW(9Mh=v#aWJ
zpMnHCO=M_Yi*}1dmT7*112C138Yxm~#iLS&A}59F!#Yg?Y$<QUlZggo1-Hs_inT@Z
zC=cpn?T0t6Bkldsw%RMKO``^2MMs6wPKf+c<r@0d7V<0O`CpSB$&AEo8+c__?oe-P
zql3ct;Lh`_Y>vJKR_Zzq9R2VCUDX-(8a{HBqwHe$TQpe6kJ$B0PtX`Acc4_FAesMi
zV?<k)E)#Ffv2M$CQS4jQggpWW&Xui0E5|NaW!-igiKv%6AK~{+;w90x67I&A2~8nO
zg}C?#PeP_m%-q>CVT-`@6|;UIVn?Oe(bu)Zz{c>{W;u14L?r~pERJb-(Pucaa{#9z
zwi|^;Pn+QG@@9m=<GUHLbJ*)_KAD~0jMl8d50=QF#y+3mvDd>?T+T~;8&9wWgEKl+
z>dqKdgm#}g#{Wg^maAFpm_pmI>Me#na-X`zm`65=UUn&d@y{NRnQGM7^p@BM&&t@$
zo4aH7D)iZoaK^3;9{bp_na8LoDIp5}(p!^%2D^p;d+^N!cs?eaQz;gpWbd^*mHnr5
zdl+siCqr}>YAJ{;&T~aUC!o~H<$FkncWIYGMmwhBGg;a8kBDCp`_;{j8kas(^LUYx
zm+_fh-rYEoG){xJpqfLDx2WiZ!B#)s+PeD6zwn7i++2dM(*(skkfyAnhEj0mTx^+f
z)iWK5Bch({_6ZK-n4S-e7EZ=Xh1Z`aEBd}5o`vZ&Y8u&%ImnEpT5k<jy>b-iL8T#C
z#YkeCMLB_RC&2mh@Ie%th=;T^-%w(_qDv4RXwCoAp9>$Nf5>Svn0{HlU6)HKek#cU
zw=nhLkGo8fk`FfW3>h-YSH=O4dXIr(6gV8qtuBs!#bXsyHQXYv+{QyMkVIFc6S$QR
zE=Lf4A|rr?udag49lqO!*Uit0Gx+#5RP94Ifsv_a`nD%v(`j@vO+nqCf<LkUECC9_
zzRDPyQ<!`slwr@MLw@`xsaWf7tjpfywcQN#Icg4>i}k5Kaqt!(a883n1s_oUGRAg~
zt0y|p6l{LfWQ~dCRPZ__k55mgO```5Z&Jmdt+B9ToMW{F3n}1M4A&goHzv`O2eQo}
z`&;XR7UszovnEAGcGncG2E24i^1^nmX%LH(D@ubOzL>4|_aHU^a$4p2CyXyFdo+gz
za6<83@_*m(K02Hd902C9?j#I@wYkcpY_0zaO&xnqM`pjmzFEdcV(hy`tQ~+Yb$td!
zaz+>P9MeCSiKU8{)e3B1QMnZ#_$R<F@)6BD>Ju_c+_|0#ZJR}D+_#R%hj)>zwK;2`
zG3cew-*NM89j4G58|vqomVUa_@J{QJun|7M2Rn@wpvVu?L~x5;x!MByukgb@5DN_E
zp-N5mS;bGUn8BUnpCi{SKR~wL<9R4tJ2&g0axj(2K1806Np!HLoYFMBp+jMoWq%AE
zfA^do_!50{^ViqMZ!sn(JZng2uJ|YITbeqqX#z9!$3jzApSwE|-UWr$$fxFco-{S}
zl|YkbexA&$fyxA5CXQnF*rBJLF$?zWM$AswaCWfhmy!+_s5mrNZ9gM4pWIfH%<I5;
zt9Rq!Nb|gdqa2<-L**Zrj|gL4vy2*ScR~VlYm7}C&lrHZg@0Gt3|1Fb;!)t^I6ZPM
z+lVZZDSYd^5Vgwfv4l%U+N1MKwvoMj9V_<^-BGlCOwJpwC@>;@z5DF)Gob=mnRh=t
z7`%8B>|22pT1avyz7w0c(e{D}b78uVOVTUD_1()mGhKePA)*L%J|XCMxX_1a{3P_!
zM|n9;)5^n7pq1r1jJqsm)j;4Lv>PT-tleZ`)?ABQOKK0Rge4Rf!t6jthsev-0jPY$
zz)AkBW+~R-(f3ot(fU6T+ycdso8VQQq@5GJVJ(1{Z+QcBYRWb0CwfpCy)g-D(lpXY
ze`7bJ^LjnZBR8$wX!IFc3`18q@X`|m1RTBkMHL=-*S}St=<EzjF;X=-$tYrGpMZCI
zt#K;t^<t!UXNbL+Bc1LU`3Zu4aSv3Wvre%`x${LraGaIAZ`aDa3}?<PqWzug#%&n}
z?DjPo>IIK1X^T4&*f32vz6C4J@IqC-zisE>mRBB^iA%{<QJEqQVgHGj#{E%-SVj%;
zpQmSW@&u`4iB!S3e%>c)E8~pts2V0cj4boRMOx9e>&+Ho*GI~ez~CgQ>?O^C2_v-<
z7PlS(rkvywm|O-xUnt~$UivE_$c1|%8Rc9&O|B;OU#&aU?#Z@fvy$>|I&8)=`uF!k
zP*^>iO4MHh;~}CTra~-%(*E_aHQ5EXF#X<`V?Pm9=2ZT2XFis%yscV0&v-!OeJq-C
z)$daln{O6zCn^mTE(+g{I)kdWl-Vk|N`xk%!r74Y+k<9f2hrE4O1y6c!)yC!7t?IL
ztVC83Azyp`RotB%PBv}xYHtP9Ve=c{U)5Boo4v$QjLF2?tBU`^v52NVE~`^3^T$Kj
z`EXY*oZX~R7h+j+9tN|Tk+7f_2L<UH<#PS=*SG3p*l%7bgDk%UuZo51rBUjM$xbl4
zwNEa!K=ShS;XKMU`S^fB@nChX$Z<@WJ)uzJGpdTt3=C#9z6MEQ*qf*3^+G%yFqIP5
zzP^$hOMAJ0xN(=x3)%|4{F^7==D9+~ltGATVwtlfqOz!3zDPo{c4Uw<#=_gs;gUOf
zfVzWz0eaN+Bqn!Ja6iy8IXk~>TO!W1?0g@VjpdiD#y`T~Du6*`l1*%n6~{NVnfVSY
z<or(>{9iv#lo1NSP)A4eMcSLG;pS(Tnu^ro(yErhx3;aXLv+cOsz+LLVWGx6PF9x=
zKt@5OH_wviaQ5OuN#vK%ujv!(ZwVr+7!yrpnE48Q^n-fWFj1t(ar7+5!&sQGYk}%J
zj!HWOyCLI>t2;$$yMNxd(T9lUiSf~?XL&yBR_OTWfI%Lz%n;_Y0YOkU`X;^16}tTJ
zz|*r@Y5oQJsm|;oU~_F|4hxV_$`8fC`P(oT1DBHdhVtTQHKtE^A&xOdlnW3>oyg#`
zu~*By@v|%ILsYRHQL^opFkV(t#g!9|MeQNmFkJTLv>Kxnh~mb|-1hp@SkI$@WJ_5I
zrM}J6ed`nB#7yStuQI~RpnE}3*B&ebw&X=^lU4p1E?sz00olz6C&^eoxy0Yl=T4Mu
zoShRpyxCXO|H6ijsCt?jx&OZw06|E9*5_UMf5-{*^?>Jtb{ad2mC0Bt3rY<T0Seta
zU1;u2U;Rs89d>zu$}>U;G;z0<f1+@y+)&wyGTRdN-Hk;DWCJ;XA*j7jeXw*(H2H}W
ze8<mGx6n|!A08Yc7^wa#!H470lTJv~{72A)9hV55Nk!k0J`X?%sZlSDLqg+<hh-d>
zZ6f<Hdq(Sm>}TP2!#ik3P@D}yg5)Ji#NmfGQdJ@k1sL5_yWl2MBV*y>+6l%|1agr1
zPmH14$vb7<mwfMbwuySTAMYV_n}PU+;UuEHl5Vi8W&gxGlanS!Jl40nYlks$Os4vR
zNR~`Wy)8aWU@40vVwMfA<y7KKM#p+nN9av1CRGY`s9A{{8On%B$fQJ9Bq@0I1oHc1
zO;b*>#`y?@|0z<ULW%UStN){T436o7fBDAvXlN_$t`OV|EBJOJKMf0%<u6rKbW3GM
zMQrRk929H|l9P#z_I{MAC3)1|p8WCy;3QF_lG2MuNl#;HK>2VAGmhvu%p$WzC4<!j
z^+!6^6u%6hw>0$+w}V3L*T5X!yMZTq57c0?`m%1e7H!|?vh01~l3^6709Kc{>SHRL
z&N(=XNJdEXwbOGXw1h=b57g<)PxCt8m2bDn&W(Qi!gH~xc%zC+3EtFZgsLea><wk+
z#rz&hr!2tA4Y}v-%E=vw|M^?6<Q<-_f#UE1<ma<r1#%hJ>6QBV_pd2sx?AcuIWjA@
zt~;nAEu<e*ze#_=6J-w9s{K>^5I_L~(?EJ|cd8zRG_S4)8l)-=p);f+^>m?A%ZAHU
zc6uJ3sorLic#lXD{sY@PAjYQK+8>%W{bk=t;>&w=@1nPKzgU17w)OC6ps4o!139rD
zvV2^SDsDKjYbG;G^hN}Nso2wmjOuHl)83Apoyw=x=P^B~36|d682WwcIVvP{!R_Q9
zQg3~tf8k+##Xn&78n|-CTk`Yjhrs3!X5A`SfeYEaxMEML`L2W7M83~`{Dy)R1KR^5
z``&>{rM84lh?L~2oISy~?B2#tDxbQmVEy6w<OOqL`GbVec{<$5MxIjf-38=GzgD&g
zU-HYNhz}&Rs(9f1-2&9>hM{1f-NSuIX?-4jNJ;%yo35gJI?A#0C6V6TfQ`9w;RaoC
zJRB}}^p!tnzqVlR;x+L@JW;D2TUPyaqX0QIpfyLw_RG%~NjUU+BL8ad?<O+zE$UxD
zjMHNyMn{h7p=LtO9M!4~Y9{?t14De~?d@&ZQ2tIIhxxuE>TI<LNsOj#_s)4-@K`!B
zY6hc7ekiiNyKi)GAj*!#nTyNV@m{e*WCHa25C3qX@7))Llgou2UOw<L*eMc{nKXuU
zvObyKIDI}hCG@%k!Bc;+ikS>InI~{A-W-o^C;ZsDnpxMaS7n;|{1p1b+pMd^+|8Q(
z300}TJVa5|z<)pNcnszDDW2t-F5W^tb07Q0kxSpOqmGJhE`5S*=o@=@^tW`rYv83q
z(BuSy_ct+ki63r?P*l9T7ruUOmkQm1ai|aQw46p)GMC55N3F}tS#qc-q~}y0SYJ_z
zsZKT(0Sh|k8oVQGaZM^l^Jwq5Z;ej$ic9{D3;x3u{AZG9Q6*s-ki3Uhf}i@^@c2OP
z866U)LwIAUVkcNAMCZteE}X4jF!F}Zo98k_kGHU^VpAHs(3n_$$J?8w)c&lKmTgct
z`_spG)ANp^6HaHK$M<+C-Gw~U^a*VWbqo2pB=~ugWk^ojuEEWv4m=ahUc+5GNfQ_`
z7te3W+Qm$6W{Uov^jkBd(8XqEDc?LDRQ!kGIN_11uLG4w5fqV2^VK?6Pn;AT^Q7-K
zvsk}k^u1~c<3og&hQU<&dZoDe3J;iTHK;QRUxvz#qj1<lH}#&cEU#w1<)>^4B{RDr
z1F)PYoNvBXsfl8B$4O<|c!<XmA}7nH#dF7U?caThtsER9JQAfQ{N%sksCUV4l>Oy%
z6%7wB8SVhlPC8P~>VFJrN0fA%^>1A7BAD=fBhQ}Y^iN=S#euxx0?5eAPt5GN-o!o+
z9tyV6c;|5TK|*5zAv;JaRxySsZZ_Bs(2(=MyB?}L7HE3AQij-gAArcUiulSFRGFMO
zqkpV`;A?-%Ge0p04%!0Zhn{RTDXPQI1*dXq<+M0oeNi8>l2cAo_fMgtkEPU^yv!oW
zz<UJD#)-yz)XQgK=7H=*YTKT263!v~*$^fp<PTe(x)a)Z={0)C*<qS7p(G9sNo#3T
zf3e)`xQlfO{QS~RVAQ9WN)0oi^|6nEj-U*rlH4jJ#=SzmoAs37J(BnpzYBMPWef+|
zd=I9_<-LmClbFNHh}`Sw%pH=XJp1#>@~lIx&k($53t?TouF^3W`=a#vBIkidVq2m$
z9Q|f!TU`A9I@c0nh-##xW41Q2A}~+||1;N$Xs&PRB-ln5ylk)AbAMQQXCm%FSAy-W
zF*F#_cg+1l1Vn5ipcvt+qMfu~69Yor?d&tgF)l;0oX9ClQNpgt%a(sbwN<9ITU4z~
zgfJ62nns&(zd>%0LrJY|*Ej*1Mmc)5&MZSkm($^I-jF|3v$}G7HfVQ^A<FV^I48-{
zqQ_T?O6=ZTd2h8MVqBM4th_+Kf{3WZY0GcPDuZOo+yc+fiQRfLozhkWGq*A;xhXzW
zR*d?vsaL8B*CG|IihOqE=FN-%;1LIn5@PvyUbRaf?lu?F4l!8oM;Yc`6*hJkLw{<<
zdB3~qysM)6Tm;%!rm#~g)+IUe+yvczGURrHphGk6)tCSWT*}G#25q?j(hq`~VM{L>
z9P%X1H$#4vn%)6Nz&?W0h%V8R)!&7+GBpI_h3D-Io`U|~Rtjeh^sH(~O9Jt82Vi-_
zoXjIHtc3DhHkbi)P7NYT>nW6tJ&K$sE_kp>!!2lj_I><TC(5fYa<u~$GowrT!!r<!
zo<)g5(=#^u@DCrIh{f38pY}#TLg;-^j3+<EK<pe|c^eotUv8b^F<Eh&Ke%;<X|nIi
znvuGiQ|&lPt?V7LPr=2bWea?VxCM?0>~1~jzVKS+l~gLtfs2NE!)SUEt(WZ+lQIR&
zj;etP7+DA2STa`3Cr3PEp+y`p{>Nd3RiWoqq_EM*;+sw#*VLD^xDCAR5-t-&N%l)!
zVpj}$scDu`d)eYcYv>C?y*y@OJI5Sz?_QD26R*Lm&V4)7q>tmRC7c{oC5;zVnD3y(
zR^W{DfD0M)p7-n8?2hpek}Pvt^Tb#F(hVbX$G0k)ajV|e4yE>@7l&Th!y7iK*@Io}
z&j5VP-s<3g&`o*?b=vV9chKQ%EjHOTQczK%+%MsGi7&-0HM9>yAMThV7#J`s_2YY_
z!#Br&wJ(Pc4}-5)@d#~kA%cL4Nx6$yr~MKA@d|H(uS7+;GULo|9OU;ewV5XyJ4}&K
zvq+F>JPOA7J-dA&yQLd<jEXz_ovqG>1AT)(syB#u>_oZJbVjG?5R3j1J~Jf`EiQUL
zL0;BFeF+jE`cPose<?`qv;i}4MK~BOcxjEtD+}ppG|yO0FiO!_B!44T?LR9B#!XZ!
zIZfFnRNV|eI0sfM71@~ZH~&Ux!y_uBJX9&VtY_Mwnyx-ls92i6ARnRh?c37l;v$?v
zGL@RrZIbQb<GU!^u|{AD^S1s7N%RbZ=ltKK+GAp9A)f978%yd9E4L^MQ^@aw>awXa
z_;?yQlai>$)R1aD92pnhu4V%aYWFQn3@Y-b#k5$gj#lxV#7PEnrI*L|o_P6p<IAH$
ztOjKTL|p1S<IOR1dE_1lmL12=#U0B&_*TU)^P#e6E|fR#?&rwYeHvPs4dpQ8X(mfn
zn=h&5L@RlF<f)dD{#A1n(FPfjwkyp=vSZOT>InYPe2v!;BeSs*x!o(`(bDQ<2feIo
z>Nqb=iZP?L6486r7yhkL8ti!t!TRL5PTetF{h6St4EbvyJtY9hAp1VDb|uA9?6APY
z;$dV1ZIv_MHP)^(p^Arho!pN7^R3oe(BfiAob32A%eSOjX4i_+baTS?w#D}Pyc^Z5
z^r;GV#oP=86<UObL07^2EkchV(75rL2OxRHvZsisNo@@f9}}!q&^1=AOC-g=^f0yA
z4gFqw@t?mf{;a_#jvSyxo{@BZ3RTDH9~V%w6VL|{{P2bnk2uIPWeqQz@ApWUtdw0y
zY>2V6|2f__Esq1f6j6uB>17D>j>1%ydL)TAk)9;iE5dk7QW~*NRBErPc{V(q`B28&
zak%KR8K$(5UatUw9lFe!l+041;a!`Cnxba@s8eO6Az1ye+J~45QI}IENhE(oqbv8;
zxfY)vF?b})5d>uoy*0L;Hzl@r{)C2FCp&jJ33Bii64?Lj*jw_+;{gdnB5;F7i8WtU
z#s@T4<~EV+X6k$#;>xh2MI)1MOGfe8IzRjl)z!@mv}nNKOQbUNmsI&j**52d)i2o&
zq>dw<Nkrbw$j&Nkbt*(^1I1pEM<qXoN^rrc?_s8S(K}OR{-xrX5U9?}L#j;d->uJm
zeWeq~WlArdnf%plK0UesU|aW)w(GY=@fIQlbP5%njQ<NVM)G5}HuwB84;V#tVsLs7
zLf->KB;Q;J#z#esHdRJTmU@2*&omgZuA<GrXQ7=c`ZrzSGzN=IhszX^b2>ot@8G{j
z$53qUCmZbqPY>i3BIWAE8PBkY@duQ>R$Ojx`4cwWM)Z)iFidD!PoCvgJ_$R=ET@PE
z;JO|j!t%KPtWEsU&tf@QQcyMkvSzog--9ajj#9zYX#Lc1fi`iXXB{-oCh!s-J%HPA
z*1<%kh$h`xW%d{}hPd!snQpbO21_b+Hs&{QpVPiC7&JgY)52V^V$7^!08*;`JdY;y
z7exvFNy1L7|9!0Ijse-6uvlq7|0?$!J892Jf33fiq2{@WR8q+UinWOH3w$cht`ir{
zaP^GVKX7$J>O|6CRR<#Wt75?ucD0P#i!dr7mrlDdTA_+4fb2DK9Ng=mA2*|?>l8m^
zzn@-1&?oE0Da5H3%Pg>h$7Wd5H&~b=>)r=`FBd@%fU-q<PiF)V0M!{Ty)ojjtld<p
z_xAsk47axSP)u7`se68|P62$@ctVFv1)R(SrwZ9me<kCBNwq08cHD5$SrNk~rik9N
z8@^H*T5Aura_O6adSY;_Kr-D;(r@=y(e4}|5*uhZ(sS$&6g*vaRTR49%|&8uTrIfZ
z`@5egjwh|J$D6e>V<mK;PgsdzRx~tIHjS(`@wJD#-B5<~0L7nCpDGP_tsNP_Z#6kY
z3a{SPyKOdhrOdOME-XlOH+0Oi&lbvku^Yg=p*9JkmG2!QidpLXP*ltgw&Jd*vUs04
z2=eiW<}D&eZ~oOqi2{`@)TdVZDLcNc=Xh@uly?mkUw*!dg>HS8V<7uMfR=q`J=IR&
z(Y=U8m)M>^5QoG&lFk;gbAijn65zemTJIb+C;!5vfJULuX7*W2O5a2(V?p)&B;p+t
zqHcj1aqd33**tEBjCOE!ct(<~esG@B=o}*@njs;?i@zIf-7GeUk2tkz5mTGvsJJ6N
z>){5zpD?EXQ6zouY9&V**6vSCsYELy{r8=Vmwpn}4E9vUzz#W@N-!Q4l^<kM9?TQZ
zh+MW_e0JU~`vGjK+)fa;Z~hscXEns&DMy&<XK1Cs{HHX^I!^q!hH8AJM87m-O)2%q
ztJO{<r=K02=_EajxzltvSFEblt)~c7A&eA?3rcWDlw{P<@u%nJ1@Snc$V<`kx|pH<
ztHkIAu$6{McFmK-2VWQsE;e_6iQ&_~?r^XBr3BTd^f-kOiixd~b?Hf!i(qCF<!8pn
zdtI0^$}s(Dx{Tj$yGO~ldi8~iz{!ROYO!5M0(}*Y-U0^-9vP4C9RkYd4*~SG%m>P-
zODSW{GDwko3;aIuTMKkswq~aUQ9`9|(jTTQ%y}Weyy~DfkB<n}a|~g1aiHnwTONPw
zei9}AZW~4|{SR078IZBLpju_)Fh&K2PbiT%3SF<lXu47r4lX6#jl-v)zC(SJcC;4h
zPSo`M9eZ1T?(y0OM!jdv8gs&mxQ1}1*>qZGsWP<>TxSX}hl!>^+^n}T!?CzE_t0b?
zI5eE3yn*3m-)$P6FeaFcrD>kEDvYb_FVZs4IbB$t`i6yS4F$FMhw~YuUcXdNJmgOA
z^)xVHugY=$H=)$IpFswf!*-T@beM3pjP>VTtDZ^#p4T!=j7l&j*$1ZXRXtp!Wg{Di
zg*aFQd&=+Ek58zq-m8MV>pIm?EDG+*9y-cuFGjQLT%>Q8Lzi%)|Ik4#b`2wpa+O^6
zFt{aspUBU&6m-#(;<>(*#bQ@lpmJ=23H^*UrgA9g>JPnWL$9tu=lWr$rBpVRfFc}H
z(dZhCB&Kp1*(4qYl@?^Y?%EP^QOC+wA*pYEH(K7b!Kukyy(O~0@(4LavMYNgFd8>i
zAMysfD2O|F;MV6=;HamMI56vml{#HlHd)EaGllOm<!nRLFv&_SS>N?Czfvss3~PkW
zUkitPJt9I#E?H2f&9ffCI@#S=Z>o`pp;1UgN>)`K^t=A&p@vEDExmrYii(bKb!i|(
zv|8zP{$>8F_+A1{4Clf2UqUV^(y`PT?uJ-C@M`Tt>t5VMz!sDaze_j#Ha(*3=MmNS
zJzO7Fl^A^3ZxFgEMjaE<BvJW%iv^Ozs(8%2Zz0!z9s>3iV^8A-^jTOtT9R4Q7O*g#
z3UBDbP_KI<Ua2ZhODR^uq9X5YIksoQ=8@Tkr*k&@WysI4X1!sSh9ip0;22Z7+R?1z
z5XFA{>s>324TIIiZiIKTIQ<bZO_FjjS(R?lWPsH7&ZT*f;~}eKF&1~;;NRD&tF<<{
zO!MdE8%Bk4%cup<4V-9*F#J#?z8L9^h$8u_bn2aw)x{Dd@I57PgawMynR05u#iCA1
zZmEyr78VO5|F|(uJ4N5mpG9ruU(c<#ECJMG#@CDy>(jO+*mjlZBLz=vUd+rxlio(V
z^9i#g>h){B!W~I|8+oIrM27}|$}OcXe@P(KR{k2PI~HYUQv&A=1G4i_dO918*6yzR
zJ`|a|cZ6WXKYlPwCRZcs(JTDN`jEgtarRtK#z$%a>AU6RzbW+AF$XadSE-tlKHI<F
zcvf%qxST0F&ZVjaC>X+CC*`G=1Yufk`$lxp3O5|tiaupVh7OZW$uq+Q5u34xj#bm^
zw$YR951`m&F4IIj{c-#sXIU;4trpX_^eNs9`r65IXR<U#7)WXG>l7xs7x0=s$1PcO
zW?qeh&9#HYf8n^+sQsy`*sfD`Ic(+h_>r&VGHtWBagg2=S1RtnXLwIyX4P5zGgbvF
z<W2Iw+ji{FKV^xLJ|gleg8?fAMFGnkpsyes(WBg_9VB|p02Q}c+?se()4mS;6}+cV
zm_9<Tznex=SH^I`)`C0BdN36V3oI?PQ)?k1D=pG2Vf1c-SQKiW2?|>?@`QQFfji@v
z7+;0{K!>c?r-ut!yMF!Hx928BMZ^ra$wHVQ*f$RETt~ny2U-HnfD|NfqW#AzQSIYC
z9@1eWoPd4P%s33_S3L=v9V1j$e-qxgh%iXril^N=aG2uhWrZMXdi{kUbwrvcQAlbk
zV!AB4Fv2kM#g_4)c!BkQS&jwqR}I9r`z+vbv4dw<@a`CNn{fdz<}(>^2Qx08VqM5!
zJjSg(Sud9adQ+#nwr1X)oB#J$?qfWC@Z%|^vq(xt{(C$@HXK^GeI8Ic#R{FXKP??V
z*jE&JNBM}MyT~O!8D#)^-#@1JOu%cnoEjnHP~mSbbad>nCDm)#6GU%W^mg;T^Z{Z}
z*TKs78(J|5aV1ROGZw)(O|Um{yZ%MjBgI!P5Up#8I$#mVO@f)PY6d{`L}_Lah(Sv2
zh5vos2Se0aA=FUZP4^L{y+^{YZtEq;pq<->DgTsZPN`aQY?pp3lmVE1OMFEWoQdT4
zft&5^U3MR(dr##47?tk4hyE3-`f)nlFB26EP^gkmr{snnC7070&vAP?YOyYDf}xT@
z#~2#ueKKl=uQ4OWmLx}Ew8Q$JKZF(6fg;n+Q^f2UrwjSlW(HM0N}$~ehZ!0-_V+9c
zdX$E}IHIi?e~`s(Rb1<&B0`cVDM4B?t%pi!fVw2cQ-I|jRMcY85UUlrxkVA9_h<Q%
zf!el|&3>>!$<a?l1fGu}oP3Cia2Q`KqRp#TZ2!`j^uR%t^b{Ln#LYJ!Fo?Uuwc{>a
z#x9FJ^0dE4HXAl8LPoWt*%1DfXic?lDm@weCH$8fkATq7^YY<Mu^w7~evoJsnvd+z
zRggFT1Ikrlr!~u@9QnHyiN6MBM1_PgW=3Z2XqNA+4AL}YD~p(AoR;iK6B8B?lk5x%
zJ4UNj2s0gSs*f|_uzP=J;KJ<LMZ2#O!;z&)9N&kPJHt4Wj%9f`PZ}XjT#xkTw;1Hv
zMTvFMgc7Vuv=Mah3HpfjIw~<4yKUCT8#NEUbp(e0=D}7Un@aE>_bh-c@;t?{+RBs5
z-vM-@T8Somo6+2pSJ&4IKO_31PZ(dZ9h}B)^s-B*BNbSnlH((EQ>dgxwEI_NenGF1
z=1(?<aeOUVMSJ@%eO&!cfcguV_{Hf~+s)(vuQD|JGa4u%Z+<g)JZDYoeN|yE^vbNs
zq<pC59D+mYgQEBZ(;@QR_7H{(NS_HHOZ=Jl71M)rhXP830$MKLE35N~(Abq((%$sK
zvVWW#RuT)1*8jt4I|El?#86CG+!>z?;GXH`7mE0|<w~as7sQxS;D&}J3#-|+_a9t#
z#AGt<+}i1cHbBZPqiau7E2$t2;ku9}_R;<zGtf??$yc((!2CPDkLYq|aF_BW-wfhQ
zfo-eyYxC>7@0(MJiRI7FEynlSbC6+pVPFdj%Kbi>7NhiC6^R`|&A;0MyGhoQ!>gqO
z<#-^A01>Ya+ds1c_WNSK5HOwmz=SY*pOF%yf`b*EJe)er2p1dih+x^}?`i`V^3e<T
zhn`*f5NSlzHXkZ>mR}D~CWS_++)(14dzPt)=xV%)ex+P7Mdn}k5=FtBc^MY<)qxj>
zfDG<xC+hHYG$#;os_%ofx@w?{UEcVd83U=(+uVv;*g!iV>_49~bmkM11O?Sf@!_dF
z@rsy8pP8FG+?WZ}qVjEkc*USJ(>Y=u^~EVeHPxyP5=@H9MvSNGYgv%P5lGLWp%w?_
z#S?O4JUtZqrsUEsfSZ>2A&bq%Y`7GSXhm&S$}cXiz`I}!3Vej;kPq#usH6z%rfK$Z
z^S1j}A8pX>w6~Z3^W5fijR0%hN_ViPe89}X3NC1D%hwkDD};YY*Qkq!+o!V*v;k=x
zgU{3kvYC_K=Hs+h@}xDv@v=@i)EyPwa_Y8(_r9SY(guUY+qD@r3-3;7%50W_-!SZ1
z+pXinWz<z@FUW_JIxUHJD@!XGu5L$ui?ERjBTSZ$>Y#l?SH>O*AcZrwW@^Ak+4~e4
zzQQU>Qm~m~Y%XQ!w<75U=^yt&#Y!7WaSoRZFMaCB3K<1~&R=waG|Al!Kl1=YpGuQG
zq2zR;`5&iq%hXiSx*Lf65t&5fdbLg25bZH7HXW&@UPgCItc-8HT1M#B`13k38GO!`
z4P=%5yHNhemrLD<&TblBP&P)En$Pn?fD=P8cW3Ewr71uKVf6hnzmSK9y$-s=nOk@X
zKEw1VBFF<xX$C>KL&D0@6v1~)pVbIk3FRo8w2g*TFnu?t&bJ~MNn3dN>WNbtKLF(K
zJ5mvlKe)u{?msW1+V1bqF6LO-j>AUJ&?~LyhGG@0T;^MrIqCFX3q8`Vj-q52==P!X
zP9sceF$u1W@m)|GNzurXmafA>&&jy-NXbCkn932WlTO2MMI0sAaewuV{E#nOaAcy9
zqeU1^^N*6ncA};NU^yqCeHixA(ctg%D#Lp)=wkMKiCjg>)Mw74i;s}6kCx&(rX8e0
zrPSL%x?o`WaQc!V`Rp<!RM>RDuRu;XBN^eEmBQao|5G0yrOohTC3)MtlozE;$qlpP
zzZjNP1Rihcn+pl$&!cm_9+PVl&*hjcENq^}dU9EGVbFz1-_JqLXQT{iD)MhJV%S<#
za8p326Kx;j*YTaMGz@2SW(Ubysp|KdnXd@XIPdPnJ9!EN)L!|dP$H0BF)Hk8vYk+(
ziTw;%jVl@q8iLi5zBh@9!$kcN5%~krmmygi7yaPE&Q|0=z3Cc1WJjea;Y*015#rPl
zdYVa&E-Cf(0f@j>4vhe|L+C$-<(&ai^qsi&`!eGw9AR}^XDO$iTKuiMkyDjeg7wf)
zT4j2h%>eJX>lS`UTs69Dn$j5na%k2ikEO4c4e`D3*xLf7CMKGAmz$ywWo}QWC>fHk
z_;(rp=Q3>b<|0J*GmdE7822t~mEgeMEM8O6<C5>nJRt95ZjHDn_+8Ero;d*_anan_
zDbkWka%pOY$PW=k$b*uc5Q9|{`SKBo$3i@iblB*C;q&NwCZZU3|CL;}ZHEdn-q$)E
z;&IIPzsdp4TZKyXLM$*|l-?3Bcx2rv*Y`IYy=ae19%2*--er0MLP$&={liuwT6T%|
z5~qj>PQ=S)8DcHK5POu8;axxRUHC02Omr9gzhhek#n{0+^n(E>pQ6Q*W)3uaromVc
zD^wXncpKrt$w<in1DG4G81_L~`R0q}FC5VI3tIsVQX$Yu?O5G_C`*zL5$BsU+C8BS
zmUEUg@isG+Fc#7OUkf1K%5e)`MU9W^L5A^_{K%s|WWMam*y)1ZS=okSuS(!bvJ#nS
z^;o}QD^+47yN9>w{_TCUgd6!o1&xky9M!di;=%b7;m=BAs6BmQl#H6~`|DaMW^sD$
zo5Mxn3F(8iUSl!2LI0QaDtPNlc_Mm5sk`GSDoA+tyNbqkC(s9Qav7=gm~$DbjKAtQ
zuZmiUCZYy*xtMvWaQ&(z^<yj)k9$)&&~Q&A#K;#h-!L7gGEfqkco9BXnzsFq2%wNX
z=dC$wt)E;%$!sV7v7+(7HJF(_6?*&9bv6_9G&bns%D~*@-{pqD2(LLGCRq|8$l@kT
zH~ms4KS6buF!XR(7%!36je&6yJ>~pX;fU5q@xj{I>Fpoec3cIF*qS{$3UO&<Iou$9
zL4ci*Y{Nj(GlatxSRR0c=aVI0=#=>RFKn9OODm~siD78<1V+kW9&-ULt8xn2t}|Uv
zBplEoX}R&wuR+lNIj`pZdMD>T3TRD4sUEWh*&@e7CA!T0unA<Li=>o}>1%v#_@|VC
z-<kcp(uq{}1-`(?wajKAY!;T=naEp>lSm)uyuF@zgviWL;Uh2>{73R{^K!3e?c7S3
zkwn;i-%X^kocjISw>vgYKP}-pG0PldW9~eh3-VzeLEfv-Yg<CgELuzi2{X$f2;q{_
z);|M7e@S@D!GW7%IsLU|K^g&u>tm`@9Z?Zxr%Q7=X$A!Ba&rS<73H=cvBP!fc~;&i
z>uW6V3)jwK<HGmsP)Zc7o>X3FX6%o><?bab33Caoo0kTD6V+DC;kEM}hk`H7=YtRk
