From 816d4e2fa3fdd5d8fbb5f8c35dba15a6bbf9f6e5 Mon Sep 17 00:00:00 2001 From: silverphish-io <50057415+silverphish-io@users.noreply.github.com> Date: Thu, 25 Sep 2025 14:59:25 +0100 Subject: [PATCH 01/30] Update faq.md --- docs/faq.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/faq.md b/docs/faq.md index 5ed1d2a5f..0976c098c 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -185,7 +185,7 @@ The T-Deck firmware is free to download and most features are available without - Canada and USA are on **910.525MHz** - For other regions and countries, please check your local LoRa frequency -In UK and EU, 867.5MHz is not allowed to use 250kHz bandwidth and it only allows 2.5% duty cycle for clients. 869.525Mhz allows an airtime of 10%, 250KHz bandwidth, and a higher EIRP, therefore MeshCore nodes can send more often and with more power. That is why this frequency is chosen for UK and EU. This is also why Meshtastic also uses this frequency. +In UK and EU, 867.5MHz is not allowed to use 250kHz bandwidth and it only allows 2.5% duty cycle for clients. 869.525Mhz allows an airtime of 10%, 250KHz bandwidth, and a higher Effective Isotropic Radiated Power (EIRP), therefore MeshCore nodes can send more often and with more power. That is why this frequency is chosen for UK and EU. This is also why Meshtastic also uses this frequency. [Source](https://discord.com/channels/826570251612323860/1330643963501351004/1356540643853209641) @@ -557,7 +557,7 @@ From here, reference repeater and room server command line commands on MeshCore **A:** Yes. See the following: #### 5.14.1. meshcoremqtt -A Python script to send meshore debug and packet capture data to MQTT for analysis +A Python script to send meshcore debug and packet capture data to MQTT for analysis https://github.com/Andrew-a-g/meshcoretomqtt #### 5.14.2. MeshCore for Home Assistant From 4e886bfa90d9f179b859c21bec212609b4ac8a79 Mon Sep 17 00:00:00 2001 From: silverphish-io <50057415+silverphish-io@users.noreply.github.com> Date: Thu, 25 Sep 2025 15:01:39 +0100 Subject: [PATCH 02/30] Typo fix in faq and payloads --- docs/payloads.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/payloads.md b/docs/payloads.md index 4d00f9300..e23cbb830 100644 --- a/docs/payloads.md +++ b/docs/payloads.md @@ -57,7 +57,7 @@ Appdata Flags # Acknowledgement -An acknowledgement that a message was received. Note that for returned path messages, an acknowledgement will be sent in the "extra" payload (see [Returned Path](#returned-path)) and not as a discrete ackowledgement. CLI commands do not require an acknowledgement, neither discrete nor extra. +An acknowledgement that a message was received. Note that for returned path messages, an acknowledgement will be sent in the "extra" payload (see [Returned Path](#returned-path)) and not as a discrete acknowledgement. CLI commands do not require an acknowledgement, neither discrete nor extra. | Field | Size (bytes) | Description | |----------|--------------|------------------------------------------------------------| @@ -186,4 +186,4 @@ TODO: describe what datagram looks like # Custom packet -Custom packets have no defined format. \ No newline at end of file +Custom packets have no defined format. From c8a6bcf57f4a1fb58795a1e7373fa69323bf6328 Mon Sep 17 00:00:00 2001 From: ripplebiz Date: Sun, 28 Sep 2025 21:43:30 +1000 Subject: [PATCH 03/30] Update README.md --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 73fa960c1..eba4d1533 100644 --- a/README.md +++ b/README.md @@ -97,10 +97,10 @@ Here are some general principals you should try to adhere to: There are a number of fairly major features in the pipeline, with no particular time-frames attached yet. In very rough chronological order: - [X] Companion radio: UI redesign -- [ ] Repeater + Room Server: add ACL's (like Sensor Node has) -- [ ] Standardise Bridge mode for repeaters +- [X] Repeater + Room Server: add ACL's (like Sensor Node has) +- [X] Standardise Bridge mode for repeaters - [ ] Repeater/Bridge: Standardise the Transport Codes for zoning/filtering -- [ ] Core + Repeater: enhanced zero-hop neighbour discovery +- [X] Core + Repeater: enhanced zero-hop neighbour discovery - [ ] Core: round-trip manual path support - [ ] Companion + Apps: support for multiple sub-meshes (and 'off-grid' client repeat mode) - [ ] Core + Apps: support for LZW message compression From f594f2c7e60996a0d2d483983abc1a72cce1cfd0 Mon Sep 17 00:00:00 2001 From: uncle lit <43320854+LitBomb@users.noreply.github.com> Date: Tue, 30 Sep 2025 16:01:11 -0700 Subject: [PATCH 04/30] Update faq.md added pyMC_core to meshcore projects mentioned Cisien's meshcoretomqtt fork from Andrew-a-g updated Coding Rate explanation and recommendation updated radio presets and added how to update presets listed in the app --- docs/faq.md | 55 +++++++++++++++++++++++++++++++++++------------------ 1 file changed, 36 insertions(+), 19 deletions(-) diff --git a/docs/faq.md b/docs/faq.md index 38a552c23..d330d50e4 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -61,22 +61,23 @@ author: https://github.com/LitBomb - [5.14.3. Python MeshCore](#5143-python-meshcore) - [5.14.4. meshcore-cli](#5144-meshcore-cli) - [5.14.5. meshcore.js](#5145-meshcorejs) + - [5.14.6. pyMC\_core](#5146-pymc_core) - [6. Troubleshooting](#6-troubleshooting) - [6.1. Q: My client says another client or a repeater or a room server was last seen many, many days ago.](#61-q-my-client-says-another-client-or-a-repeater-or-a-room-server-was-last-seen-many-many-days-ago) - [6.2. Q: A repeater or a client or a room server I expect to see on my discover list (on T-Deck) or contact list (on a smart device client) are not listed.](#62-q-a-repeater-or-a-client-or-a-room-server-i-expect-to-see-on-my-discover-list-on-t-deck-or-contact-list-on-a-smart-device-client-are-not-listed) - [6.3. Q: How to connect to a repeater via BLE (Bluetooth)?](#63-q-how-to-connect-to-a-repeater-via-ble-bluetooth) - [6.4. Q: My companion isn't showing up over Bluetooth?](#64-q-my-companion-isnt-showing-up-over-bluetooth) - - [6.5. Q: I can't connect via Bluetooth, what is the Bluetooth pairing code?](#64-q-i-cant-connect-via-bluetooth-what-is-the-bluetooth-pairing-code) - - [6.6. Q: My Heltec V3 keeps disconnecting from my smartphone. It can't hold a solid Bluetooth connection.](#65-q-my-heltec-v3-keeps-disconnecting-from-my-smartphone--it-cant-hold-a-solid-bluetooth-connection) - - [6.7. Q: My RAK/T1000-E/xiao\_nRF52 device seems to be corrupted, how do I wipe it clean to start fresh?](#66-q-my-rakt1000-exiao_nrf52-device-seems-to-be-corrupted-how-do-i-wipe-it-clean-to-start-fresh) - - [6.8. Q: WebFlasher fails on Linux with failed to open](#67-q-webflasher-fails-on-linux-with-failed-to-open) + - [6.5. Q: I can't connect via Bluetooth, what is the Bluetooth pairing code?](#65-q-i-cant-connect-via-bluetooth-what-is-the-bluetooth-pairing-code) + - [6.6. Q: My Heltec V3 keeps disconnecting from my smartphone. It can't hold a solid Bluetooth connection.](#66-q-my-heltec-v3-keeps-disconnecting-from-my-smartphone--it-cant-hold-a-solid-bluetooth-connection) + - [6.7. Q: My RAK/T1000-E/xiao\_nRF52 device seems to be corrupted, how do I wipe it clean to start fresh?](#67-q-my-rakt1000-exiao_nrf52-device-seems-to-be-corrupted-how-do-i-wipe-it-clean-to-start-fresh) + - [6.8. Q: WebFlasher fails on Linux with failed to open](#68-q-webflasher-fails-on-linux-with-failed-to-open) - [7. Other Questions:](#7-other-questions) - [7.1. Q: How to update nRF (RAK, T114, Seed XIAO) repeater and room server firmware over the air using the new simpler DFU app?](#71-q-how-to-update-nrf-rak-t114-seed-xiao-repeater-and-room-server-firmware-over-the-air-using-the-new-simpler-dfu-app) - [7.2. Q: How to update ESP32-based devices over the air?](#72-q-how-to-update-esp32-based-devices-over-the-air) - [7.3. Q: Is there a way to lower the chance of a failed OTA device firmware update (DFU)?](#73-q-is-there-a-way-to-lower-the-chance-of-a-failed-ota-device-firmware-update-dfu) - [7.4. Q: are the MeshCore logo and font available?](#74-q-are-the-meshcore-logo-and-font-available) - [7.5. Q: What is the format of a contact or channel QR code?](#75-q-what-is-the-format-of-a-contact-or-channel-qr-code) - - [7.6. Q: How do I connect to the companion via WIFI, e.g. using a heltec v3?](#76-q-how-do-i-connect-to-the-comnpanion-via-wifi-eg-using-a-heltec-v3) + - [7.6. Q: How do I connect to the companion via WIFI, e.g. using a heltec v3?](#76-q-how-do-i-connect-to-the-companion-via-wifi-eg-using-a-heltec-v3) ## 1. Introduction @@ -180,22 +181,17 @@ The T-Deck firmware is free to download and most features are available without ### 2.3. Q: What frequencies are supported by MeshCore? -**A:** It supports the 868MHz range in the UK/EU and the 915MHz range in New Zealand, Australia, and the USA. Countries and regions in these two frequency ranges are also supported. The firmware and client allow users to set their preferred frequency. -- Australia and New Zealand are on **915.8MHz** -- UK and EU are on **869.525MHz** -- Canada and USA are on **910.525MHz** -- For other regions and countries, please check your local LoRa frequency +**A:** It supports the 868MHz range in the UK/EU and the 915MHz range in New Zealand, Australia, and the USA. Countries and regions in these two frequency ranges are also supported. -In UK and EU, 867.5MHz is not allowed to use 250kHz bandwidth and it only allows 2.5% duty cycle for clients. 869.525Mhz allows an airtime of 10%, 250KHz bandwidth, and a higher Effective Isotropic Radiated Power (EIRP), therefore MeshCore nodes can send more often and with more power. That is why this frequency is chosen for UK and EU. This is also why Meshtastic also uses this frequency. +Use the smartphone client or the repeater setup feature on there web flasher to set your radios' RF settings by choosing the preset for your regions. -[Source](https://discord.com/channels/826570251612323860/1330643963501351004/1356540643853209641) +Recently, as of October 2025, many regions have moved to the "narrow" setting, aka using BW62.5 and a lower SF number (instead of the original SF11). For example, USA/Canada (Recommended) preset is 910.525MHz, SF7, BW62.5, CR5. + +After extensive testing, many regions have switched or about to switch over to BW62.5 and SF7, 8, or 9. Narrower bandwidth setting and lower SF setting allow MeshCore's radio signals to fit between interference in the ISM band, provide for a lower noise floor, better SNR, and faster transmissions. + +If you have consensus from your community in your region to update your region's preset recommendation, please post your update request on the [#meshcore-app](https://discord.com/channels/1343693475589263471/1391681655911088241) channel on the [MeshCore Discord server ](https://discord.gg/cYtQNYCCRK) to let Liam Cottle know. -the rest of the radio settings are the same for all frequencies: -- Spread Factor (SF): 11 -- Coding Rate (CR): 5 -- Bandwidth (BW): 250.00 -(Originally MeshCore started with SF 10. recently (as of late April 2025) the community has advocated SF 11 also a viable option for longer range but a little slower transmission. Currently there are MeshCore meshes with SF 10 and SF 11. Liam Cottle's smartphone app's presets now recommend SF 10 for Australia and SF 11 for all other regions and countries. EU and UK has SF 10 and SF 11 presets. Work with your local meshers on deciding with SF number is best for your use cases. In the future, there may be bridge nodes that can bridge SF 10 and SF 11 (or even different frequencies) traffic.) ### 2.4. Q: What is an "advert" in MeshCore? **A:** @@ -376,7 +372,23 @@ https://github.com/meshcore-dev/MeshCore/blob/main/src/Packet.h#L19 **SF is spreading factor** - how much should the communication spread in time -**CR is coding rate** - https://www.thethingsnetwork.org/docs/lorawan/fec-and-code-rate/ +**CR is coding rate** - from: https://www.thethingsnetwork.org/docs/lorawan/fec-and-code-rate/ + +TL;DR: default CR to 5 for good stable links. If it is not a solid link and is intermittent, change to CR to 7 or 8. + +Forward Error Correction is a process of adding redundant bits to the data to be transmitted. During the transmission, data may get corrupted by interference (changes from 0 to 1 / 1 to 0). These error correction bits are used at the receivers for restoring corrupted bits. + +The Code Rate of a forward error correction expresses the proportion of bits in a data stream that actually carry useful information. + +There are 4 code rates used in LoRaWAN: + +4/5 +4/6 +5/7 +4/8 + +For example, if the code rate is 5/7, for every 5 bits of useful information, the coder generates a total of 7 bits of data, of which 2 bits are redundant. + Making the bandwidth 2x wider (from BW125 to BW250) allows you to send 2x more bytes in the same time. Making the spreading factor 1 step lower (from SF10 to SF9) allows you to send 2x more bytes in the same time. Lowering the spreading factor makes it more difficult for the gateway to receive a transmission, as it will be more sensitive to noise. You could compare this to two people taking in a noisy place (a bar for example). If you’re far from each other, you have to talk slow (SF10), but if you’re close, you can talk faster (SF7) @@ -558,7 +570,8 @@ From here, reference repeater and room server command line commands on MeshCore **A:** Yes. See the following: #### 5.14.1. meshcoremqtt -A Python script to send meshcore debug and packet capture data to MQTT for analysis +A Python script to send meshcore debug and packet capture data to MQTT for analysis. Cisien's version is a fork of Andrew-a-g's and is being used to to collect data for https://map.w0z.is/messages and https://analyzer.letsme.sh/ +https://github.com/Cisien/meshcoretomqtt https://github.com/Andrew-a-g/meshcoretomqtt #### 5.14.2. MeshCore for Home Assistant @@ -577,6 +590,10 @@ CLI interface to MeshCore companion radio over BLE, TCP, or serial. Uses Python A JavaScript library for interacting with a MeshCore device running the companion radio firmware https://github.com/liamcottle/meshcore.js +#### 5.14.6. pyMC_core +pyMC_Core is a Python port of MeshCore, designed for Raspberry Pi and similar hardware, it talks to LoRa modules over SPI. +https://github.com/rightup/pyMC_core + --- ## 6. Troubleshooting From 6ee0b851951387d1f48943df3b261b3715f5ac83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonathan=20Sto=CC=88cklmayer?= <> Date: Wed, 1 Oct 2025 09:50:41 +0200 Subject: [PATCH 05/30] Fix debug log: use c->extra.room.push_failures instead of non-existent c->push_failures --- examples/simple_room_server/MyMesh.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/simple_room_server/MyMesh.cpp b/examples/simple_room_server/MyMesh.cpp index 89f2afb3d..a8a1c8744 100644 --- a/examples/simple_room_server/MyMesh.cpp +++ b/examples/simple_room_server/MyMesh.cpp @@ -784,7 +784,7 @@ void MyMesh::loop() { if (c->extra.room.pending_ack && millisHasNowPassed(c->extra.room.ack_timeout)) { c->extra.room.push_failures++; c->extra.room.pending_ack = 0; // reset (TODO: keep prev expected_ack's in a list, incase they arrive LATER, after we retry) - MESH_DEBUG_PRINTLN("pending ACK timed out: push_failures: %d", (uint32_t)c->push_failures); + MESH_DEBUG_PRINTLN("pending ACK timed out: push_failures: %d", (uint32_t)c->extra.room.push_failures); } } // check next Round-Robin client, and sync next new post From 3e3fa5b443ca59b9633057f797b595712dd15856 Mon Sep 17 00:00:00 2001 From: tekstrand Date: Sat, 4 Oct 2025 10:54:24 -0500 Subject: [PATCH 06/30] trim trailing whitespace, clarify repeater gps, remove outdated instructions --- docs/faq.md | 182 +++++++++++++++++++++++++--------------------------- 1 file changed, 89 insertions(+), 93 deletions(-) diff --git a/docs/faq.md b/docs/faq.md index d330d50e4..c69077d1d 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -1,10 +1,6 @@ **MeshCore-FAQ** A list of frequently-asked questions and answers for MeshCore -The current version of this MeshCore FAQ is at https://github.com/meshcore-dev/MeshCore/blob/main/docs/faq.md. -This MeshCore FAQ is also mirrored at https://github.com/LitBomb/MeshCore-FAQ and might have newer updates if pull requests on Scott's MeshCore repo are not approved yet. - -author: https://github.com/LitBomb --- - [1. Introduction](#1-introduction) @@ -92,7 +88,7 @@ MeshCore is free and open source: * The T-Deck firmware is developed by Scott at Ripple Radios, the creator of MeshCore, is also free to flash on your devices and use -Some more advanced, but optional features are available on T-Deck if you register your device for a key to unlock. On the MeshCore smartphone clients for Android and iOS/iPadOS, you can unlock the wait timer for repeater and room server remote management over RF feature. +Some more advanced, but optional features are available on T-Deck if you register your device for a key to unlock. On the MeshCore smartphone clients for Android and iOS/iPadOS, you can unlock the wait timer for repeater and room server remote management over RF feature. These features are completely optional and aren't needed for the core messaging experience. They're like super bonus features and to help the developers continue to work on these amazing features, they may charge a small fee for an unlock code to utilise the advanced features. @@ -106,7 +102,7 @@ Anyone is able to build anything they like on top of MeshCore without paying any MeshCore Firmware GitHub: https://github.com/ripplebiz/MeshCore NOTE: Andy Kirby has a very useful [intro video](https://www.youtube.com/watch?v=t1qne8uJBAc) for beginners. - + You need LoRa hardware devices to run MeshCore firmware as clients or server (repeater and room server). @@ -115,7 +111,7 @@ MeshCore is available on a variety of 433MHz, 868MHz and 915MHz LoRa devices. Fo For an up-to-date list of supported devices, please go to https://flasher.meshcore.co.uk/ -To use MeshCore without using a phone as the client interface, you can run MeshCore on a LiLygo's T-Deck, T-Deck Plus, T-Pager, T-Watch, or T-Display Pro. MeshCore Ultra firmware running on these devices are a complete off-grid secure communication solution. +To use MeshCore without using a phone as the client interface, you can run MeshCore on a LiLygo's T-Deck, T-Deck Plus, T-Pager, T-Watch, or T-Display Pro. MeshCore Ultra firmware running on these devices are a complete off-grid secure communication solution. #### 1.2.2. Firmware MeshCore has four firmware types that are not available on other LoRa systems. MeshCore has the following: @@ -123,30 +119,30 @@ MeshCore has four firmware types that are not available on other LoRa systems. M #### 1.2.3. Companion Radio Firmware Companion radios are for connecting to the Android app or web app as a messenger client. There are two different companion radio firmware versions: -1. **BLE Companion** - BLE Companion firmware runs on a supported LoRa device and connects to a smart device running the Android or iOS MeshCore client over BLE +1. **BLE Companion** + BLE Companion firmware runs on a supported LoRa device and connects to a smart device running the Android or iOS MeshCore client over BLE -2. **USB Serial Companion** - USB Serial Companion firmware runs on a supported LoRa device and connects to a smart device or a computer over USB Serial running the MeshCore web client - +2. **USB Serial Companion** + USB Serial Companion firmware runs on a supported LoRa device and connects to a smart device or a computer over USB Serial running the MeshCore web client + #### 1.2.4. Repeater -Repeaters are used to extend the range of a MeshCore network. Repeater firmware runs on the same devices that run client firmware. A repeater's job is to forward MeshCore packets to the destination device. It does **not** forward or retransmit every packet it receives, unlike other LoRa mesh systems. +Repeaters are used to extend the range of a MeshCore network. Repeater firmware runs on the same devices that run client firmware. A repeater's job is to forward MeshCore packets to the destination device. It does **not** forward or retransmit every packet it receives, unlike other LoRa mesh systems. A repeater can be remotely administered using a T-Deck running the MeshCore firmware with remote administration features unlocked, or from a BLE Companion client connected to a smartphone running the MeshCore app. #### 1.2.5. Room Server -A room server is a simple BBS server for sharing posts. T-Deck devices running MeshCore firmware or a BLE Companion client connected to a smartphone running the MeshCore app can connect to a room server. +A room server is a simple BBS server for sharing posts. T-Deck devices running MeshCore firmware or a BLE Companion client connected to a smartphone running the MeshCore app can connect to a room server. Room servers store message history on them and push the stored messages to users. Room servers allow roaming users to come back later and retrieve message history. With channels, messages are either received when it's sent, or not received and missed if the channel user is out of range. Room servers are different and more like email servers where you can come back later and get your emails from your mail server. -A room server can be remotely administered using a T-Deck running the MeshCore firmware with remote administration features unlocked, or from a BLE Companion client connected to a smartphone running the MeshCore app. +A room server can be remotely administered using a T-Deck running the MeshCore firmware with remote administration features unlocked, or from a BLE Companion client connected to a smartphone running the MeshCore app. When a client logs into a room server, the client will receive the previously 32 unseen messages. -Although room server can also repeat with the command line command `set repeat on`, it is not recommended nor encouraged. A room server with repeat set to `on` lacks the full set of repeater and remote administration features that are only available in the repeater firmware. +Although room server can also repeat with the command line command `set repeat on`, it is not recommended nor encouraged. A room server with repeat set to `on` lacks the full set of repeater and remote administration features that are only available in the repeater firmware. The recommendation is to run repeater and room server on separate devices for the best experience. @@ -169,23 +165,23 @@ After you flashed the latest firmware onto your repeater device, keep the device The repeater and room server CLI reference is here: https://github.com/meshcore-dev/MeshCore/wiki/Repeater-&-Room-Server-CLI-Reference -If you have more supported devices, you can use your additional devices with the room server firmware. +If you have more supported devices, you can use your additional devices with the room server firmware. ### 2.2. Q: Does MeshCore cost any money? -**A:** All radio firmware versions (e.g. for Heltec V3, RAK, T-1000E, etc) are free and open source developed by Scott at Ripple Radios. +**A:** All radio firmware versions (e.g. for Heltec V3, RAK, T-1000E, etc) are free and open source developed by Scott at Ripple Radios. -The native Android and iOS client uses the freemium model and is developed by Liam Cottle, developer of meshtastic map at [meshtastic.liamcottle.net](https://meshtastic.liamcottle.net) on [GitHub](https://github.com/liamcottle/meshtastic-map) and [reticulum-meshchat on github](https://github.com/liamcottle/reticulum-meshchat). +The native Android and iOS client uses the freemium model and is developed by Liam Cottle, developer of meshtastic map at [meshtastic.liamcottle.net](https://meshtastic.liamcottle.net) on [GitHub](https://github.com/liamcottle/meshtastic-map) and [reticulum-meshchat on github](https://github.com/liamcottle/reticulum-meshchat). -The T-Deck firmware is free to download and most features are available without cost. To support the firmware developer, you can pay for a registration key to unlock your T-Deck for deeper map zoom and remote server administration over RF using the T-Deck. You do not need to pay for the registration to use your T-Deck for direct messaging and connecting to repeaters and room servers. +The T-Deck firmware is free to download and most features are available without cost. To support the firmware developer, you can pay for a registration key to unlock your T-Deck for deeper map zoom and remote server administration over RF using the T-Deck. You do not need to pay for the registration to use your T-Deck for direct messaging and connecting to repeaters and room servers. ### 2.3. Q: What frequencies are supported by MeshCore? -**A:** It supports the 868MHz range in the UK/EU and the 915MHz range in New Zealand, Australia, and the USA. Countries and regions in these two frequency ranges are also supported. +**A:** It supports the 868MHz range in the UK/EU and the 915MHz range in New Zealand, Australia, and the USA. Countries and regions in these two frequency ranges are also supported. -Use the smartphone client or the repeater setup feature on there web flasher to set your radios' RF settings by choosing the preset for your regions. +Use the smartphone client or the repeater setup feature on there web flasher to set your radios' RF settings by choosing the preset for your regions. -Recently, as of October 2025, many regions have moved to the "narrow" setting, aka using BW62.5 and a lower SF number (instead of the original SF11). For example, USA/Canada (Recommended) preset is 910.525MHz, SF7, BW62.5, CR5. +Recently, as of October 2025, many regions have moved to the "narrow" setting, aka using BW62.5 and a lower SF number (instead of the original SF11). For example, USA/Canada (Recommended) preset is 910.525MHz, SF7, BW62.5, CR5. After extensive testing, many regions have switched or about to switch over to BW62.5 and SF7, 8, or 9. Narrower bandwidth setting and lower SF setting allow MeshCore's radio signals to fit between interference in the ISM band, provide for a lower noise floor, better SNR, and faster transmissions. @@ -194,7 +190,7 @@ If you have consensus from your community in your region to update your region's ### 2.4. Q: What is an "advert" in MeshCore? -**A:** +**A:** Advert means to advertise yourself on the network. In Reticulum terms it would be to announce. In Meshtastic terms it would be the node sending its node info. MeshCore allows you to manually broadcast your name, position and public encryption key, which is also signed to prevent spoofing. When you click the advert button, it broadcasts that data over LoRa. MeshCore calls that an Advert. There's two ways to advert, "zero hop" and "flood". @@ -210,7 +206,7 @@ As of Aug 20 2025, a pending PR on github will change the flood advert to 12 hou ### 2.5. Q: Is there a hop limit? -**A:** Internally the firmware has maximum limit of 64 hops. In real world settings it will be difficult to get close to the limit due to the environments and timing as packets travel further and further. We want to hear how far your MeshCore conversations go. +**A:** Internally the firmware has maximum limit of 64 hops. In real world settings it will be difficult to get close to the limit due to the environments and timing as packets travel further and further. We want to hear how far your MeshCore conversations go. --- @@ -220,14 +216,14 @@ As of Aug 20 2025, a pending PR on github will change the flood advert to 12 hou ### 3.1. Q: How do you configure a repeater or a room server? -**A:** - When MeshCore is flashed onto a LoRa device is for the first time, it is necessary to set the server device's frequency to make it utilize the frequency that is legal in your country or region. +**A:** - When MeshCore is flashed onto a LoRa device is for the first time, it is necessary to set the server device's frequency to make it utilize the frequency that is legal in your country or region. Repeater or room server can be administered with one of the options below: - + - After a repeater or room server firmware is flashed on to a LoRa device, go to and use the web user interface to connect to the LoRa device via USB serial. From there you can set the name of the server, its frequency and other related settings, location, passwords etc. ![image](https://github.com/user-attachments/assets/2a9d9894-e34d-4dbe-b57c-fc3c250a2d34) - + - Connect the server device using a USB cable to a computer running Chrome on https://flasher.meshcore.co.uk/, then use the `console` feature to connect to the device - Use a MeshCore smartphone clients to remotely administer servers via LoRa. @@ -236,10 +232,10 @@ Repeater or room server can be administered with one of the options below: - + ### 3.2. Q: Do I need to set the location for a repeater? -**A:** With location set for a repeater, it can show up on a MeshCore map in the future. Set location with the following commands: +**A:** While not required, with location set for a repeater it will show up on the MeshCore map in the future. Set location with the following command: `set lat set long ` @@ -266,14 +262,14 @@ You can get the latitude and longitude from Google Maps by right-clicking the lo **A:** Yes, it is available on https://buymeacoffee.com/ripplebiz/ultra-v7-7-guide-meshcore-users ### 4.2. Q: What are the steps to get a T-Deck into DFU (Device Firmware Update) mode? -**A:** -1. Device off -2. Connect USB cable to device -3. Hold down trackball (keep holding) -4. Turn on device -5. Hear USB connection sound -6. Release trackball -7. T-Deck in DFU mode now +**A:** +1. Device off +2. Connect USB cable to device +3. Hold down trackball (keep holding) +4. Turn on device +5. Hear USB connection sound +6. Release trackball +7. T-Deck in DFU mode now 8. At this point you can begin flashing using ### 4.3. Q: Why is my T-Deck Plus not getting any satellite lock? @@ -290,8 +286,8 @@ GPS on T-Deck is always enabled. You can skip the "GPS clock sync" and the T-De **A:** Users have had no issues using 16GB or 32GB SD cards. Format the SD card to **FAT32**. ### 4.6. Q: what is the public key for the default public channel? -**A:** -T-Deck uses the same key the smartphone apps use but in base64 +**A:** +T-Deck uses the same key the smartphone apps use but in base64 `izOH6cXN6mrJ5e26oRXNcg==` The third character is the capital letter 'O', not zero `0` @@ -301,24 +297,24 @@ The smartphone app key is in hex: [Source](https://discord.com/channels/826570251612323860/1330643963501351004/1354194409213792388) ### 4.7. Q: How do I get maps on T-Deck? -**A:** You need map tiles. You can get pre-downloaded map tiles here (a good way to support development): -- (Europe) +**A:** You need map tiles. You can get pre-downloaded map tiles here (a good way to support development): +- (Europe) - (US) -Another way to download map tiles is to use this Python script to get the tiles in the areas you want: - +Another way to download map tiles is to use this Python script to get the tiles in the areas you want: + -There is also a modified script that adds additional error handling and parallel downloads: - +There is also a modified script that adds additional error handling and parallel downloads: + -UK map tiles are available separately from Andy Kirby on his discord server: +UK map tiles are available separately from Andy Kirby on his discord server: ### 4.8. Q: Where do the map tiles go? Once you have the tiles downloaded, copy the `\tiles` folder to the root of your T-Deck's SD card. ### 4.9. Q: How to unlock deeper map zoom and server management features on T-Deck? -**A:** You can download, install, and use the T-Deck firmware for free, but it has some features (map zoom, server administration) that are enabled if you purchase an unlock code for \$10 per T-Deck device. +**A:** You can download, install, and use the T-Deck firmware for free, but it has some features (map zoom, server administration) that are enabled if you purchase an unlock code for \$10 per T-Deck device. Unlock page: ### 4.10. Q: How to decipher the diagnostics screen on T-Deck? @@ -326,17 +322,17 @@ Unlock page: **A: ** Space is tight on T-Deck's screen, so the information is a bit cryptic. The format is : `{hops} l:{packet-length}({payload-len}) t:{packet-type} snr:{n} rssi:{n}` -See here for packet-type: +See here for packet-type: https://github.com/meshcore-dev/MeshCore/blob/main/src/Packet.h#L19 - - - #define PAYLOAD_TYPE_REQ 0x00 // request (prefixed with dest/src hashes, MAC) (enc data: timestamp, blob) - #define PAYLOAD_TYPE_RESPONSE 0x01 // response to REQ or ANON_REQ (prefixed with dest/src hashes, MAC) (enc data: timestamp, blob) - #define PAYLOAD_TYPE_TXT_MSG 0x02 // a plain text message (prefixed with dest/src hashes, MAC) (enc data: timestamp, text) - #define PAYLOAD_TYPE_ACK 0x03 // a simple ack #define PAYLOAD_TYPE_ADVERT 0x04 // a node advertising its Identity - #define PAYLOAD_TYPE_GRP_TXT 0x05 // an (unverified) group text message (prefixed with channel hash, MAC) (enc data: timestamp, "name: msg") - #define PAYLOAD_TYPE_GRP_DATA 0x06 // an (unverified) group datagram (prefixed with channel hash, MAC) (enc data: timestamp, blob) - #define PAYLOAD_TYPE_ANON_REQ 0x07 // generic request (prefixed with dest_hash, ephemeral pub_key, MAC) (enc data: ...) + + + #define PAYLOAD_TYPE_REQ 0x00 // request (prefixed with dest/src hashes, MAC) (enc data: timestamp, blob) + #define PAYLOAD_TYPE_RESPONSE 0x01 // response to REQ or ANON_REQ (prefixed with dest/src hashes, MAC) (enc data: timestamp, blob) + #define PAYLOAD_TYPE_TXT_MSG 0x02 // a plain text message (prefixed with dest/src hashes, MAC) (enc data: timestamp, text) + #define PAYLOAD_TYPE_ACK 0x03 // a simple ack #define PAYLOAD_TYPE_ADVERT 0x04 // a node advertising its Identity + #define PAYLOAD_TYPE_GRP_TXT 0x05 // an (unverified) group text message (prefixed with channel hash, MAC) (enc data: timestamp, "name: msg") + #define PAYLOAD_TYPE_GRP_DATA 0x06 // an (unverified) group datagram (prefixed with channel hash, MAC) (enc data: timestamp, blob) + #define PAYLOAD_TYPE_ANON_REQ 0x07 // generic request (prefixed with dest_hash, ephemeral pub_key, MAC) (enc data: ...) #define PAYLOAD_TYPE_PATH 0x08 // returned path (prefixed with dest/src hashes, MAC) (enc data: path, extra) [Source](https://discord.com/channels/1343693475589263471/1343693475589263474/1350611321040932966) @@ -366,7 +362,7 @@ https://github.com/meshcore-dev/MeshCore/blob/main/src/Packet.h#L19 ### 5.1. Q: What are BW, SF, and CR? -**A:** +**A:** **BW is bandwidth** - width of frequency spectrum that is used for transmission @@ -374,7 +370,7 @@ https://github.com/meshcore-dev/MeshCore/blob/main/src/Packet.h#L19 **CR is coding rate** - from: https://www.thethingsnetwork.org/docs/lorawan/fec-and-code-rate/ -TL;DR: default CR to 5 for good stable links. If it is not a solid link and is intermittent, change to CR to 7 or 8. +TL;DR: default CR to 5 for good stable links. If it is not a solid link and is intermittent, change to CR to 7 or 8. Forward Error Correction is a process of adding redundant bits to the data to be transmitted. During the transmission, data may get corrupted by interference (changes from 0 to 1 / 1 to 0). These error correction bits are used at the receivers for restoring corrupted bits. @@ -389,7 +385,7 @@ There are 4 code rates used in LoRaWAN: For example, if the code rate is 5/7, for every 5 bits of useful information, the coder generates a total of 7 bits of data, of which 2 bits are redundant. -Making the bandwidth 2x wider (from BW125 to BW250) allows you to send 2x more bytes in the same time. Making the spreading factor 1 step lower (from SF10 to SF9) allows you to send 2x more bytes in the same time. +Making the bandwidth 2x wider (from BW125 to BW250) allows you to send 2x more bytes in the same time. Making the spreading factor 1 step lower (from SF10 to SF9) allows you to send 2x more bytes in the same time. Lowering the spreading factor makes it more difficult for the gateway to receive a transmission, as it will be more sensitive to noise. You could compare this to two people taking in a noisy place (a bar for example). If you’re far from each other, you have to talk slow (SF10), but if you’re close, you can talk faster (SF7) @@ -397,14 +393,14 @@ So, it's balancing act between speed of the transmission and resistance to noise things network is mainly focused on LoRaWAN, but the LoRa low-level stuff still checks out for any LoRa project ### 5.2. Q: Do MeshCore clients repeat? -**A:** No, MeshCore clients do not repeat. This is the core of MeshCore's messaging-first design. This is to avoid devices flooding the air ware and create endless collisions, so messages sent aren't received. -In MeshCore, only repeaters and room server with `set repeat on` repeat. +**A:** No, MeshCore clients do not repeat. This is the core of MeshCore's messaging-first design. This is to avoid devices flooding the air ware and create endless collisions, so messages sent aren't received. +In MeshCore, only repeaters and room server with `set repeat on` repeat. ### 5.3. Q: What happens when a node learns a route via a mobile repeater, and that repeater is gone? **A:** If you used to reach a node through a repeater and the repeater is no longer reachable, the client will send the message using the existing (but now broken) known path, the message will fail after 3 retries, and the app will reset the path and send the message as flood on the last retry by default. This can be turned off in settings. If the destination is reachable directly or through another repeater, the new path will be used going forward. Or you can set the path manually if you know a specific repeater to use to reach that destination. -In the case if users are moving around frequently, and the paths are breaking, they just see the phone client retries and revert to flood to attempt to re-establish a path. +In the case if users are moving around frequently, and the paths are breaking, they just see the phone client retries and revert to flood to attempt to re-establish a path. ### 5.4. Q: How does a node discovery a path to its destination and then use it to send messages in the future, instead of flooding every message it sends like Meshtastic? @@ -423,14 +419,14 @@ Routes are stored in sender's contact list. When you send a message the first t **A:** The smartphone app key is in hex: ` 8b3387e9c5cdea6ac9e5edbaa115cd72` -T-Deck uses the same key but in base64 +T-Deck uses the same key but in base64 `izOH6cXN6mrJ5e26oRXNcg==` The third character is the capital letter 'O', not zero `0` [Source](https://discord.com/channels/826570251612323860/1330643963501351004/1354194409213792388) ### 5.7. Q: Is MeshCore open source? -**A:** Most of the firmware is freely available. Everything is open source except the T-Deck firmware and Liam's native mobile apps. -- Firmware repo: https://github.com/meshcore-dev/MeshCore +**A:** Most of the firmware is freely available. Everything is open source except the T-Deck firmware and Liam's native mobile apps. +- Firmware repo: https://github.com/meshcore-dev/MeshCore ### 5.8. Q: How can I support MeshCore? **A:** Provide your honest feedback on GitHub and on [MeshCore Discord server](https://discord.gg/BMwCtwHj5V). Spread the word of MeshCore to your friends and communities; help them get started with MeshCore. Support Scott's MeshCore development at . @@ -440,7 +436,7 @@ Support Liam Cottle's smartphone client development by unlocking the server admi Support Rastislav Vysoky (recrof)'s flasher web site and the map web site development through [PayPal](https://www.paypal.com/donate/?business=DREHF5HM265ES&no_recurring=0&item_name=If+you+enjoy+my+work%2C+you+can+support+me+here%3A¤cy_code=EUR) or [Revolut](https://revolut.me/recrof) ### 5.9. Q: How do I build MeshCore firmware from source? -**A:** See instructions here: +**A:** See instructions here: https://discord.com/channels/826570251612323860/1330643963501351004/1341826372120608769 Build instructions for MeshCore: @@ -460,7 +456,7 @@ Then it should be the same for all platforms: python3 -m venv meshcore cd meshcore && source bin/activate pip install -U platformio -git clone https://github.com/ripplebiz/MeshCore.git +git clone https://github.com/ripplebiz/MeshCore.git cd MeshCore ``` open platformio.ini and in `[arduino_base]` edit the `LORA_FREQ=867.5` @@ -470,8 +466,8 @@ pio run -e RAK_4631_Repeater ``` then you'll find `firmware.zip` in `.pio/build/RAK_4631_Repeater` -Andy also has a video on how to build using VS Code: -*How to build and flash Meshcore repeater firmware | Heltec V3* +Andy also has a video on how to build using VS Code: +*How to build and flash Meshcore repeater firmware | Heltec V3* *(Link referenced in the Discord post)* ### 5.10. Q: Are there other MeshCore related open source projects? @@ -488,13 +484,13 @@ Meshcore would not be best suited to ATAK because MeshCore: clients do not repeat and therefore you would need a network of repeaters in place will not have a stable path where all clients are constantly moving between repeaters -MeshCore clients would need to reset path constantly and flood traffic across the network which could lead to lots of collisions with something as chatty as ATAK. +MeshCore clients would need to reset path constantly and flood traffic across the network which could lead to lots of collisions with something as chatty as ATAK. This could change in the future if MeshCore develops a client firmware that repeats. [Source](https://discord.com/channels/826570251612323860/1330643963501351004/1354780032140054659) ### 5.12. Q: How do I add a node to the [MeshCore Map]([url](https://meshcore.co.uk/map.html)) -**A:** +**A:** To add a BLE Companion radio, connect to the BLE Companion radio from the MeshCore smartphone app. In the app, tap the `3 dot` menu icon at the top right corner, then tap `Internet Map`. Tap the `3 dot` menu icon again and choose `Add me to the Map` @@ -513,7 +509,7 @@ For ESP-based devices (e.g. Heltec V3) you need: - Download firmware file from flasher.meshcore.co.uk - Go to the web site on a browser, find the section that has the firmware up need - Click the Download button, right click on the file you need, for example, - - `Heltec_V3_companion_radio_ble-v1.7.1-165fb33.bin` + - `Heltec_V3_companion_radio_ble-v1.7.1-165fb33.bin` - Non-merged bin keeps the existing Bluetooth pairing database - `Heltec_v3_companion_radio_usb-v1.7.1-165fb33-merged.bin` - Merged bin overwrites everything including the bootloader, existing Bluetooth pairing database, but keeps configurations. @@ -532,7 +528,7 @@ For ESP-based devices (e.g. Heltec V3) you need: - `esptool.py -p /dev/ttyUSB0 --chip esp32-s3 write_flash 0x10000 .bin` - For merged bin: - `esptool.py -p /dev/ttyUSB0 --chip esp32-s3 write_flash 0x00000 .bin` - + **Instructions for nRF devices:** @@ -553,18 +549,18 @@ For nRF devices (e.g. RAK, Heltec T114) you need the following: - `pip install adafruit-nrfutil --break-system-packages` - Use this command to flash the nRF device: - `adafruit-nrfutil --verbose dfu serial --package RAK_4631_companion_radio_usb-v1.7.1-165fb33.zip -p /dev/ttyACM0 -b 115200 --singlebank --touch 1200` - - + + To manage a repeater or room server connected to a Pi over USB serial using shell commands, you need to install `picocom`. To install `picocom`, run the following command: - `sudo apt install picocom` To start managing your USB serial-connected device using picocom, use the following command: - `picocom -b 115200 /dev/ttyUSB0 --imap lfcrlf` -From here, reference repeater and room server command line commands on MeshCore github wiki here: +From here, reference repeater and room server command line commands on MeshCore github wiki here: - https://github.com/meshcore-dev/MeshCore/wiki/Repeater-&-Room-Server-CLI-Reference - + ### 5.14. Q: Are there are projects built around MeshCore? **A:** Yes. See the following: @@ -582,7 +578,7 @@ https://github.com/awolden/meshcore-ha Bindings to access your MeshCore companion radio nodes in python. https://github.com/fdlamotte/meshcore_py -#### 5.14.4. meshcore-cli +#### 5.14.4. meshcore-cli CLI interface to MeshCore companion radio over BLE, TCP, or serial. Uses Python MeshCore above. https://github.com/fdlamotte/meshcore-cli @@ -600,9 +596,9 @@ https://github.com/rightup/pyMC_core ### 6.1. Q: My client says another client or a repeater or a room server was last seen many, many days ago. ### 6.2. Q: A repeater or a client or a room server I expect to see on my discover list (on T-Deck) or contact list (on a smart device client) are not listed. -**A:** -- If your client is a T-Deck, it may not have its time set (no GPS installed, no GPS lock, or wrong GPS baud rate). -- If you are using the Android or iOS client, the other client, repeater, or room server may have the wrong time. +**A:** +- If your client is a T-Deck, it may not have its time set (no GPS installed, no GPS lock, or wrong GPS baud rate). +- If you are using the Android or iOS client, the other client, repeater, or room server may have the wrong time. You can get the epoch time on and use it to set your T-Deck clock. For a repeater and room server, the admin can use a T-Deck to remotely set their clock (clock sync), or use the `time` command in the USB serial console with the server device connected. @@ -623,23 +619,23 @@ You can get the epoch time on and use it to se ### 6.7. Q: My RAK/T1000-E/xiao_nRF52 device seems to be corrupted, how do I wipe it clean to start fresh? -**A:** +**A:** 1. Connect USB-C cable to your device, per your device's instruction, get it to flash mode: - For RAK, click the reset button **TWICE** - For T1000-e, quickly disconnect and reconnect the magnetic side of the cable from the device **TWICE** - For Heltec T114, click the reset button **TWICE** (the bottom button) - For Xiao nRF52, click the reset button once. If that doesn't work, quickly double click the reset button twice. If that doesn't work, disconnection the board from your PC and reconnect again ([seeed studio wiki](https://wiki.seeedstudio.com/XIAO_BLE/#access-the-swd-pins-for-debugging-and-reflashing-bootloader)) 5. A new folder will appear on your computer's desktop -6. Download the `flash_erase*.uf2` file for your device on flasher.meshcore.co.uk +6. Download the `flash_erase*.uf2` file for your device on flasher.meshcore.co.uk - RAK WisBlock and Heltec T114: `Flash_erase-nRF32_softdevice_v6.uf2` - Seeed Studio Xiao nRF52 WIO: `Flash_erase-nRF52_softdevice_v7.uf2` 8. drag and drop the uf2 file for your device to the root of the new folder 9. Wait for the copy to complete. You might get an error dialog, you can ignore it -10. Go to https://flasher.meshcore.co.uk/, click `Console` and select the serial port for your connected device +10. Go to https://flasher.meshcore.co.uk/, click `Console` and select the serial port for your connected device 11. In the console, press enter. Your flash should now be erased 12. You may now flash the latest MeshCore firmware onto your device -Separately, starting in firmware version 1.7.0, there is a CLI Rescue mode. If your device has a user button (e.g. some RAK, T114), you can activate the rescue mode by hold down the user button of the device within 8 seconds of boot. Then you can use the 'Console' on flasher.meshcore.co.uk +Separately, starting in firmware version 1.7.0, there is a CLI Rescue mode. If your device has a user button (e.g. some RAK, T114), you can activate the rescue mode by hold down the user button of the device within 8 seconds of boot. Then you can use the 'Console' on flasher.meshcore.co.uk ### 6.8. Q: WebFlasher fails on Linux with failed to open @@ -662,12 +658,12 @@ Allow the browser user on it: 4. Go to the Command Line tab, type `start ota` and hit enter. 5. you should see `OK` to confirm the repeater device is now in OTA mode 6. Run the DFU app,tab `Settings` on the top right corner -7. Enable `Packets receipt notifications`, and change `Number of Packets` to 10 for RAK, 8 for T114. 8 also works for RAK. +7. Enable `Packets receipt notifications`, and change `Number of Packets` to 10 for RAK, 8 for T114. 8 also works for RAK. 9. Select the firmware zip file you downloaded 10. Select the device you want to update. If the device you want to update is not on the list, try enabling`OTA` on the device again 11. If the device is not found, enable `Force Scanning` in the DFU app 12. Tab the `Upload` to begin OTA update -13. If it fails, try turning off and on Bluetooth on your phone. If that doesn't work, try rebooting your phone. +13. If it fails, try turning off and on Bluetooth on your phone. If that doesn't work, try rebooting your phone. 14. Wait for the update to complete. It can take a few minutes. @@ -679,13 +675,13 @@ Allow the browser user on it: 4. Go to the Command Line tab, type `start ota` and hit enter. 5. you should see `OK` to confirm the repeater device is now in OTA mode 6. The command `start ota` on an ESP32-based device starts a wifi hotspot named `MeshCore OTA` -7. From your phone or computer connect to the 'MeshCore OTA' hotspot +7. From your phone or computer connect to the 'MeshCore OTA' hotspot 8. From a browser, go to http://192.168.4.1/update and upload the non-merged bin from the flasher ### 7.3. Q: Is there a way to lower the chance of a failed OTA device firmware update (DFU)? -**A:** Yes, developer `che aporeps` has an enhanced OTA DFU bootloader for nRF52 based devices. With this bootloader, if it detects that the application firmware is invalid, it falls back to OTA DFU mode so you can attempt to flash again to recover. This bootloader has other changes to make the OTA DFU process more fault tolerant. +**A:** Yes, developer `che aporeps` has an enhanced OTA DFU bootloader for nRF52 based devices. With this bootloader, if it detects that the application firmware is invalid, it falls back to OTA DFU mode so you can attempt to flash again to recover. This bootloader has other changes to make the OTA DFU process more fault tolerant. Refer to https://github.com/oltaco/Adafruit_nRF52_Bootloader_OTAFIX for the latest information. @@ -697,7 +693,7 @@ Currently, the following boards are supported: ### 7.4. Q: are the MeshCore logo and font available? -**A:** Yes, it is on the MeshCore github repo here: +**A:** Yes, it is on the MeshCore github repo here: https://github.com/meshcore-dev/MeshCore/tree/main/logo ### 7.5. Q: What is the format of a contact or channel QR code? @@ -716,7 +712,7 @@ where `&type` is: `sensor = 4` ### 7.6. Q: How do I connect to the companion via WIFI, e.g. using a heltec v3? - **A:** + **A:** WiFi firmware requires you to compile it yourself, as you need to set the wifi ssid and password. Edit WIFI_SSID and WIFI_PWD in `./variants/heltec_v3/platformio.ini` and then flash it to your device. From 8b68b5a6898812019d77a413b3b429f0b9f04431 Mon Sep 17 00:00:00 2001 From: fdlamotte Date: Wed, 12 Nov 2025 16:14:57 +0100 Subject: [PATCH 07/30] Update README.md (RAK boards don't need pio patch) --- README.md | 9 --------- 1 file changed, 9 deletions(-) diff --git a/README.md b/README.md index eba4d1533..cb68c9609 100644 --- a/README.md +++ b/README.md @@ -113,12 +113,3 @@ There are a number of fairly major features in the pipeline, with no particular - Report bugs and request features on the [GitHub Issues](https://github.com/ripplebiz/MeshCore/issues) page. - Find additional guides and components on [my site](https://buymeacoffee.com/ripplebiz). - Join [MeshCore Discord](https://discord.gg/BMwCtwHj5V) to chat with the developers and get help from the community. - -## RAK Wireless Board Support in PlatformIO - -Before building/flashing the RAK4631 targets in this project, there is, unfortunately, some patching you have to do to your platformIO packages to make it work. There is a guide here on the process: - [RAK Wireless: How to Perform Installation of Board Support Package in PlatformIO](https://learn.rakwireless.com/hc/en-us/articles/26687276346775-How-To-Perform-Installation-of-Board-Support-Package-in-PlatformIO) - -After building, you will need to convert the output firmware.hex file into a .uf2 file you can copy over to your RAK4631 device (after doing a full erase) by using the command `uf2conv.py -f 0xADA52840 -c firmware.hex` with the python script available from: - [GitHub: Microsoft - uf2](https://github.com/Microsoft/uf2/blob/master/utils/uf2conv.py) - From cae37d889212ae3a049bedf83896eb561708c846 Mon Sep 17 00:00:00 2001 From: uncle lit <43320854+LitBomb@users.noreply.github.com> Date: Sun, 7 Dec 2025 22:31:54 -0800 Subject: [PATCH 08/30] Update faq.md add get and set prv.key add web site to generate new private key and specific its public key's first byte value add link to repeater observer instruction add links to The Comms Channel's meshcore video, MCarper's Meshcore Advantages, and Austin Mesh's MeshCore vs Meshtastic comparison add deafness instruction for agc reset interval add reference to Liam's Windows and Intel Mac client apps add reference to Tree's Meshcore packet decoder add OTA BLE update addendum for Seeed Wio Tracker L1 Pro add instruction to use T-deck's software keyboard to enter `=` at the end of the base64 public key --- docs/faq.md | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 75 insertions(+), 3 deletions(-) diff --git a/docs/faq.md b/docs/faq.md index c69077d1d..4bfa68576 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -1,6 +1,10 @@ **MeshCore-FAQ** A list of frequently-asked questions and answers for MeshCore +The current version of this MeshCore FAQ is at https://github.com/meshcore-dev/MeshCore/blob/main/docs/faq.md. +This MeshCore FAQ is also mirrored at https://github.com/LitBomb/MeshCore-FAQ and might have newer updates if pull requests on Scott's MeshCore repo are not approved yet. + +author: https://github.com/LitBomb --- - [1. Introduction](#1-introduction) @@ -22,6 +26,10 @@ A list of frequently-asked questions and answers for MeshCore - [3.2. Q: Do I need to set the location for a repeater?](#32-q-do-i-need-to-set-the-location-for-a-repeater) - [3.3. Q: What is the password to administer a repeater or a room server?](#33-q-what-is-the-password-to-administer-a-repeater-or-a-room-server) - [3.4. Q: What is the password to join a room server?](#34-q-what-is-the-password-to-join-a-room-server) + - [3.5. Q: Can I retrieve a repeater's private key or set a repeater's private key?](#35-q-can-i-retrieve-a-repeaters-private-key-or-set-a-repeaters-private-key) + - [3.6. Q: The first byte of my repeater's public key collides with an exisitng repeater on the mesh. How do I get a new private key with a matching public key that has its first byte of my choosing?](#36-q-the-first-byte-of-my-repeaters-public-key-collides-with-an-exisitng-repeater-on-the-mesh--how-do-i-get-a-new-private-key-with-a-matching-public-key-that-has-its-first-byte-of-my-choosing) + - [3.7. Q: My repeater maybe suffering from deafness due to high power interference near my mesh's frequency, it is not hearing other in-range MeshCore radios. what can I do?](#37-q-my-repeater-maybe-suffering-from-deafness-due-to-high-power-interference-near-my-meshs-frequency-it-is-not-hearing-other-in-range-meshcore-radios--what-can-i-do) + - [3.8 Q: How do I make my repeater an observer on the mesh](#38-q-how-do-i-make-my-repeater-an-observer-on-the-mesh) - [4. T-Deck Related](#4-t-deck-related) - [4.1. Q: Is there a user guide for T-Deck, T-Pager, T-Watch, or T-Display Pro?](#41-q-is-there-a-user-guide-for-t-deck-t-pager-t-watch-or-t-display-pro) - [4.2. Q: What are the steps to get a T-Deck into DFU (Device Firmware Update) mode?](#42-q-what-are-the-steps-to-get-a-t-deck-into-dfu-device-firmware-update-mode) @@ -58,6 +66,9 @@ A list of frequently-asked questions and answers for MeshCore - [5.14.4. meshcore-cli](#5144-meshcore-cli) - [5.14.5. meshcore.js](#5145-meshcorejs) - [5.14.6. pyMC\_core](#5146-pymc_core) + - [5.14.7. MeshCore Packet Decoder](#5147-meshcore-packet-decoder) + - [5.15. Q: Are there clientt applications for Windows or Mac?](#515-q-are-there-clientt-applications-for-windows-or-mac) + - [5.16. Q: Are there any document that compares MeshCore with other LoRa systems?](#516-q-are-there-any-document-that-compares-meshcore-with-other-lora-systems) - [6. Troubleshooting](#6-troubleshooting) - [6.1. Q: My client says another client or a repeater or a room server was last seen many, many days ago.](#61-q-my-client-says-another-client-or-a-repeater-or-a-room-server-was-last-seen-many-many-days-ago) - [6.2. Q: A repeater or a client or a room server I expect to see on my discover list (on T-Deck) or contact list (on a smart device client) are not listed.](#62-q-a-repeater-or-a-client-or-a-room-server-i-expect-to-see-on-my-discover-list-on-t-deck-or-contact-list-on-a-smart-device-client-are-not-listed) @@ -69,6 +80,7 @@ A list of frequently-asked questions and answers for MeshCore - [6.8. Q: WebFlasher fails on Linux with failed to open](#68-q-webflasher-fails-on-linux-with-failed-to-open) - [7. Other Questions:](#7-other-questions) - [7.1. Q: How to update nRF (RAK, T114, Seed XIAO) repeater and room server firmware over the air using the new simpler DFU app?](#71-q-how-to-update-nrf-rak-t114-seed-xiao-repeater-and-room-server-firmware-over-the-air-using-the-new-simpler-dfu-app) + - [7.1.1 Q: Can I update Seeed Studio Wio Tracker L1 Pro using OTA?](#711-q-can-i-update-seeed-studio-wio-tracker-l1-pro-using-ota) - [7.2. Q: How to update ESP32-based devices over the air?](#72-q-how-to-update-esp32-based-devices-over-the-air) - [7.3. Q: Is there a way to lower the chance of a failed OTA device firmware update (DFU)?](#73-q-is-there-a-way-to-lower-the-chance-of-a-failed-ota-device-firmware-update-dfu) - [7.4. Q: are the MeshCore logo and font available?](#74-q-are-the-meshcore-logo-and-font-available) @@ -252,6 +264,32 @@ You can get the latitude and longitude from Google Maps by right-clicking the lo `set guest.password {guest-password}` +### 3.5. Q: Can I retrieve a repeater's private key or set a repeater's private key? + +**A:** You can issue these commands to get or set a repeater's private key using a USB serial connection. + +`get prv.key` to print a repeater's private key on the serial console +`set prv.key ` to set a repeater's private key on the serila console + +Reboot the repeater after `set prv.key ` command for the new private key to take effect. + +### 3.6. Q: The first byte of my repeater's public key collides with an exisitng repeater on the mesh. How do I get a new private key with a matching public key that has its first byte of my choosing? + +**A:** You can generate a new private key and specific the first byte of its public key here: https://gessaman.com/mc-keygen/ + + +### 3.7. Q: My repeater maybe suffering from deafness due to high power interference near my mesh's frequency, it is not hearing other in-range MeshCore radios. what can I do? + +**A:** This may be due to the SX1262 radio's auto gain control feature. You can use this command to preiodically reset its AGC. + +`set agc.reset.interval ` + +This is a very low cost operation, just setting the readio's state to idle. The value is incremented by 4. `set agc.reset.interval 4` works well to cure deafness. + + +### 3.8 Q: How do I make my repeater an observer on the mesh + +**A:** The observer instruction is available here: https://analyzer.letsme.sh/observer/onboard --- @@ -289,7 +327,9 @@ GPS on T-Deck is always enabled. You can skip the "GPS clock sync" and the T-De **A:** T-Deck uses the same key the smartphone apps use but in base64 `izOH6cXN6mrJ5e26oRXNcg==` -The third character is the capital letter 'O', not zero `0` + +There are no `=` on the T-Deck's hardware keyboard. You can use the on-screen software keyboard to enter `=`. Tap the text box to enable the on-screen software keyboard. +The third character is the capital letter `O` (Oh), not zero `0` The smartphone app key is in hex: ` 8b3387e9c5cdea6ac9e5edbaa115cd72` @@ -590,6 +630,28 @@ https://github.com/liamcottle/meshcore.js pyMC_Core is a Python port of MeshCore, designed for Raspberry Pi and similar hardware, it talks to LoRa modules over SPI. https://github.com/rightup/pyMC_core +#### 5.14.7. MeshCore Packet Decoder +A TypeScript library for decoding MeshCore mesh networking packets with full cryptographic support. Uses WebAssembly (WASM) for Ed25519 key derivation through the orlp/ed25519 library. It powers the [MeshCore Packet Analyzer](https://analyzer.letsme.sh/packets). +https://github.com/michaelhart/meshcore-decoder + + +### 5.15. Q: Are there clientt applications for Windows or Mac? +**A:** Yes, the same iOS and Android client is also available for Windows and Intel Mac (sorry, not available for ARM-based Mac yet). You can find them together with the Android APK here: +https://files.liamcottle.net/MeshCore + +Both the Windows and Intel Mac versions of the client app are fully unlocked and are free to use. + +### 5.16. Q: Are there any document that compares MeshCore with other LoRa systems? + +**A:** Here is a list of MeshCore comparison resources: +The Comms Channel on YouTube: +https://www.youtube.com/watch?v=guDoKGs02Us +MeshCore Advantages by MCarper: +https://github.com/mikecarper/meshfirmware/blob/main/MeshCoreAdvantages.md +Meshcore vs Meshtastic by austinmesh.org +https://www.austinmesh.org/learn/meshcore-vs-meshtastic/ + + --- ## 6. Troubleshooting @@ -666,6 +728,12 @@ Allow the browser user on it: 13. If it fails, try turning off and on Bluetooth on your phone. If that doesn't work, try rebooting your phone. 14. Wait for the update to complete. It can take a few minutes. +#### 7.1.1 Q: Can I update Seeed Studio Wio Tracker L1 Pro using OTA? +**A:** You can flash this safer bootloader to the Wio Tracker L1 Pro +https://github.com/oltaco/Adafruit_nRF52_Bootloader_OTAFIX + +After this bootloader is flashed onto the device, you can trigger over the air update using bluetooth by holding the button next to the D-Pad and then click the reset button. The follow the same OTA update instructions above. You can skip pass the `start ota` instruction and start the update using the DFU app. + ### 7.2. Q: How to update ESP32-based devices over the air? @@ -686,10 +754,14 @@ Allow the browser user on it: Refer to https://github.com/oltaco/Adafruit_nRF52_Bootloader_OTAFIX for the latest information. Currently, the following boards are supported: -- Nologo ProMicro +- Heltec Automation Mesh Node T114 / HT-nRF5262 +- Nologo ProMicro NRF52840 (aka SuperMini NRF52840) +- Seeed Studio SenseCAP Card Tracker T1000-E +- Seeed Studio Wio Tracker L1 - Seeed Studio XIAO nRF52840 BLE - Seeed Studio XIAO nRF52840 BLE SENSE -- RAK 4631 +- RAK 4631 (See note) +- RAK WisMesh Tag (new 28/11/2025) ### 7.4. Q: are the MeshCore logo and font available? From 1f5659dd26bf171399006dfc4476160096753072 Mon Sep 17 00:00:00 2001 From: uncle lit <43320854+LitBomb@users.noreply.github.com> Date: Mon, 8 Dec 2025 09:33:10 -0800 Subject: [PATCH 09/30] Update faq.md fix typo bugs found by @4np --- docs/faq.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/docs/faq.md b/docs/faq.md index 4bfa68576..e74fbcad2 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -67,8 +67,8 @@ author: https://github.com/LitBomb - [5.14.5. meshcore.js](#5145-meshcorejs) - [5.14.6. pyMC\_core](#5146-pymc_core) - [5.14.7. MeshCore Packet Decoder](#5147-meshcore-packet-decoder) - - [5.15. Q: Are there clientt applications for Windows or Mac?](#515-q-are-there-clientt-applications-for-windows-or-mac) - - [5.16. Q: Are there any document that compares MeshCore with other LoRa systems?](#516-q-are-there-any-document-that-compares-meshcore-with-other-lora-systems) + - [5.15. Q: Are there client applications for Windows or Mac?](#515-q-are-there-clientt-applications-for-windows-or-mac) + - [5.16. Q: Are there any resources that compare MeshCore to other LoRa systems?](#516-q-are-there-any-document-that-compares-meshcore-with-other-lora-systems) - [6. Troubleshooting](#6-troubleshooting) - [6.1. Q: My client says another client or a repeater or a room server was last seen many, many days ago.](#61-q-my-client-says-another-client-or-a-repeater-or-a-room-server-was-last-seen-many-many-days-ago) - [6.2. Q: A repeater or a client or a room server I expect to see on my discover list (on T-Deck) or contact list (on a smart device client) are not listed.](#62-q-a-repeater-or-a-client-or-a-room-server-i-expect-to-see-on-my-discover-list-on-t-deck-or-contact-list-on-a-smart-device-client-are-not-listed) @@ -284,7 +284,9 @@ Reboot the repeater after `set prv.key ` command for the new private key to `set agc.reset.interval ` -This is a very low cost operation, just setting the readio's state to idle. The value is incremented by 4. `set agc.reset.interval 4` works well to cure deafness. +The `` unit is in seconds and is incremented by 4. `set agc.reset.interval 4` works well to cure deafness. + +This is a very low cost operation. AGC reset is done by simply setting `state = STATE_IDLE;` in function `RadioLibWrapper::resetAGC()` in `RadioLibWrappers.cpp` ### 3.8 Q: How do I make my repeater an observer on the mesh @@ -328,7 +330,7 @@ GPS on T-Deck is always enabled. You can skip the "GPS clock sync" and the T-De T-Deck uses the same key the smartphone apps use but in base64 `izOH6cXN6mrJ5e26oRXNcg==` -There are no `=` on the T-Deck's hardware keyboard. You can use the on-screen software keyboard to enter `=`. Tap the text box to enable the on-screen software keyboard. +There is no `=` key on the T-Deck's hardware keyboard. You can use the on-screen software keyboard to enter `=`. Tap the text box to enable the on-screen software keyboard. The third character is the capital letter `O` (Oh), not zero `0` The smartphone app key is in hex: @@ -635,13 +637,13 @@ A TypeScript library for decoding MeshCore mesh networking packets with full cry https://github.com/michaelhart/meshcore-decoder -### 5.15. Q: Are there clientt applications for Windows or Mac? +### 5.15. Q: Are there client applications for Windows or Mac? **A:** Yes, the same iOS and Android client is also available for Windows and Intel Mac (sorry, not available for ARM-based Mac yet). You can find them together with the Android APK here: https://files.liamcottle.net/MeshCore Both the Windows and Intel Mac versions of the client app are fully unlocked and are free to use. -### 5.16. Q: Are there any document that compares MeshCore with other LoRa systems? +### 5.16. Q: Are there any resources that compare MeshCore to other LoRa systems? **A:** Here is a list of MeshCore comparison resources: The Comms Channel on YouTube: From 2bcc9c10d24de07770c3e353de5782fab099df64 Mon Sep 17 00:00:00 2001 From: mattzzw Date: Sun, 14 Dec 2025 18:29:49 +0100 Subject: [PATCH 10/30] Update faq.md Fix typo --- docs/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/faq.md b/docs/faq.md index e74fbcad2..3b5535d0c 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -269,7 +269,7 @@ You can get the latitude and longitude from Google Maps by right-clicking the lo **A:** You can issue these commands to get or set a repeater's private key using a USB serial connection. `get prv.key` to print a repeater's private key on the serial console -`set prv.key ` to set a repeater's private key on the serila console +`set prv.key ` to set a repeater's private key on the serial console Reboot the repeater after `set prv.key ` command for the new private key to take effect. From 27c92d2fe9a1ee0d28e31688d24df10de6133930 Mon Sep 17 00:00:00 2001 From: uncle lit <43320854+LitBomb@users.noreply.github.com> Date: Sun, 21 Dec 2025 21:48:56 -0800 Subject: [PATCH 11/30] Update FAQ with new MeshCore applications and tx power settings for amped radios Added entries for meshcore-pi and pyMC_Repeater to the FAQ Added tx power settings for amped radios --- docs/faq.md | 34 ++++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/docs/faq.md b/docs/faq.md index 3b5535d0c..7f1be3373 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -67,8 +67,10 @@ author: https://github.com/LitBomb - [5.14.5. meshcore.js](#5145-meshcorejs) - [5.14.6. pyMC\_core](#5146-pymc_core) - [5.14.7. MeshCore Packet Decoder](#5147-meshcore-packet-decoder) - - [5.15. Q: Are there client applications for Windows or Mac?](#515-q-are-there-clientt-applications-for-windows-or-mac) - - [5.16. Q: Are there any resources that compare MeshCore to other LoRa systems?](#516-q-are-there-any-document-that-compares-meshcore-with-other-lora-systems) + - [5.14.8. meshcore-pi](#5148-meshcore-pi) + - [5.14.9. pyMC\_Repeater](#5149-pymc_repeater) + - [5.15. Q: Are there client applications for Windows or Mac?](#515-q-are-there-client-applications-for-windows-or-mac) + - [5.16. Q: Are there any resources that compare MeshCore to other LoRa systems?](#516-q-are-there-any-resources-that-compare-meshcore-to-other-lora-systems) - [6. Troubleshooting](#6-troubleshooting) - [6.1. Q: My client says another client or a repeater or a room server was last seen many, many days ago.](#61-q-my-client-says-another-client-or-a-repeater-or-a-room-server-was-last-seen-many-many-days-ago) - [6.2. Q: A repeater or a client or a room server I expect to see on my discover list (on T-Deck) or contact list (on a smart device client) are not listed.](#62-q-a-repeater-or-a-client-or-a-room-server-i-expect-to-see-on-my-discover-list-on-t-deck-or-contact-list-on-a-smart-device-client-are-not-listed) @@ -86,6 +88,8 @@ author: https://github.com/LitBomb - [7.4. Q: are the MeshCore logo and font available?](#74-q-are-the-meshcore-logo-and-font-available) - [7.5. Q: What is the format of a contact or channel QR code?](#75-q-what-is-the-format-of-a-contact-or-channel-qr-code) - [7.6. Q: How do I connect to the companion via WIFI, e.g. using a heltec v3?](#76-q-how-do-i-connect-to-the-companion-via-wifi-eg-using-a-heltec-v3) + - [7.7. Q: I have a Station G2, or a Heltec V4, or an Ikoka Stick, or a radio with a EByte E22-900M30S or a E22-900M33S module, what should their transmit power be set to?](#77-q-i-have-a-station-g2-or-a-heltec-v4-or-an-ikoka-stick-or-a-radio-with-a-ebyte-e22-900m30s-or-a-e22-900m33s-module-what-should-their-transmit-power-be-set-to) +- [| | High Output | 22 dBm | 28 dBm | |](#--high-output--22-dbm--28-dbm--) ## 1. Introduction @@ -636,6 +640,14 @@ https://github.com/rightup/pyMC_core A TypeScript library for decoding MeshCore mesh networking packets with full cryptographic support. Uses WebAssembly (WASM) for Ed25519 key derivation through the orlp/ed25519 library. It powers the [MeshCore Packet Analyzer](https://analyzer.letsme.sh/packets). https://github.com/michaelhart/meshcore-decoder +#### 5.14.8. meshcore-pi +meshcore-pi is another Python port of MeshCore, designed for Raspberry Pi and similar hardware, it talks to LoRa modules over SPI or GPIO. +https://github.com/brianwiddas/meshcore-pi + +#### 5.14.9. pyMC_Repeater +pyMC_Repeater is a repeater daemon in Python built on top of the [`pymc_core`](#5146-pymc_core) library. +https://github.com/rightup/pyMC_Repeater + ### 5.15. Q: Are there client applications for Windows or Mac? **A:** Yes, the same iOS and Android client is also available for Windows and Intel Mac (sorry, not available for ARM-based Mac yet). You can find them together with the Android APK here: @@ -790,4 +802,22 @@ where `&type` is: WiFi firmware requires you to compile it yourself, as you need to set the wifi ssid and password. Edit WIFI_SSID and WIFI_PWD in `./variants/heltec_v3/platformio.ini` and then flash it to your device. +### 7.7. Q: I have a Station G2, or a Heltec V4, or an Ikoka Stick, or a radio with a EByte E22-900M30S or a E22-900M33S module, what should their transmit power be set to? + **A:** +For companion radios, you can set these radios' transmit power in the smartphone app. For repeater and room server radios, you can set their transmit power using the command line command `set tx`. You can get their current value using command line comand `get tx` + + +> ### ⚠️ **WARNING: Set these values at your own risk. Incorrect power settings can permanently damage your radio hardware.** + +| Device / Model | Region / Description | In-App Setting (dBm) | Target Radio Output | Notes | +| :--- | :--- | :--- | :--- | :--- | +| **Station G2**
[Reference](https://wiki.uniteng.com/en/meshtastic/station-g2) | US915 Max Output | 19 dBm | 26.5 dBm (4.46W) | | +| | US915 Recommended Max | 16 dBm | 35 dBm (3.16W) | 1dB compression point | +| | EU868 Recommended Max | 15 dBm | 34.5 dBm (2.82W) | 1dB compression point | +| | US915 1W Output | 10 dBm | 1W | | +| | EU868 1W Output | 9 dBm | 1W | | +| **Ikoka Stick E22-900M30S** | 1W Model | 19 dBm | 1W | **DO NOT EXCEED** (Risk of burn out) | +| **Ikoka Stick E22-900M33S** | 2W Model | 9 dBm | 2W | **DO NOT EXCEED** (Risk of burn out) | +| **Heltec V4** | Standard Output | 10 dBm | 22 dBm | | +| | High Output | 22 dBm | 28 dBm | | --- From a93527a47400308577b565f772974eba6e0343df Mon Sep 17 00:00:00 2001 From: uncle lit <43320854+LitBomb@users.noreply.github.com> Date: Fri, 2 Jan 2026 22:34:10 -0800 Subject: [PATCH 12/30] fix Station G2 output dBm typo fix Station G2 output dBm typo reported on https://github.com/meshcore-dev/MeshCore/issues/1304 changed 26.5 dBm to 36.5 dBm --- docs/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/faq.md b/docs/faq.md index 7f1be3373..66a942a4a 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -811,7 +811,7 @@ For companion radios, you can set these radios' transmit power in the smartphone | Device / Model | Region / Description | In-App Setting (dBm) | Target Radio Output | Notes | | :--- | :--- | :--- | :--- | :--- | -| **Station G2**
[Reference](https://wiki.uniteng.com/en/meshtastic/station-g2) | US915 Max Output | 19 dBm | 26.5 dBm (4.46W) | | +| **Station G2**
[Reference](https://wiki.uniteng.com/en/meshtastic/station-g2) | US915 Max Output | 19 dBm | 36.5 dBm (4.46W) | | | | US915 Recommended Max | 16 dBm | 35 dBm (3.16W) | 1dB compression point | | | EU868 Recommended Max | 15 dBm | 34.5 dBm (2.82W) | 1dB compression point | | | US915 1W Output | 10 dBm | 1W | | From 0c2da8ce1e064879b7525d1dd92ba2eca98fe170 Mon Sep 17 00:00:00 2001 From: liamcottle Date: Wed, 28 Jan 2026 21:20:36 +1300 Subject: [PATCH 13/30] add support for mkdocs --- docs/_assets/meshcore_tm.svg | 14 ++++++++++++++ docs/_stylesheets/extra.css | 11 +++++++++++ docs/index.md | 13 +++++++++++++ mkdocs.yml | 20 ++++++++++++++++++++ 4 files changed, 58 insertions(+) create mode 100644 docs/_assets/meshcore_tm.svg create mode 100644 docs/_stylesheets/extra.css create mode 100644 docs/index.md create mode 100644 mkdocs.yml diff --git a/docs/_assets/meshcore_tm.svg b/docs/_assets/meshcore_tm.svg new file mode 100644 index 000000000..b7e252d96 --- /dev/null +++ b/docs/_assets/meshcore_tm.svg @@ -0,0 +1,14 @@ + + + + + + + + + + + + + + diff --git a/docs/_stylesheets/extra.css b/docs/_stylesheets/extra.css new file mode 100644 index 000000000..55d1b1479 --- /dev/null +++ b/docs/_stylesheets/extra.css @@ -0,0 +1,11 @@ +:root { + --md-primary-fg-color: #1F2937; + --md-primary-fg-color--light: #1F2937; + --md-primary-fg-color--dark: #1F2937; + --md-accent-fg-color: #1F2937; +} + +/* hide git repo version */ +.md-source__fact--version { + display: none; +} diff --git a/docs/index.md b/docs/index.md new file mode 100644 index 000000000..b4fb262b1 --- /dev/null +++ b/docs/index.md @@ -0,0 +1,13 @@ +# Welcome + +Welcome to the MeshCore documentation. + +## Building and viewing Docs + +``` +pip install mkdocs +pip install mkdocs-material +``` + +* `mkdocs serve` - Start the live-reloading docs server. +* `mkdocs build` - Build the documentation site. diff --git a/mkdocs.yml b/mkdocs.yml new file mode 100644 index 000000000..9cc7b3ad9 --- /dev/null +++ b/mkdocs.yml @@ -0,0 +1,20 @@ +site_name: MeshCore Docs +site_url: https://meshcore-dev.github.io/meshcore/ +site_description: Documentation for the open source MeshCore firmware + +repo_name: meshcore-dev/meshcore +repo_url: https://github.com/meshcore-dev/meshcore/ +edit_uri: edit/main/docs/ + +theme: + name: material + logo: _assets/meshcore_tm.svg + features: + - content.action.edit + - content.code.copy + - search.highlight + - search.suggest + - toc.integrate + +extra_css: + - _stylesheets/extra.css From a87c0fe2d6d7b11014d874c16f9b3f41c0df2484 Mon Sep 17 00:00:00 2001 From: liamcottle Date: Wed, 28 Jan 2026 21:25:44 +1300 Subject: [PATCH 14/30] separate table of contents --- mkdocs.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/mkdocs.yml b/mkdocs.yml index 9cc7b3ad9..3a76842f5 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -14,7 +14,6 @@ theme: - content.code.copy - search.highlight - search.suggest - - toc.integrate extra_css: - _stylesheets/extra.css From 132c8961e87cb8b165db8d43769acaacd81eca01 Mon Sep 17 00:00:00 2001 From: liamcottle Date: Wed, 28 Jan 2026 21:37:21 +1300 Subject: [PATCH 15/30] add workflow to build and deploy docs to github pages --- .github/workflows/github-pages.yml | 32 ++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .github/workflows/github-pages.yml diff --git a/.github/workflows/github-pages.yml b/.github/workflows/github-pages.yml new file mode 100644 index 000000000..b5b742f50 --- /dev/null +++ b/.github/workflows/github-pages.yml @@ -0,0 +1,32 @@ +name: Build and deploy Docs site to GitHub Pages + +on: + push: + branches: + - main + +permissions: + contents: write + +jobs: + github-pages: + runs-on: ubuntu-latest + steps: + + - name: Checkout Repo + uses: actions/checkout@v4 + + - name: Setup Python + uses: actions/setup-python@v5 + with: + ruby-version: 3.x + + - name: Configure Git Credentials + run: | + git config user.name github-actions[bot] + git config user.email 41898282+github-actions[bot]@users.noreply.github.com + + - name: Build and Deploy + run: | + pip install mkdocs-material + mkdocs gh-deploy --force From c35c1961de3bb86c90e81e833519d35fbb238651 Mon Sep 17 00:00:00 2001 From: liamcottle Date: Wed, 28 Jan 2026 21:39:04 +1300 Subject: [PATCH 16/30] add docs branch for testing --- .github/workflows/github-pages.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/github-pages.yml b/.github/workflows/github-pages.yml index b5b742f50..a80c20987 100644 --- a/.github/workflows/github-pages.yml +++ b/.github/workflows/github-pages.yml @@ -4,6 +4,7 @@ on: push: branches: - main + - docs permissions: contents: write From 706b5a39c69db2b3a9313147c2d1fa951b577a81 Mon Sep 17 00:00:00 2001 From: liamcottle Date: Wed, 28 Jan 2026 21:44:19 +1300 Subject: [PATCH 17/30] allow manual deploy --- .github/workflows/github-pages.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/github-pages.yml b/.github/workflows/github-pages.yml index a80c20987..e1ef22385 100644 --- a/.github/workflows/github-pages.yml +++ b/.github/workflows/github-pages.yml @@ -1,6 +1,7 @@ name: Build and deploy Docs site to GitHub Pages on: + workflow_dispatch: push: branches: - main From 6fba1849dd95a2929bef196e7ce778aa48073dcc Mon Sep 17 00:00:00 2001 From: dowjames Date: Thu, 29 Jan 2026 10:43:09 -0500 Subject: [PATCH 18/30] Sensecap solar node GPS --- variants/sensecap_solar/platformio.ini | 47 +++++--------------------- variants/sensecap_solar/target.cpp | 14 ++++++-- variants/sensecap_solar/target.h | 6 +++- variants/sensecap_solar/variant.cpp | 14 ++++---- variants/sensecap_solar/variant.h | 3 +- 5 files changed, 33 insertions(+), 51 deletions(-) diff --git a/variants/sensecap_solar/platformio.ini b/variants/sensecap_solar/platformio.ini index d4fb7b442..614d3ae28 100644 --- a/variants/sensecap_solar/platformio.ini +++ b/variants/sensecap_solar/platformio.ini @@ -8,7 +8,7 @@ build_flags = ${nrf52_base.build_flags} -I lib/nrf52/s140_nrf52_7.3.0_API/include/nrf52 -I variants/sensecap_solar -I src/helpers/nrf52 - -UENV_INCLUDE_GPS + -D ENV_INCLUDE_GPS=1 -D NRF52_PLATFORM=1 -D RADIO_CLASS=CustomSX1262 -D WRAPPER_CLASS=CustomSX1262Wrapper @@ -24,6 +24,12 @@ build_flags = ${nrf52_base.build_flags} -D SX126X_DIO3_TCXO_VOLTAGE=1.8 -D SX126X_CURRENT_LIMIT=140 -D SX126X_RX_BOOSTED_GAIN=1 + -D PIN_GPS_TX=7 + -D PIN_GPS_RX=6 + -D PIN_GPS_EN=18 + -D PIN_GPS_STANDBY=0 + -D PIN_GPS_EN_ACTIVE=HIGH + -D GPS_BAUD_RATE=9600 build_src_filter = ${nrf52_base.build_src_filter} + + @@ -33,6 +39,7 @@ upload_protocol = nrfutil lib_deps = ${nrf52_base.lib_deps} ${sensor_base.lib_deps} + stevemarple/MicroNMEA @ ^2.0.6 [env:SenseCap_Solar_repeater] extends = SenseCap_Solar @@ -58,42 +65,4 @@ build_flags = -D ADMIN_PASSWORD='"password"' ; -D MESH_PACKET_LOGGING=1 ; -D MESH_DEBUG=1 -build_src_filter = ${SenseCap_Solar.build_src_filter} - +<../examples/simple_room_server/*.cpp> - -[env:SenseCap_Solar_companion_radio_ble] -extends = SenseCap_Solar -board_build.ldscript = boards/nrf52840_s140_v7_extrafs.ld -board_upload.maximum_size = 708608 -build_flags = - ${SenseCap_Solar.build_flags} - -D MAX_CONTACTS=350 - -D MAX_GROUP_CHANNELS=40 - -D BLE_PIN_CODE=123456 - -D OFFLINE_QUEUE_SIZE=256 -; -D BLE_DEBUG_LOGGING=1 -; -D MESH_PACKET_LOGGING=1 -; -D MESH_DEBUG=1 -build_src_filter = ${SenseCap_Solar.build_src_filter} - + - +<../examples/companion_radio/*.cpp> -lib_deps = - ${SenseCap_Solar.lib_deps} - densaugeo/base64 @ ~1.4.0 - -[env:SenseCap_Solar_companion_radio_usb] -extends = SenseCap_Solar -board_build.ldscript = boards/nrf52840_s140_v7_extrafs.ld -board_upload.maximum_size = 708608 -build_flags = - ${SenseCap_Solar.build_flags} - -D MAX_CONTACTS=350 - -D MAX_GROUP_CHANNELS=40 -; -D MESH_PACKET_LOGGING=1 -; -D MESH_DEBUG=1 -build_src_filter = ${SenseCap_Solar.build_src_filter} - + - +<../examples/companion_radio/*.cpp> -lib_deps = - ${SenseCap_Solar.lib_deps} densaugeo/base64 @ ~1.4.0 \ No newline at end of file diff --git a/variants/sensecap_solar/target.cpp b/variants/sensecap_solar/target.cpp index 6bd7d31a7..bc21ce242 100644 --- a/variants/sensecap_solar/target.cpp +++ b/variants/sensecap_solar/target.cpp @@ -2,6 +2,10 @@ #include "target.h" #include +#ifdef ENV_INCLUDE_GPS +#include +#endif + SenseCapSolarBoard board; RADIO_CLASS radio = new Module(P_LORA_NSS, P_LORA_DIO_1, P_LORA_RESET, P_LORA_BUSY, SPI); @@ -10,7 +14,13 @@ WRAPPER_CLASS radio_driver(radio, board); VolatileRTCClock fallback_clock; AutoDiscoverRTCClock rtc_clock(fallback_clock); -EnvironmentSensorManager sensors; + +#ifdef ENV_INCLUDE_GPS +MicroNMEALocationProvider nmea = MicroNMEALocationProvider(Serial1, &rtc_clock, PIN_GPS_STANDBY, PIN_GPS_EN); +EnvironmentSensorManager sensors = EnvironmentSensorManager(nmea); +#else +EnvironmentSensorManager sensors = EnvironmentSensorManager(); +#endif bool radio_init() { rtc_clock.begin(Wire); @@ -36,4 +46,4 @@ void radio_set_tx_power(uint8_t dbm) { mesh::LocalIdentity radio_new_identity() { RadioNoiseListener rng(radio); return mesh::LocalIdentity(&rng); // create new random identity -} +} \ No newline at end of file diff --git a/variants/sensecap_solar/target.h b/variants/sensecap_solar/target.h index 90d60ba52..919b0e4f3 100644 --- a/variants/sensecap_solar/target.h +++ b/variants/sensecap_solar/target.h @@ -9,6 +9,10 @@ #include #include +#ifdef ENV_INCLUDE_GPS +#include +#endif + extern SenseCapSolarBoard board; extern WRAPPER_CLASS radio_driver; extern AutoDiscoverRTCClock rtc_clock; @@ -18,4 +22,4 @@ bool radio_init(); uint32_t radio_get_rng_seed(); void radio_set_params(float freq, float bw, uint8_t sf, uint8_t cr); void radio_set_tx_power(uint8_t dbm); -mesh::LocalIdentity radio_new_identity(); +mesh::LocalIdentity radio_new_identity(); \ No newline at end of file diff --git a/variants/sensecap_solar/variant.cpp b/variants/sensecap_solar/variant.cpp index 05774c102..cff13a8d8 100644 --- a/variants/sensecap_solar/variant.cpp +++ b/variants/sensecap_solar/variant.cpp @@ -48,9 +48,6 @@ const uint32_t g_ADigitalPinMap[] = { }; void initVariant() { - pinMode(GPS_EN, OUTPUT); - digitalWrite(GPS_EN, LOW); - pinMode(BATTERY_PIN, INPUT); pinMode(VBAT_ENABLE, OUTPUT); digitalWrite(VBAT_ENABLE, LOW); @@ -64,8 +61,9 @@ void initVariant() { pinMode(LED_BLUE, OUTPUT); digitalWrite(LED_BLUE, LOW); - /* disable gps until we actually support it. - pinMode(GPS_EN, OUTPUT); - digitalWrite(GPS_EN, HIGH); - */ -} +#ifdef ENV_INCLUDE_GPS + // Initialize GPS enable pin (GPS will be powered on/off by sensor manager) + pinMode(PIN_GPS_EN, OUTPUT); + digitalWrite(PIN_GPS_EN, LOW); // Start with GPS off +#endif +} \ No newline at end of file diff --git a/variants/sensecap_solar/variant.h b/variants/sensecap_solar/variant.h index 76494f48e..145363ca6 100644 --- a/variants/sensecap_solar/variant.h +++ b/variants/sensecap_solar/variant.h @@ -69,7 +69,8 @@ #define PIN_GPS_TX PIN_SERIAL1_RX #define PIN_GPS_RX PIN_SERIAL1_TX #define PIN_GPS_STANDBY (0) -#define GPS_EN (18) +#define PIN_GPS_EN (18) +#define GPS_EN PIN_GPS_EN // Alias for compatibility // QSPI Pins #define PIN_QSPI_SCK (21) From b9942bd452556ad0c57393ec37bba628ebcd4ac9 Mon Sep 17 00:00:00 2001 From: dowjames Date: Thu, 29 Jan 2026 11:24:58 -0500 Subject: [PATCH 19/30] add mqtt option for Heltec V3 and V4 --- examples/simple_repeater/MyMesh.cpp | 167 ++++++-- examples/simple_repeater/MyMesh.h | 37 +- examples/simple_repeater/UITask.cpp | 15 + examples/simple_room_server/MyMesh.cpp | 97 ++++- examples/simple_room_server/MyMesh.h | 8 + examples/simple_room_server/UITask.cpp | 15 + examples/simple_sensor/SensorMesh.cpp | 2 +- examples/simple_sensor/SensorMesh.h | 4 +- src/Dispatcher.h | 1 + src/helpers/CommonCLI.cpp | 527 ++++++++++++++++++++++++- src/helpers/CommonCLI.h | 82 +++- variants/heltec_v3/platformio.ini | 83 ++++ variants/heltec_v4/platformio.ini | 84 +++- 13 files changed, 1059 insertions(+), 63 deletions(-) diff --git a/examples/simple_repeater/MyMesh.cpp b/examples/simple_repeater/MyMesh.cpp index 6d957cc09..c07fe2e2c 100644 --- a/examples/simple_repeater/MyMesh.cpp +++ b/examples/simple_repeater/MyMesh.cpp @@ -1,5 +1,6 @@ #include "MyMesh.h" #include +#include // for qsort() /* ------------------------------ Config -------------------------------- */ @@ -144,6 +145,39 @@ uint8_t MyMesh::handleLoginReq(const mesh::Identity& sender, const uint8_t* secr return 13; // reply length } +// Comparison functions for qsort() - defined at file scope to avoid heap allocations +static int cmp_neighbours_newest_to_oldest(const void* a, const void* b) { + const NeighbourInfo* na = *(const NeighbourInfo**)a; + const NeighbourInfo* nb = *(const NeighbourInfo**)b; + if (nb->heard_timestamp > na->heard_timestamp) return 1; + if (nb->heard_timestamp < na->heard_timestamp) return -1; + return 0; +} + +static int cmp_neighbours_oldest_to_newest(const void* a, const void* b) { + const NeighbourInfo* na = *(const NeighbourInfo**)a; + const NeighbourInfo* nb = *(const NeighbourInfo**)b; + if (na->heard_timestamp > nb->heard_timestamp) return 1; + if (na->heard_timestamp < nb->heard_timestamp) return -1; + return 0; +} + +static int cmp_neighbours_strongest_to_weakest(const void* a, const void* b) { + const NeighbourInfo* na = *(const NeighbourInfo**)a; + const NeighbourInfo* nb = *(const NeighbourInfo**)b; + if (nb->snr > na->snr) return 1; + if (nb->snr < na->snr) return -1; + return 0; +} + +static int cmp_neighbours_weakest_to_strongest(const void* a, const void* b) { + const NeighbourInfo* na = *(const NeighbourInfo**)a; + const NeighbourInfo* nb = *(const NeighbourInfo**)b; + if (na->snr > nb->snr) return 1; + if (na->snr < nb->snr) return -1; + return 0; +} + uint8_t MyMesh::handleAnonRegionsReq(const mesh::Identity& sender, uint32_t sender_timestamp, const uint8_t* data) { if (anon_limiter.allow(rtc_clock.getCurrentTime())) { // request data has: {reply-path-len}{reply-path} @@ -290,42 +324,47 @@ int MyMesh::handleRequest(ClientInfo *sender, uint32_t sender_timestamp, uint8_t MESH_DEBUG_PRINTLN("REQ_TYPE_GET_NEIGHBOURS invalid pubkey_prefix_length=%d clamping to %d", pubkey_prefix_length, PUB_KEY_SIZE); } - // create copy of neighbours list, skipping empty entries so we can sort it separately from main list + // Early exit if no neighbours to avoid unnecessary processing int16_t neighbours_count = 0; + for (int i = 0; i < MAX_NEIGHBOURS; i++) { + if (neighbours[i].heard_timestamp > 0) { + neighbours_count++; + } + } + + if (neighbours_count == 0) { + // No neighbours - return minimal response + memcpy(&reply_data[reply_offset], &neighbours_count, 2); reply_offset += 2; + uint16_t zero = 0; + memcpy(&reply_data[reply_offset], &zero, 2); reply_offset += 2; // results_count = 0 + return reply_offset; + } + + // create copy of neighbours list, skipping empty entries so we can sort it separately from main list NeighbourInfo* sorted_neighbours[MAX_NEIGHBOURS]; + int16_t sorted_idx = 0; for (int i = 0; i < MAX_NEIGHBOURS; i++) { auto neighbour = &neighbours[i]; if (neighbour->heard_timestamp > 0) { - sorted_neighbours[neighbours_count] = neighbour; - neighbours_count++; + sorted_neighbours[sorted_idx++] = neighbour; } } - // sort neighbours based on order + // Sort neighbours based on order using qsort() - standard C library function + // qsort() doesn't allocate heap memory (uses stack-based recursion) and is O(n log n) + // This matches the pattern used elsewhere in the codebase (e.g., BaseChatMesh) if (order_by == 0) { // sort by newest to oldest - MESH_DEBUG_PRINTLN("REQ_TYPE_GET_NEIGHBOURS sorting newest to oldest"); - std::sort(sorted_neighbours, sorted_neighbours + neighbours_count, [](const NeighbourInfo* a, const NeighbourInfo* b) { - return a->heard_timestamp > b->heard_timestamp; // desc - }); + qsort(sorted_neighbours, neighbours_count, sizeof(NeighbourInfo*), cmp_neighbours_newest_to_oldest); } else if (order_by == 1) { // sort by oldest to newest - MESH_DEBUG_PRINTLN("REQ_TYPE_GET_NEIGHBOURS sorting oldest to newest"); - std::sort(sorted_neighbours, sorted_neighbours + neighbours_count, [](const NeighbourInfo* a, const NeighbourInfo* b) { - return a->heard_timestamp < b->heard_timestamp; // asc - }); + qsort(sorted_neighbours, neighbours_count, sizeof(NeighbourInfo*), cmp_neighbours_oldest_to_newest); } else if (order_by == 2) { // sort by strongest to weakest - MESH_DEBUG_PRINTLN("REQ_TYPE_GET_NEIGHBOURS sorting strongest to weakest"); - std::sort(sorted_neighbours, sorted_neighbours + neighbours_count, [](const NeighbourInfo* a, const NeighbourInfo* b) { - return a->snr > b->snr; // desc - }); + qsort(sorted_neighbours, neighbours_count, sizeof(NeighbourInfo*), cmp_neighbours_strongest_to_weakest); } else if (order_by == 3) { // sort by weakest to strongest - MESH_DEBUG_PRINTLN("REQ_TYPE_GET_NEIGHBOURS sorting weakest to strongest"); - std::sort(sorted_neighbours, sorted_neighbours + neighbours_count, [](const NeighbourInfo* a, const NeighbourInfo* b) { - return a->snr < b->snr; // asc - }); + qsort(sorted_neighbours, neighbours_count, sizeof(NeighbourInfo*), cmp_neighbours_weakest_to_strongest); } // build results buffer @@ -409,12 +448,19 @@ void MyMesh::logRxRaw(float snr, float rssi, const uint8_t raw[], int len) { mesh::Utils::printHex(Serial, raw, len); Serial.println(); #endif + +#ifdef WITH_BRIDGE + if (_prefs.bridge_enabled) { + // Store raw radio data for MQTT messages + bridge.storeRawRadioData(raw, len, snr, rssi); + } +#endif } void MyMesh::logRx(mesh::Packet *pkt, int len, float score) { #ifdef WITH_BRIDGE if (_prefs.bridge_pkt_src == 1) { - bridge.sendPacket(pkt); + bridge.onPacketReceived(pkt); } #endif @@ -712,9 +758,7 @@ bool MyMesh::onPeerPathRecv(mesh::Packet *packet, int sender_idx, const uint8_t void MyMesh::onControlDataRecv(mesh::Packet* packet) { uint8_t type = packet->payload[0] & 0xF0; // just test upper 4 bits - if (type == CTL_TYPE_NODE_DISCOVER_REQ && packet->payload_len >= 6 - && !_prefs.disable_fwd && discover_limiter.allow(rtc_clock.getCurrentTime()) - ) { + if (type == CTL_TYPE_NODE_DISCOVER_REQ && packet->payload_len >= 6 && discover_limiter.allow(rtc_clock.getCurrentTime())) { int i = 1; uint8_t filter = packet->payload[i++]; uint32_t tag; @@ -749,9 +793,10 @@ MyMesh::MyMesh(mesh::MainBoard &board, mesh::Radio &radio, mesh::MillisecondCloc anon_limiter(4, 180) // max 4 every 3 minutes #if defined(WITH_RS232_BRIDGE) , bridge(&_prefs, WITH_RS232_BRIDGE, _mgr, &rtc) -#endif -#if defined(WITH_ESPNOW_BRIDGE) +#elif defined(WITH_ESPNOW_BRIDGE) , bridge(&_prefs, _mgr, &rtc) +#elif defined(WITH_MQTT_BRIDGE) + , bridge(&_prefs, _mgr, &rtc, &self_id) #endif { last_millis = 0; @@ -789,7 +834,7 @@ MyMesh::MyMesh(mesh::MainBoard &board, mesh::Radio &radio, mesh::MillisecondCloc // bridge defaults _prefs.bridge_enabled = 1; // enabled _prefs.bridge_delay = 500; // milliseconds - _prefs.bridge_pkt_src = 0; // logTx + _prefs.bridge_pkt_src = 1; // logRx (RX packets) _prefs.bridge_baud = 115200; // baud rate _prefs.bridge_channel = 1; // channel 1 @@ -800,7 +845,26 @@ MyMesh::MyMesh(mesh::MainBoard &board, mesh::Radio &radio, mesh::MillisecondCloc _prefs.gps_interval = 0; _prefs.advert_loc_policy = ADVERT_LOC_PREFS; - _prefs.adc_multiplier = 0.0f; // 0.0f means use default board multiplier + // MQTT defaults + StrHelper::strncpy(_prefs.mqtt_origin, "MeshCore-Repeater", sizeof(_prefs.mqtt_origin)); + StrHelper::strncpy(_prefs.mqtt_iata, "SEA", sizeof(_prefs.mqtt_iata)); + _prefs.mqtt_status_enabled = 1; // enabled + _prefs.mqtt_packets_enabled = 1; // enabled + _prefs.mqtt_raw_enabled = 0; // disabled + _prefs.mqtt_tx_enabled = 0; // disabled (RX only for now) + _prefs.mqtt_status_interval = 300000; // 5 minutes + + // WiFi defaults + StrHelper::strncpy(_prefs.wifi_ssid, "ssid_here", sizeof(_prefs.wifi_ssid)); + StrHelper::strncpy(_prefs.wifi_password, "password_here", sizeof(_prefs.wifi_password)); + + // Timezone defaults (Pacific Time with DST support) + StrHelper::strncpy(_prefs.timezone_string, "America/Los_Angeles", sizeof(_prefs.timezone_string)); + _prefs.timezone_offset = -8; // fallback + + // Let's Mesh Analyzer defaults (both enabled by default) + _prefs.mqtt_analyzer_us_enabled = 1; // enabled + _prefs.mqtt_analyzer_eu_enabled = 1; // enabled } void MyMesh::begin(FILESYSTEM *fs) { @@ -808,12 +872,47 @@ void MyMesh::begin(FILESYSTEM *fs) { _fs = fs; // load persisted prefs _cli.loadPrefs(_fs); + + // Ensure analyzer servers are enabled by default (in case no prefs were loaded) + if (_prefs.mqtt_analyzer_us_enabled == 0 && _prefs.mqtt_analyzer_eu_enabled == 0) { + _prefs.mqtt_analyzer_us_enabled = 1; // enabled + _prefs.mqtt_analyzer_eu_enabled = 1; // enabled + MESH_DEBUG_PRINTLN("Setting analyzer servers to enabled by default"); + } + + // Set MQTT origin to actual device name (not build-time ADVERT_NAME) + StrHelper::strncpy(_prefs.mqtt_origin, _prefs.node_name, sizeof(_prefs.mqtt_origin)); + MESH_DEBUG_PRINTLN("MQTT origin set to device name: %s", _prefs.mqtt_origin); + acl.load(_fs, self_id); // TODO: key_store.begin(); region_map.load(_fs); #if defined(WITH_BRIDGE) if (_prefs.bridge_enabled) { + // Set device public key for MQTT topics + char device_id[65]; + mesh::LocalIdentity self_id = getSelfId(); + mesh::Utils::toHex(device_id, self_id.pub_key, PUB_KEY_SIZE); + MESH_DEBUG_PRINTLN("Setting device ID: %s", device_id); + bridge.setDeviceID(device_id); + + // Set firmware version + bridge.setFirmwareVersion(getFirmwareVer()); + + // Set board model + bridge.setBoardModel(_cli.getBoard()->getManufacturerName()); + + // Set build date + bridge.setBuildDate(getBuildDate()); + +#ifdef WITH_MQTT_BRIDGE + // Set stats sources for automatic stats collection (optional - can be done in custom initialization) + // This enables stats to be included in status messages automatically + // this (Mesh*) inherits from Dispatcher, so it can be passed as Dispatcher* + bridge.setStatsSources(this, _radio, _cli.getBoard(), _ms); +#endif + bridge.begin(); } #endif @@ -824,8 +923,6 @@ void MyMesh::begin(FILESYSTEM *fs) { updateAdvertTimer(); updateFloodAdvertTimer(); - board.setAdcMultiplier(_prefs.adc_multiplier); - #if ENV_INCLUDE_GPS == 1 applyGpsPrefs(); #endif @@ -869,7 +966,7 @@ void MyMesh::sendSelfAdvertisement(int delay_millis, bool flood) { void MyMesh::updateAdvertTimer() { if (_prefs.advert_interval > 0) { // schedule local advert timer - next_local_advert = futureMillis(((uint32_t)_prefs.advert_interval) * 2 * 60 * 1000); + next_local_advert = futureMillis((int)((uint32_t)_prefs.advert_interval * 2 * 60 * 1000)); } else { next_local_advert = 0; // stop the timer } @@ -1174,12 +1271,14 @@ void MyMesh::handleCommand(uint32_t sender_timestamp, char *command, char *reply } void MyMesh::loop() { + // Check radio FIRST to ensure we don't miss incoming packets + // MQTT processing runs in a separate FreeRTOS task on Core 0, so we don't call bridge.loop() here + mesh::Mesh::loop(); + #ifdef WITH_BRIDGE - bridge.loop(); + // bridge.loop() is now handled by FreeRTOS task on Core 0 - no need to call it here #endif - mesh::Mesh::loop(); - if (next_flood_advert && millisHasNowPassed(next_flood_advert)) { mesh::Packet *pkt = createSelfAdvert(); if (pkt) sendFlood(pkt); diff --git a/examples/simple_repeater/MyMesh.h b/examples/simple_repeater/MyMesh.h index 0d5cd28a3..cde4292ab 100644 --- a/examples/simple_repeater/MyMesh.h +++ b/examples/simple_repeater/MyMesh.h @@ -3,6 +3,7 @@ #include #include #include +#include #include #if defined(NRF52_PLATFORM) || defined(STM32_PLATFORM) @@ -23,6 +24,11 @@ #define WITH_BRIDGE #endif +#ifdef WITH_MQTT_BRIDGE +#include "helpers/bridges/MQTTBridge.h" +#define WITH_BRIDGE +#endif + #include #include #include @@ -35,9 +41,6 @@ #include #include "RateLimiter.h" -#ifdef WITH_BRIDGE -extern AbstractBridge* bridge; -#endif struct RepeaterStats { uint16_t batt_milli_volts; @@ -113,6 +116,8 @@ class MyMesh : public mesh::Mesh, public CommonCLICallbacks { RS232Bridge bridge; #elif defined(WITH_ESPNOW_BRIDGE) ESPNowBridge bridge; +#elif defined(WITH_MQTT_BRIDGE) + MQTTBridge bridge; #endif void putNeighbour(const mesh::Identity& id, uint32_t timestamp, float snr); @@ -217,6 +222,17 @@ class MyMesh : public mesh::Mesh, public CommonCLICallbacks { if (enable == bridge.isRunning()) return; if (enable) { + // Set device metadata before starting bridge (same as in begin()) + char device_id[65]; + mesh::LocalIdentity self_id = getSelfId(); + mesh::Utils::toHex(device_id, self_id.pub_key, PUB_KEY_SIZE); + bridge.setDeviceID(device_id); + bridge.setFirmwareVersion(getFirmwareVer()); + bridge.setBoardModel(_cli.getBoard()->getManufacturerName()); + bridge.setBuildDate(getBuildDate()); +#ifdef WITH_MQTT_BRIDGE + bridge.setStatsSources(this, _radio, _cli.getBoard(), _ms); +#endif bridge.begin(); } else @@ -228,8 +244,23 @@ class MyMesh : public mesh::Mesh, public CommonCLICallbacks { void restartBridge() override { if (!bridge.isRunning()) return; bridge.end(); + // Set device metadata before restarting bridge (same as in begin()) + char device_id[65]; + mesh::LocalIdentity self_id = getSelfId(); + mesh::Utils::toHex(device_id, self_id.pub_key, PUB_KEY_SIZE); + bridge.setDeviceID(device_id); + bridge.setFirmwareVersion(getFirmwareVer()); + bridge.setBoardModel(_cli.getBoard()->getManufacturerName()); + bridge.setBuildDate(getBuildDate()); +#ifdef WITH_MQTT_BRIDGE + bridge.setStatsSources(this, _radio, _cli.getBoard(), _ms); +#endif bridge.begin(); } + + int getQueueSize() override { + return bridge.getQueueSize(); + } #endif // To check if there is pending work diff --git a/examples/simple_repeater/UITask.cpp b/examples/simple_repeater/UITask.cpp index d096d14b2..269e9c7bf 100644 --- a/examples/simple_repeater/UITask.cpp +++ b/examples/simple_repeater/UITask.cpp @@ -2,6 +2,10 @@ #include #include +#ifdef WITH_MQTT_BRIDGE + #include +#endif + #define AUTO_OFF_MILLIS 20000 // 20 seconds #define BOOT_SCREEN_MILLIS 4000 // 4 seconds @@ -77,6 +81,17 @@ void UITask::renderCurrScreen() { _display->setCursor(0, 30); sprintf(tmp, "BW: %03.2f CR: %d", _node_prefs->bw, _node_prefs->cr); _display->print(tmp); + +#ifdef WITH_MQTT_BRIDGE + // Display IP address for MQTT bridge devices + if (WiFi.status() == WL_CONNECTED) { + IPAddress ip = WiFi.localIP(); + _display->setCursor(0, 40); + _display->setColor(DisplayDriver::LIGHT); + snprintf(tmp, sizeof(tmp), "IP: %d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); + _display->print(tmp); + } +#endif } } diff --git a/examples/simple_room_server/MyMesh.cpp b/examples/simple_room_server/MyMesh.cpp index 22a3d208b..44e82c5f7 100644 --- a/examples/simple_room_server/MyMesh.cpp +++ b/examples/simple_room_server/MyMesh.cpp @@ -198,9 +198,23 @@ void MyMesh::logRxRaw(float snr, float rssi, const uint8_t raw[], int len) { mesh::Utils::printHex(Serial, raw, len); Serial.println(); #endif + +#ifdef WITH_MQTT_BRIDGE + if (_prefs.bridge_enabled) { + // Store raw radio data for MQTT messages (same as repeater) + bridge.storeRawRadioData(raw, len, snr, rssi); + } +#endif } void MyMesh::logRx(mesh::Packet *pkt, int len, float score) { +#ifdef WITH_MQTT_BRIDGE + if (_prefs.bridge_enabled && _prefs.bridge_pkt_src == 1) { + // Log received packets to MQTT (same as repeater) + bridge.onPacketReceived(pkt); + } +#endif + if (_logging) { File f = openAppend(PACKET_LOG_FILE); if (f) { @@ -220,6 +234,13 @@ void MyMesh::logRx(mesh::Packet *pkt, int len, float score) { } } void MyMesh::logTx(mesh::Packet *pkt, int len) { +#ifdef WITH_MQTT_BRIDGE + if (_prefs.bridge_enabled && _prefs.bridge_pkt_src == 0) { + // Log transmitted packets to MQTT (same as repeater) + bridge.sendPacket(pkt); + } +#endif + if (_logging) { File f = openAppend(PACKET_LOG_FILE); if (f) { @@ -587,7 +608,11 @@ void MyMesh::onAckRecv(mesh::Packet *packet, uint32_t ack_crc) { MyMesh::MyMesh(mesh::MainBoard &board, mesh::Radio &radio, mesh::MillisecondClock &ms, mesh::RNG &rng, mesh::RTCClock &rtc, mesh::MeshTables &tables) : mesh::Mesh(radio, ms, rng, rtc, *new StaticPoolPacketManager(32), tables), - _cli(board, rtc, sensors, acl, &_prefs, this), telemetry(MAX_PACKET_PAYLOAD - 4) { + _cli(board, rtc, sensors, acl, &_prefs, this), telemetry(MAX_PACKET_PAYLOAD - 4) +#ifdef WITH_MQTT_BRIDGE + , bridge(&_prefs, _mgr, &rtc, &self_id) +#endif +{ last_millis = 0; uptime_millis = 0; next_local_advert = next_flood_advert = 0; @@ -624,6 +649,34 @@ MyMesh::MyMesh(mesh::MainBoard &board, mesh::Radio &radio, mesh::MillisecondCloc _prefs.gps_interval = 0; _prefs.advert_loc_policy = ADVERT_LOC_PREFS; + // bridge defaults (same as repeater) + _prefs.bridge_enabled = 1; // enabled + _prefs.bridge_delay = 500; // milliseconds + _prefs.bridge_pkt_src = 1; // logRx (RX packets) + _prefs.bridge_baud = 115200; // baud rate + _prefs.bridge_channel = 1; // channel 1 + + // MQTT defaults (same as repeater) + StrHelper::strncpy(_prefs.mqtt_origin, "MeshCore-RoomServer", sizeof(_prefs.mqtt_origin)); + StrHelper::strncpy(_prefs.mqtt_iata, "SEA", sizeof(_prefs.mqtt_iata)); + _prefs.mqtt_status_enabled = 1; // enabled + _prefs.mqtt_packets_enabled = 1; // enabled + _prefs.mqtt_raw_enabled = 0; // disabled + _prefs.mqtt_tx_enabled = 0; // disabled (RX only for now) + _prefs.mqtt_status_interval = 300000; // 5 minutes + + // WiFi defaults (same as repeater) + StrHelper::strncpy(_prefs.wifi_ssid, "ssid_here", sizeof(_prefs.wifi_ssid)); + StrHelper::strncpy(_prefs.wifi_password, "password_here", sizeof(_prefs.wifi_password)); + + // Timezone defaults (same as repeater - Pacific Time with DST support) + StrHelper::strncpy(_prefs.timezone_string, "America/Los_Angeles", sizeof(_prefs.timezone_string)); + _prefs.timezone_offset = -8; // fallback + + // Let's Mesh Analyzer defaults (same as repeater - both enabled by default) + _prefs.mqtt_analyzer_us_enabled = 1; // enabled + _prefs.mqtt_analyzer_eu_enabled = 1; // enabled + next_post_idx = 0; next_client_idx = 0; next_push = 0; @@ -650,6 +703,41 @@ void MyMesh::begin(FILESYSTEM *fs) { #if ENV_INCLUDE_GPS == 1 applyGpsPrefs(); #endif +#ifdef WITH_MQTT_BRIDGE + // Ensure analyzer servers are enabled by default (in case no prefs were loaded) - same as repeater + if (_prefs.mqtt_analyzer_us_enabled == 0 && _prefs.mqtt_analyzer_eu_enabled == 0) { + _prefs.mqtt_analyzer_us_enabled = 1; // enabled + _prefs.mqtt_analyzer_eu_enabled = 1; // enabled + MESH_DEBUG_PRINTLN("Setting analyzer servers to enabled by default"); + } + + // Set MQTT origin to actual device name (not build-time ADVERT_NAME) - same as repeater + StrHelper::strncpy(_prefs.mqtt_origin, _prefs.node_name, sizeof(_prefs.mqtt_origin)); + MESH_DEBUG_PRINTLN("MQTT origin set to device name: %s", _prefs.mqtt_origin); + + if (_prefs.bridge_enabled) { + // Set device public key for MQTT topics (same as repeater) + char device_id[65]; + mesh::LocalIdentity self_id = getSelfId(); + mesh::Utils::toHex(device_id, self_id.pub_key, PUB_KEY_SIZE); + MESH_DEBUG_PRINTLN("Setting device ID: %s", device_id); + bridge.setDeviceID(device_id); + + // Set firmware version (same as repeater) + bridge.setFirmwareVersion(getFirmwareVer()); + + // Set board model (same as repeater) + bridge.setBoardModel(_cli.getBoard()->getManufacturerName()); + + // Set build date (same as repeater) + bridge.setBuildDate(getBuildDate()); + + // Set stats sources for automatic stats collection (same as repeater) + bridge.setStatsSources(this, _radio, _cli.getBoard(), _ms); + + bridge.begin(); + } +#endif } void MyMesh::applyTempRadioParams(float freq, float bw, uint8_t sf, uint8_t cr, int timeout_mins) { @@ -690,7 +778,7 @@ void MyMesh::sendSelfAdvertisement(int delay_millis, bool flood) { void MyMesh::updateAdvertTimer() { if (_prefs.advert_interval > 0) { // schedule local advert timer - next_local_advert = futureMillis((uint32_t)_prefs.advert_interval * 2 * 60 * 1000); + next_local_advert = futureMillis((int)((uint32_t)_prefs.advert_interval * 2 * 60 * 1000)); } else { next_local_advert = 0; // stop the timer } @@ -809,7 +897,12 @@ bool MyMesh::saveFilter(ClientInfo* client) { } void MyMesh::loop() { + // Check radio FIRST to ensure we don't miss incoming packets + // MQTT processing can take time, so we prioritize radio reception mesh::Mesh::loop(); +#ifdef WITH_MQTT_BRIDGE + // bridge.loop() is now handled by FreeRTOS task on Core 0 - no need to call it here +#endif if (millisHasNowPassed(next_push) && acl.getNumClients() > 0) { // check for ACK timeouts diff --git a/examples/simple_room_server/MyMesh.h b/examples/simple_room_server/MyMesh.h index f470e55eb..65e5de926 100644 --- a/examples/simple_room_server/MyMesh.h +++ b/examples/simple_room_server/MyMesh.h @@ -23,6 +23,11 @@ #include #include +#ifdef WITH_MQTT_BRIDGE +#include "helpers/bridges/MQTTBridge.h" +#define WITH_BRIDGE +#endif + /* ------------------------------ Config -------------------------------- */ #ifndef FIRMWARE_BUILD_DATE @@ -110,6 +115,9 @@ class MyMesh : public mesh::Mesh, public CommonCLICallbacks { uint8_t pending_sf; uint8_t pending_cr; int matching_peer_indexes[MAX_CLIENTS]; +#ifdef WITH_MQTT_BRIDGE + MQTTBridge bridge; +#endif void addPost(ClientInfo* client, const char* postData); void pushPostToClient(ClientInfo* client, PostInfo& post); diff --git a/examples/simple_room_server/UITask.cpp b/examples/simple_room_server/UITask.cpp index 46311c5eb..180dc7c5d 100644 --- a/examples/simple_room_server/UITask.cpp +++ b/examples/simple_room_server/UITask.cpp @@ -2,6 +2,10 @@ #include #include +#ifdef WITH_MQTT_BRIDGE + #include +#endif + #define AUTO_OFF_MILLIS 20000 // 20 seconds #define BOOT_SCREEN_MILLIS 4000 // 4 seconds @@ -77,6 +81,17 @@ void UITask::renderCurrScreen() { _display->setCursor(0, 30); sprintf(tmp, "BW: %03.2f CR: %d", _node_prefs->bw, _node_prefs->cr); _display->print(tmp); + +#ifdef WITH_MQTT_BRIDGE + // Display IP address for MQTT bridge devices + if (WiFi.status() == WL_CONNECTED) { + IPAddress ip = WiFi.localIP(); + _display->setCursor(0, 40); + _display->setColor(DisplayDriver::LIGHT); + snprintf(tmp, sizeof(tmp), "IP: %d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); + _display->print(tmp); + } +#endif } } diff --git a/examples/simple_sensor/SensorMesh.cpp b/examples/simple_sensor/SensorMesh.cpp index 8e27323ed..72ccafd61 100644 --- a/examples/simple_sensor/SensorMesh.cpp +++ b/examples/simple_sensor/SensorMesh.cpp @@ -802,7 +802,7 @@ void SensorMesh::sendSelfAdvertisement(int delay_millis, bool flood) { void SensorMesh::updateAdvertTimer() { if (_prefs.advert_interval > 0) { // schedule local advert timer - next_local_advert = futureMillis( ((uint32_t)_prefs.advert_interval) * 2 * 60 * 1000); + next_local_advert = futureMillis((int)((uint32_t)_prefs.advert_interval * 2 * 60 * 1000)); } else { next_local_advert = 0; // stop the timer } diff --git a/examples/simple_sensor/SensorMesh.h b/examples/simple_sensor/SensorMesh.h index ed3523458..eb2d90c5a 100644 --- a/examples/simple_sensor/SensorMesh.h +++ b/examples/simple_sensor/SensorMesh.h @@ -33,11 +33,11 @@ #define PERM_RECV_ALERTS_HI (1 << 7) // high priority alerts #ifndef FIRMWARE_BUILD_DATE - #define FIRMWARE_BUILD_DATE "29 Jan 2026" + #define FIRMWARE_BUILD_DATE "30 Nov 2025" #endif #ifndef FIRMWARE_VERSION - #define FIRMWARE_VERSION "v1.12.0" + #define FIRMWARE_VERSION "v1.11.0" #endif #define FIRMWARE_ROLE "sensor" diff --git a/src/Dispatcher.h b/src/Dispatcher.h index 25a41d82c..bb6267116 100644 --- a/src/Dispatcher.h +++ b/src/Dispatcher.h @@ -174,6 +174,7 @@ class Dispatcher { uint32_t getNumSentDirect() const { return n_sent_direct; } uint32_t getNumRecvFlood() const { return n_recv_flood; } uint32_t getNumRecvDirect() const { return n_recv_direct; } + uint16_t getErrFlags() const { return _err_flags; } // Get error flags void resetStats() { n_sent_flood = n_sent_direct = n_recv_flood = n_recv_direct = 0; _err_flags = 0; diff --git a/src/helpers/CommonCLI.cpp b/src/helpers/CommonCLI.cpp index 42198b498..4a8c3e0ea 100644 --- a/src/helpers/CommonCLI.cpp +++ b/src/helpers/CommonCLI.cpp @@ -3,6 +3,28 @@ #include "TxtDataHelpers.h" #include "AdvertDataHelpers.h" #include +#ifdef ESP_PLATFORM +#include +#include +#endif +#ifdef WITH_MQTT_BRIDGE +#include "bridges/MQTTBridge.h" + +// Helper function to calculate total size of MQTT fields for file format compatibility +// Uses NodePrefs struct to get accurate field sizes +static size_t getMQTTFieldsSize(const NodePrefs* prefs) { + return sizeof(prefs->mqtt_origin) + sizeof(prefs->mqtt_iata) + + sizeof(prefs->mqtt_status_enabled) + sizeof(prefs->mqtt_packets_enabled) + + sizeof(prefs->mqtt_raw_enabled) + sizeof(prefs->mqtt_tx_enabled) + + sizeof(prefs->mqtt_status_interval) + sizeof(prefs->wifi_ssid) + + sizeof(prefs->wifi_password) + sizeof(prefs->timezone_string) + + sizeof(prefs->timezone_offset) + sizeof(prefs->mqtt_server) + + sizeof(prefs->mqtt_port) + sizeof(prefs->mqtt_username) + + sizeof(prefs->mqtt_password) + sizeof(prefs->mqtt_analyzer_us_enabled) + + sizeof(prefs->mqtt_analyzer_eu_enabled) + sizeof(prefs->mqtt_owner_public_key) + + sizeof(prefs->mqtt_email); +} +#endif // Believe it or not, this std C function is busted on some platforms! static uint32_t _atoi(const char* sp) { @@ -23,13 +45,37 @@ static bool isValidName(const char *n) { } void CommonCLI::loadPrefs(FILESYSTEM* fs) { + bool is_fresh_install = false; + bool is_upgrade = false; + if (fs->exists("/com_prefs")) { loadPrefsInt(fs, "/com_prefs"); // new filename } else if (fs->exists("/node_prefs")) { loadPrefsInt(fs, "/node_prefs"); + is_upgrade = true; // Migrating from old filename savePrefs(fs); // save to new filename fs->remove("/node_prefs"); // remove old + } else { + // File doesn't exist - set default bridge settings for fresh installs + is_fresh_install = true; + _prefs->bridge_pkt_src = 1; // Default to RX (logRx) for new installs } +#ifdef WITH_MQTT_BRIDGE + // Load MQTT preferences from separate file + loadMQTTPrefs(fs); + // Sync MQTT prefs to NodePrefs so existing code (like MQTTBridge) can access them + syncMQTTPrefsToNodePrefs(); + + // For MQTT bridge, migrate bridge.source to RX (logRx) only on fresh installs or upgrades + // This ensures new users get the correct default, but respects existing user choices + // MQTT bridge with TX requires mqtt.tx to be enabled (disabled by default), + // so RX is the sensible default for MQTT bridge installations + if ((is_fresh_install || is_upgrade) && _prefs->bridge_pkt_src == 0) { + MESH_DEBUG_PRINTLN("MQTT Bridge: Migrating bridge.source from tx to rx (MQTT bridge default)"); + _prefs->bridge_pkt_src = 1; // Set to RX (logRx) + savePrefs(fs); // Save the updated preference + } +#endif } void CommonCLI::loadPrefsInt(FILESYSTEM* fs, const char* filename) { @@ -81,7 +127,33 @@ void CommonCLI::loadPrefsInt(FILESYSTEM* fs, const char* filename) { file.read((uint8_t *)&_prefs->discovery_mod_timestamp, sizeof(_prefs->discovery_mod_timestamp)); // 162 file.read((uint8_t *)&_prefs->adc_multiplier, sizeof(_prefs->adc_multiplier)); // 166 file.read((uint8_t *)_prefs->owner_info, sizeof(_prefs->owner_info)); // 170 - // 290 + // MQTT settings - skip reading from main prefs file (now stored separately) + // For backward compatibility, we'll skip these bytes if they exist in old files + // The actual MQTT prefs will be loaded from /mqtt_prefs in loadMQTTPrefs() + // Skip MQTT fields for file format compatibility (whether MQTT bridge is enabled or not) +#ifdef WITH_MQTT_BRIDGE + size_t mqtt_fields_size = getMQTTFieldsSize(_prefs); +#else + // If MQTT bridge not enabled, still skip these fields for file format compatibility + size_t mqtt_fields_size = + sizeof(_prefs->mqtt_origin) + sizeof(_prefs->mqtt_iata) + + sizeof(_prefs->mqtt_status_enabled) + sizeof(_prefs->mqtt_packets_enabled) + + sizeof(_prefs->mqtt_raw_enabled) + sizeof(_prefs->mqtt_tx_enabled) + + sizeof(_prefs->mqtt_status_interval) + sizeof(_prefs->wifi_ssid) + + sizeof(_prefs->wifi_password) + sizeof(_prefs->timezone_string) + + sizeof(_prefs->timezone_offset) + sizeof(_prefs->mqtt_server) + + sizeof(_prefs->mqtt_port) + sizeof(_prefs->mqtt_username) + + sizeof(_prefs->mqtt_password) + sizeof(_prefs->mqtt_analyzer_us_enabled) + + sizeof(_prefs->mqtt_analyzer_eu_enabled) + sizeof(_prefs->mqtt_owner_public_key) + + sizeof(_prefs->mqtt_email); +#endif + uint8_t skip_buffer[512]; // Large enough buffer + size_t remaining = mqtt_fields_size; + while (remaining > 0) { + size_t to_read = remaining > sizeof(skip_buffer) ? sizeof(skip_buffer) : remaining; + file.read(skip_buffer, to_read); + remaining -= to_read; + } // sanitise bad pref values _prefs->rx_delay_base = constrain(_prefs->rx_delay_base, 0, 20.0f); @@ -94,7 +166,6 @@ void CommonCLI::loadPrefsInt(FILESYSTEM* fs, const char* filename) { _prefs->cr = constrain(_prefs->cr, 5, 8); _prefs->tx_power_dbm = constrain(_prefs->tx_power_dbm, 1, 30); _prefs->multi_acks = constrain(_prefs->multi_acks, 0, 1); - _prefs->adc_multiplier = constrain(_prefs->adc_multiplier, 0.0f, 10.0f); // sanitise bad bridge pref values _prefs->bridge_enabled = constrain(_prefs->bridge_enabled, 0, 1); @@ -165,18 +236,216 @@ void CommonCLI::savePrefs(FILESYSTEM* fs) { file.write((uint8_t *)&_prefs->discovery_mod_timestamp, sizeof(_prefs->discovery_mod_timestamp)); // 162 file.write((uint8_t *)&_prefs->adc_multiplier, sizeof(_prefs->adc_multiplier)); // 166 file.write((uint8_t *)_prefs->owner_info, sizeof(_prefs->owner_info)); // 170 - // 290 + // MQTT settings - no longer saved here (stored in separate /mqtt_prefs file) + // Write zeros/padding to maintain file format compatibility +#ifdef WITH_MQTT_BRIDGE + size_t mqtt_fields_size = getMQTTFieldsSize(_prefs); +#else + // If MQTT bridge not enabled, still write zeros for file format compatibility + size_t mqtt_fields_size = + sizeof(_prefs->mqtt_origin) + sizeof(_prefs->mqtt_iata) + + sizeof(_prefs->mqtt_status_enabled) + sizeof(_prefs->mqtt_packets_enabled) + + sizeof(_prefs->mqtt_raw_enabled) + sizeof(_prefs->mqtt_tx_enabled) + + sizeof(_prefs->mqtt_status_interval) + sizeof(_prefs->wifi_ssid) + + sizeof(_prefs->wifi_password) + sizeof(_prefs->timezone_string) + + sizeof(_prefs->timezone_offset) + sizeof(_prefs->mqtt_server) + + sizeof(_prefs->mqtt_port) + sizeof(_prefs->mqtt_username) + + sizeof(_prefs->mqtt_password) + sizeof(_prefs->mqtt_analyzer_us_enabled) + + sizeof(_prefs->mqtt_analyzer_eu_enabled) + sizeof(_prefs->mqtt_owner_public_key) + + sizeof(_prefs->mqtt_email); +#endif + memset(pad, 0, sizeof(pad)); + size_t remaining = mqtt_fields_size; + while (remaining > 0) { + size_t to_write = remaining > sizeof(pad) ? sizeof(pad) : remaining; + file.write(pad, to_write); + remaining -= to_write; + } + + file.close(); + } +#ifdef WITH_MQTT_BRIDGE + // Save MQTT preferences to separate file + syncNodePrefsToMQTTPrefs(); // Sync any changes from NodePrefs to MQTTPrefs + saveMQTTPrefs(fs); +#endif +} + +#ifdef WITH_MQTT_BRIDGE +// Set default values for MQTT preferences (used when file doesn't exist or is corrupted) +static void setMQTTPrefsDefaults(MQTTPrefs* prefs) { + memset(prefs, 0, sizeof(MQTTPrefs)); + // Set sensible defaults matching MQTTBridge expectations + prefs->mqtt_status_enabled = 1; // enabled by default + prefs->mqtt_packets_enabled = 1; // enabled by default + prefs->mqtt_raw_enabled = 0; // disabled by default + prefs->mqtt_tx_enabled = 0; // disabled by default (RX only) + prefs->mqtt_status_interval = 300000; // 5 minutes default + prefs->mqtt_analyzer_us_enabled = 1; // enabled by default + prefs->mqtt_analyzer_eu_enabled = 1; // enabled by default + #ifdef MQTT_WIFI_POWER_SAVE_DEFAULT + prefs->wifi_power_save = MQTT_WIFI_POWER_SAVE_DEFAULT; // 0=min, 1=none, 2=max + #else + prefs->wifi_power_save = 0; // Default to WIFI_PS_MIN_MODEM (0=min) + #endif + // String fields are already zero-initialized by memset +} + +void CommonCLI::loadMQTTPrefs(FILESYSTEM* fs) { + // Initialize with defaults first + setMQTTPrefsDefaults(&_mqtt_prefs); + + bool file_existed = fs->exists("/mqtt_prefs"); + if (file_existed) { + // Load from separate MQTT prefs file +#if defined(RP2040_PLATFORM) + File file = fs->open("/mqtt_prefs", "r"); +#else + File file = fs->open("/mqtt_prefs"); +#endif + if (file) { + // Verify file size is correct before reading + if (file.size() >= sizeof(_mqtt_prefs)) { + size_t bytes_read = file.read((uint8_t *)&_mqtt_prefs, sizeof(_mqtt_prefs)); + if (bytes_read != sizeof(_mqtt_prefs)) { + // File read incomplete - reinitialize to defaults + setMQTTPrefsDefaults(&_mqtt_prefs); + } + } else { + // File too small - reinitialize to defaults + setMQTTPrefsDefaults(&_mqtt_prefs); + } + file.close(); + } + } else { + // Migration: Try to read from old /com_prefs file if it exists + // This handles the case where MQTT settings were previously stored in /com_prefs + if (fs->exists("/com_prefs")) { +#if defined(RP2040_PLATFORM) + File file = fs->open("/com_prefs", "r"); +#else + File file = fs->open("/com_prefs"); +#endif + if (file) { + // Skip to MQTT section (after advert_loc_policy at offset 161) + // Calculate offset: we need to skip everything up to and including advert_loc_policy + size_t offset_to_mqtt = + sizeof(_prefs->airtime_factor) + sizeof(_prefs->node_name) + 4 + // pad + sizeof(_prefs->node_lat) + sizeof(_prefs->node_lon) + + sizeof(_prefs->password) + sizeof(_prefs->freq) + + sizeof(_prefs->tx_power_dbm) + sizeof(_prefs->disable_fwd) + + sizeof(_prefs->advert_interval) + 1 + // pad + sizeof(_prefs->rx_delay_base) + sizeof(_prefs->tx_delay_factor) + + sizeof(_prefs->guest_password) + sizeof(_prefs->direct_tx_delay_factor) + 4 + // pad + sizeof(_prefs->sf) + sizeof(_prefs->cr) + + sizeof(_prefs->allow_read_only) + sizeof(_prefs->multi_acks) + + sizeof(_prefs->bw) + sizeof(_prefs->agc_reset_interval) + 3 + // pad + sizeof(_prefs->flood_max) + sizeof(_prefs->flood_advert_interval) + + sizeof(_prefs->interference_threshold) + sizeof(_prefs->bridge_enabled) + + sizeof(_prefs->bridge_delay) + sizeof(_prefs->bridge_pkt_src) + + sizeof(_prefs->bridge_baud) + sizeof(_prefs->bridge_channel) + + sizeof(_prefs->bridge_secret) + 4 + // pad + sizeof(_prefs->gps_enabled) + sizeof(_prefs->gps_interval) + + sizeof(_prefs->advert_loc_policy); + + // Check if file is large enough and seek succeeded + if (file.size() >= offset_to_mqtt + sizeof(_mqtt_prefs)) { + if (file.seek(offset_to_mqtt)) { + size_t bytes_read = file.read((uint8_t *)&_mqtt_prefs, sizeof(_mqtt_prefs)); + if (bytes_read == sizeof(_mqtt_prefs)) { + // Successfully migrated - save to new location for future use + file.close(); + saveMQTTPrefs(fs); + return; // Migration successful + } + } + } + file.close(); + // Migration failed - defaults already set, just return + return; + } + } + // No file exists and migration didn't happen - defaults already set + } +} +void CommonCLI::saveMQTTPrefs(FILESYSTEM* fs) { +#if defined(NRF52_PLATFORM) || defined(STM32_PLATFORM) + fs->remove("/mqtt_prefs"); + File file = fs->open("/mqtt_prefs", FILE_O_WRITE); +#elif defined(RP2040_PLATFORM) + File file = fs->open("/mqtt_prefs", "w"); +#else + File file = fs->open("/mqtt_prefs", "w", true); +#endif + if (file) { + file.write((uint8_t *)&_mqtt_prefs, sizeof(_mqtt_prefs)); file.close(); } } +void CommonCLI::syncMQTTPrefsToNodePrefs() { + // Copy MQTT prefs to NodePrefs so existing code can access them + // Use StrHelper::strncpy to ensure proper null termination + StrHelper::strncpy(_prefs->mqtt_origin, _mqtt_prefs.mqtt_origin, sizeof(_prefs->mqtt_origin)); + StrHelper::strncpy(_prefs->mqtt_iata, _mqtt_prefs.mqtt_iata, sizeof(_prefs->mqtt_iata)); + _prefs->mqtt_status_enabled = _mqtt_prefs.mqtt_status_enabled; + _prefs->mqtt_packets_enabled = _mqtt_prefs.mqtt_packets_enabled; + _prefs->mqtt_raw_enabled = _mqtt_prefs.mqtt_raw_enabled; + _prefs->mqtt_tx_enabled = _mqtt_prefs.mqtt_tx_enabled; + _prefs->mqtt_status_interval = _mqtt_prefs.mqtt_status_interval; + StrHelper::strncpy(_prefs->wifi_ssid, _mqtt_prefs.wifi_ssid, sizeof(_prefs->wifi_ssid)); + StrHelper::strncpy(_prefs->wifi_password, _mqtt_prefs.wifi_password, sizeof(_prefs->wifi_password)); + _prefs->wifi_power_save = _mqtt_prefs.wifi_power_save; + StrHelper::strncpy(_prefs->timezone_string, _mqtt_prefs.timezone_string, sizeof(_prefs->timezone_string)); + _prefs->timezone_offset = _mqtt_prefs.timezone_offset; + StrHelper::strncpy(_prefs->mqtt_server, _mqtt_prefs.mqtt_server, sizeof(_prefs->mqtt_server)); + _prefs->mqtt_port = _mqtt_prefs.mqtt_port; + StrHelper::strncpy(_prefs->mqtt_username, _mqtt_prefs.mqtt_username, sizeof(_prefs->mqtt_username)); + StrHelper::strncpy(_prefs->mqtt_password, _mqtt_prefs.mqtt_password, sizeof(_prefs->mqtt_password)); + _prefs->mqtt_analyzer_us_enabled = _mqtt_prefs.mqtt_analyzer_us_enabled; + _prefs->mqtt_analyzer_eu_enabled = _mqtt_prefs.mqtt_analyzer_eu_enabled; + StrHelper::strncpy(_prefs->mqtt_owner_public_key, _mqtt_prefs.mqtt_owner_public_key, sizeof(_prefs->mqtt_owner_public_key)); + StrHelper::strncpy(_prefs->mqtt_email, _mqtt_prefs.mqtt_email, sizeof(_prefs->mqtt_email)); +} + +void CommonCLI::syncNodePrefsToMQTTPrefs() { + // Copy NodePrefs to MQTT prefs (used when saving after changes via CLI) + // Use StrHelper::strncpy to ensure proper null termination + StrHelper::strncpy(_mqtt_prefs.mqtt_origin, _prefs->mqtt_origin, sizeof(_mqtt_prefs.mqtt_origin)); + StrHelper::strncpy(_mqtt_prefs.mqtt_iata, _prefs->mqtt_iata, sizeof(_mqtt_prefs.mqtt_iata)); + _mqtt_prefs.mqtt_status_enabled = _prefs->mqtt_status_enabled; + _mqtt_prefs.mqtt_packets_enabled = _prefs->mqtt_packets_enabled; + _mqtt_prefs.mqtt_raw_enabled = _prefs->mqtt_raw_enabled; + _mqtt_prefs.mqtt_tx_enabled = _prefs->mqtt_tx_enabled; + _mqtt_prefs.mqtt_status_interval = _prefs->mqtt_status_interval; + StrHelper::strncpy(_mqtt_prefs.wifi_ssid, _prefs->wifi_ssid, sizeof(_mqtt_prefs.wifi_ssid)); + StrHelper::strncpy(_mqtt_prefs.wifi_password, _prefs->wifi_password, sizeof(_mqtt_prefs.wifi_password)); + _mqtt_prefs.wifi_power_save = _prefs->wifi_power_save; + StrHelper::strncpy(_mqtt_prefs.timezone_string, _prefs->timezone_string, sizeof(_mqtt_prefs.timezone_string)); + _mqtt_prefs.timezone_offset = _prefs->timezone_offset; + StrHelper::strncpy(_mqtt_prefs.mqtt_server, _prefs->mqtt_server, sizeof(_mqtt_prefs.mqtt_server)); + _mqtt_prefs.mqtt_port = _prefs->mqtt_port; + StrHelper::strncpy(_mqtt_prefs.mqtt_username, _prefs->mqtt_username, sizeof(_mqtt_prefs.mqtt_username)); + StrHelper::strncpy(_mqtt_prefs.mqtt_password, _prefs->mqtt_password, sizeof(_mqtt_prefs.mqtt_password)); + _mqtt_prefs.mqtt_analyzer_us_enabled = _prefs->mqtt_analyzer_us_enabled; + _mqtt_prefs.mqtt_analyzer_eu_enabled = _prefs->mqtt_analyzer_eu_enabled; + StrHelper::strncpy(_mqtt_prefs.mqtt_owner_public_key, _prefs->mqtt_owner_public_key, sizeof(_mqtt_prefs.mqtt_owner_public_key)); + StrHelper::strncpy(_mqtt_prefs.mqtt_email, _prefs->mqtt_email, sizeof(_mqtt_prefs.mqtt_email)); +} +#endif + #define MIN_LOCAL_ADVERT_INTERVAL 60 void CommonCLI::savePrefs() { + uint8_t old_advert_interval = _prefs->advert_interval; if (_prefs->advert_interval * 2 < MIN_LOCAL_ADVERT_INTERVAL) { _prefs->advert_interval = 0; // turn it off, now that device has been manually configured } + // If advert_interval was changed, update the timer to reflect the change + if (old_advert_interval != _prefs->advert_interval) { + _callbacks->updateAdvertTimer(); + } _callbacks->savePrefs(); } @@ -214,6 +483,10 @@ void CommonCLI::handleCommand(uint32_t sender_timestamp, const char* command, ch } else { strcpy(reply, "ERR: clock cannot go backwards"); } + } else if (memcmp(command, "memory", 6) == 0) { + sprintf(reply, "Free: %d, Min: %d, Max: %d, Queue: %d", + ESP.getFreeHeap(), ESP.getMinFreeHeap(), ESP.getMaxAllocHeap(), + _callbacks->getQueueSize()); } else if (memcmp(command, "start ota", 9) == 0) { if (!