z;ve?<{au)M5@kYri^$vlRJTbh`(AecCgLne`?Fn4=ME!v5yj6_Un6q2VjS(|&@Lxh
z%tef;QI9-QzC+hId2S~OR*g(3&Vhm<90B%cTbi}vo1Bli#&)2*M7+7;T!IRGgf+nG
zBlq8C>%PR_hlO%E$+$bO`9ZS>PXQ8|8u->3Jac4Rvv5>gdy?a|5*;FkBz7ooz$uiw
z#&&Sp#7lP7%YG;SQ!JY1mzpiL=~TabvGVVwVd<qf2i@C@@(5)#=E@<`zbrT|Thd-@
z>ZIXdI;1v!jiRInk~(!y%n~jJClF)g6HmlVs|xkaglfVO6#1>whOGWq*>MV<l(Fl4
zE9VC}+e=}`+3%>flfM;WZv9J9Sc5VXk%V_Hbi)y)qz&(CuLjjMZucdeu8ol6{hHE3
z)7V|2q{hM*J<@)vv|a3ihmrjNeK8-RrSC7OEV_7O&#WwpWR2F@7&A7r0|~OPx!p@4
zIC)oIm^w8>UH=SVsQc4U!gFyY_c6nYtlDatLQZlSVqxjVVfX(Tqb}ddE_YiS{3tVF
zu}btSiC^h}2^kwVW4oX!(lDTzX`Rt=lQZU`lgYPy4(~piWFde;_mkRi{@&j|ZkR_~
z8eQ?YPZc+Wfz2;S-A-d28`u5@v>RJ67V7S7Bybx1@S;qZ-)V}mWcT^Wgbob;8uHzn
z>5?RjnKJRJ8k}|1#+b`POC}psU5w);!3~yZ;fZTD{N)@4?tmQtm|T?sH&P{iTb#=&
z*ffekCRS4BD7}NoJ7b1oBpEg1|8n_BYYj<$AoQfj9~qDFM>r4M`pN^wwyb*cE!qS#
z4|ze1GsYWMOi=SRfg9GAl8)gbIC6<P?bOB(Vp_iejkO`gLT+O*=9MaUM~&>#y32~i
z_wN-{@9$6YJ(W!XgeJ`YjeF=cTB`kjG+kvtR8iB0Wd%f11gRyZ!Jt{XRV0+|?yjX<
z=~ARSm+tP6mTs1mj-^A=@AAFx`+N7?d+wZ>InT^IXHIs!ySH5Ji~|d^WNv5nzgnY*
zzwF1s@#4-1f(A(PQ={V#mws2q&m5CNoLS<<8N^3e@~|lwZDSi6DCQ2?MQltl9L+>1
z@aHf<D)rFTvv#etv$I=&$o<(3QJkX6Ygd(fx-Z8KJDFMhm-udnh*O!g!<@AknSK17
zxwe_>LK(Ezy42TYU3<(=LfK;i`-@~^w?aN;ujMSq7U<6OJ?xee)}pC3{82S)fX|kg
z%wn6{2NS(j5m#wECsQ8ZH3*sfNuz%J8~v33Pe<gp14KkeYptx>zumb+m7UgDHjjj`
zy!R#Hvb#^(8RSBpLlA>=m7YsO@pGyb!-lRQO==5!EjX8Toi|E-WY>eeABmMealdY~
zjHr5nRO$klvJ;w3%jpN}G-RaiJShI*-@U`{A3QyVzsKUeHyn7<82O`+;JUtqgxvf0
zw)?jxzGjMK<+J63oorN;Y^*r3%t2Mgq5Ru!=4Q&o&)IOm?uvI+rsU%kx!(P<*_@fH
zP9RX_J}A$MnS_Cton$_lWOygjbz{6QG)7losa#G5FQ`UupY9!dn92R)Bx^XcaGj+i
zs-Hzsrq0Avp5HsDkE}A`b#_f{R8)~G(;E*oWN29)`Uv%yv(xxaj?YAWtZ$>+pKoP!
z%^hYOzZkRu4e0gIxIaz*ZPHAk*(`638@E2VAW|~*S{W=xJw{pV<RkB485AwnsZOK9
z+pSXjCE(=8<bKDV5aE}JE1}B)>K~%|g#HmX<m<H8S^Hb2(5J&6oVecVesLOqLhD4h
zdvK7%z~X$i70KWqW%F`nF6@}@&I-I>?6Q+*WAZ73x1RvVNllf<g{F(}PG{bmsZnII
z!s?&Fo3jI-rLXVjK;RifuWG(sjo65$NHvk9vQ(q!Cou1ki&yyUMMq-&uxmkh**yZ6
zhTWV-xl#~>tb*3u_%$&IX&7yDv+o`kuoQJchc?g<x-VYx)+od!*|1o+|LuGV9;B|g
zCs&JS_ne7hXrf|zRujg08}KaGPB7X2gfABfi$@He8L*EC%%NkOw~J-ksBYiwE|GD%
zS~WZE?JBEIs~7@FTnstlQMo>KMCVlPN(f{EIHEFBpH}*`>cGeNw>dFV9$)Xd=KYW?
zG9jxc!f|hTTgJId;^?7;Q>7m(eTHrf3P`stm7Fv2pHmuXc}i!Mo5}^ak@a1x@T4v{
zKlo+GjMdmXl*GBU1g#_mMu{q7Lf$l+l)Mi;m#qKx*ZY&#tZ%-J52OdpdEJn(FGZQv
zjO~pb<FYTmE0*;Tdqs~ePs9Ok<^PD;+1!wuR$}0^kVOkG-*h}iS~MBD2JNRXbv!{l
z-?(HQ9ZqDMH9uXdH`L9!`St-SB+4Y#if^7bo%Jvx05leex|YxyQ&jmtmD}u;{)hi1
zuhk8)!O_@gVM4)deT|U7zqaE^Qg+g6C+K*f_D}6Mow|;M25MQv%d@g%6je+6N7lH*
zMkxrQl98)nzqucnHB)=386vIY`)L|Nr{vju@L(~eoFeJx*FblRiSbUdb$)t!Y-?Ys
z)rDjPmGAMt%3YG>fu}(%gKNpLD_k8EZ(O<BdoP8nGSck@DyrLOz`On^bU?!li6K|v
z9f~JbYSB~cH1|%n;bqbjXLP<AoUOM<E6->&MfH6#k4Ntn82mHpyy$KXf?N}PLd+y`
z1E~c@_wy1{#}Q_s6Q<51Al=%JC{N<42+S*|X{^&t7ac0Quh%(8LD}uA0YT8gKkgH2
z%ioa-nVuqHL?oBNqSp#q^L+xP^;wj6H$S4u+21?k+nluMM%|u|m;@i;nS3HsVcgfC
zIIe3qwQ-UMnvG1IDpWU`@9Denx(}p{@6<Y<+;BAS<Ln6i$k!g#cU&lW%~;@BHSHV<
zH={CIsPvPp74U8Gik~ge_f0iB@w(=NFJ<++^qI)vig<*gEq|;*Q3vqtg=#Q$vhXJl
zL-z=XvuE1L`uc{W^gl`}s=hScgm%wZ^7CcNwq*4i&XH9VP`mi5h50f}Hql#m<@;xv
z@7#fFmOk}9Ud9&b!<1CBu4hCpb5iNeu2&g99R{MJUaU1gU2KjcSS*!BQSIaYcj_Vc
z#_tZD2|55B(rt{`+PC^dZd03{T5@{Su9bd${&siFR_;6+5?-@7AnUp}Bcgp^YM=YS
zw~91294o=--pfV0pIqAuX|=m<ol)MWxGvAe?gx*CpHVUX%}wgS178NA*hy8(y1u$v
zJ-FO^xUun?HLy4w7H|c64cyWX2jAL6sr7o@@z|6ZW7d!Xy|+|(MOgG~z~%@!-~8=1
ztQ*E+f3)SxY3$Mw3|08_aP*)WIqHI?hi2aMKYsNrwbC|2pkgINzC>qAlxUrI@h+jN
zfM-R%+s(++@IaYaLg0xWb>ttHK;V3D&nq~dAx6i}k~8b{EmV}~`(_pa(1nYutDg$<
z4%fdVj5F?yG^{UavAtOE3pWWc6rJ~Vk*XCqe#XaTaTuTs+hJd}3eh~sxp9@q6KWE;
zm{Wu1_u!@Z3QD_CyK2bl6$`%(CEswMQJCF#2`II_BG{B@$%YW41yVDQh~Y1hC)Xr(
zDS?3IksZqC#;6Nk9vT9IpI5PfHepIxy`rD}L`C&&Jyq^wq@<qpe8s>#hyWfn5<`QE
z&nF0S{)sp}R=A!fEFix`hAy-Zz6jO)ic%sUPDZX$iUXiqfkI2QZNcKb7$uwJ`pqZb
zrY#y#GH>D}GtZh!^P`m$isZ`$zFeFniqN7IpUI$nr@%a*@{bOC6Q-f*)c#MCt}mV%
zrFim3kTkc|R}>qRiZYmk#n~?0G66rY_%+ZlZQ6$XXGtk$gj|BWPI1-H&1GxVy1WWH
zt_dB`Q-~T}G}91MP+jXHGOf5C0_$18@3}??WN6nR_5z;|6;w0rd~r*ladB(JXbu&u
zdI3BzPai~x&qoHjAmL0>^*Puz#|gqfh5(-&<>wE<q##CJw!EoOm{T~U>eV$cHxp5>
zV|%Hd7SGLBq~!oMPi<2=p>6upszq_E8XaGx$!y?KG(*dz&`eM;+Vl^e)ro3{B%aZm
zp;X;Y=%69R=L3T>@`XK9$5HKuB=r3R$)f<_b(51!7rz7vDb1JW^ZFmm5lO>%3{W>Q
zfG_ev!5kM|4Z+k-fu`w5q$sGJV`tLwkW$ui0#g@|2m*_)Dq>C{Q{|!2Ys9T-5+5Xt
z&H$NPPi7llNchzym(51=dE=K*4KkgCKI)kR+UkiYHMPA+g&K|Gvr$L=GON#uFRH|W
zes9VJ?-YN+=tQ;TW^Gwcf8kbMJ2&^ht`-2YL=@>46#qbg%Dh*9z_Fi_%w{R{K9**3
z1z4&x@~If~$2G(-Dr%cPH_fZggG?EsWejHrI<f#CApcD;{TbL1^HcMskW7ILb<Xfd
zRv!{YAwTQSfUGp9<_avo5fmWHuWGFJ%-LDlup-}(mB_EBkPwwT0jcFvYRTCJG$y<W
zoHuSs;$#|@L{Wt&A;UDMas0`m2c!SBU7tIeAZ3=4u{ZDO0g<$WaR>Z5gb5N8Z$?D(
zNmuqo489LXRKh~mvP81fGk#S-FDzJp)-(bE?!~;NM>Uaf#P!hLjLB$NGvYVtPX<6M
zCx59*rR@cY4!g$hCW;(vaFSOHuRY7xpOv%qRnt{ZTUiTI7S)f&98;al@cezaqjB#u
zJ8_^Y0CiPx3TK{^0g5()_^R7n4eNy$GWw16EK~n}`FY+Bp)HqLhz18a7bHkfPi-C?
zwsL#Pat2IWSajzs_)1ZG9(g-b&g%tn)!_Tyh~{aeUM8D3-G&dty=CBZT8-nCPtjNA
z<PkA_?$DAE2m4;7<Y3W0?7yF?Lm~ehPKjJ!?74Jwni@S6HN)8Hpo`-Kvsrf5b03`v
z5xt-FUC3s03&y_VXZm9zZnen-8tx|v_Zxua`ep`epu?`m&g4GRH@6M`+gtb48jZOE
zies&;yvu}HvMEz-^#I+zzCQ|Qi~h25MD^q1;LbBj{D6C&1ZG#6;;JCFa>8s+H%ASu
zHQ7{R!Jq>{!|cki9=3Vz=3NE%q9wG{?@S3^-qO?WHb~Y;a38&HsL@AeP2cnc5%e7x
zGm}{`LO{^4bBxW#8EUuRERtH6Y}=1(+)QyS4bT5Uu01*1Qv>fio3nJSSUR*>zI;&u
zwMjsk`u7I&e10$S;dIvBc)z#gOVXuH<I<BV#$;YmTX{4wDrbed$)p(OoAt#AJ>DnJ
zDW3suz=$Stn+xARsq!vvIC0=Sp|;s_tSrG~KU<FhV-_?ou=WzK+A|wp0sE^J2cS%H
zwmMVD4$KIo{&lAjVI7qWBh1~j8rM%3VH+AXNWO03VcV;<My{36B-)IExl9Hqk5ad^
z#CO)f4vf|cz2p5RZoBr~!vhZDFG(MLHDY!Pev=T%31kwa#XMEe4yV&HcDbR!N;iE}
zy5BIV(x}i5iHRkR$b?O*R_mEhYX>xG-!F-<=YL(=u7e{Y7>OIIT{s@P>TXzQc5uW1
zOQ69CwM>2PA6{wASl7mvL1NWa)t3<_X{G(ZhrEF^QV6t7E#w>shf8nYwTyaGUHSiL
zj;vgFI+$2@?*qnf^YN`S<H)S~3*(GOZ-@Da4asd73Yz*Z&170;n!cnvJNvzzI!sgC
z-H&q}i-`3q)>bW5Wg1Nf9LYRqW`7wsrq@XCk=<3B5ocT}*4*hUz38^SKQMhVUcLS0
zgC_Xm&n?sm86M8$tD5e=Lgpc*B7jgY>?EdEUtlioB@-^l{Pw08EZfNQ4z`KihQ;|<
zK&99(|NR~*i_0bwSYqW7SlrA?L+0PUA#^Mu2F6ZX;{D8Lz+_u`ZFnb9NPdxFHt*s)
z7H*~BQ#4RMntRQ>9@{%foF1EoC8{^wv^_+G_TdmBZN_+RIe=ZPG-N7~r4WGvN&lea
zB>*8EuFNsF9CX$7@qO3|-GAs_FGtF6XX`3b1*`5DU!7$^T4ktx-LSH)fc;NCk{nM;
zgcNihAipop37wEb?--VGw^|?aGP|8zQo5cZYP<UVn()lr6N8+m%IXy*k!=wn5svD%
zWXF1?i?qIlocg!&Zhl*PxL2MzpV2ngrjrPbnRM){KV)N6&$<E)cGm7Nm2yY`dzelw
z`0aq-fV)q&>#lToc+e#F?}-if(ircpwc#Muv2<@jkjtv(H(*Z1$>ecMcpxJy_y>7G
z3y*r5^Rr4w9{;PP>6MhyPjGAYEwGNyH-)+uU7!i7Hy3ew)fiU-o+`Z2COjE}?ayoF
z1R=UXQXHPMYQQ|V0;g9qNfTCfg0GA@ZK)KQCnhCfFKM-m?|+^L5)&n5paAwm=ock3
zL*{>QlMXBS<jXR;YX*aVCW8(lTW3hT^!^@{9(>Q7viNi>_0rDxTMOr9*)QCgl>~65
z%A?y3D-GaKA@x@<QtMID52@(Jytzi`?_6;eILi6z@IY5ff2y=*PG^NS&PdROa2+^;
zhY8tQN4v|z!@l;(0LuC|aXs`x+Ao;aar?EB%OR`^dakqEwoG!T?6Kh0^!pbV6v{Pk
zxZvWvRWqar^QkrM<{Wfk_Vr--v+oZ`OK9O~UI{L!-V(Mv`5m%A3BUW1W<7luJJegJ
zWyt+}_({zbWuNPH(~QPVMXFOPi#3rZ<elgTpGW`-lxInF&CuGjBi3G-GSZ1(*PkYl
z{xmCN?sx7$G)azoI<RD%J4+vCLgYTi@_gL<@<&X+5FgN2B1`NSd9N}1t=t@WNYjdx
ze1slKD`y|P+g=kbx2D$M!+){NA^bBO<nL-O%nWMw)6BDusy#_#vXdY8<7yqnB1^iM
zB`4RuPtHH4xpBmPlJ<^4$3NQ+^Fp^tk$;u4lV?XpwDHq-t$DtMd3;LwWhsmP@#+y8
zh!}x!sVhSLV6Nz{)wcs-*or=R>kOW`+IYV?f|B>wm*iv<As8s5tciA2dPk02R!)`H
z>cjta$K&`hhq(9ZKR6!*#z*n&_EaZRxK}n`1xI*<BhZ`k(VB<yZBxFX<OMv=vf{I1
z?jUW9j*fyUo)Y`Y6Fh+!tyW}3Nv_eLms=4VO7jbA-3O&V7{hu9%SMYf{lYkr=AX}6
z7y<0R{R_vhZx+*kH=@q!T`%@>g7zNUq)Fs`@vwq~-W1F2+x%bDw=WB=q}w2KRgBJO
z*0o)qK&1zBht9U*!}yjK4gi2yI4-z6#1y>9wUT&g)XNb~?X;A}J9~TmZZzDHFwFNi
zoD$o)Lu-KfPtCH$t;KRprDZ#1oD{Px9pJ0USl-rA_=gM6r>wQ)Ae3&VnHH9I;}1HH
z{|wA@B$~8V4H*oiuh?|cd)A|?nvrw3<ah2(HC`xQ8qtougS~&YYf(+iA#x&^#*Ebe
zV5`%cEJ$*zcw@ErZXcFub}}Q9w<oJ=)>4b@Ea?VU#??{^RQ~|%k}UIVOv)Gd)Zy=9
zh{B!K^SNuH7fNxR%;wSVxh8t8Mat*aO7jsHgwV>(I{v&j)>^kvXWC!5u@l9NTukFU
zz!U1SKxFuHqM0x2USztfK%n9^c6aL6&cC%na9jp<q`TfTd83Ga`r@QFQ}1eWz{Wm1
z53P;9Nf0P$FXdM+Wfm@xw@M}>x+es^JolCp&Ngvwz$GW~5W-_@G*O#cx;`lgWbM|;
zg*E=@n;oZ|M(|XvKb_`VX>xduRy^6jAoUG500l|NlMs<%E=ETlO?pp@PWMA@R>aP!
z`p@exh(#?9@TJ_6MOg1v$H;cf+lTQ)-&odcmQcV5=~JG3E203^Ft^V|MBMQ0WeIgn
zPz_Rvyc#Ew8F2p<SA2K$?B}?;YS@Gt|2Sh^WMn|Rpl+SF_=VcMpY9_b-W&VKw7yHw
zz}sa1wY_}TLpr&+PIhI}X>4Tn(h;L&TsWgHg^J{M6-O0gXp&dxV}%(o=n|W$%8Cgj
zm}2SfBabM!KC(RbD65_uoKCDue%&|6RpyGwc+h67+JePdE7-r|Id>o47(ra~zqFr1
z1-u@#=J}wT2bjZyl(AYYw&-rAzsA}pST3$yPD>AAArizP;7FJX+fcg_lxxTV+A;MV
z#lsV@f9k6NuZBrs-?2-rM*4tPb_G(XQVlqj9c4h`2e5|jwkaHmzstBEQKT?VE0#!s
zBC!G#ZEsth({lR9LQw4u@3jB)H9CbPDp0`g2^sOoDi`*VpN?q5?3v5(O5?F(oOx%m
z1vWOGbt;Rc+P;2j_-pnFFx#e@7lZDWU~?ys<H&?DSFA_yMfj%fm4Z&UgwVf2W0@lf
z9(VhA`1YkofBG^!n1$q2=qcbZ82ur5rF0-`bMxsDp?l2ND+6k#(iJnYHy=!bc=j+q
z7II8x&X|$*9<<36KjsV8&O>fHaYYl{G2P@JU1Xsa%4oSDXlOvk?Ec;G2$eZga1c4$
z8{OQ-Cz~=&D~Ouu^SaAiwB@?*^<()%(b2^llVqbdh%BW>dYPD_AV4>!HNl&OBp{Ek
zQQwo$6c&3N$|Q8se?-+MzaCgntkY7uq~0qrAG%h|si&>XdRv>TSpj9YFjqcHz!V&>
zL_csANIeL<%6T=5ld^V~YB#WXEn=pu7iCSn^?=k29qq&qhryndF5Ceq!j|gi;V(>M
zR*rY~S0hY!r#fE08D{BCL45(`LpD;xgj{1Xd@vu4(qLoc&YNn{s*jJMap9Jz0ZWjm
zG&w%D@XjmVBlBPWcrZkd4k`Jknb*5yJt-%sc9BH{EN520vismbp4XwEF6%>eivDsn
zEe~(ReBUEa4f>Eh(boM<Gn1;ln6_l($X=odM*Vgu!+}3fEIm!QjNqe5^rSU3^Xt-U
z#0)niif0zsu7^vboBn-8k<0v84_fc;t4nvkb`c(mx8-gPeLsM<%(sRi+-vh^mIA9p
z-f7`E_q+(GM${~6>!WuDgi-8j@t~e7A^xV1UX6WR+r>3eQr6$nqt?JBdAX}#MGrsI
zAnooY_ukz>joZdT@@V^u%nug3*l8|FpDTss<Yz<o<cfs$o&$ZtpDK2s0ky8owvksd
z=Q3eiA$l0L7_dthYlNY>Y*q`-3NDJB%-g#~N(@Uh;O`cqblF%K5`HsZqkbSYMn)}+
z%@Sshapm>p5&4U#cH6EnpA?3`b`4+$;VKsToYG25Eg%a&OXu{!d(*zV&F}E$N;5Or
zOq#KBt2qj>@3f{6J4cCQISfG0LU*+6zZg=YbqqUWy&22H-KaC^r^EM#?*m2OA$e16
zLYwMM=i{5Q)AfL5J0s%AL_-z#V-TJ+-hE3ZMn~9fp`l;(gX-tt)+|aJb_NCcSeS1q
zsANQsK=Q_vj@qm-=_J-!gE9yfJdbLetqH`m`R0qb*!gPKT@$YX88<JG*RqF;!bA>R
zMr}u{S*y4<ptD!Akfwxm*%-NI(_os+s?8#Sm0E~?zUUJ9N%Us$^fjH|`{hqyVe^ri
zg~Wq8crZDpL0roCrOlE>@$LlGdfRY;#`hZQOIHb<mw2<Yc%n6^6F^MhCoM^I8HI8r
z)*+AKeArA@b=i7euG>rAad)`wa#UNW9Mrz(b(3!0{toumr%2gGF;VX^B7Zg(le>#K
z76N4Mmeqtr(2#4bc0o%ni7LmOC^hpY+h%1vj-L+n&4y0K%woGoB4FlUdAhU$q1}5^
znco$E(b0)=rrT^Y^Gk1cX=R)~=~SK6GnA4M@gl9~HiQxf8ewq!;`!AuruuVF;_Gyw
zf>u^;pZIDd15PegAH)4=4u4rh`(2cC30e9%zpNGP=F*J@%_{Ih1?J-*#8tPAFx^(=
zx2Qd_k47npk^#9=uj2Rb#Ch!c&WA_~VE;^S+!E8?M8-3&%VQebeX|K_lQDsA+gZ6D
z7B3=0tm7FHaZW0co;xgL&x)1CgTyN3gHeXj)bkX!)sPT8uO!mnc=9yAZ{bTibwt_e
zaERpHQ6$4dF0%c0(yJG98U%PqO)f$#cS&&7pSFpYI#wP6L?~KvzId~N+<CL3K0k)3
zUdP@A#giNLrbs86M?6P&V|~ogT*hrC{*MdLLyp-aAPkEA^O9Rw+!<cK=T70t=X0`u
z{HqG1<+F|(18U@s<SbpWgjK;DN#~BFy5&aTbm3>Ctb#r<zZ>Yc;Tdx_gJ2r)a-xTO
zYWB<p^Gmv0)vALUZP!$?w6iwvcFLIHO2}^prci^PIRG%sP&19}0(`PJnm!UfWa4w3
zd&fQxjVl9_YK4yUnM9vA@x8Nq-@{?4BBaHH1>@s|+Qso~_$BfmGCO8y!EPT64|%_%
z!_q&_iZpjKU5)C;EqNvDqJA3r3Y->ntVzcz%LmMGs%A~`0F9Pfi?Ct0@h*|osCkpB
zulxjf&FKfNUmB-=^+3x(>@Vt+Zp5h4&R^bJZU;{n>cnPs1k3ozRAAUCU1gS-VO+nl
zU5WDxVyl=wcSW(F!12L}7pYFmnB1-z?bwE)9O-)opnSj)s(^A^bG^78!!&j_F5uSD
z5fecs>cFBYQ_6VNf?u1Ko-szq%E|b;?mOjHag7H;p?s@NGwi;&#Y#t)61#YT9p`Dj
z%hp%Ohlfap&p02;Uk{Z1wnem3<lnjU#}RYKy`yT;?USQWKOOQ*%gIp+-n!3^sDQ5c
z1s2rN*gN=oZ$epSIea?W9jEr0&-M${$E$9y>as2oHzR|PW1bx19j`^7W!Hue=$nW?
z^_${NXaHPv()auB9f_ZK%n|ebR>O1R5O+TH^KLrOkvxUe&{1WcK`#!9O`D_Ae6Ue~
z=IlHepk*Meo`%JX8wOJbS49bQnbb~g3(I-XaVG0E1LrNe*l>6(m;+-^e=a5pc<%IL
zK@NBR(lNe{S4d=3r`)x4=-N{*7E(-}q*=Y?IbXj-NTq8u)?ZCdR~jnhON0y}-`LCU
zJC`Dtit-xCq6?IuI|pMJrRqHh9SZd{SiOiP6@I3Twe``uL02F~udA!LHNV2Z_b|t#
zTEB2yZSOaeChplvE(iM3!LRU{hN48&UU>eQQj!KR*1Rp#MH@lpnMC9rXc=}5KoQRc
z<NExmk`nKit-aUdS<eS77t2}2@5ka&nt15YUT9MVn(GCs&XcI84f5b%0pGj46Y<e~
zbxKZm|ER4K1sQbE2Z_?WBonc=X*OxAlxyY`QWV?|>DgU+lR@dmZdXVz!rcr1E)_g&
zVO*X4rI}W=u6JjM%iF?pGNbMaqL*7PTUNJHYmKutYMy`H^y&W2l~1!$c7%<7nCL=b
zx0+mg7}#_QH3G95g2nu-Bel#V)@L%dtI(HmmycZE3Ud8b^jS&mp33%VG<AlJ<E9Nh
zmE+`^5@)Ry|LMkefnMknXJ-{^;IgoATHuO{dZU?xhJE<gGF?m5b_bo%u|*FIt&67W
zcvEqmoZ6bOk|mIX#4fqceE2R98qi+9))83VS!#}5A}>Xb-UEFNs+k=OoWs6>G@C~I
z7$Xd5?quc(jiR(F2Sp<D9exU}BJUz~!37^E3%aX+hV{I*+}sZZp#!i1^y0XN6txP<
z(I(p0xWk`)?s@rc+2CwP$43x>eQvrmWGgJkd~18tu|T$~W;(^0X19g;vG#FKgxzL3
z%ZTgC?Tf{qvn6L2+bydF8VBA#|3-p%Elu)qwdPyi0kG|EbH%Nu3uK>1%Jq#E1cqu@
zYf+c-JXM7+AOj~LPf<NAwnjz>mz+VJasNV;%22q<BI8asGZ$8yAPbJ1<F5-`;!{&^
z`Tpdr@mbe3p_)%Wt$?c7(fmB(!;G-8^B8fOU3^J?`njQ`TXoXp`$Dgb(#Vo7FT#+J
zOpZaZH{vG$JQ5j;DS+Kd&)?}O4t%gYrZA-r4LJX(Me}6IyOCeyXnq_w&$Bv*BOKz|
zU#U`3(^9AGt>%+Y<7-qM%Sg6OdT?y3xJRlF<pVG)MlcCp!4ptYi8nmS3R)te_xoe1
z?o^Ww>8I6uSyo@%L5KlYPAqKE=`T6CM*7Nu_Ibh&S|lZ)Df4I{{n^ZzV}A$)vK`V6
zU>nl-AE(*0NdFnBhf#f!0yAtz(R+}6HPYcsmx9EH6Q4;m3_b?CjV_9HMs%V%{B@qb
z+&O33Fp|7{oLg6QIgbPA^dEQn=#WGbftCrZ6JDN$Uy<;d@m!vWLnfBmhOWJ->?Fm0
zIvRU1Zwi+@p1i3q<B2>z=MOWYq>y7()3e=((fP*ae+_WR(;afeqK&%qw9K=+Qq-tq
zGS%$@`*i~qnbpoTO@7VzHx~1i$EW;t(XqmbammpqQ+eD18|cP%42Q?92a)+zNsiU4
z3&GY;tbmkPr?l92`H&7rsdkI}>h707Chpd~3&guIZnB*&GEkV!u`8hv*B|fABWX7o
zgfbpr*|ArX`TcWG8ov6n?}5J4h(#n_UGnnNRpjp)w)#aV!n0DKr728@hbC4c$DS&&
zvCMC36{}b&P+FXzI06N^{blpdG~BucuGlysZ<mnn^g$N(E2)zN2B+|1+zy!LcPGq5
zsg+(`R_84&nwc&TU3=4XDQA{@ubgPFZzb)t(2uj_YVFmOAwn<dMgM5hlAM|NE>eCB
zt#Qln_A(bi)kcw$`C-2yl2piu+s!$eT<&2`y;Diu&7_mQ%LAC|`7EjbK8KTwZ^5eP
z?x?tk@z<TRv*x9do|LgE?qnIHslr*;GDJQfWf}f>V~+FO`T$%?pTDB&YC-Sgi6RX1
z?hT%W+(Oz2ir(el{e}1P!uVf>nHq+;VrDut8^ZvfT=qdRla8iCDQnOMdTruw-t<Pd
zyj{}lD&+RGPxg0i&g6%-LX)ZaPV25EF%cgu;3glVC`MIO|A;22?_oj75W7u@xcC0&
zpho6vO6qF3OpS!tACH<5mZx1>Du788EpRZ+W)U=`{j1Fp2Y|`X6c?ABCNBDaS_|3*
zFS1)c!q=spy*6cfsiHQR8`PcyfaW95Gb|S{7~l%r!2687Cz&q@ui@|-7KdJpmbe0k
z_>17{s1bK*r#aX8s@h*l9gZZxdvF7Rv$JR*UoKLhD7I$Pj2l-5Bi$XtbWPmH+ten`
zYTx!xcWfrVi{Z}3d#nKZqe@>!O6gk+LZoKYQE<P!BeP|7HvA}L3e8W)4RZNt;Nr-j
zo)*iCie;}27A_Yq3p*NUXA#58!EEnB21`x_ItOpvbtFoQ^s7!eT^q6_a6Nwrdkm~9
z(Zw8a!#cXt(v9DGyeY#^YfB(i2>F&nfLW~-mPp)Yhu?p5d6=?e^Les%Ej{WG?ldk{
zZH-na&IRnQ+~{GB`rvrm1TQj_ihT0fm#0RvrWKRp)?5h7%RYxJwAs3{`Lo|0X@frW
zkhH@%hCS?$@@>nzr25NrfCupe6KbfCq3)$^ELoBc$zmuiq@lmqf<4J0JVE3{<GLZ%
zsAtc1$$8T>_Jg^T2I?mFyD4R(N(LY2jmv01O@+!IVsb3p+@9f#el8Vs$r2@^U?(}(
z6LHMqp`O-_*&{C?JhnEy(d2VV<{~!E5o{5Ezll{`EyDI)DUV<^Jt}F3{N(yPxsHk9
z<yH6tNs`I+sUEi6Crx2ez9H%up}8u!jADC8DrvK+(5UJQw)&BpPais*@E_L?#L7`h
z0ct@V>G!_b?lR%rJ(NT^R1WEbkWmM|J1lCG=r4AbehRK4(<0?}c2YBj;-BmUs%is6
zS(ZhamVNO1&1pOBleXg6^P106dT6$(^7MKq8N2j|{lh;Glx;A!%DyrSIo(;@$v#l(
zaHRzX%7X<dJ+;C8@^g2&wP)6YN(&!tI=(Qmrg`x9K663+*^0jFSMS(uT0Jgd{nRo+
z2QLU=Rrp<l9~e5g1}^iU>(EK_xpSWwG@c|%O1oOJlGc)2zg;-2K*rGS|4c)CzqH=*
zOzG6X5a{rtRR!|RsL_3tME+Wbd)9*Qn)A4Gw(86ydH!O7Z=$M)NEB(f15EJU$PU{m
z!s`FA)rV>&J@?zz2mCYzwx+Q*1YG4=^?FyUk~NuaZT<quw}05;)&_k)mH(>d`h45=
zTb>$bAX446`+#e)0t)YhC<wg<adp-;BSV$QB9~p51pv<%w6Sb)rb8a2P;)s1yVNB!
zZjb>!<`R>ks)z+d>V2|etIcHCpj24BS!d@WV1l~!9MiZyFs<%9KIzzj(hKH!-^O-A
zQjz+<>^UU_mE-k&DPG#R->CdLv<BCqO(~!>`pJn5xQY~_r%buadRPm++`L!{S#U{c
zW$<Cc1y~_~`8`xf%Ew7jYxz#+Wuay)m5dyyIhC@8fBN=J`m*&*>7+}2sYZd-#WvL2
zeJLxpq{l!Qp>UkW1k{}$OAs<re)Zk+O(<VWM)VVY9IH+?9|vAtVcy-bJMn8a9rU$)
z+5Xek?M=ZA?H;kV3jfz8_`Z?x@k7C{stUP48Rte^%c@<xH~7_&4^P+;?h&`)5u%T*
z+iRa3|6u<koD<qr-O+jSWd2j1`wuCUac*FBc|Ty<PeuFaqN7DKbp2v==EPCWFLt0{
zpG)l&olDGnei3`GU=+ylC6a8}%2Ig&kFhy<N5k9L!~D+HYgBJxwFn?F$h#oW=@E3G
zyU@~R2YYUX_Xv|Z_EMci7nf1W{jsK!DpsSmlxIS5M;4Cx<Op&r4?8M@T)2z*G`#CS
zwchhLnD%Dyb_3X!Udj6PpAV40()@P6E$R*HyZfz4=Ys;*!0QbIj~H?4NpAq<SKCQ`