_board->startOTAUpdate(_prefs->node_name, reply)) { strcpy(reply, "Error"); @@ -361,6 +634,79 @@ void CommonCLI::handleCommand(uint32_t sender_timestamp, const char* command, ch sprintf(reply, "> %d", (uint32_t)_prefs->bridge_channel); } else if (memcmp(config, "bridge.secret", 13) == 0) { sprintf(reply, "> %s", _prefs->bridge_secret); +#endif +#ifdef WITH_MQTT_BRIDGE + } else if (memcmp(config, "mqtt.origin", 11) == 0) { + sprintf(reply, "> %s", _prefs->mqtt_origin); + } else if (memcmp(config, "mqtt.iata", 9) == 0) { + sprintf(reply, "> %s", _prefs->mqtt_iata); + } else if (memcmp(config, "mqtt.status", 11) == 0) { + sprintf(reply, "> %s", _prefs->mqtt_status_enabled ? "on" : "off"); + } else if (memcmp(config, "mqtt.packets", 12) == 0) { + sprintf(reply, "> %s", _prefs->mqtt_packets_enabled ? "on" : "off"); + } else if (memcmp(config, "mqtt.raw", 8) == 0) { + sprintf(reply, "> %s", _prefs->mqtt_raw_enabled ? "on" : "off"); + } else if (memcmp(config, "mqtt.tx", 7) == 0) { + sprintf(reply, "> %s", _prefs->mqtt_tx_enabled ? "on" : "off"); + } else if (memcmp(config, "mqtt.interval", 13) == 0) { + // Display interval in minutes (rounded) + uint32_t minutes = (_prefs->mqtt_status_interval + 29999) / 60000; // Round up + sprintf(reply, "> %u minutes (%lu ms)", minutes, _prefs->mqtt_status_interval); + } else if (memcmp(config, "mqtt.server", 11) == 0) { + sprintf(reply, "> %s", _prefs->mqtt_server); + } else if (memcmp(config, "mqtt.port", 9) == 0) { + sprintf(reply, "> %d", _prefs->mqtt_port); + } else if (memcmp(config, "mqtt.username", 13) == 0) { + sprintf(reply, "> %s", _prefs->mqtt_username); + } else if (memcmp(config, "mqtt.password", 13) == 0) { + sprintf(reply, "> %s", _prefs->mqtt_password); + } else if (memcmp(config, "wifi.ssid", 9) == 0) { + sprintf(reply, "> %s", _prefs->wifi_ssid); + } else if (memcmp(config, "wifi.pwd", 8) == 0) { + sprintf(reply, "> %s", _prefs->wifi_password); + } else if (memcmp(config, "wifi.status", 11) == 0) { + wl_status_t status = WiFi.status(); + const char* status_str; + switch(status) { + case WL_CONNECTED: status_str = "connected"; break; + case WL_NO_SSID_AVAIL: status_str = "no_ssid"; break; + case WL_CONNECT_FAILED: status_str = "connect_failed"; break; + case WL_CONNECTION_LOST: status_str = "connection_lost"; break; + case WL_DISCONNECTED: status_str = "disconnected"; break; + default: status_str = "unknown"; break; + } + if (status == WL_CONNECTED) { + sprintf(reply, "> %s, IP: %s, RSSI: %d dBm", status_str, WiFi.localIP().toString().c_str(), WiFi.RSSI()); + } else { + sprintf(reply, "> %s (code: %d)", status_str, status); + } + } else if (memcmp(config, "wifi.powersave", 14) == 0) { + uint8_t ps = _prefs->wifi_power_save; + const char* ps_name = (ps == 1) ? "none" : (ps == 2) ? "max" : "min"; + sprintf(reply, "> %s", ps_name); + } else if (memcmp(config, "timezone", 8) == 0) { + sprintf(reply, "> %s", _prefs->timezone_string); + } else if (memcmp(config, "timezone.offset", 15) == 0) { + sprintf(reply, "> %d", _prefs->timezone_offset); + } else if (memcmp(config, "mqtt.analyzer.us", 17) == 0) { + sprintf(reply, "> %s", _prefs->mqtt_analyzer_us_enabled ? "on" : "off"); + } else if (memcmp(config, "mqtt.analyzer.eu", 17) == 0) { + sprintf(reply, "> %s", _prefs->mqtt_analyzer_eu_enabled ? "on" : "off"); + } else if (sender_timestamp == 0 && memcmp(config, "mqtt.owner", 10) == 0) { // from serial command line only + if (_prefs->mqtt_owner_public_key[0] != '\0') { + sprintf(reply, "> %s", _prefs->mqtt_owner_public_key); + } else { + strcpy(reply, "> (not set)"); + } + } else if (sender_timestamp == 0 && memcmp(config, "mqtt.email", 10) == 0) { // from serial command line only + if (_prefs->mqtt_email[0] != '\0') { + sprintf(reply, "> %s", _prefs->mqtt_email); + } else { + strcpy(reply, "> (not set)"); + } + } else if (memcmp(config, "mqtt.config.valid", 17) == 0) { + bool valid = MQTTBridge::isConfigValid(_prefs); + sprintf(reply, "> %s", valid ? "valid" : "invalid"); #endif } else if (memcmp(config, "adc.multiplier", 14) == 0) { float adc_mult = _board->getAdcMultiplier(); @@ -603,19 +949,168 @@ void CommonCLI::handleCommand(uint32_t sender_timestamp, const char* command, ch savePrefs(); strcpy(reply, "OK"); #endif - } else if (memcmp(config, "adc.multiplier ", 15) == 0) { - _prefs->adc_multiplier = atof(&config[15]); - if (_board->setAdcMultiplier(_prefs->adc_multiplier)) { - savePrefs(); - if (_prefs->adc_multiplier == 0.0f) { - strcpy(reply, "OK - using default board multiplier"); - } else { - sprintf(reply, "OK - multiplier set to %.3f", _prefs->adc_multiplier); - } - } else { - _prefs->adc_multiplier = 0.0f; - strcpy(reply, "Error: unsupported by this board"); - }; +#ifdef WITH_MQTT_BRIDGE + } else if (memcmp(config, "mqtt.origin ", 12) == 0) { + StrHelper::strncpy(_prefs->mqtt_origin, &config[12], sizeof(_prefs->mqtt_origin)); + savePrefs(); + strcpy(reply, "OK"); + } else if (memcmp(config, "mqtt.iata ", 10) == 0) { + StrHelper::strncpy(_prefs->mqtt_iata, &config[10], sizeof(_prefs->mqtt_iata)); + // Convert IATA code to uppercase (IATA codes are conventionally uppercase) + for (int i = 0; _prefs->mqtt_iata[i]; i++) { + _prefs->mqtt_iata[i] = toupper(_prefs->mqtt_iata[i]); + } + savePrefs(); + strcpy(reply, "OK"); + } else if (memcmp(config, "mqtt.status ", 12) == 0) { + _prefs->mqtt_status_enabled = memcmp(&config[12], "on", 2) == 0; + savePrefs(); + strcpy(reply, "OK"); + } else if (memcmp(config, "mqtt.packets ", 13) == 0) { + _prefs->mqtt_packets_enabled = memcmp(&config[13], "on", 2) == 0; + savePrefs(); + strcpy(reply, "OK"); + } else if (memcmp(config, "mqtt.raw ", 9) == 0) { + _prefs->mqtt_raw_enabled = memcmp(&config[9], "on", 2) == 0; + savePrefs(); + strcpy(reply, "OK"); + } else if (memcmp(config, "mqtt.tx ", 8) == 0) { + _prefs->mqtt_tx_enabled = memcmp(&config[8], "on", 2) == 0; + savePrefs(); + strcpy(reply, "OK"); + } else if (memcmp(config, "mqtt.interval ", 14) == 0) { + uint32_t minutes = _atoi(&config[14]); + if (minutes >= 1 && minutes <= 60) { // 1 minute to 60 minutes + _prefs->mqtt_status_interval = minutes * 60000; // Convert minutes to milliseconds + savePrefs(); + // Restart bridge to pick up new interval value + _callbacks->restartBridge(); + sprintf(reply, "OK - interval set to %u minutes (%lu ms), bridge restarted", minutes, _prefs->mqtt_status_interval); + } else { + strcpy(reply, "Error: interval must be between 1-60 minutes"); + } + } else if (memcmp(config, "wifi.ssid ", 10) == 0) { + StrHelper::strncpy(_prefs->wifi_ssid, &config[10], sizeof(_prefs->wifi_ssid)); + savePrefs(); + strcpy(reply, "OK"); + } else if (memcmp(config, "wifi.pwd ", 9) == 0) { + StrHelper::strncpy(_prefs->wifi_password, &config[9], sizeof(_prefs->wifi_password)); + savePrefs(); + strcpy(reply, "OK"); + } else if (memcmp(config, "wifi.powersave ", 15) == 0) { + const char* value = &config[15]; + uint8_t ps_value; + bool valid = false; + if (memcmp(value, "min", 3) == 0 && (value[3] == 0 || value[3] == ' ')) { + ps_value = 0; + valid = true; + } else if (memcmp(value, "none", 4) == 0 && (value[4] == 0 || value[4] == ' ')) { + ps_value = 1; + valid = true; + } else if (memcmp(value, "max", 3) == 0 && (value[3] == 0 || value[3] == ' ')) { + ps_value = 2; + valid = true; + } + + if (!valid) { + strcpy(reply, "Error: must be none, min, or max"); + } else { + _prefs->wifi_power_save = ps_value; + savePrefs(); + + // Apply immediately if WiFi is connected + #ifdef ESP_PLATFORM + if (WiFi.status() == WL_CONNECTED) { + wifi_ps_type_t ps_mode = (ps_value == 1) ? WIFI_PS_NONE : + (ps_value == 2) ? WIFI_PS_MAX_MODEM : WIFI_PS_MIN_MODEM; + esp_err_t ps_result = esp_wifi_set_ps(ps_mode); + if (ps_result == ESP_OK) { + const char* ps_name = (ps_value == 1) ? "none" : (ps_value == 2) ? "max" : "min"; + sprintf(reply, "OK - power save set to %s", ps_name); + } else { + sprintf(reply, "OK - saved, but failed to apply: %d", ps_result); + } + } else { + const char* ps_name = (ps_value == 1) ? "none" : (ps_value == 2) ? "max" : "min"; + sprintf(reply, "OK - saved as %s (will apply on next WiFi connection)", ps_name); + } + #else + const char* ps_name = (ps_value == 1) ? "none" : (ps_value == 2) ? "max" : "min"; + sprintf(reply, "OK - saved as %s", ps_name); + #endif + } + } else if (memcmp(config, "timezone ", 9) == 0) { + StrHelper::strncpy(_prefs->timezone_string, &config[9], sizeof(_prefs->timezone_string)); + savePrefs(); + strcpy(reply, "OK"); + } else if (memcmp(config, "timezone.offset ", 16) == 0) { + int8_t offset = _atoi(&config[16]); + if (offset >= -12 && offset <= 14) { + _prefs->timezone_offset = offset; + savePrefs(); + strcpy(reply, "OK"); + } else { + strcpy(reply, "Error: timezone offset must be between -12 and +14"); + } + } else if (memcmp(config, "mqtt.server ", 12) == 0) { + StrHelper::strncpy(_prefs->mqtt_server, &config[12], sizeof(_prefs->mqtt_server)); + savePrefs(); + strcpy(reply, "OK"); + } else if (memcmp(config, "mqtt.port ", 10) == 0) { + int port = atoi(&config[10]); + if (port > 0 && port <= 65535) { + _prefs->mqtt_port = port; + savePrefs(); + strcpy(reply, "OK"); + } else { + strcpy(reply, "Error: port must be between 1 and 65535"); + } + } else if (memcmp(config, "mqtt.username ", 14) == 0) { + StrHelper::strncpy(_prefs->mqtt_username, &config[14], sizeof(_prefs->mqtt_username)); + savePrefs(); + strcpy(reply, "OK"); + } else if (memcmp(config, "mqtt.password ", 14) == 0) { + StrHelper::strncpy(_prefs->mqtt_password, &config[14], sizeof(_prefs->mqtt_password)); + savePrefs(); + strcpy(reply, "OK"); + } else if (memcmp(config, "mqtt.analyzer.us ", 17) == 0) { + _prefs->mqtt_analyzer_us_enabled = memcmp(&config[17], "on", 2) == 0; + savePrefs(); + strcpy(reply, "OK"); + } else if (memcmp(config, "mqtt.analyzer.eu ", 17) == 0) { + _prefs->mqtt_analyzer_eu_enabled = memcmp(&config[17], "on", 2) == 0; + savePrefs(); + strcpy(reply, "OK"); + } else if (memcmp(config, "mqtt.owner ", 11) == 0) { + // Validate that it's a valid hex string of the correct length (64 hex chars = 32 bytes) + const char* owner_key = &config[11]; + int key_len = strlen(owner_key); + if (key_len == 64) { + // Validate hex characters + bool valid = true; + for (int i = 0; i < key_len; i++) { + if (!((owner_key[i] >= '0' && owner_key[i] <= '9') || + (owner_key[i] >= 'A' && owner_key[i] <= 'F') || + (owner_key[i] >= 'a' && owner_key[i] <= 'f'))) { + valid = false; + break; + } + } + if (valid) { + StrHelper::strncpy(_prefs->mqtt_owner_public_key, owner_key, sizeof(_prefs->mqtt_owner_public_key)); + savePrefs(); + strcpy(reply, "OK"); + } else { + strcpy(reply, "Error: invalid hex characters in public key"); + } + } else { + strcpy(reply, "Error: public key must be 64 hex characters (32 bytes)"); + } + } else if (memcmp(config, "mqtt.email ", 11) == 0) { + StrHelper::strncpy(_prefs->mqtt_email, &config[11], sizeof(_prefs->mqtt_email)); + savePrefs(); + strcpy(reply, "OK"); +#endif } else { sprintf(reply, "unknown config: %s", config); } diff --git a/src/helpers/CommonCLI.h b/src/helpers/CommonCLI.h index 8661d1e6d..361261ae2 100644 --- a/src/helpers/CommonCLI.h +++ b/src/helpers/CommonCLI.h @@ -5,7 +5,7 @@ #include #include -#if defined(WITH_RS232_BRIDGE) || defined(WITH_ESPNOW_BRIDGE) +#if defined(WITH_RS232_BRIDGE) || defined(WITH_ESPNOW_BRIDGE) || defined(WITH_MQTT_BRIDGE) #define WITH_BRIDGE #endif @@ -39,7 +39,7 @@ struct NodePrefs { // persisted to file // Bridge settings uint8_t bridge_enabled; // boolean uint16_t bridge_delay; // milliseconds (default 500 ms) - uint8_t bridge_pkt_src; // 0 = logTx, 1 = logRx (default logTx) + uint8_t bridge_pkt_src; // 0 = logTx, 1 = logRx (default logRx) uint32_t bridge_baud; // 9600, 19200, 38400, 57600, 115200 (default 115200) uint8_t bridge_channel; // 1-14 (ESP-NOW only) char bridge_secret[16]; // for XOR encryption of bridge packets (ESP-NOW only) @@ -52,8 +52,72 @@ struct NodePrefs { // persisted to file uint32_t discovery_mod_timestamp; float adc_multiplier; char owner_info[120]; + // MQTT settings (stored separately in /mqtt_prefs, but kept here for backward compatibility) + char mqtt_origin[32]; // Device name for MQTT topics + char mqtt_iata[8]; // IATA code for MQTT topics + uint8_t mqtt_status_enabled; // Enable status messages + uint8_t mqtt_packets_enabled; // Enable packet messages + uint8_t mqtt_raw_enabled; // Enable raw messages + uint8_t mqtt_tx_enabled; // Enable TX packet uplinking + uint32_t mqtt_status_interval; // Status publish interval (ms) + + // WiFi settings + char wifi_ssid[32]; // WiFi SSID + char wifi_password[64]; // WiFi password + uint8_t wifi_power_save; // WiFi power save mode: 0=min, 1=none, 2=max (default: 0=min) + + // Timezone settings + char timezone_string[32]; // Timezone string (e.g., "America/Los_Angeles") + int8_t timezone_offset; // Timezone offset in hours (-12 to +14) - fallback + + // MQTT server settings + char mqtt_server[64]; // MQTT server hostname + uint16_t mqtt_port; // MQTT server port + char mqtt_username[32]; // MQTT username + char mqtt_password[64]; // MQTT password + + // Let's Mesh Analyzer settings + uint8_t mqtt_analyzer_us_enabled; // Enable US analyzer server + uint8_t mqtt_analyzer_eu_enabled; // Enable EU analyzer server + char mqtt_owner_public_key[65]; // Owner public key (hex string, same length as repeater public key) + char mqtt_email[64]; // Owner email address for matching nodes with owners }; +#ifdef WITH_MQTT_BRIDGE +// MQTT preferences stored in separate file to avoid conflicts with upstream NodePrefs changes +struct MQTTPrefs { + // MQTT settings + char mqtt_origin[32]; // Device name for MQTT topics + char mqtt_iata[8]; // IATA code for MQTT topics + uint8_t mqtt_status_enabled; // Enable status messages + uint8_t mqtt_packets_enabled; // Enable packet messages + uint8_t mqtt_raw_enabled; // Enable raw messages + uint8_t mqtt_tx_enabled; // Enable TX packet uplinking + uint32_t mqtt_status_interval; // Status publish interval (ms) + + // WiFi settings + char wifi_ssid[32]; // WiFi SSID + char wifi_password[64]; // WiFi password + uint8_t wifi_power_save; // WiFi power save mode: 0=min, 1=none, 2=max (default: 0=min) + + // Timezone settings + char timezone_string[32]; // Timezone string (e.g., "America/Los_Angeles") + int8_t timezone_offset; // Timezone offset in hours (-12 to +14) - fallback + + // MQTT server settings + char mqtt_server[64]; // MQTT server hostname + uint16_t mqtt_port; // MQTT server port + char mqtt_username[32]; // MQTT username + char mqtt_password[64]; // MQTT password + + // Let's Mesh Analyzer settings + uint8_t mqtt_analyzer_us_enabled; // Enable US analyzer server + uint8_t mqtt_analyzer_eu_enabled; // Enable EU analyzer server + char mqtt_owner_public_key[65]; // Owner public key (hex string, same length as repeater public key) + char mqtt_email[64]; // Owner email address for matching nodes with owners +}; +#endif + class CommonCLICallbacks { public: virtual void savePrefs() = 0; @@ -87,6 +151,10 @@ class CommonCLICallbacks { virtual void restartBridge() { // no op by default }; + + virtual int getQueueSize() { + return 0; // no op by default + }; }; class CommonCLI { @@ -97,10 +165,19 @@ class CommonCLI { SensorManager* _sensors; ClientACL* _acl; char tmp[PRV_KEY_SIZE*2 + 4]; +#ifdef WITH_MQTT_BRIDGE + MQTTPrefs _mqtt_prefs; +#endif mesh::RTCClock* getRTCClock() { return _rtc; } void savePrefs(); void loadPrefsInt(FILESYSTEM* _fs, const char* filename); +#ifdef WITH_MQTT_BRIDGE + void loadMQTTPrefs(FILESYSTEM* fs); + void saveMQTTPrefs(FILESYSTEM* fs); + void syncMQTTPrefsToNodePrefs(); + void syncNodePrefsToMQTTPrefs(); +#endif public: CommonCLI(mesh::MainBoard& board, mesh::RTCClock& rtc, SensorManager& sensors, ClientACL& acl, NodePrefs* prefs, CommonCLICallbacks* callbacks) @@ -109,5 +186,6 @@ class CommonCLI { void loadPrefs(FILESYSTEM* _fs); void savePrefs(FILESYSTEM* _fs); void handleCommand(uint32_t sender_timestamp, const char* command, char* reply); + mesh::MainBoard* getBoard() { return _board; } uint8_t buildAdvertData(uint8_t node_type, uint8_t* app_data); }; diff --git a/variants/heltec_v3/platformio.ini b/variants/heltec_v3/platformio.ini index 6b61eff5d..a4f3706ce 100644 --- a/variants/heltec_v3/platformio.ini +++ b/variants/heltec_v3/platformio.ini @@ -51,6 +51,9 @@ build_flags = build_src_filter = ${Heltec_lora32_v3.build_src_filter} + +<../examples/simple_repeater> + - + - + - lib_deps = ${Heltec_lora32_v3.lib_deps} ${esp32_ota.lib_deps} @@ -102,6 +105,48 @@ lib_deps = ${Heltec_lora32_v3.lib_deps} ${esp32_ota.lib_deps} +[env:Heltec_v3_repeater_observer_mqtt] +extends = Heltec_lora32_v3 +upload_port = /dev/cu.usbserial-4 +build_flags = + ${Heltec_lora32_v3.build_flags} + -D DISPLAY_CLASS=SSD1306Display + -D ADVERT_NAME='"MQTT Observer"' + -D ADVERT_LAT=0.0 + -D ADVERT_LON=0.0 + -D ADMIN_PASSWORD='"password"' + -D MAX_NEIGHBOURS=50 + -D WITH_MQTT_BRIDGE=1 + -D MAX_MQTT_BROKERS=3 + -D MQTT_MAX_PACKET_SIZE=1024 + -D MQTT_DEBUG=1 + -D MESH_PACKET_LOGGING=1 + -D MESH_DEBUG=1 + -D CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y + -D ESP32_CPU_FREQ=160 + -D MQTT_WIFI_TX_POWER=WIFI_POWER_19_5dBm + -D MQTT_WIFI_POWER_SAVE_DEFAULT=1 +# -D WIFI_SSID='"ssid"' +# -D WIFI_PWD='"password"' +# -D MQTT_SERVER='"your-mqtt-broker.com"' +# -D MQTT_PORT=1883 +# -D MQTT_USERNAME='"your-username"' +# -D MQTT_PASSWORD='"your-password"' +build_src_filter = ${Heltec_lora32_v3.build_src_filter} + + + + + + + + + +<../examples/simple_repeater> +lib_deps = + ${Heltec_lora32_v3.lib_deps} + ${esp32_ota.lib_deps} + elims/PsychicMqttClient@^0.2.4 + bblanchon/ArduinoJson + arduino-libraries/NTPClient + JChristensen/Timezone + paulstoffregen/Time@1.6.1 + [env:Heltec_v3_room_server] extends = Heltec_lora32_v3 build_flags = @@ -121,6 +166,41 @@ lib_deps = ${Heltec_lora32_v3.lib_deps} ${esp32_ota.lib_deps} +[env:Heltec_v3_room_server_observer_mqtt] +extends = Heltec_lora32_v3 +build_flags = + ${Heltec_lora32_v3.build_flags} + -D DISPLAY_CLASS=SSD1306Display + -D ADVERT_NAME='"Heltec Room Observer"' + -D ADVERT_LAT=0.0 + -D ADVERT_LON=0.0 + -D ADMIN_PASSWORD='"password"' + -D ROOM_PASSWORD='"hello"' + -D WITH_MQTT_BRIDGE=1 + -D MAX_MQTT_BROKERS=3 + -D MQTT_MAX_PACKET_SIZE=1024 + -D MQTT_DEBUG=1 +; -D MESH_PACKET_LOGGING=1 +; -D MESH_DEBUG=1 + -D CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y + -D ESP32_CPU_FREQ=160 + -D MQTT_WIFI_TX_POWER=WIFI_POWER_19_5dBm + -D MQTT_WIFI_POWER_SAVE_DEFAULT=1 +build_src_filter = ${Heltec_lora32_v3.build_src_filter} + + + + + + + + + +<../examples/simple_room_server> +lib_deps = + ${Heltec_lora32_v3.lib_deps} + ${esp32_ota.lib_deps} + elims/PsychicMqttClient@^0.2.4 + bblanchon/ArduinoJson + arduino-libraries/NTPClient + JChristensen/Timezone + paulstoffregen/Time@1.6.1 + [env:Heltec_v3_terminal_chat] extends = Heltec_lora32_v3 build_flags = @@ -235,6 +315,9 @@ build_flags = ; -D MESH_DEBUG=1 build_src_filter = ${Heltec_lora32_v3.build_src_filter} +<../examples/simple_repeater> + - + - + - lib_deps = ${Heltec_lora32_v3.lib_deps} ${esp32_ota.lib_deps} diff --git a/variants/heltec_v4/platformio.ini b/variants/heltec_v4/platformio.ini index ba7590094..ed17387c8 100644 --- a/variants/heltec_v4/platformio.ini +++ b/variants/heltec_v4/platformio.ini @@ -17,9 +17,11 @@ build_flags = -D P_LORA_SCLK=9 -D P_LORA_MISO=11 -D P_LORA_MOSI=10 - -D P_LORA_PA_POWER=7 ;power en - -D P_LORA_PA_EN=2 - -D P_LORA_PA_TX_EN=46 ;enable tx + -D P_LORA_PA_POWER=7 ; VFEM_Ctrl - GC1109 LDO power enable + -D P_LORA_PA_EN=2 ; CSD - GC1109 chip enable (HIGH=on) + -D P_LORA_PA_TX_EN=46 ; CPS - GC1109 PA mode (HIGH=full PA, LOW=bypass) + -D PIN_BOARD_SDA=17 + -D PIN_BOARD_SCL=18 -D PIN_USER_BTN=0 -D PIN_VEXT_EN=36 -D PIN_VEXT_EN_ACTIVE=LOW @@ -29,6 +31,8 @@ build_flags = -D SX126X_DIO3_TCXO_VOLTAGE=1.8 -D SX126X_CURRENT_LIMIT=140 -D SX126X_RX_BOOSTED_GAIN=1 + ; GC1109 FEM: TX/RX switching is handled by DIO2 -> CTX pin (via SX126X_DIO2_AS_RF_SWITCH) + ; GPIO46 is CPS (power save), not TX control - do not use for RF switching -D PIN_GPS_RX=38 -D PIN_GPS_TX=39 -D PIN_GPS_RESET=42 @@ -121,6 +125,80 @@ lib_deps = ${heltec_v4_oled.lib_deps} ${esp32_ota.lib_deps} +[env:heltec_v4_repeater_observer_mqtt] +extends = Heltec_lora32_v4 +build_flags = + ${Heltec_lora32_v4.build_flags} + -D DISPLAY_CLASS=SSD1306Display + -D ADVERT_NAME='"MQTT Observer"' + -D ADVERT_LAT=0.0 + -D ADVERT_LON=0.0 + -D ADMIN_PASSWORD='"password"' + -D MAX_NEIGHBOURS=50 + -D WITH_MQTT_BRIDGE=1 + -D MAX_MQTT_BROKERS=3 + -D MQTT_MAX_PACKET_SIZE=1024 + -D MQTT_DEBUG=1 + -D MESH_PACKET_LOGGING=1 + -D MESH_DEBUG=1 + -D CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y + -D MQTT_WIFI_TX_POWER=WIFI_POWER_19_5dBm + -D MQTT_WIFI_POWER_SAVE_DEFAULT=1 +# -D WIFI_SSID='"ssid"' +# -D WIFI_PWD='"password"' +# -D MQTT_SERVER='"your-mqtt-broker.com"' +# -D MQTT_PORT=1883 +# -D MQTT_USERNAME='"your-username"' +# -D MQTT_PASSWORD='"your-password"' +build_src_filter = ${Heltec_lora32_v4.build_src_filter} + + + + + + + + + +<../examples/simple_repeater> +lib_deps = + ${Heltec_lora32_v4.lib_deps} + ${esp32_ota.lib_deps} + elims/PsychicMqttClient@^0.2.4 + bblanchon/ArduinoJson + arduino-libraries/NTPClient + JChristensen/Timezone + paulstoffregen/Time@1.6.1 + +[env:heltec_v4_room_server_observer_mqtt] +extends = Heltec_lora32_v4 +build_flags = + ${Heltec_lora32_v4.build_flags} + -D DISPLAY_CLASS=SSD1306Display + -D ADVERT_NAME='"Heltec Room Observer"' + -D ADVERT_LAT=0.0 + -D ADVERT_LON=0.0 + -D ADMIN_PASSWORD='"password"' + -D ROOM_PASSWORD='"hello"' + -D WITH_MQTT_BRIDGE=1 + -D MAX_MQTT_BROKERS=3 + -D MQTT_MAX_PACKET_SIZE=1024 + -D MQTT_DEBUG=1 +; -D MESH_PACKET_LOGGING=1 +; -D MESH_DEBUG=1 + -D CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y + -D MQTT_WIFI_TX_POWER=WIFI_POWER_19_5dBm + -D MQTT_WIFI_POWER_SAVE_DEFAULT=1 +build_src_filter = ${Heltec_lora32_v4.build_src_filter} + + + + + + + + + +<../examples/simple_room_server> +lib_deps = + ${Heltec_lora32_v4.lib_deps} + ${esp32_ota.lib_deps} + elims/PsychicMqttClient@^0.2.4 + bblanchon/ArduinoJson + arduino-libraries/NTPClient + JChristensen/Timezone + paulstoffregen/Time@1.6.1 + [env:heltec_v4_room_server] extends = heltec_v4_oled build_flags = From b8d6c32d917e3002973be2c4272233cc3874b9c7 Mon Sep 17 00:00:00 2001 From: dowjames Date: Thu, 29 Jan 2026 11:26:43 -0500 Subject: [PATCH 20/30] add mqtt option for Heltec V3 and V4 --- scripts/generate_cert_bundle.py | 215 ++ src/certs/x509_crt_bundle.bin | Bin 0 -> 66969 bytes src/helpers/JWTHelper.cpp | 198 ++ src/helpers/JWTHelper.h | 87 + src/helpers/MQTTMessageBuilder.cpp | 415 ++++ src/helpers/MQTTMessageBuilder.h | 213 ++ src/helpers/bridges/MQTTBridge.cpp | 2870 ++++++++++++++++++++++ src/helpers/bridges/MQTTBridge.h | 427 ++++ ssl_certs/cacert.pem | 3556 ++++++++++++++++++++++++++++ 9 files changed, 7981 insertions(+) create mode 100644 scripts/generate_cert_bundle.py create mode 100644 src/certs/x509_crt_bundle.bin create mode 100644 src/helpers/JWTHelper.cpp create mode 100644 src/helpers/JWTHelper.h create mode 100644 src/helpers/MQTTMessageBuilder.cpp create mode 100644 src/helpers/MQTTMessageBuilder.h create mode 100644 src/helpers/bridges/MQTTBridge.cpp create mode 100644 src/helpers/bridges/MQTTBridge.h create mode 100644 ssl_certs/cacert.pem diff --git a/scripts/generate_cert_bundle.py b/scripts/generate_cert_bundle.py new file mode 100644 index 000000000..5c9664276 --- /dev/null +++ b/scripts/generate_cert_bundle.py @@ -0,0 +1,215 @@ +#!/usr/bin/env python +# +# modified ESP32 x509 certificate bundle generation utility to run with platformio +# +# Converts PEM and DER certificates to a custom bundle format which stores just the +# subject name and public key to reduce space +# +# The bundle will have the format: number of certificates; crt 1 subject name length; crt 1 public key length; +# crt 1 subject name; crt 1 public key; crt 2... +# +# SPDX-FileCopyrightText: 2018-2022 Espressif Systems (Shanghai) CO LTD +# SPDX-License-Identifier: Apache-2.0 + +from __future__ import with_statement + +from pathlib import Path +import os +import struct +import sys +import requests +from io import open + +Import("env") + +try: + from cryptography import x509 + from cryptography.hazmat.backends import default_backend + from cryptography.hazmat.primitives import serialization +except ImportError: + env.Execute("$PYTHONEXE -m pip install cryptography") + from cryptography import x509 + from cryptography.hazmat.backends import default_backend + from cryptography.hazmat.primitives import serialization + + +ca_bundle_bin_file = 'x509_crt_bundle.bin' +mozilla_cacert_url = 'https://curl.se/ca/cacert.pem' +adafruit_filtered_cacert_url = 'https://raw.githubusercontent.com/adafruit/certificates/main/data/roots-filtered.pem' +adafruit_full_cacert_url = 'https://raw.githubusercontent.com/adafruit/certificates/main/data/roots-full.pem' +certs_dir = Path("./ssl_certs") +binary_dir = Path("./src/certs") + +quiet = False + +def download_cacert_file(source): + if source == "mozilla": + response = requests.get(mozilla_cacert_url) + elif source == "adafruit": + response = requests.get(adafruit_filtered_cacert_url) + elif source == "adafruit-full": + response = requests.get(adafruit_full_cacert_url) + else: + raise InputError('Invalid certificate source') + + if response.status_code == 200: + + # Ensure the directory exists, create it if necessary + os.makedirs(certs_dir, exist_ok=True) + + # Generate the full path to the output file + output_file = os.path.join(certs_dir, "cacert.pem") + + # Write the certificate bundle to the output file with utf-8 encoding + with open(output_file, "w", encoding="utf-8") as f: + f.write(response.text) + + status('Certificate bundle downloaded to: %s' % output_file) + else: + status('Failed to fetch the certificate bundle.') + +def status(msg): + """ Print status message to stderr """ + if not quiet: + critical(msg) + + +def critical(msg): + """ Print critical message to stderr """ + sys.stderr.write('SSL Cert Store: ') + sys.stderr.write(msg) + sys.stderr.write('\n') + + +class CertificateBundle: + def __init__(self): + self.certificates = [] + self.compressed_crts = [] + + if os.path.isfile(ca_bundle_bin_file): + os.remove(ca_bundle_bin_file) + + def add_from_path(self, crts_path): + + found = False + for file_path in os.listdir(crts_path): + found |= self.add_from_file(os.path.join(crts_path, file_path)) + + if found is False: + raise InputError('No valid x509 certificates found in %s' % crts_path) + + def add_from_file(self, file_path): + try: + if file_path.endswith('.pem'): + status('Parsing certificates from %s' % file_path) + with open(file_path, 'r', encoding='utf-8') as f: + crt_str = f.read() + self.add_from_pem(crt_str) + return True + + elif file_path.endswith('.der'): + status('Parsing certificates from %s' % file_path) + with open(file_path, 'rb') as f: + crt_str = f.read() + self.add_from_der(crt_str) + return True + + except ValueError: + critical('Invalid certificate in %s' % file_path) + raise InputError('Invalid certificate') + + return False + + def add_from_pem(self, crt_str): + """ A single PEM file may have multiple certificates """ + + crt = '' + count = 0 + start = False + + for strg in crt_str.splitlines(True): + if strg == '-----BEGIN CERTIFICATE-----\n' and start is False: + crt = '' + start = True + elif strg == '-----END CERTIFICATE-----\n' and start is True: + crt += strg + '\n' + start = False + self.certificates.append(x509.load_pem_x509_certificate(crt.encode(), default_backend())) + count += 1 + if start is True: + crt += strg + + if count == 0: + raise InputError('No certificate found') + + status('Successfully added %d certificates' % count) + + def add_from_der(self, crt_str): + self.certificates.append(x509.load_der_x509_certificate(crt_str, default_backend())) + status('Successfully added 1 certificate') + + def create_bundle(self): + # Sort certificates in order to do binary search when looking up certificates + self.certificates = sorted(self.certificates, key=lambda cert: cert.subject.public_bytes(default_backend())) + + bundle = struct.pack('>H', len(self.certificates)) + + for crt in self.certificates: + """ Read the public key as DER format """ + pub_key = crt.public_key() + pub_key_der = pub_key.public_bytes(serialization.Encoding.DER, serialization.PublicFormat.SubjectPublicKeyInfo) + + """ Read the subject name as DER format """ + sub_name_der = crt.subject.public_bytes(default_backend()) + + name_len = len(sub_name_der) + key_len = len(pub_key_der) + len_data = struct.pack('>HH', name_len, key_len) + + bundle += len_data + bundle += sub_name_der + bundle += pub_key_der + + return bundle + +class InputError(RuntimeError): + def __init__(self, e): + super(InputError, self).__init__(e) + + +def main(): + + bundle = CertificateBundle() + + try: + cert_source = env.GetProjectOption("board_ssl_cert_source") + + if (cert_source == "mozilla" or cert_source == "adafruit"): + download_cacert_file(cert_source) + bundle.add_from_file(os.path.join(certs_dir, "cacert.pem")) + elif (cert_source == "folder"): + bundle.add_from_path(certs_dir) + except ValueError: + critical('Invalid configuration option: use \'board_ssl_cert_source\' parameter in platformio.ini' ) + raise InputError('Invalid certificate') + + status('Successfully added %d certificates in total' % len(bundle.certificates)) + + crt_bundle = bundle.create_bundle() + + # Ensure the directory exists, create it if necessary + os.makedirs(binary_dir, exist_ok=True) + + output_file = os.path.join(binary_dir, ca_bundle_bin_file) + + with open(output_file, 'wb') as f: + f.write(crt_bundle) + + status('Successfully created %s' % output_file) + + +try: + main() +except InputError as e: + print(e) + sys.exit(2) diff --git a/src/certs/x509_crt_bundle.bin b/src/certs/x509_crt_bundle.bin new file mode 100644 index 0000000000000000000000000000000000000000..1105e5265a9bb2d9a0bddfc14901dd37d3347a41 GIT binary patch literal 66969 zcmb@uV_=@^wly5vwr!_jW7}?QG&URCw(T@#W7}3^H1?ady4K$P_Ivi*{hf3E<+<+s zc&?c-#~gFac?TdCfDMq0frSy80TK*Y83YU&NJN1Vi2>n{4^S|WLZ)U`t~L&4_Kb)O z@PC{E!$1fc**Tb*SnDzP0TMC5fTTtEpts|p)+ENhVOW_FZ&B;tt!=Z>$ACAB zO~9SFex>=&BKaADG>fq)`m2O8mwYEeRYbcOML$vfbeId347tAZDcxpOY$pI3Rim&at6Xdcvi9zpXK5Q1~gaUXo_B1Pl#9$-6Hx~L`|1H5oW88oN8bjK)`?ifB+mo zWDM+#C=5tHLkg{AWND_SXk%?;r^krTfcrD3Xuq5iDA?FI5D4-UI59H#0sY@02Kpn! zK<^<20tD#kI3~X!%)2rpQ})W}Q$~x?dO0WTRP=G9osJ1NV7xdXx%gHvZRdetbXkC$JiI*qCSQ!P+qZU!48r z0EBPCwGW8fyk1$iPUYN77$PudAR|ppv^%+zFce!U_4|f(?79aMXIE&m>+#KiPmZ?b zE@8MY%C8h@FK}*7Ejc*seb5FKs)@%oc~{rCMYCI3L${Mn!#egl?arnj3r>+vpOZ04 z$edOwBoPR3X1vjyX-{o@?!;RaL0h#=2WAHy(LRP~gx#Tw&PrWQhq&@e^CTDRt#jf{ z-|GNxb`Rl%&qPSiB(T-7e=;ygV@A24C9_cU2nlEEu|DA;1mGCTG2NE?LRZa6eZ`ht zPQPoT*CP+f!5gO7+-kDCs@UwL&Xys#N3hAmq#Hma-#EbBx`s-h?@|cv?kmCu61e8d zI*>raRh@^V4Ze27w+m!J92M!e671hY_uabrTdkXL$H_`p=wl{^Fouq zop7=ACGeYhIreZ9^y#(8i)Ir<$K^yzUdea_2rH#dfs*l8H%Q|$ck}`el6rK1Ug5fi zq*WppE2rP;E$1B^iIr01U?)DA0eskm6q1%U?An6W2qJ2$z|MOmYe2m!diKXWJjn^J z7c%qzauqV=09G;zJ>RoV9w0|HjNUZl7NkOh1&C+afn0%5-avBmAtq;Da{01#dR?^P zvd#Ba-C_b$@h}2)L}H}GMraS4e_|`JXn4{*t4%5bj9DW$U@w|ATVD%J=3*!J5g4nU z#Gu#%VM+>(R}ou7~^^`6CA%_Oj(f; z{+<2*C=Ruc5JIeedHWGtrr)9 zovu?%@6-r&9~}Gv>C1s=181@Y-DGO>C)rv6J0e!Z2EozUq^{3`i3fO(*>4&!@5N24 z*B6?dKH%zQ=D+%}73@i<>+qR%A(-SY zvsc}^)jkOQ2a^azli*_`Zs~CSk1P^6TFEa`bhC|k&s1#R9dDEmcsrOGG5wV7eU_L+w!@AgIL*RcHUy~L9{7rL3;$ZMT+G$Bsc1P*} zj7@qpwVVegnmTqC3{$t9UC1@S*RMi@eG_&xqfko0=}0i65oAj4R(W%7x==jeko|Dj zt5PdLS}gTrC4q)jaKaKxlLD4tbakgCX!BQ>#-qtyPHrSc{Wpmp?j5Y4B}gngSB4Jy zG&}&}8WgWgLajk-M&v-YT+0%7_{(E=gv!yf@F$giTUi!M!ZWQGpMp-gX*dFxKdztH zDIdG$RjjOeRJY)aKd;NOI!(aeyWpF%$%~NdX&z=yT;wWydXR?N(AW1(_|s9pz{(?7 zK7GP&!}jW{h-A5yGq^}darN}t5Iji{yZ}VBJi=ppjdJX=kio#; zHQzW75Fi-DpFaQtf&&WxfKVnC_49jo!KNJmVypE3P$+1jtwlPRrdxO%>RT+e!ngP3 z;!3vQ@L(?JlL?IUK{wSGR`nE8!>wcAGl4iZUI*X;aQW|lGZqG?ciH-nZw5;33j#m{ ztPcP(T^7nNo2Ll-+8ydHS?n$%X;7_yON+e%VM{m-aA44$O8#`gVXb|{Q!wOPnx{#S zEUb;T@^XM+wUfTN)Bed{|LU_LbM^=c{pXh89I9-`d*4cZuwLI44r|J4yhl1M0G{`( z<@$vh-^=e`Y8eU!LPSPdiB>^S`fqZChC$#LBv9ZN*C6=&(Qos%#n#77D$v?{5ZS7$ z-xCKQDT)S$xD_FluLP?xDEK~2#r$dCJu)mdvWQe$9dU(?u2CKxzXSpw1f4{!lwAU2 zV~=B2^<|-(CI&EOn`joeOYPZN^dyScL9nHqB|`dxlSyRtpbZ1Fnyps-jfM3rpj;EO zm!(9W_!I%=Sz8w+hEdV_>-ic~G~stFlUMIDdP@;AoxcHpgr0N6qcSRA$(rQuXWD)~#dnJWQ-zHOwXQdMe$M@f96@IHT{essMYsJK8-B#90)9x4tltJ25=IP7Q< zIn%Uvr$P7g)zPQP0Wzv<@1q9r>U{=gR)sy?ejL{pp8qh$`n9%uGTm3Abhj2z3peUh zN^ecYN-*JZG=!he6+@ojezaeuGKKi5=0XX=2e{WLDa|yIBmSFe2#0Tz!OUMh792KK z{ig)s9654G`6!NDM&M}ZI5NV+tkH1j$@~zucZ}kpK)Q79v^DP$wkKQMB%jvV0RXTx zDR!pQ?RlAkl5>XS=@-_^nd@YKhMD(0%-oE43^+fPGAh4=jXi;qouj>jk>Q`68508| zBO@#W^q<-X2IP$s1k3q+=S0;!qY*6-z-Ys*Ait?)s-5# z+iG1ybvLsK;6@wRj$vLK2fL$E1}b~~4)GYhLBv-$V5&QFf>j_?SRGXJ=N-T9hQ16# zNXtC+WN`8U>_lok2U|GhqJwJ0K~)cf_KW zHu`#&1fooTD$C#UX5T)wjmJ3|D0!YQ$+FD|;6qAk2~!VIkRE>w*T^?hY_LA566$Uf zbRt~p(+A3sxLlX^Sc~jD*j%sSxVplraMn4;2lU$s;l4e$6X&?>DB?;uEMV`B*~wEn z_c9S;%{Q8TCAau4D%6Xih-x=3lC1^PZANY|W|6N-h=m38L`qa@uz*09kErq{mR*kv zU$MQXRD$WTI3u`P{SY@r0VWlK%ANwf;7Kg_GFVL7A_iy!ZCrUHOSsV`y{l7ps%>>w zp>GVojSIF}*)~tFlWT?^EcRD!se4XP(6Tlqs9;^zs!28?u@8FGol5#_MLaSQf3;~8 zOMs{mk_ias1X3cP-{@48<>HJcT<9iaRU$YU_$YdEuF)y!)?LAcE~llx2rntIO8scv zW*<9tG9Y)rpSV!sWwm&S8x`8ntQOlM5laoD^5Sz0aiK$Ljg13S6%`j!vC^KGNjMyW zd9u;)4eJ=~)rC!J-g=T39VZ&yf~@7qjlL5R2Lq1Q9yls{k2PCkTgnmFc8lYKq6^>X zm$(I}%nZ$_(A~XFv0brR(J>h+M=JLpM7Kj7kTHp>Zo$FjXP?U-Rw;L2aJZ0UgyxH6 zs>uegmavjyOpneZM8Kw1gw;~HVc@?sfs%gXnBdB132Agiq8IJ^UXodt=kRkstv-HfYEnOM07%+Y|FNps*``Nz;GyXeev2Jtk zjk9t3AQ}`{liwA3@0a9r6g4QJL**H4S_G(%5<}vqm6?a`85&5)f+2^Eus+EyNj89~ z>vPD`u8YaWH%}P^$sOZ%+lEZMrY-}bGcgE+gQ3{XxVTJkC={{l1n{pp^8fd%EBxL; znq-^BKUyo>o%*`}MAWs03~TOAgp8BKZE9f5ln&ewk?;Fu*@XddVzrjKBepYgw->o1 z-&ATD$P~??qjn8s*Me$|9bcDb<>oHOBcT!Ib0FO%=efe&=uFx}SO?q&V`GM?R&3$T z-W3!}!<&2VZct8t6*|Bxp?+?!*q37+U@l$-HzP@TmLa? zBWXD2GbwBxkv*ZqphTix>qSGCha}gaY+bP%2I3l0q4~N)SKY5wC^KY;S zZ*uux=Y&GBWwMXzD{O_pQard3*TC}dq`qYMp3_8kxeLj(if_V6sKmC7G_1Lzhs3Pw zg*e0(?=S^)$OPm|s*h0jxkTD3O#-o}gzt$TZ7SL2BZARGhj(jsG~`q(TBkSZ#^9@4 zJkVapLnSqw^f>`5VH+v5NX4qivu5)xQm#}gIC0T3@TG-L3aHdK1_R~?aVaK_<)KAg z8JD8h4Crol3xdL&rD^KgfN2G3l0WbvW~MWDH}0{jf_jsWqZ5SVJYPO7Gg6A5-az{o z$#&n$^iZTfo^4ivKQSY^5z0anB7EiJEFv;~18KO+tU)*o2{jg0)S^5UJ9e@n<+eU6who!BZwG?VxnK{pTl#}9nf zuYN)wN;R-TEezB?)T7RPMKp8AQ#uRBA}Y5_`beyvHbms#4K6$Cy{$To^trXr=*rB| zpgrLUJ85jUxaxLFrg$mTmSl{Lr!BGf(z2v-Zvxhu0=62iVOZYX1?3w7z4sG}@)lys z%N$frCeV)lr(;%0nkKsgULM(UnpV2N?L4Qby*R3gg0exa2uZLvB$0BL5fpIN&616< z!zxr+v=Ghq+lYSk%HROF?vP`AlRn|dH!F5FY8T@#G4j+rZ}QGg`Z*^iyu7|&HdRXG z@bTSJ$_zUF(VZ`0xi;?7_3BuYLpf_txUtwjdPT)fEFqy7E+YV;^1sRU9^>Q6c z{}Hozv{CZum49vRCM$I3wtS1*CADqw!rLvInQAqHK(mt8 z=6l={+h=priAedp08JB+Yy=V;Z3@5cB-KSRO60Fw9Wl}y0WgXfsdyy0vQZbg0nj7Y zl-|?%YG-89L#4&;sY{O^)`e72_wK_7m&CSV(a3S}2EPQ5Hnx;1^N#`(Nz%qdgzbk^ z84n!3Q6F-bFHhHf+cHfLxpxClS-)0JuzYGUT+f(ca5zUWD)iVkivQJUbrjYba_p4xsbg8`ZMN>q*P(>faEbAWLJj()A zcUtBHT%213kHoxh7dwcp@H(g1EY-9w&+;*qux@~-o%XlF+qvsz#3Z)|@4aJ-okY?F zjCk|$y1{`pL};6mt{UfRl?l&VR;2)vo=_6VnL7^zMMb6|QqXj{QoW}4Pd^-;0OE0r zsfa@kNU;NC2E%pPZ`l|h+KDpoBJ4o}52XqKSoXzx>Gg(gc>7^NtM{riIoGx6nyGNS z)PuRx%p0;TwTqql<9ihlMNu^gT>CZ7Dn`4=&|=@*x`uu=`3W|mcV-j#yWj)EK=KO;s{GM?GcqDD!2L;OFyL~M;(r|fD(e6E z_|KV`u;Op2Ev=-iQ%@qPiayCW)#20RQsT?R_O9_cKE5b(k5Jx5>NmW>|IR@Th)Dl`7f*70Dg+X1kh879?Lf-rcq;2yhpq+oU=Zdt?*z=6d(EajPIKOG( zfMRUZVxEI*AqpkTdmWI#lUxZdZ5%vtS${Wt?Av56>Ww0#EzX-T zvj0Ar&i!UE4%9Q+*J69HrV9gqpzMB)lkW~2pDXjekRHtsBn8D4^@oNsC+V^y@FwwE zQ=-o2z)uC!AZ6K<=JyL6^XKj)2+jZoSVgvST@kYlymD>kkb;Yq4TU(oK}7j3_`=n4T znF6wQ|4<($mnWkiauG!G_(h;Q=y8sgl1jtY&Cq;-T-N}0WnBCw0zW#03H{z)uxVN& zE>LfN%Mt3x)z~Rm*7g{LbRJ5>EpD$_5}gme=45?BY}W3&cN7+1A%n59@D4pGY-U+fukEwTDgWSiP@ zSmq?=4|?_fa088&tUT!Ix>T(e#3rOenAQnvOP?T06kwVNlGH)NFAe79$TZBCS*tX9 z+*lt!E2mWeD0okRG{3Svrgx!L>c1vR33@4`bYRs@TlG{q87Ej!RmVFA=zzfM;~F^L zS$rSSO#OVqYXW-l3J&2jL9qhbk3vo#=y^fD{u>E+>W= zXSsV=khFLJ}ZwZa*$)khE!WaZEyA<-sz4lKF@mTlJ&bqOf%w!(9KU=wq7YEu2U zB}GhQZgPFfKnrSX`WyW>L+*;^YB!BpiNUQm?w&N}t_ z#YkrVyl92eI-msI2N)^ShqF0!*n3;m2GU*1Gb8P)sWWbLXbr)>g1{q^%xzHcRTcrH zn0XF|N-2K7l^=y-Q*~)q%%xX_U41e)*BMR*`#}9flHCa(Wdjh)BqKnWaj5BKNX0kw0{(LDx>{xepU1BY#zd(fN zT*B`B%AtO*TAgcO_zWxamn_E|1#-O)m+Cx`a+~e0+}|w|Uv-v%jOrt`CJ|XSv^y1w zd;z|BrwFH@&Y=%NDV`WyrFf2-AqDoJUjSxy`nOFfj9|wakLN4y<#hJ0K+f-ns8A2? zc&zWdh3v6fQyf@A6Uf*y)%B<>^K; zyhWV{1k^EuJr|CS=eRpx;mhl!#jJ7UYX2dU3@(*wDMFivj-O{?;m{A-<{NbKiYd4d zCF+F7t_s{_6c=WJK&TS?h9?Ku#&;8?R|5`*ym1+0@-1`_wB@oCCzri(Uo2mQCjO|{ zNnbP!K@nU`)p9#l`fDZV$ZEHQPE#(u@yzg2GkTx|GN zxe3}>SsB?GnCV&m)+4*cmNfyV&OyBaBO1X6tlhB}1``seX%#0$nIHewSVkk;&(9RE z`iNAd3AY`Ej~9qpRN6q>{0TO+rz(Kem5H_$N1y#ijiv<8@R;qVLxGO?gTeI&A~D1M zy|R94s|wJI$2sVU)V&M2{4g%j0%A=!w|nM~P3I{|I|SYH6d@DwPtC%oJACMfvkn)~ zjN8;?=4n!@mE{DyEy8Y~SM6zLsFj{F1O~mVPMqLCL+mdDqGtz}PPq1{Ka%nr2Hjkj z1WKvBwO+@`Wb=%DS*wIvl<;sEn2a*^x#M)?WZZT*XRSxEo*t&zD@mxzRDp>oV8tE1 z8!46@J0o{i;anO2SK=*Wckr-1pyI`mrIN@YhFRr zk^)F)Wi--3VysLe$tP5Uy|C32(6x^6k>|AO`SOxjakbMZ$!6(+&o;udJz;jdBU^`@ zc>Setk_--j@|auXf=9RWqulf=8NYlc3cCPE-e=Wf?4VQHNB6UEsGSny5X=$&hczKK zy@_pSkwMSf>sVj5mlc*vJFhDkwDx+`pYaxb=TqTd_*CE@V;d-B1bIgr6+J^Udjcsl zE3HEz4B#Cz)TQsS0+*o_&O)`dCR!f zQ#Hg&8$wQ2r~HfEwM1VPaW+_SS96@H7#;Wn+A}XCC1w(P`sGXcZs$z3n0!hA&m%`XLql+H6PA#weV-|w z&%MCNkIR`uFh0aA!$cWs0e|BRBlu_?VZy^X|LUn3Jf!n9s<#@(>^vjH#0seo5{rhg zm`N`B#6`Gse~hd7zYI9$-zvsYRRJ`m^!?gbnWfX#*ZmjW5;@BJw}E2jg9S%QO_@*qoA`*IskLk zCv5lODV^SGR9uCr@iX0&4)Q2jP4fX|;q&R(&#^mqq7aJh%G6Z9D+LY?U1=`UENe$v zbLa6cKl$yg{m`lfWwr@r8=pj$dFzybVUa5QM%XR~qI_J_n(-uzXNbD43>XgN)G(6s zQNXN?zTH$1O(leiT`%UPuu`UL1jQ(xT{0Hz9At7ZJ$MD$-M6ZShpN|z)8*^gs!z@I zOiDWEnT3W$T}0#DczRDqfh0XzO{OUqm`$Z;*8Td)C}mM{9;qPx`Q<0FtzhYU9qWZ9 z6l+Xovm!44khoq&W#k-r7ry(Zq1-d~76pMXnJA~A3L5GvMM=*YAE780S7l@1klWT1 z@;Aa#I?B_SgU=g$tFZft6bEky&XQ27`#f9}1~0~~opt>S52>68PSpU>8R8DH!Zz&< zmds=0#bxR%Bm#Q#h!~zBPfdyJ3xi>l3Dx?xIJ2nMhPR?Om+Z?deVPuS4db%Y!!h6L zreRKE$bv%aa<@K5(Ln8uS((ZoFMkB}4rAI!*0Om0#J5c}SYK}_JKy3d##?L#v(Or7 zJ7nMVkt>5#a`}z#_`e36pco_S`#}HCH69p6XES?y#rNG#0)Ekd>?R_k{qtDV#?tVQ z%|zP&#O$luJ@X19fkUz`k)uTu;);#c8gA0|j}<_sYBN&xcKdj@X9=QTU?$ns* zZh+ElUu#G)RBXylth3oBbB+n$)JFiyVu8<}i)EHy?}%vechluIU&*3ASzibIXf3@b z7dTR1bt=TyH>?r9JWcIUeAZF82UQAJumP&js60TV&19aGWPrRfwBpL<9>6Klrx5Z$ z@;$@3#P3ZRr@+>XdJ2f-M;+O$#WINUUN_W$6$5)T)ovyVvkn@%a-U|y2un!pWd>PP z4)|<;t&7|W3=FgfbU6P)^Wj=}@LisCEz{^C`tn%gxN*kpi_Tkn5-+9WcdsISwJK7U z0{#J>Hdwh~U|@I%4g3Uq7yZsEI}|gxf<0h3mq;=SfeUbGeF6j%4w1(a;8BndZpP;X zUmC(CR3c*lo+GvV)`PRZZJSzqMx1l68C`3a%b%0@RF-NxAFCd7#>`UjFMII=2k9NuCv@kuR-klT2;pJzQuU= zUx0g`zWiEJ|E**sV8Hvc6NW+mRWkl%_7MmR3jVt(3@n2VHfjd&WR5FqBPVyP+b}B5 znEq8dnHD(Dp3-C9{3z1VHOi-hNX#;NIak}E*p>3O{6O~8&kz8PM{&^ZbPDOjro>=^C$aR3{wq(SDBuU5 z;!U)N+hu&k&|hu$fsjZU(x1_=VM9U7}Ky5+T$ocfs29 zL4nXZtBQ$%zsAG2SzGpu%oVo69Nu;VJrS-Ouc4PY2%KLy(34&tStx5puVifK1VQmV zRbW~?-3{vouP=8;%~#HO&vJh`TR@ZgBFt<-J{dTPLu+wW=6M-Vazim)aen15i4*jU zoX2UGtAR*8Pi{+o>Pu^7>>C?YkFDl5`Vs0;L{{2G>z-O{2gH9w`?lV^&gfYnQ=W{N zV1x(d!S~b%4L}ylFv%EVBHVq4x+~)WFeQtI1&_21pMaMZAu)rL-a=)MkFIcj4RdTY-z$vtbJ9LF9CN|I8 zz-C~~s!?)(H6Jl9T{W7_&6G$5C$#X5TIp4PTqo)RN#7~eWQ#lCX?M%XfOe{Z9>{o^ zNG=BJxu?p@`I6m8YF7ZX^E2_q-w`MJOV<3?^LR&^Ri|tkmf{Jbx!KpmWIOT}Kkj@0a61VxCx8#@t4?DE)(GrZ z3!Li?XqD|x=aU}pI5SIZs_ovyx&S}Ye9c`G&1t#|e^ z$LGdUa0B51=MI4NpTu{9x-&=Fu-jqrP?b>u3d|%F*g=o_(ITdMQ>Of=xms8q@8spxt_H!^ zcI$z?|AO2*QU43%{@?EFKWF|w-PiXj^A891-)s{a$w^d(yCzDM;y`@M%N=`FSK)Vl zA&VDi#T|oKv9Hy1yqZXt@w@K4*CPwCoDa~n`#k-!qF=wE7}j1Rq^2(bIq>MMiSYfE z@1<+;8#UAS&xMVJ1j@MXKH8E|CQ_FO0RNgd?*)^Hf#9b?!xXi#F|joIxsF7jXk_PP zW?=N*kV*;uJwXFTh89&){CSE0VEX?R5hx6AC&xLBYqc|;w=toJk2~kZ@4=G^%+L1r zHr)H^V5QBRE-5K5T=IeXw&r2nAGhYAFKPX}`A6Pi8&Zf)QK>@NJu&%6eoeZ;%0i0Q z1(eRQY2kIhhA6Bw0`rbc4RYQfhNa}mGi3Beh9M;>F?de>G!LEb=EO8)Q0ti3g>+Ak zTX1M=%Y-`Sd{tC6cy%V@rC)c~23?_*B_>?Mq8AyKFfdQGYkoXM1-v)eUNOXL;sLj5 zyyDpx&R}ZPM9A7rw{SYg`Sjx=6~m}RS<_0Mq#pmMt~S0dXs!0!pgLB|att|d|4pf} z*cpOD<~D_tDy9a?I#Q~7u?M@YVZ*z9KZJ;bjGoZo#}CG#&jt^G4=yk6TF#G7L60XJ zHE^y8s`c$;=ktJ5$7oQkkcU{cbKeecikDvr88q( z`EhpVP>)s_w-*6EnmJ+$SsZ zSS-m09Hu7;r0z~R`)17nnC&6quN9|kNA_)RU$#d)yQjw`>LNfh!^Gn@x-}=QbuQ=_ z==`1^+v?Gw#P)*I`qC`ctB31>FP5*Pn~V(aw4^Eyyo_~H7Mgl^2Pcs;D$aI=-9wb` zLhy))@kL__9WNzSnM&)dFX~Y%-QyCRpxdAJ2RIVjSXgyPHmTk7EASSNY0ykvhP;aTcc2MM6L{q z{0<`ziQpJ4)fVyK&OJ*chEKJ6Y|$!IGs0}kBvMr&aT$K#z*+tsi^$$*n&FOAV1S5= z3#lTJuK$}8cqu_6tGMc6toVTwnjNDFb)r{j-axzxQKz}27a(CRG1JCws*shsruGd$ zHcnciCEuF;T}TXr#xeI0 zI%mAk*IG2oKae>)FY52xAc=GpMum#q*DvOLig z@0OTrjXDV`_x4K-JmCROQ2?A~%`9KOP#iMmo-GFgTqc>}Dh3j%%E#Hcw^ws&yoHN~ zZMc{ieSGMb+WQvB02P7m#d_Sg(F&K|6%n)({2{>Pk$0eM6FD6eBY7h3rY5%jnRsSm zu9sYVGm|?FA}>svig5Fpqf~L((`y0?Qn5`N6l5YtA}Y+u4>sq1dH}^)Gnx(DH;otU zQ9;L`uMpt1;7|cup&^#T4j59uy;>K|x^RuO2iSP+3S^3JTP7^<+Gg)dHo3nJNcT;2 zI|EPed9hjBhqV0s#3}t{vo65I%8_1qmLr(bH^NBuC<(1yz0{)VLn@aDc^*#Gvt0Ga z60P;VhiIa`U}4*}m=sI5EFPX@51rc%G}COIN@(I|4fs+bC)%ML1l-*jA>!!ZtbVHf zg`3nmH9UHT5D09g+=gW069{LV1Z};kk&yIHxe_s{=Y*x=Xb{EidK8R94iy2nOMNwA zQ+o(Z(x1WzIJw2~nFG{eS4JQm1NuG3eK|1WP z3(0B4HB#Ibv>*u@z2lo@FJW8N=hxOBHp?yrWULi0F!H@4jdBGJG+2L=6(4-2a-_Zc)Mw(cC zVe+^xwzi%%w8wpHt?tFkc)41d7JLAo3XV1F`gC-u7_+O`4+uE3ikWC&Mj>%$G9$Iy zq>|72uuR=g6blbgSo1cr zUQwrdx|Faxd7oj&M0p_1x*W4uxlkBvl9+Sl*hrfS5%GdccG&8grPp@%4M5{otCCnZ z!2WUF{p^UZEj*#mM>vzTtH$v+sCJ0YlrWjNSeY=Sr=bW}V zL~JKO6NpWI=x@iU*7y0COSxrL+vEx=)Igy$C?pS^0zjQ)gZ)vP)*n0-Y4=W(>k9bg4F>camr z=9vEz%+-y+A(%uSp(GVCQ9-G&d7DZN)Y)(nqr|*ndKV0rpVc{KxE+RJmsv2bJVGl< zRrM8MxpId}y_Ii}uFEX>F+mHh53hum=UJnD;VLwgWD0pgL;K)$EVw=6Akm`_We>F` zUZ*-;4Hb}K%e|gA(#3QI$Uz{8%{rx6S98`EXXeL?)<7YWvwjo;c`DchDiRuaqb}Nk zZ39S%(EL&|O)-qX0XdA!Hj!RY!RO#g4fK)a?UBIDbLLF%rlsyX!z4R#pq-vDrI@;@ zjdLNLZwI)vP1Sg>FmepaXRs*ztotCd8o2XsA(+QUIC{@+mZ7Wjz|fgwEl6v#N*rZm zdCW(SzRR>@@UpwWQ|G8j*cQ=!K+$o=K!i1->tU%9KF!Ke4Y~AP^UNm8UcE*2AVSBY zPy1@kcQ6<3)HPk7DZlaQ({hQKtrByK9lJximRKzpGbB&=*Z~I@YKm0axq3hV6B<=E zZs8QvP~|eN8-v_+IULxozwxM#CXykA1th3qm037K3-KUQaJ%a@ZbzBO?wxQ;>H3(d ze!v6Nj8Hxp*ytK{CT0Yg<)=dd1@hi}B{*jNj#y4KuFA7M#9)O0958nI z7LL}?UCSG6sp}mrn{anaTLH)c4)W;ew$CZ$7#}DJ(|wYUO+~wdoKT!-V?)Gx*>Sc%%EIiUvQ3P1r+N`9xP6Y_PJuUccSG4+_2k$R;zZ5}o@>pjs? z^}d50NM~c)1J^C@k~)I0JO}fT)ueEPc#hLfyG^eT3v3~5zP>n6*PzH@@y8;K`PvY5 zUi;wl_`t)BXt%gSAL!KQO4D5u9Ve1(GV;YdTaLJh>(-ZJ^Yo&*)97+>#O>+a9(Ww! z+H+x3o6ERqHL~T)NRSioGwITIVjHj*ldH`)|2EOi1~d#2Gn7%#yOkO7a*NTj-3Dku z5*ev8c9kptnQyI&j9dAPJmm0Zk(>OW>ZfC zXg(0p4=mCjq1ni#HX-0JP8d7NU_ga^K(2yl| za413gc01jSh{_Bev&hBHX}|zB)knlep-+skDKeT=K2NP}NHTYZ1GoMJq2Wk%YhX1F zEzmL5@);+ca1Wl*41M7ls($^{Cw(NgKI~>)Jy#8~z(5pwi=T;we<`(Qskj7gjA4o8zJ~TZ+y#; zxnL&loo2ehsor2l*Y3Nh34J(kZbTWTl<0vk@pd#4r(!Ugmo#&=p|AE7+$?t~ zciuCF_c+2H6*S@T9~Vs!6upSXWJu*NNJ&@`brAYbf{a6aOk*N`o@xoGzIpghTFwCGN-ns#S-(0;L#Jt_l4k&Hdq!RQ3 z7awx%L(eMd6VFV?c%&%=9)zixutk*7%nKzcA6gSsIz@0#aN}^hjB4?71S?fCvumO( zkQ#NZT%d}FiEjU( z!@!$lEL(Fpc~}i^!ih8`ZkfE2Tb(e9vgc$P@OT~eBa-ci)E7108w=V#n1jd2+5@qZ z6yZkrA=G22Vk_f#kUm7_(C4W>1*HjZ^_uC3gVB%0>9Gh4GCI~MY~)rG)l}&(##`qm zT@1Xv?FERYZi*quTs^&7jU~u>R6Au%`6@(#{E1tUd?`Zv6bKaZMzea0N$mohj299<{KkJU5jooJ(yFX2KMsx<$KW%tqxc|>@{QjNM zvV7mYgt41jl*k_0;n{7M1hsVjE!Y%35_FCjX5+(-tuIyjS|L-Hwx#y#$X27I)h)3Ro)envPsyvTU>lVW{|!^-ivK*=($5_r#!O z8zM>ywc*`7M(E_cee%{yU>H+6H)ulWu~@9VbRU>A6vYY}zqr{;FK;ehvn4*U$G+O|iaS22c8jEVT@tx1k>1U;ZxJ^0=RP~^i)}Jw# zdhekne(9m#WB$)q%)||itbe}GK+Zt=Gs<}XID6j&{(C3xpQQEM30sjI=K9AJo>^v* zOB;DTzuFSnD3cIv|0TsW7>cEZi?_-ILA#WP25pbfZhnq4md<~}d+~fF%11+eNx8&(6+q!ziESaG5*tYf)Stf>HNpv06Ud5hUprnW;edqT7q(QB5I@xav|9SH-B)}mF$pUMh!GkP-~6sp78gC3%& ziJ^#{xbB#@h5)Y29wc)&W!k*rIQ+rygg$${f@|#6luu!d{$Sk`7l#;D8RB_@$M6i} z>PGI7jvA7MV?V^tfivIGryF4flXs;VB>iyxC|MMul|H=#%MmEy;4!Bj)bmjWMoZzE z=T5=z@+hzTMVtkT;)*|*6Z!05{VfIeQ_IK!-j8NE-7dx%`@Qpy>{DiFhYkXQUK7g; z2w*p5A8!$v#G-3F-mTk3$Sr0=YJ&wPovep0cX$_@q_()!hjgT97dM|E)CD_-bY%yZ znwBl=&mb+b*)68u+}{{4?0I3_dd`yad?Ud2kcSZ=9o24=g5Y)VomyEsZHdVi_=AtVI&u>D9!L=kdT>qg_?PM8Yl zm{D(ml38kezypfi3%-RZc?&nGDr#VL=tJVw3f8myscHYDb-oA5RHeXRqMQNU=Bwjt za?vMox`Z7LX2VFl{7=!-Cfv14ul&u*MUatppmtx))REGzrJI1>LcE zeLY1Gy0E$+2#KzlXe|3BUmr<@IR^2J9^!6FFBMi(l6eXOv0zx4A0-Pwz)*1*ea=fU zEPC7*md78M3FdCv&6#O^L7u9$X4CVwwQzSz1RQnTXPwVElv;+MFtCwQ#OZ@2U*zV()=5p4G?0wg$48=3*~iDZOMa!c1wWJ{q8##i*S<(lEt@eNHL zydMt?b!F1RSCl{m*H$iMALnq0E%9k{eR_PI$3)YO5b}f%SzrsiLnCDBu=eZKgNI~r zUr_tcHN&Psbce+YDQ?ZUZbt?wV)imZ^;Fr*9Z*&sHaXAi=;_j*CR;micmTG*m=FA@ zD-{bl(d@(5_~8gRyXuQ_4r^tj>6mm6RY#gZ{ts<$8CKV}Y>VRVPH=a3cXtaGg1fuB z1$TERxJz(%cb7nLcLL;*m1OOlbI-cj=Y9MBWKMoC2Gy%twQ9Xptcl4kJE@LiO_uYw z7?iULe2J%WepK-(AO>B`_f1J><<5-;scs$GUC3u?dS78JHkD1$J_0XW9r(xDI`x|d z`l0`P@2@%b&+nb}*DL;a-uoZS)e^w>?T3vXj!}l)x$j^hF6u;}sr~B2`;RoaEBu=T zVwq6#t-TK@NBgTjnD;e=O!e1%Lm5{B-bSpzn*YFxv5&HZ*@qkV1@ONq$kW(I4HwQ}f%-CHZ# z4}A)P!l?15d424OX|l2!&|+6$tP;-jt+s5tg~tRCj!$27(fFL_mSU0upe$yAWE?tC zPM$fw`d_|B$pNW?K6p8e+OmSKfvD9rf;6iJ<1|cE?>uLD9$F@kc!L;h;|o=s>WGuc z83YQDx#BZV@~{e;Nv1CC#G!fkP>{3e4?p#7gC6lAaDqwvX4ujIh1yL`Zbk}1qA$VV zjXs15x)ulcsuR(?Db=G#KOQ%jCToP~d`iB-W;JN1VI zfibPuYX|=N{-d4k4ojOE`KOYyZ#R=E1mYAC=7`yW7>zIDk*v=a`qpWmF?|4J|2jec z#*-*23H*Cc@+T!wgAZJSP`sUQj+wi2zg|;Y*MxrR~x!y&A zkxL+4+ueiP_ahLL@98gTj0OU*3{=@O9BJP6)9IciKH-bD9nHG)@p*``gM7p)QQSag zn?XgDZPWIsEY}}!U4?L;%ig`ybS(2xNr}}>8>2+`T#34_H#W(^&opEse~cMfHE`*mX)fIFnb@2Rp>DKJ0ho48X*q++8Es~K zQD<(nL~t~`q~{@u@NV5v!Z=g#;l=S|UimjCC}aN5eRmN9fvM`5dZ}h7BEiYVHFJ{O z3w2xou$@tOTl~Eh76hvjUS7jB5ta=dadbKFc%z0-d?MAhR#YbfS=noB^C81yLm)ng zU-0W=)M$oleD0Y+FDb>$qsH2q>)$qVTkyjylXASKu%o9Xo)jH zeay(m3BUB+R0C@pYWRE`q80K`CY&>3{)l!lAkRa*eAlxRJoolOE}H&P1X6vOd3+NY z8^i-(HZ3ThzjbL{rtOc+E%zFCGQXi?0c8dvdV=rA2@3g*A&veI1Z;?JX>DcdU~Tt$UEv2O_AjU+ zCM_o@ApL_E`-=+uQ{Yw5zAeYXKD$kb%67)0n$eF6kP*p+&(ahrRd-ilemD*bb?I9( zuWakxh!er>h+&7WfJ568u)kkvnQBtl9P#I}XSZ?=g;&=n9V?<7SN__x-RU7VuH(U1 zV}IF+*$^5V%mN!tp1XqzqR;!O^3>z~XknOq4f~yd{_yxW(E0NfT)a`+^`fDX06K0+%5|GaaljD|X(8Qt<{c|}9bIDb6k6t>%$+HVR z_b3Iq{CxBa^zkr9J!*`KyJsxfthc?u6qZB+@Q}ud6%7KR#eHOhs|g9|OO7hqH-R?! z_p1bbfE7yWyh?-@gmkZR&Cx<6^7HbkLVn;hKV1uIKLT%$h^jzW10V_7S5n<+9o@d*(k{Jh8Q3TvZhHBQ%k+`b>I1 zWRzXfmp0}xBpH`Sp~G7Y*q;!`n-BV@PNuR+fRt9F4O&P@(3Iv(hR0qCNV*b`tmrQ^ zq!)P!nttWf{~36%Q0@1?`;EASf%z}=>#xoX2KN{J`Xj4b=-S)kGkuplf9GK6IsS;% zW@;oS+{Dft(}*59>E`7{LRdKa%~xJl08ENEfe~@oaKiHpngLT!kugppbHAjrVRC<-kGZ)(Z1))NeCbMS*`YkH05^;3Q1$6aC#m>0i_ z#bp-7C+^Buh?IPDCeLT8h3PHQGXNN+FhsO(S5epc7SbDO1iQMDA{uH)WfXpsYS0jOuR-y{IY!N#kT?~BZmAT_UsKDye3H6tD=2l#nJ@4 zO;O&({GMTrJ_etC@zkt%(-+LOMSBn5;l%aGlUhbl!vN+lU!GMF>b0FZ=&BH4`~K$> z{}25zB|Z6%ewg52{jj{Fo`tFYtF}r1H5L3XTH*%6_@{jF%6&0&sIO#BJC}T+TyB!o z43yy!RUdm8%!{3!0!SOmd<9`4j#SiI-0oWqJukB@!-~ZY^qg=JPa#mIYJ}0Q4<{dS z>E5r5*b7v&0#r#-@z<1XaY=R4WbEXm9lznkJ%^~B+#zNG&q}WwQnXwFAC9WmJomqn z8=xr|EFVe0&u1W4Rnypsz)CI6goU|;V&Wj=fJ&mhQgUt<7I_XBVa4}Vr%AQ86c^VW zmfldBs#I(h&MKud_qRK9^jQXD!qOUC*6)`YD>Gskn_A}$Mqu4)&UZW0k*^sUE_}Pm zR$0o7%t5lxVYHL%R)UnAu5J{>TYgbB%nJtZevT-`mMv`QK2jWRdp%bl!#aA7+E2Bv zfL@&>EzeV(pzZYWIu$JJ9NPK;v@iE1+_90S4S-$sK^Y{3%;CQayJAbCo^WC6;pIWW3#VjF*v{LAj^9qD{G``b4Wv{ zx%6Gus@ft#=lvjwL^OFgk+BYpUM(n@jV7IM8F#?PdCKXLp_Xwi8}-CRG-%nh4Z1vf zblk&my--A<>@y*(DQ!)kc{RF*7cZ0{<85ODJIgu6c5ac8)`=3Qb~Yx!?%0Y9oZ#X8 z`Q5=B?A*2of?kRFIgis7U*3LI*YjD4s!Ul>5k?(F7d2dmK|4kGA`s2kJGx8nGt_Gs z)H0~5iy2rsGa2V3!0Zd7#>Vlp@#EtH$KkTiTl#lRIUs|r?tEG_XoPQ1#3f#e=v?VZ z(mt8f@MUoIqVM6*e!ZM1eEN(+otR7zUKewKspEf1PX%T#KbOn}b}$eMqZ3Ykub5`F zbt}^XMx3@lMauU~NoRXAPu%X!kO^YOj;Q8eD=HVChi&rffSv;oSYJOddn#^ z(g20X@hKeH0<1oB;^(~@`B#i1`y0lQm1Dr6$NCH7z@P{^y4rj%Bmzn_9PCUCtV~Rd zY`+);U>NjYUkm+JZGL#0{pHv9hyHY7;Qd_}_^k6+A%g4c8`GUrM!=Q4AiN!Q*iUD#h;<0v!A>mG^f{=%W(dwxcpC7^v5r)7o=xgfVT$F&pmUrp50V&3 zs8j~CSOi0k(EPSVimBd7{K?nWHCkBSgg9QisTT2qLO?f9V1$TuuIqwP9zoXoIwXoY=baEwQ|3#ut)R8Q`$yE;rkW4-szo4G2-4NIoz zbDWjJCz5@cJ8oniyN(MbBP4qp=1?o}GI6rS*<y(a7v2(q8qjs=t$}e*tzTTl37@1~CDCBOVViKc&ky8=EgER&zZGo9X8)>+Y;tPjqU zR=u)Qb>R5PIZljCG8RAm3jcGF$Mmb*{xRnjEJG!r$$w6`e4pXO0LJK+c7fp31dv*< z$T~(WR+WWe(3*PtIOn<;ttU-Lx6aNpzgc{MO}*lRco1o#fND2z#T2}gtp)vVQx%+& z{${L~&6!*VBj!uToZ_=BjScT!e{bmLb8_fwr{tWlV3it9HZWW#>;qdy72z`3q?_ss?w;HdhB z$xUirXOsIwiu@=prk(398G#+e{aq4`-ee*axtc2UA}(U%b7#nEtPi)|vhC8Re5%_=e0 z&@rxU^J=-qU;5<6$1g z>FQl8F~PGPl9f#_71*2}PwX1yY5q~f1fFX0Vi|kHv}ssE&vI~5UvEtZUacf5rxmoo zD0c$OsV2anTAD+#lm63rxD-%T!%q#T{3|o^d(Qg}<-tIHpKB=TTiX~iP|;KTpiT(? z{tW*o%KI^h`lY(3q5nsxJt@|M3f1?;HVczc4tmZ#@7+pv8*(pPo`Jkn*J51LEt(ZS zD7Vsqv^S02B1};n*H32moQK$8wkR0(38nX>>1W{k^MXMa3JM1z7D;l_9L$^0iOVWc zf%D0@wpM~+C^cpVozWe&PyGOPP@OR+g!yG9dvUBjG^z_hCMsd6oZGAy) z57muzymjD%SBVT)C;4*sd9o1{sA^4f*50QUg!NUG;v!IO#S-xy0YX(P0g}K(n8s$- zT~@7N9Bfk`2=4&?dq(*G`+xaP1AT9UzW-nT)Nogc8|J~{2!4*S%m~QWO+@NG=~*UX z#&o(pd{)u8RRL6jzZ?xul53V9sRa~%oA{hYe(df5y(eg{GCrhRvtQ27{i#_13RDh@ zG%!l2p1(eDYSwnuU*PIiWWXmkKt4%yJR7E0=Pd{hxTa_UT#ZydT!F{w{j45vbDUWy zN|Vh!t)D165uC$-xj^G2MP7zam6vmzzTj8p*H%7HgMjr&>=6Tf>61}+Tz=G(R(|=D zyjen7D>2hl+XwHUo0}SY$|#RYh|4$0d>?%c`MSbG`V#3=p(d_p2boVY=vpJ#gOpB_ zvOd=6$D>EUuNqN$C@MIPq(tuXyz9v1B9HI~g8!Ihw@pn|yK0mKz(1L<9GRx&F2YJW zZzps#(Rm2FI*#7HK%w6Pl)MWF{s6=BxGf!Qwn*Yy8Pwc@{^AID?vTgK zse9xNxrB_j!R8~?vc13Ww;15I_?Dff$aF^iv8)yo-|7I(O4bhNQylL*i8RIIX=e@3 zm<*Y24w{`$e)rawvbgZFU-;Auh*o)mi^_O=Lh`$&qv;$?-Oi2!hJOXKpK>pD0p#ja z-c@(fFYrF<>NQJlV~jxeInw$xrN=`;gvo+(;2lzgrN=!lzsH;a%vfC)N61sOU48P! zU6wXD4VK9fYQ2PI&uf=8Ik$o&Goh9-F`r5e_l)mFk6Bz{sxCsXTxVIrEWu`N8en@= zRUgPbaZMsgGgdZX=3#^a4@2@EkaAid(u(*XWO{diP;(NfS+~4dI-6(W2hk$9pb9Q;sFA4Ok(a^d z5@j++fquzl8b@?So`uWD6~qe~vw2yfMdiV1X}VNWT^a3nph(B4Wp!kyg;&nGkHrf~ zlxvwi%{bs<6|9HiqMS8wWkuL}hykW@$5$SM#e6gPD(so6O4*9W1>|R~Z+!f?>+G0M z=&Mx~wnK&lul%8ZCD7qZW9LF4#pBBQRa_DohzcE)HCrDKawQbNN9r(aU-E^sAcl_> zmsU-~X4J~B8ubsfm0jQnE@geV0vd*WmPM#%bPqsazHb-%>GN6BUc?&r$-q zOqlhs6=xbwQ|~^0V(J1DzWp*$09#}P!5m6`^)vGR&sy}4jUOpJ@ekSo=f5<5-^-9Z z6Fc+Yo!>w3^j*R^6NpLjsp~|3EZ}34BN!Re7v9b+a$IZic8Vw6T=&P1?&fOv$0-#< zPbRgF%`1?{gUC0s{ZKeY^wKSOVo=<=2!a$I1rTtXga zXdK0}xLPJ#ll7F6TB%0|lBI^&h}5*RHep^XmLC(YzW~|h`V2{dTx)N%?SVV6Ya%{+ zh-y4mP)*(VIi3u`AY2ZlT1H~WT`uir58@v9!(CBNtQ4lQ@BdVb{$CrP1x>CkZ9>TYP6I ztmf(=c}X$6YmmI-k{c_}SvxLIF*4J+6#K+5wH&StjOMfkOzJwYu)*?Lqxgv$aQg$= z6ne2Zx)P=-j-@KxX*ymF3-#6$-39v7vp2!)zMg|8L2~#yRNgVGBdS7mYjzP|GuYGn z^=Etny5sc_*7k?Jx>&ghs^s#fYk``-pR8g-}a#)J*7bsT?WiW!r&BdbN zm!;cq|AIzM^VD&CRrlDAahoPFdkSi`#C(;0aSRwXh2IaKUEhi>EAFn){dDlolugX2 z*5n?Q{JeQ4A9Yki?vtWT9+Jpf|0mh6-II64ie#2nuJz$h?%`c%(x*P&?dMMI0!m0s z6&mb)90ufH&jB}+Sx3b1d)q;*hR##(!HBTxxO2Oz{olI&Miqj81`RDuRTw&~^ z`Tfz}@afNCQ+X51{zaxk@~m_3K&PPu99HxZ*}4j{6Qyv&(U6=g;+frXy}OM7c1rvY zL!-;bS%qb$6b@SPuFOE6J00*yF!>d%4*eAPH`1CRD8Yc{h_I384^~$CtK3H1$4;m@Y<2f z{nn8ytNuN8fO#Wi;%H@T;;f7RYJ_I^{m^_j2W_|qCC(^L)gr=Tc$=YU;EB@& z@JgL0AH8N}kJBKJD+SBw=R2klL^cc2Y6|*h<;t{CCcQn$Fyv_Prig9P#*?_}v%!Pk6vfXr35nFS&6(Dt) zdl{EXm^p)D&8pmn_g)>f*}k~T!`fZ%0L?;7!|)0YF->&o*>ZJ0y|d1)y6_q-*;zZ<{8ESmBg052DT@7w zKea!HUim(;{WS{PRaz#MDmiv=`)cC`dvv%J_ZQV{mpjMq+?N|Ot6Km$@|AUyAPeER zhHCw16eRNwyy-)RGy<VW+>}Nlfw74IrpVq>B0ff5I>qcjsFe)o3(3<} zST73(kH6NpJ*M5Z)=c)@3VFxuYT;6a&(L7 zhDc5yzS;g`oIJzc-48=NN#qJJ%r*MYKI;6BJltrCh2E2ZCUHU zKXuX5zY}lt<4P{{)CtYaqwpL3)aDO@mFo{IkTVZ@fz{n`UhEOXC0Z;_`C-*5)u{u| ztbhkI>WKZyV11AZ7K;4a-O4tq;4I-Jnbwx;3&x(!hjQ63OJSV-Yh(&m-&zfBn1p_^ zK?<)p==ZGm9|*mF1P^0rb6GzAP{)vxS7?&F?hyjR zNk9yVJOtagqeR2bZ|>`3+yvgl^}}EfTM$`TLhB0JqMBj>Xq`R}!i6^HGE454;pj z@Q^diYfLwKQ(I%02d5Zv(rOjkxbrZYs2Yo$O}!WfxSyG7>O-7mVLF!L&5@I=k@8+r zK7x#*9_yH}o6Q_AXv)b&Xu38j7_bV=!%~@QsXSjXhW#3t#O*sYW6D|lZcJ?Ct zh@!uq$7z^SLi9(~+(TW^#Rr*QvPY}(lZOR`JM)4cIZW}jeE$CKU(4seB(2H<5~>2S zG(rM@n$CMEn8QBJj^h;L(}9G?K>DM?^!Uq%F`93`;9$>X7!B}k1Px0m^)5x!;2hqsk}2hh zZRw7B)>qx1+Q;;b+gp#HBH+CNn>ZlT>663UIT|M<6*CLI3T5qNTVRH&Tr(jY@Wqtw-ZsT zet&dMp4R9${5&zw1fTUaDYF_oJ@Zie{YuH2@&P>oxn-p5m1Ar;>C0;0ZBNyPu)0uQ z12Fk51bqoC)7Dw~M{vT=>YDsf%O4s|A&MJ`XoVrw*)#_}qhAspS#c=#tt%HL4@u!C ztcr$c*C9OwQbZmNlA+>vO3jXXz*sQDkfxC`6ml2cE=@}18hqnQ5wPppv`M-kZlUUR zAgnGkCuAg^aiQ$&%%Qtb1Rdf#b28c%S%l>&PZ%5sAsvLTC<3Pa+NJ%7zhzTiWr)wl zq*FClxd4OR9c{B9iP7o>SXFg|iYp8@mM^ytGu4BSu%&F6*`P4_#>rezL(Pf#u#pY3 zg4XdNakoqTE?$*_B!W}AR3=qmQkxX`XY9RhD3fO(rYHPfGNF;N{w1LN?gRB3B2#4k zU&#Ibd2v}&zw1nt1qoahEe9qxaDGMVE(bUy+OU3gbI^ULYM1J`;G=!couS}2+%A9` zD|@(a0|dJm`6WxXe8scPC2GGw-!iX z_a4FxIGW0ohz*VphT#m9G|I|QkCRE#1q+e{Pvlod%N~s z2KP%A_o~-ndHK*P8t6;12Kl{ikz zpI9biY``~a!7f8DX;l>5Td0Xgykkjy^6KJm{c`g6A02VjufWZ84YvEk6DspsBCX#} z*p9yU)rGaZECr&?PujJ83ayI4*GzX%w5&iSQ+K(995#gW9=Sf+Tm2~Qd`pD}l2DOu zTfj%TEFieY9e{AX#S?D6O%)@iBG>e`U1Xh5K}ME*NgGoDEDBBrY}1CH2+(Y21Ub#V zOa?_fmgdE>=swuo)p4sGp}OP)zq<0mMDJvpa4oy3LAdV}kyi-^Hy3=Cq`Tj+x%Dt1 zFT-TjBqeriXw)KRy4VgcOmp{Gy8z66z8L6A7dkyVr|Ifgk15e}Dm>6Qg4y`+eKSQK zYe-N9bf=ttGnl%>d$=ysTBs{$FWQXoTC(Knln9a{yr9}bWgGS?e1MR*zl!Q zW9(z?%P^dU{P0bW56UP+ccEqP+3Z6SL$NK}&e|6nu7^9H#m+0B)$scUaab#oBINx^ zi7DoRE282PN z_q9Tly>ezX!`NEnsV<0bOx0B@>+uD5!r;GbXchv;(%m5L=q)hXvM+(a*p~7rc)^2j z=!3pH=!m!OqVVgiTUMy*;%+HtlYBRPA;k(uT-wnS;QU-He_g%TPd81Y9^nQhn`o*C zRKl8k{Pc+855tBx6wBtl;7haH+q}uk{9=5~Ycw@;%|G#8j~U(uj29n6WBkqzi^L+% z0VOWaz8bD17=cJ#8y^%??8GE87HL@PX`ZSkmK%R!OS=-kJ=@9KY4`X|kS-JNo_if% zHhg4mvzc{sFsZeG#fL)qXES~1n>aKq%&3}^w6vk<8$g&1Odfb%cA_D=D3~dr7c7-| z*~tj*O1b>2mrBYR&b1bhsMr(uEd9@WJW8*C^Y_drDgQTTfc!?tRqr+8zAu8qm(;b< zwfc=S_&MqaMn?H@sp2m?z+ZsqmBRkR^4m`wU2JY9B2*}KM?1(zs*Xf5QN%Q8`xTKx zp82X=lujf}{uYOfq48<5+=)BS3LPm!ab6t{&=adB~q_Up!0G*T|IEYD+M>)k%*v@ut5RdYr|zEvmhP?)+?M z%{?%z{`tj9yUf4+S?kr&h=OY#x)hz!C4Y-IUbJ1$Ds5e~xEgIQ(CQk3Uj#8bQ&~9R zZjp8TMqX@{nm+Bc^Cofn1u|#=Oua&`A`&s#{R&#KM31zDU?Y-*$u$X0BI1U3PArR! zL4wH+R0gI&CHz7)Dl~YiyblqHBfI>6KKcKVm(TpilixS(mNOsPfyOYIJjEIRq|szW z*rj(@1Vwfxe@pvn7>jgnL9EYlalV1jzuu^bKc}cEn38#w-L8nIJ!))OL@S@$l@!r% zpKw$4X*FZBePrW~{Zj0vFf}%TQcqnTI=7l-&#*?f<}lXQbcfH+JNZzDeXvmOav{UU7LbVgh>Ps>pnG!x+<&GWzU40(Pf~@CTdUDsCJ=?2XgWV zNTGX(HS@tRYU1h$MesJ4w2@(xn*22wX;+>8l&QE2`ZwS+6@=Y~;}-#tqnjvJ-h5uu zet~7HAJJq3vvo#p(-#J7BTxF%k{w}H_O*8t!hrHCgeb@n^S>a`14=oX;~HhS(iJ$- z;qcd44tcsl98Z}wXi?S_7`2%PUOT+)x!H46B&RO;W+YZH`|^^h++pYiI8Pr{z?z;b zkA2GS11R1<;Behv*26D>rt3gm8E(yT;*J5J$;zEB4?7&ogm6JBVY%T*%;rb9u%Gyh zDg~6t3vQR-RmvkxyD)sdv8l#KLkE(|o(K3d_+Am*fBfXL{L=^+THYbTfH5Vdc3KCb zi7-;sf!d{$N|?q{8)v9ON)g|mrwPSUDOe{{+ahoU3?*T6fc#sA_D;z~ZJ6bW9G%pV zWPFT);|t(%*W!^|yvth*A#HQtk=xegI+zBEI0(}yfd8Jz6HB=Ju+$eBB0b`u(H7w#5G==z(G2l{5rIC0@I?9}7hPoX8qmdF6|x#`x>U zb@vj7>vEQ12&*3J-JJlO!=WcUi-Sf<6?X7>0%7LWKJQ&qVq`2&Rgj(@DXm^d&m&91 zM059CFHc9p#&WJ!SASz)@A*Wd?b8g@CYgZ+U)R&!WemKwij~e&TeS{=Tg)uhl6v$4 zjnc*%undde@u)fS5e>hbL+6yvv0*PM{ekz{OU7D;?(74s+2h&;j}?AFHd398P4oDI z9al(Pkxu|NnS`B0{Wq?J%&yTvz~gPayFy0( zt9Aa-_WT0Ue@tXmpeut%;k{O&1ZR;l>9$aKiZ&;fe(6bl3(~S85+nSA^+?PXnB5Nf z4BCM}NykD=P)gJ3;gO9^t}9e?W|xshy{A-w;IXr{lRz7oYlM7MXPM(P&sdna*#TF*V7 zqkDsR2WpM;jMzR&58h2t1u09q`Z>2a#tg4JM&!f0-Q*_Q0#wW)4@bmN8wWX>G@KaW z=eOk9FD*f4gOBf^)mHnZoCZq?m+avSt~G!{_~bGP{Z4Zolqh+W$V_o8A{nU-07&(9 zS!MG?8~HqIY0504a}#pMCzk#8z?m@<51I%{D7*^U+aoC?35;CvYJ2J-jo0UA!9}kq zm%k9Q>5TX`z-PlB3?_JYsKkJ}P4J+0TCYRK1Ntv8V~z3`oHwNz&n3rj6$Q8?kmhSZ z+*3K!0f2CCG@(T9Z+wifFpg!y>1>=njvZ`=?4YIqwFWZJJZtTsY}M?Pj}ox44X%-C z1o;?{$5>f$YK|UOQ~hGG6&?PeI7xhbP-f%`Y(m=%O0XIi*O@Ld`%5ew*b^w>H0c(D zf+yoD{Ey&Mer?_qe{0^9q<(dr;K)#d->-YyTj)CJ{`&Csnw+qyy{R$2F0DQ7FI!_^ zWQ14d=EvuMp%}$KkKuFkdI2Ek1GQ)@QEt0?>@!)qZB@K{zm|&1Z+3Y|xO^#fRpVa% z=7F8Hm;~g)Yc2qCAkfwhOf7OtXE0l;l_$nykal2_+CPfL_o=-mj2VbFSq1Yc+`2@2 zS$bRsm>_R)nmO)m;)pa102;UUo3X(Gi^B35hN9N}-7TZ}>94?b0)|5f6>y;X{XS-< z^v~0$(Pyw^8(9hV*IOjZ7HI1N?97K@PgDCKD7rKPUS$K$vLg!0U*E@KV1a0u^bhqu zHX>&yHzHCs&Z~}kWTH=vkh}!R64SngagoUcL@J~z0yMPp(8CD`*f{JouP>lX@b6JV zgt5ngt`Uu%6674`w@N7g)*oMPl@t)^X`LDB11n)^zwI82+jG@*bwmqly@WNv<^(cW zr?G=xG_vM|H;L)APYqf-pU%9PxT+f*1G*y&!PK?f3}HB1QNs#*^ojiw%x+rdQH0T2 z%EWw#z%58@CqbHCp+*RjZ+X&`bhE7elkxoN3$m!6RpypH~{^C8v6JHVF zuv=sG{Vp)XwzUZ#AUQ*Rmv>_FgK1yzeBF11i!}pNx7Ri11|B$tjih!Ml|6PW(re*( z&~s~;k>iX~d6+{pRcbJ6fNcG&O`?Y~At84BgXdfbBnsxWz0!8TprR1^rRdaxpf zyT9)R&IotS_z`_?U!za?x9EE{{rx#@hl0To6p@gWkQKxKzE4s@R6Hf zX34;C{qQ*nkXy|65-v9xHj|HS6SF4zQWQJ3np1cDu~9S=IB0>%>f}x&+=*@7Dlz76 z!HX&weJ+gUG$6)KbycUQr+II{n3zaTA4>n$$WuzCh|k49!W1cKQyO*#GMkZ}^D(RQ zGQAIpk`}ujglRdS9noyPALCYxlTaX-@ToV1TzN6PfF9}|9c{Rb?b)>`2Hk}{rCjZ# zW_>io6F9v##BlF3S2bZ!6quz8_;U=Bca=GI2<$`Ch=V40_uw_ll!3n6fmJH`Jbl|2 ztToiifW!2G;TyQaOD&4vC{ufmc3NU<5rVS5SyK`)|8h6+KxArIuqF%Fw@-P-jJ`Lj z1;eU>rU&ncb9jmtFosQsyoIegzWd&SQgtYt=7RqT6c)-9Nci7$B7&eBA_b&{Phy|5Ct zm?b`pAkM+)Xj6Upn8H%Og5cc5BmQZ=Ywv=HcVQzigN%EYzYPke?Pf26WZu^ySag=c zF;~#y&OT(%v%^giZ-#IPRb^ts+CybBKMWj^P20baRJ9OL)9Xde1pMQH+fwuXH+j6$ z?z+zL{ljPYwg{P~)}L3+-oC=P{}=K1k28>r5uca{CFA;L`D)<%T?sq^LdYrwMYVY< z=BPd-QIx(gI_iLL)K8#@)Lu{2@2d!3PZT{p?GGeJ_G6jc>xwU3tM6Nt{zZxW z<(&P>mYBTKB@V8Cj}&2GghXG@)^}@}S4j6qM6sY{K8C=D2dX{?D#KO{cbrTWiHh?W zCxz}uV2hx*pkQEw)~#YH6Nze>)d7Rmy_sh`4^uWlSW)S$OerNDs-)=Fb4t5jYfI8~ zpv7~VLzj0)$vs4bV^)fjQ*?24oINKzfjVJFhohggpYre=m#^$2tvIV#N-MDuJ=Ub% z&bOX3EQ3EwvL8U9)L8ui@7v>YbQaV{8UeoQ3k-@=G<9lbi8sYy3&kI%f$iKFw+~HZ ztf&(W-G|j5FSplD>8Zbtik9{2A6a{|QZd^j#d~jzl4f4mX~`R^N14_Jzh|`W!3eES zh^lg9Th|cb8erWzGoIp@Nz$~}!xX0p#s>T9kc=;3e-1j0Rh^yJh-EYL!L(Upp8Z;H zl_boi<9^?(>D^F*oOTgSGrswR`PvQa>w3!T8Y5Z+^4la0_e8WPKuj77D{l@pFav); zfBznt*fqxf;C!|NwDA%elS(LGLr$Bnv~n3sY1cyN8=ppE0o@uYcg6S*0yc(+6HpzObdGc%|W$oGDr0sNG=b3C=O z?5!Xr2Z_ymN4-01dD*S~>evEKsDHs%s%TU;b8J$vRW6FRab~q$W}F#3H(g2WYM^1* zh@W@rnzRCO{9jzOp+!tE#0y02nYmuz2c235Fs?wSg02Ej_L`R%%T+#%7dFIH$(4Db z5+&a9o#Qj3twZ(qf{3_!7d^L6e=Mj>?<1nT<0i0ZtBjKEmy*Y)AP_`-bPV-Mpr}3KA)c$K#{VDr`LdO0}LoHx$ z`d!PSZ(?O_VQp+`X#ew$(@*E{S6jK?e(jZ<|80!&Pd#drcY!7!Ag|~72g?eI<@KhC-2fPvc*I z6v-gLL#lg#V;2_E0M(Mt!~(y3y#7%VZ-}WHK;t#D{b!%*H>KDgb6XEu6P8)Nu>J15 z?Dgx|6uN6F)%QlfDoUuU1w!ME+ZMPJDPEN6+x8b$okdslW0od7pX+qI)UcH5XrwG-mWf`FWwcLj>m}a?J z}3I6p#*W1S+<_IvhepG}lV6Ml~WU z$|+-PQQIfP^ciuPO_b?d1}mN4U2rsJ3+Y$&0&A&$+!G$}&G9$9mFKPYLTlm-1)5C6 z0~iA(I0Lg>BS^;-63OY?_ZjXk=hs6A>n~}&n*Z`7?`0&2#~oJa>Keq)l7)Z9cN8Xu z7Zuqz8`(fTBn+ZWj;|7X)Js&mY{LK{^i1?T`W&9-`U7+|MM-5~iG*5lhkiDD z%$M3P&L+JNl$Zf6a9cN(A;$%D^7sz8NCNh_#7o2D)H&)bor5@{WV#wr4>B`$u12_7 zsL=#8&nIDTZGa^uc)d*-kW2?~-wnGVhwXp4(SaY0qYm)CcrtrR6U$gB|G;zQoiebt`pjL7%Rrd38QQKyV6=#x4PA`ZJ+C1@G-k>WDZYkD7fXj+k;26yB9-Q5 zY9=`s6ekp3m+vm^d113@!H4)S=E&Yt27El}Hln+^f$nMnWUIYCyvC`i1E~yf^v7S& z`4g5zP5={2I$*A(ru6TS)jFH59*x)1JS`=^F-q5yaDBrzh7TlE2aSmlaQ2-HlnzF) z{gx?&RgvIG^D7Ep^ZWn1DEvoj@r&9q_8k(T-E~aJ7GKv~RBcp!!1eCZwc0`~V<{j1 z%9N2Z^cAYaVGl)>?KfLIZ_nw_ARbX$(^|y7@SPTKNr&Ieus*PBmD;3=!EXBsfE`IZ zR8g!k9m^MZyHYgaCjFF8qnb{ebS()hB zUvVxy6YJlc1PsDo13%-}?a4nO#2<6~7zT&o8};f#12nksc;W;P|Cv4x(p8uZ@=M_G0hdYMw$~52=tnz+L3v5MLY79NZHKL2Iz;(fK(Z$bwY}F)3wuJy!0F& z9r9w|V&_;(L*ZLy5xLd%FH`T}P_NdKPa?lxWUo+)}|5;WWpsdy0^u+b?kXQpHK$gT!qp;2m_?nxHJzo?k9;$Vha}&_=JigjBB%FT40gNbBBA%F*mKLc41ORii?XIi%~Bi0_ZI3 ze7^P!rR@pNkJKJ&Z<4ln*w`?P$fx=H6hgy$XvUR35UUx`qxF?+&O;UQZ@ApvfOwc9 zzpl5PDgv7Tyff)6R&C+bEe8pY`&|BXzVf;wU{ylBqAWFqm0rNziHR^cuRAu#>cQr; zA~-k!tJkfK;c9kzH|1Nq__5=S3mQ(LO_w(}R!;2Ki9zo9zBs6;8x>BcgmLxcP{;&l z##H}L)F7NmZL@Uk3l?d)!=9F;Ln?CI=1Fb>ZKdcB z(dgn)tPeDEeJiIWfg%ErW1J$@CSO>k)1p<6iJF5Ux_conl7cA7WwsqUmwUrkHnwxn z)yIj|9T=9qpXn`^R=3Qyp0t1F`2Tjg{&)EG*IF`U^q=_kH|X>#YY_U!?E}vRx)tuE z2sj6gg!C0)*S@vYg0=}9tuuQ(uM0NHqo_ep*}AXFxliE9yrsdP>!D)d~?MI1LAxc7d!x%>#A{ff)Aeyd%t^Rj=T zLM0I)IhkL3VqEPV3@z>Ph2&nBjw=h(GW>MAfJVmsTZ8)jYM!Ij>oEQAol8Ojf9Crq zQ8^T=6>C5Bsr&V6DOPX_8Tv>KTqd@zuqMqH8iW_WKmQDceYcUsBUN#$bxcq%P&(G^ z<&@R_z{|><&DC|wfGFY+$D``g_YjgYyjyBETfZz2jnFkeFBsC@am|jDAgv5~$GRip z?~Y}g#_q*a_Nxpt8 z(wN7Fx8{AIIj3UC^R)zI@d!{$#9W`+g^@++`I5L77Z%J;x!6Bb%_hM$W9@-Uc(YMH zIJ-CrVLQg zu5??!w{_2*$1wfzg+S4uuh9715gaTY#aE@DYzHt3z01sYpt4xU2TTug_;7Q&%Q0`(U3#4oi1n(z+nL*W>i8&eGa!y3)p<}v3k&nHZ_Qxd{ zpzdh@rfbq@jMd^I6ESYQyVDifNMy8~5$(vF{E?L^G&R0C<9IZ*`ko}@okjy)IG&{| zagm})PXNodQG`AmiOd{k%@b_$nfj74Kn<9OBGXN>%Z3* zv(hvFC96TE`Ss1;-Ya%ahIaVh=_5lchu?Do{{Ll#q0?i^M=ShS4XN{IaIWGN9&Psh zQkBBDa`WPc$KEt0JvDu<$0@qr2(AM_8V?|BH_R+l&g0(rQHps0A;)t?xt5xrrDEf< zeQp5bSIPS8^*QIu_`()0up6oiwR1c z>NhkJJohHdiBpk!peP|MyFODj(&W!lKOQo!Npv^2!He^_Ya}aIW@<4w$bmn}6RhP= zn8;xv>06SdNK>XH}1OUieG|kD{fCvM1HPc0ITZ%r-U8kwc(B z?_XuPKrfr98FOy)syh<#H4uVrBjBXtKFEX}!LJu28(p?eJ2jw><`|1J^d(@ZCz5Ak zBmB&Ma?e0ND)OTDFr~%lDj2+BHu@HmUuL|d<)Pk5BL0HxKBmBb7pztv&S!NKNyVp- z%czbcm}c;Na_awM?yaM$T(|aNx*McBq`SMjySux)Lt461LPA362I=ljX+%JjZoY-F zxBHy4U(cJr?;i)_Sq}{FHSby1ob#G!``hrc2p78QPQBc?;%eEOv$uhU(Ic_}aV**m z^JuOs3t$qt?>i~NYxi-7imSe=HF!(PXzma`D+vLiyx~Z)%#ehL9VPHY!$5%x_F5yT zO8tDD>OoOBAd;}}`y9MT!zt4fbpctwvX{e%#iBZtA?7O1Fo((J9FlD`U&ih*lI`eZ zH~pE2L$^ zUd3N3yl~L}+#C(}M|1R_ed^yTyx#-azccy2!N%VCIW-o7ChZolL36}QAq#{R`)Hb= zdDkH$tv+V$ZuJR!It0^C)L+s!D1F8+d<*sU7I9&v|ELHT#x32j|bAb0G)=7ernfYpWMp2$!rpKePAhy9j6k$0r&$XUGlWeHbgOTe9=XBZ$_iLr_ir7O+*=RtAVzV( ze}=hxKupVJU|h9PGQExpY$x8p)c|dd$BBUaE(&9S$us=Lv#B{PSD)c&e)Vt?px4i2-pkwYggpA074Wn-R9y1;MH?E~=X~Fa0Aiqn^+?*WakIqXM5T)`2wb!r&oY5JC z6Mhgghb)Vst*+W(;a{c}X9{4dZEy}GY52-@7m`3<9kT2&^sxHgK9|L@V^CQ*4-n1b ztjHQ91Cz~&7Ij%t}S1-)R2l>w3v3wA{zg>*xcMiA5?E-t!@Vn&b;kwT@AE@TsAOzI7G5rvH(5{#wq2?*Cv@a>HDyf@4Fz~95khP zW!3>9w(UvvoXsN<+?TfgMfF`);+040tuWJ0* z0TEuMn>b90G<+u?yf1XUD6wL82HMyhqjY7u@c1h<^2d1{WQ!Ei$W}96RJ2 zLte!KsXV)jx78?4;XaT~As@BQ&kHSw_fgq3lQGkeYbVM85u@D>?h0rcm*)HE&jWlI zt2gRDMIi*79J!gwi$vsmk&WBSl6Odh0HZ{MqUu1(JKTlFDy&N`*Z#ikjZeznU5;Ue z$TU#u4_yP8ydwEek`ne++hCe&nROl+Q86+BfyEpatsa1m%=@kK zFNs&fAOwH{p~uE>f;&EpayyD`&YAUt*SL|R$9m`BC;NVGkSKs!ntSU7#|dHTFQrS+ zig8ue{+VLl#ox;#UGs&7oel|;bcfvgk6N}{4jt}D9e2PNFBVHgkTjS|T`^}T^V`KY z$*s;Zn6D(E45DWAYq>%?^4>_v`0|a*>)W{Ly^>~+&sibfwH-sljd{QpiE;=fM;Ti8cgR=lkTt1aRxq+B1xnu%bbUY=vA4Bmz>pH`l5Ma1)X?Uq4c zTaTC1e$;~|6=^og@S7_r@mp7MB?K>5Xvi|gwqaOVBEYJe$6vdjUms2iX0JRX5SCl@ zrkQG^driMx+E~FglU`U)wx4MYWRPI+C{HAbd1)S3W(biLd(ymLyPv>hU3aSfQ5R=4 z8m}xFELrlDl{RHd(stE->sC^_wp~F~?Y)d@G`W;Inom&n zsB^+Jx)cOlw8CU8K6E=q-Y(J5eee!aYw&BB9&?HdXEZckF}Ln8v*YcY_p-ZqL^O}ZSLn7V>paMNQd+B5ITY2tdIPHw%irdg=m^=9@(J6pOH{)oYpGC zi}S4OgvZQRNFG6P3pV+HOaNZU=ocpoC_)29>Arg*N^w;|KvRc^{NHtU{E0gdFyMX5 zIN;F5MF3^!@4z{r0fbPA_1`NMhA3lBPS zGDgUWT4kXDQB>^4y4O?*8T@KpBlB+mqnIv7Uw$zivU+pSv;3@B+jr?wFee8Q4#skx zJq-W{tXp*=2tr*^%2jaa33I5=wRL|Sz*E7JiCq@{+*>U_D3suUH6qwwzmigpx8Cls zvhxdhX64q|;c=z^Whk$c*TL&sO}XNOJ)dX1S0&!WH&-{i*fk24|4?2RvDWk&W?rjz9<0=$_!$9(kkhQ=7X;XP6#`L4zrOz zbb;Jrb59--W*nQEBp|_4ZLT?d#WW9!He73LoutpYMVz2M!f|Wb=2X49%EN1X696O= zv{&s9-Pp?TiXQ%4DJSMKp#}yB4@e~yV!aA-u^&;#)R)IrQ+@mB^~-$$<=kh|uN*J1 ziMEy;Ac!>3!d|$0z6tXDu5AB!8~;nnM#MnyJ^RJ{!wr4AkAUUl-=cEy-*=98?8Z4; zthH?GO7SodGgvYob`_J+4HEI5L@sD{ZBQ2TYLvNUj8=N%guwSO5S-!^a-bim^`+Y4 zl~sG53?WZ#>(7DnC?P5l^yNHz?bn`Ls*bLy>h#tk(V?rl*)`qDnJH-!Nd$@RL(nN? z$gT^wt>Y#w9L{IL*+D`)V@lewLp`~H#494hOqK)iKD|S2?AC+9@zHV?0sSg3v(N4W z5+!Ep>bWW!F>urk^2H2`YM+O^b+;-8<@I&|`}l^J67^PMVgr`y#KU| ztS~u1kzOv$uou#S`-Yzf@gc=Kl&J;@GR-f8IaAri1N#uk%(PbGfV%2>m@RTKiexYg zbU@8(NfvhPmcBAyEhKNvljp2M*1)(V)e(y|x$LwIcT02Q)zlSo3yVm#^pg0po{xfK zmf&QJ*1#MeX-KsdmcH_JDb@_k%PT(1>YAKCx-suBjd_%d`P6< zL#SwNUsV zfFb1{_$my5P1w}c#o5>bu(2D!Ghq$jnfL>6{kHY(X9@yG{7;`hjnMr}Kmc>gf4}~1 ztm8qwq+|BYB~r#{>m+i1o4L?P+`%)rv||m+^inn&|wl(xlzgTI<$1EcfnuPn)m_YSGwP8oNzo za!KldIN}#Qq^LbS+=nXeSK!PR;DSM&pwz$vd$F=*AL}kgtwrkg0JN2#$ZCOz)n(sR zRWo*?k3HU_g*1rYRDX3?TaL0}(|;q{aJGBCQ`6Bz__7Q*tdPFlY~GjR+ww@27dwa0baGVp|OBT>gX&QF~yo*kB9%d~{PbM}r1vR*(Pn5pN z$O_>8u5admB*gR=efuw2|DV-+RGdGozo4@-U^SKrp`^&4S@CZWm~-iVoh=IT(_ObdqdU~^astXC^y^ruldsO)Q_-EOF0G;F>$PY9;#u4 zdE+~_Fawf4jA_g^#QR|rOj`NPs6og_oEX{ZTuynrH-(F{7>up}jxyp(eqgcC3kuJH zs->%>2#l+3&hplyN~cfF5z?Mr&IMGQyXnv4O<+<_%42oVR= z1}BU309m((Ye%fgXqwtKjWLC9bh`Y>Mj@I%1TJN~VHk9M$Tkm61}9?m2$&5c5_RIku>Hk7Q z{yrhW+G{NrF+Cb>p7N7NH`q)!@UNPX2MKWMv6f4vD&LPSkBq`6n5Uuf6ZPHZSSf&Rr2 ze{3d)L477`Y3yY0Y;WfB7oxO3%N>7y{)dD8W0u&(^jqEITiYza?E=8Izsb2~T6sZ) zTm?}{Mgzb?K@{n&N&<~wO-C+d~vB?bduompzN<$6Cf5>33e2 zQ5+hBnWbOdoFpQFZv;{ZZS`54?c#(ONJYFo@NV`3WIhry#9vvpRP28w6;xwJ@gIL_)>mv^qRda;c;Wgf(elyfDZF)VP3P6IM>J zyPbWTntB3-Bo0#r9SpIi`WJP$br>J#M6(yFpT8UGageGsC|s>sJiOzcRd;IT9~i7& zleWGhu>pM#-j>`y>db8xV6uf>PIoO1egaXS>3r_Ntlgh?OHP$nn-L!!Kg|`y=O$1) zs${6>K*8VJt93FME!l#mEj#dNE-QnQQgQy^QIZ-qf3HUvu#zWDd^;0S(L5%eDz54s zD>`6K5t58+!Ek&mxz6fsvX}NQX-W14H=k+`#as2$9Moko@?89UJ(1wT*F&?YHPZY& zTV1=MhJ{KDOw>C|IL5 zmm{)kHK5eR1>&n!suPDU4o*$ZD{hr>_o?3FBTT!%OfJ3oWZ9TX5i8LHd8H)GbvC5R zO7pJB>V4MrN#F*G)qBxJ^O~_olKco5l^L`qs*?G`>#|WY4JOanIPEmf9w>;;a(@I~ zpdXAdmH@|V{)^+4l>66xz<)L&{Okk%wK4UN^5dVwZvWI6{6w_&8`qmC-Lh{M`8ivA zmL+il2fuqSr_qGj-`K;Vc9hQ1bv~1@PnNQ^-ohaAk|;xsRqNEPZDBOyF;PwWwI)Pf zA`9gzI*Y5^NnmY%id+TOGbO199tT&4(YMrP&oY>K-qb|B85O=i|K#v^G>*)jG$zM{ zK20J(vsQ&Elc+p29tt115~eWJc380maQR-+9C3aS zS`QX<`A{(06>1=1v1JLX0u;6FW=RC^DaQh(ht@Sx)lf0-;}F^Z19q|o*a*vCL?W&9 z%eal4pc;UAM@Us!QchG^nNUGSP(@5$N%osjr2C2AfWlFJfA23C?B7+SenUuKKl3$F zr%oUOrVKt#Tfw+8F3AN$)M?J!REtu&SnZW`BfXI8{-QUj7Ncny2F4^a*CO(Y09)9H zeyjcGdYX~$TOTE|7}0O|;;V)R3pR7dh?EOJ*cgVDKz5dxbh~?ZuRkOAM-7VLha_T3 z)#mP?m{?9ce_;e%KL~=?9<11+vvgJQ%qsmdLFJM~d%xooWgyCoa(qfnyw>VNoHNBO zgIL`V6lA}n)1cWjOX@}R8K%_61h1B8y=5`wEy-B;0!kK;L`e~14R^vzM+BGNr~#Sl zv&@)A9?K(pZUuUcqn>vYxHwjDo2?>m7Dmx@lROMN5bTzyTIu0n9gAwv`LlMfM{<=} zH$h*$!t7}I+I}_{9R@FS3DNY`_6RJgBUNU*WmvyI$9ZW|(Tz4vx%~gzHn3C@}?U3?J zwn4`EGnP)THlN@_xvK#;j`0}K>Jn6(QSA=xXNh8KjC7UuFsZFlJusOABwLlal@lyf@>jGL!C^Wdt$WcL{-8mKCG@9uL|A!Vl|T zF6DpIPW+|;>+gdQlGkvJv?%8kr&ZOfn;<9wIh^{Evblp~ESfHdEfBbS@15R$tfb!% zR0%^Xk*faa6SS*sRku>(Iu->n5lYe_HXDP;4|X<>o8Wix+PLdnKZZ^|4-*T7nh7Sz z#1}nr637;yeSbNq3ZNqt?g>?bgaengv@x{%gFONcThQ3W(8kgkFk$ULCrC%nz|73b z!O8?!G{XK9E&zqY|M}9tYQ1<`(D@tvEAH!gO<72Dyo1^MPNBeFkvkVgYp_d#1Evf2 z6{dfDU09O<|0mqZ*%AZu{{?#aGFjpn!9Wi15w@Y3XI|DJs?@D~M~=Ok+Y-ViSca*Eq#I z3K&S5N5A-@s=wEr3bvMz=_$(%(9-5=8!RT~4>QYVb9K*EduoR>j#8+uGutU^U8Eev3Asoi`GJv%&EE?o}p1V6iv>*g*kj0z_{5 zbjS23d4(*jhmm|6YDH;o zf|PqFOvs_hYl>dL=~3vv`^YakKK?e-{x)RVT`SqXJSimSbL)GlSgFJ-5u!~-Q9}he zq=hY39~rFLHSmrCh}?m?(QSfx3LVlXuCdKkB!RaazES3hiUM(Z`h5+<#A2RA-$sl9AK z-sg@!sp{0tE`*h#UaZDEugjJGu77p_{j>Q+|HPGkDH%(c+SmYQ{f!9)jSWpqZ2>+!SxVI@y{6iHC>WWjwcjBi(ER1{1D_aiSV_$MBA2lSM-vJ4AV(VX^ci#id)3 zKtqyoBu&l$Im~t1DJf1q6N!wf#DlgyPEaH6nNx9I1CSj+0smJ|`e*PASO5lC>-bv@ zjOyBZYnlmeo-zne+BAV+ayPa~iV0|FcUK$+LuPB#JF;{v&ev4;ltwKF6QRg(sPx>HEYjCe?aw|*m z8t`iFA~pByoJ=du8InjKPlM2y#JCV05%3$;q=;q^5hUs~*e{abvi0jJ4kkp;g7NC$2!0x`&o>=YRgK(~?xkoi>EYPc4-EuF z%D>*r{}M#?6B|Y){sW?tur#+I{DxBj<~>cnjd23jGkjYW^qX+GZ)C@L_jaabhnAM9 z=)+DR|KKQ@WW6I*_iPf2c|Hv8JAKO{fvTQ{>ez|2!csv^uIZJeIi6(~jzXysS+bx@ zsn^OV9G_1mZ5`wNjO)va^t%f~uH=mr+pl^LmpKx)Aa**gH9!n*8Ka0YxSF{?3oz z{man0xX`~Nm<5amTq#njxzwtmP5fJ5j^niRYR)t{@EJXF_BPjD37Fz>Uhgnw049^!AhrUm0U<1`g+5U5MqDbv+(cKzBG{^da-fb6z5D;n1?=Q3ZeoID?6f9 z-^wDYY++0s`)->yV?2-p;HY-L+(7`p-H%Kd1`hR~NbHmae>U(M!Xc^w2oscP|KPOy zC2j6!^Um!)`W?44bH=^pya^PiAC;qR+RHR1E0#t;eR+IQzbZ9i+?b*X=# zw8#ra;Irtr(8$6ykd6?B1E4U~pF8DT_v?y}clKG+w?}aIr1f7iGY~Q>FBY}T@}b7; z6NE`tD9|blVYUNn-&M$&^%g@{u4#9Anzc-+C(DGzt0;f56CylW>Z zTv{2R#$U1%#g9l^x(1?y*oWhGm{lMPPaht2Hn^O9WHs;2Yt<_om1-0{7_h*Hhes1b z*_tvjiWEv~t?h$?y1FlsG0AcRZlf=?VMbiwrvT)$z(S#ZmYstTLpxq#ru$uU3W9X} z4ckXH^BvEDk@L|hrL0*X;to-#>Tj*wrg)CN%+aoHJUcANq^B9=qu#dUesm(MVhh#o z_qUEx#gXbIG~}%uR@i{zYJV4NEU3%?rOA_q=iY1_?=^&^V9@bpzBM^4HnsO5)e1PN zz(@N99u+6ogi78dr(^a#(RH2om(6vMSi2NbGMZQTG$lO|#m7hK5cKshGV;s$Bkb63 z#b3}y>i4j)$N=4ACYqy8vhPaNMnUwddt-&dcn$*%D!mnYWRKk_!1v-+C^LrGdsfF^ zFUp?8UgdWp(e2;s`jGlkG#0xU+lc~O;KxX{Gk{{&@z<-V%81N>_&s-n5^^;$bT9?n zwx72U4*ol4Y-;>{N5GHOB8G4X0G*UjrDXynb1W>J?2JDUT2Q!WrnJglmgaW$f85M( zVDjH{(59^LMlQVbw(lcv7m2H?QG4bcBTVXx9isW!*rK{mFKptO1b#_eMVoT|(i&G> zk%7JiQ(dUwhcIm#@7@O=uO%QifMId@>6DV?FbT{E@W`3;&4>VQ-zTE zHWnK42-U|inY|B11Qb1ARJxmd8k8#zx`4a@C-(T|!~j$JLxwPLP-1ejDzr+%vOiOD zSU7ONf85mhpX{k369*F;0|Sc`BMk%9(**#9BM}6U3=2wX5&rxmgvz2yYLX)IN}|eu zAH`LbH*f+@MRJ z^jtxR(W8Rq_sh^UojxBZ{iIFl6N_hntwAX;3l_4$JE;~#zs9e9;GPHoi5}-b{8X&t zfn3-*@Ir@ddb)a#Y#do7wT$&Wz8mf_ka8~P3fgNLVzL@1r@NOmJA6?1XjJU5;XFg{ z&IY>jDqB0-Da}?ND$ z?c3rLUJZNb`E;(#Cu91^Ej8?+WsRW^-`_1SmqC?(q%KRmDVD*H7|%lLtGX4P%s!3% z1)7>>YVc((JW!cACB*{pITlzwUc1|alTOczp{W4D58x#QvmtTvu&3+%nOIZo5&S3K zO1RM%8<#wgsnH1ent^cDalF%8nqo(YrNwIj)>>~M>#>Gg)lXB2yx^*+UHA@`ip^6Jr)Hw5Z`YCExs?bwJ!j_{?@e*S= zh1i6D#VZDH1ga+Ak+eBRvIz`FJVm37HhJJE2a0uo{2(G)S>wPc^5Kg%qBWzEu^@NE z=;2}gORQ-Y$d#5p2>&k8AqZqG*o}r`dgD>-=ru;f<7Te2==gHKx0@+sS?6HZNiqdJe2vw^~vTM(~RjRb>Vq+GeDM5Yv)DWe}$j7RlOR| zSVoNp_V`)~jD7z_Av5*;=A0^v4_2X+MSpe4bi+_yV)#L4YHRd0-Xd`bsY^c?uT?2! z;>bax_Qr!g*&7y(fld;YY@9UYZjLNJ-cXy@hytNLAZI!t@)X0Bj=6|j1I!P|WUQa= zntKg+7kw~it4pU{JwTm^hq$^4j%jx2N^f##>J`QA--6D4GO+mc0-eqJ#XkP~n$;fC zl>n+hLE9w0f%U;aL7*JH4*y=Lw0uk&A%U7}dk%7Gxqvg?K=Ji(pHH}Bb*?&!bhy<1 zfXHJHsBY4wZ+<(s0y42)nU(d9eY^WY7rmXxc`X6v>XoroYf6F@A7CxHYUbKGe8h9G zJ2LDdGRxsE+aaG#P5spJgJZgZ)_ELF9_o=3tbs&pa$~IVyZz@^LynpLi4QF1A#&*l zcQqc+%nr?FMQ%qp&Ij19;d_Wt36s=dI;L4rD|vCW$I%87fPA$j{!0;#a%s)61Ia3#RdnfCECp+G{^(}B}?)ox_7Itn8 zEVp4N0NHFyuIqoPOi8zdNpsUo`=b)Yh~iu2dr7n!zjh! zGX*v!P4SUXpBplNMAjM5kuKk_Hmg;f5^-}{W-&t&s!2W$P2O5==M;>~;PhcVe}8Jj z#TBcKD#!bo3K-73FlU7-Meind%h~(wN)Acp5w{n)oT5{OIVUL5idR0{wEpMi`UmK_ zRkV}MBk@A+GGv2s9QMm!Ms8#9Q#JW!4diygDUKvPQKg$Dmg%pZra6Zm2o_kJ&T9q6 z8G*YG*N|y3bO{<2CiSq2E!QBKDTWl1uZvZNRYDa+ORpurODYgxOZ|V5)PK{KvM?}x zx24oSZRryq*f${QU&ns`kvV;XA|989b9>w^02xdu_mv?iA7b((A=L2Xg2-YBsHgvv zFpx^<%00mcphiI>ofQXkrZs}}nUP+|0Vo1PbVx;BUmZy0Emn@`52Lw@bnsI3Saezr zS`bI=U-I4!O+Zru1p~}!V8Ab@|DV36f3|}C?L7rxzrQQJv|W2#?al_knPi9Jq?nlV z6LaCa0{b4{>X=6lj_6pI#_u)>?GQ?5E@gT*rRy$c21w6`2vCzxe{5!G;e*C5mP|gT z79j0P?JxeENp@TU1C;tg>rM6w<=`eOa+MugI_@KeetMNt*M-;Ae- zXnL;=u$z126^|Jpshxca37H@?ZKX{tnlK$9QjZ@VYH|-2bJo*H4vVba(W#b4D!6eA z!&bzc^{|XAMAf(Bf`nRx=DrxNcNXxP73iK}ehwdei6Kgv&g2Th_?hzgfHlZ&ospj}M zop-njQ@UR|E?1<3tdV<|fL?MqPPioG+C z5QQC-;?>=%fMU6Tpd}W?b@2R#WU&5SV7m}d;nmy&16}`=*u_qa>;1_{(?po|2n3Qr zOE7DLp81;iVY712g9oT~Di=uK6|*^fUqB8LEMYGB|mmlZI8{bQdT6e^0i zlc^zK_ZOio0KK&Uq?e{nf5bqjkjjQOX7)}djMxmAPudBCiVPrdkQb4Ef^uXmZ7p2@ zu;UNg3yO;W^Rs`gu)pn|m=K7Ha@vZ=xm4`LQ2|SvF74>tjnw51yKM;{gWsa(he-L7 zPpObzxy+rX{?0|war8(iURLm-bYQ_M)Lo=S(=1g%uXcvUL1cW1Jz2<-hoQ%@M(GQY zY~DgMrw?vU0crM0FnZb>bRXf&XW9*wEb$LBM$a(;vF$yw`i^WGUi3s<#y8T;oTfzNS&Nik+Bap9ECA@a*S)25m)A`S%`WjV*!#7CyUQdy7 zT8Wnd&E(aTl0Crl7vnWgD|W&bE|qf}t16I!n~Ei}$kV>8=$j$Jnu-|$H*|z_7T<}) zLTLk&9h1v?Em7X`{PMe9eeoo%pkJf~Xx;vSy2AiEvT1)N%A!vj+Z>!MolODl+fHtP zQ8s77Z|&PZawS+e^gmzzmM#IZ=%?TL$;SZ-;F6+!>hK11fB(RUzuQ|ILucnFI}?MW-wz1+%u+ZIV@8yoIMzX+`#c!aCzWoD@0$-+fmOpiO9 zDb+0`f^CU~Itofrf1#pL1)Y=VUgzXEI?>_b7imr8H7t`Gg>U~tNUnh(;tz%$_If@A zjV*3M(mT)f7Temn>T0YMn&w1#wi`{PG4%CC6gB5k0kg{DjT81I@iW};cx!*Noo=gu zcciBuLPf*xvHV@b2nechV4O*{n@rbfR0a&D%`o^kMpT%c<3YHJ{Jq^c^9fSwIV$T0 z5?%0enre3pvgy?(*AMixWl$X8Y(xmlkQdIdE~c`S*!OPgyBN8pX3)|r`mxV-^=}{> zec%b^g7ItqM!O{bQxMxvTL*{#2lVzYAT9J(JywJ92<|7%%hx)+=Ru6}4f0Vrt-{etF=uL2BJifrTv*0T{H_XnGq_a5G>QqX_|6l0y| ztf(r3rg}q4Jf`2WN0Rnvjwm1*$Gj=Ueiwordad75rC?V$2{SV5=toeD<8!WTN31_g zy*uNhTRGR&C$j?%ym+L3*Gb}ecQZg5oP1hmr3gIXKDUpOca0r<8-&yJF7?a}f>~Jd z)gx@(&5wlr#Z#R1t1fD#PeqYxw|*m8O{0gQdC=Ri_DoXfd2-YeIa zVEeq!yQOA{JR2r-Kad^#;ftf=VK?r+aXtoG_A!q6^b1uGkU7c05v`4?OM9l=!5Qvw z!IG@D;j(30Z)k#i8K<}0s{ThQE*`~u>G_yf< zjpflW%d5yx6j1RFGgP;7cV8CL7r~?RZ?fXBbBSpDJsM0J7d{r9dDN&5hfFc`cvKd| z8m^8(DOVhZ-#y#TfZxr49IT&OWZ5qPp>GeuN*Vl@lyLZPZ%1Mb9Hx+*ux8S(lxrP=dC zLIw9_DcIQd9S{QtLA{wu1x{kL=fl<9&MvCrke-2@B@Cz{J7AHODX3&Zh)v2pnRlbx zxNAH&WpfZx1m;C)47jT_%PW}4>Sle9I#Fup?%%CT=#%db{>66#uIrClE)*)Hpp&H+ zUoC%de{0S`weE5%<(XajC zfR(_%citV2Mo?dGG+8cj1~CgR10*%}iGxv#dI^PrxkJA0zL3l%|8x<8BloIy*&(f; z3AhTJ4^r;)*^NBCCIj(a8J3#$W&q^fDY|O_r=s`HHEX?#T#;6tCfOTd!2#eA6HPl3#c2VPp*vPC0fHcVIJ8q{*!fJBc?uZlsg!SEgE z`V9EozN1zyOfa%kBm+0Z772`|DHTp3`B2Ukn1Mjqi(9&{i(j9U!vMoM_BA}F|Y-Fc}Mo8aZ%$Ew=*|zg^YGtZ-o8+?nfTWm|*n4w^lUvPONeyRjY|P#)+5Nk$z@ zv6^-9@A3+JGA|)NOMT#|(Bf>&OdRa2j10fX5CGu+F#9m5_=0kP{at^%@9QVqFf1zU z(~D2_PD4wtp9ltk@Al~_Alw3s^n4520Acs{kn8vG*z$oj^{$CZa!_1>Qy~^`b{1@) zzO!U=arr5joOcTBA@aI*5$+hy6nro)bz=^mpD2?7BILfihF`ALfT3Ld^G=zUk21$B z)dZ#sO&;eJrH)O<@)~%r*IWow^NuWJ))FwJTgx6zGjeXl7uB6kq4O%;L{ROrXhk?% zuluYs=^;&(fQsz~-dY@nk>QL=7mVp zOG|IkkY?K^3LMmt#4runi%yqBc;k=b-)IX*jgFQeS`ESJHRXuMep#%Cfz>d@U~VGW zcE|D^mZD4WmZwK@uX;&uk!3Wpu5fi2U#udd4n6B;-22fK|Ff;tICS=nk9>sz)V*3d z;xiiW(txsP!&oUuH=#A&v(;)+X6?qh0+GRTe|H`{lEa|VqRjya8IXr^o%D2AdZfsr zGymBz7kEuc(TgvRI-Hbq9a1Dw=la0LQ(?{&bhRV?yrlMVzxl6kaVO!O$k-2EN_K-9f|u$|eX5LhtKb zye2dvvmXJkc9|PL1KMXZ7`wcHyDpHXYnGlCU`P81+&eZbMo@YHaykEJQ@KC8dw!&HPopSL z0K~VAcK<;B_BXu>pyJ;2u7g3(UfjBF$D_}b8Ks}|DZxUF2?F`2ZorW8-~oeu=AC*8 zoeH<^x_xu&9!Yf$Y9P%Pg-(KA0quAubw;63`w)(6$8SSV53Q;FS{s%*eY2Z4;@XPl zxOy65A1M4uY5xzugQp1K@4kcI0Wk3&RT8FP)T+wiNmqNvMa*5&so4vBNgRM2Ta`cb z+)$y!O8X+k1-W<^9wB>+Z~jo!a1l<{}QPX{L{2({Rzs{C2kN z?iNb66G)eYt&JL0?>}|6+SEs#BD~Dl&a|;izw(e^5S^{qfaei4xMNCDByTnE9-^za z{v_7lPxz{ez;sOls<}|E^dwk}J>=lyNT7tUxttSKrcRp-4n?F6v3G4*+T!PR#o%se zF*#el^qXXiB_C#WL7tb2N3iueZ)uFNKd2Azx9;oqWWE(m-z?A~t!*w<;~lqu^C+p& z{-xyctg&LB{kFOB43_Kqqp%Qu#6rk0>et1VjR=FrXbQD*G`uXBJ;#G_gjL?slst(x zp3Ap&@We9jkpmCaxG$#jH?kj{jR&Q5Z~^%gW&Vs3u)?rq{)2** zs#wRX0t!Qahl%d|H#9_V#K$PIAVl3df-uQzXDe%m6?U!9WI`Po_KQBChpsO?3as8v z2!;C>FmuuA;0q!L8joQ*T2mhuMK&<%a9N43cYA8i5n{hRu}XX6)T%BuC7s=ZboWk1 zaOVh*SC1k)Yowz_aj95*Cq((X)L7f(#)cnG5QB^>3ogr@Cw=y6VBbOkL2LStQc{H{ zhGAd^9EDfc)*}(n&grY>qv}rf9YCl>gg=xsW#8*`gZJBg4vlCI2hDaO3XQ9b1%17e z8%{A?kRXY8IDxonDfrZ8@7!Xa$sc?;78kWmqmh&QJyI?-uaHsUK7%#4gdIL0 zhePhVP!099GMJ$W8DTW+OUTP-PCj|ZBPZd8&1aS^aM7@?>R^p>RA_X(h`9JnMMi9& z%{GY}!3B(wh)>bU@_ zBKB*pzYA}XUqeM3j6&5q43jkk3XjZRRBZ-s(@An6(v<=6~Z5N7DhS-ns0bN zD%rQszAdo)FL)d5auu!8YYUP+uUS%i9W4r`pI2q$I8{LIXJ`nSLdE`8SDb#x7?fJ=Y6@{b*As412z&uaLzXm-#ak)H-bT=P_rUcF^f4SLxUIGWkcc zY8d$zb_!%_@g>f_RxYes{h~JC>;hwm#E*fnnhP5p(+>cAcf zmu#g>WP?sdZ37|ikUud?r60G28L-G6u$-83CbPk1QoAyHoU`yLQ@8T*@|y=2Im>?Q zXoJMHo_@Fw8%&iWiQI}F$>vd?dDR}^CM*$g5KqaTTQl2U+KJyd3-9C}lk9V94PL5;9z4=$zWEU~dqg{ETBhbm`*Cf@xtxTX7N~<&)dgB|K~e+TKY?vm zF#+N9xi79PM(g0A@bifdL4AQz5s|a>J@v301p;-I625yEWBMuuQ|Mg{Av$4fnc6R8 z;+i*L_=z*m#iSGhtJm5+8t%-WZ49c1;3FE(?He@%tSa3nojwXEFfz_Y1nSZgnN(az zet4zxqhtD@AAMvAPkCtUUmecBnTP&4C#mdW=wxPTYGd-3dh3sr^as%rC@STjul+-{ z?mwNAwjFhX-d)7rfmGRR=SnPQdv4}8fEub{c8k}~5Am|nMF?N!S!S+9V&9_@X4Oi% zGf}GDHyuW=65lwjkQ=6czR(Iew8LtOpjipgo^`pk*6)pYjieMIrh3-sio5H-tx_p{ zrRt;(f^~)AsCj@-0qN44EzxdMdsg`F)P&tL;r*eQp8tlevW(H&Q36=w7Ow2uJ5QiA zLznUAK?267)lODe@aaP{2(BaSw^0$DnqQ6l^=tG^8Lo;OWZksz-Sk-Ae@szJkF5FP zUpU&f!o=tkKfbPyd}aMcQfD$fX)=GySR2~yiOxgX1utdh`3w}8=0q9-!tUB#_aQ;t z*YCkX5}*e#F#fNy`xz{t{&TQ^`cJ_E>fZ+oTnrrFjV|Lq1q)BMSAmI@?QcWfzi$%s zyS3RR*>Yxr8Zy{b&T4jfiTTbWPAOoOkZ>m7?jYUy)Jiq^^({NecXe zr~N6QxSnHkji&|?1T>IC$4+I&+d1!eROfDDz2u)Bbt|{%6&fn}PHDMPT|RN8|yd5i5KPFtcihzH3JeLsFmXd1#(U<4a+Kt0_k1B-cv5oX!tvaDYI8si!%CmMeJi>4S{biJFS-oIQ8huR14dZHKQyhy znc9Mk)5I4Q?XA7Ql=Lx^E8wy%t^3SE*9;HZ$oxV4pvw9s*<$8c;H0P+Q;I{_8VG`< z@QZpI=N6MshJxjTGb$g#==+JQpO55fs#xUSwNugesN%W`7+|~rQRR&C2mh|erB6YB z(Jw*-OuQj7z(0NMkf;!XPb}8Xj3Nv|PY+;Fx&KomaDe+t_a`F+qW}ZncWJW!Xa35Q zm;neCpaYoow~Yi{SEc+o5qCU1V7k0ew9nplvBeiA>D~LD?~4xsB!j;=5EnJN#3Ke zjfXlaIqke=(qfzt%}+*0e=ln1oHY=OeI6OA!K{5+YAjeCh^ssB3S&5dO?R?j!4+pC ziu{w8gy6j>7DNSkx?HD&_-b8lpfbu%RkVaIqcFx+bf1@TiZmsIT!@?zmLAVoYTRpo z;DhY-tEh-ovNYa=dcWhvuZoJkw9f}DH4WFxts1G=kionZ+L%Jx=~tX)=kd_Rx5do} z`Oi{%-^KuYy+-shIfus#TdWM9y$R{$dT&WVdjfBv`2TIy^IzdW8kA@7obtDMcd^qVOUq`K-)8Juc@NQ~}dGy0jaAsSIAE&DRTt|Jbb*BC$Q#S>sWcOx2voDzXfz`!*S&>CR*;J;e zzI7V&e(L(oe6Qn?@1v^u;$mU+ec6Mh=3B1+s;+XHlf@MlRg=lRs)17_r|zH|!)8$8 z-+&ZQz(E|?P7GmQ;A#v|7Z%z&wlpvYrC4rZ1JFUkz*QF@Ila8p5`E`@U!L z{Gx(<;Kj$lv%Qik6^c^RQj0*xW`ie=!CJ*Mk~M*avw@ics@b{*+K|Ft1uBj{7X;iT zji?(4=7Mcgw>dlgI+m-I?{R;Mk7YRPyTg@&ju~ce-~5}!*uT(18 zmLY|ws;cTI+^v;uxY@WnQtgo7zh{#leQ$V@`rE{uPqU%GcfCcM-n{zo_4CBny_Pwx zp%}kS=En0yEJ{Bw-?{$B z^Q8gf^0HS(JEl5HoxGLk7g2Qn-?yg9{l$rFTuaq&Y>vO|>L*il&ClplQ5XOBX2}a# z4Gj#gavP36pS52oTwP{yhCWyO-mGlCxYW-w~sB)7Pcj%*l8Dd7lG5Qr@2M9^|MnF@NvH4q?EAk4$Ir3*BChi+bB&*oPg41-?Ju70 zHrXTDy>3q6^X+w8gEty0J9~6?pq;9o2?LL`Su;fgvPAYY`dMuD~lwag>5B!Y426%5|)M1ia`gG(L?Moh+Q+sN%`l}M2_xaN}|0TaE zh&5ZAUcT<++?r4qt3}Cy@?Re(U0LbQZg)n3;VLMjTtW)HkRaFw33g$A_td1SRA6HC z&QDHE&B-)$GH?KSjZ4@vq_ikIvock|DKjTCw>ULN0XUK!l9~;=7&I$0TLD<11CMwp z%1u=8E-fm}Ed`np66)j`;^=J%E$_I6RlE~{62N8wXf_IX22CZfobydB%1*7y1X&4| z^fg2rs0K9vCZhn_z2Tjojbs8yUogl%1;R%=tuHk&UbQ>>@=P5e^Ol>v)zcd;=RN;F zJ7B8agsEXp*ClJzT6!n_VwAPwf0Saey=Tvhj-TBstMwLtHGksJC!t!|Tqoj?7r$8T@@&*j~U;d83)GpBdz%$=UNTwq7&gnB+*b&Hbw&;Q=?6MF0` zs>F2S!Gk~iYrC$W3<)@6&3{U)q2)qg*x|mg`c5Td{b#LQdzY?|HoJHEj!v%iapAp@ u$~w=UF8O|g`|Ya<4lXOE?w)-0LW9XRw+cRahRJRZ-@W|##$O!V0t5g +#include +#include +#include "ed_25519.h" +#include "mbedtls/base64.h" + +// Base64 URL encoding table (without padding) +static const char base64url_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; + +bool JWTHelper::createAuthToken( + const mesh::LocalIdentity& identity, + const char* audience, + unsigned long issuedAt, + unsigned long expiresIn, + char* token, + size_t tokenSize, + const char* owner, + const char* client, + const char* email +) { + if (!audience || !token || tokenSize == 0) { + return false; + } + + // Use current time if not specified + if (issuedAt == 0) { + issuedAt = time(nullptr); + } + + // Create header + char header[256]; + size_t headerLen = createHeader(header, sizeof(header)); + if (headerLen == 0) { + return false; + } + + // Get public key as UPPERCASE HEX string + char publicKeyHex[65]; + mesh::Utils::toHex(publicKeyHex, identity.pub_key, PUB_KEY_SIZE); + for (int i = 0; publicKeyHex[i]; i++) { + publicKeyHex[i] = toupper(publicKeyHex[i]); + } + + // Create payload + char payload[512]; + size_t payloadLen = createPayload(publicKeyHex, audience, issuedAt, expiresIn, payload, sizeof(payload), owner, client, email); + if (payloadLen == 0) { + return false; + } + + // Create signing input: header.payload + char signingInput[768]; + size_t signingInputLen = headerLen + 1 + payloadLen; + if (signingInputLen >= sizeof(signingInput)) { + return false; + } + + memcpy(signingInput, header, headerLen); + signingInput[headerLen] = '.'; + memcpy(signingInput + headerLen + 1, payload, payloadLen); + + // Sign the data using direct Ed25519 signing + uint8_t signature[64]; + mesh::LocalIdentity identity_copy = identity; + + uint8_t export_buffer[96]; + size_t exported_size = identity_copy.writeTo(export_buffer, sizeof(export_buffer)); + + if (exported_size != 96) { + return false; + } + + uint8_t* private_key = export_buffer; + uint8_t* public_key = export_buffer + 64; + + ed25519_sign(signature, (const unsigned char*)signingInput, signingInputLen, public_key, private_key); + + // Verify the signature locally + int verify_result = ed25519_verify(signature, (const unsigned char*)signingInput, signingInputLen, public_key); + if (verify_result != 1) { + Serial.println("JWTHelper: Signature verification failed!"); + return false; + } + + // Convert signature to hex + char signatureHex[129]; + for (int i = 0; i < 64; i++) { + sprintf(signatureHex + (i * 2), "%02X", signature[i]); + } + signatureHex[128] = '\0'; + + // Create final token: header.payload.signatureHex (MeshCore Decoder format) + size_t sigHexLen = strlen(signatureHex); + size_t totalLen = headerLen + 1 + payloadLen + 1 + sigHexLen; + if (totalLen >= tokenSize) { + return false; + } + + memcpy(token, header, headerLen); + token[headerLen] = '.'; + memcpy(token + headerLen + 1, payload, payloadLen); + token[headerLen + 1 + payloadLen] = '.'; + memcpy(token + headerLen + 1 + payloadLen + 1, signatureHex, sigHexLen); + token[totalLen] = '\0'; + + return true; +} + +size_t JWTHelper::base64UrlEncode(const uint8_t* input, size_t inputLen, char* output, size_t outputSize) { + if (!input || !output || outputSize == 0) { + return 0; + } + + size_t outlen = 0; + int ret = mbedtls_base64_encode((unsigned char*)output, outputSize - 1, &outlen, input, inputLen); + + if (ret != 0) { + return 0; + } + + // Convert to base64 URL format in-place (replace + with -, / with _, remove padding =) + for (size_t i = 0; i < outlen; i++) { + if (output[i] == '+') { + output[i] = '-'; + } else if (output[i] == '/') { + output[i] = '_'; + } + } + + // Remove padding '=' characters + while (outlen > 0 && output[outlen-1] == '=') { + outlen--; + } + output[outlen] = '\0'; + return outlen; +} + +size_t JWTHelper::createHeader(char* output, size_t outputSize) { + // Create JWT header: {"alg":"Ed25519","typ":"JWT"} + DynamicJsonDocument doc(256); + doc["alg"] = "Ed25519"; + doc["typ"] = "JWT"; + + char jsonBuffer[256]; + size_t len = serializeJson(doc, jsonBuffer, sizeof(jsonBuffer)); + if (len == 0 || len >= sizeof(jsonBuffer)) { + return 0; + } + + return base64UrlEncode((uint8_t*)jsonBuffer, len, output, outputSize); +} + +size_t JWTHelper::createPayload( + const char* publicKey, + const char* audience, + unsigned long issuedAt, + unsigned long expiresIn, + char* output, + size_t outputSize, + const char* owner, + const char* client, + const char* email +) { + // Create JWT payload + DynamicJsonDocument doc(512); + doc["publicKey"] = publicKey; + doc["aud"] = audience; + doc["iat"] = issuedAt; + + if (expiresIn > 0) { + doc["exp"] = issuedAt + expiresIn; + } + + // Add optional owner field if provided + if (owner && strlen(owner) > 0) { + doc["owner"] = owner; + } + + // Add optional client field if provided + if (client && strlen(client) > 0) { + doc["client"] = client; + } + + // Add optional email field if provided + if (email && strlen(email) > 0) { + doc["email"] = email; + } + + char jsonBuffer[512]; + size_t len = serializeJson(doc, jsonBuffer, sizeof(jsonBuffer)); + if (len == 0 || len >= sizeof(jsonBuffer)) { + return 0; + } + + return base64UrlEncode((uint8_t*)jsonBuffer, len, output, outputSize); +} + diff --git a/src/helpers/JWTHelper.h b/src/helpers/JWTHelper.h new file mode 100644 index 000000000..a84889d89 --- /dev/null +++ b/src/helpers/JWTHelper.h @@ -0,0 +1,87 @@ +#pragma once + +#include "MeshCore.h" +#include "Identity.h" + +/** + * JWT Helper for creating authentication tokens + * + * This class provides functionality to create JWT-style authentication tokens + * signed with Ed25519 private keys for MQTT authentication. + */ +class JWTHelper { +public: + /** + * Create an authentication token for MQTT authentication + * + * @param identity LocalIdentity instance for signing + * @param audience Audience string (e.g., "mqtt-us-v1.letsmesh.net") + * @param issuedAt Unix timestamp (0 for current time) + * @param expiresIn Expiration time in seconds (0 for no expiration) + * @param token Buffer to store the resulting token + * @param tokenSize Size of the token buffer + * @param owner Optional owner public key in hex format (nullptr if not set) + * @param client Optional client string (nullptr if not set) + * @param email Optional email address (nullptr if not set) + * @return true if token was created successfully + */ + static bool createAuthToken( + const mesh::LocalIdentity& identity, + const char* audience, + unsigned long issuedAt = 0, + unsigned long expiresIn = 0, + char* token = nullptr, + size_t tokenSize = 0, + const char* owner = nullptr, + const char* client = nullptr, + const char* email = nullptr + ); + +private: + /** + * Base64 URL encode data + * + * @param input Input data + * @param inputLen Length of input data + * @param output Output buffer + * @param outputSize Size of output buffer + * @return Length of encoded data, or 0 on error + */ + static size_t base64UrlEncode(const uint8_t* input, size_t inputLen, char* output, size_t outputSize); + + /** + * Create JWT header + * + * @param output Output buffer + * @param outputSize Size of output buffer + * @return Length of header, or 0 on error + */ + static size_t createHeader(char* output, size_t outputSize); + + /** + * Create JWT payload + * + * @param publicKey Public key in hex format + * @param audience Audience string + * @param issuedAt Issued at timestamp + * @param expiresIn Expiration time in seconds (0 for no expiration) + * @param output Output buffer + * @param outputSize Size of output buffer + * @param owner Optional owner public key in hex format (nullptr if not set) + * @param client Optional client string (nullptr if not set) + * @param email Optional email address (nullptr if not set) + * @return Length of payload, or 0 on error + */ + static size_t createPayload( + const char* publicKey, + const char* audience, + unsigned long issuedAt, + unsigned long expiresIn, + char* output, + size_t outputSize, + const char* owner = nullptr, + const char* client = nullptr, + const char* email = nullptr + ); + +}; diff --git a/src/helpers/MQTTMessageBuilder.cpp b/src/helpers/MQTTMessageBuilder.cpp new file mode 100644 index 000000000..95edcc104 --- /dev/null +++ b/src/helpers/MQTTMessageBuilder.cpp @@ -0,0 +1,415 @@ +#include "MQTTMessageBuilder.h" +#include +#include +#include +#include "MeshCore.h" + +int MQTTMessageBuilder::buildStatusMessage( + const char* origin, + const char* origin_id, + const char* model, + const char* firmware_version, + const char* radio, + const char* client_version, + const char* status, + const char* timestamp, + char* buffer, + size_t buffer_size, + int battery_mv, + int uptime_secs, + int errors, + int queue_len, + int noise_floor, + int tx_air_secs, + int rx_air_secs +) { + // Use StaticJsonDocument to avoid heap fragmentation (fixed-size stack allocation) + StaticJsonDocument<768> doc; // Increased size to accommodate stats + JsonObject root = doc.to(); + + root["status"] = status; + root["timestamp"] = timestamp; + root["origin"] = origin; + root["origin_id"] = origin_id; + root["model"] = model; + root["firmware_version"] = firmware_version; + root["radio"] = radio; + root["client_version"] = client_version; + + // Add stats object if any stats are provided + if (battery_mv >= 0 || uptime_secs >= 0 || errors >= 0 || queue_len >= 0 || + noise_floor > -999 || tx_air_secs >= 0 || rx_air_secs >= 0) { + JsonObject stats = root.createNestedObject("stats"); + + if (battery_mv >= 0) { + stats["battery_mv"] = battery_mv; + } + if (uptime_secs >= 0) { + stats["uptime_secs"] = uptime_secs; + } + if (errors >= 0) { + stats["errors"] = errors; + } + if (queue_len >= 0) { + stats["queue_len"] = queue_len; + } + if (noise_floor > -999) { + stats["noise_floor"] = noise_floor; + } + if (tx_air_secs >= 0) { + stats["tx_air_secs"] = tx_air_secs; + } + if (rx_air_secs >= 0) { + stats["rx_air_secs"] = rx_air_secs; + } + } + + size_t len = serializeJson(root, buffer, buffer_size); + return (len > 0 && len < buffer_size) ? len : 0; +} + +int MQTTMessageBuilder::buildPacketMessage( + const char* origin, + const char* origin_id, + const char* timestamp, + const char* direction, + const char* time, + const char* date, + int len, + int packet_type, + const char* route, + int payload_len, + const char* raw, + float snr, + int rssi, + const char* hash, + const char* path, + char* buffer, + size_t buffer_size +) { + // Use StaticJsonDocument with fixed maximum size to avoid heap fragmentation + // Base JSON overhead ~200 bytes, raw hex can be up to 510 chars (255 bytes packet) + // Use maximum size (2048) to handle all packet sizes without heap allocation + StaticJsonDocument<2048> doc; + JsonObject root = doc.to(); + + // Format numeric values as strings to avoid String object allocations + char len_str[16]; + char packet_type_str[16]; + char payload_len_str[16]; + char snr_str[16]; + char rssi_str[16]; + + snprintf(len_str, sizeof(len_str), "%d", len); + snprintf(packet_type_str, sizeof(packet_type_str), "%d", packet_type); + snprintf(payload_len_str, sizeof(payload_len_str), "%d", payload_len); + snprintf(snr_str, sizeof(snr_str), "%.1f", snr); + snprintf(rssi_str, sizeof(rssi_str), "%d", rssi); + + root["origin"] = origin; + root["origin_id"] = origin_id; + root["timestamp"] = timestamp; + root["type"] = "PACKET"; + root["direction"] = direction; + root["time"] = time; + root["date"] = date; + root["len"] = len_str; + root["packet_type"] = packet_type_str; + root["route"] = route; + root["payload_len"] = payload_len_str; + root["raw"] = raw; + root["SNR"] = snr_str; + root["RSSI"] = rssi_str; + root["hash"] = hash; + + if (path && strlen(path) > 0) { + root["path"] = path; + } + + size_t json_len = serializeJson(root, buffer, buffer_size); + return (json_len > 0 && json_len < buffer_size) ? json_len : 0; +} + +int MQTTMessageBuilder::buildRawMessage( + const char* origin, + const char* origin_id, + const char* timestamp, + const char* raw, + char* buffer, + size_t buffer_size +) { + // Use StaticJsonDocument to avoid heap fragmentation (fixed-size stack allocation) + StaticJsonDocument<512> doc; + JsonObject root = doc.to(); + + root["origin"] = origin; + root["origin_id"] = origin_id; + root["timestamp"] = timestamp; + root["type"] = "RAW"; + root["data"] = raw; + + size_t len = serializeJson(root, buffer, buffer_size); + return (len > 0 && len < buffer_size) ? len : 0; +} + +int MQTTMessageBuilder::buildPacketJSON( + mesh::Packet* packet, + bool is_tx, + const char* origin, + const char* origin_id, + Timezone* timezone, + char* buffer, + size_t buffer_size +) { + if (!packet) return 0; + + // Get current device time (should be UTC since system timezone is set to UTC) + time_t now = time(nullptr); + + // Convert to local time using timezone library (for timestamp field only) + time_t local_time = timezone ? timezone->toLocal(now) : now; + struct tm* local_timeinfo = localtime(&local_time); + + // Format timestamp in ISO 8601 format (LOCAL TIME) + char timestamp[32]; + if (local_timeinfo) { + strftime(timestamp, sizeof(timestamp), "%Y-%m-%dT%H:%M:%S.000000", local_timeinfo); + } else { + strcpy(timestamp, "2024-01-01T12:00:00.000000"); + } + + // Get UTC time (since system timezone is UTC, time() returns UTC) + struct tm* utc_timeinfo = gmtime(&now); + + // Format time and date (ALWAYS UTC) + char time_str[16]; + char date_str[16]; + if (utc_timeinfo) { + strftime(time_str, sizeof(time_str), "%H:%M:%S", utc_timeinfo); + strftime(date_str, sizeof(date_str), "%d/%m/%Y", utc_timeinfo); + } else { + strcpy(time_str, "12:00:00"); + strcpy(date_str, "01/01/2024"); + } + + // Convert packet to hex + // MAX_TRANS_UNIT is 255 bytes, hex = 510 chars, but allow for larger with headers + char raw_hex[1024]; + packetToHex(packet, raw_hex, sizeof(raw_hex)); + + // Get packet characteristics + int packet_type = packet->getPayloadType(); + const char* route_str = getRouteTypeString(packet->isRouteDirect() ? 1 : 0); + + // Create proper packet hash using MeshCore's calculatePacketHash method + char hash_str[17]; + uint8_t packet_hash[MAX_HASH_SIZE]; + packet->calculatePacketHash(packet_hash); + bytesToHex(packet_hash, MAX_HASH_SIZE, hash_str, sizeof(hash_str)); + + // Build path string for direct packets + char path_str[128] = ""; + if (packet->isRouteDirect() && packet->path_len > 0) { + // Simplified path representation + snprintf(path_str, sizeof(path_str), "path_len_%d", packet->path_len); + } + + return buildPacketMessage( + origin, origin_id, timestamp, + is_tx ? "tx" : "rx", + time_str, date_str, + packet->path_len + packet->payload_len + 2, + packet_type, route_str, + packet->payload_len, + raw_hex, + 12.5f, // SNR - using reasonable default + -65, // RSSI - using reasonable default + hash_str, + packet->isRouteDirect() ? path_str : nullptr, + buffer, buffer_size + ); +} + +int MQTTMessageBuilder::buildPacketJSONFromRaw( + const uint8_t* raw_data, + int raw_len, + mesh::Packet* packet, + bool is_tx, + const char* origin, + const char* origin_id, + float snr, + float rssi, + Timezone* timezone, + char* buffer, + size_t buffer_size +) { + if (!packet || !raw_data || raw_len <= 0) return 0; + + // Get current device time (should be UTC since system timezone is set to UTC) + time_t now = time(nullptr); + + // Convert to local time using timezone library (for timestamp field only) + time_t local_time = timezone ? timezone->toLocal(now) : now; + struct tm* local_timeinfo = localtime(&local_time); + + // Format timestamp in ISO 8601 format (LOCAL TIME) + char timestamp[32]; + if (local_timeinfo) { + strftime(timestamp, sizeof(timestamp), "%Y-%m-%dT%H:%M:%S.000000", local_timeinfo); + } else { + strcpy(timestamp, "2024-01-01T12:00:00.000000"); + } + + // Get UTC time (since system timezone is UTC, time() returns UTC) + struct tm* utc_timeinfo = gmtime(&now); + + // Format time and date (ALWAYS UTC) + char time_str[16]; + char date_str[16]; + if (utc_timeinfo) { + strftime(time_str, sizeof(time_str), "%H:%M:%S", utc_timeinfo); + strftime(date_str, sizeof(date_str), "%d/%m/%Y", utc_timeinfo); + } else { + strcpy(time_str, "12:00:00"); + strcpy(date_str, "01/01/2024"); + } + + // Convert raw radio data to hex (this includes radio headers) + // MAX_TRANS_UNIT is 255 bytes, hex = 510 chars, but allow for larger with headers + char raw_hex[1024]; + bytesToHex(raw_data, raw_len, raw_hex, sizeof(raw_hex)); + + // Get packet characteristics from the parsed packet + int packet_type = packet->getPayloadType(); + const char* route_str = getRouteTypeString(packet->isRouteDirect() ? 1 : 0); + + // Create proper packet hash using MeshCore's calculatePacketHash method + char hash_str[17]; + uint8_t packet_hash[MAX_HASH_SIZE]; + packet->calculatePacketHash(packet_hash); + bytesToHex(packet_hash, MAX_HASH_SIZE, hash_str, sizeof(hash_str)); + + // Build path string for direct packets + char path_str[128] = ""; + if (packet->isRouteDirect() && packet->path_len > 0) { + // Simplified path representation + snprintf(path_str, sizeof(path_str), "path_len_%d", packet->path_len); + } + + return buildPacketMessage( + origin, origin_id, timestamp, + is_tx ? "tx" : "rx", + time_str, date_str, + raw_len, // Use actual raw radio data length + packet_type, route_str, + packet->payload_len, + raw_hex, + snr, // Use actual SNR from radio + rssi, // Use actual RSSI from radio + hash_str, + packet->isRouteDirect() ? path_str : nullptr, + buffer, buffer_size + ); +} + +int MQTTMessageBuilder::buildRawJSON( + mesh::Packet* packet, + const char* origin, + const char* origin_id, + Timezone* timezone, + char* buffer, + size_t buffer_size +) { + if (!packet) return 0; + + // Get current device time + time_t now = time(nullptr); + + // Convert to local time using timezone library + time_t local_time = timezone ? timezone->toLocal(now) : now; + struct tm* timeinfo = localtime(&local_time); + + // Format timestamp in ISO 8601 format + char timestamp[32]; + if (timeinfo) { + strftime(timestamp, sizeof(timestamp), "%Y-%m-%dT%H:%M:%S.000000", timeinfo); + } else { + strcpy(timestamp, "2024-01-01T12:00:00.000000"); + } + + // Convert packet to hex + // MAX_TRANS_UNIT is 255, so max hex size is 510 chars + null = 511 bytes + char raw_hex[1024]; + packetToHex(packet, raw_hex, sizeof(raw_hex)); + + return buildRawMessage(origin, origin_id, timestamp, raw_hex, buffer, buffer_size); +} + +const char* MQTTMessageBuilder::getPacketTypeString(int packet_type) { + switch (packet_type) { + case 0: return "0"; // REQ + case 1: return "1"; // RESPONSE + case 2: return "2"; // TXT_MSG + case 3: return "3"; // ACK + case 4: return "4"; // ADVERT + case 5: return "5"; // GRP_TXT + case 6: return "6"; // GRP_DATA + case 7: return "7"; // ANON_REQ + case 8: return "8"; // PATH + case 9: return "9"; // TRACE + case 10: return "10"; // MULTIPART + case 11: return "11"; // Type11 + case 12: return "12"; // Type12 + case 13: return "13"; // Type13 + case 14: return "14"; // Type14 + case 15: return "15"; // RAW_CUSTOM + default: return "0"; + } +} + +const char* MQTTMessageBuilder::getRouteTypeString(int route_type) { + switch (route_type) { + case 0: return "F"; // FLOOD + case 1: return "D"; // DIRECT + case 2: return "T"; // TRANSPORT_DIRECT + default: return "U"; // UNKNOWN + } +} + +void MQTTMessageBuilder::formatTimestamp(unsigned long timestamp, char* buffer, size_t buffer_size) { + // Simplified timestamp formatting - in real implementation would use proper time + snprintf(buffer, buffer_size, "2024-01-01T12:00:00.000000"); +} + +void MQTTMessageBuilder::formatTime(unsigned long timestamp, char* buffer, size_t buffer_size) { + // Simplified time formatting + snprintf(buffer, buffer_size, "12:00:00"); +} + +void MQTTMessageBuilder::formatDate(unsigned long timestamp, char* buffer, size_t buffer_size) { + // Simplified date formatting + snprintf(buffer, buffer_size, "01/01/2024"); +} + +void MQTTMessageBuilder::bytesToHex(const uint8_t* data, size_t len, char* hex, size_t hex_size) { + if (hex_size < len * 2 + 1) return; + + for (size_t i = 0; i < len; i++) { + snprintf(hex + i * 2, 3, "%02X", data[i]); + } + hex[len * 2] = '\0'; +} + +void MQTTMessageBuilder::packetToHex(mesh::Packet* packet, char* hex, size_t hex_size) { + // Serialize full on-air/wire format using Packet::writeTo() + // This includes header, transport codes (if present), path_len, path, and payload + uint8_t raw_buf[512]; + uint8_t raw_len = packet->writeTo(raw_buf); + if (raw_len == 0 || raw_len > sizeof(raw_buf)) return; + + // Check if hex buffer is large enough (2 hex chars per byte + null terminator) + if (hex_size < (size_t)raw_len * 2 + 1) return; + + // Convert serialized packet to hex + bytesToHex(raw_buf, raw_len, hex, hex_size); +} \ No newline at end of file diff --git a/src/helpers/MQTTMessageBuilder.h b/src/helpers/MQTTMessageBuilder.h new file mode 100644 index 000000000..9106e20c9 --- /dev/null +++ b/src/helpers/MQTTMessageBuilder.h @@ -0,0 +1,213 @@ +#pragma once + +#include "MeshCore.h" +#include +#include +#include + +/** + * @brief Utility class for building MQTT JSON messages + * + * This class handles the formatting of mesh packets and device status + * into JSON messages for MQTT publishing according to the MeshCore + * packet capture specification. + */ +class MQTTMessageBuilder { +private: + static const int JSON_BUFFER_SIZE = 1024; + +public: + /** + * Build status message JSON + * + * @param origin Device name + * @param origin_id Device public key (hex string) + * @param model Device model + * @param firmware_version Firmware version + * @param radio Radio information + * @param client_version Client version + * @param status Connection status ("online" or "offline") + * @param timestamp ISO 8601 timestamp + * @param buffer Output buffer for JSON string + * @param buffer_size Size of output buffer + * @param battery_mv Battery voltage in millivolts (optional, -1 to omit) + * @param uptime_secs Uptime in seconds (optional, -1 to omit) + * @param errors Error flags (optional, -1 to omit) + * @param queue_len Queue length (optional, -1 to omit) + * @param noise_floor Noise floor in dBm (optional, -999 to omit) + * @param tx_air_secs TX air time in seconds (optional, -1 to omit) + * @param rx_air_secs RX air time in seconds (optional, -1 to omit) + * @return Length of JSON string, or 0 on error + */ + static int buildStatusMessage( + const char* origin, + const char* origin_id, + const char* model, + const char* firmware_version, + const char* radio, + const char* client_version, + const char* status, + const char* timestamp, + char* buffer, + size_t buffer_size, + int battery_mv = -1, + int uptime_secs = -1, + int errors = -1, + int queue_len = -1, + int noise_floor = -999, + int tx_air_secs = -1, + int rx_air_secs = -1 + ); + + /** + * Build packet message JSON + * + * @param origin Device name + * @param origin_id Device public key (hex string) + * @param timestamp ISO 8601 timestamp + * @param direction Packet direction ("rx" or "tx") + * @param time Time in HH:MM:SS format + * @param date Date in DD/MM/YYYY format + * @param len Total packet length + * @param packet_type Packet type code + * @param route Routing type + * @param payload_len Payload length + * @param raw Raw packet data (hex string) + * @param snr Signal-to-noise ratio + * @param rssi Received signal strength + * @param hash Packet hash + * @param path Routing path (for direct packets) + * @param buffer Output buffer for JSON string + * @param buffer_size Size of output buffer + * @return Length of JSON string, or 0 on error + */ + static int buildPacketMessage( + const char* origin, + const char* origin_id, + const char* timestamp, + const char* direction, + const char* time, + const char* date, + int len, + int packet_type, + const char* route, + int payload_len, + const char* raw, + float snr, + int rssi, + const char* hash, + const char* path, + char* buffer, + size_t buffer_size + ); + + /** + * Build raw message JSON + * + * @param origin Device name + * @param origin_id Device public key (hex string) + * @param timestamp ISO 8601 timestamp + * @param raw Raw packet data (hex string) + * @param buffer Output buffer for JSON string + * @param buffer_size Size of output buffer + * @return Length of JSON string, or 0 on error + */ + static int buildRawMessage( + const char* origin, + const char* origin_id, + const char* timestamp, + const char* raw, + char* buffer, + size_t buffer_size + ); + + /** + * Convert packet to JSON message + * + * @param packet Mesh packet + * @param is_tx Whether packet was transmitted (true) or received (false) + * @param origin Device name + * @param origin_id Device public key (hex string) + * @param buffer Output buffer for JSON string + * @param buffer_size Size of output buffer + * @return Length of JSON string, or 0 on error + */ + static int buildPacketJSON( + mesh::Packet* packet, + bool is_tx, + const char* origin, + const char* origin_id, + Timezone* timezone, + char* buffer, + size_t buffer_size + ); + + static int buildPacketJSONFromRaw( + const uint8_t* raw_data, + int raw_len, + mesh::Packet* packet, + bool is_tx, + const char* origin, + const char* origin_id, + float snr, + float rssi, + Timezone* timezone, + char* buffer, + size_t buffer_size + ); + + /** + * Convert packet to raw JSON message + * + * @param packet Mesh packet + * @param origin Device name + * @param origin_id Device public key (hex string) + * @param buffer Output buffer for JSON string + * @param buffer_size Size of output buffer + * @return Length of JSON string, or 0 on error + */ + static int buildRawJSON( + mesh::Packet* packet, + const char* origin, + const char* origin_id, + Timezone* timezone, + char* buffer, + size_t buffer_size + ); + +private: + /** + * Convert packet type to string + */ + static const char* getPacketTypeString(int packet_type); + + /** + * Convert route type to string + */ + static const char* getRouteTypeString(int route_type); + + /** + * Format timestamp to ISO 8601 format + */ + static void formatTimestamp(unsigned long timestamp, char* buffer, size_t buffer_size); + + /** + * Format time to HH:MM:SS format + */ + static void formatTime(unsigned long timestamp, char* buffer, size_t buffer_size); + + /** + * Format date to DD/MM/YYYY format + */ + static void formatDate(unsigned long timestamp, char* buffer, size_t buffer_size); + + /** + * Convert bytes to hex string (uppercase) + */ + static void bytesToHex(const uint8_t* data, size_t len, char* hex, size_t hex_size); + + /** + * Convert packet to hex string + */ + static void packetToHex(mesh::Packet* packet, char* hex, size_t hex_size); +}; diff --git a/src/helpers/bridges/MQTTBridge.cpp b/src/helpers/bridges/MQTTBridge.cpp new file mode 100644 index 000000000..54dba14b8 --- /dev/null +++ b/src/helpers/bridges/MQTTBridge.cpp @@ -0,0 +1,2870 @@ +#include "MQTTBridge.h" +#include "../MQTTMessageBuilder.h" +#include +#include +#include + +#ifdef ESP_PLATFORM +#include +#include +#include +#include +#include +#endif + +// Helper function to strip quotes from strings (both single and double quotes) +static void stripQuotes(char* str, size_t max_len) { + if (!str || max_len == 0) return; + + size_t len = strlen(str); + if (len == 0) return; + + // Remove leading quote (single or double) + if (str[0] == '"' || str[0] == '\'') { + memmove(str, str + 1, len); + len--; + } + + // Remove trailing quote (single or double) + if (len > 0 && (str[len-1] == '"' || str[len-1] == '\'')) { + str[len-1] = '\0'; + } +} + +// Helper function to check if WiFi credentials are valid +static bool isWiFiConfigValid(const NodePrefs* prefs) { + // Check if WiFi SSID is configured (not empty) + if (strlen(prefs->wifi_ssid) == 0) { + return false; + } + + // WiFi password can be empty for open networks, so we don't check it + + return true; +} + +#ifdef WITH_MQTT_BRIDGE + +MQTTBridge::MQTTBridge(NodePrefs *prefs, mesh::PacketManager *mgr, mesh::RTCClock *rtc, mesh::LocalIdentity *identity) + : BridgeBase(prefs, mgr, rtc), _mqtt_client(nullptr), + _active_brokers(0), _queue_count(0), + _last_status_publish(0), _last_status_retry(0), _status_interval(300000), // 5 minutes default + _ntp_client(_ntp_udp, "pool.ntp.org", 0, 60000), _last_ntp_sync(0), _ntp_synced(false), _ntp_sync_pending(false), + _timezone(nullptr), _last_raw_len(0), _last_snr(0), _last_rssi(0), _last_raw_timestamp(0), + _analyzer_us_enabled(false), _analyzer_eu_enabled(false), _identity(identity), + _analyzer_us_client(nullptr), _analyzer_eu_client(nullptr), _config_valid(false), + _cached_has_brokers(false), _cached_has_analyzer_servers(false), + _last_memory_check(0), _skipped_publishes(0), + _last_no_broker_log(0), _last_config_warning(0), _dispatcher(nullptr), _radio(nullptr), _board(nullptr), _ms(nullptr) +#ifdef ESP_PLATFORM + , _packet_queue_handle(nullptr), _mqtt_task_handle(nullptr), _raw_data_mutex(nullptr) +#else + , _queue_head(0), _queue_tail(0) +#endif +{ + + // Initialize default values + strncpy(_origin, "MeshCore-Repeater", sizeof(_origin) - 1); + strncpy(_iata, "XXX", sizeof(_iata) - 1); + strncpy(_device_id, "DEVICE_ID_PLACEHOLDER", sizeof(_device_id) - 1); + strncpy(_firmware_version, "unknown", sizeof(_firmware_version) - 1); + strncpy(_board_model, "unknown", sizeof(_board_model) - 1); + strncpy(_build_date, "unknown", sizeof(_build_date) - 1); + _status_enabled = true; + _packets_enabled = true; + _raw_enabled = false; + _tx_enabled = false; // Disable TX packets by default + + // Initialize MQTT server settings with defaults (empty/null values) + _prefs->mqtt_server[0] = '\0'; // Empty string + _prefs->mqtt_port = 0; // Invalid port + _prefs->mqtt_username[0] = '\0'; // Empty string + _prefs->mqtt_password[0] = '\0'; // Empty string + + // Override with build flags if defined +#ifdef MQTT_SERVER + strncpy(_prefs->mqtt_server, MQTT_SERVER, sizeof(_prefs->mqtt_server) - 1); +#endif +#ifdef MQTT_PORT + _prefs->mqtt_port = MQTT_PORT; +#endif +#ifdef MQTT_USERNAME + strncpy(_prefs->mqtt_username, MQTT_USERNAME, sizeof(_prefs->mqtt_username) - 1); +#endif +#ifdef MQTT_PASSWORD + strncpy(_prefs->mqtt_password, MQTT_PASSWORD, sizeof(_prefs->mqtt_password) - 1); +#endif + + // Initialize packet queue (FreeRTOS queue will be created in begin()) + #ifdef ESP_PLATFORM + // Queue and mutex will be created in begin() + #else + // Initialize circular buffer for non-ESP32 platforms + memset(_packet_queue, 0, sizeof(_packet_queue)); + for (int i = 0; i < MAX_QUEUE_SIZE; i++) { + _packet_queue[i].has_raw_data = false; + } + #endif + + // Initialize throttle log timers + _last_no_broker_log = 0; + _last_analyzer_us_log = 0; + _last_analyzer_eu_log = 0; + + // Set default broker configuration + setBrokerDefaults(); +} + +void MQTTBridge::begin() { + MQTT_DEBUG_PRINTLN("Initializing MQTT Bridge..."); + + // Check if WiFi credentials are configured first + if (!isWiFiConfigValid(_prefs)) { + MQTT_DEBUG_PRINTLN("MQTT Bridge initialization skipped - WiFi credentials not configured"); + return; + } + + // Validate custom MQTT broker configuration (optional) + _config_valid = isMQTTConfigValid(); + if (!_config_valid) { + MQTT_DEBUG_PRINTLN("No valid custom MQTT server configured - analyzer servers will still work"); + } else { + MQTT_DEBUG_PRINTLN("Custom MQTT server configuration is valid"); + } + + // Update origin and IATA from preferences + strncpy(_origin, _prefs->mqtt_origin, sizeof(_origin) - 1); + _origin[sizeof(_origin) - 1] = '\0'; + strncpy(_iata, _prefs->mqtt_iata, sizeof(_iata) - 1); + _iata[sizeof(_iata) - 1] = '\0'; + + // Strip quotes from MQTT server configuration if present + stripQuotes(_prefs->mqtt_server, sizeof(_prefs->mqtt_server)); + stripQuotes(_prefs->mqtt_username, sizeof(_prefs->mqtt_username)); + stripQuotes(_prefs->mqtt_password, sizeof(_prefs->mqtt_password)); + + // Strip quotes from origin and IATA if present + stripQuotes(_origin, sizeof(_origin)); + stripQuotes(_iata, sizeof(_iata)); + + // Convert IATA code to uppercase (IATA codes are conventionally uppercase) + for (int i = 0; _iata[i]; i++) { + _iata[i] = toupper(_iata[i]); + } + + // Update enabled flags from preferences + _status_enabled = _prefs->mqtt_status_enabled; + _packets_enabled = _prefs->mqtt_packets_enabled; + _raw_enabled = _prefs->mqtt_raw_enabled; + _tx_enabled = _prefs->mqtt_tx_enabled; + // Set status interval to 5 minutes (300000 ms), or use preference if set and valid + if (_prefs->mqtt_status_interval >= 1000 && _prefs->mqtt_status_interval <= 3600000) { + _status_interval = _prefs->mqtt_status_interval; + } else { + // Invalid or uninitialized value - fix it in preferences and use default + _prefs->mqtt_status_interval = 300000; // Fix the preference value + _status_interval = 300000; // 5 minutes default + } + + // Check for configuration mismatch: bridge.source=tx but mqtt.tx=off + checkConfigurationMismatch(); + + MQTT_DEBUG_PRINTLN("Config: Origin=%s, IATA=%s, Device=%s", _origin, _iata, _device_id); + + #ifdef ESP_PLATFORM + // Create FreeRTOS queue for thread-safe packet queuing + _packet_queue_handle = xQueueCreate(MAX_QUEUE_SIZE, sizeof(QueuedPacket)); + if (_packet_queue_handle == nullptr) { + MQTT_DEBUG_PRINTLN("Failed to create packet queue!"); + return; + } + + // Create mutex for raw radio data protection + _raw_data_mutex = xSemaphoreCreateMutex(); + if (_raw_data_mutex == nullptr) { + MQTT_DEBUG_PRINTLN("Failed to create raw data mutex!"); + vQueueDelete(_packet_queue_handle); + _packet_queue_handle = nullptr; + return; + } + + // Initialize PsychicMqttClient (will be used by task) + _mqtt_client = new PsychicMqttClient(); + + // Optimize MQTT client configuration for memory efficiency + optimizeMqttClientConfig(_mqtt_client, false); + + // Set up event callbacks for the main MQTT client + _mqtt_client->onConnect([this](bool sessionPresent) { + MQTT_DEBUG_PRINTLN("MQTT broker connected"); + for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { + if (_brokers[i].enabled && !_brokers[i].connected) { + _brokers[i].connected = true; + _active_brokers++; + // Update cached broker status + _cached_has_brokers = isAnyBrokerConnected(); + break; + } + } + }); + + _mqtt_client->onDisconnect([this](bool sessionPresent) { + MQTT_DEBUG_PRINTLN("MQTT broker disconnected"); + for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { + if (_brokers[i].connected) { + _brokers[i].connected = false; + _active_brokers--; + // Update cached broker status + _cached_has_brokers = isAnyBrokerConnected(); + break; + } + } + }); + + // Set default broker from preferences or build flags + setBroker(0, _prefs->mqtt_server, _prefs->mqtt_port, _prefs->mqtt_username, _prefs->mqtt_password, true); + + // Setup Let's Mesh Analyzer servers configuration + _analyzer_us_enabled = _prefs->mqtt_analyzer_us_enabled; + _analyzer_eu_enabled = _prefs->mqtt_analyzer_eu_enabled; + MQTT_DEBUG_PRINTLN("Analyzer servers - US: %s, EU: %s", + _analyzer_us_enabled ? "enabled" : "disabled", + _analyzer_eu_enabled ? "enabled" : "disabled"); + + // Create FreeRTOS task for MQTT/WiFi processing on Core 0 + #ifndef MQTT_TASK_CORE + #define MQTT_TASK_CORE 0 + #endif + #ifndef MQTT_TASK_STACK_SIZE + #define MQTT_TASK_STACK_SIZE 8192 // Reverted: 6144 was too small, caused boot loop after NTP sync + #endif + #ifndef MQTT_TASK_PRIORITY + #define MQTT_TASK_PRIORITY 1 + #endif + + BaseType_t task_result = xTaskCreatePinnedToCore( + mqttTask, // Task function + "MQTTBridge", // Task name + MQTT_TASK_STACK_SIZE, // Stack size + this, // Parameter (this pointer) + MQTT_TASK_PRIORITY, // Priority + &_mqtt_task_handle, // Task handle + MQTT_TASK_CORE // Core ID (0) + ); + + if (task_result != pdPASS) { + MQTT_DEBUG_PRINTLN("Failed to create MQTT task!"); + vQueueDelete(_packet_queue_handle); + _packet_queue_handle = nullptr; + vSemaphoreDelete(_raw_data_mutex); + _raw_data_mutex = nullptr; + delete _mqtt_client; + _mqtt_client = nullptr; + return; + } + + MQTT_DEBUG_PRINTLN("MQTT task created on Core %d", MQTT_TASK_CORE); + #else + // Non-ESP32: Initialize WiFi directly (no task) + WiFi.mode(WIFI_STA); + WiFi.setAutoReconnect(true); + WiFi.setAutoConnect(true); + WiFi.begin(_prefs->wifi_ssid, _prefs->wifi_password); + + // Initialize PsychicMqttClient + _mqtt_client = new PsychicMqttClient(); + optimizeMqttClientConfig(_mqtt_client, false); + + // Set up event callbacks + _mqtt_client->onConnect([this](bool sessionPresent) { + MQTT_DEBUG_PRINTLN("MQTT broker connected"); + for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { + if (_brokers[i].enabled && !_brokers[i].connected) { + _brokers[i].connected = true; + _active_brokers++; + // Update cached broker status + _cached_has_brokers = isAnyBrokerConnected(); + break; + } + } + }); + + _mqtt_client->onDisconnect([this](bool sessionPresent) { + MQTT_DEBUG_PRINTLN("MQTT broker disconnected"); + for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { + if (_brokers[i].connected) { + _brokers[i].connected = false; + _active_brokers--; + // Update cached broker status + _cached_has_brokers = isAnyBrokerConnected(); + break; + } + } + }); + + setBroker(0, _prefs->mqtt_server, _prefs->mqtt_port, _prefs->mqtt_username, _prefs->mqtt_password, true); + _analyzer_us_enabled = _prefs->mqtt_analyzer_us_enabled; + _analyzer_eu_enabled = _prefs->mqtt_analyzer_eu_enabled; + setupAnalyzerClients(); + connectToBrokers(); + #endif + + _initialized = true; + MQTT_DEBUG_PRINTLN("MQTT Bridge initialized"); +} + +void MQTTBridge::end() { + MQTT_DEBUG_PRINTLN("Stopping MQTT Bridge..."); + + #ifdef ESP_PLATFORM + // Delete FreeRTOS task first (it will clean up WiFi/MQTT connections) + if (_mqtt_task_handle != nullptr) { + vTaskDelete(_mqtt_task_handle); + _mqtt_task_handle = nullptr; + // Give task time to clean up + vTaskDelay(pdMS_TO_TICKS(100)); + } + + // Clean up queued packets from FreeRTOS queue + if (_packet_queue_handle != nullptr) { + QueuedPacket queued; + while (xQueueReceive(_packet_queue_handle, &queued, 0) == pdTRUE) { + if (queued.packet) { + _mgr->free(queued.packet); + queued.packet = nullptr; + } + _queue_count--; + } + vQueueDelete(_packet_queue_handle); + _packet_queue_handle = nullptr; + } + + // Delete mutex + if (_raw_data_mutex != nullptr) { + vSemaphoreDelete(_raw_data_mutex); + _raw_data_mutex = nullptr; + } + #else + // Disconnect from all brokers + for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { + if (_brokers[i].enabled && _brokers[i].connected) { + _mqtt_client->disconnect(); + _brokers[i].connected = false; + } + } + + // Disconnect analyzer clients + if (_analyzer_us_client) { + _analyzer_us_client->disconnect(); + delete _analyzer_us_client; + _analyzer_us_client = nullptr; + } + if (_analyzer_eu_client) { + _analyzer_eu_client->disconnect(); + delete _analyzer_eu_client; + _analyzer_eu_client = nullptr; + } + + // Clean up queued packets to prevent memory leaks + for (int i = 0; i < _queue_count; i++) { + int index = (_queue_head + i) % MAX_QUEUE_SIZE; + if (_packet_queue[index].packet) { + _mgr->free(_packet_queue[index].packet); + _packet_queue[index].packet = nullptr; + } + memset(&_packet_queue[index], 0, sizeof(QueuedPacket)); + } + + _queue_count = 0; + _queue_head = 0; + _queue_tail = 0; + memset(_packet_queue, 0, sizeof(_packet_queue)); + #endif + + // Clean up timezone object to prevent memory leak + if (_timezone) { + delete _timezone; + _timezone = nullptr; + } + + // Clean up resources + if (_mqtt_client) { + delete _mqtt_client; + _mqtt_client = nullptr; + } + + _initialized = false; + MQTT_DEBUG_PRINTLN("MQTT Bridge stopped"); +} + +#ifdef ESP_PLATFORM +void MQTTBridge::mqttTask(void* parameter) { + MQTTBridge* bridge = static_cast(parameter); + if (bridge) { + bridge->mqttTaskLoop(); + } + // Task should never return, but if it does, delete itself + vTaskDelete(nullptr); +} + +void MQTTBridge::initializeWiFiInTask() { + MQTT_DEBUG_PRINTLN("Initializing WiFi in MQTT task..."); + + // Initialize WiFi + WiFi.mode(WIFI_STA); + + // Enable automatic reconnection - ESP32 will handle reconnection automatically + WiFi.setAutoReconnect(true); + WiFi.setAutoConnect(true); + + // Set up WiFi event handlers for better diagnostics and immediate disconnection detection + WiFi.onEvent([this](WiFiEvent_t event, WiFiEventInfo_t info) { + switch(event) { + case ARDUINO_EVENT_WIFI_STA_GOT_IP: + MQTT_DEBUG_PRINTLN("WiFi connected: %s", IPAddress(info.got_ip.ip_info.ip.addr).toString().c_str()); + // Set flag to trigger NTP sync from loop() instead of doing it here + if (!