z*W)HoKgCmaO=3;8maAy|EFZ;)<3&=9WYrl2{nI7LyccZ0MM-9Nw<tg^50Aa}?76Q<
z>fECs*4xk}0=p?u+@Qw_oXGZO4n^}%KHRR{gH`kLBU$?Jf`kP!e0=1GcnxwY3T;gE
zT`UpKOn+@L-}eQXmVEOM*d<TOTEnFqHPSjQsa(QBKRm*BTUlfk?86O@4a_0_Z|Hh$
z1%CbK=JFQRH|kySyrYM3Yx1#Smso|Eh{$TEe(`R`=LO!r$+1uR8kdoK7H5Ie{Ok{I
zH(~^Cnv-ns&PBW>HVf2dzV5ByMSF}KiQ<*^v|i7#uo}KIPoM_VGi_%$4P=MriV9+B
z?Rz+_<}bX0&7_-Mq<B}>&K9myAcm@k%&&^idU{LYOwZCA@gB9rpZ2tX7BtUM2BEm-
zpL|&zR}W2tK%v|76C^7pMTREi+6>m>Q#HK+GeI*vTbR<H@o*P=%c)XmfFGltDz^S&
zW8Dxw4$@>;IU!y5(FX7M)$2g>`q(Mb>jVHV-E0)};zBf2LfTA7NF+nv9ILb5YSFh0
zFKszMuPws>iZ3&|s=tRO=J~_gz(pP;K<VKIcEd{zJw*9nYIeJvktch?Uoo4P)Y)JL
zjz<eGPx0(M|2f~em-^gW@YWu45x4YY<yRGf&G-de=HhMkJ>%U&B1v%2KY|WRdLYPE
z^~~hD758f^@3A>OYJ+w(ZA_L8>udZVvc?dl-cM;pGY)4{2n3Yf!oE)lFC68_mvB4P
z<fwAxEPUIv<;%&--56s%%;V)%s@p;A>(obrky1TMx-TYp=Y4?l2x%$quuVtZI-P*X
z!C;jUOn-&c|A2kB@i3L_Y0+byuXX_~ZypbH?#-?-=`L0MR2Ys|ec=grx_S_%jGh%J
znH~_{vER6V@vIRzdSWpf;hRFd%kr2}?I8pA%wvGAYS!gA_6v=yeT6d5A|nx4ec1O!
z<IfeEN#^UHTkG>Pf$*FMf623!;A)Z?KfDAM^dW$9LX{A;ig5ReTX>B6=ueD7C{~M6
z@$PdbNa_;-A1aDJMnV93Qh&eB-zVXhUqa7FQh~$5Cz99n>AQLHE=0I5Zh%0rUCd9O
zS3Kd2w?pL(PKo@*0+{}W9K?ky5v<}H1hgsbJoj?^2lO{`xd5(rJaK66=1J$u^efFr
zi-(^pR=-xb_7e2e1Kjz+vkx0eq~HxfG)|`+6g=xd9}#ktSUAgM8Dz4rU*1G>9q$Q{
zD@SvCuPFykcf;U;ayx(M8OlHRw%Ndg&b79v%~^W5j^X|c$nPG-{mES=!~kejpCtJx
z^f~B?<0oCPV${IHosV`9anBJ4x^wPc?ZrF3)lyP+yyD3Sm?ZltreJIHA+E2U*7iE=
zsR3Gr&KUHqUHmXRPloW@{=R;|%aSmyllIB1N;C^NBM;xYW-7`r9FS<qy?o1Way*kM
zBp>=OJsqdGnvwduTn~Q#>zd}Xgd?l%RuNkjop+!1^inmT^lc9S83afFv8H8HaM>5K
z{RvU8r{I+>!6t%0QI6be_?Yl-reKlDG5}ax5PA!a#A*Qi`JK=5ITFPwzlecgs8jy-
zqjKqACOp8Aq4Aq@fbeuG1?(nQl%H$K{X?%sgD2^q?V{0n{XH;n!Hs^GZZ8hb2TEQK
zhDkd@GhG=KYi%CqHFlM1ztmQzz5>aX*dXzDzTq8#)++ja%`n&3L33C8^@&s*5Qx^v
z@&5NF31V#b1Sz1l%l2ipm=!cx>t(Wk*r0m8<m}3=>>^d5yQyo0ckIDECv9Qi!b6Rk
z<$$T}V#0xtUrNI>a!8k@r}w|)yXkIP`KVfG@(tj^Xav?*H%;>L2o#@EnO0fMMh#Wh
z6HXIOLv!vKeBOO>&7SyEnF45pwIS#u8bQOJR`p_*uGOcw1=Lcy>NYKFVQ=I9s~bM`
zwAQZB-z?!B&K&bu)?CK-m1qL$(P14uV}}!oGVJ7(m;bGiM$OQ~TvUSF1|xm!V0#U!
zjVv~7<N!lX3*z!X>5u)G7aSWf5@^PrNNcHK5~T!8SCA4D)&J})uktGKqoT=&h8|Qq
z729;GLG<D?G|>=SDv-wLh=Fs_(&4PBy%zF$wzD2U?>M993NdE|aSAkin=W+Qzrx0K
zD|RFF)(})rdy^$5DNC?gnhy+G{+og3sdvGV?S**cSVTQ5KuYP`sv=9hye*?hsV*#v
z#XlIhVEIwc!N7;ETJj6926@$g)+SI!Pd>`K|5+{%o<F0ef5?%Qi}`FGxB7rqaL@u1
zUC9XgE9x3De*r{B9hu*a@&isY@ie@0;z!qBu6f6b2augM`{3-dM}rO&wHqkurI?)n
zL2s;zW-ehG*MtiLT(U@PLG|kOtPiz?nmNy~iYIrrq&8ua`VoZPFv)}51EavvEJho@
z6(I`MZPx}G6+(jkvWWYRtJ)hbb{DyoJtfVbQvh&A`-}pjL?vT#3m!i)pIS{nd8>^x
z7)rYZM0*3B{-VVMZq?mzRW!xsK{MAmuO?U|4A8`O9*I!AuPAoh-kBxek^cCrn<^NC
zWb>3*z=}xFgacg^P}pI8K|frqYR)`4|CZ=vY3b?%G`(jiMO65Ja3xUElc{5dZOR#>
zq~1XQ>&JgWO^rFm&^zmw?SnZ+yk=hS!40f@>%y}<Arg>Nge(;{BGA+;Qg~17WXX4{
z0(#r`f`5hp^#-XqQ@L3B#z|VH9i|yAUWx()sVYuc6~W>tPFc9$4%W_k7Q4HRT4osm
z$3-M>tg7~yJG#hnv1xhAlToHJ3Dl5_8Wrczfc~R6GYwRjh;FkK1BKA;z?QzpAq1a{
zRn)+*rC~a=RXK~>+iHL#k~ak64fu?>1|WjEWMTY@zQN1LORT<^6GmD0v)dhecSK^j
z<su-wnLnxVP+lV*WOlV?2Ks-q^BCg#3*2*-H==WttXdup9i$a~pxg3Mz+<uoyw~#t
zFaJKyzKk>Xe6q|AsAV`dkPFVsQyh_?vFGkkoeb`}bi1DT8uL^d78QJ@mkusI1Ma@7
zLj~$*Y&Ld4sbEE`*;-skQxQWwjhKt0=r06B_z1DO;XDqI>LNJ}gpT5W@{!S{`6;w$
zHHG6P%q|u%A$^zRrM7}41<Z5oD6{LQImy5Dl*)-D1h~!F)YHhgo`<>dfq}hbw0kou
z6|mjKKX2!9Ko3K~oqKoB`CeIpLG=;>7LrnmPsLYf02(e76I3D((R^wm_yY8Z@$kMO
z$IphVl1POi_mys|Wsmzv7|CDquN|%LWFx>_aItsK+K6qQ7Au9Diqqf)pp>$C1&;G$
z*1!k2a?qBA<<HCoYXt#K*{lSaP2#)pE?G?OO`YDfBoV-Pi<$r_DYt%8Yzw40*2e+X
zgro^R;I>e|J}F45zz!5d<t++2=H7zMUA^u^xl81({diL~KVL`#=I`+=%PUx1-{$1q
zmf~FcTfNjVSMlQ^Au?4sh5V`|1xStSIHC|7X*F}U+uy=nt_l<tOXPEs3FDX}MQ3;+
zBxw`&(;+9_$;D(u_1~lbNM(?dGx)Uw{0u9F1q0wZC>75{cy#V@<v>1%LkQGyE8GX8
zVy1)c4b3ZtKgVf3Q-u$f237$CAWEJvL6SPg(Z9>s@r-Z4SU^+J3aFlVV8|A2j6w14
z7SG|e`%LEvk&3OJdKybT?jVdB4AlIB3c(nldeHnb?r-jedJs-!D`o{0;ec8@fN2bA
z?uz~rtCe_DRSz5)Y28QvPr}|e5I8pjXdrLLG^5<8p{|$7<20(|0s|me{^2x$_+Heh
z3?%Smw3UC<P>ccr^LQePZ!HX}NjF-!)2wR=s-b)akYAP2f#7xFEz?XVerD}H@Id_?
zRfhF8@A6L?iZK+xD1JVCb79b&Wz)6IZ|)YdRloYMI)Enq|7qD5AR~dUt6B+vtvs(4
zYvBAy(G+zSTLlyq%T3cCFe_UrP9^$6rDj`MoqZJrfU;ft^5d-xc&B8bS;W+TgIjF1
zQ`1^lr>8Dpy3nvV^Am=IzG1L}I<?1Jx8k^WfaR!q{+;O9b9-fPhX#@jH=(dGH!EF#
z0{mcX)V-%%rJ-2RO&wEuKp~XYt*_OiEpmX8qNrSM0Hl0o8JNa9@e>U^%K{Cw1|llg
zbcs@){D(0GL4PD5zvZW!wWK}fk_=ZX2jYhRACQHgh*-|5l5U%pM8RNIsn7vrGsna<
zVSxW=wVkySjUx``)|(3eW!+IO00hBAy;<PkSDfjus{+nrPwx*Bm*qVPeB__jS1deQ
zjMm%%r)Ji4m!(?cAduI!h5WRM#`Gd7QC^`-tsP(ijKWfB4))@ODjb50(3}YC<c{B~
z`HTyIb-Ws{I891b_{UQJDhgcxN}yyIEKxtmZ$>E4wKb_?NdxFlE&8D2TW}ehycR!6
z1JP(A%<FOIw50p*PfTF*S<ky;3arJ!ZO?C$My%7)70@_K+!tG-m@P>(!c`QQ2r}d5
zx+M#ou=#k}uDzPPJcRbBwZ(7m6jXE1B_NMjiX>4kc=!+NY7;n?uR00&Z3xA0sO=}l
zXi+Il0^~MD#xx{`-w#x$#OzBy=g&7I*IRQ~Z~!%pix=g`4eDUD2@A+b4eZnkk9Z?J
zhg-;j^Q2fQDPL3!_nYYGrM@%n6I-3rRyf-7-j|vD1VUB#E_=j{4&LwQOf{7LxKWJ-
zVULa>k6tkfjRruncwp<{s-CUMIE%MHX@u(u7La-~FShW~6Tq&y7>vVpYc5p_P0`d;
zPs^`k+oK0=h3(ZweFpRtIJfW6;@$v|6&cd+3k4=>a&wLF<I<U8df`^6HawRDrW|T2
zN`w2YL*P=J|3yvhP{NGO8gLq+2B1$9X`-6&y#V3$3R1AxZD{d=tJ>WANLF^W07l}u
zjo)*i53a>55Gn>{X*EY!hzO^;e)d-dN|d5>nV7-it2o>45Ud4{Em_bzDZA|{8;oM7
zJ>rftyx<NZz*H$3YJVp|+t)RTTRwjanzm4O%I07OwM;vc1yNy+B~_{I9Hgq_0?DF9
z6t}xI{KUD=$u&or5f@2na-%Qn0|;Oa8*+Xi;G+P=7S*6bEYSL)Ez7Ss14$S=w4bYQ
zA6G7TfTVGT)E_T=SYKh$2cW0eq6j`HVvf~mWdskBU(b;E3s4-x{>%W;?IWcfLwpsc
z&+v!{X2?(%zIv(dV@<UkS3qm+#Fh0~L4aG*&MWP&Nq4gwHrp5DqelVWB}p|ZOagLt
ze)a#}n|svF_U#|nL58o>{PZ_&ms$9krTHtkalEIc0-*B?qH1!5xe#C;V5(?f)T8Se
z<Dp(ZAWKoms3HZT&QRfWZ)z}QNssCzMpxa_c~c=oXTi#V=5y6;<FWP5U~%dc7&{CB
zebE%z?-~lZk)MnD@6+%>R@U6!)W+noNHDEqQynk?$fet<KYk{JQsgmOvB3m+b!bTx
zeQ5{M^Hb%+ihqs>`fq?Kcz(tA^pS__>+c*%1^@+0+SQXe37QzWw_>}Bb3Du|+(3Au
z;?%X5isdeN1sDW#k9vdywROr*b~%0x-a=vSqGtfJmF$@md!Xp($WVnp90?qr2t=~V
z(}MrQ2m+uGK-^)EH>AK`W-z(4y#cPc;9@EnVOH$p9EB^WsZmi~9SBpF3Bzv#HfH8X
zeLh}(Gp#<$vWcx=zh+J*QQdw~Q2#e+a`bk-VU|k6h>f3)_cF@E)oxbJw@%pU(dn@1
zHmlrsFKpT}ceMU5nZWd|WBQ=gE;WmWlXI_JwRO2@_9zP7+W!}RBs4Y}{-x2zq^a+y
zUsYRlF-UZ#Qph=?p2kU?tYpOCMCve16vmx|S7>DPJ5z*8;dO@Hh~weK^~%9X8SnFb
zquce{a6OtUE-pZRYW=mG1h{SjADX-OQo)xnq4PgYbZJQjcHY-)y{468S|g`#kz1RU
zlW{(ydp1{3rRN238Eq5H8=Sf4{>KHludNfj+9-FYzW*P>aFtm7)6}Pvx^{P>As1QC
z^*mcPeXz1TVO`kQZvW8IZAajqs4ekeMwop&-6;M3g#Q1zt@S&h^D@C0j!pXssWuL%
z3TId5(Zt~?^Qqe;=Vk)fr`mu~kOJpyHugtVhHWt}A4VIg1D764SvYU(kNi52<k6GP
zR2Rj`3ookPS{tWkIndyGlyeH5;~ZXm!B&8u%clb?=^XsWp9nM6jPoGF+4&uC9t65!
z<G!jA{At8KHJQTBIsny?fuWIqU4oZGGJKZQ+cF1Nfz;>+fClP9W+?ZQOjteZ`|e^?
zo&rgNkAC3zC4#>@-y3&y+QP0Ctq5BTHKxk`3P;5Rd_HwBb{$DSGH2+rKRpYsv!D{8
zYOW{z!shV0xAGhC!E+(?f8429lSRke<>5u4^iN?@9=yOc!_Z~)&G%;I(dSvV$CusO
zme$-$SOZW|`W5>Q1ghfwYgzTQqcO3?a(uT;pAmhpZU*UpsYFkM7?V>vesJVVaw{b0
zSfSgk_?YFW&3OKP^;gBSR*=Buhr{yqXA|JH1@`r82K7$K7lLgL_o?RgQ&SE5`)5O&
z8xBIISAY53uU)$d9@=Gp@viBy5hr*XNw1{pi)L(ZzlGYwl(){lyWK~%dpQ(*yFajj
zw7I|JX>5B?H+(vF6$zkXA>oiE0{_SBUT4PBF!~L@ioAP8;gMdtt+Rw0Eba4aSJ!%J
zd1?JwG+Lf-=K~ut=R&j1#pX#gC)*XGGOvRYpCsj>{(h%J{n&VDzaH1-^r!0!p8IPL
z*hM$*nz$)D7O>|PRO0DP9|ZCctDgW@kwV<-`LxFNMyLH;wdh(YB2>>tmLM)Jhlg9m
z4~my&IR&<iyyFW=)B}4iLT^o53J0r;opfO*axy!|M16#N5h(2E3+{Az;kVq+s!3AC
z>Y08&H)uMV-MO?Tz*bLV&-6Q&1*e-=o$vf;3$BcN-^^z0sO#2_>KHh^w7z*(%n`!<
zedy1YBS$)(yDVs-PrsLH@jTjyUZiPdEO~OgH@i(Z^6&ZMcBg-9QcW`-JP%X{cDtci
zXW^LDSe4ozbTjlQ`-D7VX?a_2H`4=fY>6IEyB$^*!$de>zb|ulboCA;pESD?CeJeP
z{38ExE?>91^=+BDk$1}T{5Fs!c-?b%VzI%?bvr=W(->pOXqI@?3LkW2s#3=@8SVNY
zYTe{oy{K7}JvJ#jvFXth-}k%RH~p{P<%!%X0DQz*RkLxGzVsf7RN^{+ct}5T3lCVk
z`(la>-gJh&ayEVyAUCo9to6f}1UN6<vtI4=Sbk!wWR)01>8gY-vzoh-@>5C0kOgYd
z6omwVRix#odk297?Fre>F+;y3mhlZ8yuC?XKZp)f5VGaG?bwrKTfKb-Qp?pg`rM$r
zKjQ4_zXq}SB~46U9!v9!*|BgWo$8w1!R_TTLtKK>Ul|FReG9fd@_Ve9p_FVA94ep{
zRYxnS*F!(dVfgVD_Ln~YK5v^O(sRD)lFtqOd-tC3?eH;j8{<wrz!Z2J0RI(q!{<99
zbOW~B$sM}wf=ovwgg(=I=c;M9Ih9OE?6?cj>geb&I7j8QjX{Rh|6+6Jhc4`y`h)TC
z=ZH|DtH|J2^;QI12~2}x`GJgBj;{uA$tR@ty!fA-1<UZV0r83fjz{v|r<KyQTYr*q
z!7AKv^5x&A=kH}*>zIm2@N1bu0~|Rb*H~@-S$z8Uh1q#pBpdIbpVfZL)F6fTHv^yC
zI`4WR&`1A{A~w^-qGo&uzIgrT=?Hni#<)nRx^~&llY{-jf5W1c+U)<SA06R0=xCh1
zZ=&DZv@>@4W$YHd-YyC@IS0#azW8Zd2vitu5|~5pN4bvIn|RbXN{oUVE7Om#!uhBx
zaQv+V?mUvukOHCegRTGEB<QLJUw&VbbR;bA-MeU%I5Sq|L*1iLHA_JWs3Qca(FsIk
zG)X-fb#sW+8K1?pbAErKd^JT_UKm!S=Vbqo@{Y88S>$S=;PXwK4O?1Dl9%qj_kCcc
zl1j&-F4&_^BCcKCme#(KA%zo<_Vtg#Kcqd0-YjVpgkFRBYJ2z5%sC_RjMl={125Fm
z80rrl_AbSoX77S{<XcBx?-II+_@K_(MoLc5-&MX*`TP>!uq9-vaY(^WK)^G1#h-Z|
za#Lr<-c|;I7n0xqq^CN*9MiE=K26TQFMlX3fmZ$$6^nAh{_LgF4|(J5l5c{#9<Pua
zG(8{l4j(45nk>)drjmDBbonWx!o9YDgv6C#bBHzntK+MenOc8y1Yh!U8FdJT?S6rZ
zgrK{s=C*RNdj9pNNn2XLUPRz0CawwCm@0*6PCV?MN6vo8cq#s7nk|&J)-lwOd_!&b
zcW;#V=&Rq|k$EHEf_Vfmizg2*g}jhE&t?~WrJRZ`-#ekqJWOip?q_SFvq!u#oo3_u
zQ7*2P+B&wVG;h(@^Y(gW3}$Dy%Y9BPy?u;a3}7_oV$9IB%ePRe<~71N@2Z}bG9U_i
z)9^kBl4F#aH&Qp9@zucP3qhc-8F1?~L?G`=n&#O1cBD{v{u7m9tF#{w_TvpfvO<2#
zUvxGe7duS~Q4fMuIs1zXX=&lnV9^e`j$8i9vue5|AE_=1MzcWy{7@q?sM0%}&xJDd
zd{wPK-r{Mt*in~6CGal-fh?jU|4l%yI_H;yB$h<qKBqkf-nKDc87v=}FkY3ZpBF*$
zNR4l3FJ1+vyk>p_g|=Jp<ucRSD@^MBqEC6DO)l{BO%F@0BTjb8`>H`3vh|JGC9jCn
z?^9>IJMLC8uKF%vUBSn=n4j24(=r`5-1Dw_%*mclpLx_<*ekmyO`q&Umc5HK{bd&d
z4PEGqnI~m;WqPCT-|_PQDm&|^HlJ{d_e+7|#jUuz26rnS+^x7%+@)A?cL@?CxI=OG
z;_mM5P>S62&fGuX=I713*?DI+`#gKj=OCB?u+-MqTm+|mCiE?9VKdZa)wf+$k3y#-
z9K+>>D8~2(rB{Zz&o%ypHEpAn&;HaDRwuSrpoOMp$<X`Nx>NFlO~kI}iai_EoRz;p
zs<L<%=Mh`hrZ_+XJmH023CqV#4=LBm<0~`1xd$uD1g#sK=htR5427;5Uc2SbfL<sY
zC?K$7>)M)PaVKM9NU>GJ9)?&GqFC8+*gA8@#l>HtR-u$8v5q@bnytkZqhX@nrmjK^
z+3@8E@Myt!H*u1-^;pZvD|_WJm>n9-^>J8gvfxpvuTOs7oQ21qoam<tB52=p!aQ-H
zfXJ=4KM&`@HL%m2pSkkbQ!YR)fp+(=bAS3)JT!UVbJM0OT=j_N`D1pEva8X<uVa}r
zDaUEd2EXVU%=CP3DG~q_<%Q*gUK^}VUA*F}?F7}+JEj*KwO+lMFi-jc!*o8we9)|h
z-h$fe6U#-q0yV<t(ZQs5y+deoesRyI%(1C3sjOfnL266uSNq1FcrCsKm1=k3HQ<xQ
z9mbjE;U%H-_P`D)sOVP7D`nT~+vS5gtr?WUkz>Uk<0m4Lo5&Wo{%egax^zye>$yGI
zn-A@JF9JLk2zcRWC@6n0hQ6Op?oFkb@6zrmXtnK$ougwxl9#G*QDu1d6ZGU**=lm?
zz?)E!A!iABkC#Eav1ZR&_n?glf8ECW7BhfYv5!AH#P3c0s@)7q$Y~2=l(WWUUL)sB
zTUdAaYO&NAvkYBGwPn}GZ>@FfT9z2veTLQyB@VGicd~Q9mn<P-Y0dGy53h?NG_n<K
z3{hQjV>>Bd{r;#Bf&~<9tR8hQH@V1F?Ip;3@H6)#Y2>|YQ`#c+n)%sLjWMKBW|E8j
z!C{_<30eIcQ-dv)tIfF3ZFMj3ffDA@{b+Hb=AnJ2iTt?9w!#vu+fx3E#PBn55{Gl)
z<A{OjEF<Ss7o6f`PH1~LTay5>&%5b<_ml;!gO7p03*=@WjzeZOZI28Br^z}?sFc7W
zpL=UNiMG;IfK>s^x<6fXo3wh)BqY!v;ox^zJkHYx`x-Wiix#+;&CkS7cs12{`puJ5
zy$#b;=lkZave4AMwsIw~g>|cK5)dbdb(Sa;FWOV#?4df)$OGT1{yd>0e_!<$fVPza
zCGwz+Ib#%QK;-74)#vP^Ad~$DPP$FaaTJ@Qx@p0gavN4P&x0U=Gf8~IwmNygmfm1w
z1mEBfegY)V!Lzc>>POiM{vK+wie~y5#LKhPL-F*|EW>9gD~*QOnulNhNX+3O=({Q^
zSz^{;CamCRYSI`^t5oY4&N{b_My68AkST*Kk)vp45T@rGHxLJ2>YE1s>iSJ9kiEkM
z(szk@WvFKqlt=DAYFXf3@5z5NFT?YSSVsVLJdAz&69r!2MyvqZXI+HA1@KVnr0q5w
zO%T?8Ff3KCrjks%Q)=W;ntdwCG-TxS%jCXt>R%25X#B!YA*;mUkXJAh$X5XDP3wfw
z90;`B-W(RC?q7U?1ks^P>s_fR(;uf4@1###N_=2aL)8Xx&;`<lbqkFXU9Ct<Fx~}U
zT5?Ep_FSv%5_tgUebEM*(;1$T+OzL%H&NVV%ieg$>`9@_JOzXom_VLK_!OD!aB>6x
zmtDYU^0V31^x<}0O5RDB=P|NV7Ceoyn?HF5vywAAhbh#R1d=D*RdI7+Na@FrejZ{^
zq@ym|9OA{@R@Kenam<~@wex$cfK)_f{RhOhZ~1nS{|u1-%B_Icg48=8uG3peg=u<4
z6_Jcvk79hFvleX!5n@$@%7M`5Q_ZK@*Gn{`EKM)lolAjU<B<x&!YkP_PQvC7vKi^m
zQD?ocf^5X!UBX{6XCZnt;eV?yQk+=TBf4uVN}1j~@1wI<I9;4+i$<7>kpAS>?!GQU
zz<f~ISc7qyUd3nAH$Fv*b+7YG9Q&b>Nb1afLnp)PqpE<GCs8-2<PhHz3fWTn>Ph)#
zYc-e)^N3s$kzeH};Gc=}P&^O|DC*1J{D=lc21Blq5eVTBc8S_UCDC%M+hqnMOweFa
z%2@$KP0p8-8Y?#77X;Ystey13K+T~s?Xgm?&L_p!S<`aU+OiFxX=>NCDCu3TTc-#I
zc=+3;GAhPKM)^r7$Tz$+B<#a)tq2iwtpCvHVa7YsoN^M=CiO3)+<a*2pjQ__E};Ha
z1hL%aS1!v`pppE%%pHSG867z8u=}fT_#D2hvYG3)V*&lD!CS^ugI&l<bMR#Z9GEXI
z_o_jL7RaDVWqn5fu&eXo7r$%~-xJE(`X@e}t0d`HUxPclfE6OPu5xJJj>i$1!^c1+
z-5dg(um>MBPQ+}MmM^wiJK<#*C-fXePAv19U(<jNzT0Bj<JvNQ8!Y%}2ro#1<$)7a
zWG&9lso}Wt)GA$n7};EcL~s6J^mu)wc4T(=>Hb<Cw8#Q&r=Mq@HNah@r)bH|<Z1YC
zT5C|Z;=W0K^sB>1&^Ns0m5Yd_#}r)NB>q^5rWm~y)#Gmm!HFXj0SOaNzN%U#NMJT@
z1vMfhgJ~VhLvZ(!_xbnp=3*sEiSquiH4*z@L)$dkO0h<FXQSG`^bl-+uVk7vmK?<~
zOyj29)w(Wrg-Bx+?R6KaAXeY<TdX|I#xb&64uwcu#(hT1(YA$MXniXub2MRsQ7m#e
zP1)zDWnw6%hj4`7wM7+P;l*~^j_`0pZ49=f)5x1HMh%jmkN>VnZlDF@vh&S1Y*~UB
zn)Qiju_5ZDax$10Gjt*bUZ1#kX08ZQN{GKlNq>JD6p7z}tWEga2&&J4$#DDFX)shD
z7<O^pDd5EJ?Gz|zRT^CW4tH{qSe23e!-aT#cYB$dh+!CkUTtE5u3IS!$D_)Oy-@{$
zhbHj!X<y+tj+`*=G?<rTEu)ubeQeJ(&66wbXovIhI8r1mrISkv$88h)efD#l`FF*6
zz}|Q;W3rn|smwp1=L5Ky_AZ91-rCMWrUoX?<t#0ni0TUAF9C)li9X*jEn>FrzOYP|
zkQ-w<JTv7Jv!JcxueNg5JuJ2}PaLnH9huf5U`JqVs)@+!$?ZB$6ea9^4&b9fW20;%
z3WJA+NpV?1U1AFjpz^nGmC?K58||@UE4Fdy>ILn(^dm;WiA5xMrSyOxS$g@xR{XR<
zcJ{|p<;6%jIl{vp)oIWw4q^`c0sAm3GSzz=4=VDw)C}{h3u1Ditlx8T%*);#!^YfX
zbVIco@&Z&DD!MyLImPKwW?R8y%jq1<4}1?2u6^EnSMQ6|GDjMj>(jwA_;%Og4Ii8L
zu_9?vT~#moEcv^NBLj@-EMAX%k<u%ZiQ(FvA;O>xX};_op(#iy9p)2;S|^-+kw7MQ
z=Rb_YX8+&vEu2a)vaY1aCI2&nO~2V8;&!)ggIJkmj?$&vEET!1XGl&>Ax4x`ZZx?7
z_(qUS!F1Iq=@%75&$N%_L`64P#%C6tDxR8o_}djM#qWF%@`WN<4r*MQNHy+EVor{v
z!C>h5<B4X&2=3CXHGMW&z+1qzY=?{HC?2zS-gaRS#M@8paXEfVGuJOKNTjPzcyfjS
zV&MUht>&!zJT5j@P8?6%(1%h9QAim+w9D*=vp6F&Ck{gb^lo<V*f;*ZQcg}-xGz2R
zEkXUemG%M}Zwt?j{Dq7>!GXC}nX?iQdzGkuyt#@k*_2pt=fQn+?_L0@{tvwJLHlZJ
z(I%m+$BQ}tZ*NF}Mf0fk$S^WJ=i;U6oip!OX)@Iod#Z={y~$jY#5$pI-WTJ!La61p
zDO5p*l3OuN)Ch!<1rHUh<YzE&#Lm~TtzHFtJ9ifnS-!vktPP?`WW}S0lXlPA;K42?
z+${KQ5pvO}D4iVj^k6eSCnnmIKXdF5D!15S*N7-}KQ={F`}UXKlNVWiy%bNXtjQ9G
zske#k7i9>uuNn@fy{b((GCP!k81WN?gvs3hNhvm=WJjFIr=%WhB14a<6<1H`mmJ%>
z?($^KHhh$3JQJ%WJ+tI<S~g6Z5{orx>%baw$7+<JS^Z4bKTEjoWBILCg1zGN=ViN0
zx6n6{847~?X~p*-q*_|#U;XryQdF5k<oQ-+-s7AMMu92P?mM{m>P-s(B!<>cu!9_B
zYS^ZU>^Sv7HPm$(gLG{WtKri?s_l}HF~D~_Dq($#;^SGU)#!n&@q8GJ^%u*sx<Tms
zRN|Hj=q3|q_)N9{=A#$XDj_wVky&TUMh(Bw?Y?lxB|uo10$%#qKupn+t82LTe6CU~
zIYxH`$Jo!y_glJD`9#BnDg)weNLt)xY7!Y&B;X^hC_;;*X(^Jp`l8Pg{fdWeZed;-
zYa`oS2jhhop8fM3FPkznJ((GuPcdOS!C6r7))JfE<@TqJ-FVut-@Kzm8*mDY5V2;>
zM$M7y0>=T@N9xjSmCx5j%b2?x;Y-9EyKn|*uSYAdXI-}U7G7++#5s-D9G+@|%>v%j
zTcwyP56JB%?{LkQTE!0kr`VIxOxF@+gg8p3b>cf6giJkU+`V4>3;yI6^v*=sULIXP
zp1w#~S)c6F=cHFWj>(i8n|9S~qb0%bn2uDfBbz((OXVFJ)sX}}C+f8tW!l9pUMMTq
zcAgXIe-o61R7On9R9>N*Js%C&Y9UK&a{GyRGnMHQCD*gsf!(TkK~qK8Mz5IB_Q_G7
z)!6VSW(G>o{?3zTp7jaf^HBFMw%hI^x#i?!2opc52nbyh(zN2d7G#8SR&Rq|it*ZC
ze_-!cCOUQkdJMx?qT_JX-X)R_WLNcrU0>hitj3<di>e3SrU?@Ly8rUhaJIg&KNf_9
z{W~%3>t)OgO)@jQ#Bt`tp@fICaPr=<>}WhkM|w{~PyB9SFb&Uz@Tt4~-tI4(sc?v5
z`OIFmN?@YrWlDqh2*ephPTc?(^SU^ieAtWE;-PNW-f71J^SS?LAjq%DKlnCt^p_4U
zIR=#n;tmchTMX*X;Vdl6wWkgH>=lBAqk?lm6ml!X_1rHB4&M(1&p0Ps?r!NtB|R6s
zV2pMvx8o}Hy-Zw>pff_QUbzWOLlb$-dDv#@zgN&`@ZWLYlXGs0wBfka)<!J&tdz~`
zT8=7KN8BuYF(mXG)pK|}o7s-@14<&5V}hlfz_=6<q?N11{!!<bUAkS|61#^3a+A86
zcIZ=pqwvh8gd{M)l!^A>eIjCUT5uWel~r_9iT3nLJE>W!`WpHCVHvuY$>YJs@AXgG
zskA#Mo`ghw@4cuB{l);!nJ&89DHTHujV6j}6VjXAd*zy1v~C<tsd`BvhK18XQ8Y$w
zk~F8#5_jD||3yIkJYu5|TYYj%?(vAho=DklQ(d9p5kD+#Cuq=Wy*e&Ky0in8nxslr
zV3N<VVckuJ?rSCwhTwyJ89He5(^Uu?c?*>6P#vJ?DQJh3q?|jyuS}M;|CKWW?#BCw
zi@q!&?%E?)5b={@RB6a>BYjMdD1}6+Yo4v?I~dRgPS%ToZyf6CLxphfC?_T>tCg!(
zwRi8l{5LYYeO2)8zG&>$?UVpCMKZ^in;Qg=%vJ$hov+e=_3^LB>6ECjhF`^t#7?GD
zDN5!dKb%wObZC~@_b3&Ixo4YCSo%WrDW`IupyuQ!?`oxfUlYjoY{G(~))^BAmeI3a
zc^YIT<;>2sHcG2P$O`)qNo#1ZA;o|S0%olOYWT<PSA`aszTju_jLS*b)X%ItB1MA5
zAd(lwi0#E*e(MV9O8XMRZop|Me*X)d!3HQ<;w~UI5G2GM5L}NWPN@p1lU$rD=n+-e
zo0wHaQ&OWZM(67|@Wb4`bq@5@Lpj%Q5r9^3s0$?>8q9jFI<^(Uu6Bf#(Gii@8lk?D
zz<1wpFTlWqE4hQ7Ni2$MTEb60J!h61AWx*}L%nn`mek|I3+lwttVg_#jimElF9o(B
zQTPS2vzeptj=c8rmtaC@!jDp4?8?z1)cycpKKEAUZf`x--y%=xQ)54mGr4<ND8931
z;83O+Y70&rXb{d`GjIp$`SllF1T*(o3al8NC#acX<oV@z^3w>kT!+3f$_j;+$Fauq
zNy+UH5r-B4<c+8DrUZpx!Im?7|7ICvm=k7v$f;P+Iqd<#?W_1<G~U>h6Ul*(DiOh%
z`zhQUw$FQn;P#;b<`S%j6R!99l~q5OAMKeD-9B{*-V9Mjk>z-;f}CMD><r1VjHJ}r
zgsd38h+_9wbo(ESmNMyGN;G6)H6LcWFmtABV(EVWEaSB)vks&pX+1Jh86lc4n#-Cx
zsvC!U(|@55a<AGvDuqyIq1uU%Pd%CjN+nR$s?js*r*u-s?gRE?j1OIEiA<_pcA~_J
zoP_~3w`$wAU*bCd)uZ8XlSegD)g;J#o(cE8jKGU348lXcy^D|iAWs)-kfEw;tVG{7
zA!Q2V*RenG#O{(O-}rkl;0mkaTH^~Qk#7#9WG)7xhO?127D{BI6|4zw+QN^L0EE%~
z8o^5aP_0dQFH!wkZrxY)`Ov0il=U2SHE^dV^-f#X)7J#dE5f12aS>x@yfhFEljKuF
zrg?N>V?GN3srw2ajku>KGe&b=Uv@iOhWa#8&lVyD9$il#LFfmsMD$O?i0p?>h$aeq
zU$UH-$(hxx{*}Ispu;{;WnZL=wO1FXyI2I^$hyo6F?jd(jQ!2dNtT7BZaN*Xv0sO=
zog;In{>yq+3D4>4fZfxGwtd=&-<*g`y_sZe&=GI`XsBPeQ!%0iQ-4~T^Iz$D0g${-
zyAwuAgpOw_krd2box8Qq-x3q*Td4HRtX{oBnR6whTOd<G)DHv(D{H@lC;09$#AAh2
z-w15YNwf5IV?7Wt;|gz-B3=R$cB~n>IgE9A`C&?03Tkn%;+}CW$C3~wL)5|9`d*Pq
z$LO>ibP0y&5xpE|L|$PY-mPR(A!h7S7sjI$UN!`Crw9O0UT5>0va>db^n*BnoNV;C
zAsk*wGD;nyDuwvG+b}j{U*|JQY-@XzYZdFg-_WBK?MM*z)Xk^xFvszLX#WYyfX;&;
z=iG`sQ)!(9(UP+<BawLFZR~meHa(czUQPv!NVUh(?iG`e7V4zO;6QbJmjjr!(W3ap
zv~DN2%lth>nd1J{_Vj$JSbpXk^^5t9civCnHHB-Id;|zYAXEwbiWS<Y)VTYkl7#0W
z!Som`x>$1+p_bvCUkUOWI{Ge5uJ^?h{%-Q#dn_KZQ5e8bD0lsN*QYR^)s5(k+e3|3
z8}u6fz24=x%@j?WphP5p6uhXel@0f;s(&Ew@z_r+w@T5&VZEhLq450~GE&fmzU};Y
zO|JRZ7`xC{^PqJ(CTQiAAh49ZeY+v8fKHP_40GGc8QB>ZvnDJ$RzT3N*0b|0{+PXw
zw|&<+(yPeY;6RcBf<gXVvA8B{SHmBGyN+wdrr>Uz^y--1YB!BDofiZnt4!gH1pLyv
z+(tlOI;*lDj&wwVIpQ^b=Ndr!P?JLW=g@s2C{+ySJ*XSPrQ!`eZ%>QI<HOmQxjK)i
zoXwp)9SwAmFM}Mrzp=9_?v#*U65-X#Sa^&J{Up{rWK~^FY{>WpC`1Je)9WT!MK2bD
zFX#*a!?ltke!bdj_@*q@@IP{ux)m}jYiN~Z+F57=T=-he8vbVD2KAz9uB3*qZ<l)w
z9ELmKu+S>I%0tyi(}}5-v21(?hyVFG-hNX4gE9jvCOKPS%1(u7FzD{*2@AZ1)dtOO
z8J0tY|1e|9DjMz_buq-8%xYF*zFymm+el4tCVJSPZ>2m_dG|&PvPbP=e-|!^n6+h*
z5GmKoxwG1|h2uc-@r4yWlQWZ&VrJDcMB^zDV*zE)*s5tmFS1o04Q}V#xjxDk!R7{j
zrJ5ENzl<xcWt{lt7R!3t=tFVNJ096BQ31fk>LS6$p;0N@x+j6A6r(K6c#4qDxya@&
znfZ%{V-*!BKP6cT5T^}0I$86MZOG4}+G*413h)Vd2kvB!H2<F#z)eb&!BVU)h)60D
zNoUKwj&_$Hk!Qp`ZEQkO+*!v8Mlm-o25`@QxHAKA??J1Wn3n4B|D608ql_O}Red3%
zUn+$hjO^I(2=9LXw6zoJn)JD!V5uhGZR<+m86O$|`iw^@^zj@pZfFb+TKH_8{8WOV
zU^f(nhMY947{98oT%f+Qqft^-EpaAXEuCn$oF%(i<vaKcE6beido6oonBN8P0C84K
zs0_5{eD=v>2~mrOJLgwZmtLTpC#jZjRca?>hAlct5w1iX`L!h_aAT3~=$M-Li8JJf
z_s+Z&!^cl%QzNxJUiKbB10~)?{<Fc78nNop?XLS0z+%jVIe?@RG|w*lO$Md%*t6xH
zKrS2BWMSvFIARx|MLqlL?1a227qjQ&?9<TK!yS=;dTzm)1z51a^-iyML3!MxA!#Z$
zAvEEb`Fpde#f*x8yP$8u`?Hp>csN21l-~(-GmTM_H@c{y1{M@Ke@@X0t3*^!bPmFS
z>A~t}_SC*;sO}R^6>_hZJedUr--*2N<wDrXul9s;R<<a?|7x3d#mSwGxc&IV=zCXC
ziCmercMN}WNm5yAiQ(w)TynEo*Z_D4Fpe$!ttARmP$#MQI<s17=o(pfl9-q9B@ldk
z<KFNbGrsaWDvc9wgTaAfZj^3^rk%g4&rq>Xi?DXiKq`gGcN^1c@7mu(D-ynW*B?L@
z`$DD-qWow$1kGG_%Iuam85GlMr;shQiB=oyz9{9>ti|@*jdL>l%jtqLT0P=N*vd&R
z2^SaT=xf$Id=fH@7u*RX4n0pdCux)Y%Vf9{bZ3Y4t9xHZ14G99)@2E|q4I~r%tSQ1
z{5@Ra-p=l>P+?2pJYO->md?C5SsRbgJkAX2dLnbRJeUI*vBL~0ByxmpVa_>b3=u#L
zOFhHS#Fus*>hZFo(>HC3n5?~3?BF>%RhM@yGsujt0LJs-aM2n7>o9e04bA0uqFk1=
z@&5v9`aD?EvX^LOFJ#*xG||xUdfv*deH7@={DoL^i?RT!qePpOGK?WcC6qAFNG$t8
zKG-_i|2SvbVLWWI2mkDioo4^$G#fT{{<ErcbgGQ~%pZmmNwWt;W>;fZ4TRDXshRJQ
z1HPFVE-sSmp!iaroO*th-Y0XZzkT!#FHH<H6*Yn&QvBq9!3;dh6;KUx3qs>p?jWaj
zTG{nu!JlLJDMVYIq3X4(6yP1iw7jkFSLm6c@(z$q%o=RVeu=rPt*+18uXyTx_znME
zk)w`Zr9Zox?k8|*hk2WFhe8_^Vrn%WzRx}+7buG8M4zxs{F!~Gd7`EiHP8vF)H@?N
zz3=&p!JCpdkT!9MO{I|{Ii9Sb_3FZte-pa!bERjBPq)@Itoi~m!APA=FkPGwrz&TQ
zv_~^c*sdAHitm(!TvSt0a%)^M#wl@-Cy~Sh*;(_7>Uw9s6Ahv^$Qz~zrsOlbIP%^N
zIeS_Eg!_J05|Qo#f(oWr>U=8Fsuoo`uJk}&sJC*7T0|Q8*%XMT%2hbWHjaRP({VFS
z$R0t&qIt5GnwMY~$xrQy#pME60B5-!_|z@C1%abU(V;^>A}{m<E%|nep^wbKX|4-F
z8(_3s3wZEO#TsLhIFs>YQez0oa1PT=5$iq=r}P#VIRMid>a?fwc3g{XQ<I>&n1vgE
z_CsRi*WK#2dpm)VZH<>^p`9eNHbS{nBnyZ_e4wG5ZK^y#6xa#hI+lVRkxxik5oe=y
zImYAO7tn)-E{vg0I~FGv?Xh&?&+#fnyIvb)4!SQ)Lu;rNC<d%DI;PBdYDXR-qarJr
zpB;2SK^gV$kM~Q!jQi|~;qhRS|C=m#tXTcnY5AnY?hSd70U>=htQDVa%SvE*BZ59{
zwKA2`a~c9DskfJz)vKy{cLwuR{LvU1ZuUSz-6q{4>In`Jk`Dgm3bmb7j;2&U!JYG+
z<Lr@o(6*a+O5G<^xQI#3OKV9-vb#<}wuKJn*<TZWx?kYZQ~seY@xbe&dfhD~M;GLL
z!*N0ZELZuW_AJZ6lC1rpj!>9@3tTy&4<~W6>s<&*#E8>*02KY!7~V#-rh5WOJGkbH
zc-xN>t}sB$68ohN&8S%YJELstZbKZ&YL!Y}CP3>^E-jl9i^a8gCcj0UM|)Vf-+sJh
zGCraw3Ep8)C|%JBtib)|@`xe3s6~tf8FFrH$8epxeF_t;oA+-g8KW?|XK553UzWc`
zW>_QHR6kX#A&e5ff|b#IfB0jt_|!`TVGJJsM5O>fznU9?rHHVFu;SWkioL3Q?ZWI(
za)XJ9Nnifr^FwpjO#3*AJP-~Gi2eXQ+>_K@eAef*25wM4O?=1L3NCm#O-_<Z;OvBz
zUA-%;b?S&U6ZQFTrufT9m_V96@NJ(UR>*1`zP2Z98(e)`sZF7Zu6>;V3;f)65Q;;?
z5b^AnezDD3w{L>y?;$xc#3%glgQv*?ay(B7+X2h*$?vDEAcoJ!U+e!R{C)UX`R~;D
zEx!Hbg~>>43G;aNo}Z}i7;n<_S<~((Pj49?N4-)W_9U|c;c5EJW7WSBcH+?_Li_91
zMCG;x*KtM$LxN5GiJCHDwTyF|6Slg0F)N96oAt?3iCSxPcc&x?q=bc|%zlg}=H_^g
z!p6#~ddgFD%Ln$zO)lU_)}r4_7W~8em!Sj`B>%BUEP(pmsyT6eE7t~Ls4i*DbOQ4Z
zgPja}61bOdUGbss#FsTS+#J@7i}>_Y=@BS;xNtP_`F0eVf{`T{xAx}?Y!|93*_1W1
zGQW;GsNgTJ^mwh0uD20WwApXKiBbkV;b#QjI8o_M|Lj7zKo^*FB(050zKn!1ln$wg
z+11Ejs<e<6x^ks0IKy34Vb+bD+rjjxOJt)>ZEetV)B3esl{9h5;1q|73d;PK`Gl>-
zJcgtbgXXV(yC2=Wg^!ZeG_TUXjMFK0B{cd-$~~4^bxG!Y8X{8MP}=i6-*}?!m_D{W
z(Y9*OS4R3htraj@=4<2lGCx-OnEbU|kYQkGc>S=dMKV!-YD)^dl$CcK*%*doq19TM
zeDtZZUtQ>03&JX#KC2E9>j&#Q`{`6Ka&YfybL~^A+*40G*+#}!dMDZ;u_rH&u`WXE
zEk*E##CU>KJw~%-gwxG|<XqUVNTc``vakkDW5>9-`ol%3x)0rl3M1Tg$RWenGGjvQ
z<3fSNejtnTd4HQjyt5kJDM&fn<xnZ&`b<||=82O+R^%ZifO+6k=)LYJ5h0@%TB{vq
z*=}BXZN3XICBmKFZ&PVKK|UDc2|&Y+Y3MFFrar^HuRw2zwm%^*{jTlH#X}pMsg(KS
z&zey?XO=vM=j6o2nVxANluu(fdr@n$Jgj;s$rY^Wc@xsKmE9Rqb5r^pp6C?4NTbB!
zco>wU6^=bDKx2naY;SHB8&q?5W*7H?tlWYk9(7-ERlQKgyVuC@ZYDlF@1|&PYcc~b
zUoH}z)STA>lQ(3J>v6n4+Xk+DcBy#Xa^T<smRmDA_NA%3E*uP7?Hw*P4D5qpmqxQr
zXRP@Yr{+6CVT^hmSWMzKXJWO(>#%5O+%h37m6zca@vU4NE<@FN$CeC7kOhd(SNm1k
zJ;E_9er}{?cV0a^1VsDX=Bw&yL$jyO2yH5GpOY}+avz$bdW}^Ey4dt#Oh`%H@Ka;R
zX*Nbi02EMq3jD_zsmo@Z<=%`Od!OQj)6fmT);`mN6CYMg`<jHyc|@EzXw@lzt9xTn
zpu^NQWKTl*Jcx9rJOM&ZA2QR>Uzyg~2jZA@C#ZDn-bM@U$LH0@O_YfoYbBxu<Z9|3
zQaYd?9h0!qp`&9CT?qQF$Ow+<$6z12uoT*DDwm_#Tmx<$>)(w8&2nT{qL!wf7)UTU
zAplxa@=QU)XF*83v!pcrK}|v;LALUtAmFPG_=(G0%m`A9>ak{WyFgxny@z{8ek$b_
zDj_b<BDqv1oujgAK!;kA>*Ac?JBeXRX6zhy&}{gEB9o<SdO5ipDZ`wbsu=TS$;r9@
z7n#T2@`bPD7Iss}NurlrqC8dTB5#^DXTc9oXu+2np2`6Anb4=}PR{L1tyO&9JNOFB
zTI_ZwPT?KeO5y{K1hJ5FUrs{Q4`9ka&j`IZ(X@9&#OW==GuodPImLZ=3IwSqs-Nr;
z4wr_7GH+j-;E(h&F<Eom)2?MoALYs`t3n$wT)%uO%m?bA{uAwB^#<Nchd3+E$Qq{N
z65qloqUuPjsuS6}WCZcus7HY~%1{JSkSS{Io>S~D>p9z)UJ+;`6-NqlpbQ%(X^oCL
zA|X=0*&9**lF5Ed+w8`5vfP-IVU16fb1NLsKbLW?g;e~C3#FcRd2&OiC0W9dZabM7
z<a96_Vg#y_PLu9OZ^So<M!Kf;ikNWX>wx04p#^8Ja50v5h-iM=K@Q)hI--C|hr{{c
zO+EMujvaYte_+fB9$tF#HdOm2zWwL78~oU7;4A2W#6=Vp6)Il0u3k3HwOgyQsJ-#=
zC|>E+-R(2{mE5oXOiCHdQ#|cCMDUcPo-l8Da66lgR~I{MUW5Oo0;4h`1XR+jvpJ#N
zl&uyaUoA|t#-(b$^hbioE4=WcjrU;csT(JV=#k&*Zle(@YEOJ<6>3t_Q}lVX(lXQu
zs^W!NclJI^I$DR^FdS<0CAgd@B6ux8^SLo6qX?c<Km$69+#V4I>r{}P{i2pxDvj+)
zWRvDF{Cn8e!UW~fo)98ab`H{07s{%wr2y-%iiY-3XNFTziQKiTaqtoP<y`5fa9BlI
zLBqg17Q{&Yj-K9;l-WPxyykBH=1g_D>ltXA2v~|2gEpWt8Q{S0+Cn8eCbx;A865Mm
zp_z3IsR=-Ol)}-#9?^b*0rx1le@+R@odIn%H}X^YE$!1v($grK)n6{Ry9j&Yd75YO
z_E{FvSep^-{Aaq3zwy5rR3@^uU;@)zVn(cmJ=RLX9tIq4%1wL<FYvj}e~0)a7G|66
zn`u&F;Tq4kZ~`q%3;XS5F9x`rzZS36<J|>TwpgAzCiR{WNz{C~imo{IpVzUrX!_#H
z=qVY7nKFYw9a3JFCP{z(#Xtey<av)?7>`CJ;YD*va<KgvUS_SfEM8$`Oea2QEMhCd
z8nY!z?C|%x_(}-RHOKeS9WeBcap-5Y)6aRnRL8|vK3jR|gc5J2BZKIP*TNsjKEyYf
z5Hr&A(iWebfzYGWHz%0MLrfR8#C}Lm3KNB@h~Iy{;zp1Q7>|k@BmCRR2oP3XZ%hco
zi*+)*T9@V3BUMxgUw<NGD|zP#5bj;ElDo(E&(+ZJ^K%Es$3Ji5kz$`BPo^Cz_#@yG
zwBC2t|C%HphFeD@PD=L%Qce3JlH^+N`5c%^8VG{oW9r>(=!_u@&O;leWC<^JueT<}
zm~^T%Ge^R;14r4cX4LAaMJVJO($faS_H;{YAd!|7s4Il})XfK)QCgpe=SoBe`a2><
zK20qdvGWw)CE#}RV%U~Z!Q@;dzdb4SS34~RmW$r!&pYwB<jtED-WRMn#a5us#wXLx
z9HKr7>7ae{-#)w*69bYt-I>mk7UpKf?Jgrv3)au=0Z^X6s1GPd@h`Bt9fk#$QCL(l
zg`Ms*MsF^924x~(BEh%alHQDZI#au&_mJ~8q7NkUXMot}ZTUZont9m<pus}tJAXMv
ztCzW$3nm>$T30{*;qI4L=uP@}g)ckvyOg**#mg>;Q;U3!-HS(m8X{MTjU=9(tl=+S
z*^Xit30wZgea6mmG3>$gzN=FrxMQIA1FD?+QPr3039eK<-q1&*ZdCpH3Zs?<-dIgA
zI@zaY2=GWO4mzx6N;iZ}8H^C59w*DEH#JjQ@|_EMK5q=X@PLytf|`gM+2^wl<m<7h
zXQuy3S~uaNK!OZGH-rQw!b%gGb!Zt3QSj6><aCfDp>Y85D2&T~zR(iM%93EoEi1-w
zoyuFDI8OcDC`Sn<UdXIZvZBOjuT~Mi5zE<Zk>vhD`oMTMz`!4>E21xBR(KGTcMrNT
z$Ru}j4|1;cr)GgTczKr@6V(f49~>Id6EjnV3(n0?r)kg#Wzu}lUJ`E+@J*=>m|n&x
zMWZ+hRYeS}C}x1~X!da*={F);HMl+Og@R}di@)5!dQ+q5X(j}@jxUu*ZD=I53zs4t
za}m<!_TH<g(?_H$oi@WH^sz(m8HGn9-7Ar>h^<7p$EdBs`-v+FXC3NP0pSKGP~oH5
zByvuh&-UCBUFiw3);Mdfl-P}I`giz;T`L@s>EM5O9$#Woc}DgY`FyC@RUqP8*`!Q0
zmNf<;g3^ePxWPSG2^#Dkku;>{wNPg@FQweVmX;Sg<2K4+v}(NMMLBv<tYpqa8x$*R
z<!XHBFpY<ZN#Bl`Ms>61(X{x~XaV(1VLxOF`S3URFA_ZW82vFvGqk=TEXt%=3`+Gf
z#hBylFCRKgOC*kwIl%;G-bxJIumjpIDlKZj&9u@#QsJU?g48QITfG0MEo<bfxsw(E
z(y*{xVDV(qxf%^46l^i8fM`Sc$WSMfRY+Fydx!vzp_t*(mC@q8vBAze9HbCmOqf&#
z8uN=uYlk>qyH80C;Aw|z`u%r++c(r8X|I&u?N3b>t<I-yc|it$3I{n<!w0L1u29E#
zZ&|QHEZ2zc?BkfhZX3TgwJvc_wU}&<m5#z(5|H;;G2mLw4M|RlM1%Ie`3HIdG_gVM
zjAr~kK_8b;>Axm_*WH(*Pux}i#nYKIq7T=#WE{elllhYmE9|MSyeM9HPg_l5ijxb`
zDj0-MwX-NDDOEkh#CAgQrjM8i6^cdxplevM=fn=LQkmRFHNyc8Gvpij=+HC3RckN=
zy<>o`j?;i&0$|o_06OSmOtqq~Is4f?Gt9qBXKnNp^Z`CW4Xf~s@C$e;shzQf>7&{f
z7I&;4@iMnBDOA<1$g4N;3b>*as9=wC?WQ}8>@4=OP0(Vf)_G%j@xCqu1U^gnl8;hP
zs0_Im-nL}49({3j(`6~>s(6!3g=yx=$qw0v%QBA#4_pgf`>+lrhz#10=~Gu4-T+oM
zYeZhn|C}bHXhMLMZqIeVnG{q&e%?@-)WkX<zN^f{O9;hgkiJvyUMjnI{O~QV7_+}>
zqKFvav)Ml@FRCWbc22mW{%Q%~IHgt>kI*mEDlxLeNvFt7G_(`I<?TBGXhfl@RY#Fm
z+d10Q=Yev(@}t#Aq*15OoK&_u^CNo`i`6w1hZdoFCM87V=gzOI{@$2=dFe#O8^evq
z2xeM$G0d#`h6~Q><YoAEfah;psFJM7Epu|}Imt<{$e5e%cXLphO_icg)n=oAIC_lE
zR0fR0ckY>DR{beXi)qnj=jJU6DPQ(s-#_ST7h~a?s9uj&(%R+qhtS55`!YX<J*$du
z+|B;SSWJqbA$iYC->BTD`^m#f0#^l(l}IsJZP0?%d=A5k$8T4470u#ml4|KPMelq5
z{rd?Q++GE=5vmF5M_+5ZZ)TG_)Y1RB#B-l^Y^pIQDE@_F&0czVX}?jVGyM!CG)t5v
z2X~`4cilAWi{obdvvV?Qmr<HP%K+i?XT6x}3O|(?Q&0;*rT`=nn6wkK+p$vWKTvZ(
zX1wn_l5F(x0<W9a+~fp8c1}X^$(i1Z{a1O{JZh<4Ot&+cG)c)_s4eh-jw}GUBdFG!
z<mq>IU~q%(Y!*PWB+KZ{&wHFVulvw8x=EnRP}cQshG!MnGiIBT*f*cFzD^ry29BRC
zXQ+>3ys_cEYTL5iyt97GY#rE{$=tsz3sD#SfzjO5PQr|k<*nTgGlH147Jg(JByB}8
zLq4LZG}dii>v`Vvjgg4f;^<U#(_Io87Pe5P4|cQVcegw(1F5e{HntasA}A?3%g<?Z
zE#J!Qi07GlZQADUSu901q6swNE_sN3vk$vQp~vA%S)lW0so*%JT3i<o3d(NnKeneN
zcbk*0)Uk#yua8m=O2cUOXbX!!xY`_jeW+LEoB6pAk!Wo;CqzE#V=O~J!8bw6a8UMV
zN*!K6hDLF=rE8s@5CP!@F3`@r)fh2zGy`iyU(}i+*NZ)dgOLfSdh3nhoOqXGZue<?
zGhmzt^&hnO5t?Xy`M3NRZbMG1?ca9eYPy73l~yme=fsJMM4Dn$>qI&W`Ru~@tFh6C
zySJV@ze*t+z1Gt1<}Wb6C|Bl`;ITntMHDUMvnu!+NT%9J)XsW$NVa>Bkv!&1gpcL*
zS?WPq=*{@k*f36DeQ0|NH>#}am<wW|M;U&k_;n*qb-+krVjGVqNi?T^3k!d>CJkZl
zvKv7kbzC2IHUl4nHKq1Qv5z7vQ=A}V%X7Z#o^W%JF7vDODo4_f)z6xT-KuNDXCj_+
zDaivZ0fVm2tl^TZR+*NHrh<w($n3HBq=}C8kLEJJC6)__?m*u|FKuJ6n<%wTdeQ}G
zeHje&U}CXNBeM<PbVR${6LVM^0`1$louPEcI%S?+CtHE7$;~o%WN(cEVqU2>!J-nI
zz$!aE&!q5gQ^~2tI7oi~<-etneDCH{Nk_U{MzK<f!lD%IOLbm|4aj!_XOBWCsoAY7
zMs1_#9JdM0vPmSq+ux>+Wh^v>&hynqFWz3yrWECaj#w(s3yu1Mg`9JSWjnJqol!8>
zm?imC!`09x-M`v?@noW}nZ2z(ji8b<;DfC?CLTr1K}yG}hX&Du?BElB8h|Ao)mR7M
zm;DLSz1p6Sp>A`mXMSwDHsVAJcp<&1){|=CFad+8_EkjiPxeT^Oe#-tG)v3(xg$D(
z=@EoR(~sr+!(U&2dsdPztGAEp2N%LeP(?PAHNbtALPGA~OPD@x{C)IIAM(cUoJr`5
z|My5E>OQJCe!TQ?R|bw)o}i=CiQ<w<xRAW;nYuMT)tXgew#&FR%7?fS_+4rCh}p~L
z>!q?oo+_M5HIP9qF$!HQX4+c$b%3$Rbm-Ub2LfU!-h^)Ety~r>ZI;>FD=A1r`-F@?
zrK@oCWLz%K>o2)%wwyN&7*6<MD(Ngz<PwpzgNa4cBIFkJVYByqoV|^wIL%+oq6Nid
zBybMy7)7$kimktxBo@rpg6KzOrK9x8Woe~cC!mVYUhYZ>JB+151yEjbit7$R!hOln
zT26}hRujG#z(v|yD{u?@f}XOAODv$>WW)9_sThXhFTNGrx$W$s3#;&*!9h;GT7~zc
zhAfMH^k-r7!YvcKF`vI?c)R=}BcwZBP>L48iZB%&`Z(j4jA{9)sXUViT1YB6dOf-(
z(z8!^M7x=(l|}iX@n9|2XCrJ3GqNjr*s7oIcX0!Zk-B&6>uq$IIpQAFHoCx64yUD-
z#TM)RKxJqcSh5_IK-baVK6~{9TpmAL&zi$>k!rhA1|MA+3E1(8p+Yggkh*4iySe+8
z@0+U>{g+b+zKLu~>hK!e%cO+>&*VOXUutUq;eMTbSmQc)ZV&B6hMrB1?H%8g{7&5~
zRYL`R&ZibxiPuJ~3*g)9N^y(HZ$2HqSOW&E<9`~S|7cZ<pe*3D&EMeGE-O=Qj6xfy
z&+7qYi_#<>cEHKH?ZKpQB2o=;d`VXk;BkVM^^x(5wM4%R*agaf;GDRRzm1mrNgKun
z1k97ZBsjBNVY&scbKYt>KCk55OdN#*ppN~5EA_51ED6dKCSSu39d_`D(HIQl<P@}P
znBf(pcixuv)kR6)px^`67aW%D!{N*6)A{Hw!iqi=PNgCrWtn?yx<Gb1%hBr6+%`br
zE#Z)Bc(6CW?NT-pvP?(R0~?swLW&|7059g2gPxy*4uYtK8}#0a>nNSXOkB!;F2D6T
zi@$lv9-9cKt%CE@ZFfIHz0NJkz?4X)%jrT0{w$f4Y=L7kaNEjl@dO_6HR0yBf+KTe
zgFRx*I+yntLN1VVY4)z`3LxmAsEQS;p0g!w^gu(YnCPKuA|?oM_oC68qva4ylUPwL
zY+mX4Qk<=O0FxNDsMu*+(PrT8H9RbB%j8$kEj)XUUY|67<83vrE$xvlSXObWA$vSO
zP)v1GKCVJxi{R#Z!2;BTB#A&B>3fRGw=jbDsHj)<7JU0)wNF;6J>M{gjM|&%<JwxW
zF;(G<JX_mN&%J<`KQ9n?z{8t6v4gHQXe5zFUa$_<Wx^4L@dm8^hI<kr-T?2UbmbhM
z1$U8^7h`-)$c>57J&fU9bVjXegvH5zk-QPj5yEq}{Qdkb19J^x2FFZW*Lw6Pi*8DO
z#K#>s^Ho=L&H19dp8dah4({){qd8b(>fa<JlYs|vBi2_xy^jv;SH89TS3#}qllXzV
zKCm2_CMOR+wd~D8eE<s;Yj#Z~v0{1}pAFdPtmLS{t&3cKwR%E_78pzuRyI9(9i)R@
z-_iRo@B)ule;j1}*#?nSiivj=jvAD<G*eyi7grqoeod`*Z-EN?t40{Kw|GnsU9UcL
zY>tEqM%8BtNC?yq3~&)98Oq8Mw`u7iF(gn@J)Hfti#=|QvrWhyjQ#o>i6W4K3o~%l
zLt-%Ku&yM$&NXosx@~*H2wkZ{)>r1GDalugRG|#NJh%;3^kyE1cXSmtkCtPUBY{;W
zmIisskxLxjd0^3>^!mfL{sY*PAl!>7-7xL|f_E^ns4zB^J!w2v#j>9H0cSZ#5Yj_d
z&TxqN;vvlqdB0Squ2AWOqU3EVPH?&O+{eibmb(dMW|5B8Cs2j}LyGeajyN=(ypXao
zEx8--<@yGu<Yztwq`mq9RMg`N$h_1?YFiQ*ore+Pl<5_vCG`ZVQiXRDviy2iRzpih
ziE6o{!x}57l~zd%s9J#RjTfD@&5Kp5-7c(ZIZ#3J=kMxIHQgy)P2jfi=+3@_%y;M9
zthf&!;J(XBim9i$WRl>~U^MH%yUz4{_#RDbz3(n^XVTldmUS#=o-&`U{GGh?-fP<-
z_PD|2Jxeh^aDKTTHra@rjnn-|X-(y$xMt8A^|-f1-!6BoWzx?39?6}iTPo$qUNoKJ
z#lTGc`dH=h=37~a3@q$hkf^(GNA7HS{JG-VXf4$5ZA@@a6(Hi{cYO6%%>yR?eyi^v
zm*$-j=6A~FMf{-Gko)05trB<t!zIgiL7mGnyau&b%cy`jA#e7E;5Ob{{u|IV0OqXy
zVKG(wd6Oa@v<ZBkvuDrh%?=24hIs?`3KE%in!`ZDM4=qI0EutUU$Yhz`u7T(LU6AB
zBq(6EI2>N@(^y)o3+b5SMIA1C4&V-<TpI51@L9TqJ2^>E3cWHaP(JAikl$~jYv16b
zwp<V+y8ttT*H{fZ*k-k-`tH7ew$rtNa#0$OWKSj5L9R^=y4dUzmX<te9#H312hGZM
z8K-}C$BU1Dr&m$H<Roia($GXU?ygD&!5Hbg$|w4?RA#hu!^Yx0EUPQoEd0+R5K5<<
ziy?+Fi>0hMQdXUGom7`zg&V=MvD7834m!>nekn=xw~sJ7U&DUlXJ~9~K4<@Nbl-Ir
zf(VuLx7LK_YoL>xStoX%IEW7=$zgU{>9)#!<E|?Xt1o+>5|n9Wg>7zoy<^XqB_U!M
z6ibzjo=5fBJ*C#6yBp&X4Vz#70UIJhe&s5S#5;kyRdW4pm0b8a{=t*S$W0m`Ny%-=
zdon3-`gE+=#^-%+J;`EiSK{*y0h6<%FVVu-DHs1fU2dJFG}hGP#CO*MJ&xQ<$j434
zhqC_bI(Ms+1lq~gkHMP~q$LO=WqrQ!{F~q_WXhSW7maluLlY11ZPCAu$1wczo982M
zTu?W6!rE5>IpdQX^nZat>VBgc=AY+S39fdO58HdLw^=X8WZu>M(VRsrYaFf@uI{aU
zld%zA{-vVEp$Bf`A^1);1ogZaHIUoLXG=M0hJN31Gv@x<BTw?`<5!rF*F$K;<Ufrf
z0|Uzd{SFZBOA(^fD9O<W*x7)+m~tc*eB4HM%)Kbc?7Gk7gxPJ`_FlvRYR`ZFkxjuu
z!4jEMktr1tO@*f3<9U>SrOK%hA0!2P8p4N+h%_7~;{>x>1B60HO3knelts6Apj@vP
zc&<YFV9`{AF;C*hD`3;fy%33|CRO^g>1XNE$v8h<cK&7`Q631&%GQ4{ZvTQ4S(r6`
zJ6jxTnG&YtQwuhr4aLkJ{Q@*GnHU^lz6DWx`)%VCHO%gC6{FA9ZL3(3U2*+GW0?l0
zzmi?CkzDJxs#t#YK?^rVT%acCHqK-^YH87*1z5B5@rqlDF#pj1A)4|JUao2jedce(
zappX7!WF>vb!Z&SgdVAMvlo;K(e9e8F!$uYq76`HC!4Z?u3LBgMY`hU&X@zT?!0uD
zK3(SW%Rk$|uv5RYUEgqmCT_RQFbzmzZrQqPYljrjpW0LKquU9}3FKqhsPxx$fAbPK
zz5_X_VD)_+#yG-0+wlDP>ZQj_S>lTf{VmpFlv-tx0L16x6aNS9&aB60#<yQ5ZX1hn
zi=X9v)ymc7^Vvk9>>X&&3SMjP85O4P8Q$mGKNubSLo^sViM8V{*hcgN!iT{Bg<rSO
zhz0)mfc^mn6`JD)>4}LdgTB2FunbUCF>pT<77hjmIu`JM@x}14(6J@|09`4znAivi
zAE0mg8+65lYt1Eu(1(cTIYTG@M^-0;KIH#5VRt~h2`i?)7_#yQ=touxC|M=`E$Dv$
Dz|UD2