_ntp_synced && !_ntp_sync_pending) { + _ntp_sync_pending = true; + } + break; + default: + break; + } + }); + + WiFi.begin(_prefs->wifi_ssid, _prefs->wifi_password); + + // WiFi connection is asynchronous - don't block here + // Auto-reconnect will handle connection in the background + + // Setup PsychicMqttClient WebSocket clients for analyzer servers + setupAnalyzerClients(); + + MQTT_DEBUG_PRINTLN("WiFi initialization started in task"); +} + +void MQTTBridge::mqttTaskLoop() { + // Initialize WiFi first + initializeWiFiInTask(); + + // Wait a bit for WiFi to start connecting + vTaskDelay(pdMS_TO_TICKS(1000)); + + // Main task loop + while (true) { + // Run the main MQTT bridge loop logic + // This replaces the original loop() method but runs in the task + + // Actively monitor and manage WiFi connection + static unsigned long last_wifi_check = 0; + static unsigned long last_wifi_reconnect_attempt = 0; + static wl_status_t last_wifi_status = WL_DISCONNECTED; + static bool wifi_status_initialized = false; + static unsigned long wifi_disconnected_time = 0; + + unsigned long now = millis(); + wl_status_t current_wifi_status = WiFi.status(); + + // Initialize last_wifi_status on first loop() call + if (!wifi_status_initialized) { + last_wifi_status = current_wifi_status; + wifi_status_initialized = true; + // Don't sync here - let the pending flag or transition handler do it + } + + // Check WiFi status every 10 seconds for faster detection + if (now - last_wifi_check > 10000) { + last_wifi_check = now; + + if (current_wifi_status == WL_CONNECTED) { + if (last_wifi_status != WL_CONNECTED) { + wifi_disconnected_time = 0; + // Configure WiFi power management for efficient operation + wifi_ps_type_t ps_mode; + uint8_t ps_pref = _prefs->wifi_power_save; + if (ps_pref == 1) { + ps_mode = WIFI_PS_NONE; + } else if (ps_pref == 2) { + ps_mode = WIFI_PS_MAX_MODEM; + } else { + ps_mode = WIFI_PS_MIN_MODEM; + } + esp_wifi_set_ps(ps_mode); + + // Set WiFi TX power + #ifdef MQTT_WIFI_TX_POWER + WiFi.setTxPower(MQTT_WIFI_TX_POWER); + #else + WiFi.setTxPower(WIFI_POWER_11dBm); + #endif + + // NTP sync will be handled by _ntp_sync_pending flag from WiFi event handler + // This prevents multiple simultaneous syncs + } + last_wifi_status = WL_CONNECTED; + } else { + if (last_wifi_status == WL_CONNECTED) { + wifi_disconnected_time = now; + } else if (wifi_disconnected_time > 0) { + unsigned long disconnected_duration = now - wifi_disconnected_time; + + // Try to force reconnection if disconnected for more than 30 seconds + if (disconnected_duration > 30000 && (now - last_wifi_reconnect_attempt) > 30000) { + last_wifi_reconnect_attempt = now; + WiFi.disconnect(); + WiFi.begin(_prefs->wifi_ssid, _prefs->wifi_password); + } + } + last_wifi_status = current_wifi_status; + } + } + + // Check for pending NTP sync (triggered from WiFi event handler) + if (_ntp_sync_pending && WiFi.status() == WL_CONNECTED) { + _ntp_sync_pending = false; + syncTimeWithNTP(); + } + + // Check if analyzer server settings have changed in preferences + static unsigned long last_analyzer_check = 0; + if (now - last_analyzer_check > 5000) { + last_analyzer_check = now; + if (_analyzer_us_enabled != _prefs->mqtt_analyzer_us_enabled || + _analyzer_eu_enabled != _prefs->mqtt_analyzer_eu_enabled) { + MQTT_DEBUG_PRINTLN("Analyzer settings changed - updating..."); + setupAnalyzerServers(); + } + } + + // Maintain broker connections + connectToBrokers(); + + // Maintain analyzer server connections + maintainAnalyzerConnections(); + + // Process packet queue + processPacketQueue(); + + // Periodic configuration check (throttled to avoid spam) + checkConfigurationMismatch(); + + // Periodic NTP sync (every hour) - only when connected + if (WiFi.status() == WL_CONNECTED && now - _last_ntp_sync > 3600000) { + syncTimeWithNTP(); + } + + // Publish status updates (handle millis() overflow correctly) + if (_status_enabled) { + // Use cached destination status (updated in connection callbacks) - early exit if no destinations + // Only refresh cache if status publish is enabled to avoid unnecessary checks + bool has_custom_brokers = _cached_has_brokers && _config_valid; + bool has_destinations = has_custom_brokers || _cached_has_analyzer_servers; + + // Early exit if no destinations - skip all the expensive logic below + if (!has_destinations) { + if (_last_status_retry != 0) { + _last_status_retry = 0; + } + } else { + bool should_publish = false; + + // First, check if we need to respect retry interval (prevents spam when publish keeps failing) + if (_last_status_retry != 0) { + unsigned long retry_elapsed = (now >= _last_status_retry) ? + (now - _last_status_retry) : + (ULONG_MAX - _last_status_retry + now + 1); + if (retry_elapsed < STATUS_RETRY_INTERVAL) { + // Too soon to retry - wait longer + should_publish = false; + } else { + // Retry interval has passed - allow retry + should_publish = true; + } + } else { + // No pending retry - check if normal interval has passed + // Handle case where _last_status_publish is 0 (first publish attempt) + if (_last_status_publish == 0) { + // First publish attempt - allow it immediately + should_publish = true; + } else { + // Calculate elapsed time since last successful publish + unsigned long elapsed = (now >= _last_status_publish) ? + (now - _last_status_publish) : + (ULONG_MAX - _last_status_publish + now + 1); + should_publish = (elapsed >= _status_interval); + } + } + + if (should_publish) { + // Only log elapsed time if we have a previous successful publish + if (_last_status_publish != 0) { + unsigned long elapsed = (now >= _last_status_publish) ? + (now - _last_status_publish) : + (ULONG_MAX - _last_status_publish + now + 1); + MQTT_DEBUG_PRINTLN("Status publish timer expired (elapsed: %lu ms, interval: %lu ms)", elapsed, _status_interval); + } else { + MQTT_DEBUG_PRINTLN("Status publish attempt (first publish or retry)"); + } + + _last_status_retry = now; + if (publishStatus()) { + _last_status_publish = now; + _last_status_retry = 0; + MQTT_DEBUG_PRINTLN("Status published successfully, next publish in %lu ms", _status_interval); + } else { + MQTT_DEBUG_PRINTLN("Status publish failed, will retry in %lu ms", STATUS_RETRY_INTERVAL); + // _last_status_retry already set above - will prevent immediate retry + } + } + } + } + + // Critical memory check (every 15 minutes) - only log warnings + static unsigned long last_critical_check = 0; + if (now - last_critical_check > 900000) { + size_t max_alloc = ESP.getMaxAllocHeap(); + if (max_alloc < 40000) { + MQTT_DEBUG_PRINTLN("CRITICAL: Low memory! Free: %d, Max: %d", ESP.getFreeHeap(), max_alloc); + } else if (max_alloc < 60000) { + MQTT_DEBUG_PRINTLN("WARNING: Memory pressure. Free: %d, Max: %d", ESP.getFreeHeap(), max_alloc); + } + last_critical_check = now; + } + + // Update cached analyzer server status periodically (every 5 seconds) + // This ensures cache stays accurate even if callbacks miss updates + static unsigned long last_analyzer_status_update = 0; + if (now - last_analyzer_status_update > 5000) { + _cached_has_analyzer_servers = (_analyzer_us_enabled && _analyzer_us_client && _analyzer_us_client->connected()) || + (_analyzer_eu_enabled && _analyzer_eu_client && _analyzer_eu_client->connected()); + last_analyzer_status_update = now; + } + + // Adaptive task delay based on work done + // Check if we have work to do (queue has packets or status needs publishing) + bool has_work = (_queue_count > 0); + if (!has_work && _status_enabled) { + // Check if status publish is needed soon + if (_last_status_publish == 0 || + (now - _last_status_publish >= (_status_interval - 10000))) { // Within 10s of next publish + has_work = true; + } + } + + // Adaptive delay: shorter when work pending, longer when idle + if (has_work) { + vTaskDelay(pdMS_TO_TICKS(5)); // 5ms delay when work pending - process faster + } else { + vTaskDelay(pdMS_TO_TICKS(50)); // 50ms delay when idle - save CPU + } + } +} +#endif + +bool MQTTBridge::isConfigValid() const { + return _config_valid; +} + +bool MQTTBridge::isConfigValid(const NodePrefs* prefs) { + // Check if MQTT server is configured (not default placeholder) + if (strlen(prefs->mqtt_server) == 0 || + strcmp(prefs->mqtt_server, "your-mqtt-broker.com") == 0) { + return false; + } + + // Check if MQTT port is valid + if (prefs->mqtt_port == 0 || prefs->mqtt_port > 65535) { + return false; + } + + // Username and password are optional - anonymous mode is supported + // Only reject if they contain the default placeholder values + if (strcmp(prefs->mqtt_username, "your-username") == 0) { + return false; + } + + if (strcmp(prefs->mqtt_password, "your-password") == 0) { + return false; + } + + return true; +} + +void MQTTBridge::checkConfigurationMismatch() { + // Check if bridge.source is set to tx (logTx) but mqtt.tx is disabled + // This would prevent packet publishing since sendPacket() requires both packets_enabled and tx_enabled + if (_prefs->bridge_pkt_src == 0 && _packets_enabled && !_tx_enabled) { + unsigned long now = millis(); + // Always log on first detection, then throttle to every 5 minutes to avoid spam + if (_last_config_warning == 0 || (now - _last_config_warning > CONFIG_WARNING_INTERVAL)) { + MQTT_DEBUG_PRINTLN("MQTT: Configuration mismatch detected! bridge.source=tx (logTx) but mqtt.tx=off. Packets will not be published. Run 'set bridge.source rx' or 'set mqtt.tx on' to fix."); + _last_config_warning = now; + } + } else { + // Configuration is correct, reset warning timer so we log immediately if it becomes wrong again + _last_config_warning = 0; + } +} + +bool MQTTBridge::isReady() const { + return _initialized && isWiFiConfigValid(_prefs); +} + +void MQTTBridge::loop() { + if (!_initialized) return; + + #ifdef ESP_PLATFORM + // On ESP32, loop() is a no-op - all processing happens in the FreeRTOS task + // This method is kept for API compatibility but does nothing + return; + #else + // Non-ESP32: Original loop implementation + // Actively monitor and manage WiFi connection + static unsigned long last_wifi_check = 0; + static unsigned long last_wifi_reconnect_attempt = 0; + static wl_status_t last_wifi_status = WL_DISCONNECTED; + static bool wifi_status_initialized = false; + static unsigned long wifi_disconnected_time = 0; + + unsigned long now = millis(); + wl_status_t current_wifi_status = WiFi.status(); + + // Initialize last_wifi_status on first loop() call + if (!wifi_status_initialized) { + last_wifi_status = current_wifi_status; + wifi_status_initialized = true; + if (current_wifi_status == WL_CONNECTED && !_ntp_synced) { + syncTimeWithNTP(); + } + } + + // Check WiFi status every 10 seconds for faster detection + if (now - last_wifi_check > 10000) { + last_wifi_check = now; + + if (current_wifi_status == WL_CONNECTED) { + if (last_wifi_status != WL_CONNECTED) { + wifi_disconnected_time = 0; + if (!_ntp_synced) { + syncTimeWithNTP(); + } + } + last_wifi_status = WL_CONNECTED; + } else { + if (last_wifi_status == WL_CONNECTED) { + wifi_disconnected_time = now; + } else if (wifi_disconnected_time > 0) { + unsigned long disconnected_duration = now - wifi_disconnected_time; + + // Try to force reconnection if disconnected for more than 30 seconds + if (disconnected_duration > 30000 && (now - last_wifi_reconnect_attempt) > 30000) { + last_wifi_reconnect_attempt = now; + WiFi.disconnect(); + WiFi.begin(_prefs->wifi_ssid, _prefs->wifi_password); + } + } + last_wifi_status = current_wifi_status; + } + } + + // Check for pending NTP sync (triggered from WiFi event handler) + if (_ntp_sync_pending && WiFi.status() == WL_CONNECTED) { + _ntp_sync_pending = false; + syncTimeWithNTP(); + } + + // Check if analyzer server settings have changed in preferences + static unsigned long last_analyzer_check = 0; + if (millis() - last_analyzer_check > 5000) { + last_analyzer_check = millis(); + if (_analyzer_us_enabled != _prefs->mqtt_analyzer_us_enabled || + _analyzer_eu_enabled != _prefs->mqtt_analyzer_eu_enabled) { + MQTT_DEBUG_PRINTLN("Analyzer settings changed - updating..."); + setupAnalyzerServers(); + } + } + + // Maintain broker connections + connectToBrokers(); + + // Maintain analyzer server connections + maintainAnalyzerConnections(); + + // Process packet queue + processPacketQueue(); + + // Periodic configuration check (throttled to avoid spam) + checkConfigurationMismatch(); + + // Periodic NTP sync (every hour) - only when connected + if (WiFi.status() == WL_CONNECTED && millis() - _last_ntp_sync > 3600000) { + syncTimeWithNTP(); + } + + // Publish status updates (handle millis() overflow correctly) + if (_status_enabled) { + // Use cached destination status (updated in connection callbacks) - early exit if no destinations + bool has_custom_brokers = _cached_has_brokers && _config_valid; + bool has_destinations = has_custom_brokers || _cached_has_analyzer_servers; + + // Only attempt to publish if we have destinations available + if (has_destinations) { + unsigned long now = millis(); + bool should_publish = false; + + // First, check if we need to respect retry interval (prevents spam when publish keeps failing) + if (_last_status_retry != 0) { + unsigned long retry_elapsed = (now >= _last_status_retry) ? + (now - _last_status_retry) : + (ULONG_MAX - _last_status_retry + now + 1); + if (retry_elapsed < STATUS_RETRY_INTERVAL) { + // Too soon to retry - wait longer + should_publish = false; + } else { + // Retry interval has passed - allow retry + should_publish = true; + } + } else { + // No pending retry - check if normal interval has passed + // Handle case where _last_status_publish is 0 (first publish attempt) + if (_last_status_publish == 0) { + // First publish attempt - allow it immediately + should_publish = true; + } else { + // Calculate elapsed time since last successful publish + unsigned long elapsed = (now >= _last_status_publish) ? + (now - _last_status_publish) : + (ULONG_MAX - _last_status_publish + now + 1); + should_publish = (elapsed >= _status_interval); + } + } + + if (should_publish) { + // Only log elapsed time if we have a previous successful publish + if (_last_status_publish != 0) { + unsigned long elapsed = (now >= _last_status_publish) ? + (now - _last_status_publish) : + (ULONG_MAX - _last_status_publish + now + 1); + MQTT_DEBUG_PRINTLN("Status publish timer expired (elapsed: %lu ms, interval: %lu ms)", elapsed, _status_interval); + } else { + MQTT_DEBUG_PRINTLN("Status publish attempt (first publish or retry)"); + } + + _last_status_retry = now; + if (publishStatus()) { + _last_status_publish = now; + _last_status_retry = 0; + MQTT_DEBUG_PRINTLN("Status published successfully, next publish in %lu ms", _status_interval); + } else { + MQTT_DEBUG_PRINTLN("Status publish failed, will retry in %lu ms", STATUS_RETRY_INTERVAL); + // _last_status_retry already set above - will prevent immediate retry + } + } + } else { + if (_last_status_retry != 0) { + _last_status_retry = 0; + } + } + + // Check if status hasn't been published successfully for too long + // If status publishes have been failing for > 10 minutes, force full MQTT reinitialization + if (_status_enabled && _last_status_publish != 0) { + unsigned long time_since_last_success = (now >= _last_status_publish) ? + (now - _last_status_publish) : + (ULONG_MAX - _last_status_publish + now + 1); + const unsigned long MAX_FAILURE_TIME_MS = 600000; // 10 minutes + + if (time_since_last_success > MAX_FAILURE_TIME_MS) { + static unsigned long last_reinit_log = 0; + if (now - last_reinit_log > 300000) { // Log every 5 minutes max + MQTT_DEBUG_PRINTLN("CRITICAL: Status publish has been failing for %lu ms (>%lu ms), forcing MQTT session reinitialization", + time_since_last_success, MAX_FAILURE_TIME_MS); + last_reinit_log = now; + } + + // Force full MQTT session reinitialization + // Disconnect all MQTT clients + if (_mqtt_client && _mqtt_client->connected()) { + _mqtt_client->disconnect(); + #ifdef ESP_PLATFORM + vTaskDelay(pdMS_TO_TICKS(100)); // Brief delay to allow disconnect + #else + delay(100); // Brief delay to allow disconnect + #endif + } + + // Disconnect analyzer clients + if (_analyzer_us_client && _analyzer_us_client->connected()) { + _analyzer_us_client->disconnect(); + } + if (_analyzer_eu_client && _analyzer_eu_client->connected()) { + _analyzer_eu_client->disconnect(); + } + + // Reset all broker connection states + for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { + if (_brokers[i].enabled) { + _brokers[i].connected = false; + _brokers[i].last_attempt = 0; // Allow immediate reconnect + } + } + _active_brokers = 0; + _cached_has_brokers = false; + _cached_has_analyzer_servers = false; + + // Reset status publish timestamp to allow fresh attempt after reconnection + _last_status_publish = 0; + _last_status_retry = 0; + + MQTT_DEBUG_PRINTLN("MQTT session reinitialized - reconnection will be attempted on next loop"); + } + } + } + #endif + + #ifdef ESP_PLATFORM + // Critical memory check (every 15 minutes) - only log warnings + static unsigned long last_critical_check = 0; + if (millis() - last_critical_check > 900000) { + size_t max_alloc = ESP.getMaxAllocHeap(); + if (max_alloc < 40000) { + MQTT_DEBUG_PRINTLN("CRITICAL: Low memory! Free: %d, Max: %d", ESP.getFreeHeap(), max_alloc); + } else if (max_alloc < 60000) { + MQTT_DEBUG_PRINTLN("WARNING: Memory pressure. Free: %d, Max: %d", ESP.getFreeHeap(), max_alloc); + } + last_critical_check = millis(); + } + #endif +} + +void MQTTBridge::onPacketReceived(mesh::Packet *packet) { + if (!_initialized || !_packets_enabled) return; + + // Check if we have any valid brokers to send to + bool has_valid_brokers = _config_valid || + (_analyzer_us_enabled && _analyzer_us_client) || + (_analyzer_eu_enabled && _analyzer_eu_client); + + if (!has_valid_brokers) return; + + // Queue packet for transmission + queuePacket(packet, false); +} + +void MQTTBridge::sendPacket(mesh::Packet *packet) { + if (!_initialized || !_packets_enabled || !_tx_enabled) return; + + // Queue packet for transmission (only if TX enabled) + queuePacket(packet, true); +} + +bool MQTTBridge::isMQTTConfigValid() { + // Check if MQTT server is configured (not default placeholder) + if (strlen(_prefs->mqtt_server) == 0 || + strcmp(_prefs->mqtt_server, "your-mqtt-broker.com") == 0) { + return false; + } + + // Check if MQTT port is valid + if (_prefs->mqtt_port == 0 || _prefs->mqtt_port > 65535) { + return false; + } + + // Username and password are optional - anonymous mode is supported + // Only reject if they contain the default placeholder values + if (strcmp(_prefs->mqtt_username, "your-username") == 0) { + return false; + } + + if (strcmp(_prefs->mqtt_password, "your-password") == 0) { + return false; + } + + return true; +} + +bool MQTTBridge::isIATAValid() const { + // Check if IATA code is configured (not empty, not default "XXX") + if (strlen(_iata) == 0 || strcmp(_iata, "XXX") == 0) { + return false; + } + return true; +} + +void MQTTBridge::connectToBrokers() { + // Check if MQTT configuration is valid before attempting connection + if (!_config_valid) { + return; + } + + // Check WiFi status first - don't attempt MQTT connection if WiFi is disconnected + if (WiFi.status() != WL_CONNECTED) { + // WiFi is not connected - skip MQTT connection attempts + // WiFi auto-reconnect will handle WiFi, then we can connect MQTT + static unsigned long last_wifi_warning = 0; + unsigned long now = millis(); + if (now - last_wifi_warning > 300000) { // Log every 5 minutes max + MQTT_DEBUG_PRINTLN("Skipping MQTT broker connection - WiFi not connected"); + last_wifi_warning = now; + } + return; + } + + // For now, connect to the first enabled broker + // TODO: Implement multi-broker support with PsychicMqttClient + for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { + if (!_brokers[i].enabled) continue; + + // Check if we need to attempt connection + // Allow immediate reconnect if last_attempt is 0 (was reset due to failure) + bool can_attempt = (_brokers[i].last_attempt == 0) || + (millis() - _brokers[i].last_attempt > _brokers[i].reconnect_interval); + + if (!_brokers[i].connected && can_attempt) { + MQTT_DEBUG_PRINTLN("Connecting to broker %d: %s:%d", i, _brokers[i].host, _brokers[i].port); + + // Generate unique client ID + char client_id[32]; + snprintf(client_id, sizeof(client_id), "%s_%d_%lu", _origin, i, millis()); + + // Set broker URI and connect using PsychicMqttClient API + char broker_uri[128]; + snprintf(broker_uri, sizeof(broker_uri), "mqtt://%s:%d", _brokers[i].host, _brokers[i].port); + _mqtt_client->setServer(broker_uri); + + // Set credentials if provided + if (strlen(_brokers[i].username) > 0) { + _mqtt_client->setCredentials(_brokers[i].username, _brokers[i].password); + } + + // Ensure we're disconnected before attempting new connection + if (_mqtt_client->connected()) { + _mqtt_client->disconnect(); + vTaskDelay(pdMS_TO_TICKS(100)); // Brief delay to allow disconnect to complete + } + + // Connect to the broker (PsychicMqttClient uses async connection) + _mqtt_client->connect(); + + // Update attempt timestamp + _brokers[i].last_attempt = millis(); + MQTT_DEBUG_PRINTLN("Initiating connection to broker %d", i); + } + + // Maintain connection and check for stale connections + if (_brokers[i].connected) { + // Check actual connection state - if it's stale, mark as disconnected and trigger reconnect + // PsychicMqttClient handles automatic reconnection internally, but we need to detect stale state + if (!_mqtt_client->connected()) { + MQTT_DEBUG_PRINTLN("Broker %d connection lost, marking for reconnect", i); + _brokers[i].connected = false; + _active_brokers--; + _brokers[i].last_attempt = 0; // Reset attempt time to allow immediate reconnect + // Update cached broker status + _cached_has_brokers = isAnyBrokerConnected(); + } + // Removed aggressive 4-hour health check that was causing connection instability. + // The MQTT client library handles connection health internally, and forcing + // disconnections on healthy connections was causing hours of downtime. + } else { + // Not connected - ensure we attempt reconnection if enough time has passed + // Reset last_attempt if it's been too long (prevents getting stuck) + if (_brokers[i].last_attempt > 0 && (millis() - _brokers[i].last_attempt) > 300000) { + // Been trying for more than 5 minutes - reset to allow fresh attempt + _brokers[i].last_attempt = 0; + } + } + } + + // Update cached broker status after connection attempts + _cached_has_brokers = isAnyBrokerConnected(); +} + +void MQTTBridge::processPacketQueue() { + #ifdef ESP_PLATFORM + // Use FreeRTOS queue + if (_packet_queue_handle == nullptr) { + return; + } + + // Update queue count from actual queue state + _queue_count = uxQueueMessagesWaiting(_packet_queue_handle); + + if (_queue_count == 0) { + return; + } + + // Use cached broker connection status to avoid redundant checks + bool has_connected_brokers = _cached_has_brokers || _cached_has_analyzer_servers; + + if (!has_connected_brokers) { + if (_queue_count > 0) { + unsigned long now = millis(); + if (now - _last_no_broker_log > NO_BROKER_LOG_INTERVAL) { + MQTT_DEBUG_PRINTLN("Queue has %d packets but no brokers connected", _queue_count); + _last_no_broker_log = now; + } + } + return; + } + + _last_no_broker_log = 0; + + // Process up to 1 packet per call to maintain responsiveness + int processed = 0; + int max_per_loop = 1; + unsigned long loop_start_time = millis(); + const unsigned long MAX_PROCESSING_TIME_MS = 30; + + while (processed < max_per_loop) { + unsigned long elapsed = millis() - loop_start_time; + if (elapsed > MAX_PROCESSING_TIME_MS) { + break; + } + + QueuedPacket queued; + // Try to receive from queue (non-blocking) + if (xQueueReceive(_packet_queue_handle, &queued, 0) != pdTRUE) { + break; // No more packets + } + + // Publish packet (use stored raw data if available) + publishPacket(queued.packet, queued.is_tx, + queued.has_raw_data ? queued.raw_data : nullptr, + queued.has_raw_data ? queued.raw_len : 0, + queued.has_raw_data ? queued.snr : 0.0f, + queued.has_raw_data ? queued.rssi : 0.0f); + + // Publish raw if enabled + if (_raw_enabled) { + publishRaw(queued.packet); + } + + // Free packet memory + // NOTE: PacketManager::free() is not thread-safe, but in practice this should be safe because: + // - Packets are allocated on Core 1 (main loop) and queued immediately + // - Once queued, packets are no longer accessed by Core 1 + // - Packets are only freed here on Core 0 (MQTT task) + // - There's no concurrent access to the same packet instance + // However, concurrent access to PacketManager's internal pool structures could theoretically + // cause issues. If problems occur, consider adding a mutex wrapper around PacketManager operations. + if (queued.packet) { + _mgr->free(queued.packet); + queued.packet = nullptr; + } + + _queue_count--; + processed++; + + // No need for vTaskDelay here - task already yields at end of main loop + } + #else + // Non-ESP32: Use circular buffer + if (_queue_count == 0) { + return; + } + + // Use cached broker connection status to avoid redundant checks + bool has_connected_brokers = _cached_has_brokers || _cached_has_analyzer_servers; + + if (!has_connected_brokers) { + if (_queue_count > 0) { + unsigned long now = millis(); + if (now - _last_no_broker_log > NO_BROKER_LOG_INTERVAL) { + MQTT_DEBUG_PRINTLN("Queue has %d packets but no brokers connected", _queue_count); + _last_no_broker_log = now; + } + } + return; + } + + _last_no_broker_log = 0; + + int processed = 0; + int max_per_loop = 1; + unsigned long loop_start_time = millis(); + const unsigned long MAX_PROCESSING_TIME_MS = 30; + + while (_queue_count > 0 && processed < max_per_loop) { + unsigned long elapsed = millis() - loop_start_time; + if (elapsed > MAX_PROCESSING_TIME_MS) { + break; + } + + QueuedPacket& queued = _packet_queue[_queue_head]; + + publishPacket(queued.packet, queued.is_tx, + queued.has_raw_data ? queued.raw_data : nullptr, + queued.has_raw_data ? queued.raw_len : 0, + queued.has_raw_data ? queued.snr : 0.0f, + queued.has_raw_data ? queued.rssi : 0.0f); + + if (_raw_enabled) { + publishRaw(queued.packet); + } + + if (queued.packet) { + _mgr->free(queued.packet); + queued.packet = nullptr; + } + + dequeuePacket(); + processed++; + } + #endif +} + +bool MQTTBridge::publishStatus() { + // Check if IATA is configured before attempting to publish + if (!isIATAValid()) { + static unsigned long last_iata_warning = 0; + unsigned long now = millis(); + // Only log this warning every 5 minutes to avoid spam + if (now - last_iata_warning > 300000) { + MQTT_DEBUG_PRINTLN("MQTT: Cannot publish status - IATA code not configured (current: '%s'). Please set mqtt.iata via CLI.", _iata); + last_iata_warning = now; + } + return false; + } + + // Memory pressure check: Use same threshold as packet publishes for consistency + // Status publishes should not be skipped more aggressively than packets + #ifdef ESP32 + unsigned long now = millis(); + if (now - _last_memory_check > 5000) { // Check every 5 seconds + size_t max_alloc = ESP.getMaxAllocHeap(); + if (max_alloc < 60000) { // Less than 60KB max alloc = severe fragmentation (same as packets) + static unsigned long last_status_skip_log = 0; + if (now - last_status_skip_log > 300000) { // Log every 5 minutes + MQTT_DEBUG_PRINTLN("MQTT: Skipping status publish due to memory pressure (Max alloc: %d)", max_alloc); + last_status_skip_log = now; + } + return false; // Skip status publish + } + _last_memory_check = now; + } + #endif + + // Use cached destination status to avoid redundant checks + // Note: Connection state is verified in connectToBrokers() which runs before publishStatus() + bool has_custom_brokers = _cached_has_brokers && _config_valid; + bool has_destinations = has_custom_brokers || _cached_has_analyzer_servers; + + if (!has_destinations) { + return false; // No destinations available + } + + // Don't do aggressive pre-check like before - if packets are publishing successfully, + // the connection is likely fine. The actual publish attempt will handle connection issues. + + // Status messages with stats can be larger (~400-500 bytes), so increase buffer size + char json_buffer[768]; // Increased from 512 to accommodate stats object + char origin_id[65]; + char timestamp[32]; + char radio_info[64]; + + // Get current timestamp in ISO 8601 format + struct tm timeinfo; + if (getLocalTime(&timeinfo)) { + strftime(timestamp, sizeof(timestamp), "%Y-%m-%dT%H:%M:%S.000000", &timeinfo); + } else { + strcpy(timestamp, "2024-01-01T12:00:00.000000"); + } + + // Build radio info string (freq,bw,sf,cr) + snprintf(radio_info, sizeof(radio_info), "%.6f,%.1f,%d,%d", + _prefs->freq, _prefs->bw, _prefs->sf, _prefs->cr); + + // Use actual device ID + strncpy(origin_id, _device_id, sizeof(origin_id) - 1); + origin_id[sizeof(origin_id) - 1] = '\0'; + + // Build client version string + char client_version[64]; + getClientVersion(client_version, sizeof(client_version)); + + // Collect stats on-demand if sources are available + int battery_mv = -1; + int uptime_secs = -1; + int errors = -1; + int noise_floor = -999; + int tx_air_secs = -1; + int rx_air_secs = -1; + + if (_board) { + battery_mv = _board->getBattMilliVolts(); + } + if (_ms) { + uptime_secs = _ms->getMillis() / 1000; + } + if (_dispatcher) { + errors = _dispatcher->getErrFlags(); + tx_air_secs = _dispatcher->getTotalAirTime() / 1000; + rx_air_secs = _dispatcher->getReceiveAirTime() / 1000; + } + if (_radio) { + noise_floor = (int16_t)_radio->getNoiseFloor(); + } + + // Build status message with stats + int len = MQTTMessageBuilder::buildStatusMessage( + _origin, + origin_id, + _board_model, // model - now dynamic! + _firmware_version, // firmware version + radio_info, + client_version, // client version + "online", + timestamp, + json_buffer, + sizeof(json_buffer), + battery_mv, + uptime_secs, + errors, + _queue_count, // Use current queue length + noise_floor, + tx_air_secs, + rx_air_secs + ); + + if (len > 0) { + bool published = false; + + // Build topic string once and reuse (optimization: avoid redundant snprintf calls) + char topic[128]; + snprintf(topic, sizeof(topic), "meshcore/%s/%s/status", _iata, _device_id); + size_t json_len = strlen(json_buffer); // Cache length to avoid multiple strlen() calls + + // Publish to all connected custom brokers + // Use same logic as packet publishes for consistency + if (_config_valid && _mqtt_client) { + // Share the same broker URI tracking as packet publishes to avoid sync issues + // Track last broker URI to avoid calling setServer() unnecessarily (memory optimization) + // setServer() may allocate memory, so we only call it when the broker changes + static char last_broker_uri_shared[128] = ""; + + for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { + // Verify broker is actually connected (state might be stale) + if (_brokers[i].enabled && _brokers[i].connected) { + // Check connection state right before publish (like packet publishes do) + if (!_mqtt_client->connected()) { + // Connection lost - mark as disconnected but don't disconnect here + // (packet publishes handle this more gracefully) + _brokers[i].connected = false; + _active_brokers--; + _brokers[i].last_attempt = 0; + _cached_has_brokers = isAnyBrokerConnected(); + continue; + } + + // Build broker URI + char broker_uri[128]; + snprintf(broker_uri, sizeof(broker_uri), "mqtt://%s:%d", _brokers[i].host, _brokers[i].port); + + // Only call setServer() if broker URI changed (reduces memory allocations) + if (strcmp(broker_uri, last_broker_uri_shared) != 0) { + _mqtt_client->setServer(broker_uri); + strncpy(last_broker_uri_shared, broker_uri, sizeof(last_broker_uri_shared) - 1); + last_broker_uri_shared[sizeof(last_broker_uri_shared) - 1] = '\0'; + } + + // Publish with timeout check - don't block if connection is slow + int publish_result = _mqtt_client->publish(topic, 1, true, json_buffer, json_len); + if (publish_result > 0) { + published = true; + } else { + // Publish failed - connection may be stale, force disconnect and mark for reconnect + static unsigned long last_status_publish_fail_log = 0; + unsigned long now = millis(); + if (now - last_status_publish_fail_log > 60000) { // Log every minute max + MQTT_DEBUG_PRINTLN("Status publish failed (result=%d), forcing broker %d reconnect", publish_result, i); + last_status_publish_fail_log = now; + } + // Force disconnect to trigger reconnection + if (_mqtt_client->connected()) { + _mqtt_client->disconnect(); + } + _brokers[i].connected = false; + _active_brokers--; + _brokers[i].last_attempt = 0; // Reset attempt time to allow immediate reconnect + // Update cached broker status + _cached_has_brokers = isAnyBrokerConnected(); + } + } + } + } else if (_config_valid) { + // Connection state is out of sync - mark all brokers as disconnected + // (Same logic as packet publishes) + for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { + if (_brokers[i].enabled && _brokers[i].connected) { + _brokers[i].connected = false; + _active_brokers--; + } + } + _cached_has_brokers = false; + } + + // Always publish to Let's Mesh Analyzer servers if enabled and connected + // Use shared helper function to publish same JSON to both servers (avoids duplication) + // Use same memory threshold as main check (60000) for consistency + if (_cached_has_analyzer_servers) { + #ifdef ESP32 + size_t max_alloc = ESP.getMaxAllocHeap(); + if (max_alloc >= 60000) { // Same threshold as main memory check + #endif + // publishToAnalyzerServers returns true if at least one publish succeeded + if (publishToAnalyzerServers(topic, json_buffer, true)) { // retained=true for status + published = true; + } + #ifdef ESP32 + } + #endif + } + + // Return true if we successfully published to at least one destination + if (published) { + MQTT_DEBUG_PRINTLN("Status published"); + return true; + } + } + + return false; // Failed to build or publish message +} + +void MQTTBridge::publishPacket(mesh::Packet* packet, bool is_tx, + const uint8_t* raw_data, int raw_len, + float snr, float rssi) { + if (!packet) return; + + // Check if IATA is configured before attempting to publish + if (!isIATAValid()) { + static unsigned long last_iata_warning = 0; + unsigned long now = millis(); + // Only log this warning every 5 minutes to avoid spam + if (now - last_iata_warning > 300000) { + MQTT_DEBUG_PRINTLN("MQTT: Cannot publish packet - IATA code not configured (current: '%s'). Please set mqtt.iata via CLI.", _iata); + last_iata_warning = now; + } + return; + } + + // Memory pressure check: Skip publishes when heap is severely fragmented + // This prevents further fragmentation and allows memory to recover + // Threshold: Max alloc < 60KB indicates severe fragmentation + #ifdef ESP32 + unsigned long now = millis(); + if (now - _last_memory_check > 5000) { // Check every 5 seconds + size_t max_alloc = ESP.getMaxAllocHeap(); + if (max_alloc < 60000) { // Less than 60KB max alloc = severe fragmentation + _skipped_publishes++; + static unsigned long last_skip_log = 0; + if (now - last_skip_log > 60000) { // Log every minute + MQTT_DEBUG_PRINTLN("MQTT: Skipping publish due to memory pressure (Max alloc: %d, skipped: %d)", max_alloc, _skipped_publishes); + last_skip_log = now; + } + return; // Skip this publish to allow memory to recover + } + _last_memory_check = now; + } + #endif + + // Size-adaptive buffer: estimate needed size based on packet size + // Most packets are <100 bytes (need ~400 byte JSON), large packets need ~1500 bytes + // Optimized: Use 1024 bytes for most packets, only 2048 for very large packets (>200 bytes) + int packet_size = packet->getRawLength(); + size_t json_buffer_size = (packet_size > 200) ? 2048 : 1024; + // Allocate buffer based on actual needed size to save stack memory + char json_buffer[1024]; // Default to 1024, will handle large packets separately if needed + char json_buffer_large[2048]; // Only used for large packets + char* active_buffer = (packet_size > 200) ? json_buffer_large : json_buffer; + size_t active_buffer_size = (packet_size > 200) ? 2048 : 1024; + char origin_id[65]; + + // Use actual device ID + strncpy(origin_id, _device_id, sizeof(origin_id) - 1); + origin_id[sizeof(origin_id) - 1] = '\0'; + + // Build packet message using raw radio data if provided + // Use size-adaptive buffer size based on actual packet size + int len; + if (raw_data && raw_len > 0) { + // Use provided raw radio data + len = MQTTMessageBuilder::buildPacketJSONFromRaw( + raw_data, raw_len, packet, is_tx, _origin, origin_id, + snr, rssi, _timezone, active_buffer, active_buffer_size + ); + } else if (_last_raw_len > 0 && (millis() - _last_raw_timestamp) < 1000) { + // Fallback to global raw radio data (within 1 second of packet) + len = MQTTMessageBuilder::buildPacketJSONFromRaw( + _last_raw_data, _last_raw_len, packet, is_tx, _origin, origin_id, + _last_snr, _last_rssi, _timezone, active_buffer, active_buffer_size + ); + } else { + // Fallback to reconstructed packet data + len = MQTTMessageBuilder::buildPacketJSON( + packet, is_tx, _origin, origin_id, _timezone, active_buffer, active_buffer_size + ); + } + + if (len > 0) { + // Build topic string once and reuse (optimization: avoid redundant snprintf calls) + char topic[128]; + snprintf(topic, sizeof(topic), "meshcore/%s/%s/packets", _iata, _device_id); + size_t json_len = strlen(active_buffer); // Cache length to avoid multiple strlen() calls + + // Publish to custom brokers (only if config is valid) + // Double-check client is actually connected before attempting publish + if (_config_valid && _mqtt_client && _mqtt_client->connected()) { + // Track last broker URI to avoid calling setServer() unnecessarily (memory optimization) + // setServer() may allocate memory, so we only call it when the broker changes + static char last_broker_uri[128] = ""; + + for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { + // Verify broker is actually connected (state might be stale) + if (_brokers[i].enabled && _brokers[i].connected && _mqtt_client->connected()) { + // Build broker URI + char broker_uri[128]; + snprintf(broker_uri, sizeof(broker_uri), "mqtt://%s:%d", _brokers[i].host, _brokers[i].port); + + // Only call setServer() if broker URI changed (reduces memory allocations) + if (strcmp(broker_uri, last_broker_uri) != 0) { + _mqtt_client->setServer(broker_uri); + strncpy(last_broker_uri, broker_uri, sizeof(last_broker_uri) - 1); + last_broker_uri[sizeof(last_broker_uri) - 1] = '\0'; + } + + // Publish with timeout check - don't block if connection is slow + // This prevents blocking the main loop when MQTT broker is slow or unresponsive + int publish_result = _mqtt_client->publish(topic, 1, false, active_buffer, json_len); // qos=1, retained=false + if (publish_result <= 0) { + // Publish failed - connection may be stale, force disconnect and mark for reconnect + static unsigned long last_publish_fail_log = 0; + unsigned long now = millis(); + if (now - last_publish_fail_log > 60000) { // Log every minute max + MQTT_DEBUG_PRINTLN("Publish failed (result=%d), forcing broker %d reconnect", publish_result, i); + last_publish_fail_log = now; + } + // Force disconnect to trigger reconnection + if (_mqtt_client->connected()) { + _mqtt_client->disconnect(); + } + _brokers[i].connected = false; + _active_brokers--; + _brokers[i].last_attempt = 0; // Reset attempt time to allow immediate reconnect + // Update cached broker status + _cached_has_brokers = isAnyBrokerConnected(); + } + } + } + } else if (_config_valid) { + // Connection state is out of sync - mark all brokers as disconnected + for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { + if (_brokers[i].enabled && _brokers[i].connected) { + _brokers[i].connected = false; + _active_brokers--; + } + } + } + + // Always publish to Let's Mesh Analyzer servers (independent of custom broker config) + // Skip analyzer servers if memory is severely fragmented (they're less critical than custom brokers) + #ifdef ESP32 + size_t max_alloc = ESP.getMaxAllocHeap(); + if (max_alloc >= 60000) { // Only publish to analyzer servers if memory is OK + publishToAnalyzerServers(topic, json_buffer, false); + } + #else + publishToAnalyzerServers(topic, json_buffer, false); + #endif + } else { + // Debug: log when packet message building fails + uint8_t packet_type = packet->getPayloadType(); + if (packet_type == 4 || packet_type == 9) { // ADVERT or TRACE + MQTT_DEBUG_PRINTLN("Failed to build packet JSON for type=%d (len=%d), packet not published", packet_type, len); + } + } +} + +void MQTTBridge::publishRaw(mesh::Packet* packet) { + if (!packet) return; + + // Check if IATA is configured before attempting to publish + if (!isIATAValid()) { + static unsigned long last_iata_warning = 0; + unsigned long now = millis(); + // Only log this warning every 5 minutes to avoid spam + if (now - last_iata_warning > 300000) { + MQTT_DEBUG_PRINTLN("MQTT: Cannot publish raw packet - IATA code not configured (current: '%s'). Please set mqtt.iata via CLI.", _iata); + last_iata_warning = now; + } + return; + } + + // Size-adaptive buffer for raw JSON: use 1024 for most packets, 2048 for large ones + int packet_size = packet->getRawLength(); + char json_buffer[1024]; // Default to 1024, will handle large packets separately if needed + char json_buffer_large[2048]; // Only used for large packets + char* active_buffer = (packet_size > 200) ? json_buffer_large : json_buffer; + size_t active_buffer_size = (packet_size > 200) ? 2048 : 1024; + char origin_id[65]; + + // Use actual device ID + strncpy(origin_id, _device_id, sizeof(origin_id) - 1); + origin_id[sizeof(origin_id) - 1] = '\0'; + + // Build raw message + int len = MQTTMessageBuilder::buildRawJSON( + packet, _origin, origin_id, _timezone, active_buffer, active_buffer_size + ); + + if (len > 0) { + // Build topic string once and reuse (optimization: avoid redundant snprintf calls) + char topic[128]; + snprintf(topic, sizeof(topic), "meshcore/%s/%s/raw", _iata, _device_id); + size_t json_len = strlen(active_buffer); // Cache length to avoid multiple strlen() calls + + // Publish to custom brokers (only if config is valid) + // Double-check client is actually connected before attempting publish + if (_config_valid && _mqtt_client && _mqtt_client->connected()) { + // Track last broker URI to avoid calling setServer() unnecessarily (memory optimization) + // setServer() may allocate memory, so we only call it when the broker changes + static char last_broker_uri_raw[128] = ""; + + for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { + // Verify broker is actually connected (state might be stale) + if (_brokers[i].enabled && _brokers[i].connected && _mqtt_client->connected()) { + // Build broker URI + char broker_uri[128]; + snprintf(broker_uri, sizeof(broker_uri), "mqtt://%s:%d", _brokers[i].host, _brokers[i].port); + + // Only call setServer() if broker URI changed (reduces memory allocations) + if (strcmp(broker_uri, last_broker_uri_raw) != 0) { + _mqtt_client->setServer(broker_uri); + strncpy(last_broker_uri_raw, broker_uri, sizeof(last_broker_uri_raw) - 1); + last_broker_uri_raw[sizeof(last_broker_uri_raw) - 1] = '\0'; + } + + // Publish with timeout check - don't block if connection is slow + int publish_result = _mqtt_client->publish(topic, 1, false, active_buffer, json_len); // qos=1, retained=false + if (publish_result <= 0) { + // Publish failed - connection may be stale, force disconnect and mark for reconnect + static unsigned long last_raw_publish_fail_log = 0; + unsigned long now = millis(); + if (now - last_raw_publish_fail_log > 60000) { // Log every minute max + MQTT_DEBUG_PRINTLN("Raw publish failed (result=%d), forcing broker %d reconnect", publish_result, i); + last_raw_publish_fail_log = now; + } + // Force disconnect to trigger reconnection + if (_mqtt_client->connected()) { + _mqtt_client->disconnect(); + } + _brokers[i].connected = false; + _active_brokers--; + _brokers[i].last_attempt = 0; // Reset attempt time to allow immediate reconnect + // Update cached broker status + _cached_has_brokers = isAnyBrokerConnected(); + } + } + } + } + + // Always publish to Let's Mesh Analyzer servers (independent of custom broker config) + // Skip analyzer servers if memory is severely fragmented (they're less critical than custom brokers) + #ifdef ESP32 + size_t max_alloc = ESP.getMaxAllocHeap(); + if (max_alloc >= 60000) { // Only publish to analyzer servers if memory is OK + publishToAnalyzerServers(topic, active_buffer, false); + } + #else + publishToAnalyzerServers(topic, active_buffer, false); + #endif + } +} + +void MQTTBridge::queuePacket(mesh::Packet* packet, bool is_tx) { + #ifdef ESP_PLATFORM + // Use FreeRTOS queue for thread-safe operation + if (_packet_queue_handle == nullptr) { + return; // Queue not initialized + } + + QueuedPacket queued; + memset(&queued, 0, sizeof(QueuedPacket)); + + queued.packet = packet; + queued.timestamp = millis(); + queued.is_tx = is_tx; + queued.has_raw_data = false; + + // Capture raw radio data with mutex protection + // Use non-blocking mutex to prevent Core 1 from blocking - if mutex is busy, skip raw data + if (!is_tx) { + if (xSemaphoreTake(_raw_data_mutex, 0) == pdTRUE) { + unsigned long current_time = millis(); + if (_last_raw_len > 0 && (current_time - _last_raw_timestamp) < 1000) { + if (_last_raw_len <= sizeof(queued.raw_data)) { + memcpy(queued.raw_data, _last_raw_data, _last_raw_len); + queued.raw_len = _last_raw_len; + queued.snr = _last_snr; + queued.rssi = _last_rssi; + queued.has_raw_data = true; + } + } + xSemaphoreGive(_raw_data_mutex); + } + // If mutex unavailable, packet is queued without raw data (acceptable trade-off for responsiveness) + } + + // Try to send to queue (non-blocking) + if (xQueueSend(_packet_queue_handle, &queued, 0) != pdTRUE) { + // Queue full - try to remove oldest packet + QueuedPacket oldest; + if (xQueueReceive(_packet_queue_handle, &oldest, 0) == pdTRUE) { + if (oldest.packet) { + MQTT_DEBUG_PRINTLN("Queue full, dropping oldest packet"); + _mgr->free(oldest.packet); + } + // Now try to send again + if (xQueueSend(_packet_queue_handle, &queued, 0) != pdTRUE) { + MQTT_DEBUG_PRINTLN("Failed to queue packet after dropping oldest"); + return; + } + } else { + MQTT_DEBUG_PRINTLN("Queue full and cannot remove oldest packet"); + return; + } + } + + // Update queue count (approximate, since we can't atomically update it) + UBaseType_t queue_messages = uxQueueMessagesWaiting(_packet_queue_handle); + _queue_count = queue_messages; + #else + // Non-ESP32: Use circular buffer + if (_queue_count >= MAX_QUEUE_SIZE) { + QueuedPacket& oldest = _packet_queue[_queue_head]; + if (oldest.packet) { + MQTT_DEBUG_PRINTLN("Queue full, dropping oldest packet (queue size: %d)", _queue_count); + _mgr->free(oldest.packet); + oldest.packet = nullptr; + } + dequeuePacket(); + } + + QueuedPacket& queued = _packet_queue[_queue_tail]; + memset(&queued, 0, sizeof(QueuedPacket)); + + queued.packet = packet; + queued.timestamp = millis(); + queued.is_tx = is_tx; + queued.has_raw_data = false; + + if (!is_tx && _last_raw_len > 0 && (millis() - _last_raw_timestamp) < 1000) { + if (_last_raw_len <= sizeof(queued.raw_data)) { + memcpy(queued.raw_data, _last_raw_data, _last_raw_len); + queued.raw_len = _last_raw_len; + queued.snr = _last_snr; + queued.rssi = _last_rssi; + queued.has_raw_data = true; + } + } + + _queue_tail = (_queue_tail + 1) % MAX_QUEUE_SIZE; + _queue_count++; + #endif +} + +void MQTTBridge::dequeuePacket() { + #ifdef ESP_PLATFORM + // On ESP32, dequeuePacket() is not used - we use FreeRTOS queue operations directly + // This method should never be called on ESP32 + return; + #else + // Non-ESP32: Use circular buffer + if (_queue_count == 0) return; + + // Clear the dequeued packet structure to free memory and prevent stale data + QueuedPacket& dequeued = _packet_queue[_queue_head]; + memset(&dequeued, 0, sizeof(QueuedPacket)); + dequeued.has_raw_data = false; // Explicitly set after memset + + _queue_head = (_queue_head + 1) % MAX_QUEUE_SIZE; + _queue_count--; + #endif +} + +bool MQTTBridge::isAnyBrokerConnected() { + for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { + if (_brokers[i].enabled && _brokers[i].connected) { + return true; + } + } + return false; +} + +void MQTTBridge::setBrokerDefaults() { + for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { + memset(&_brokers[i], 0, sizeof(MQTTBroker)); + _brokers[i].port = 1883; + _brokers[i].qos = 0; + _brokers[i].enabled = false; + _brokers[i].connected = false; + _brokers[i].reconnect_interval = 5000; // 5 seconds + } +} + +void MQTTBridge::setBroker(int broker_index, const char* host, uint16_t port, + const char* username, const char* password, bool enabled) { + if (broker_index < 0 || broker_index >= MAX_MQTT_BROKERS_COUNT) return; + + MQTTBroker& broker = _brokers[broker_index]; + strncpy(broker.host, host, sizeof(broker.host) - 1); + broker.port = port; + strncpy(broker.username, username, sizeof(broker.username) - 1); + strncpy(broker.password, password, sizeof(broker.password) - 1); + broker.enabled = enabled; + broker.connected = false; + broker.reconnect_interval = 5000; +} + +void MQTTBridge::setOrigin(const char* origin) { + strncpy(_origin, origin, sizeof(_origin) - 1); + _origin[sizeof(_origin) - 1] = '\0'; +} + +void MQTTBridge::setIATA(const char* iata) { + strncpy(_iata, iata, sizeof(_iata) - 1); + _iata[sizeof(_iata) - 1] = '\0'; + // Convert IATA code to uppercase (IATA codes are conventionally uppercase) + for (int i = 0; _iata[i]; i++) { + _iata[i] = toupper(_iata[i]); + } +} + +void MQTTBridge::setDeviceID(const char* device_id) { + strncpy(_device_id, device_id, sizeof(_device_id) - 1); + _device_id[sizeof(_device_id) - 1] = '\0'; + MQTT_DEBUG_PRINTLN("Device ID set to: %s", _device_id); +} + +void MQTTBridge::setFirmwareVersion(const char* firmware_version) { + strncpy(_firmware_version, firmware_version, sizeof(_firmware_version) - 1); + _firmware_version[sizeof(_firmware_version) - 1] = '\0'; +} + +void MQTTBridge::setBoardModel(const char* board_model) { + strncpy(_board_model, board_model, sizeof(_board_model) - 1); + _board_model[sizeof(_board_model) - 1] = '\0'; +} + +void MQTTBridge::setBuildDate(const char* build_date) { + strncpy(_build_date, build_date, sizeof(_build_date) - 1); + _build_date[sizeof(_build_date) - 1] = '\0'; +} + +void MQTTBridge::storeRawRadioData(const uint8_t* raw_data, int len, float snr, float rssi) { + if (len > 0 && len <= sizeof(_last_raw_data)) { + #ifdef ESP_PLATFORM + // Protect with mutex for thread-safe access + if (_raw_data_mutex != nullptr && xSemaphoreTake(_raw_data_mutex, pdMS_TO_TICKS(100)) == pdTRUE) { + memcpy(_last_raw_data, raw_data, len); + _last_raw_len = len; + _last_snr = snr; + _last_rssi = rssi; + _last_raw_timestamp = millis(); + xSemaphoreGive(_raw_data_mutex); + MQTT_DEBUG_PRINTLN("Stored raw radio data: %d bytes, SNR=%.1f, RSSI=%.1f", len, snr, rssi); + } + #else + memcpy(_last_raw_data, raw_data, len); + _last_raw_len = len; + _last_snr = snr; + _last_rssi = rssi; + _last_raw_timestamp = millis(); + MQTT_DEBUG_PRINTLN("Stored raw radio data: %d bytes, SNR=%.1f, RSSI=%.1f", len, snr, rssi); + #endif + } +} + +void MQTTBridge::setupAnalyzerServers() { + // Update analyzer server settings from preferences + bool previous_us_enabled = _analyzer_us_enabled; + bool previous_eu_enabled = _analyzer_eu_enabled; + + _analyzer_us_enabled = _prefs->mqtt_analyzer_us_enabled; + _analyzer_eu_enabled = _prefs->mqtt_analyzer_eu_enabled; + + MQTT_DEBUG_PRINTLN("Analyzer servers - US: %s, EU: %s", + _analyzer_us_enabled ? "enabled" : "disabled", + _analyzer_eu_enabled ? "enabled" : "disabled"); + + // Create authentication token if any analyzer servers are enabled + // Only create tokens if WiFi is connected and NTP is synced (to ensure correct timestamps) + if (_analyzer_us_enabled || _analyzer_eu_enabled) { + if (WiFi.status() == WL_CONNECTED && _ntp_synced) { + if (createAuthToken()) { + MQTT_DEBUG_PRINTLN("Created authentication token for analyzer servers"); + // Update client credentials with new tokens if clients exist + if (_analyzer_us_enabled && _analyzer_us_client && strlen(_auth_token_us) > 0) { + _analyzer_us_client->setCredentials(_analyzer_username, _auth_token_us); + } + if (_analyzer_eu_enabled && _analyzer_eu_client && strlen(_auth_token_eu) > 0) { + _analyzer_eu_client->setCredentials(_analyzer_username, _auth_token_eu); + } + } else { + MQTT_DEBUG_PRINTLN("Failed to create authentication token"); + } + } else { + MQTT_DEBUG_PRINTLN("Deferring JWT token creation - WiFi: %s, NTP: %s", + (WiFi.status() == WL_CONNECTED) ? "connected" : "disconnected", + _ntp_synced ? "synced" : "not synced"); + } + } + + // If settings changed and bridge is already initialized, recreate clients + // This handles the case where settings change after initialization + if (_initialized && (previous_us_enabled != _analyzer_us_enabled || previous_eu_enabled != _analyzer_eu_enabled)) { + MQTT_DEBUG_PRINTLN("Analyzer server settings changed - recreating clients"); + setupAnalyzerClients(); + } +} + +bool MQTTBridge::createAuthToken() { + if (!_identity) { + MQTT_DEBUG_PRINTLN("No identity for auth token"); + return false; + } + + // Create username in the format: v1_{UPPERCASE_PUBLIC_KEY} + char public_key_hex[65]; + mesh::Utils::toHex(public_key_hex, _identity->pub_key, PUB_KEY_SIZE); + snprintf(_analyzer_username, sizeof(_analyzer_username), "v1_%s", public_key_hex); + + bool us_token_created = false; + bool eu_token_created = false; + + unsigned long current_time = time(nullptr); + unsigned long expires_in = 86400; // 24 hours + bool time_synced = (current_time >= 1000000000); + + // Prepare owner public key (if set) - convert to uppercase hex + const char* owner_key = nullptr; + char owner_key_uppercase[65]; + if (_prefs->mqtt_owner_public_key[0] != '\0') { + strncpy(owner_key_uppercase, _prefs->mqtt_owner_public_key, sizeof(owner_key_uppercase) - 1); + owner_key_uppercase[sizeof(owner_key_uppercase) - 1] = '\0'; + for (int i = 0; owner_key_uppercase[i]; i++) { + owner_key_uppercase[i] = toupper(owner_key_uppercase[i]); + } + owner_key = owner_key_uppercase; + } + + char client_version[64]; + getClientVersion(client_version, sizeof(client_version)); + + const char* email = (_prefs->mqtt_email[0] != '\0') ? _prefs->mqtt_email : nullptr; + + // Create JWT token for US server + if (_analyzer_us_enabled) { + if (JWTHelper::createAuthToken( + *_identity, "mqtt-us-v1.letsmesh.net", + 0, expires_in, _auth_token_us, sizeof(_auth_token_us), + owner_key, client_version, email)) { + us_token_created = true; + _token_us_expires_at = time_synced ? (current_time + expires_in) : 0; + } else { + MQTT_DEBUG_PRINTLN("Failed to create US token"); + _token_us_expires_at = 0; + } + } + + // Create JWT token for EU server + if (_analyzer_eu_enabled) { + if (JWTHelper::createAuthToken( + *_identity, "mqtt-eu-v1.letsmesh.net", + 0, expires_in, _auth_token_eu, sizeof(_auth_token_eu), + owner_key, client_version, email)) { + eu_token_created = true; + _token_eu_expires_at = time_synced ? (current_time + expires_in) : 0; + } else { + MQTT_DEBUG_PRINTLN("Failed to create EU token"); + _token_eu_expires_at = 0; + } + } + + if (us_token_created || eu_token_created) { + MQTT_DEBUG_PRINTLN("Auth tokens created (US:%s EU:%s)", + us_token_created ? "yes" : "no", eu_token_created ? "yes" : "no"); + } + + return us_token_created || eu_token_created; +} + +bool MQTTBridge::publishToAnalyzerServers(const char* topic, const char* payload, bool retained) { + if (!_analyzer_us_enabled && !_analyzer_eu_enabled) return false; + + bool published = false; + + // Publish to US server if enabled + if (_analyzer_us_enabled && _analyzer_us_client) { + if (publishToAnalyzerClient(_analyzer_us_client, topic, payload, retained)) { + published = true; + } + } + + // Publish to EU server if enabled + if (_analyzer_eu_enabled && _analyzer_eu_client) { + if (publishToAnalyzerClient(_analyzer_eu_client, topic, payload, retained)) { + published = true; + } + } + + return published; // Return true if at least one publish succeeded +} + +// Google Trust Services - GTS Root R4 +const char* GTS_ROOT_R4 = + "-----BEGIN CERTIFICATE-----\n" + "MIIDejCCAmKgAwIBAgIQf+UwvzMTQ77dghYQST2KGzANBgkqhkiG9w0BAQsFADBX\n" + "MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UE\n" + "CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIzMTEx\n" + "NTAzNDMyMVoXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoT\n" + "GUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFI0\n" + "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE83Rzp2iLYK5DuDXFgTB7S0md+8Fhzube\n" + "Rr1r1WEYNa5A3XP3iZEwWus87oV8okB2O6nGuEfYKueSkWpz6bFyOZ8pn6KY019e\n" + "WIZlD6GEZQbR3IvJx3PIjGov5cSr0R2Ko4H/MIH8MA4GA1UdDwEB/wQEAwIBhjAd\n" + "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAd\n" + "BgNVHQ4EFgQUgEzW63T/STaj1dj8tT7FavCUHYwwHwYDVR0jBBgwFoAUYHtmGkUN\n" + "l8qJUC99BM00qP/8/UswNgYIKwYBBQUHAQEEKjAoMCYGCCsGAQUFBzAChhpodHRw\n" + "Oi8vaS5wa2kuZ29vZy9nc3IxLmNydDAtBgNVHR8EJjAkMCKgIKAehhxodHRwOi8v\n" + "Yy5wa2kuZ29vZy9yL2dzcjEuY3JsMBMGA1UdIAQMMAowCAYGZ4EMAQIBMA0GCSqG\n" + "SIb3DQEBCwUAA4IBAQAYQrsPBtYDh5bjP2OBDwmkoWhIDDkic574y04tfzHpn+cJ\n" + "odI2D4SseesQ6bDrarZ7C30ddLibZatoKiws3UL9xnELz4ct92vID24FfVbiI1hY\n" + "+SW6FoVHkNeWIP0GCbaM4C6uVdF5dTUsMVs/ZbzNnIdCp5Gxmx5ejvEau8otR/Cs\n" + "kGN+hr/W5GvT1tMBjgWKZ1i4//emhA1JG1BbPzoLJQvyEotc03lXjTaCzv8mEbep\n" + "8RqZ7a2CPsgRbuvTPBwcOMBBmuFeU88+FSBX6+7iP0il8b4Z0QFqIwwMHfs/L6K1\n" + "vepuoxtGzi4CZ68zJpiq1UvSqTbFJjtbD4seiMHl\n" + "-----END CERTIFICATE-----\n"; + +void MQTTBridge::setupAnalyzerClients() { + MQTT_DEBUG_PRINTLN("Setting up PsychicMqttClient WebSocket clients..."); + MQTT_DEBUG_PRINTLN("Analyzer servers - US: %s, EU: %s", + _analyzer_us_enabled ? "enabled" : "disabled", + _analyzer_eu_enabled ? "enabled" : "disabled"); + + // Clean up existing clients if they're no longer enabled + // This handles the case where settings change after initialization + if (!