diff --git a/documentation/getting-started.md b/documentation/getting-started.md
index cc0483d..14d8576 100644
--- a/documentation/getting-started.md
+++ b/documentation/getting-started.md
@@ -49,6 +49,7 @@ so some information might change depending on which version and branch you're us
   * [Adding or changing policies](#adding-or-changing-policies)
   * [Policy backups](#policy-backups)
   * [Data aggregation](#data-aggregation)
+  * [Access requests](#access-requests)
 
 <small><i><a href='http://ecotrust-canada.github.io/markdown-toc/'>Table of contents generated with markdown-toc</a></i></small>
 
@@ -466,3 +467,8 @@ When restarting the server, the contents of that file will be read to initialize
 ## Data aggregation
 
 The UMA server implements the [Aggregator Specification](https://spec.knows.idlab.ugent.be/aggregator-protocol/latest/).
+
+## Access Requests
+
+A user can request access to a resource through access requests,
+more information on this can be found in the [relevant documentation](./access-request-management.md).
diff --git a/packages/uma/config/resources/storage/default.json b/packages/uma/config/resources/storage/default.json
index 1b0ed15..ef0dde7 100644
--- a/packages/uma/config/resources/storage/default.json
+++ b/packages/uma/config/resources/storage/default.json
@@ -10,6 +10,10 @@
     {
       "@id": "urn:uma:default:DerivationStore",
       "@type": "MemoryMapStorage"
+    },
+    {
+      "@id": "urn:uma:default:OwnershipStore",
+      "@type": "MemoryMapStorage"
     }
   ]
 }
diff --git a/packages/uma/config/routes/accessrequests.json b/packages/uma/config/routes/accessrequests.json
index 1d10440..333e4fc 100644
--- a/packages/uma/config/routes/accessrequests.json
+++ b/packages/uma/config/routes/accessrequests.json
@@ -6,7 +6,8 @@
         {
             "@id": "urn:uma:default:AccessRequestController",
             "@type": "AccessRequestController",
-            "store": { "@id": "urn:uma:default:RulesStorage" }
+            "store": { "@id": "urn:uma:default:RulesStorage" },
+            "ownershipStore": { "@id": "urn:uma:default:OwnershipStore" }
         },
         {
             "@id": "urn:uma:default:AccessRequestHandler",
diff --git a/packages/uma/config/routes/resources.json b/packages/uma/config/routes/resources.json
index 29044cf..51feb14 100644
--- a/packages/uma/config/routes/resources.json
+++ b/packages/uma/config/routes/resources.json
@@ -8,6 +8,7 @@
       "@type": "ResourceRegistrationRequestHandler",
       "derivationStore": { "@id": "urn:uma:default:DerivationStore" },
       "registrationStore": { "@id": "urn:uma:default:ResourceRegistrationStore" },
+      "ownershipStore": { "@id": "urn:uma:default:OwnershipStore" },
       "policies": { "@id": "urn:uma:default:RulesStorage" },
       "validator": { "@id": "urn:uma:default:RequestValidator" }
     },
diff --git a/packages/uma/package.json b/packages/uma/package.json
index 51241ac..7b52bdd 100644
--- a/packages/uma/package.json
+++ b/packages/uma/package.json
@@ -74,6 +74,7 @@
     "ms": "^2.1.3",
     "n3": "^1.17.2",
     "odrl-evaluator": "^0.5.0",
+    "rdf-string": "^2.0.1",
     "rdf-vocabulary": "^1.0.1",
     "uri-template-lite": "^23.4.0",
     "winston": "^3.11.0",
diff --git a/packages/uma/src/controller/AccessRequestController.ts b/packages/uma/src/controller/AccessRequestController.ts
index 0848da3..b1d6bac 100644
--- a/packages/uma/src/controller/AccessRequestController.ts
+++ b/packages/uma/src/controller/AccessRequestController.ts
@@ -1,44 +1,244 @@
-import { UCRulesStorage } from "../ucp/storage/UCRulesStorage";
-import { BaseController } from "./BaseController";
+import { QueryEngine } from '@comunica/query-sparql';
+import { Quad } from '@rdfjs/types';
 import {
-    deleteAccessRequest,
-    getAccessRequest,
-    getAccessRequests,
-    patchAccessRequest,
-    postAccessRequest
-} from "../util/routeSpecific";
+    BadRequestHttpError,
+    ConflictHttpError,
+    createErrorMessage,
+    ForbiddenHttpError,
+    InternalServerError,
+    KeyValueStorage,
+    NotFoundHttpError,
+    RDF
+} from '@solid/community-server';
+import { getLoggerFor } from 'global-logger-factory';
+import { DataFactory as DF, Parser, Quad_Object, Quad_Subject, Store } from 'n3';
+import { randomUUID } from 'node:crypto';
+import { ODRL } from 'odrl-evaluator';
+import { stringToTerm, termToString } from 'rdf-string';
+import { UCRulesStorage } from '../ucp/storage/UCRulesStorage';
+import { SOTW } from '../ucp/util/Vocabularies';
+import { array, optional as $, reType, string, tuple, Type } from '../util/ReType';
+import { Permission } from '../views/Permission';
+import { BaseController } from './BaseController';
+
+export const AccessRequest = {
+    resource_id: string,
+    resource_scopes: array(string),
+    constraints: $(array(tuple(string, string, string))),
+};
+
+export type AccessRequest = Type<typeof Permission>;
 
 /**
  * Controller for routes concerning access requests
  */
 export class AccessRequestController extends BaseController {
+    protected readonly logger = getLoggerFor(this);
+
+    protected readonly queryEngine = new QueryEngine();
+
     constructor(
-        store: UCRulesStorage,
+        protected readonly store: UCRulesStorage,
+        protected readonly ownershipStore: KeyValueStorage<string, string[]>,
     ) {
         super(
             store,
-            'Already existing requests found',
-            postAccessRequest,
-            deleteAccessRequest,
-            getAccessRequests,
-            getAccessRequest,
-            patchAccessRequest,
+            // TODO: is this horrible? yes, but this entire architecture needs a rework anyway
+            null as any,
+            null as any,
+            null as any,
+            null as any,
+            null as any,
         );
+        this.sanitizeGets = this.getAccessRequests.bind(this);
+        this.sanitizeGet = this.getAccessRequest.bind(this);
+        this.sanitizePatch = this.patchAccessRequest.bind(this);
     }
 
-    /**
-     * Deletes are not allowed on access requests.
-     *
-     * @param entityID ID pointing to the policy or access request
-     * @param clientID ID of the resource owner (RO) or requesting party (RP) making the deletion
-     * @returns a status code: 403
-     */
     public async deleteEntity(entityID: string, clientID: string): Promise<{ status: number }> {
-        return { status: 403 };
+        // Not defined who should be allowed to delete requests
+        // TODO: perhaps might make sense to allow deletion by requester when status is still "requested"
+        throw new ForbiddenHttpError();
     }
 
     public async putEntity(data: string, entityID: string, clientID: string): Promise<{ status: number }> {
-        return { status: 403 };
+        // Changing requests is not allowed
+        throw new ForbiddenHttpError();
+    }
+
+    public async addEntity(data: string, clientID: string): Promise<{ status: number, id: string }> {
+        let json: AccessRequest;
+        // TODO: assuming input is JSON here for now
+        try {
+            json = JSON.parse(data);
+            reType(json, AccessRequest);
+        } catch (e) {
+            this.logger.warn(`Syntax error: ${createErrorMessage(e)}, ${data}`);
+            throw new BadRequestHttpError(`Request has bad syntax: ${createErrorMessage(e)}`);
+        }
+
+        if (json.resource_scopes.length === 0) {
+            throw new BadRequestHttpError('Missing scopes');
+        }
+
+        const subject = DF.namedNode(`http://example.org/${randomUUID()}`);
+        const request = new Store();
+        request.addQuads([
+            DF.quad(subject, RDF.terms.type, SOTW.terms.EvaluationRequest),
+            // TODO: should verify this resource exists (and also remove requests if resources no longer exist)
+            DF.quad(subject, SOTW.terms.requestedTarget, DF.namedNode(json.resource_id)),
+            DF.quad(subject, SOTW.terms.requestingParty, DF.namedNode(clientID)),
+            DF.quad(subject, SOTW.terms.requestStatus, SOTW.terms.requested),
+            ...json.resource_scopes.map((scope) => DF.quad(subject, SOTW.terms.requestedAction, DF.namedNode(scope))),
+        ]);
+        let constraintIdx = 0;
+        for (const constraint of json.constraints ?? []) {
+            const terms = constraint.map((str) => stringToTerm(str)) as Quad_Object[];
+            const constraintSubject = DF.namedNode(subject.value + `-constraint-${++constraintIdx}`);
+            request.addQuads([
+                DF.quad(subject, ODRL.terms.constraint, constraintSubject),
+                DF.quad(constraintSubject, RDF.terms.type, ODRL.terms.Constraint),
+                DF.quad(constraintSubject, ODRL.terms.leftOperand, terms[0]),
+                DF.quad(constraintSubject, ODRL.terms.operator, terms[1]),
+                DF.quad(constraintSubject, ODRL.terms.rightOperand, terms[2]),
+            ]);
+        }
+
+        await this.store.addRule(request);
+
+        this.logger.info(`Created request ${subject.value} for ${clientID} with values ${JSON.stringify(data)}`);
+
+        return { status: 201, id: subject.value };
+    }
+
+    // Find access requests where clientId is the requester or the owner of the targeted resource
+    protected async getAccessRequests(store: Store, clientId: string): Promise<Store> {
+        const result = new Store();
+
+        // Find requested queries
+        const requestedSparql = `        
+            SELECT DISTINCT ?req
+            WHERE { ?req <https://w3id.org/force/sotw#requestingParty> <${clientId}> }`;
+        const requestedStream = await this.queryEngine.queryBindings(requestedSparql, { sources: [store] });
+        for await (const binding of requestedStream) {
+            result.addAll(this.getRequestQuads(store, binding.get('req') as Quad_Subject));
+        }
+
+        // Find queries over owned resources
+        const resources = await this.ownershipStore.get(clientId);
+        if (resources && resources.length > 0) {
+            // TODO: assuming resource ID is an IRI
+            const ownedSparql = `
+            SELECT DISTINCT ?req
+            WHERE {
+              VALUES (?resource) {
+                ${resources.map((res) => `(<${res}>)`).join('\n')}
+              }
+              ?req <https://w3id.org/force/sotw#requestedTarget> ?resource .
+            }`;
+            const requestedStream = await this.queryEngine.queryBindings(ownedSparql, { sources: [store] });
+            for await (const binding of requestedStream) {
+                result.addAll(this.getRequestQuads(store, binding.get('req') as Quad_Subject));
+            }
+        }
+
+        return result;
     }
 
+    protected async getAccessRequest(store: Store, requestID: string, clientID: string): Promise<Store> {
+        const requestNode = DF.namedNode(requestID);
+        const requesters = store.getObjects(requestNode, SOTW.terms.requestingParty, null);
+        if (requesters.length === 0) {
+            throw new NotFoundHttpError();
+        }
+
+        let allowedToSee = requesters.some((requester) => requester.value === clientID);
+        if (!allowedToSee) {
+            // Maybe the client is the owner instead of the requester
+            const targets = store.getObjects(requestNode, SOTW.terms.requestedTarget, null);
+            if (targets.length !== 1) {
+                throw new InternalServerError(`Unexpected amount of targets, expected 1 but got ${targets.length}`);
+            }
+            const ownedResources = await this.ownershipStore.get(clientID) ?? [];
+            allowedToSee = ownedResources.includes(targets[0].value);
+        }
+
+        if (!allowedToSee) {
+            throw new ForbiddenHttpError();
+        }
+
+        return new Store(this.getRequestQuads(store, requestNode));
+    }
+
+    protected async patchAccessRequest(store: Store, requestID: string, clientID: string, patchInformation: string):
+        Promise<void> {
+        const requestNode = DF.namedNode(requestID);
+        const targets = store.getObjects(requestNode, SOTW.terms.requestedTarget, null);
+        if (targets.length === 0) {
+            throw new NotFoundHttpError();
+        }
+
+        if (patchInformation !== 'accepted' && patchInformation !== 'denied') {
+            throw new BadRequestHttpError('Status needs to be "accepted" or "denied"');
+        }
+
+        const ownedResources = await this.ownershipStore.get(clientID);
+        if (!ownedResources?.includes(targets[0].value)) {
+            throw new ForbiddenHttpError();
+        }
+
+        const statuses = store.getObjects(requestNode, SOTW.terms.requestStatus, null);
+        if (statuses.length !== 1) {
+            throw new InternalServerError(`Expected 1 status for ${requestID} but found ${statuses.length}`);
+        }
+        if (!statuses[0].equals(SOTW.terms.requested)) {
+            throw new ConflictHttpError(`Request was already resolved`);
+        }
+
+        const actions = store.getObjects(requestNode, SOTW.terms.requestedAction, null);
+        const parties = store.getObjects(requestNode, SOTW.terms.requestingParty, null);
+
+        if (actions.length === 0 || parties.length !== 1) {
+            throw new InternalServerError(`Invalid actions (${actions.map(termToString)}) or parties (${
+                parties.map(termToString)})`);
+        }
+
+        store.removeQuad(DF.quad(requestNode, SOTW.terms.requestStatus, SOTW.terms.requested));
+        store.addQuad(DF.quad(requestNode, SOTW.terms.requestStatus, SOTW.terms[patchInformation]));
+
+        this.logger.info(`Updated status of request ${requestNode.value} to ${patchInformation}`)
+        if (patchInformation === 'accepted') {
+            const policyNode = DF.namedNode(`http://example.org/${randomUUID()}`);
+            const permissionNode = DF.namedNode(policyNode.value + '-permission');
+            store.addQuads([
+                DF.quad(policyNode, RDF.terms.type, ODRL.terms.Agreement),
+                DF.quad(policyNode, ODRL.terms.uid, policyNode),
+                DF.quad(policyNode, ODRL.terms.permission, permissionNode),
+                DF.quad(permissionNode, RDF.terms.type, ODRL.terms.Permission),
+                ...actions.map((action) => DF.quad(permissionNode, ODRL.terms.action, action)),
+                DF.quad(permissionNode, ODRL.terms.target, targets[0]),
+                DF.quad(permissionNode, ODRL.terms.assignee, parties[0]),
+                DF.quad(permissionNode, ODRL.terms.assigner, DF.namedNode(clientID)),
+                ...store.getObjects(requestNode, ODRL.terms.constraint, null).flatMap((constraint) => [
+                    DF.quad(permissionNode, ODRL.terms.constraint, constraint),
+                    ...store.getQuads(constraint, null, null, null),
+                ]),
+            ]);
+            this.logger.info(
+              `Created policy ${policyNode.value} in response to request ${requestNode.value} being accepted`);
+        }
+    }
+
+    /**
+     * Returns all the quads related to the given request.
+     */
+    protected getRequestQuads(store: Store, subject: Quad_Subject): Quad[] {
+        const quads = store.getQuads(subject, null, null, null);
+        // Constraints go a level deeper
+        const constraints = store.getObjects(subject, ODRL.terms.constraint, null);
+        for (const constraint of constraints) {
+            quads.push(...store.getQuads(constraint, null, null, null));
+        }
+        return quads;
+    }
 }
diff --git a/packages/uma/src/controller/BaseController.ts b/packages/uma/src/controller/BaseController.ts
index 9cd99d4..3dcbbf3 100644
--- a/packages/uma/src/controller/BaseController.ts
+++ b/packages/uma/src/controller/BaseController.ts
@@ -1,7 +1,9 @@
+import { ConflictHttpError } from '@solid/community-server';
 import { UCRulesStorage } from "../ucp/storage/UCRulesStorage";
 import { getLoggerFor } from 'global-logger-factory';
 import { Parser, Store } from 'n3';
 import { writeStore } from "../util/ConvertUtil";
+import { HttpHandlerResponse } from '../util/http/models/HttpHandler';
 import { noAlreadyDefinedSubjects } from "../util/routeSpecific/sanitizeUtil";
 
 /**
@@ -10,16 +12,15 @@ import { noAlreadyDefinedSubjects } from "../util/routeSpecific/sanitizeUtil";
  */
 export abstract class BaseController {
 
-    private readonly logger = getLoggerFor(this);
+    protected readonly logger = getLoggerFor(this);
 
     constructor(
         protected readonly store: UCRulesStorage,
-        protected readonly conflictMessage: string,
-        protected readonly sanitizePost: (store: Store, clientID: string) => Promise<Store>,
-        protected readonly sanitizeDelete: (store: Store, entityID: string, clientID: string) => Promise<void>,
-        protected readonly sanitizeGets: (store: Store, clientID: string) => Promise<Store>,
-        protected readonly sanitizeGet: (store: Store, entityID: string, clientID: string) => Promise<Store>,
-        protected readonly sanitizePatch: (store: Store, entityID: string, clientID: string, patchInformation: string) => Promise<void>
+        protected sanitizePost: (store: Store, clientID: string) => Promise<{ result: Store, id: string }>,
+        protected sanitizeDelete: (store: Store, entityID: string, clientID: string) => Promise<void>,
+        protected sanitizeGets: (store: Store, clientID: string) => Promise<Store>,
+        protected sanitizeGet: (store: Store, entityID: string, clientID: string) => Promise<Store>,
+        protected sanitizePatch: (store: Store, entityID: string, clientID: string, patchInformation: string) => Promise<void>
     ) { }
 
     /**
@@ -29,25 +30,18 @@ export abstract class BaseController {
      * @returns results serialized in Turtle and status code 200,
      *          or an empty body with status 404 if nothing was found
      */
-    private async get(sanitizeGet: Function): Promise<{ message: string, status: number }> {
-        try {
-            const store = await sanitizeGet();
-
-            const message = store.size > 0
-                ? await writeStore(store)
-                : '';
-
-            const status = 200;
-            return { message, status };
-        } catch (_e) {
-            return { message: '', status: 200 }
-        }
+    private async get(sanitizeGet: () => Promise<Store>): Promise<{ message: string, status: number }> {
+        const store = await sanitizeGet();
+
+        const message = store.size > 0 ? await writeStore(store) : '';
+        const status = 200;
+        return { message, status };
     }
 
     /**
      * Retrieve all policies (including rules) or all access requests belonging to a given `clientID`.
      *
-     * @param clientID ID of the resource owner (RO) or requesting party (RP)
+     * @param clientID ID of the requesting party (RP)
      * @returns a Turtle-serialized store of all policies or access requests,
      *          and an HTTP status code indicating success (200) or not found (404)
      */
@@ -59,7 +53,7 @@ export abstract class BaseController {
      * Retrieve a single policy (including its rules) or access request identified by `entityID` for a given `clientID`.
      *
      * @param entityID ID pointing to the policy or access request
-     * @param clientID ID pointing to the resource owner (RO) or requesting party (RP)
+     * @param clientID ID pointing to the requesting party (RP)
      * @returns a Turtle-serialized representation of the policy/access request and HTTP status code (200),
      *          or an empty body with status 404 if not found
      */
@@ -72,31 +66,28 @@ export abstract class BaseController {
      * Ensures no duplicate subjects already exist in the store.
      *
      * @param data RDF data in Turtle/N3 format representing the new policy or access request
-     * @param clientID ID of the resource owner (RO) or requesting party (RP) creating the entity
+     * @param clientID ID of the requesting party (RP) creating the entity
      * @returns a status code:
      *          - 201 if creation was successful
      *          - 409 if a conflict occurred (duplicate subject)
      */
-    public async addEntity(data: string, clientID: string): Promise<{ status: number, message:string }> {
+    public async addEntity(data: string, clientID: string):
+        Promise<{ status: number, message?: string, id: string }> {
         const store = new Store(new Parser().parse(data));
 
-        try {
-            const sanitizedStore = await this.sanitizePost(store, clientID);
-            if (noAlreadyDefinedSubjects(await this.store.getStore(), sanitizedStore))
-                this.store.addRule(sanitizedStore);
-            else return { status: 409, message: ''  }; // conflict
-        } catch (e) {
-            return { status: e.statusCode || 500, message: e.message }; // the message of this error will contain the reason this query failed
-        }
+        const { result, id } = await this.sanitizePost(store, clientID);
+        if (noAlreadyDefinedSubjects(await this.store.getStore(), result))
+            this.store.addRule(result);
+        else throw new ConflictHttpError();
 
-        return { status: 201, message: ''  }; // success
+        return { status: 201, id  }; // success
     }
 
     /**
      * Delete a single policy (including rules) or access request identified by `entityID` for a given `clientID`.
      *
      * @param entityID ID pointing to the policy or access request
-     * @param clientID ID of the resource owner (RO) or requesting party (RP) making the deletion
+     * @param clientID ID of the requesting party (RP) making the deletion
      * @returns a status code:
      *          - 204 if deletion was successful
      */
@@ -116,13 +107,13 @@ export abstract class BaseController {
      *
      * @param entityID ID pointing to the policy or access request
      * @param patchInformation information describing the patch to be applied (query or JSON, but content type of request must match this.contentType)
-     * @param clientID ID of the resource owner (RO) or requesting party (RP) making the patch
+     * @param clientID ID of the requesting party (RP) making the patch
      * @param isolate whether to isolate the entity's quads during patching (defaults to true)
      * @returns a status code:
      *          - 204 if patching was successful
      */
-    public async patchEntity(entityID: string, patchInformation: string, clientID: string, isolate: boolean = true): Promise<{ status: number, message: string }> {
-        let response = { status: 204, message: '' };
+    public async patchEntity(entityID: string, patchInformation: string, clientID: string, isolate: boolean = true): Promise<HttpHandlerResponse<string>> {
+        let response: HttpHandlerResponse<string> = { status: 204, body: '' };
         let filteredStore = new Store(await this.store.getStore());
         let omitStore: Store;
 
@@ -132,11 +123,7 @@ export abstract class BaseController {
             omitStore.removeQuads([ ...filteredStore]);
         }
 
-        try {
-            await this.sanitizePatch(filteredStore, entityID, clientID, patchInformation);
-        } catch (e) {
-            response = { status: e.status || 500, message: e.message };
-        }
+        await this.sanitizePatch(filteredStore, entityID, clientID, patchInformation);
 
         if (isolate) {
             // isolate all information about the store again, because queries could insert information
@@ -151,6 +138,7 @@ export abstract class BaseController {
         const originalStore = await this.store.getStore();
         const remove = originalStore.difference(filteredStore);
         const add = filteredStore.difference(originalStore);
+
         if (remove.size > 0) {
             await this.store.removeData(remove as Store);
         }
@@ -166,9 +154,9 @@ export abstract class BaseController {
      *
      * Currently, this is only implemented for policies.
      *
-     * @param data RDF data in Turtle/N3 format representing a policy or acccess request
+     * @param data RDF data in Turtle/N3 format representing a policy or access request
      * @param entityID ID pointing to the policy or access request
-     * @param clientID ID pointing to the resource owner (RO) or requesting party making the put
+     * @param clientID ID pointing to requesting party making the put
      * @returns a status code:
      *          - 204 if put was successful
      */
@@ -179,11 +167,11 @@ export abstract class BaseController {
 
         // parse the entity through a POST request and check the results
         const store = new Store(new Parser().parse(data));
-        const sanitizedStore = await this.sanitizePost(store, clientID);
+        const { result } = await this.sanitizePost(store, clientID);
 
         // delete the old rule and insert the new
         await this.deleteEntity(entityID, clientID);
-        await this.store.addRule(sanitizedStore);
+        await this.store.addRule(result);
         return { status: 204 };
     }
 }
diff --git a/packages/uma/src/controller/PolicyRequestController.ts b/packages/uma/src/controller/PolicyRequestController.ts
index a6a0454..aea8dd2 100644
--- a/packages/uma/src/controller/PolicyRequestController.ts
+++ b/packages/uma/src/controller/PolicyRequestController.ts
@@ -17,7 +17,6 @@ export class PolicyController extends BaseController {
     ) {
         super(
             store,
-            "Already existing policies found",
             postPolicy,
             deletePolicy,
             getPolicies,
diff --git a/packages/uma/src/routes/BaseHandler.ts b/packages/uma/src/routes/BaseHandler.ts
index 0f95d74..d312bff 100644
--- a/packages/uma/src/routes/BaseHandler.ts
+++ b/packages/uma/src/routes/BaseHandler.ts
@@ -1,8 +1,7 @@
-import { BadRequestHttpError, ForbiddenHttpError, MethodNotAllowedHttpError } from '@solid/community-server';
+import { BadRequestHttpError, ForbiddenHttpError, joinUrl, MethodNotAllowedHttpError } from '@solid/community-server';
 import { getLoggerFor } from 'global-logger-factory';
 import { BaseController } from '../controller/BaseController';
 import { WEBID } from '../credentials/Claims';
-import { ClaimSet } from '../credentials/ClaimSet';
 import { CredentialParser } from '../credentials/CredentialParser';
 import { Verifier } from '../credentials/verify/Verifier';
 import {
@@ -99,7 +98,7 @@ export class BaseHandler extends HttpHandler {
      * Retrieve a single policy (including its rules) or a single access request identified by `entityID`.
      *
      * @param entityID ID pointing to the policy or access request
-     * @param clientID ID pointing to the resource owner (RO) or requesting party (RP)
+     * @param clientID ID pointing to the requesting party (RP)
      * @returns a response with status (200 if found, 404 if not) and Turtle body containing the entity
      */
     private async handleSingleGet(entityID: string, clientID: string): Promise<HttpHandlerResponse<string>> {
@@ -117,12 +116,12 @@ export class BaseHandler extends HttpHandler {
      *
      * @param request HttpHandlerRequest containing the PATCH body
      * @param entityID ID of the policy or access request to patch
-     * @param clientID ID pointing to the resource owner (RO) or requesting party (RP)
+     * @param clientID ID pointing to the requesting party (RP)
      * @returns a response with status code 204 if successful, or error status otherwise
      * @throws BadRequestHttpError if request body is missing or invalid
      */
-    private async handlePatch(request: HttpHandlerRequest<string>, entityID: string, clientID: string): Promise<HttpHandlerResponse<void>> {
-        let response = { status: 204, message: '' };
+    private async handlePatch(request: HttpHandlerRequest<string>, entityID: string, clientID: string): Promise<HttpHandlerResponse<string>> {
+        let response: HttpHandlerResponse<string> = { status: 204, body: '' };
 
         if (!request.body) throw new BadRequestHttpError();
         if (this.patchContentType === 'application/json') {
@@ -138,7 +137,7 @@ export class BaseHandler extends HttpHandler {
      * Rewrite a single policy (including rules) or access request identified by `entityID`.
      *
      * @param entityID ID pointing to the policy or access request
-     * @param clientID ID pointing to the resource owner (RO) or requesting party (RP)
+     * @param clientID ID pointing to the requesting party (RP)
      * @returns a response with status 204 upon success
      */
     private async handlePut(request: HttpHandlerRequest<string>, entityID: string, clientID: string): Promise<HttpHandlerResponse<void>> {
@@ -154,7 +153,7 @@ export class BaseHandler extends HttpHandler {
      * Remove a single policy (including rules) or access request identified by `entityID`.
      *
      * @param entityID ID pointing to the policy or access request
-     * @param clientID ID pointing to the resource owner (RO) or requesting party (RP)
+     * @param clientID ID pointing to the requesting party (RP)
      * @returns a response with status 204 if deletion was successful
      */
     private async handleDelete(entityID: string, clientID: string): Promise<HttpHandlerResponse<void>> {
@@ -168,7 +167,7 @@ export class BaseHandler extends HttpHandler {
     /**
      * Retrieve all policies (including rules) or all access requests for a given `clientID`.
      *
-     * @param clientID ID pointing to the resource owner (RO) or requesting party (RP)
+     * @param clientID ID pointing to the requesting party (RP)
      * @returns a response with status (200 if found, 404 if not) and Turtle body containing all entities
      */
     private async handleGet(clientID: string): Promise<HttpHandlerResponse<string>> {
@@ -184,16 +183,17 @@ export class BaseHandler extends HttpHandler {
      * Create a new policy (with at least one rule) or a new access request for a given `clientID`.
      *
      * @param request HttpHandlerRequest containing RDF body representing the entity
-     * @param clientID ID pointing to the resource owner (RO) or requesting party (RP)
+     * @param clientID ID pointing to the requesting party (RP)
      * @returns a response with status code 201 if successful, 409 if conflict occurred, or error otherwise
      * @throws BadRequestHttpError if request body is missing
      */
     private async handlePost(request: HttpHandlerRequest<string>, clientID: string): Promise<HttpHandlerResponse<string>> {
         if (!request.body) throw new BadRequestHttpError();
-        const { status, message } = await this.controller.addEntity(request.body.toString(), clientID);
+        const { status, message, id } = await this.controller.addEntity(request.body.toString(), clientID);
 
         return {
             status: status,
+            headers: { location: joinUrl(request.url.href, id) },
             body: message
         };
     }
diff --git a/packages/uma/src/routes/ResourceRegistration.ts b/packages/uma/src/routes/ResourceRegistration.ts
index 47f1bf5..75e1054 100644
--- a/packages/uma/src/routes/ResourceRegistration.ts
+++ b/packages/uma/src/routes/ResourceRegistration.ts
@@ -43,12 +43,14 @@ export class ResourceRegistrationRequestHandler extends HttpHandler {
   /**
    * @param derivationStore - Key/value store linking derivation_resource_ids to their issuer.
    * @param registrationStore - Key/value store containing the {@link ResourceDescription}s.
+   * @param ownershipStore - Key/value store that links owners to their resources.
    * @param policies - Policy store to contain the asset relation triples.
    * @param validator - Validates that the request is valid.
    */
   constructor(
     protected readonly derivationStore: KeyValueStorage<string, string>,
     protected readonly registrationStore: RegistrationStore,
+    protected readonly ownershipStore: KeyValueStorage<string, string[]>,
     protected readonly policies: UCRulesStorage,
     protected readonly validator: RequestValidator,
   ) {
@@ -93,6 +95,10 @@ export class ResourceRegistrationRequestHandler extends HttpHandler {
     // Set the resource metadata
     await this.setResourceMetadata(resource, body, owner);
 
+    const ownedResources = await this.ownershipStore.get(owner) ?? [];
+    ownedResources.push(resource);
+    await this.ownershipStore.set(owner, ownedResources);
+
     return ({
       status: 201,
       headers: { location: `${joinUrl(request.url.href, encodeURIComponent(resource))}` },
@@ -153,6 +159,16 @@ export class ResourceRegistrationRequestHandler extends HttpHandler {
     await this.registrationStore.delete(parameters.id);
     this.logger.info(`Deleted resource ${parameters.id}.`);
 
+    const ownedResources = await this.ownershipStore.get(owner) ?? [];
+    const idx = ownedResources.indexOf(parameters.id);
+    if (idx >= 0) {
+      ownedResources.splice(idx, 1);
+      if (ownedResources.length === 0) {
+        await this.ownershipStore.delete(owner);
+      } else {
+        await this.ownershipStore.set(owner, ownedResources);
+      }
+    }
     return ({ status: 204 });
   }
 
diff --git a/packages/uma/src/ucp/util/Vocabularies.ts b/packages/uma/src/ucp/util/Vocabularies.ts
index c723a5e..d5ff690 100644
--- a/packages/uma/src/ucp/util/Vocabularies.ts
+++ b/packages/uma/src/ucp/util/Vocabularies.ts
@@ -146,6 +146,18 @@ export const OWL = createVocabulary(
   'inverseOf',
 );
 
+export const SOTW = createVocabulary(
+  'https://w3id.org/force/sotw#',
+  'EvaluationRequest',
+  'accepted',
+  'denied',
+  'requested',
+  'requestedAction',
+  'requestedTarget',
+  'requestingParty',
+  'requestStatus',
+);
+
 export const UMA_SCOPES = createVocabulary(
   'urn:knows:uma:scopes:',
   'derivation-creation',
diff --git a/packages/uma/src/util/routeSpecific/delete.ts b/packages/uma/src/util/routeSpecific/delete.ts
index 94e7fa0..ec78f13 100644
--- a/packages/uma/src/util/routeSpecific/delete.ts
+++ b/packages/uma/src/util/routeSpecific/delete.ts
@@ -3,7 +3,7 @@ import {queryEngine} from './index';
 
 /**
  * Executes a DELETE query against the given store.
- * 
+ *
  * @param store store containing the data to be modified
  * @param query DELETE query string to be executed
  * @returns a promise resolving when the deletion is completed
@@ -17,10 +17,10 @@ const executeDelete = async (
 
 /**
  * Build a query that deletes a policy and its associated permissions.
- * 
+ *
  * The deletion only occurs if the policy has the given `policyID` and is assigned
  * to the provided `clientID`.
- * 
+ *
  * @param policyID ID of the policy to delete
  * @param resourceOwner ID of the resource owner (assigner) who owns the policy
  * @returns a DELETE query string
@@ -49,7 +49,7 @@ const buildPolicyDeletionQuery = (policyID: string, resourceOwner: string) => `
 
 /**
  * Delete a policy (including its associated permissions) from the store.
- * 
+ *
  * @param store store containing the policies
  * @param policyID ID of the policy to delete
  * @param resourceOwner ID of the resource owner (assigner) responsible for the policy
@@ -57,53 +57,3 @@ const buildPolicyDeletionQuery = (policyID: string, resourceOwner: string) => `
  */
 export const deletePolicy = (store: Store, policyID: string, resourceOwner: string) =>
     executeDelete(store, buildPolicyDeletionQuery(policyID, resourceOwner));
-
-/**
- * Build a query that deletes an access request and its related triples.
- * 
- * The deletion is permitted if either:
- * - The request has the given `requestID` and `clientID` is the requesting party, OR
- * - The request targets a resource assigned to `clientID` via an ODRL agreement.
- * 
- * @param requestID ID of the access request to delete
- * @param requestingPartyOrResourceowner ID of the requesting party or resource owner
- * @returns a DELETE query string
- */
-const buildAccessRequestDeletionQuery = (requestID: string, requestingPartyOrResourceowner: string) => `
-    PREFIX sotw: <https://w3id.org/force/sotw#>
-    PREFIX odrl: <http://www.w3.org/ns/odrl/2/>
-
-    DELETE {
-        <${requestID}> ?p ?o
-    } WHERE {
-        <${requestID}> ?p ?o .
-        {
-            <${requestID}> sotw:requestingParty <${requestingPartyOrResourceowner}> .
-        } 
-        UNION
-        {
-            <${requestID}> sotw:requestedTarget ?target .
-            ?pol a odrl:Agreement ;
-                 odrl:permission ?per .
-            ?per odrl:target ?target ;
-                 odrl:assigner <${requestingPartyOrResourceowner}> .
-        }
-    }
-`;
-
-/**
- * Delete an access request (including all its triples) from the store.
- * 
- * Deletion is allowed if:
- * - The given `clientID` is the requesting party, OR
- * - The `clientID` is the assigner of a policy targeting the same resource as the request.
- * 
- * @param store store containing the requests
- * @param requestID ID of the request to delete
- * @param requestingPartyOrResourceOwner ID of the requesting party or resource owner
- * @returns a promise resolving when deletion is completed
- */
-export const deleteAccessRequest = async (store: Store, requestID: string, requestingPartyOrResourceOwner: string): Promise<void> => {
-    await executeDelete(store, buildAccessRequestDeletionQuery(requestID, requestingPartyOrResourceOwner));
-
-}
diff --git a/packages/uma/src/util/routeSpecific/get.ts b/packages/uma/src/util/routeSpecific/get.ts
index a940482..00f4ff4 100644
--- a/packages/uma/src/util/routeSpecific/get.ts
+++ b/packages/uma/src/util/routeSpecific/get.ts
@@ -1,4 +1,6 @@
-import { Store } from "n3";
+import { Quad } from '@rdfjs/types';
+import { DataFactory as DF, Quad_Subject, Store } from 'n3';
+import { ODRL } from 'odrl-evaluator';
 import {queryEngine} from './index';
 
 /**
@@ -34,7 +36,7 @@ const executeGet = async (
                 break;
             }
 
-            subStore.addQuads(store.getQuads(term, null, null, null));
+            subStore.addQuads(permissionToQuads(store, term));
         }
 
         if (valid) results.push(subStore)
@@ -116,87 +118,21 @@ const buildPoliciesRetrievalQuery = (resourceOwner: string) => `
  * @returns a store containing all policies and their permissions
  */
 export const getPolicies = (store: Store, resourceOwner: string) =>
-    executeGet(store, buildPoliciesRetrievalQuery(resourceOwner), ['policy', 'perm']);
-
-// ! There is not necessarily a link between resource owner and resource through a policy
-// ! Currently, only the requests where the client is requesting party will be given,
-// ! for requested targets that aren't included in some policy already.
-
-/**
- * Build a query to retrieve a single request,
- * provided that the client is either the requesting party
- * or the assigner of a policy targeting the same resource.
- *
- * @param requestID identifier of the request
- * @param requestingPartyOrResourceOwner identifier of the client
- * @returns a query string
- */
-const buildAccessRequestRetrievalQuery = (requestID: string, requestingPartyOrResourceOwner: string) => `
-    PREFIX sotw: <https://w3id.org/force/sotw#>
-    PREFIX odrl: <http://www.w3.org/ns/odrl/2/>
-
-    SELECT DISTINCT ?req
-    WHERE {
-        {
-            <${requestID}> sotw:requestingParty <${requestingPartyOrResourceOwner}> .
-        } 
-        UNION
-        {
-            <${requestID}> sotw:requestedTarget ?target .
-            ?pol a odrl:Agreement ;
-                 odrl:permission ?per .
-            ?per odrl:target ?target ;
-                 odrl:assigner <${requestingPartyOrResourceOwner}> .
-        }
+    executeGet(store, buildPoliciesRetrievalQuery(resourceOwner), ['perm']);
+
+// TODO: slight improvement over existing solution so constraints get returned but definitely not ideal yet
+function permissionToQuads(store: Store, permission: Quad_Subject): Quad[] {
+    const result: Quad[] = [];
+    const policies = store.getSubjects(ODRL.terms.permission, permission, null);
+    for (const policy of policies) {
+        result.push(...store.getQuads(policy, null, null, null));
     }
-`;
+    result.push(...store.getQuads(permission, null, null, null));
 
-/**
- * Retrieve a single request by ID,
- * if the client is the requesting party or assigner of the target.
- *
- * @param store the source store
- * @param accessRequestID identifier of the request
- * @param requestingPartyOrResourceOwner identifier of the client
- * @returns a store containing the request
- */
-export const getAccessRequest = (store: Store, accessRequestID: string, requestingPartyOrResourceOwner: string) =>
-    executeGet(store, buildAccessRequestRetrievalQuery(accessRequestID, requestingPartyOrResourceOwner), ['req']);
+    // Constraints
+    result.push(
+      ...store.getObjects(permission, ODRL.terms.constraint, null).flatMap((constraint) =>
+          store.getQuads(constraint, null, null, null)));
 
-/**
- * Build a query to retrieve all requests for a client,
- * either as requesting party or as assigner of the requested target.
- *
- * @param requestingPartyOrResourceOwner identifier of the client
- * @returns a query string
- */
-const buildAccessRequestsRetrievalQuery = (requestingPartyOrResourceOwner: string) => `
-    PREFIX sotw: <https://w3id.org/force/sotw#>
-    PREFIX odrl: <http://www.w3.org/ns/odrl/2/>
-
-    SELECT DISTINCT ?req
-    WHERE {
-        {
-            ?req sotw:requestingParty <${requestingPartyOrResourceOwner}> .
-        } 
-        UNION
-        {
-            ?req sotw:requestedTarget ?target .
-            ?pol a odrl:Agreement ;
-                 odrl:permission ?per .
-            ?per odrl:target ?target ;
-                 odrl:assigner <${requestingPartyOrResourceOwner}> .
-        }
-    }
-`;
-
-/**
- * Retrieve all requests for a client,
- * either as requesting party or as assigner of the requested targets.
- *
- * @param store the source store
- * @param requestingPartyOrResourceOwner identifier of the client
- * @returns a store containing the requests
- */
-export const getAccessRequests = (store: Store, requestingPartyOrResourceOwner: string) =>
-    executeGet(store, buildAccessRequestsRetrievalQuery(requestingPartyOrResourceOwner), ['req']);
+    return result;
+}
diff --git a/packages/uma/src/util/routeSpecific/patch.ts b/packages/uma/src/util/routeSpecific/patch.ts
index bfd9de1..ebf670f 100644
--- a/packages/uma/src/util/routeSpecific/patch.ts
+++ b/packages/uma/src/util/routeSpecific/patch.ts
@@ -1,4 +1,4 @@
-import { v4 as uuid } from 'uuid';
+import { ForbiddenHttpError } from '@solid/community-server';
 import { Store } from "n3";
 import {queryEngine} from './index';
 
@@ -22,117 +22,8 @@ export const patchPolicy = async (
 ) => {
     // check ownership of resource -- is client assigner?
     const isOwner = store.countQuads(null, "http://www.w3.org/ns/odrl/2/assigner", resourceOwner, null) !== 0;
-    if (!isOwner) throw new PatchError(403, "resource owner doesn't match") ; // ? shouldn't this throw an error -- drawback would be information leakage
-    else await queryEngine.queryVoid(query.toString(), { sources: [store] });
-}
-
-// ! link between target and resource owner is not always included through a policy
-// ! there should be some endpoint or link in the store that allows for this discovery
-// ! currently, this patch will not work!
-/**
- * Construct an update for modifying the status of a request.
- *
- * The update replaces the request’s status with a new one,
- * provided the client is the assigner of a policy targeting
- * the requested resource.
- *
- * @param requestID identifier of the request
- * @param resourceOwner identifier of the client attempting the patch
- * @param patchInformation new status value ("accepted", "denied")
- * @returns a query string
- */
-const buildAccessRequestModificationQuery = (requestID: string, resourceOwner: string, patchInformation: string) => `
-    PREFIX ex: <http://example.org/> 
-    PREFIX sotw: <https://w3id.org/force/sotw#>
-    PREFIX odrl: <http://www.w3.org/ns/odrl/2/>
-
-    DELETE {
-        <${requestID}> ex:requestStatus ex:requested .
-    } INSERT {
-        <${requestID}> ex:requestStatus ex:${patchInformation} .
-    } WHERE {
-        <${requestID}> a sotw:EvaluationRequest ;
-             sotw:requestedTarget ?target .
-        ?pol odrl:permission ?perm .
-        ?perm odrl:target ?target ;
-             odrl:assigner <${resourceOwner}> .
-    }
-`;
-
-// ! doesn't check if there is already an existing policy between these entities for the same resource
-// TODO: include that check
-/**
- * Construct an insertion that creates a new policy
- * based on an accepted request.
- *
- * A new policy and permission are inserted into the store,
- * linking the requesting party with the requested target and action.
- *
- * @param requestID identifier of the request
- * @param policy identifier for the new policy
- * @param permission identifier for the new permission
- * @param resourceOwner identifier of the client granting the policy
- * @returns a query string
- */
-const buildPolicyCreationFromAccessRequestQuery = (
-    requestID: string,
-    policy: string,
-    permission: string,
-    resourceOwner: string,
-) => `
-    PREFIX ex: <http://example.org/>
-    PREFIX sotw: <https://w3id.org/force/sotw#>
-    PREFIX odrl: <http://www.w3.org/ns/odrl/2/>
-
-    INSERT {
-        ex:${policy} a odrl:Agreement ;
-                    odrl:uid ex:${policy} ;
-                    odrl:permission ex:${permission} .
-        ex:${permission} a odrl:Permission ;
-                        odrl:action ?action ;
-                        odrl:target ?target ;
-                        odrl:assignee ?requestingParty ;
-                        odrl:assigner <${resourceOwner}> .
-    } WHERE {
-        <${requestID}> a sotw:EvaluationRequest ;
-             sotw:requestingParty ?requestingParty ;
-             sotw:requestedTarget ?target ;
-             sotw:requestedAction ?action ;
-             ex:requestStatus ex:accepted .
-    }
-`;
-
-/**
- * Update the status of a request in the store, and optionally
- * create a new policy if the request is accepted.
- *
- * Only "accepted" and "denied" statuses are allowed.
- * If "accepted", a new policy and permission are inserted
- * linking the client to the requested target and action.
- *
- * @param store the store to update
- * @param accessRequestID identifier of the request
- * @param resourceOwner identifier of the client performing the update
- * @param patchInformation new status ("accepted" or "denied")
- */
-export const patchAccessRequest = async (
-    store: Store,
-    accessRequestID: string,
-    resourceOwner: string,
-    patchInformation: string
-) => {
-    if (!['accepted', 'denied'].includes(patchInformation)) return ; // ? perhaps throw an error?
-    const patchQuery = buildAccessRequestModificationQuery(accessRequestID, resourceOwner, patchInformation);
-    await queryEngine.queryVoid(patchQuery, { sources: [store] });
-
-    if (patchInformation === 'accepted') {
-        const newPolicyQuery = buildPolicyCreationFromAccessRequestQuery(accessRequestID, uuid(), uuid(), resourceOwner);
-        await queryEngine.queryVoid(newPolicyQuery, { sources: [store] });
-    }
-}
-
-export class PatchError extends Error {
-    constructor(readonly status: number, message: string) {
-        super(message);
+    if (!isOwner) {
+        throw new ForbiddenHttpError("resource owner doesn't match") ;
     }
+    else await queryEngine.queryVoid(query.toString(), { sources: [store] });
 }
diff --git a/packages/uma/src/util/routeSpecific/post.ts b/packages/uma/src/util/routeSpecific/post.ts
index 762bdc2..9a7f96d 100644
--- a/packages/uma/src/util/routeSpecific/post.ts
+++ b/packages/uma/src/util/routeSpecific/post.ts
@@ -1,4 +1,5 @@
 import { Store, DataFactory } from "n3";
+import { ODRL } from 'odrl-evaluator';
 import {queryEngine} from './index';
 import { BadRequestHttpError, ForbiddenHttpError, RDF, XSD } from "@solid/community-server";
 const {literal, namedNode} = DataFactory
@@ -89,59 +90,13 @@ const buildPolicyCreationQuery = (resourceOwner: string) => `
  * @param resourceOwner identifier of the client (assigner)
  * @returns the validated policy as a store
  */
-export const postPolicy = async (store: Store, resourceOwner: string): Promise<Store> => {
+export const postPolicy = async (store: Store, resourceOwner: string):
+    Promise<{ result: Store, id: string }> => {
     const isOwner = store.countQuads(null, 'http://www.w3.org/ns/odrl/2/assigner', resourceOwner, null) !== 0;
     if (!isOwner) throw new ForbiddenHttpError();
 
     const result = await executePost(store, buildPolicyCreationQuery(resourceOwner), ["p", "r"]);
 
-    return result;
-}
-
-/**
- * Build a query to retrieve a newly posted request,
- * ensuring it has correct status and is linked to the client
- * as the requesting party.
- *
- * @param requestingParty identifier of the client
- * @returns a query string
- */
-const buildAccessRequestCreationQuery = (requestingParty: string) => `
-    PREFIX ex: <http://example.org/>
-    PREFIX sotw: <https://w3id.org/force/sotw#>
-    PREFIX dcterms: <http://purl.org/dc/terms/>
-    PREFIX odrl: <http://www.w3.org/ns/odrl/2/>
-
-    SELECT ?r
-    WHERE {
-        ?r a sotw:EvaluationRequest ;
-           dcterms:issued ?date ;
-           sotw:requestedTarget ?target ;
-           sotw:requestedAction ?action ;
-           sotw:requestingParty <${requestingParty}> ;
-           ex:requestStatus ex:requested .
-    }
-`;
-
-/**
- * Validate and retrieve a newly posted request.
- *
- * Requires that the request has correct status (`requested`),
- * is issued, and is linked to the given client as requesting party.
- *
- * @param store the source store
- * @param requestingParty identifier of the client
- * @returns the validated request as a store
- */
-export const postAccessRequest = async (store: Store, requestingParty: string): Promise<Store>  =>{
-    const hasTime = store.countQuads(null, "http://purl.org/dc/terms/issued", null, null) !== 0;
-    if (hasTime) throw new BadRequestHttpError("Time is managed by the server");
-
-    const requestIds = store.getSubjects(RDF.type, "https://w3id.org/force/sotw#EvaluationRequest", null);
-    if (requestIds.length !==1) {
-        throw new BadRequestHttpError("Expected one acces request.");
-    }
-
-    store.addQuad(requestIds[0], namedNode("http://purl.org/dc/terms/issued"), literal(new Date().toISOString(), XSD.terms.dateTime))
-    return await executePost(store, buildAccessRequestCreationQuery(requestingParty), ["r"]);
+    // TODO: at least currently it is allowed to add multiple policies in a single POST so we can't really return an ID
+    return { result, id: '' };
 }
diff --git a/packages/uma/test/unit/controller/AccessRequestController.test.ts b/packages/uma/test/unit/controller/AccessRequestController.test.ts
new file mode 100644
index 0000000..a1e0174
--- /dev/null
+++ b/packages/uma/test/unit/controller/AccessRequestController.test.ts
@@ -0,0 +1,297 @@
+import 'jest-rdf';
+import {
+  BadRequestHttpError,
+  ForbiddenHttpError,
+  KeyValueStorage,
+  NotFoundHttpError,
+  RDF
+} from '@solid/community-server';
+import { Parser, Store } from 'n3';
+import { ODRL } from 'odrl-evaluator';
+import { Mocked } from 'vitest';
+import { AccessRequestController } from '../../../src/controller/AccessRequestController';
+import { UCRulesStorage } from '../../../src/ucp/storage/UCRulesStorage';
+import { SOTW } from '../../../src/ucp/util/Vocabularies';
+
+describe('AccessRequestController', (): void => {
+  const target = 'http://example.org/resource_id';
+  const scopes = [ 'http://example.org/scope1', 'http://example.org/scope2' ];
+  const entity = 'entityID';
+  const client = 'http://example.org/client';
+  const owner = 'http://example.org/owner';
+  let quads: Store;
+  let store: Mocked<UCRulesStorage>;
+  let ownershipStore: Mocked<KeyValueStorage<string, string[]>>;
+  let controller: AccessRequestController;
+
+  beforeEach(async(): Promise<void> => {
+    quads = new Store(new Parser().parse(`
+        @prefix sotw: <https://w3id.org/force/sotw#> .
+        @prefix odrl: <http://www.w3.org/ns/odrl/2/> .
+        <http://example.org/request1> a sotw:EvaluationRequest ;
+          sotw:requestedTarget <http://example.org/resource_id1> ;
+          sotw:requestingParty <${client}> ;
+          sotw:requestStatus sotw:requested ;
+          sotw:requestedAction <${scopes[0]}> , <${scopes[1]}> .
+        
+        <http://example.org/request2> a sotw:EvaluationRequest ;
+          sotw:requestedTarget <http://example.org/resource_id2> ;
+          sotw:requestingParty <http://example.org/unknown> ;
+          sotw:requestStatus sotw:requested ;
+          sotw:requestedAction <${scopes[1]}> ;
+          odrl:constraint [
+            a odrl:Constraint ;
+            odrl:leftOperand odrl:purpose ;
+            odrl:operator odrl:eq ;
+            odrl:rightOperand <http://example.org/purpose> 
+          ] .
+      `));
+
+    store = {
+      addRule: vi.fn(async(data: Store) => quads.addQuads(data.getQuads(null, null, null, null))),
+      getStore: vi.fn().mockResolvedValue(new Store(quads)),
+      removeData: vi.fn(async(data: Store) => quads.removeQuads(data.getQuads(null, null, null, null))),
+    } satisfies Partial<UCRulesStorage> as any;
+
+    ownershipStore = {
+      get: vi.fn(),
+    } satisfies Partial<KeyValueStorage<string, string[]>> as any;
+
+    controller = new AccessRequestController(store, ownershipStore);
+  });
+
+  it('errors when trying to delete a request.', async(): Promise<void> => {
+    await expect(controller.deleteEntity(entity, client)).rejects.toThrow(ForbiddenHttpError);
+  });
+
+  it('errors when trying to replace a request.', async(): Promise<void> => {
+    await expect(controller.putEntity('data', entity, client)).rejects.toThrow(ForbiddenHttpError);
+  });
+
+  describe('#addEntity', (): void => {
+    it('can add a request.', async(): Promise<void> => {
+      const data = JSON.stringify({ resource_id: target, resource_scopes: scopes });
+
+      const response = await controller.addEntity(data, client);
+      expect(response.status).toBe(201);
+      expect(store.addRule).toHaveBeenCalledTimes(1);
+
+      const request = store.addRule.mock.calls[0][0];
+      const expected = new Parser().parse(`
+        @prefix sotw: <https://w3id.org/force/sotw#> .
+        <${response.id}> a sotw:EvaluationRequest ;
+          sotw:requestedTarget <${target}> ;
+          sotw:requestingParty <${client}> ;
+          sotw:requestStatus sotw:requested ;
+          sotw:requestedAction <${scopes[0]}> , <${scopes[1]}> .
+      `);
+      expect(request).toBeRdfIsomorphic(expected);
+    });
+
+    it('can add a request with constraints.', async(): Promise<void> => {
+      const data = JSON.stringify({
+        resource_id: target,
+        resource_scopes: scopes,
+        constraints: [
+          [ 'http://www.w3.org/ns/odrl/2/purpose', 'http://www.w3.org/ns/odrl/2/eq', 'http://example.org/purpose' ],
+        ],
+      });
+
+      const response = await controller.addEntity(data, client);
+      expect(response.status).toBe(201);
+      expect(store.addRule).toHaveBeenCalledTimes(1);
+
+      const request = store.addRule.mock.calls[0][0];
+      const expected = new Parser().parse(`
+        @prefix sotw: <https://w3id.org/force/sotw#> .
+        @prefix odrl: <http://www.w3.org/ns/odrl/2/> .
+        <${response.id}> a sotw:EvaluationRequest ;
+          sotw:requestedTarget <${target}> ;
+          sotw:requestingParty <${client}> ;
+          sotw:requestStatus sotw:requested ;
+          sotw:requestedAction <${scopes[0]}> , <${scopes[1]}> ;
+          odrl:constraint <${response.id}-constraint-1> .
+        <${response.id}-constraint-1> a odrl:Constraint ;
+          odrl:leftOperand odrl:purpose ;
+          odrl:operator odrl:eq ;
+          odrl:rightOperand <http://example.org/purpose> .
+      `);
+      expect(request).toBeRdfIsomorphic(expected);
+    });
+  });
+
+  describe('#getEntities', (): void => {
+    it('returns all requests where the user requested.', async(): Promise<void> => {
+      const response = await controller.getEntities(client);
+      expect(response.status).toBe(200);
+      expect(new Parser().parse(response.message)).toBeRdfIsomorphic(new Parser().parse(`
+        @prefix sotw: <https://w3id.org/force/sotw#> .
+        @prefix odrl: <http://www.w3.org/ns/odrl/2/> .
+        <http://example.org/request1> a sotw:EvaluationRequest ;
+          sotw:requestedTarget <http://example.org/resource_id1> ;
+          sotw:requestingParty <${client}> ;
+          sotw:requestStatus sotw:requested ;
+          sotw:requestedAction <${scopes[0]}> , <${scopes[1]}> .
+      `));
+      expect(ownershipStore.get).toHaveBeenCalledExactlyOnceWith(client);
+    });
+
+    it('returns all requests where the user is the owner of the target resource.', async(): Promise<void> => {
+      ownershipStore.get.mockResolvedValueOnce([ 'http://example.org/resource_id2' ]);
+      const response = await controller.getEntities(owner);
+      expect(response.status).toBe(200);
+      expect(new Parser().parse(response.message)).toBeRdfIsomorphic(new Parser().parse(`
+        @prefix sotw: <https://w3id.org/force/sotw#> .
+        @prefix odrl: <http://www.w3.org/ns/odrl/2/> .        
+        <http://example.org/request2> a sotw:EvaluationRequest ;
+          sotw:requestedTarget <http://example.org/resource_id2> ;
+          sotw:requestingParty <http://example.org/unknown> ;
+          sotw:requestStatus sotw:requested ;
+          sotw:requestedAction <${scopes[1]}> ;
+          odrl:constraint [
+            a odrl:Constraint ;
+            odrl:leftOperand odrl:purpose ;
+            odrl:operator odrl:eq ;
+            odrl:rightOperand <http://example.org/purpose> 
+          ] .
+      `));
+      expect(ownershipStore.get).toHaveBeenCalledExactlyOnceWith(owner);
+    });
+
+    it('returns nothing if there is no match.', async(): Promise<void> => {
+      await expect(controller.getEntities(owner)).resolves.toEqual({ status: 200, message: '' });
+    });
+  });
+
+  describe('#getEntity', (): void => {
+    it('returns the requested entity if the client is the requester.', async(): Promise<void> => {
+      const response = await controller.getEntity('http://example.org/request1', client);
+      expect(response.status).toBe(200);
+      expect(new Parser().parse(response.message)).toBeRdfIsomorphic(new Parser().parse(`
+        @prefix sotw: <https://w3id.org/force/sotw#> .
+        @prefix odrl: <http://www.w3.org/ns/odrl/2/> .
+        <http://example.org/request1> a sotw:EvaluationRequest ;
+          sotw:requestedTarget <http://example.org/resource_id1> ;
+          sotw:requestingParty <${client}> ;
+          sotw:requestStatus sotw:requested ;
+          sotw:requestedAction <${scopes[0]}> , <${scopes[1]}> .
+      `));
+    });
+
+    it('returns the requested entity if the client is the owner of the target.', async(): Promise<void> => {
+      ownershipStore.get.mockResolvedValueOnce([ 'http://example.org/resource_id2' ]);
+      const response = await controller.getEntity('http://example.org/request2', owner);
+      expect(response.status).toBe(200);
+      expect(new Parser().parse(response.message)).toBeRdfIsomorphic(new Parser().parse(`
+        @prefix sotw: <https://w3id.org/force/sotw#> .
+        @prefix odrl: <http://www.w3.org/ns/odrl/2/> .        
+        <http://example.org/request2> a sotw:EvaluationRequest ;
+          sotw:requestedTarget <http://example.org/resource_id2> ;
+          sotw:requestingParty <http://example.org/unknown> ;
+          sotw:requestStatus sotw:requested ;
+          sotw:requestedAction <${scopes[1]}> ;
+          odrl:constraint [
+            a odrl:Constraint ;
+            odrl:leftOperand odrl:purpose ;
+            odrl:operator odrl:eq ;
+            odrl:rightOperand <http://example.org/purpose> 
+          ] .
+      `));
+    });
+
+    it('returns a 404 if no request is known with that identifier.', async(): Promise<void> => {
+      await expect(controller.getEntity('http://example.org/unknown', client)).rejects.toThrow(NotFoundHttpError);
+    });
+
+    it('returns a 403 if the client is not allowed to see the resource.', async(): Promise<void> => {
+      await expect(controller.getEntity('http://example.org/request1', owner)).rejects.toThrow(ForbiddenHttpError);
+    });
+  });
+
+  // TODO: not testing with isolation as there are weird issues there
+  describe('#patchEntity', (): void => {
+    beforeEach(async(): Promise<void> => {
+      // Mocking once not sufficient since the BaseController calls getEntity multiple times as well
+      ownershipStore.get.mockResolvedValue([ 'http://example.org/resource_id2' ]);
+    });
+
+    it('creates a policy if the request is accepted.', async(): Promise<void> => {
+      await expect(controller.patchEntity('http://example.org/request2', 'accepted', owner, false))
+        .resolves.toEqual({ status: 204, body: '' });
+      expect(quads.countQuads('http://example.org/request2', SOTW.terms.requestStatus, SOTW.terms.requested, null))
+        .toBe(0);
+      expect(quads.countQuads('http://example.org/request2', SOTW.terms.requestStatus, SOTW.terms.accepted, null))
+        .toBe(1);
+      const policies = quads.getSubjects(RDF.terms.type, ODRL.terms.Agreement, null);
+      expect(policies).toHaveLength(1);
+      const permissions = quads.getObjects(policies[0], ODRL.terms.permission, null);
+      expect(permissions).toHaveLength(1);
+      const constraints = quads.getObjects(permissions[0], ODRL.terms.constraint, null);
+      expect(constraints).toHaveLength(1);
+      expect(quads.getQuads(policies[0], null, null, null)).toBeRdfIsomorphic(new Parser().parse(`
+        @prefix odrl: <http://www.w3.org/ns/odrl/2/> .
+        <${policies[0].value}> a odrl:Agreement ;
+          odrl:uid <${policies[0].value}> ;
+          odrl:permission <${permissions[0].value}> .
+      `));
+      expect(quads.getQuads(permissions[0], null, null, null)).toBeRdfIsomorphic(new Parser().parse(`
+        @prefix odrl: <http://www.w3.org/ns/odrl/2/> .
+        <${permissions[0].value}> a odrl:Permission ;
+          odrl:target <http://example.org/resource_id2> ;
+          odrl:action <http://example.org/scope2> ;
+          odrl:assignee <http://example.org/unknown> ;
+          odrl:assigner <${owner}> ;
+          odrl:constraint _:${constraints[0].value} .
+      `));
+      expect(quads.getQuads(constraints[0], null, null, null)).toBeRdfIsomorphic(new Parser().parse(`
+        @prefix odrl: <http://www.w3.org/ns/odrl/2/> .
+        _:${constraints[0].value} a odrl:Constraint ;
+          odrl:leftOperand odrl:purpose ;
+          odrl:operator odrl:eq ;
+          odrl:rightOperand <http://example.org/purpose> .
+      `));
+    });
+
+    it('returns a 404 if the request is not known.', async(): Promise<void> => {
+      await expect(controller.patchEntity('http://example.org/unknown', 'accepted', owner, false))
+        .rejects.toThrow(NotFoundHttpError);
+    });
+
+    it('errors if the user is not the owner.', async(): Promise<void> => {
+      ownershipStore.get.mockResolvedValue([]);
+      await expect(controller.patchEntity('http://example.org/request2', 'accepted', owner, false))
+        .rejects.toThrow(ForbiddenHttpError);
+    });
+
+    it('errors if an unknown state is provided.', async(): Promise<void> => {
+      await expect(controller.patchEntity('http://example.org/request2', 'unknown', owner, false))
+        .rejects.toThrow(BadRequestHttpError);
+    });
+
+    it('errors if the request has no actions.', async(): Promise<void> => {
+      store.getStore.mockResolvedValueOnce(new Store(new Parser().parse(`
+        @prefix sotw: <https://w3id.org/force/sotw#> .
+        @prefix odrl: <http://www.w3.org/ns/odrl/2/> .
+        <http://example.org/request2> a sotw:EvaluationRequest ;
+          sotw:requestedTarget <http://example.org/resource_id2> ;
+          sotw:requestingParty <${client}> ;
+          sotw:requestStatus sotw:requested .
+      `)));
+      await expect(controller.patchEntity('http://example.org/request2', 'accepted', owner, false))
+        .rejects.toThrow(`Invalid actions () or parties (${client})`);
+    });
+
+    it('errors if the request has no requester.', async(): Promise<void> => {
+      store.getStore.mockResolvedValueOnce(new Store(new Parser().parse(`
+        @prefix sotw: <https://w3id.org/force/sotw#> .
+        @prefix odrl: <http://www.w3.org/ns/odrl/2/> .
+        <http://example.org/request2> a sotw:EvaluationRequest ;
+          sotw:requestedTarget <http://example.org/resource_id2> ;
+          sotw:requestedAction <${scopes[1]}> ;
+          sotw:requestStatus sotw:requested .
+      `)));
+      await expect(controller.patchEntity('http://example.org/request2', 'accepted', owner, false))
+        .rejects.toThrow(`Invalid actions (http://example.org/scope2) or parties ()`);
+    });
+  });
+});
diff --git a/packages/uma/test/unit/routes/ResourceRegistration.test.ts b/packages/uma/test/unit/routes/ResourceRegistration.test.ts
index 74eac55..314d316 100644
--- a/packages/uma/test/unit/routes/ResourceRegistration.test.ts
+++ b/packages/uma/test/unit/routes/ResourceRegistration.test.ts
@@ -28,6 +28,7 @@ describe('ResourceRegistration', (): void => {
 
   let derivationStore: Mocked<KeyValueStorage<string, string>>;
   let registrationStore: Mocked<RegistrationStore>;
+  let ownershipStore: Mocked<KeyValueStorage<string, string[]>>
   let policies: Mocked<UCRulesStorage>;
   let validator: Mocked<RequestValidator>;
 
@@ -59,6 +60,12 @@ describe('ResourceRegistration', (): void => {
       delete: vi.fn(),
     } satisfies Partial<KeyValueStorage<string, ResourceDescription>> as any;
 
+    ownershipStore = {
+      get: vi.fn().mockResolvedValue([]),
+      set: vi.fn(),
+      delete: vi.fn(),
+    } satisfies Partial<KeyValueStorage<string, string[]>> as any;
+
     policies = {
       getStore: vi.fn().mockResolvedValue(policyStore),
       addRule: vi.fn(),
@@ -69,7 +76,7 @@ describe('ResourceRegistration', (): void => {
       handleSafe: vi.fn().mockResolvedValue({ owner }),
     } satisfies Partial<RequestValidator> as any;
 
-    handler = new ResourceRegistrationRequestHandler(derivationStore, registrationStore, policies, validator);
+    handler = new ResourceRegistrationRequestHandler(derivationStore, registrationStore, ownershipStore, policies, validator);
   });
 
   it('throws an error if the method is not allowed.', async(): Promise<void> => {
diff --git a/test/integration/AccessRequests.test.ts b/test/integration/AccessRequests.test.ts
new file mode 100644
index 0000000..72cd84a
--- /dev/null
+++ b/test/integration/AccessRequests.test.ts
@@ -0,0 +1,265 @@
+import { App, joinUrl } from '@solid/community-server';
+import { ODRL } from '@solidlab/uma';
+import { setGlobalLoggerFactory, WinstonLoggerFactory } from 'global-logger-factory';
+import { Parser, Store, DataFactory as DF } from 'n3';
+import path from 'node:path';
+import { getDefaultCssVariables, getPorts, instantiateFromConfig } from '../util/ServerUtil';
+import { generateCredentials } from '../util/UmaUtil';
+
+const [ cssPort, umaPort ] = getPorts('AccessRequests');
+
+const policyEndpoint = `http://localhost:${umaPort}/uma/policies`;
+const accessRequestEndpoint = `http://localhost:${umaPort}/uma/requests`;
+const owner = `http://localhost:${cssPort}/alice/profile/card#me`;
+const requester = `http://example.com/bob`;
+const target = `http://localhost:${cssPort}/alice/`;
+
+describe('An access request server setup', (): void => {
+  let umaApp: App;
+  let cssApp: App;
+  let requestLocation: string;
+
+  beforeAll(async(): Promise<void> => {
+    setGlobalLoggerFactory(new WinstonLoggerFactory('off'));
+
+    umaApp = await instantiateFromConfig(
+      'urn:uma:default:App',
+      path.join(__dirname, '../../packages/uma/config/default.json'),
+      {
+        'urn:uma:variables:port': umaPort,
+        'urn:uma:variables:baseUrl': `http://localhost:${umaPort}/uma`,
+        'urn:uma:variables:eyePath': 'eye',
+        'urn:uma:variables:backupFilePath': '',
+      }
+    ) as App;
+
+    cssApp = await instantiateFromConfig(
+      'urn:solid-server:default:App',
+      path.join(__dirname, '../../packages/css/config/default.json'),
+      {
+        ...getDefaultCssVariables(cssPort),
+        'urn:solid-server:uma:variable:AuthorizationServer': `http://localhost:${umaPort}/`,
+        'urn:solid-server:default:variable:seedConfig': path.join(__dirname, '../../packages/css/config/seed.json'),
+      },
+    ) as App;
+
+    await Promise.all([umaApp.start(), cssApp.start()]);
+  });
+
+  afterAll(async(): Promise<void> => {
+    await Promise.all([umaApp.stop(), cssApp.start()]);
+  });
+
+  it('can set up the resource server.', async(): Promise<void> => {
+    await generateCredentials({
+      webId: owner,
+      authorizationServer: `http://localhost:${umaPort}/uma`,
+      resourceServer: `http://localhost:${cssPort}/`,
+      email: 'alice@example.org',
+      password: 'abc123'
+    });
+  });
+
+  it('does not have any policies when starting.', async(): Promise<void> => {
+    const response = await fetch(policyEndpoint, {
+      headers: { authorization: `WebID ${encodeURIComponent(owner)}` },
+    });
+    expect(response.status).toBe(200);
+    await expect(response.text()).resolves.toBe('');
+  });
+
+  it('can request access.', async(): Promise<void> => {
+    const response = await fetch(accessRequestEndpoint, {
+      method: 'POST',
+      headers: {
+        authorization: `WebID ${encodeURIComponent(requester)}`,
+        'content-type': 'application/json',
+      },
+      body: JSON.stringify({ resource_id: target, resource_scopes: [ 'http://www.w3.org/ns/odrl/2/read' ]}),
+    });
+    requestLocation = response.headers.get('location')!;
+    expect(requestLocation.length).toBeGreaterThan(0);
+    await expect(response.status).toBe(201);
+  });
+
+  it('can see the access request as the requester.', async(): Promise<void> => {
+    let response = await fetch(accessRequestEndpoint, {
+      headers: { authorization: `WebID ${encodeURIComponent(requester)}` },
+    });
+    expect(response.status).toBe(200);
+    const parser = new Parser();
+    let store = new Store(parser.parse(await response.text()));
+    expect(store.countQuads(
+      null,
+      'http://www.w3.org/1999/02/22-rdf-syntax-ns#type',
+      'https://w3id.org/force/sotw#EvaluationRequest', null)).toBe(1);
+
+    response = await fetch(requestLocation, {
+      headers: { authorization: `WebID ${encodeURIComponent(requester)}` },
+    });
+    expect(response.status).toBe(200);
+    store = new Store(parser.parse(await response.text()));
+    expect(store.countQuads(
+      null,
+      'http://www.w3.org/1999/02/22-rdf-syntax-ns#type',
+      'https://w3id.org/force/sotw#EvaluationRequest', null)).toBe(1);
+  });
+
+  it('can see the access request as the owner.', async(): Promise<void> => {
+    // It's possible the target is not registered yet at this point, this fetch makes sure it is
+    await fetch(target);
+
+    let response = await fetch(accessRequestEndpoint, {
+      headers: { authorization: `WebID ${encodeURIComponent(owner)}` },
+    });
+    expect(response.status).toBe(200);
+    const parser = new Parser();
+    let store = new Store(parser.parse(await response.text()));
+    expect(store.countQuads(
+      null,
+      'http://www.w3.org/1999/02/22-rdf-syntax-ns#type',
+      'https://w3id.org/force/sotw#EvaluationRequest', null)).toBe(1);
+
+    response = await fetch(requestLocation, {
+      headers: { authorization: `WebID ${encodeURIComponent(owner)}` },
+    });
+    expect(response.status).toBe(200);
+    store = new Store(parser.parse(await response.text()));
+    expect(store.countQuads(
+      null,
+      'http://www.w3.org/1999/02/22-rdf-syntax-ns#type',
+      'https://w3id.org/force/sotw#EvaluationRequest', null)).toBe(1);
+  });
+
+  it('can not see the access request as someone else.', async(): Promise<void> => {
+    let response = await fetch(accessRequestEndpoint, {
+      headers: { authorization: `WebID ${encodeURIComponent('http://example.com/unknown')}` },
+    });
+    expect(response.status).toBe(200);
+    await expect(response.text()).resolves.toBe('');
+
+    response = await fetch(requestLocation, {
+      headers: { authorization: `WebID ${encodeURIComponent('http://example.com/unknown')}` },
+    });
+    expect(response.status).toBe(403);
+  });
+
+  it('can not accept the request as requester.', async(): Promise<void> => {
+    const response = await fetch(requestLocation, {
+      method: 'PATCH',
+      headers: { authorization: `WebID ${encodeURIComponent(requester)}` },
+      body: JSON.stringify({ status: 'accepted' }),
+    });
+    expect(response.status).toBe(403);
+  });
+
+  it('can accept the request as owner.', async(): Promise<void> => {
+    const response = await fetch(requestLocation, {
+      method: 'PATCH',
+      headers: { authorization: `WebID ${encodeURIComponent(owner)}`  },
+      body: JSON.stringify({ status: 'accepted' }),
+    });
+    expect(response.status).toBe(204);
+  });
+
+  it('can not modify an accepted request.', async(): Promise<void> => {
+    const response = await fetch(requestLocation, {
+      method: 'PATCH',
+      headers: { authorization: `WebID ${encodeURIComponent(owner)}` },
+      body: JSON.stringify({ status: 'denied' }),
+    });
+    expect(response.status).toBe(409);
+  });
+
+  it('has a policy after accepting the request.', async(): Promise<void> => {
+    const response = await fetch(policyEndpoint, {
+      headers: { authorization: `WebID ${encodeURIComponent(owner)}` },
+    });
+    expect(response.status).toBe(200);
+    const parser = new Parser();
+    const store = new Store(parser.parse(await response.text()));
+    expect(store.countQuads(null, ODRL.terms.action, 'http://www.w3.org/ns/odrl/2/read', null)).toBe(1);
+    expect(store.countQuads(null, ODRL.terms.target, target, null)).toBe(1);
+    expect(store.countQuads(null, ODRL.terms.assignee, requester, null)).toBe(1);
+    expect(store.countQuads(null, ODRL.terms.assigner, owner, null)).toBe(1);
+  });
+
+  it('can deny requests.', async(): Promise<void> => {
+    let response = await fetch(accessRequestEndpoint, {
+      method: 'POST',
+      headers: {
+        authorization: `WebID ${encodeURIComponent(requester)}`,
+        'content-type': 'application/json',
+      },
+      body: JSON.stringify({ resource_id: target, resource_scopes: [ 'http://www.w3.org/ns/odrl/2/write' ]}),
+    });
+    requestLocation = response.headers.get('location')!;
+    expect(requestLocation.length).toBeGreaterThan(0);
+    await expect(response.status).toBe(201);
+
+    response = await fetch(requestLocation, {
+      method: 'PATCH',
+      headers: { authorization: `WebID ${encodeURIComponent(owner)}`  },
+      body: JSON.stringify({ status: 'denied' }),
+    });
+    expect(response.status).toBe(204);
+
+    // Can not be changed
+    response = await fetch(requestLocation, {
+      method: 'PATCH',
+      headers: { authorization: `WebID ${encodeURIComponent(owner)}` },
+      body: JSON.stringify({ status: 'accepted' }),
+    });
+    expect(response.status).toBe(409);
+
+    // Did not generate a policy
+    response = await fetch(policyEndpoint, {
+      headers: { authorization: `WebID ${encodeURIComponent(owner)}` },
+    });
+    expect(response.status).toBe(200);
+    const parser = new Parser();
+    const store = new Store(parser.parse(await response.text()));
+    expect(store.countQuads(null, ODRL.terms.action, 'http://www.w3.org/ns/odrl/2/write', null)).toBe(0);
+  });
+
+  it('can add constraints to requests.', async(): Promise<void> => {
+    const purpose = 'http://example.com/purpose';
+    let response = await fetch(accessRequestEndpoint, {
+      method: 'POST',
+      headers: {
+        authorization: `WebID ${encodeURIComponent(requester)}`,
+        'content-type': 'application/json',
+      },
+      body: JSON.stringify({
+        resource_id: target,
+        resource_scopes: [ 'http://www.w3.org/ns/odrl/2/create' ],
+        constraints: [[ 'http://www.w3.org/ns/odrl/2/purpose', 'http://www.w3.org/ns/odrl/2/eq', purpose ]],
+      }),
+    });
+
+    expect(response.status).toBe(201);
+    requestLocation = response.headers.get('location')!;
+    expect(requestLocation.length).toBeGreaterThan(0);
+
+    // Can see the constraints in the request
+    response = await fetch(requestLocation, { headers: { authorization: `WebID ${encodeURIComponent(owner)}` }});
+    const requestQuads = new Store(new Parser().parse(await response.text()));
+    expect(requestQuads.countQuads(null, ODRL.terms.leftOperand, ODRL.terms.purpose, null)).toBe(1);
+
+    response = await fetch(requestLocation, {
+      method: 'PATCH',
+      headers: { authorization: `WebID ${encodeURIComponent(owner)}`  },
+      body: JSON.stringify({ status: 'accepted' }),
+    });
+    expect(response.status).toBe(204);
+
+    // Generated a policy with constraints
+    response = await fetch(policyEndpoint, {
+      headers: { authorization: `WebID ${encodeURIComponent(owner)}` },
+    });
+    expect(response.status).toBe(200);
+    const policyQuads = new Store(new Parser().parse(await response.text()));
+    expect(policyQuads.countQuads(null, ODRL.terms.action, 'http://www.w3.org/ns/odrl/2/create', null)).toBe(1);
+    expect(policyQuads.countQuads(null, ODRL.terms.leftOperand, ODRL.terms.purpose, null)).toBe(1);
+  });
+});
diff --git a/test/integration/Policies.test.ts b/test/integration/Policies.test.ts
index 3a608b2..a413468 100644
--- a/test/integration/Policies.test.ts
+++ b/test/integration/Policies.test.ts
@@ -229,7 +229,7 @@ describe('A policy server setup', (): void => {
     expect(response.status).toBe(200);
     expect(await response.text()).toHaveLength(0);
 
-    response = await fetchPolicy('GET', webIds.b, 'unknown');
+    response = await fetchPolicy('GET', webIds.b, 'http://example.org/unknown');
     expect(response.status).toBe(200);
     expect(await response.text()).toHaveLength(0);
   });
@@ -299,7 +299,6 @@ describe('A policy server setup', (): void => {
     // Rules in above policy assigned by b should still be there
     // response = await fetchPolicy('GET', webIds.b, 'urn:uuid:95efe0e8-4fb7-496d-8f3c-4d78c97829bc');
     // expect(response.status).toBe(200);
-    // console.log(await response.text());
     // let store = new Store(new Parser().parse(await response.text()));
     // let policies = store.getSubjects(ODRL.terms.uid, null, null);
     // expect(policies.map((term) => term.value)).toEqual([ 'urn:uuid:95efe0e8-4fb7-496d-8f3c-4d78c97829bc' ]);
diff --git a/test/util/ServerUtil.ts b/test/util/ServerUtil.ts
index 554bb5b..7316dcf 100644
--- a/test/util/ServerUtil.ts
+++ b/test/util/ServerUtil.ts
@@ -4,6 +4,7 @@ import * as path from 'node:path';
 
 
 const portNames = [
+  'AccessRequests',
   'Aggregation',
   'AggregationSource',
   'Base',
diff --git a/yarn.lock b/yarn.lock
index ba0fd52..120a8d0 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -5657,6 +5657,7 @@ __metadata:
     ms: "npm:^2.1.3"
     n3: "npm:^1.17.2"
     odrl-evaluator: "npm:^0.5.0"
+    rdf-string: "npm:^2.0.1"
     rdf-vocabulary: "npm:^1.0.1"
     uri-template-lite: "npm:^23.4.0"
     winston: "npm:^3.11.0"