_analyzer_us_enabled && _analyzer_us_client) { + MQTT_DEBUG_PRINTLN("US analyzer disabled - cleaning up client"); + _analyzer_us_client->disconnect(); + delete _analyzer_us_client; + _analyzer_us_client = nullptr; + } + + if (!_analyzer_eu_enabled && _analyzer_eu_client) { + MQTT_DEBUG_PRINTLN("EU analyzer disabled - cleaning up client"); + _analyzer_eu_client->disconnect(); + delete _analyzer_eu_client; + _analyzer_eu_client = nullptr; + } + + if (!_analyzer_us_enabled && !_analyzer_eu_enabled) { + MQTT_DEBUG_PRINTLN("No analyzer servers enabled, skipping PsychicMqttClient setup"); + return; + } + + // Setup US server client (only if enabled and doesn't already exist) + if (_analyzer_us_enabled && !_analyzer_us_client) { + _analyzer_us_client = new PsychicMqttClient(); + + // Optimize MQTT client configuration for memory efficiency + // Analyzer clients use 768-byte JWT tokens, need larger buffer for CONNECT message + optimizeMqttClientConfig(_analyzer_us_client, true); + + // Set up event callbacks for US server + _analyzer_us_client->onConnect([this](bool sessionPresent) { + MQTT_DEBUG_PRINTLN("Connected to US analyzer"); + // Update cached analyzer server status + _cached_has_analyzer_servers = (_analyzer_us_enabled && _analyzer_us_client && _analyzer_us_client->connected()) || + (_analyzer_eu_enabled && _analyzer_eu_client && _analyzer_eu_client->connected()); + publishStatusToAnalyzerClient(_analyzer_us_client, "mqtt-us-v1.letsmesh.net"); + }); + + _analyzer_us_client->onDisconnect([this](bool sessionPresent) { + MQTT_DEBUG_PRINTLN("Disconnected from US analyzer"); + // Update cached analyzer server status + _cached_has_analyzer_servers = (_analyzer_us_enabled && _analyzer_us_client && _analyzer_us_client->connected()) || + (_analyzer_eu_enabled && _analyzer_eu_client && _analyzer_eu_client->connected()); + }); + + _analyzer_us_client->onError([this](esp_mqtt_error_codes error) { + MQTT_DEBUG_PRINTLN("US analyzer error: type=%d, code=%d", error.error_type, error.connect_return_code); + }); + + _analyzer_us_client->setServer("wss://mqtt-us-v1.letsmesh.net:443/mqtt"); + _analyzer_us_client->setCredentials(_analyzer_username, _auth_token_us); + _analyzer_us_client->setCACert(GTS_ROOT_R4); + + if (WiFi.status() == WL_CONNECTED && _ntp_synced) { + _analyzer_us_client->connect(); + } + } + + // Setup EU server client (only if enabled and doesn't already exist) + if (_analyzer_eu_enabled && !_analyzer_eu_client) { + _analyzer_eu_client = new PsychicMqttClient(); + + // Optimize MQTT client configuration for memory efficiency + // Analyzer clients use 768-byte JWT tokens, need larger buffer for CONNECT message + optimizeMqttClientConfig(_analyzer_eu_client, true); + + // Set up event callbacks for EU server + _analyzer_eu_client->onConnect([this](bool sessionPresent) { + MQTT_DEBUG_PRINTLN("Connected to EU analyzer"); + // Update cached analyzer server status + _cached_has_analyzer_servers = (_analyzer_us_enabled && _analyzer_us_client && _analyzer_us_client->connected()) || + (_analyzer_eu_enabled && _analyzer_eu_client && _analyzer_eu_client->connected()); + publishStatusToAnalyzerClient(_analyzer_eu_client, "mqtt-eu-v1.letsmesh.net"); + }); + + _analyzer_eu_client->onDisconnect([this](bool sessionPresent) { + MQTT_DEBUG_PRINTLN("Disconnected from EU analyzer"); + // Update cached analyzer server status + _cached_has_analyzer_servers = (_analyzer_us_enabled && _analyzer_us_client && _analyzer_us_client->connected()) || + (_analyzer_eu_enabled && _analyzer_eu_client && _analyzer_eu_client->connected()); + }); + + _analyzer_eu_client->onError([this](esp_mqtt_error_codes error) { + MQTT_DEBUG_PRINTLN("EU analyzer error: type=%d, code=%d", error.error_type, error.connect_return_code); + }); + + _analyzer_eu_client->setServer("wss://mqtt-eu-v1.letsmesh.net:443/mqtt"); + _analyzer_eu_client->setCredentials(_analyzer_username, _auth_token_eu); + _analyzer_eu_client->setCACert(GTS_ROOT_R4); + + if (WiFi.status() == WL_CONNECTED && _ntp_synced) { + _analyzer_eu_client->connect(); + } + } +} + +bool MQTTBridge::publishToAnalyzerClient(PsychicMqttClient* client, const char* topic, const char* payload, bool retained) { + if (!client) { + return false; // Don't log null client - this is expected if analyzer is disabled + } + + if (!client->connected()) { + // Throttle log spam - only log periodically for each analyzer server + unsigned long now = millis(); + bool should_log = false; + + if (client == _analyzer_us_client && (now - _last_analyzer_us_log > ANALYZER_LOG_INTERVAL)) { + should_log = true; + _last_analyzer_us_log = now; + } else if (client == _analyzer_eu_client && (now - _last_analyzer_eu_log > ANALYZER_LOG_INTERVAL)) { + should_log = true; + _last_analyzer_eu_log = now; + } + + if (should_log) { + MQTT_DEBUG_PRINTLN("PsychicMqttClient not connected - skipping publish to topic: %s", topic); + } + return false; + } + + // Reset log timer when connected + if (client == _analyzer_us_client) { + _last_analyzer_us_log = 0; + } else if (client == _analyzer_eu_client) { + _last_analyzer_eu_log = 0; + } + + int result = client->publish(topic, 1, retained, payload, strlen(payload)); + if (result <= 0) { + static unsigned long last_analyzer_publish_fail_log = 0; + unsigned long now = millis(); + if (now - last_analyzer_publish_fail_log > 60000) { // Log every minute max + MQTT_DEBUG_PRINTLN("Analyzer publish failed (result=%d)", result); + last_analyzer_publish_fail_log = now; + } + return false; + } + + return true; // Publish succeeded +} + +void MQTTBridge::publishStatusToAnalyzerClient(PsychicMqttClient* client, const char* server_name) { + if (!client || !client->connected()) { + return; + } + + // Check if IATA is configured before attempting to publish + if (!isIATAValid()) { + static unsigned long last_iata_warning = 0; + unsigned long now = millis(); + // Only log this warning every 5 minutes to avoid spam + if (now - last_iata_warning > 300000) { + MQTT_DEBUG_PRINTLN("MQTT: Cannot publish status to analyzer - IATA code not configured (current: '%s'). Please set mqtt.iata via CLI.", _iata); + last_iata_warning = now; + } + return; + } + + // Create status message + char status_topic[128]; + snprintf(status_topic, sizeof(status_topic), "meshcore/%s/%s/status", _iata, _device_id); + + // Build proper status message using MQTTMessageBuilder + // Status messages with stats can be larger (~400-500 bytes) + char json_buffer[768]; // Increased from 512 to accommodate stats object + char origin_id[65]; + char timestamp[32]; + char radio_info[64]; + + // Get current timestamp in ISO 8601 format + struct tm timeinfo; + if (getLocalTime(&timeinfo)) { + strftime(timestamp, sizeof(timestamp), "%Y-%m-%dT%H:%M:%S.000000", &timeinfo); + } else { + strcpy(timestamp, "2024-01-01T12:00:00.000000"); + } + + // Build radio info string (freq,bw,sf,cr) + snprintf(radio_info, sizeof(radio_info), "%.6f,%.1f,%d,%d", + _prefs->freq, _prefs->bw, _prefs->sf, _prefs->cr); + + // Use actual device ID + strncpy(origin_id, _device_id, sizeof(origin_id) - 1); + origin_id[sizeof(origin_id) - 1] = '\0'; + + // Build client version string + char client_version[64]; + getClientVersion(client_version, sizeof(client_version)); + + // Collect stats on-demand if sources are available + int battery_mv = -1; + int uptime_secs = -1; + int errors = -1; + int noise_floor = -999; + int tx_air_secs = -1; + int rx_air_secs = -1; + + if (_board) { + battery_mv = _board->getBattMilliVolts(); + } + if (_ms) { + uptime_secs = _ms->getMillis() / 1000; + } + if (_dispatcher) { + errors = _dispatcher->getErrFlags(); + tx_air_secs = _dispatcher->getTotalAirTime() / 1000; + rx_air_secs = _dispatcher->getReceiveAirTime() / 1000; + } + if (_radio) { + noise_floor = (int16_t)_radio->getNoiseFloor(); + } + + // Build status message using MQTTMessageBuilder with stats + int len = MQTTMessageBuilder::buildStatusMessage( + _origin, + origin_id, + _board_model, // model + _firmware_version, // firmware version + radio_info, + client_version, // client version + "online", + timestamp, + json_buffer, + sizeof(json_buffer), + battery_mv, + uptime_secs, + errors, + _queue_count, // Use current queue length + noise_floor, + tx_air_secs, + rx_air_secs + ); + + if (len > 0) { + int result = client->publish(status_topic, 1, true, json_buffer, strlen(json_buffer)); + if (result <= 0) { + MQTT_DEBUG_PRINTLN("Status publish to %s failed", server_name); + } + } +} + +void MQTTBridge::maintainAnalyzerConnections() { + if (!_identity) { + return; + } + + // Check WiFi status first - don't attempt MQTT reconnection if WiFi is disconnected + if (WiFi.status() != WL_CONNECTED) { + return; + } + + // Check NTP sync status - JWT tokens require valid timestamps + if (!_ntp_synced) { + return; + } + + // Create JWT tokens if they don't exist yet and conditions are met + if ((_analyzer_us_enabled || _analyzer_eu_enabled) && + (strlen(_auth_token_us) == 0 && strlen(_auth_token_eu) == 0)) { + if (createAuthToken()) { + if (_analyzer_us_enabled && _analyzer_us_client && strlen(_auth_token_us) > 0) { + _analyzer_us_client->setCredentials(_analyzer_username, _auth_token_us); + if (!_analyzer_us_client->connected()) { + _analyzer_us_client->connect(); + } + } + if (_analyzer_eu_enabled && _analyzer_eu_client && strlen(_auth_token_eu) > 0) { + _analyzer_eu_client->setCredentials(_analyzer_username, _auth_token_eu); + if (!_analyzer_eu_client->connected()) { + _analyzer_eu_client->connect(); + } + } + } + } + + unsigned long current_time = time(nullptr); + // If time is not synced (time() returns 0 or very small value), skip expiration checks + // Tokens will still work but we can't track expiration properly + // If expiration time was set before time sync, it will be a small value, so we'll renew + bool time_synced = (current_time >= 1000000000); // After year 2001 + + const unsigned long RENEWAL_BUFFER = 60; // Renew tokens 60 seconds before expiration (minimal buffer to avoid downtime) + const unsigned long DISCONNECT_THRESHOLD = 60; // Only disconnect if token expires within 60 seconds + const unsigned long RENEWAL_THROTTLE_MS = 60000; // Don't attempt renewal more than once per minute + const unsigned long RECONNECT_THROTTLE_MS = 60000; // Don't attempt reconnection more than once per minute + + unsigned long now_millis = millis(); + + // Check and renew US server token if needed + if (_analyzer_us_enabled && _analyzer_us_client) { + // Check if token is expired or will expire soon + // Only check expiration if time is synced - if time isn't synced, we can't validate expiration + // If time wasn't synced when token was created, expiration time will be invalid (< 1000000000), so renew when time syncs + bool token_needs_renewal = false; + if (!time_synced) { + // Time not synced yet - only renew if token is missing (expires_at == 0) + // Don't renew if token exists but expiration is invalid - wait for time sync + token_needs_renewal = (_token_us_expires_at == 0); + } else { + // Time is synced - check if token needs renewal + token_needs_renewal = (_token_us_expires_at == 0) || + !(_token_us_expires_at >= 1000000000) || // Expiration time invalid (created before time sync) + (current_time >= _token_us_expires_at) || + (current_time >= (_token_us_expires_at - RENEWAL_BUFFER)); + } + + // Throttle renewal attempts - don't try more than once per minute to avoid blocking + bool can_attempt_renewal = (now_millis - _last_token_renewal_attempt_us) >= RENEWAL_THROTTLE_MS; + + // Check if client is disconnected and needs reconnection with new token + bool needs_reconnect = !_analyzer_us_client->connected(); + + if (token_needs_renewal && can_attempt_renewal) { + _last_token_renewal_attempt_us = now_millis; + + // Prepare owner public key (if set) - convert to uppercase hex + const char* owner_key = nullptr; + char owner_key_uppercase[65]; + if (_prefs->mqtt_owner_public_key[0] != '\0') { + // Copy and convert to uppercase + strncpy(owner_key_uppercase, _prefs->mqtt_owner_public_key, sizeof(owner_key_uppercase) - 1); + owner_key_uppercase[sizeof(owner_key_uppercase) - 1] = '\0'; + for (int i = 0; owner_key_uppercase[i]; i++) { + owner_key_uppercase[i] = toupper(owner_key_uppercase[i]); + } + owner_key = owner_key_uppercase; + } + + // Build client version string (same format as used in status messages) + char client_version[64]; + getClientVersion(client_version, sizeof(client_version)); + + // Get email from preferences (if set) + const char* email = nullptr; + if (_prefs->mqtt_email[0] != '\0') { + email = _prefs->mqtt_email; + } + + // Store old expiration time before renewing (to check if we need to disconnect) + unsigned long old_token_expires_at = _token_us_expires_at; + + // Renew the token + if (JWTHelper::createAuthToken( + *_identity, "mqtt-us-v1.letsmesh.net", + 0, 86400, _auth_token_us, sizeof(_auth_token_us), + owner_key, client_version, email)) { + unsigned long expires_in = 86400; // 24 hours + _token_us_expires_at = time_synced ? (current_time + expires_in) : 0; + MQTT_DEBUG_PRINTLN("US token renewed"); + + _analyzer_us_client->setCredentials(_analyzer_username, _auth_token_us); + + bool old_token_expired_or_imminent = !time_synced || + (old_token_expires_at == 0) || + (current_time >= old_token_expires_at) || + (time_synced && old_token_expires_at >= 1000000000 && + current_time >= (old_token_expires_at - DISCONNECT_THRESHOLD)); + + if (old_token_expired_or_imminent && _analyzer_us_client->connected()) { + _analyzer_us_client->disconnect(); + _last_reconnect_attempt_us = now_millis; + _analyzer_us_client->connect(); + } else if (!_analyzer_us_client->connected()) { + _last_reconnect_attempt_us = now_millis; + _analyzer_us_client->connect(); + } + } else { + MQTT_DEBUG_PRINTLN("Failed to renew US token"); + _token_us_expires_at = 0; + } + } else if (needs_reconnect) { + unsigned long reconnect_elapsed = (now_millis >= _last_reconnect_attempt_us) ? + (now_millis - _last_reconnect_attempt_us) : + (ULONG_MAX - _last_reconnect_attempt_us + now_millis + 1); + if (reconnect_elapsed >= RECONNECT_THROTTLE_MS) { + _last_reconnect_attempt_us = now_millis; + _analyzer_us_client->connect(); + } else { + static unsigned long last_throttle_log_us = 0; + if (now_millis - last_throttle_log_us > 300000) { + last_throttle_log_us = now_millis; + } + } + } + } + + // Check and renew EU server token if needed + if (_analyzer_eu_enabled && _analyzer_eu_client) { + // Check if token is expired or will expire soon + // Only check expiration if time is synced - if time isn't synced, we can't validate expiration + // If time wasn't synced when token was created, expiration time will be invalid (< 1000000000), so renew when time syncs + bool token_needs_renewal = false; + if (!time_synced) { + // Time not synced yet - only renew if token is missing (expires_at == 0) + // Don't renew if token exists but expiration is invalid - wait for time sync + token_needs_renewal = (_token_eu_expires_at == 0); + } else { + // Time is synced - check if token needs renewal + token_needs_renewal = (_token_eu_expires_at == 0) || + !(_token_eu_expires_at >= 1000000000) || // Expiration time invalid (created before time sync) + (current_time >= _token_eu_expires_at) || + (current_time >= (_token_eu_expires_at - RENEWAL_BUFFER)); + } + + // Throttle renewal attempts - don't try more than once per minute to avoid blocking + bool can_attempt_renewal = (now_millis - _last_token_renewal_attempt_eu) >= RENEWAL_THROTTLE_MS; + + // Check if client is disconnected and needs reconnection with new token + bool needs_reconnect = !_analyzer_eu_client->connected(); + + if (token_needs_renewal && can_attempt_renewal) { + _last_token_renewal_attempt_eu = now_millis; + + // Prepare owner public key (if set) - convert to uppercase hex + const char* owner_key = nullptr; + char owner_key_uppercase[65]; + if (_prefs->mqtt_owner_public_key[0] != '\0') { + // Copy and convert to uppercase + strncpy(owner_key_uppercase, _prefs->mqtt_owner_public_key, sizeof(owner_key_uppercase) - 1); + owner_key_uppercase[sizeof(owner_key_uppercase) - 1] = '\0'; + for (int i = 0; owner_key_uppercase[i]; i++) { + owner_key_uppercase[i] = toupper(owner_key_uppercase[i]); + } + owner_key = owner_key_uppercase; + } + + // Build client version string + char client_version[64]; + getClientVersion(client_version, sizeof(client_version)); + + // Get email from preferences (if set) + const char* email = nullptr; + if (_prefs->mqtt_email[0] != '\0') { + email = _prefs->mqtt_email; + } + + // Store old expiration time before renewing (to check if we need to disconnect) + unsigned long old_token_expires_at = _token_eu_expires_at; + + // Renew the token + if (JWTHelper::createAuthToken( + *_identity, "mqtt-eu-v1.letsmesh.net", + 0, 86400, _auth_token_eu, sizeof(_auth_token_eu), + owner_key, client_version, email)) { + unsigned long expires_in = 86400; // 24 hours + _token_eu_expires_at = time_synced ? (current_time + expires_in) : 0; + MQTT_DEBUG_PRINTLN("EU token renewed"); + + _analyzer_eu_client->setCredentials(_analyzer_username, _auth_token_eu); + + bool old_token_expired_or_imminent = !time_synced || + (old_token_expires_at == 0) || + (current_time >= old_token_expires_at) || + (time_synced && old_token_expires_at >= 1000000000 && + current_time >= (old_token_expires_at - DISCONNECT_THRESHOLD)); + + if (old_token_expired_or_imminent && _analyzer_eu_client->connected()) { + _analyzer_eu_client->disconnect(); + _last_reconnect_attempt_eu = now_millis; + _analyzer_eu_client->connect(); + } else if (!_analyzer_eu_client->connected()) { + _last_reconnect_attempt_eu = now_millis; + _analyzer_eu_client->connect(); + } + } else { + MQTT_DEBUG_PRINTLN("Failed to renew EU token"); + _token_eu_expires_at = 0; + } + } else if (needs_reconnect) { + unsigned long reconnect_elapsed = (now_millis >= _last_reconnect_attempt_eu) ? + (now_millis - _last_reconnect_attempt_eu) : + (ULONG_MAX - _last_reconnect_attempt_eu + now_millis + 1); + if (reconnect_elapsed >= RECONNECT_THROTTLE_MS) { + _last_reconnect_attempt_eu = now_millis; + _analyzer_eu_client->connect(); + } + } + } + + // Note: PsychicMqttClient handles automatic reconnection internally, + // but we need to ensure tokens are renewed before reconnection attempts +} + +void MQTTBridge::setMessageTypes(bool status, bool packets, bool raw) { + _status_enabled = status; + _packets_enabled = packets; + _raw_enabled = raw; +} + +int MQTTBridge::getConnectedBrokers() const { + int count = 0; + for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { + if (_brokers[i].enabled && _brokers[i].connected) { + count++; + } + } + return count; +} + +int MQTTBridge::getQueueSize() const { + #ifdef ESP_PLATFORM + // Get actual queue size from FreeRTOS queue + if (_packet_queue_handle != nullptr) { + return uxQueueMessagesWaiting(_packet_queue_handle); + } + return 0; + #else + return _queue_count; + #endif +} + +void MQTTBridge::setStatsSources(mesh::Dispatcher* dispatcher, mesh::Radio* radio, + mesh::MainBoard* board, mesh::MillisecondClock* ms) { + _dispatcher = dispatcher; + _radio = radio; + _board = board; + _ms = ms; +} + +void MQTTBridge::syncTimeWithNTP() { + if (!WiFi.isConnected()) { + MQTT_DEBUG_PRINTLN("Cannot sync time - WiFi not connected"); + return; + } + + // Prevent multiple simultaneous NTP syncs + // Check if we're already synced and sync was recent (within last 5 seconds) + unsigned long now = millis(); + if (_ntp_synced && (now - _last_ntp_sync) < 5000) { + // Already synced recently, skip + return; + } + + // Set flag to prevent concurrent syncs + static bool sync_in_progress = false; + if (sync_in_progress) { + return; // Another sync is already in progress + } + sync_in_progress = true; + + MQTT_DEBUG_PRINTLN("Syncing time with NTP..."); + + // Test DNS resolution before attempting NTP sync + #ifdef ESP_PLATFORM + IPAddress resolved_ip; + if (!WiFi.hostByName("pool.ntp.org", resolved_ip)) { + MQTT_DEBUG_PRINTLN("WARNING: DNS resolution failed for pool.ntp.org - NTP sync may fail"); + } + #endif + + // Begin NTP client + _ntp_client.begin(); + + // Force update (blocking call with timeout) + if (_ntp_client.forceUpdate()) { + unsigned long epochTime = _ntp_client.getEpochTime(); + + // Set system timezone to UTC first + // This ensures time() returns UTC time + configTime(0, 0, "pool.ntp.org"); + + // Update the device's RTC clock with UTC time (if available) + if (_rtc) { + _rtc->setCurrentTime(epochTime); + } + + // Mark NTP as synced regardless of RTC availability + // JWT tokens need valid time, which is now available via time() + bool was_ntp_synced = _ntp_synced; + _ntp_synced = true; + _last_ntp_sync = millis(); + sync_in_progress = false; // Clear sync flag + + MQTT_DEBUG_PRINTLN("Time synced: %lu", epochTime); + + if (!was_ntp_synced) { + unsigned long current_time = time(nullptr); + unsigned long expires_in = 86400; // 24 hours + + // If tokens were created before NTP sync (expires_at == 0), set expiration times now + if (_analyzer_us_enabled && _token_us_expires_at == 0 && strlen(_auth_token_us) > 0) { + _token_us_expires_at = current_time + expires_in; + MQTT_DEBUG_PRINTLN("US token expiration set after NTP sync: %lu", _token_us_expires_at); + } + + if (_analyzer_eu_enabled && _token_eu_expires_at == 0 && strlen(_auth_token_eu) > 0) { + _token_eu_expires_at = current_time + expires_in; + } + + // If tokens don't exist yet (deferred during begin()), create them now + if ((_analyzer_us_enabled || _analyzer_eu_enabled) && + (strlen(_auth_token_us) == 0 && strlen(_auth_token_eu) == 0)) { + if (createAuthToken()) { + if (_analyzer_us_enabled && _analyzer_us_client && strlen(_auth_token_us) > 0) { + _analyzer_us_client->setCredentials(_analyzer_username, _auth_token_us); + if (!_analyzer_us_client->connected()) { + _analyzer_us_client->connect(); + } + } + if (_analyzer_eu_enabled && _analyzer_eu_client && strlen(_auth_token_eu) > 0) { + _analyzer_eu_client->setCredentials(_analyzer_username, _auth_token_eu); + if (!_analyzer_eu_client->connected()) { + _analyzer_eu_client->connect(); + } + } + } else { + MQTT_DEBUG_PRINTLN("Failed to create tokens after NTP sync"); + } + } + } + + sync_in_progress = false; // Clear sync flag on failure too + + // Set timezone from string (with DST support) - only if changed + static char last_timezone[64] = ""; + if (strcmp(_prefs->timezone_string, last_timezone) != 0) { + // Clean up old timezone object to prevent memory leak + if (_timezone) { + delete _timezone; + _timezone = nullptr; + } + + // Create timezone object based on timezone string + Timezone* tz = createTimezoneFromString(_prefs->timezone_string); + if (tz) { + _timezone = tz; + } else { + // Create UTC timezone as fallback + TimeChangeRule utc = {"UTC", Last, Sun, Mar, 0, 0}; + _timezone = new Timezone(utc, utc); + } + + strncpy(last_timezone, _prefs->timezone_string, sizeof(last_timezone) - 1); + last_timezone[sizeof(last_timezone) - 1] = '\0'; + + // Force memory defragmentation after timezone recreation + void* temp = malloc(1024); + if (temp) { + free(temp); + } + } + + // Get current time info + struct tm* utc_timeinfo = gmtime((time_t*)&epochTime); + struct tm* local_timeinfo = localtime((time_t*)&epochTime); + (void)utc_timeinfo; // Unused but kept for debugging if needed + (void)local_timeinfo; + } else { + MQTT_DEBUG_PRINTLN("NTP sync failed"); + sync_in_progress = false; // Clear sync flag on failure + } + + _ntp_client.end(); +} + +Timezone* MQTTBridge::createTimezoneFromString(const char* tz_string) { + // Create Timezone objects for common IANA timezone strings + + // North America + if (strcmp(tz_string, "America/Los_Angeles") == 0 || strcmp(tz_string, "America/Vancouver") == 0) { + TimeChangeRule pst = {"PST", First, Sun, Nov, 2, -480}; // UTC-8 + TimeChangeRule pdt = {"PDT", Second, Sun, Mar, 2, -420}; // UTC-7 + return new Timezone(pdt, pst); + } else if (strcmp(tz_string, "America/Denver") == 0) { + TimeChangeRule mst = {"MST", First, Sun, Nov, 2, -420}; // UTC-7 + TimeChangeRule mdt = {"MDT", Second, Sun, Mar, 2, -360}; // UTC-6 + return new Timezone(mdt, mst); + } else if (strcmp(tz_string, "America/Chicago") == 0) { + TimeChangeRule cst = {"CST", First, Sun, Nov, 2, -360}; // UTC-6 + TimeChangeRule cdt = {"CDT", Second, Sun, Mar, 2, -300}; // UTC-5 + return new Timezone(cdt, cst); + } else if (strcmp(tz_string, "America/New_York") == 0 || strcmp(tz_string, "America/Toronto") == 0) { + TimeChangeRule est = {"EST", First, Sun, Nov, 2, -300}; // UTC-5 + TimeChangeRule edt = {"EDT", Second, Sun, Mar, 2, -240}; // UTC-4 + return new Timezone(edt, est); + } else if (strcmp(tz_string, "America/Anchorage") == 0) { + TimeChangeRule akst = {"AKST", First, Sun, Nov, 2, -540}; // UTC-9 + TimeChangeRule akdt = {"AKDT", Second, Sun, Mar, 2, -480}; // UTC-8 + return new Timezone(akdt, akst); + } else if (strcmp(tz_string, "Pacific/Honolulu") == 0) { + TimeChangeRule hst = {"HST", Last, Sun, Oct, 2, -600}; // UTC-10 (no DST) + return new Timezone(hst, hst); + + // Europe + } else if (strcmp(tz_string, "Europe/London") == 0) { + TimeChangeRule gmt = {"GMT", Last, Sun, Oct, 2, 0}; // UTC+0 + TimeChangeRule bst = {"BST", Last, Sun, Mar, 1, 60}; // UTC+1 + return new Timezone(bst, gmt); + } else if (strcmp(tz_string, "Europe/Paris") == 0 || strcmp(tz_string, "Europe/Berlin") == 0) { + TimeChangeRule cet = {"CET", Last, Sun, Oct, 3, 60}; // UTC+1 + TimeChangeRule cest = {"CEST", Last, Sun, Mar, 2, 120}; // UTC+2 + return new Timezone(cest, cet); + } else if (strcmp(tz_string, "Europe/Moscow") == 0) { + TimeChangeRule msk = {"MSK", Last, Sun, Oct, 3, 180}; // UTC+3 (no DST since 2014) + return new Timezone(msk, msk); + + // Asia + } else if (strcmp(tz_string, "Asia/Tokyo") == 0) { + TimeChangeRule jst = {"JST", Last, Sun, Oct, 2, 540}; // UTC+9 (no DST) + return new Timezone(jst, jst); + } else if (strcmp(tz_string, "Asia/Shanghai") == 0 || strcmp(tz_string, "Asia/Hong_Kong") == 0) { + TimeChangeRule cst = {"CST", Last, Sun, Oct, 2, 480}; // UTC+8 (no DST) + return new Timezone(cst, cst); + } else if (strcmp(tz_string, "Asia/Kolkata") == 0) { + TimeChangeRule ist = {"IST", Last, Sun, Oct, 2, 330}; // UTC+5:30 (no DST) + return new Timezone(ist, ist); + } else if (strcmp(tz_string, "Asia/Dubai") == 0) { + TimeChangeRule gst = {"GST", Last, Sun, Oct, 2, 240}; // UTC+4 (no DST) + return new Timezone(gst, gst); + + // Australia + } else if (strcmp(tz_string, "Australia/Sydney") == 0 || strcmp(tz_string, "Australia/Melbourne") == 0) { + TimeChangeRule aest = {"AEST", First, Sun, Apr, 3, 600}; // UTC+10 + TimeChangeRule aedt = {"AEDT", First, Sun, Oct, 2, 660}; // UTC+11 + return new Timezone(aedt, aest); + } else if (strcmp(tz_string, "Australia/Perth") == 0) { + TimeChangeRule awst = {"AWST", Last, Sun, Oct, 2, 480}; // UTC+8 (no DST) + return new Timezone(awst, awst); + + // Timezone abbreviations (with DST handling) + } else if (strcmp(tz_string, "PDT") == 0 || strcmp(tz_string, "PST") == 0) { + // Pacific Time (PST/PDT) + TimeChangeRule pst = {"PST", First, Sun, Nov, 2, -480}; // UTC-8 + TimeChangeRule pdt = {"PDT", Second, Sun, Mar, 2, -420}; // UTC-7 + return new Timezone(pdt, pst); + } else if (strcmp(tz_string, "MDT") == 0 || strcmp(tz_string, "MST") == 0) { + // Mountain Time (MST/MDT) + TimeChangeRule mst = {"MST", First, Sun, Nov, 2, -420}; // UTC-7 + TimeChangeRule mdt = {"MDT", Second, Sun, Mar, 2, -360}; // UTC-6 + return new Timezone(mdt, mst); + } else if (strcmp(tz_string, "CDT") == 0 || strcmp(tz_string, "CST") == 0) { + // Central Time (CST/CDT) + TimeChangeRule cst = {"CST", First, Sun, Nov, 2, -360}; // UTC-6 + TimeChangeRule cdt = {"CDT", Second, Sun, Mar, 2, -300}; // UTC-5 + return new Timezone(cdt, cst); + } else if (strcmp(tz_string, "EDT") == 0 || strcmp(tz_string, "EST") == 0) { + // Eastern Time (EST/EDT) + TimeChangeRule est = {"EST", First, Sun, Nov, 2, -300}; // UTC-5 + TimeChangeRule edt = {"EDT", Second, Sun, Mar, 2, -240}; // UTC-4 + return new Timezone(edt, est); + } else if (strcmp(tz_string, "BST") == 0 || strcmp(tz_string, "GMT") == 0) { + // British Time (GMT/BST) + TimeChangeRule gmt = {"GMT", Last, Sun, Oct, 2, 0}; // UTC+0 + TimeChangeRule bst = {"BST", Last, Sun, Mar, 1, 60}; // UTC+1 + return new Timezone(bst, gmt); + } else if (strcmp(tz_string, "CEST") == 0 || strcmp(tz_string, "CET") == 0) { + // Central European Time (CET/CEST) + TimeChangeRule cet = {"CET", Last, Sun, Oct, 3, 60}; // UTC+1 + TimeChangeRule cest = {"CEST", Last, Sun, Mar, 2, 120}; // UTC+2 + return new Timezone(cest, cet); + + // UTC and simple offsets + } else if (strcmp(tz_string, "UTC") == 0) { + TimeChangeRule utc = {"UTC", Last, Sun, Mar, 0, 0}; + return new Timezone(utc, utc); + } else if (strncmp(tz_string, "UTC", 3) == 0) { + // Handle UTC+/-X format (UTC-8, UTC+5, etc.) + int offset = atoi(tz_string + 3); + TimeChangeRule utc_offset = {"UTC", Last, Sun, Mar, 0, offset * 60}; + return new Timezone(utc_offset, utc_offset); + } else if (strncmp(tz_string, "GMT", 3) == 0) { + // Handle GMT+/-X format (GMT-8, GMT+5, etc.) + int offset = atoi(tz_string + 3); + TimeChangeRule gmt_offset = {"GMT", Last, Sun, Mar, 0, offset * 60}; + return new Timezone(gmt_offset, gmt_offset); + } else if (strncmp(tz_string, "+", 1) == 0 || strncmp(tz_string, "-", 1) == 0) { + // Handle simple +/-X format (+5, -8, etc.) + int offset = atoi(tz_string); + TimeChangeRule offset_tz = {"TZ", Last, Sun, Mar, 0, offset * 60}; + return new Timezone(offset_tz, offset_tz); + } else { + // Unknown timezone, return null + MQTT_DEBUG_PRINTLN("Unknown timezone: %s", tz_string); + return nullptr; + } +} + +void MQTTBridge::getClientVersion(char* buffer, size_t buffer_size) const { + if (!buffer || buffer_size == 0) { + return; + } + // Generate client version string in format "meshcore/{firmware_version}" + snprintf(buffer, buffer_size, "meshcore/%s", _firmware_version); +} + +void MQTTBridge::optimizeMqttClientConfig(PsychicMqttClient* client, bool is_analyzer_client) { + if (!client) return; + + // Buffer size selection (optimized for memory): + // - Analyzer clients: Need 896 bytes for CONNECT message with 768-byte JWT tokens + // (CONNECT message: ~10 bytes overhead + 70 bytes username + 768 bytes password = ~850 bytes) + // Reduced from 1024 to 896 (128 bytes saved) - still safe with ~46 bytes headroom + // - Main client: Can use 640 bytes (smaller than default 768, but safe for regular publishes) + // Most JSON messages are <500 bytes, CONNECT messages are smaller without JWT tokens + // Reduced from 768 to 640 (128 bytes saved) - still safe with ~140 bytes headroom + int buffer_size = is_analyzer_client ? 896 : 640; + + client->setBufferSize(buffer_size); + + // Access ESP-IDF config to optimize additional settings + esp_mqtt_client_config_t* config = client->getMqttConfig(); + if (config) { + #if defined(ESP_IDF_VERSION_MAJOR) && ESP_IDF_VERSION_MAJOR >= 5 + if (config->buffer.out_size == 0 || config->buffer.out_size > buffer_size) { + config->buffer.out_size = buffer_size; + } + #endif + } +} + +void MQTTBridge::logMemoryStatus() { + MQTT_DEBUG_PRINTLN("Memory: Free=%d, Max=%d, Queue=%d/%d", + ESP.getFreeHeap(), ESP.getMaxAllocHeap(), _queue_count, MAX_QUEUE_SIZE); +} + +#endif + diff --git a/src/helpers/bridges/MQTTBridge.h b/src/helpers/bridges/MQTTBridge.h new file mode 100644 index 000000000..1d2b31dae --- /dev/null +++ b/src/helpers/bridges/MQTTBridge.h @@ -0,0 +1,427 @@ +#pragma once + +#include "MeshCore.h" +#include "helpers/bridges/BridgeBase.h" +#include +#include +#include +#include +#include +#include "helpers/JWTHelper.h" + +#ifdef ESP_PLATFORM +#include +#include +#include +#include +#endif + +#if defined(MQTT_DEBUG) && defined(ARDUINO) + #include + // USB CDC-aware debug macros: only print if Serial is ready (non-blocking check) + // Serial.availableForWrite() returns bytes available in write buffer (>0 means ready) + // This prevents hangs when USB CDC isn't ready yet (e.g., ESP32-S3 native USB) + #define MQTT_DEBUG_PRINT(F, ...) do { if (Serial.availableForWrite() > 0) { Serial.printf("MQTT: " F, ##__VA_ARGS__); } } while(0) + #define MQTT_DEBUG_PRINTLN(F, ...) do { if (Serial.availableForWrite() > 0) { Serial.printf("MQTT: " F "\n", ##__VA_ARGS__); } } while(0) +#else + #define MQTT_DEBUG_PRINT(...) {} + #define MQTT_DEBUG_PRINTLN(...) {} +#endif + +#ifdef WITH_MQTT_BRIDGE + +/** + * @brief Bridge implementation using MQTT protocol for packet transport + * + * This bridge enables mesh packet transport over MQTT, allowing repeaters to + * uplink packet data to multiple MQTT brokers for monitoring and analysis. + * + * Features: + * - Multiple MQTT broker support + * - Automatic reconnection with exponential backoff + * - JSON message formatting for status, packets, and raw data + * - Configurable topics and QoS levels + * - Packet queuing during connection issues + * + * Message Types: + * - Status: Device connection status and metadata + * - Packets: Full packet data with RF characteristics + * - Raw: Minimal raw packet data for map integration + * + * Configuration: + * - Define WITH_MQTT_BRIDGE to enable this bridge + * - Configure brokers via CLI commands + * - Set origin name and IATA code for topic structure + */ +class MQTTBridge : public BridgeBase { +private: + PsychicMqttClient* _mqtt_client; + + // MQTT broker configuration + struct MQTTBroker { + char host[64]; + uint16_t port; + char username[32]; + char password[64]; + char client_id[32]; + uint8_t qos; + bool enabled; + bool connected; + unsigned long last_attempt; + unsigned long reconnect_interval; + }; + + static const int MAX_MQTT_BROKERS_COUNT = 3; + MQTTBroker _brokers[MAX_MQTT_BROKERS_COUNT]; + int _active_brokers; + + // Message configuration + char _origin[32]; + char _iata[8]; + char _device_id[65]; // Device public key (hex string) + char _firmware_version[64]; // Firmware version string + char _board_model[64]; // Board model string + char _build_date[32]; // Build date string + bool _status_enabled; + bool _packets_enabled; + bool _raw_enabled; + bool _tx_enabled; + unsigned long _last_status_publish; + unsigned long _status_interval; + + // Packet queue for offline scenarios + struct QueuedPacket { + mesh::Packet* packet; + unsigned long timestamp; + bool is_tx; + // Store raw radio data with each packet to avoid it being overwritten + uint8_t raw_data[256]; + int raw_len; + float snr; + float rssi; + bool has_raw_data; + }; + + static const int MAX_QUEUE_SIZE = 10; + + // FreeRTOS queue for thread-safe packet queuing + #ifdef ESP_PLATFORM + QueueHandle_t _packet_queue_handle; + TaskHandle_t _mqtt_task_handle; + SemaphoreHandle_t _raw_data_mutex; // Mutex for raw radio data + #else + // Fallback to circular buffer for non-ESP32 platforms + QueuedPacket _packet_queue[MAX_QUEUE_SIZE]; + int _queue_head; + int _queue_tail; + #endif + int _queue_count; // Protected by queue operations or mutex + + // NTP time sync + WiFiUDP _ntp_udp; + NTPClient _ntp_client; + unsigned long _last_ntp_sync; + bool _ntp_synced; + bool _ntp_sync_pending; // Flag to trigger NTP sync from loop() instead of event handler + + // Timezone handling + Timezone* _timezone; + + // Raw radio data storage + uint8_t _last_raw_data[256]; + int _last_raw_len; + float _last_snr; + float _last_rssi; + unsigned long _last_raw_timestamp; + + // Let's Mesh Analyzer support + bool _analyzer_us_enabled; + bool _analyzer_eu_enabled; + char _auth_token_us[768]; // JWT token for US server authentication (increased for owner/client fields) + char _auth_token_eu[768]; // JWT token for EU server authentication (increased for owner/client fields) + char _analyzer_username[70]; // Username in format v1_{UPPERCASE_PUBLIC_KEY} + + // Token expiration tracking + unsigned long _token_us_expires_at; + unsigned long _token_eu_expires_at; + + // Memory pressure monitoring + unsigned long _last_memory_check; + int _skipped_publishes; // Count of skipped publishes due to memory pressure + unsigned long _last_token_renewal_attempt_us; + unsigned long _last_token_renewal_attempt_eu; + unsigned long _last_reconnect_attempt_us; + unsigned long _last_reconnect_attempt_eu; + + // Status publish retry tracking + unsigned long _last_status_retry; // Track last retry attempt (separate from successful publish) + static const unsigned long STATUS_RETRY_INTERVAL = 30000; // Retry every 30 seconds if failed + + // Device identity for JWT token creation + mesh::LocalIdentity *_identity; + + // PsychicMqttClient instances for different brokers + PsychicMqttClient* _analyzer_us_client; + PsychicMqttClient* _analyzer_eu_client; + + // Configuration validation state + bool _config_valid; + + // Cached broker connection status (updated in callbacks to avoid redundant checks) + bool _cached_has_brokers; + bool _cached_has_analyzer_servers; + + // Throttle logging for disconnected broker messages + unsigned long _last_no_broker_log; + static const unsigned long NO_BROKER_LOG_INTERVAL = 30000; // Log every 30 seconds max + + // Throttle logging for analyzer client disconnected messages + unsigned long _last_analyzer_us_log; + unsigned long _last_analyzer_eu_log; + static const unsigned long ANALYZER_LOG_INTERVAL = 30000; // Log every 30 seconds max + unsigned long _last_config_warning; // Throttle configuration mismatch warnings + static const unsigned long CONFIG_WARNING_INTERVAL = 300000; // Log every 5 minutes max + + // Optional pointers for collecting stats internally (set by mesh if available) + mesh::Dispatcher* _dispatcher; // For air times and errors + mesh::Radio* _radio; // For noise floor + mesh::MainBoard* _board; // For battery voltage + mesh::MillisecondClock* _ms; // For uptime + + // Internal methods + void connectToBrokers(); + void processPacketQueue(); + bool publishStatus(); // Returns true if status was successfully published + + // FreeRTOS task function (runs on Core 0) + #ifdef ESP_PLATFORM + static void mqttTask(void* parameter); + void mqttTaskLoop(); // Main loop for MQTT task + void initializeWiFiInTask(); // WiFi initialization moved to task + #endif + void publishPacket(mesh::Packet* packet, bool is_tx, + const uint8_t* raw_data = nullptr, int raw_len = 0, + float snr = 0.0f, float rssi = 0.0f); + void publishRaw(mesh::Packet* packet); + void queuePacket(mesh::Packet* packet, bool is_tx); + void dequeuePacket(); + bool isAnyBrokerConnected(); + void setBrokerDefaults(); + void syncTimeWithNTP(); + Timezone* createTimezoneFromString(const char* tz_string); + bool isMQTTConfigValid(); + void checkConfigurationMismatch(); // Check for bridge.source/mqtt.tx mismatch + bool isIATAValid() const; // Check if IATA code is configured + +public: + /** + * Constructs an MQTTBridge instance + * + * @param prefs Node preferences for configuration settings + * @param mgr PacketManager for allocating and queuing packets + * @param rtc RTCClock for timestamping debug messages + * @param identity Device identity for JWT token creation + */ + MQTTBridge(NodePrefs *prefs, mesh::PacketManager *mgr, mesh::RTCClock *rtc, mesh::LocalIdentity *identity); + + /** + * Initializes the MQTT bridge + * + * - Sets up default broker configuration + * - Initializes WiFi client + * - Prepares MQTT clients for each broker + */ + void begin() override; + + /** + * Stops the MQTT bridge + * + * - Disconnects from all brokers + * - Clears packet queue + * - Releases resources + */ + void end() override; + + /** + * Checks if MQTT configuration is valid + * + * @return true if all required MQTT settings are properly configured + */ + bool isConfigValid() const; + + /** + * Static method to validate MQTT configuration from preferences + * + * @param prefs Node preferences containing MQTT settings + * @return true if all required MQTT settings are properly configured + */ + static bool isConfigValid(const NodePrefs* prefs); + + /** + * Check if MQTT bridge is ready to operate (has WiFi credentials) + * + * @return true if WiFi credentials are configured and bridge can connect + */ + bool isReady() const; + + /** + * Main loop handler + * - Maintains broker connections + * - Processes packet queue + * - Publishes status updates + */ + void loop() override; + + /** + * Called when a packet is received via mesh + * Queues the packet for MQTT publishing if enabled + * + * @param packet The received mesh packet + */ + void onPacketReceived(mesh::Packet *packet) override; + + /** + * Called when a packet needs to be transmitted via MQTT + * Publishes the packet to all connected brokers + * + * @param packet The mesh packet to transmit + */ + void sendPacket(mesh::Packet *packet) override; + + /** + * Configure MQTT broker settings + * + * @param broker_index Broker index (0-2) + * @param host Broker hostname + * @param port Broker port + * @param username MQTT username + * @param password MQTT password + * @param enabled Whether broker is enabled + */ + void setBroker(int broker_index, const char* host, uint16_t port, + const char* username, const char* password, bool enabled); + + /** + * Set device origin name for MQTT topics + * + * @param origin Device name + */ + void setOrigin(const char* origin); + + /** + * Set IATA code for MQTT topics + * + * @param iata Airport code + */ + void setIATA(const char* iata); + + /** + * Set device public key for MQTT topics + * + * @param device_id Device public key (hex string) + */ + void setDeviceID(const char* device_id); + + /** + * Set firmware version for status messages + * + * @param firmware_version Firmware version string + */ + void setFirmwareVersion(const char* firmware_version); + + /** + * Set board model for status messages + * + * @param board_model Board model string + */ + void setBoardModel(const char* board_model); + + /** + * Set build date for client version + * + * @param build_date Build date string + */ + void setBuildDate(const char* build_date); + + /** + * Stores raw radio data for MQTT messages + * + * @param raw_data Raw radio transmission data + * @param len Length of raw data + * @param snr Signal-to-noise ratio + * @param rssi Received signal strength indicator + */ + void storeRawRadioData(const uint8_t* raw_data, int len, float snr, float rssi); + + // Let's Mesh Analyzer methods + void setupAnalyzerServers(); + bool createAuthToken(); + bool publishToAnalyzerServers(const char* topic, const char* payload, bool retained = false); // Returns true if at least one publish succeeded + + // PsychicMqttClient WebSocket methods + void setupAnalyzerClients(); + void maintainAnalyzerConnections(); + bool publishToAnalyzerClient(PsychicMqttClient* client, const char* topic, const char* payload, bool retained = false); // Returns true if publish succeeded + void publishStatusToAnalyzerClient(PsychicMqttClient* client, const char* server_name); + + /** + * Optimize MQTT client configuration for memory efficiency + * Reduces buffer sizes to minimize memory usage while maintaining functionality + * + * @param client MQTT client to optimize + * @param is_analyzer_client If true, uses larger buffer for JWT tokens (768 bytes) + */ + void optimizeMqttClientConfig(PsychicMqttClient* client, bool is_analyzer_client = false); + + /** + * Enable/disable message types + * + * @param status Enable status messages + * @param packets Enable packet messages + * @param raw Enable raw messages + */ + void setMessageTypes(bool status, bool packets, bool raw); + + /** + * Get connection status for all brokers + * + * @return Number of connected brokers + */ + int getConnectedBrokers() const; + + /** + * Get queue status + * + * @return Number of queued packets + */ + int getQueueSize() const; + + /** + * Set optional pointers for stats collection. + * If these are set, stats will be collected automatically when publishing status. + * + * @param dispatcher Dispatcher (or Mesh*) for air times and errors + * @param radio Radio for noise floor + * @param board MainBoard for battery voltage + * @param ms MillisecondClock for uptime + */ + void setStatsSources(mesh::Dispatcher* dispatcher, mesh::Radio* radio, + mesh::MainBoard* board, mesh::MillisecondClock* ms); + +private: + /** + * Generate client version string in format "meshcore/{firmware_version}" + * Memory-efficient: writes to provided buffer, no dynamic allocation + * + * @param buffer Buffer to write the client version string to + * @param buffer_size Size of the buffer (must be at least 64 bytes) + */ + void getClientVersion(char* buffer, size_t buffer_size) const; + + /** + * Log memory status for debugging + */ + void logMemoryStatus(); +}; + +#endif diff --git a/ssl_certs/cacert.pem b/ssl_certs/cacert.pem new file mode 100644 index 000000000..f04c55123 --- /dev/null +++ b/ssl_certs/cacert.pem @@ -0,0 +1,3556 @@ +## +## Bundle of CA Root Certificates +## +## Certificate data from Mozilla as of: Tue Sep 9 03:12:01 2025 GMT +## +## Find updated versions here: https://curl.se/docs/caextract.html +## +## This is a bundle of X.509 certificates of public Certificate Authorities +## (CA). These were automatically extracted from Mozilla's root certificates +## file (certdata.txt). This file can be found in the mozilla source tree: +## https://raw.githubusercontent.com/mozilla-firefox/firefox/refs/heads/release/security/nss/lib/ckfw/builtins/certdata.txt +## +## It contains the certificates in PEM format and therefore +## can be directly used with curl / libcurl / php_curl, or with +## an Apache+mod_ssl webserver for SSL client authentication. +## Just configure this file as the SSLCACertificateFile. +## +## Conversion done with mk-ca-bundle.pl version 1.29. +## SHA256: 0078e6bdd280fd89e1b883174387aae84b3eae2ee263416a5f8a14ee7f179ae9 +## + + +Entrust Root Certification Authority +==================================== +-----BEGIN CERTIFICATE----- +MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAUBgNV +BAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jw +b3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsG +A1UEAxMkRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0 +MloXDTI2MTEyNzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMu +MTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVu +Y2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9v +dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYsz +A9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOww +Cj0Yzfv9KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGIrb68 +j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi94DkZfs0Nw4pgHBN +rziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOBsDCBrTAOBgNVHQ8BAf8EBAMCAQYw +DwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAigA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1 +MzQyWjAfBgNVHSMEGDAWgBRokORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DH +hmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA +A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISM +Y/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTa +v52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTS +W3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0 +tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/WrQ8 +-----END CERTIFICATE----- + +QuoVadis Root CA 2 +================== +-----BEGIN CERTIFICATE----- +MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT +EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQx +ODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6 +XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yk +lvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbB +lDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGy +lZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt +66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1Jdxn +wQ5hYIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh +D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xFSkyy +BNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQliBJIWENie +J0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1Ud +DgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGU +a6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT +ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2fBluornFdLwUv +Z+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3ZRPx3 +UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodm +VjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK ++JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrW +IozchLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1 +WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5X +f6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II +4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8 +VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u +-----END CERTIFICATE----- + +QuoVadis Root CA 3 +================== +-----BEGIN CERTIFICATE----- +MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT +EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQx +OTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM +aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNgg +DhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUrH556VOij +KTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd8lyyBTNvijbO0BNO/79K +DDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJKjdhkf2mrk7AyxRllDdLkgbv +BNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwp +p5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8 +nT8KKdjcT5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEX +MJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZc6tsgLjoC2SToJyM +Gf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A4iLItLRkT9a6fUg+qGkM17uGcclz +uD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHT +BgkrBgEEAb5YAAMwgcUwgZMGCCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmlj +YXRlIGNvbnN0aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 +aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudC4wLQYIKwYB +BQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYD +VR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4 +ywLQoUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UE +AxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZV +qyM07ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSemd1o417+s +hvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4E6oM3kJpK27z +POuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2 +Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp +8kokUvd0/bpO5qgdAm6xDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBC +bjPsMZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6szHXu +g/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0jWy10QJLZYxkNc91p +vGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeTmJlglFwjz1onl14LBQaTNx47aTbr +qZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto= +-----END CERTIFICATE----- + +DigiCert Assured ID Root CA +=========================== +-----BEGIN CERTIFICATE----- +MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw +IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzEx +MTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL +ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0Ew +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO +9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHy +UmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW +/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpy +oeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf +GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF +66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq +hkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2Bc +EkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38Fn +SbNd67IJKusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i +8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe ++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== +-----END CERTIFICATE----- + +DigiCert Global Root CA +======================= +-----BEGIN CERTIFICATE----- +MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw +HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAw +MDAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 +dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsBCSDMAZOn +TjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97nh6Vfe63SKMI2tavegw5 +BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt43C/dxC//AH2hdmoRBBYMql1GNXRor5H +4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7PT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y +7vrTC0LUq7dBMtoM1O/4gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQAB +o2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbRTLtm +8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQEF +BQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/EsrhMAtudXH/vTBH1jLuG2cenTnmCmr +EbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIt +tep3Sp+dWOIrWcBAI+0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886 +UAb3LujEV0lsYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk +CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= +-----END CERTIFICATE----- + +DigiCert High Assurance EV Root CA +================================== +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSsw +KQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAw +MFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ +MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFu +Y2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0t +Mqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMS +OO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3 +MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQ +NAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUe +h10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMB +Af8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSY +JhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQ +V8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFp +myPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkK +mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe +vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K +-----END CERTIFICATE----- + +SwissSign Gold CA - G2 +====================== +-----BEGIN CERTIFICATE----- +MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUw +EwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcN +MDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp +c3NTaWduIEFHMR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUq +t2/876LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5C +jCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpg +vd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDF +ylqM2tIrfKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvR +AiTysybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend +jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69yFGkO +peUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je883WX0XaxR +7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kgeDrpOVG2Y4OGi +GqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw +AwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64 +OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov +L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe645R88a7A3hfm +5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr +44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOf +Mke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6m +Gu6uLftIdxf+u+yvGPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxp +mo/a77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJk +vC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLf +KzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2Br +NU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6Lqj +viOvrv1vA+ACOzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ +-----END CERTIFICATE----- + +SecureTrust CA +============== +-----BEGIN CERTIFICATE----- +MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQG +EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNVBAMTDlNlY3VyZVRy +dXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAe +BgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQX +OZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO0gMdA+9t +DWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uH +GFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b +01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmH +ursCAwEAAaOBnTCBmjATBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYj +aHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ +KoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSu +SceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHf +mbx8IVQr5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZ +nMUFdAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR +3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= +-----END CERTIFICATE----- + +Secure Global CA +================ +-----BEGIN CERTIFICATE----- +MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQG +EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBH +bG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEg +MB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwg +Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jx +YDiJiQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQ +bqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJwB1g +8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYV +HDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi +0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCswKaAn +oCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsGAQQBgjcVAQQDAgEA +MA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0LURYD7xh8yOOvaliTFGCRsoTciE6+ +OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXOH0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cn +CDpOGR86p1hcF895P4vkp9MmI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/5 +3CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc +f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW +-----END CERTIFICATE----- + +COMODO Certification Authority +============================== +-----BEGIN CERTIFICATE----- +MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UE +BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG +A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNVBAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1 +dGhvcml0eTAeFw0wNjEyMDEwMDAwMDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEb +MBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFD +T01PRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH ++7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI2GqGd0S7WWaXUF601CxwRM/aN5VCaTww +xHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV +4EajcNxo2f8ESIl33rXp+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA +1KGzqSX+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5OnKVI +rLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmNvbW9k +b2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOC +AQEAPpiem/Yb6dc5t3iuHXIYSdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CP +OGEIqB6BCsAvIC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ +RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmc +IGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5ddBA6+C4OmF4O5MBKgxTMVBbkN ++8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IBZQ== +-----END CERTIFICATE----- + +COMODO ECC Certification Authority +================================== +-----BEGIN CERTIFICATE----- +MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMC +R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE +ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0Ix +GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR +Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRo +b3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlILBs5BAH+X +4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8vCVlbpVsLM5ni +wz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8E +BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VG +FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA +U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= +-----END CERTIFICATE----- + +Certigna +======== +-----BEGIN CERTIFICATE----- +MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNVBAYTAkZSMRIw +EAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4XDTA3MDYyOTE1MTMwNVoXDTI3 +MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwI +Q2VydGlnbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7q +XOEm7RFHYeGifBZ4QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyH +GxnygQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbwzBfsV1/p +ogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q130yGLMLLGq/jj8UEYkg +DncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKf +Irjxwo1p3Po6WAbfAgMBAAGjgbwwgbkwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQ +tCRZvgHyUtVF9lo53BEwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJ +BgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzjAQ/J +SP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAQEA +hQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8hbV6lUmPOEvjvKtpv6zf+EwLHyzs+ +ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFncfca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1klu +PBS1xp81HlDQwY9qcEQCYsuuHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY +1gkIl2PlwS6wt0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw +WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== +-----END CERTIFICATE----- + +ePKI Root Certification Authority +================================= +-----BEGIN CERTIFICATE----- +MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQG +EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kg +Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMx +MjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEq +MCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAHSyZbCUNs +IZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAhijHyl3SJCRImHJ7K2RKi +lTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PRYfl61dd4s5oz9wCGzh1NlDiv +qOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX +12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0O +WQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+ +ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnao +lQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pHdmX2Os+PYhcZewoozRrSgx4hxyy/ +vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXi +Zo1jDiVN1Rmy5nk3pyKdVDECAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/Qkqi +MAwGA1UdEwQFMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH +ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B0 +1GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzq +KOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdV +xrsStZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEP +NXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+r +GNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUBo2M3IUxE +xJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjpKdx2qcgw+BRx +gMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C6pSe3VkQw63d4k3jMdXH7Ojy +sP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmOD +BCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZw= +-----END CERTIFICATE----- + +certSIGN ROOT CA +================ +-----BEGIN CERTIFICATE----- +MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYTAlJPMREwDwYD +VQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTAeFw0wNjA3MDQxNzIwMDRa +Fw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UE +CxMQY2VydFNJR04gUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7I +JUqOtdu0KBuqV5Do0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHH +rfAQUySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5dRdY4zTW2 +ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQOA7+j0xbm0bqQfWwCHTD +0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwvJoIQ4uNllAoEwF73XVv4EOLQunpL+943 +AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B +Af8EBAMCAcYwHQYDVR0OBBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IB +AQA+0hyJLjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecYMnQ8 +SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ44gx+FkagQnIl6Z0 +x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6IJd1hJyMctTEHBDa0GpC9oHRxUIlt +vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz +TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD +-----END CERTIFICATE----- + +NetLock Arany (Class Gold) Főtanúsítvány +======================================== +-----BEGIN CERTIFICATE----- +MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8G +A1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610 +dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBB +cmFueSAoQ2xhc3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgx +MjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxO +ZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlv +biBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6 +c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu +0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw +/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAk +H3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdw +fzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr+UBdADTHLpl1 +neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIB +BjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwW +qZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta +YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC +bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2FuLjbvrW5Kfna +NwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQu +dZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= +-----END CERTIFICATE----- + +Microsec e-Szigno Root CA 2009 +============================== +-----BEGIN CERTIFICATE----- +MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYDVQQGEwJIVTER +MA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jv +c2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o +dTAeFw0wOTA2MTYxMTMwMThaFw0yOTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UE +BwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUt +U3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvPkd6mJviZpWNwrZuuyjNA +fW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tccbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG +0IMZfcChEhyVbUr02MelTTMuhTlAdX4UfIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKA +pxn1ntxVUwOXewdI/5n7N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm +1HxdrtbCxkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1+rUC +AwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTLD8bf +QkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAbBgNVHREE +FDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqGSIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0o +lZMEyL/azXm4Q5DwpL7v8u8hmLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfX +I/OMn74dseGkddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 +tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c2Pm2G2JwCz02 +yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5tHMN1Rq41Bab2XD0h7lbwyYIi +LXpUq3DDfSJlgnCW +-----END CERTIFICATE----- + +GlobalSign Root CA - R3 +======================= +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xv +YmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh +bFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT +aWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln +bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWt +iHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ +0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3 +rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjl +OCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2 +xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE +FI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7 +lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8 +EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdBj+1E +bddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18 +YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7r +kpeDMdmztcpHWD9f +-----END CERTIFICATE----- + +Izenpe.com +========== +-----BEGIN CERTIFICATE----- +MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQG +EwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEz +MTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMu +QS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ +03rKDx6sp4boFmVqscIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAK +ClaOxdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU ++zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXC +PCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxT +OTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbK +F7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK +0GqfvEyNBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8Lhij+ +0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIBQFqNeb+Lz0vPqhbB +leStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+HMh3/1uaD7euBUbl8agW7EekFwID +AQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2luZm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+ +SVpFTlBFIFMuQS4gLSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBG +NjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx +MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O +BBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6l +Fn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbga +kEyrkgPH7UIBzg/YsfqikuFgba56awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8q +hT/AQKM6WfxZSzwoJNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Cs +g1lwLDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5 +aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mrZJfQRsN5 +nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqtujWTI6cfSN01RpiyEGjkpTHC +ClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZo +Q0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z +WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== +-----END CERTIFICATE----- + +Go Daddy Root Certificate Authority - G2 +======================================== +-----BEGIN CERTIFICATE----- +MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMu +MTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 +MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 +b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8G +A1UEAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKDE6bFIEMBO4Tx5oVJnyfq +9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD ++qK+ihVqf94Lw7YZFAXK6sOoBJQ7RnwyDfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutd +fMh8+7ArU6SSYmlRJQVhGkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMl +NAJWJwGRtDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEAAaNC +MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9 +BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmXWWcDYfF+OwYxdS2hII5PZYe096ac +vNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r +5N9ss4UXnT3ZJE95kTXWXwTrgIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYV +N8Gb5DKj7Tjo2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO +LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI4uJEvlz36hz1 +-----END CERTIFICATE----- + +Starfield Root Certificate Authority - G2 +========================================= +-----BEGIN CERTIFICATE----- +MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s +b2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0 +eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAw +DgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQg +VGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBB +dXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3twQP89o/8ArFv +W59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMgnLRJdzIpVv257IzdIvpy3Cdhl+72WoTs +bhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNk +N3mSwOxGXn/hbVNMYq/NHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7Nf +ZTD4p7dNdloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0HZbU +JtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0GCSqGSIb3DQEBCwUAA4IBAQARWfol +TwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjUsHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx +4mcujJUDJi5DnUox9g61DLu34jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUw +F5okxBDgBPfg8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K +pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1mMpYjn0q7pBZ +c2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 +-----END CERTIFICATE----- + +Starfield Services Root Certificate Authority - G2 +================================================== +-----BEGIN CERTIFICATE----- +MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT +B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s +b2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRl +IEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNV +BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxT +dGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2VydmljZXMg +Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2 +h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4Pa +hHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLP +LJGmpufehRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFB +rMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqG +SIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPP +E95Dz+I0swSdHynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTy +xQGjhdByPq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd +iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jza +YyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6 +-----END CERTIFICATE----- + +AffirmTrust Commercial +====================== +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCVVMxFDAS +BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMB4XDTEw +MDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly +bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6Eqdb +DuKPHx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yrba0F8PrV +C8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPALMeIrJmqbTFeurCA+ukV6 +BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1yHp52UKqK39c/s4mT6NmgTWvRLpUHhww +MmWd5jyTXlBOeuM61G7MGvv50jeuJCqrVwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNV +HQ4EFgQUnZPGU4teyq8/nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYGXUPG +hi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNjvbz4YYCanrHOQnDi +qX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivtZ8SOyUOyXGsViQK8YvxO8rUzqrJv +0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9gN53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0kh +sUlHRUe072o0EclNmsxZt9YCnlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= +-----END CERTIFICATE----- + +AffirmTrust Networking +====================== +-----BEGIN CERTIFICATE----- +MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UEBhMCVVMxFDAS +BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMB4XDTEw +MDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly +bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SE +Hi3yYJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbuakCNrmreI +dIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRLQESxG9fhwoXA3hA/Pe24 +/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gb +h+0t+nvujArjqWaJGctB+d1ENmHP4ndGyH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNV +HQ4EFgQUBx/S55zawm6iQLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfOtDIu +UFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzuQY0x2+c06lkh1QF6 +12S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZLgo/bNjR9eUJtGxUAArgFU2HdW23 +WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4uolu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9 +/ZFvgrG+CJPbFEfxojfHRZ48x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= +-----END CERTIFICATE----- + +AffirmTrust Premium +=================== +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UEBhMCVVMxFDAS +BgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMB4XDTEwMDEy +OTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRy +dXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxBLfqV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtn +BKAQJG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ+jjeRFcV +5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrSs8PhaJyJ+HoAVt70VZVs ++7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmd +GPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d770O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5R +p9EixAqnOEhss/n/fauGV+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NI +S+LI+H+SqHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S5u04 +6uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4IaC1nEWTJ3s7xgaVY5 +/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TXOwF0lkLgAOIua+rF7nKsu7/+6qqo ++Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYEFJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB +/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByv +MiPIs0laUZx2KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg +Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B8OWycvpEgjNC +6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQMKSOyARiqcTtNd56l+0OOF6S +L5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK ++4w1IX2COPKpVJEZNZOUbWo6xbLQu4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmV +BtWVyuEklut89pMFu+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFg +IxpHYoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8GKa1qF60 +g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaORtGdFNrHF+QFlozEJLUb +zxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6eKeC2uAloGRwYQw== +-----END CERTIFICATE----- + +AffirmTrust Premium ECC +======================= +-----BEGIN CERTIFICATE----- +MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMCVVMxFDASBgNV +BAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQcmVtaXVtIEVDQzAeFw0xMDAx +MjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U +cnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAAQNMF4bFZ0D0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQ +N8O9ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0GA1UdDgQW +BBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAK +BggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/VsaobgxCd05DhT1wV/GzTjxi+zygk8N53X +57hG8f2h4nECMEJZh0PUUd+60wkyWs6Iflc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKM +eQ== +-----END CERTIFICATE----- + +Certum Trusted Network CA +========================= +-----BEGIN CERTIFICATE----- +MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQK +ExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIy +MTIwNzM3WhcNMjkxMjMxMTIwNzM3WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU +ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rHUV+rpDKmYYe2bg+G0jAC +l/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LMTXPb865Px1bVWqeWifrzq2jUI4ZZJ88J +J7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVUBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4 +fOQtf/WsX+sWn7Et0brMkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0 +cvW0QM8xAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNVHRMB +Af8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNVHQ8BAf8EBAMCAQYw +DQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15ysHhE49wcrwn9I0j6vSrEuVUEtRCj +jSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfLI9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1 +mS1FhIrlQgnXdAIv94nYmem8J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5aj +Zt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI +03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= +-----END CERTIFICATE----- + +TWCA Root Certification Authority +================================= +-----BEGIN CERTIFICATE----- +MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJ +VEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMzWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQG +EwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NB +IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFEAcK0HMMx +QhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HHK3XLfJ+utdGdIzdjp9xC +oi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeXRfwZVzsrb+RH9JlF/h3x+JejiB03HFyP +4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/zrX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1r +y+UPizgN7gr8/g+YnzAx3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB +BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkqhkiG +9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeCMErJk/9q56YAf4lC +mtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdlsXebQ79NqZp4VKIV66IIArB6nCWlW +QtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVY +T0bf+215WfKEIlKuD8z7fDvnaspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocny +Yh0igzyXxfkZYiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== +-----END CERTIFICATE----- + +Security Communication RootCA2 +============================== +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc +U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVuaWNh +dGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoXDTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMC +SlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3Vy +aXR5IENvbW11bmljYXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ANAVOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGrzbl+dp++ ++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVMVAX3NuRFg3sUZdbcDE3R +3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQhNBqyjoGADdH5H5XTz+L62e4iKrFvlNV +spHEfbmwhRkGeC7bYRr6hfVKkaHnFtWOojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1K +EOtOghY6rCcMU/Gt1SSwawNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8 +QIH4D5csOPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB +CwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpFcoJxDjrSzG+ntKEj +u/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXcokgfGT+Ok+vx+hfuzU7jBBJV1uXk +3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6q +tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29 +mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 +-----END CERTIFICATE----- + +Actalis Authentication Root CA +============================== +-----BEGIN CERTIFICATE----- +MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAM +BgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UE +AwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDky +MjExMjIwMlowazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlz +IFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 +IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJ +wkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZa +by/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6 +zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f +YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2 +oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2Fbe8l +EfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w6D9Fz8+vm2/7 +hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf1xcGDXqVdFUNaBr8 +EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5 +jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLY +iDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt +ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQALe3KHwGCmSUyI +WOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0 +JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKx +K3JCaKygvU5a2hi/a5iB0P2avl4VSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+ +Xlff1ANATIGk0k9jpwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC +4yyXX04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo +2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhz +lefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXem +OR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9 +vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== +-----END CERTIFICATE----- + +Buypass Class 2 Root CA +======================= +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU +QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMB4X +DTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1owTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1 +eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1 +g1Lr6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPVL4O2fuPn +9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC911K2GScuVr1QGbNgGE41b +/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHxMlAQTn/0hpPshNOOvEu/XAFOBz3cFIqU +CqTqc/sLUegTBxj6DvEr0VQVfTzh97QZQmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeff +awrbD02TTqigzXsu8lkBarcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgI +zRFo1clrUs3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLiFRhn +Bkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRSP/TizPJhk9H9Z2vX +Uq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN9SG9dKpN6nIDSdvHXx1iY8f93ZHs +M+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxPAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD +VR0OBBYEFMmAd+BikoL1RpzzuvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF +AAOCAgEAU18h9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s +A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3tOluwlN5E40EI +osHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo+fsicdl9sz1Gv7SEr5AcD48S +aq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYd +DnkM/crqJIByw5c/8nerQyIKx+u2DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWD +LfJ6v9r9jv6ly0UsH8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0 +oyLQI+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK75t98biGC +wWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h3PFaTWwyI0PurKju7koS +CTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPzY11aWOIv4x3kqdbQCtCev9eBCfHJxyYN +rJgWVqA= +-----END CERTIFICATE----- + +Buypass Class 3 Root CA +======================= +-----BEGIN CERTIFICATE----- +MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU +QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMyBSb290IENBMB4X +DTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFowTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1 +eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRH +sJ8YZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3EN3coTRiR +5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9tznDDgFHmV0ST9tD+leh +7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX0DJq1l1sDPGzbjniazEuOQAnFN44wOwZ +ZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH +2xc519woe2v1n/MuwU8XKhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV +/afmiSTYzIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvSO1UQ +RwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D34xFMFbG02SrZvPA +Xpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgPK9Dx2hzLabjKSWJtyNBjYt1gD1iq +j6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD +VR0OBBYEFEe4zf/lb+74suwvTg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF +AAOCAgEAACAjQTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV +cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXSIGrs/CIBKM+G +uIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2HJLw5QY33KbmkJs4j1xrG0aG +Q0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsaO5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8 +ZORK15FTAaggiG6cX0S5y2CBNOxv033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2 +KSb12tjE8nVhz36udmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz +6MkEkbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg413OEMXbug +UZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvDu79leNKGef9JOxqDDPDe +eOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq4/g7u9xN12TyUb7mqqta6THuBrxzvxNi +Cp/HuZc= +-----END CERTIFICATE----- + +T-TeleSec GlobalRoot Class 3 +============================ +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM +IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU +cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgx +MDAxMTAyOTU2WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz +dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD +ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK +9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YU +NpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZF +iP0Zf3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W +0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GCahKqGFPr +AyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGwUgC4TeQbIXQb +fsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzT +ucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7h +P0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml +e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWw== +-----END CERTIFICATE----- + +D-TRUST Root Class 3 CA 2 2009 +============================== +-----BEGIN CERTIFICATE----- +MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQK +DAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTAe +Fw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NThaME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxE +LVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOAD +ER03UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42tSHKXzlA +BF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9RySPocq60vFYJfxLLHLGv +KZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsMlFqVlNpQmvH/pStmMaTJOKDfHR+4CS7z +p+hnUquVH+BGPtikw8paxTGA6Eian5Rp/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUC +AwEAAaOCARowggEWMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ +4PGEMA4GA1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVjdG9y +eS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUyMENBJTIwMiUyMDIw +MDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwQ6BBoD+G +PWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAw +OS5jcmwwDQYJKoZIhvcNAQELBQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm +2H6NMLVwMeniacfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 +o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4KzCUqNQT4YJEV +dT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8PIWmawomDeCTmGCufsYkl4ph +X5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3YJohw1+qRzT65ysCQblrGXnRl11z+o+I= +-----END CERTIFICATE----- + +D-TRUST Root Class 3 CA 2 EV 2009 +================================= +-----BEGIN CERTIFICATE----- +MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK +DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw +OTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK +DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw +OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfS +egpnljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHh +zRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T +7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60 +sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure35 +11H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyv +cop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFwOi8v +ZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xhc3MlMjAzJTIwQ0El +MjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRp +b25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xh +c3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+ +PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 +nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lX +ANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudA +NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVv +w9y4AyHqnxbxLFS1 +-----END CERTIFICATE----- + +CA Disig Root R2 +================ +-----BEGIN CERTIFICATE----- +MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlNLMRMw +EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp +ZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQyMDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sx +EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp +c2lnIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbC +w3OeNcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNHPWSb6Wia +xswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3Ix2ymrdMxp7zo5eFm1tL7 +A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbeQTg06ov80egEFGEtQX6sx3dOy1FU+16S +GBsEWmjGycT6txOgmLcRK7fWV8x8nhfRyyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqV +g8NTEQxzHQuyRpDRQjrOQG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa +5Beny912H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJQfYE +koopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUDi/ZnWejBBhG93c+A +Ak9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORsnLMOPReisjQS1n6yqEm70XooQL6i +Fh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNV +HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5u +Qu0wDQYJKoZIhvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM +tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqfGopTpti72TVV +sRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkblvdhuDvEK7Z4bLQjb/D907Je +dR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka+elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W8 +1k/BfDxujRNt+3vrMNDcTa/F1balTFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjx +mHHEt38OFdAlab0inSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01 +utI3gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18DrG5gPcFw0 +sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3OszMOl6W8KjptlwlCFtaOg +UxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8xL4ysEr3vQCj8KWefshNPZiTEUxnpHikV +7+ZtsH8tZ/3zbBt1RqPlShfppNcL +-----END CERTIFICATE----- + +ACCVRAIZ1 +========= +-----BEGIN CERTIFICATE----- +MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UEAwwJQUNDVlJB +SVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQswCQYDVQQGEwJFUzAeFw0xMTA1 +MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQBgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwH +UEtJQUNDVjENMAsGA1UECgwEQUNDVjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQCbqau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gM +jmoYHtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWoG2ioPej0 +RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpAlHPrzg5XPAOBOp0KoVdD +aaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhrIA8wKFSVf+DuzgpmndFALW4ir50awQUZ +0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDG +WuzndN9wrqODJerWx5eHk6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs7 +8yM2x/474KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMOm3WR +5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpacXpkatcnYGMN285J +9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPluUsXQA+xtrn13k/c4LOsOxFwYIRK +Q26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYIKwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRw +Oi8vd3d3LmFjY3YuZXMvZmlsZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEu +Y3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 +VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeTVfZW6oHlNsyM +Hj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIGCCsGAQUFBwICMIIBFB6CARAA +QQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUAcgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBh +AO0AegAgAGQAZQAgAGwAYQAgAEEAQwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUA +YwBuAG8AbABvAGcA7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBj +AHQAcgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAAQwBQAFMA +IABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUAczAwBggrBgEFBQcCARYk +aHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2MuaHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0 +dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRtaW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2 +MV9kZXIuY3JsMA4GA1UdDwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZI +hvcNAQEFBQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdpD70E +R9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gUJyCpZET/LtZ1qmxN +YEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+mAM/EKXMRNt6GGT6d7hmKG9Ww7Y49 +nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepDvV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJ +TS+xJlsndQAJxGJ3KQhfnlmstn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3 +sCPdK6jT2iWH7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h +I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szAh1xA2syVP1Xg +Nce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xFd3+YJ5oyXSrjhO7FmGYvliAd +3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2HpPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3p +EfbRD0tVNEYqi4Y7 +-----END CERTIFICATE----- + +TWCA Global Root CA +=================== +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcxEjAQBgNVBAoT +CVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMTVFdDQSBHbG9iYWwgUm9vdCBD +QTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQK +EwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3Qg +Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2C +nJfF10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz0ALfUPZV +r2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfChMBwqoJimFb3u/Rk28OKR +Q4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbHzIh1HrtsBv+baz4X7GGqcXzGHaL3SekV +tTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1W +KKD+u4ZqyPpcC1jcxkt2yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99 +sy2sbZCilaLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYPoA/p +yJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQABDzfuBSO6N+pjWxn +kjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcEqYSjMq+u7msXi7Kx/mzhkIyIqJdI +zshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6g +cFGn90xHNcgL1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn +LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WFH6vPNOw/KP4M +8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNoRI2T9GRwoD2dKAXDOXC4Ynsg +/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlg +lPx4mI88k1HtQJAH32RjJMtOcQWh15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryP +A9gK8kxkRr05YuWW6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3m +i4TWnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5jwa19hAM8 +EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWzaGHQRiapIVJpLesux+t3 +zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmyKwbQBM0= +-----END CERTIFICATE----- + +TeliaSonera Root CA v1 +====================== +-----BEGIN CERTIFICATE----- +MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAwNzEUMBIGA1UE +CgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJvb3QgQ0EgdjEwHhcNMDcxMDE4 +MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwW +VGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+ +6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA +3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75Ljo1k +B1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJjmhn +Xb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxH +oLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3 +F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJ +oWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4pgd7 +gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTwEhDc +TwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVNAgMB +AAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qW +DNXr+nuqF+gTEjANBgkqhkiG9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNm +zqjMDfz1mgbldxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx +0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1TjTQpgcmLNkQfW +pb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBedY2gea+zDTYa4EzAvXUYNR0PV +G6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpc +c41teyWRyu5FrgZLAMzTsVlQ2jqIOylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOT +JsjrDNYmiLbAJM+7vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2 +qReWt88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcnHL/EVlP6 +Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVxSK236thZiNSQvxaz2ems +WWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= +-----END CERTIFICATE----- + +T-TeleSec GlobalRoot Class 2 +============================ +-----BEGIN CERTIFICATE----- +MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM +IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU +cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgx +MDAxMTA0MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz +dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD +ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqvNK38DcLZ +SBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/F +vudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx970 +2cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGV +WOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGjQjBA +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXy +YdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhyNsZt+U2e+iKo4YFWz827n+qrkRk4 +r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNf +vNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR +3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN +9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6Fuwg== +-----END CERTIFICATE----- + +Atos TrustedRoot 2011 +===================== +-----BEGIN CERTIFICATE----- +MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UEAwwVQXRvcyBU +cnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0xMTA3MDcxNDU4 +MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMMFUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsG +A1UECgwEQXRvczELMAkGA1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV +hTuXbyo7LjvPpvMpNb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr +54rMVD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+SZFhyBH+ +DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ4J7sVaE3IqKHBAUsR320 +HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0Lcp2AMBYHlT8oDv3FdU9T1nSatCQujgKR +z3bFmx5VdJx4IbHwLfELn8LVlhgf8FQieowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7R +l+lwrrw7GWzbITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZ +bNshMBgGA1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB +CwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8jvZfza1zv7v1Apt+h +k6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kPDpFrdRbhIfzYJsdHt6bPWHJxfrrh +TZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pcmaHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a9 +61qn8FYiqTxlVMYVqL2Gns2Dlmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G +3mB/ufNPRJLvKrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed +-----END CERTIFICATE----- + +QuoVadis Root CA 1 G3 +===================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQELBQAwSDELMAkG +A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv +b3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJN +MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEg +RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakE +PBtVwedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWerNrwU8lm +PNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF34168Xfuw6cwI2H44g4hWf6 +Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh4Pw5qlPafX7PGglTvF0FBM+hSo+LdoIN +ofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXpUhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/l +g6AnhF4EwfWQvTA9xO+oabw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV +7qJZjqlc3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/GKubX +9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSthfbZxbGL0eUQMk1f +iyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KOTk0k+17kBL5yG6YnLUlamXrXXAkg +t3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOtzCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZI +hvcNAQELBQADggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC +MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2cDMT/uFPpiN3 +GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUNqXsCHKnQO18LwIE6PWThv6ct +Tr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP ++V04ikkwj+3x6xn0dxoxGE1nVGwvb2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh +3jRJjehZrJ3ydlo28hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fa +wx/kNSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNjZgKAvQU6 +O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhpq1467HxpvMc7hU6eFbm0 +FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFtnh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOV +hMJKzRwuJIczYOXD +-----END CERTIFICATE----- + +QuoVadis Root CA 2 G3 +===================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQELBQAwSDELMAkG +A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv +b3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJN +MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIg +RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFh +ZiFfqq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMWn4rjyduY +NM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ymc5GQYaYDFCDy54ejiK2t +oIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+O7q414AB+6XrW7PFXmAqMaCvN+ggOp+o +MiwMzAkd056OXbxMmO7FGmh77FOm6RQ1o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+l +V0POKa2Mq1W/xPtbAd0jIaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZo +L1NesNKqIcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz8eQQ +sSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43ehvNURG3YBZwjgQQvD +6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l7ZizlWNof/k19N+IxWA1ksB8aRxh +lRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALGcC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZI +hvcNAQELBQADggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 +AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RCroijQ1h5fq7K +pVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0GaW/ZZGYjeVYg3UQt4XAoeo0L9 +x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4nlv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgz +dWqTHBLmYF5vHX/JHyPLhGGfHoJE+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6X +U/IyAgkwo1jwDQHVcsaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+Nw +mNtddbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNgKCLjsZWD +zYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeMHVOyToV7BjjHLPj4sHKN +JeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4WSr2Rz0ZiC3oheGe7IUIarFsNMkd7Egr +O3jtZsSOeWmD3n+M +-----END CERTIFICATE----- + +QuoVadis Root CA 3 G3 +===================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQELBQAwSDELMAkG +A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv +b3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJN +MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMg +RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286 +IxSR/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNuFoM7pmRL +Mon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXRU7Ox7sWTaYI+FrUoRqHe +6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+cra1AdHkrAj80//ogaX3T7mH1urPnMNA3 +I4ZyYUUpSFlob3emLoG+B01vr87ERRORFHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3U +VDmrJqMz6nWB2i3ND0/kA9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f7 +5li59wzweyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634RylsSqi +Md5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBpVzgeAVuNVejH38DM +dyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0QA4XN8f+MFrXBsj6IbGB/kE+V9/Yt +rQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZI +hvcNAQELBQADggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px +KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnIFUBhynLWcKzS +t/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5WvvoxXqA/4Ti2Tk08HS6IT7SdEQ +TXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFgu/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9Du +DcpmvJRPpq3t/O5jrFc/ZSXPsoaP0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGib +Ih6BJpsQBJFxwAYf3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmD +hPbl8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+DhcI00iX +0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HNPlopNLk9hM6xZdRZkZFW +dSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ywaZWWDYWGWVjUTR939+J399roD1B0y2 +PpxxVJkES/1Y+Zj0 +-----END CERTIFICATE----- + +DigiCert Assured ID Root G2 +=========================== +-----BEGIN CERTIFICATE----- +MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw +IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgw +MTE1MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL +ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSAn61UQbVH +35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4HteccbiJVMWWXvdMX0h5i89vq +bFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9HpEgjAALAcKxHad3A2m67OeYfcgnDmCXRw +VWmvo2ifv922ebPynXApVfSr/5Vh88lAbx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OP +YLfykqGxvYmJHzDNw6YuYjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+Rn +lTGNAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTO +w0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPIQW5pJ6d1Ee88hjZv +0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I0jJmwYrA8y8678Dj1JGG0VDjA9tz +d29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4GnilmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAW +hsI6yLETcDbYz+70CjTVW0z9B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0M +jomZmWzwPDCvON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo +IhNzbM8m9Yop5w== +-----END CERTIFICATE----- + +DigiCert Assured ID Root G3 +=========================== +-----BEGIN CERTIFICATE----- +MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYD +VQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1 +MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJfZn4f5dwb +RXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17QRSAPWXYQ1qAk8C3eNvJs +KTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgF +UaFNN6KDec6NHSrkhDAKBggqhkjOPQQDAwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5Fy +YZ5eEJJZVrmDxxDnOOlYJjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy +1vUhZscv6pZjamVFkpUBtA== +-----END CERTIFICATE----- + +DigiCert Global Root G2 +======================= +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw +HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUx +MjAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 +dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkq +hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI2/Ou8jqJ +kTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx1x7e/dfgy5SDN67sH0NO +3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQq2EGnI/yuum06ZIya7XzV+hdG82MHauV +BJVJ8zUtluNJbd134/tJS7SsVQepj5WztCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyM +UNGPHgm+F6HmIcr9g+UQvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQAB +o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV5uNu +5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY1Yl9PMWLSn/pvtsr +F9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4NeF22d+mQrvHRAiGfzZ0JFrabA0U +WTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBH +QRFXGU7Aj64GxJUTFy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/ +iyK5S9kJRaTepLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl +MrY= +-----END CERTIFICATE----- + +DigiCert Global Root G3 +======================= +-----BEGIN CERTIFICATE----- +MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJV +UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYD +VQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAw +MDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5k +aWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0C +AQYFK4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6O +YwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNp +Yim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y +3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34 +VOKa5Vt8sycX +-----END CERTIFICATE----- + +DigiCert Trusted Root G4 +======================== +-----BEGIN CERTIFICATE----- +MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBiMQswCQYDVQQG +EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEw +HwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1 +MTIwMDAwWjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEp +pz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllVcq9o +k3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7Fsa +vOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGY +QJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6 +MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtm +mnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7 +f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFH +dL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8 +oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud +DwEB/wQEAwIBhjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD +ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2SV1EY+CtnJYY +ZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd+SeuMIW59mdNOj6PWTkiU0Tr +yF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWcfFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy +7zBZLq7gcfJW5GqXb5JQbZaNaHqasjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iah +ixTXTBmyUEFxPT9NcCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN +5r5N0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie4u1Ki7wb +/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mIr/OSmbaz5mEP0oUA51Aa +5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tK +G48BtieVU+i2iW1bvGjUI+iLUaJW+fCmgKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP +82Z+ +-----END CERTIFICATE----- + +COMODO RSA Certification Authority +================================== +-----BEGIN CERTIFICATE----- +MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE +BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG +A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC +R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE +ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn +dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ +FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+ +5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG +x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX +2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL +OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3 +sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C +GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5 +WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E +FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt +rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+ +nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg +tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW +sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp +pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA +zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq +ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52 +7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I +LaZRfyHBNVOFBkpdn627G190 +-----END CERTIFICATE----- + +USERTrust RSA Certification Authority +===================================== +-----BEGIN CERTIFICATE----- +MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UE +BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK +ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UE +BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK +ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh +dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCAEmUXNg7D2wiz +0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2j +Y0K2dvKpOyuR+OJv0OwWIJAJPuLodMkYtJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFn +RghRy4YUVD+8M/5+bJz/Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O ++T23LLb2VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT79uq +/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6c0Plfg6lZrEpfDKE +Y1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmTYo61Zs8liM2EuLE/pDkP2QKe6xJM +lXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97lc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8 +yexDJtC/QV9AqURE9JnnV4eeUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+ +eLf8ZxXhyVeEHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd +BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF +MAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPFUp/L+M+ZBn8b2kMVn54CVVeW +FPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KOVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ +7l8wXEskEVX/JJpuXior7gtNn3/3ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQ +Eg9zKC7F4iRO/Fjs8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM +8WcRiQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYzeSf7dNXGi +FSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZXHlKYC6SQK5MNyosycdi +yA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9c +J2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRBVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGw +sAvgnEzDHNb842m1R0aBL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gx +Q+6IHdfGjjxDah2nGN59PRbxYvnKkKj9 +-----END CERTIFICATE----- + +USERTrust ECC Certification Authority +===================================== +-----BEGIN CERTIFICATE----- +MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMC +VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU +aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqfloI+d61SRvU8Za2EurxtW2 +0eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinngo4N+LZfQYcTxmdwlkWOrfzCjtHDix6Ez +nPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNV +HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBB +HU6+4WMBzzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbWRNZu +9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= +-----END CERTIFICATE----- + +GlobalSign ECC Root CA - R5 +=========================== +-----BEGIN CERTIFICATE----- +MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEkMCIGA1UECxMb +R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD +EwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMb +R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD +EwpHbG9iYWxTaWduMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6 +SFkc8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8kehOvRnkmS +h5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYIKoZIzj0EAwMDaAAwZQIxAOVpEslu28Yx +uglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7 +yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL+SvzZpA3 +-----END CERTIFICATE----- + +IdenTrust Commercial Root CA 1 +============================== +-----BEGIN CERTIFICATE----- +MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQG +EwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS +b290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzES +MBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENB +IDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ld +hNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU+ehcCuz/ +mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gpS0l4PJNgiCL8mdo2yMKi +1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1bVoE/c40yiTcdCMbXTMTEl3EASX2MN0C +XZ/g1Ue9tOsbobtJSdifWwLziuQkkORiT0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl +3ZBWzvurpWCdxJ35UrCLvYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzy +NeVJSQjKVsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzV +WYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAg +xGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHix +uuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZI +hvcNAQELBQADggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH +6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqas6pg +ghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cndJZ5t+qnt +ozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmV +YjzlVYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUX +feu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/ro +kTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG4iZZRHUe +2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZmUlO+KWA2yUPHGNiiskz +Z2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7R +cGzM7vRX+Bi6hG6H +-----END CERTIFICATE----- + +IdenTrust Public Sector Root CA 1 +================================= +-----BEGIN CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG +EwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3Rv +ciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcNMzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJV +UzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBS +b290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTy +P4o7ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6 +Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXI +rcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESf +qy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoS +mJxZZoY+rfGwyj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFn +ol57plzy9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9VGxyh +LrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctscvG29ZV/v +iDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKiq3IXAAaOReyL +4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8B +Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMw +DQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj +t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHVDRDtfULAj+7A +mgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9TaDKQGXSc3z1i9kKlT/YPyNt +GtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8GlwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFt +m6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMx +NRF4eKLg6TCMf4DfWN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4 +Mhn5+bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDI +ajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vC +ZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ +3Wl9af0AVqW3rLatt8o+Ae+c +-----END CERTIFICATE----- + +Entrust Root Certification Authority - G2 +========================================= +-----BEGIN CERTIFICATE----- +MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNV +BAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVy +bXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ug +b25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIw +HhcNMDkwNzA3MTcyNTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoT +DUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMx +OTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25s +eTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP +/vaCeb9zYQYKpSfYs1/TRU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXz +HHfV1IWNcCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hWwcKU +s/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1U1+cPvQXLOZprE4y +TGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0jaWvYkxN4FisZDQSA/i2jZRjJKRx +AgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ6 +0B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5Z +iXMRrEPR9RP/jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ +Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v1fN2D807iDgi +nWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4RnAuknZoh8/CbCzB428Hch0P+ +vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmHVHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xO +e4pIb4tF9g== +-----END CERTIFICATE----- + +Entrust Root Certification Authority - EC1 +========================================== +-----BEGIN CERTIFICATE----- +MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkGA1UEBhMCVVMx +FjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVn +YWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXpl +ZCB1c2Ugb25seTEzMDEGA1UEAxMqRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 +IC0gRUMxMB4XDTEyMTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYw +FAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2Fs +LXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQg +dXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt +IEVDMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHy +AsWfoPZb1YsGGYZPUxBtByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef +9eNi1KlHBz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE +FLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVCR98crlOZF7ZvHH3h +vxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nXhTcGtXsI/esni0qU+eH6p44mCOh8 +kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G +-----END CERTIFICATE----- + +CFCA EV ROOT +============ +-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJDTjEwMC4GA1UE +CgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNB +IEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkxMjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEw +MC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQD +DAxDRkNBIEVWIFJPT1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnV +BU03sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpLTIpTUnrD +7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5/ZOkVIBMUtRSqy5J35DN +uF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp7hZZLDRJGqgG16iI0gNyejLi6mhNbiyW +ZXvKWfry4t3uMCz7zEasxGPrb382KzRzEpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7 +xzbh72fROdOXW3NiGUgthxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9f +py25IGvPa931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqotaK8K +gWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNgTnYGmE69g60dWIol +hdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfVPKPtl8MeNPo4+QgO48BdK4PRVmrJ +tqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hvcWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAf +BgNVHSMEGDAWgBTj/i39KNALtbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB +/wQEAwIBBjAdBgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB +ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObTej/tUxPQ4i9q +ecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdLjOztUmCypAbqTuv0axn96/Ua +4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBSESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sG +E5uPhnEFtC+NiWYzKXZUmhH4J/qyP5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfX +BDrDMlI1Dlb4pd19xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjn +aH9dCi77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN5mydLIhy +PDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe/v5WOaHIz16eGWRGENoX +kbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+ZAAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3C +ekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su +-----END CERTIFICATE----- + +OISTE WISeKey Global Root GB CA +=============================== +-----BEGIN CERTIFICATE----- +MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQG +EwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl +ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAw +MzJaFw0zOTEyMDExNTEwMzFaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYD +VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEds +b2JhbCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3HEokKtaX +scriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGxWuR51jIjK+FTzJlFXHtP +rby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk +9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNku7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4o +Qnc/nSMbsrY9gBQHTC5P99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvg +GUpuuy9rM2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZI +hvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrghcViXfa43FK8+5/ea4n32cZiZBKpD +dHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0 +VQreUGdNZtGn//3ZwLWoo4rOZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEui +HZeeevJuQHHfaPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic +Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= +-----END CERTIFICATE----- + +SZAFIR ROOT CA2 +=============== +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQELBQAwUTELMAkG +A1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6ZW5pb3dhIFMuQS4xGDAWBgNV +BAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkwNzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJ +BgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYD +VQQDDA9TWkFGSVIgUk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5Q +qEvNQLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT3PSQ1hNK +DJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw3gAeqDRHu5rr/gsUvTaE +2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr63fE9biCloBK0TXC5ztdyO4mTp4CEHCdJ +ckm1/zuVnsHMyAHs6A6KCpbns6aH5db5BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwi +ieDhZNRnvDF5YTy7ykHNXGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsFAAOC +AQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw8PRBEew/R40/cof5 +O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOGnXkZ7/e7DDWQw4rtTw/1zBLZpD67 +oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCPoky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul +4+vJhaAlIDf7js4MNIThPIGyd05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6 ++/NNIxuZMzSgLvWpCz/UXeHPhJ/iGcJfitYgHuNztw== +-----END CERTIFICATE----- + +Certum Trusted Network CA 2 +=========================== +-----BEGIN CERTIFICATE----- +MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UE +BhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1 +bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGA1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29y +ayBDQSAyMCIYDzIwMTExMDA2MDgzOTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQ +TDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENl +cnRpZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENB +IDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWADGSdhhuWZGc/IjoedQF9 +7/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+o +CgCXhVqqndwpyeI1B+twTUrWwbNWuKFBOJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40b +Rr5HMNUuctHFY9rnY3lEfktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2p +uTRZCr+ESv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1mo130 +GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02isx7QBlrd9pPPV3WZ +9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOWOZV7bIBaTxNyxtd9KXpEulKkKtVB +Rgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgezTv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pye +hizKV/Ma5ciSixqClnrDvFASadgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vM +BhBgu4M1t15n3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI +hvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQF/xlhMcQSZDe28cmk4gmb3DW +Al45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTfCVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuA +L55MYIR4PSFk1vtBHxgP58l1cb29XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMo +clm2q8KMZiYcdywmdjWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tM +pkT/WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jbAoJnwTnb +w3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksqP/ujmv5zMnHCnsZy4Ypo +J/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Kob7a6bINDd82Kkhehnlt4Fj1F4jNy3eFm +ypnTycUm/Q1oBEauttmbjL4ZvrHG8hnjXALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLX +is7VmFxWlgPF7ncGNf/P5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7 +zAYspsbiDrW5viSP +-----END CERTIFICATE----- + +Hellenic Academic and Research Institutions RootCA 2015 +======================================================= +-----BEGIN CERTIFICATE----- +MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcT +BkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0 +aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl +YXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAx +MTIxWjCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMg +QWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNV +BAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIw +MTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDC+Kk/G4n8PDwEXT2QNrCROnk8Zlrv +bTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+eh +iGsxr/CL0BgzuNtFajT0AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+ +6PAQZe104S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06CojXd +FPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV9Cz82XBST3i4vTwr +i5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrDgfgXy5I2XdGj2HUb4Ysn6npIQf1F +GQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2 +fu/Z8VFRfS0myGlZYeCsargqNhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9mu +iNX6hME6wGkoLfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc +Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD +AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVdctA4GGqd83EkVAswDQYJKoZI +hvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0IXtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+ +D1hYc2Ryx+hFjtyp8iY/xnmMsVMIM4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrM +d/K4kPFox/la/vot9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+y +d+2VZ5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/eaj8GsGsVn +82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnhX9izjFk0WaSrT2y7Hxjb +davYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQl033DlZdwJVqwjbDG2jJ9SrcR5q+ss7F +Jej6A7na+RZukYT1HCjI/CbM1xyQVqdfbzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVt +J94Cj8rDtSvK6evIIVM4pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGa +JI7ZjnHKe7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0vm9q +p/UsQu0yrbYhnr68 +-----END CERTIFICATE----- + +Hellenic Academic and Research Institutions ECC RootCA 2015 +=========================================================== +-----BEGIN CERTIFICATE----- +MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0 +aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u +cyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj +aCBJbnN0aXR1dGlvbnMgRUNDIFJvb3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEw +MzcxMlowgaoxCzAJBgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmlj +IEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUQwQgYD +VQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIEVDQyBSb290 +Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKgQehLgoRc4vgxEZmGZE4JJS+dQS8KrjVP +dJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJajq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoK +Vlp8aQuqgAkkbH7BRqNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O +BBYEFLQiC4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaeplSTA +GiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7SofTUwJCA3sS61kFyjn +dc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR +-----END CERTIFICATE----- + +ISRG Root X1 +============ +-----BEGIN CERTIFICATE----- +MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UE +BhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQD +EwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQG +EwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMT +DElTUkcgUm9vdCBYMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54r +Vygch77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+0TM8ukj1 +3Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6UA5/TR5d8mUgjU+g4rk8K +b4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sWT8KOEUt+zwvo/7V3LvSye0rgTBIlDHCN +Aymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyHB5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ +4Q7e2RCOFvu396j3x+UCB5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf +1b0SHzUvKBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWnOlFu +hjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTnjh8BCNAw1FtxNrQH +usEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbwqHyGO0aoSCqI3Haadr8faqU9GY/r +OPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CIrU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4G +A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY +9umbbjANBgkqhkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL +ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ3BebYhtF8GaV +0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KKNFtY2PwByVS5uCbMiogziUwt +hDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJw +TdwJx4nLCgdNbOhdjsnvzqvHu7UrTkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nx +e5AW0wdeRlN8NwdCjNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZA +JzVcoyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq4RgqsahD +YVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPAmRGunUHBcnWEvgJBQl9n +JEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57demyPxgcYxn/eR44/KJ4EBs+lVDR3veyJ +m+kXQ99b21/+jh5Xos1AnX5iItreGCc= +-----END CERTIFICATE----- + +AC RAIZ FNMT-RCM +================ +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNVBAYT +AkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTAeFw0wODEw +MjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJD +TTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBALpxgHpMhm5/yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcf +qQgfBBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAzWHFctPVr +btQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxFtBDXaEAUwED653cXeuYL +j2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z374jNUUeAlz+taibmSXaXvMiwzn15Cou +08YfxGyqxRxqAQVKL9LFwag0Jl1mpdICIfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mw +WsXmo8RZZUc1g16p6DULmbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnT +tOmlcYF7wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peSMKGJ +47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2ZSysV4999AeU14EC +ll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMetUqIJ5G+GR4of6ygnXYMgrwTJbFaa +i0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE +FPd9xf3E6Jobd2Sn9R2gzL+HYJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1o +dHRwOi8vd3d3LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD +nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1RXxlDPiyN8+s +D8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYMLVN0V2Ue1bLdI4E7pWYjJ2cJ +j+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrT +Qfv6MooqtyuGC2mDOL7Nii4LcK2NJpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW ++YJF1DngoABd15jmfZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7 +Ixjp6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp1txyM/1d +8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B9kiABdcPUXmsEKvU7ANm +5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wokRqEIr9baRRmW1FMdW4R58MD3R++Lj8UG +rp1MYp3/RgT408m2ECVAdf4WqslKYIYvuu8wd+RU4riEmViAqhOLUTpPSPaLtrM= +-----END CERTIFICATE----- + +Amazon Root CA 1 +================ +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsFADA5MQswCQYD +VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMB4XDTE1 +MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv +bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBALJ4gHHKeNXjca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgH +FzZM9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qwIFAGbHrQ +gLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6VOujw5H5SNz/0egwLX0t +dHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L93FcXmn/6pUCyziKrlA4b9v7LWIbxcce +VOF34GfID5yHI9Y/QCB/IIDEgEw+OyQmjgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3 +DQEBCwUAA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDIU5PM +CCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUsN+gDS63pYaACbvXy +8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vvo/ufQJVtMVT8QtPHRh8jrdkPSHCa +2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2 +xJNDd2ZhwLnoQdeXeGADbkpyrqXRfboQnoZsG4q5WTP468SQvvG5 +-----END CERTIFICATE----- + +Amazon Root CA 2 +================ +-----BEGIN CERTIFICATE----- +MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwFADA5MQswCQYD +VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAyMB4XDTE1 +MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv +bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBAK2Wny2cSkxKgXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4 +kHbZW0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg1dKmSYXp +N+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K8nu+NQWpEjTj82R0Yiw9 +AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvd +fLC6HM783k81ds8P+HgfajZRRidhW+mez/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAEx +kv8LV/SasrlX6avvDXbR8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSS +btqDT6ZjmUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz7Mt0 +Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6+XUyo05f7O0oYtlN +c/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI0u1ufm8/0i2BWSlmy5A5lREedCf+ +3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSw +DPBMMPQFWAJI/TPlUq9LhONmUjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oA +A7CXDpO8Wqj2LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY ++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kSk5Nrp+gvU5LE +YFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl7uxMMne0nxrpS10gxdr9HIcW +xkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygmbtmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQ +gj9sAq+uEjonljYE1x2igGOpm/HlurR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbW +aQbLU8uz/mtBzUF+fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoV +Yh63n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE76KlXIx3 +KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H9jVlpNMKVv/1F2Rs76gi +JUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT4PsJYGw= +-----END CERTIFICATE----- + +Amazon Root CA 3 +================ +-----BEGIN CERTIFICATE----- +MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5MQswCQYDVQQG +EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAzMB4XDTE1MDUy +NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ +MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZB +f8ANm+gBG1bG8lKlui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjr +Zt6jQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSrttvXBp43 +rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkrBqWTrBqYaGFy+uGh0Psc +eGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteMYyRIHN8wfdVoOw== +-----END CERTIFICATE----- + +Amazon Root CA 4 +================ +-----BEGIN CERTIFICATE----- +MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5MQswCQYDVQQG +EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSA0MB4XDTE1MDUy +NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ +MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN +/sGKe0uoe0ZLY7Bi9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri +83BkM6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WBMAoGCCqGSM49BAMDA2gA +MGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlwCkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1 +AE47xDqUEpHJWEadIRNyp4iciuRMStuW1KyLa2tJElMzrdfkviT8tQp21KW8EA== +-----END CERTIFICATE----- + +TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 +============================================= +-----BEGIN CERTIFICATE----- +MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIxGDAWBgNVBAcT +D0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxpbXNlbCB2ZSBUZWtub2xvamlr +IEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0wKwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24g +TWVya2V6aSAtIEthbXUgU00xNjA0BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRp +ZmlrYXNpIC0gU3VydW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYD +VQQGEwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXllIEJpbGlt +c2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklUQUsxLTArBgNVBAsTJEth +bXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBTTTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11 +IFNNIFNTTCBLb2sgU2VydGlmaWthc2kgLSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAr3UwM6q7a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y8 +6Ij5iySrLqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INrN3wc +wv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2XYacQuFWQfw4tJzh0 +3+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/iSIzL+aFCr2lqBs23tPcLG07xxO9 +WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4fAJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQU +ZT/HiobGPN08VFw1+DrtUgxHV8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ +KoZIhvcNAQELBQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh +AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPfIPP54+M638yc +lNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4lzwDGrpDxpa5RXI4s6ehlj2R +e37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0j +q5Rm+K37DwhuJi1/FwcJsoz7UMCflo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= +-----END CERTIFICATE----- + +GDCA TrustAUTH R5 ROOT +====================== +-----BEGIN CERTIFICATE----- +MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCQ04xMjAw +BgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8wHQYDVQQD +DBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVow +YjELMAkGA1UEBhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ +IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJjDp6L3TQs +AlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBjTnnEt1u9ol2x8kECK62p +OqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+uKU49tm7srsHwJ5uu4/Ts765/94Y9cnrr +pftZTqfrlYwiOXnhLQiPzLyRuEH3FMEjqcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ +9Cy5WmYqsBebnh52nUpmMUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQ +xXABZG12ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloPzgsM +R6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3GkL30SgLdTMEZeS1SZ +D2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeCjGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4 +oR24qoAATILnsn8JuLwwoC8N9VKejveSswoAHQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx +9hoh49pwBiFYFIeFd3mqgnkCAwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlR +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg +p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZmDRd9FBUb1Ov9 +H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5COmSdI31R9KrO9b7eGZONn35 +6ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ryL3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd ++PwyvzeG5LuOmCd+uh8W4XAR8gPfJWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQ +HtZa37dG/OaG+svgIHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBD +F8Io2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV09tL7ECQ +8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQXR4EzzffHqhmsYzmIGrv +/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrqT8p+ck0LcIymSLumoRT2+1hEmRSuqguT +aaApJUqlyyvdimYHFngVV3Eb7PVHhPOeMTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== +-----END CERTIFICATE----- + +SSL.com Root Certification Authority RSA +======================================== +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxDjAM +BgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24x +MTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYw +MjEyMTczOTM5WhcNNDEwMjEyMTczOTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx +EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NM +LmNvbSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcNAQEBBQAD +ggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2RxFdHaxh3a3by/ZPkPQ/C +Fp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aXqhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8 +P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcCC52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/ge +oeOy3ZExqysdBP+lSgQ36YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkp +k8zruFvh/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrFYD3Z +fBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93EJNyAKoFBbZQ+yODJ +gUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVcUS4cK38acijnALXRdMbX5J+tB5O2 +UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi8 +1xtZPCvM8hnIk2snYxnP/Okm+Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4s +bE6x/c+cCbqiM+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV +HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4GA1UdDwEB/wQE +AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGVcpNxJK1ok1iOMq8bs3AD/CUr +dIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBcHadm47GUBwwyOabqG7B52B2ccETjit3E+ZUf +ijhDPwGFpUenPUayvOUiaPd7nNgsPgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAsl +u1OJD7OAUN5F7kR/q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjq +erQ0cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jra6x+3uxj +MxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90IH37hVZkLId6Tngr75qNJ +vTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/YK9f1JmzJBjSWFupwWRoyeXkLtoh/D1JI +Pb9s2KJELtFOt3JY04kTlf5Eq/jXixtunLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406y +wKBjYZC6VWg3dGq2ktufoYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NI +WuuA8ShYIc2wBlX7Jz9TkHCpBB5XJ7k= +-----END CERTIFICATE----- + +SSL.com Root Certification Authority ECC +======================================== +-----BEGIN CERTIFICATE----- +MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMCVVMxDjAMBgNV +BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xMTAv +BgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEy +MTgxNDAzWhcNNDEwMjEyMTgxNDAzWjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAO +BgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv +bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI7Z4INcgn64mMU1jrYor+ +8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPgCemB+vNH06NjMGEwHQYDVR0OBBYEFILR +hXMw5zUE044CkvvlpNHEIejNMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTT +jgKS++Wk0cQh6M0wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCW +e+0F+S8Tkdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+gA0z +5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl +-----END CERTIFICATE----- + +SSL.com EV Root Certification Authority RSA R2 +============================================== +-----BEGIN CERTIFICATE----- +MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMQ4w +DAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9u +MTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy +MB4XDTE3MDUzMTE4MTQzN1oXDTQyMDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQI +DAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYD +VQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvqM0fNTPl9fb69LT3w23jh +hqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssufOePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7w +cXHswxzpY6IXFJ3vG2fThVUCAtZJycxa4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTO +Zw+oz12WGQvE43LrrdF9HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+ +B6KjBSYRaZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcAb9Zh +CBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQGp8hLH94t2S42Oim +9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQVPWKchjgGAGYS5Fl2WlPAApiiECto +RHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMOpgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+Slm +JuwgUHfbSguPvuUCYHBBXtSuUDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48 ++qvWBkofZ6aYMBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV +HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa49QaAJadz20Zp +qJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBWs47LCp1Jjr+kxJG7ZhcFUZh1 +++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nx +Y/hoLVUE0fKNsKTPvDxeH3jnpaAgcLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2G +guDKBAdRUNf/ktUM79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDz +OFSz/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXtll9ldDz7 +CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEmKf7GUmG6sXP/wwyc5Wxq +lD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKKQbNmC1r7fSOl8hqw/96bg5Qu0T/fkreR +rwU7ZcegbLHNYhLDkBvjJc40vG93drEQw/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1 +hlMYegouCRw2n5H9gooiS9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX +9hwJ1C07mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== +-----END CERTIFICATE----- + +SSL.com EV Root Certification Authority ECC +=========================================== +-----BEGIN CERTIFICATE----- +MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxDjAMBgNV +BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xNDAy +BgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYw +MjEyMTgxNTIzWhcNNDEwMjEyMTgxNTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx +EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NM +LmNvbSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB +BAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMAVIbc/R/fALhBYlzccBYy +3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1KthkuWnBaBu2+8KGwytAJKaNjMGEwHQYDVR0O +BBYEFFvKXuXe0oGqzagtZFG22XKbl+ZPMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe +5d7SgarNqC1kUbbZcpuX5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJ +N+vp1RPZytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mm +m7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== +-----END CERTIFICATE----- + +GlobalSign Root CA - R6 +======================= +-----BEGIN CERTIFICATE----- +MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEgMB4GA1UECxMX +R2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds +b2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQxMjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9i +YWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFs +U2lnbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQss +grRIxutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1kZguSgMpE +3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxDaNc9PIrFsmbVkJq3MQbF +vuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJwLnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqM +PKq0pPbzlUoSB239jLKJz9CgYXfIWHSw1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+ +azayOeSsJDa38O+2HBNXk7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05O +WgtH8wY2SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/hbguy +CLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4nWUx2OVvq+aWh2IMP +0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpYrZxCRXluDocZXFSxZba/jJvcE+kN +b7gu3GduyYsRtYQUigAZcIN5kZeR1BonvzceMgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQE +AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNV +HSMEGDAWgBSubAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN +nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGtIxg93eFyRJa0 +lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr6155wsTLxDKZmOMNOsIeDjHfrY +BzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLjvUYAGm0CuiVdjaExUd1URhxN25mW7xocBFym +Fe944Hn+Xds+qkxV/ZoVqW/hpvvfcDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr +3TsTjxKM4kEaSHpzoHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB1 +0jZpnOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfspA9MRf/T +uTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+vJJUEeKgDu+6B5dpffItK +oZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+t +JDfLRVpOoERIyNiwmcUVhAn21klJwGW45hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA= +-----END CERTIFICATE----- + +OISTE WISeKey Global Root GC CA +=============================== +-----BEGIN CERTIFICATE----- +MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQswCQYDVQQGEwJD +SDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEo +MCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRa +Fw00MjA1MDkwOTU4MzNaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQL +ExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh +bCBSb290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4nieUqjFqdr +VCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4Wp2OQ0jnUsYd4XxiWD1Ab +NTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd +BgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7TrYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0E +AwMDaAAwZQIwJsdpW9zV57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtk +AjEA2zQgMgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9 +-----END CERTIFICATE----- + +UCA Global G2 Root +================== +-----BEGIN CERTIFICATE----- +MIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9MQswCQYDVQQG +EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBHbG9iYWwgRzIgUm9vdDAeFw0x +NjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0xCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlU +cnVzdDEbMBkGA1UEAwwSVUNBIEdsb2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAxeYrb3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmT +oni9kmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzmVHqUwCoV +8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/RVogvGjqNO7uCEeBHANBS +h6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDcC/Vkw85DvG1xudLeJ1uK6NjGruFZfc8o +LTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIjtm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/ +R+zvWr9LesGtOxdQXGLYD0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBe +KW4bHAyvj5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6DlNaBa +4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6iIis7nCs+dwp4wwc +OxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznPO6Q0ibd5Ei9Hxeepl2n8pndntd97 +8XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O +BBYEFIHEjMz15DD/pQwIX4wVZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo +5sOASD0Ee/ojL3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5 +1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl1qnN3e92mI0A +Ds0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oUb3n09tDh05S60FdRvScFDcH9 +yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LVPtateJLbXDzz2K36uGt/xDYotgIVilQsnLAX +c47QN6MUPJiVAAwpBVueSUmxX8fjy88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHo +jhJi6IjMtX9Gl8CbEGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZk +bxqgDMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI+Vg7RE+x +ygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGyYiGqhkCyLmTTX8jjfhFn +RR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bXUB+K+wb1whnw0A== +-----END CERTIFICATE----- + +UCA Extended Validation Root +============================ +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQG +EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9u +IFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMxMDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8G +A1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrs +iWogD4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvSsPGP2KxF +Rv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aopO2z6+I9tTcg1367r3CTu +eUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dksHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR +59mzLC52LqGj3n5qiAno8geK+LLNEOfic0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH +0mK1lTnj8/FtDw5lhIpjVMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KR +el7sFsLzKuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/TuDv +B0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41Gsx2VYVdWf6/wFlth +WG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs1+lvK9JKBZP8nm9rZ/+I8U6laUpS +NwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQDfwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS +3H5aBZ8eNJr34RQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL +BQADggIBADaNl8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR +ap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQVBcZEhrxH9cM +aVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5c6sq1WnIeJEmMX3ixzDx/BR4 +dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb ++7lsq+KePRXBOy5nAliRn+/4Qh8st2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOW +F3sGPjLtx7dCvHaj2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwi +GpWOvpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2CxR9GUeOc +GMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmxcmtpzyKEC2IPrNkZAJSi +djzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbMfjKaiJUINlK73nZfdklJrX+9ZSCyycEr +dhh2n1ax +-----END CERTIFICATE----- + +Certigna Root CA +================ +-----BEGIN CERTIFICATE----- +MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE +BhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAwMiA0ODE0NjMwODEwMDAzNjEZ +MBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0xMzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjda +MFoxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYz +MDgxMDAwMzYxGTAXBgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sOty3tRQgX +stmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9MCiBtnyN6tMbaLOQdLNyz +KNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPuI9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8 +JXrJhFwLrN1CTivngqIkicuQstDuI7pmTLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16 +XdG+RCYyKfHx9WzMfgIhC59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq +4NYKpkDfePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3YzIoej +wpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWTCo/1VTp2lc5ZmIoJ +lXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1kJWumIWmbat10TWuXekG9qxf5kBdI +jzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp/ +/TBt2dzhauH8XwIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw +HQYDVR0OBBYEFBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of +1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3d3cuY2Vy +dGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilodHRwOi8vY3JsLmNlcnRpZ25h +LmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYraHR0cDovL2NybC5kaGlteW90aXMuY29tL2Nl +cnRpZ25hcm9vdGNhLmNybDANBgkqhkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOIt +OoldaDgvUSILSo3L6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxP +TGRGHVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH60BGM+RFq +7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncBlA2c5uk5jR+mUYyZDDl3 +4bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdio2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd +8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS +6Cvu5zHbugRqh5jnxV/vfaci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaY +tlu3zM63Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayhjWZS +aX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw3kAP+HwV96LOPNde +E4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0= +-----END CERTIFICATE----- + +emSign Root CA - G1 +=================== +-----BEGIN CERTIFICATE----- +MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJJTjET +MBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRl +ZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBHMTAeFw0xODAyMTgxODMwMDBaFw00MzAyMTgx +ODMwMDBaMGcxCzAJBgNVBAYTAklOMRMwEQYDVQQLEwplbVNpZ24gUEtJMSUwIwYDVQQKExxlTXVk +aHJhIFRlY2hub2xvZ2llcyBMaW1pdGVkMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEcxMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0u76WaK7p1b1TST0Bsew+eeuGQzf2N4aLTN +LnF115sgxk0pvLZoYIr3IZpWNVrzdr3YzZr/k1ZLpVkGoZM0Kd0WNHVO8oG0x5ZOrRkVUkr+PHB1 +cM2vK6sVmjM8qrOLqs1D/fXqcP/tzxE7lM5OMhbTI0Aqd7OvPAEsbO2ZLIvZTmmYsvePQbAyeGHW +DV/D+qJAkh1cF+ZwPjXnorfCYuKrpDhMtTk1b+oDafo6VGiFbdbyL0NVHpENDtjVaqSW0RM8LHhQ +6DqS0hdW5TUaQBw+jSztOd9C4INBdN+jzcKGYEho42kLVACL5HZpIQ15TjQIXhTCzLG3rdd8cIrH +hQIDAQABo0IwQDAdBgNVHQ4EFgQU++8Nhp6w492pufEhF38+/PB3KxowDgYDVR0PAQH/BAQDAgEG +MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFn/8oz1h31xPaOfG1vR2vjTnGs2 +vZupYeveFix0PZ7mddrXuqe8QhfnPZHr5X3dPpzxz5KsbEjMwiI/aTvFthUvozXGaCocV685743Q +NcMYDHsAVhzNixl03r4PEuDQqqE/AjSxcM6dGNYIAwlG7mDgfrbESQRRfXBgvKqy/3lyeqYdPV8q ++Mri/Tm3R7nrft8EI6/6nAYH6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeih +U80Bv2noWgbyRQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxx +iN66zB+Afko= +-----END CERTIFICATE----- + +emSign ECC Root CA - G3 +======================= +-----BEGIN CERTIFICATE----- +MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQGEwJJTjETMBEG +A1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEg +MB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4 +MTgzMDAwWjBrMQswCQYDVQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11 +ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g +RzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQjpQy4LRL1KPOxst3iAhKAnjlfSU2fySU0WXTsuwYc +58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyzdc6LBtCGI79G1Y4PPwT01xySfvalY8L1X44uT6EYGQIr +MgqCZH0Wk9GjQjBAMB0GA1UdDgQWBBR8XQKEE9TMipuBzhccLikenEhjQjAOBgNVHQ8BAf8EBAMC +AQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+D +CBeQyh+KTOgNG3qxrdWBCUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7 +jHvrZQnD+JbNR6iC8hZVdyR+EhCVBCyj +-----END CERTIFICATE----- + +emSign Root CA - C1 +=================== +-----BEGIN CERTIFICATE----- +MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCVVMx +EzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNp +Z24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UE +BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQD +ExNlbVNpZ24gUm9vdCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+up +ufGZBczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZHdPIWoU/ +Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH3DspVpNqs8FqOp099cGX +OFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvHGPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4V +I5b2P/AgNBbeCsbEBEV5f6f9vtKppa+cxSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleooms +lMuoaJuvimUnzYnu3Yy1aylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+ +XJGFehiqTbUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD +ggEBAMJKVvoVIXsoounlHfv4LcQ5lkFMOycsxGwYFYDGrK9HWS8mC+M2sO87/kOXSTKZEhVb3xEp +/6tT+LvBeA+snFOvV71ojD1pM/CjoCNjO2RnIkSt1XHLVip4kqNPEjE2NuLe/gDEo2APJ62gsIq1 +NnpSob0n9CAnYuhNlCQT5AoE6TyrLshDCUrGYQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9 +wC68AivTxEDkigcxHpvOJpkT+xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQ +BmIMMMAVSKeoWXzhriKi4gp6D/piq1JM4fHfyr6DDUI= +-----END CERTIFICATE----- + +emSign ECC Root CA - C3 +======================= +-----BEGIN CERTIFICATE----- +MIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQGEwJVUzETMBEG +A1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMxIDAeBgNVBAMTF2VtU2lnbiBF +Q0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowWjELMAkGA1UE +BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMSAwHgYDVQQD +ExdlbVNpZ24gRUNDIFJvb3QgQ0EgLSBDMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABP2lYa57JhAd +6bciMK4G9IGzsUJxlTm801Ljr6/58pc1kjZGDoeVjbk5Wum739D+yAdBPLtVb4OjavtisIGJAnB9 +SMVK4+kiVCJNk7tCDK93nCOmfddhEc5lx/h//vXyqaNCMEAwHQYDVR0OBBYEFPtaSNCAIEDyqOkA +B2kZd6fmw/TPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gA +MGUCMQC02C8Cif22TGK6Q04ThHK1rt0c3ta13FaPWEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwU +ZOR8loMRnLDRWmFLpg9J0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUQ== +-----END CERTIFICATE----- + +Hongkong Post Root CA 3 +======================= +-----BEGIN CERTIFICATE----- +MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQELBQAwbzELMAkG +A1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJSG9uZyBLb25nMRYwFAYDVQQK +Ew1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25na29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2 +MDMwMjI5NDZaFw00MjA2MDMwMjI5NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtv +bmcxEjAQBgNVBAcTCUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMX +SG9uZ2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz +iNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFOdem1p+/l6TWZ5Mwc50tf +jTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mIVoBc+L0sPOFMV4i707mV78vH9toxdCim +5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOe +sL4jpNrcyCse2m5FHomY2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj +0mRiikKYvLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+TtbNe/ +JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZbx39ri1UbSsUgYT2u +y1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+l2oBlKN8W4UdKjk60FSh0Tlxnf0h ++bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YKTE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsG +xVd7GYYKecsAyVKvQv83j+GjHno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwID +AQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e +i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEwDQYJKoZIhvcN +AQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG7BJ8dNVI0lkUmcDrudHr9Egw +W62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCkMpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWld +y8joRTnU+kLBEUx3XZL7av9YROXrgZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov ++BS5gLNdTaqX4fnkGMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDc +eqFS3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJmOzj/2ZQw +9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+l6mc1X5VTMbeRRAc6uk7 +nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6cJfTzPV4e0hz5sy229zdcxsshTrD3mUcY +hcErulWuBurQB7Lcq9CClnXO0lD+mefPL5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB +60PZ2Pierc+xYw5F9KBaLJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fq +dBb9HxEGmpv0 +-----END CERTIFICATE----- + +Microsoft ECC Root Certificate Authority 2017 +============================================= +-----BEGIN CERTIFICATE----- +MIICWTCCAd+gAwIBAgIQZvI9r4fei7FK6gxXMQHC7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV +UzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNyb3NvZnQgRUND +IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwHhcNMTkxMjE4MjMwNjQ1WhcNNDIwNzE4 +MjMxNjA0WjBlMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYw +NAYDVQQDEy1NaWNyb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwdjAQ +BgcqhkjOPQIBBgUrgQQAIgNiAATUvD0CQnVBEyPNgASGAlEvaqiBYgtlzPbKnR5vSmZRogPZnZH6 +thaxjG7efM3beaYvzrvOcS/lpaso7GMEZpn4+vKTEAXhgShC48Zo9OYbhGBKia/teQ87zvH2RPUB +eMCjVDBSMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTIy5lycFIM ++Oa+sgRXKSrPQhDtNTAQBgkrBgEEAYI3FQEEAwIBADAKBggqhkjOPQQDAwNoADBlAjBY8k3qDPlf +Xu5gKcs68tvWMoQZP3zVL8KxzJOuULsJMsbG7X7JNpQS5GiFBqIb0C8CMQCZ6Ra0DvpWSNSkMBaR +eNtUjGUBiudQZsIxtzm6uBoiB078a1QWIP8rtedMDE2mT3M= +-----END CERTIFICATE----- + +Microsoft RSA Root Certificate Authority 2017 +============================================= +-----BEGIN CERTIFICATE----- +MIIFqDCCA5CgAwIBAgIQHtOXCV/YtLNHcB6qvn9FszANBgkqhkiG9w0BAQwFADBlMQswCQYDVQQG +EwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNyb3NvZnQg +UlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwHhcNMTkxMjE4MjI1MTIyWhcNNDIw +NzE4MjMwMDIzWjBlMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u +MTYwNAYDVQQDEy1NaWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcw +ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKW76UM4wplZEWCpW9R2LBifOZNt9GkMml +7Xhqb0eRaPgnZ1AzHaGm++DlQ6OEAlcBXZxIQIJTELy/xztokLaCLeX0ZdDMbRnMlfl7rEqUrQ7e +S0MdhweSE5CAg2Q1OQT85elss7YfUJQ4ZVBcF0a5toW1HLUX6NZFndiyJrDKxHBKrmCk3bPZ7Pw7 +1VdyvD/IybLeS2v4I2wDwAW9lcfNcztmgGTjGqwu+UcF8ga2m3P1eDNbx6H7JyqhtJqRjJHTOoI+ +dkC0zVJhUXAoP8XFWvLJjEm7FFtNyP9nTUwSlq31/niol4fX/V4ggNyhSyL71Imtus5Hl0dVe49F +yGcohJUcaDDv70ngNXtk55iwlNpNhTs+VcQor1fznhPbRiefHqJeRIOkpcrVE7NLP8TjwuaGYaRS +MLl6IE9vDzhTyzMMEyuP1pq9KsgtsRx9S1HKR9FIJ3Jdh+vVReZIZZ2vUpC6W6IYZVcSn2i51BVr +lMRpIpj0M+Dt+VGOQVDJNE92kKz8OMHY4Xu54+OU4UZpyw4KUGsTuqwPN1q3ErWQgR5WrlcihtnJ +0tHXUeOrO8ZV/R4O03QK0dqq6mm4lyiPSMQH+FJDOvTKVTUssKZqwJz58oHhEmrARdlns87/I6KJ +ClTUFLkqqNfs+avNJVgyeY+QW5g5xAgGwax/Dj0ApQIDAQABo1QwUjAOBgNVHQ8BAf8EBAMCAYYw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUCctZf4aycI8awznjwNnpv7tNsiMwEAYJKwYBBAGC +NxUBBAMCAQAwDQYJKoZIhvcNAQEMBQADggIBAKyvPl3CEZaJjqPnktaXFbgToqZCLgLNFgVZJ8og +6Lq46BrsTaiXVq5lQ7GPAJtSzVXNUzltYkyLDVt8LkS/gxCP81OCgMNPOsduET/m4xaRhPtthH80 +dK2Jp86519efhGSSvpWhrQlTM93uCupKUY5vVau6tZRGrox/2KJQJWVggEbbMwSubLWYdFQl3JPk ++ONVFT24bcMKpBLBaYVu32TxU5nhSnUgnZUP5NbcA/FZGOhHibJXWpS2qdgXKxdJ5XbLwVaZOjex +/2kskZGT4d9Mozd2TaGf+G0eHdP67Pv0RR0Tbc/3WeUiJ3IrhvNXuzDtJE3cfVa7o7P4NHmJweDy +AmH3pvwPuxwXC65B2Xy9J6P9LjrRk5Sxcx0ki69bIImtt2dmefU6xqaWM/5TkshGsRGRxpl/j8nW +ZjEgQRCHLQzWwa80mMpkg/sTV9HB8Dx6jKXB/ZUhoHHBk2dxEuqPiAppGWSZI1b7rCoucL5mxAyE +7+WL85MB+GqQk2dLsmijtWKP6T+MejteD+eMuMZ87zf9dOLITzNy4ZQ5bb0Sr74MTnB8G2+NszKT +c0QWbej09+CVgI+WXTik9KveCjCHk9hNAHFiRSdLOkKEW39lt2c0Ui2cFmuqqNh7o0JMcccMyj6D +5KbvtwEwXlGjefVwaaZBRA+GsCyRxj3qrg+E +-----END CERTIFICATE----- + +e-Szigno Root CA 2017 +===================== +-----BEGIN CERTIFICATE----- +MIICQDCCAeWgAwIBAgIMAVRI7yH9l1kN9QQKMAoGCCqGSM49BAMCMHExCzAJBgNVBAYTAkhVMREw +DwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRkLjEXMBUGA1UEYQwOVkFUSFUt +MjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25vIFJvb3QgQ0EgMjAxNzAeFw0xNzA4MjIxMjA3MDZa +Fw00MjA4MjIxMjA3MDZaMHExCzAJBgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UE +CgwNTWljcm9zZWMgTHRkLjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3pp +Z25vIFJvb3QgQ0EgMjAxNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJbcPYrYsHtvxie+RJCx +s1YVe45DJH0ahFnuY2iyxl6H0BVIHqiQrb1TotreOpCmYF9oMrWGQd+HWyx7xf58etqjYzBhMA8G +A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSHERUI0arBeAyxr87GyZDv +vzAEwDAfBgNVHSMEGDAWgBSHERUI0arBeAyxr87GyZDvvzAEwDAKBggqhkjOPQQDAgNJADBGAiEA +tVfd14pVCzbhhkT61NlojbjcI4qKDdQvfepz7L9NbKgCIQDLpbQS+ue16M9+k/zzNY9vTlp8tLxO +svxyqltZ+efcMQ== +-----END CERTIFICATE----- + +certSIGN Root CA G2 +=================== +-----BEGIN CERTIFICATE----- +MIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNVBAYTAlJPMRQw +EgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04gUk9PVCBDQSBHMjAeFw0xNzAy +MDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJBgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lH +TiBTQTEcMBoGA1UECxMTY2VydFNJR04gUk9PVCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBAMDFdRmRfUR0dIf+DjuW3NgBFszuY5HnC2/OOwppGnzC46+CjobXXo9X69MhWf05 +N0IwvlDqtg+piNguLWkh59E3GE59kdUWX2tbAMI5Qw02hVK5U2UPHULlj88F0+7cDBrZuIt4Imfk +abBoxTzkbFpG583H+u/E7Eu9aqSs/cwoUe+StCmrqzWaTOTECMYmzPhpn+Sc8CnTXPnGFiWeI8Mg +wT0PPzhAsP6CRDiqWhqKa2NYOLQV07YRaXseVO6MGiKscpc/I1mbySKEwQdPzH/iV8oScLumZfNp +dWO9lfsbl83kqK/20U6o2YpxJM02PbyWxPFsqa7lzw1uKA2wDrXKUXt4FMMgL3/7FFXhEZn91Qqh +ngLjYl/rNUssuHLoPj1PrCy7Lobio3aP5ZMqz6WryFyNSwb/EkaseMsUBzXgqd+L6a8VTxaJW732 +jcZZroiFDsGJ6x9nxUWO/203Nit4ZoORUSs9/1F3dmKh7Gc+PoGD4FapUB8fepmrY7+EF3fxDTvf +95xhszWYijqy7DwaNz9+j5LP2RIUZNoQAhVB/0/E6xyjyfqZ90bp4RjZsbgyLcsUDFDYg2WD7rlc +z8sFWkz6GZdr1l0T08JcVLwyc6B49fFtHsufpaafItzRUZ6CeWRgKRM+o/1Pcmqr4tTluCRVLERL +iohEnMqE0yo7AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud +DgQWBBSCIS1mxteg4BXrzkwJd8RgnlRuAzANBgkqhkiG9w0BAQsFAAOCAgEAYN4auOfyYILVAzOB +ywaK8SJJ6ejqkX/GM15oGQOGO0MBzwdw5AgeZYWR5hEit/UCI46uuR59H35s5r0l1ZUa8gWmr4UC +b6741jH/JclKyMeKqdmfS0mbEVeZkkMR3rYzpMzXjWR91M08KCy0mpbqTfXERMQlqiCA2ClV9+BB +/AYm/7k29UMUA2Z44RGx2iBfRgB4ACGlHgAoYXhvqAEBj500mv/0OJD7uNGzcgbJceaBxXntC6Z5 +8hMLnPddDnskk7RI24Zf3lCGeOdA5jGokHZwYa+cNywRtYK3qq4kNFtyDGkNzVmf9nGvnAvRCjj5 +BiKDUyUM/FHE5r7iOZULJK2v0ZXkltd0ZGtxTgI8qoXzIKNDOXZbbFD+mpwUHmUUihW9o4JFWklW +atKcsWMy5WHgUyIOpwpJ6st+H6jiYoD2EEVSmAYY3qXNL3+q1Ok+CHLsIwMCPKaq2LxndD0UF/tU +Sxfj03k9bWtJySgOLnRQvwzZRjoQhsmnP+mg7H/rpXdYaXHmgwo38oZJar55CJD2AhZkPuXaTH4M +NMn5X7azKFGnpyuqSfqNZSlO42sTp5SjLVFteAxEy9/eCG/Oo2Sr05WE1LlSVHJ7liXMvGnjSG4N +0MedJ5qq+BOS3R7fY581qRY27Iy4g/Q9iY/NtBde17MXQRBdJ3NghVdJIgc= +-----END CERTIFICATE----- + +Trustwave Global Certification Authority +======================================== +-----BEGIN CERTIFICATE----- +MIIF2jCCA8KgAwIBAgIMBfcOhtpJ80Y1LrqyMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJV +UzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2 +ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0eTAeFw0xNzA4MjMxOTM0MTJaFw00MjA4MjMxOTM0MTJaMIGIMQswCQYDVQQGEwJV +UzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2 +ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9u +IEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALldUShLPDeS0YLOvR29 +zd24q88KPuFd5dyqCblXAj7mY2Hf8g+CY66j96xz0XznswuvCAAJWX/NKSqIk4cXGIDtiLK0thAf +LdZfVaITXdHG6wZWiYj+rDKd/VzDBcdu7oaJuogDnXIhhpCujwOl3J+IKMujkkkP7NAP4m1ET4Bq +stTnoApTAbqOl5F2brz81Ws25kCI1nsvXwXoLG0R8+eyvpJETNKXpP7ScoFDB5zpET71ixpZfR9o +WN0EACyW80OzfpgZdNmcc9kYvkHHNHnZ9GLCQ7mzJ7Aiy/k9UscwR7PJPrhq4ufogXBeQotPJqX+ +OsIgbrv4Fo7NDKm0G2x2EOFYeUY+VM6AqFcJNykbmROPDMjWLBz7BegIlT1lRtzuzWniTY+HKE40 +Cz7PFNm73bZQmq131BnW2hqIyE4bJ3XYsgjxroMwuREOzYfwhI0Vcnyh78zyiGG69Gm7DIwLdVcE +uE4qFC49DxweMqZiNu5m4iK4BUBjECLzMx10coos9TkpoNPnG4CELcU9402x/RpvumUHO1jsQkUm ++9jaJXLE9gCxInm943xZYkqcBW89zubWR2OZxiRvchLIrH+QtAuRcOi35hYQcRfO3gZPSEF9NUqj +ifLJS3tBEW1ntwiYTOURGa5CgNz7kAXU+FDKvuStx8KU1xad5hePrzb7AgMBAAGjQjBAMA8GA1Ud +EwEB/wQFMAMBAf8wHQYDVR0OBBYEFJngGWcNYtt2s9o9uFvo/ULSMQ6HMA4GA1UdDwEB/wQEAwIB +BjANBgkqhkiG9w0BAQsFAAOCAgEAmHNw4rDT7TnsTGDZqRKGFx6W0OhUKDtkLSGm+J1WE2pIPU/H +PinbbViDVD2HfSMF1OQc3Og4ZYbFdada2zUFvXfeuyk3QAUHw5RSn8pk3fEbK9xGChACMf1KaA0H +ZJDmHvUqoai7PF35owgLEQzxPy0QlG/+4jSHg9bP5Rs1bdID4bANqKCqRieCNqcVtgimQlRXtpla +4gt5kNdXElE1GYhBaCXUNxeEFfsBctyV3lImIJgm4nb1J2/6ADtKYdkNy1GTKv0WBpanI5ojSP5R +vbbEsLFUzt5sQa0WZ37b/TjNuThOssFgy50X31ieemKyJo90lZvkWx3SD92YHJtZuSPTMaCm/zjd +zyBP6VhWOmfD0faZmZ26NraAL4hHT4a/RDqA5Dccprrql5gR0IRiR2Qequ5AvzSxnI9O4fKSTx+O +856X3vOmeWqJcU9LJxdI/uz0UA9PSX3MReO9ekDFQdxhVicGaeVyQYHTtgGJoC86cnn+OjC/QezH +Yj6RS8fZMXZC+fc8Y+wmjHMMfRod6qh8h6jCJ3zhM0EPz8/8AKAigJ5Kp28AsEFFtyLKaEjFQqKu +3R3y4G5OBVixwJAWKqQ9EEC+j2Jjg6mcgn0tAumDMHzLJ8n9HmYAsC7TIS+OMxZsmO0QqAfWzJPP +29FpHOTKyeC2nOnOcXHebD8WpHk= +-----END CERTIFICATE----- + +Trustwave Global ECC P256 Certification Authority +================================================= +-----BEGIN CERTIFICATE----- +MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYDVQQGEwJVUzER +MA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0d2F2ZSBI +b2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYD +VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRy +dXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDI1 +NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH77bOYj +43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoNFWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqm +P62jQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt +0UrrdaVKEJmzsaGLSvcwCgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjz +RM4q3wghDDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 +-----END CERTIFICATE----- + +Trustwave Global ECC P384 Certification Authority +================================================= +-----BEGIN CERTIFICATE----- +MIICnTCCAiSgAwIBAgIMCL2Fl2yZJ6SAaEc7MAoGCCqGSM49BAMDMIGRMQswCQYDVQQGEwJVUzER +MA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0d2F2ZSBI +b2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDM4NCBDZXJ0aWZp +Y2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMxOTM2NDNaFw00MjA4MjMxOTM2NDNaMIGRMQswCQYD +VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRy +dXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDM4 +NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTB2MBAGByqGSM49AgEGBSuBBAAiA2IABGvaDXU1CDFH +Ba5FmVXxERMuSvgQMSOjfoPTfygIOiYaOs+Xgh+AtycJj9GOMMQKmw6sWASr9zZ9lCOkmwqKi6vr +/TklZvFe/oyujUF5nQlgziip04pt89ZF1PKYhDhloKNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNV +HQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBRVqYSJ0sEyvRjLbKYHTsjnnb6CkDAKBggqhkjOPQQDAwNn +ADBkAjA3AZKXRRJ+oPM+rRk6ct30UJMDEr5E0k9BpIycnR+j9sKS50gU/k6bpZFXrsY3crsCMGcl +CrEMXu6pY5Jv5ZAL/mYiykf9ijH3g/56vxC+GCsej/YpHpRZ744hN8tRmKVuSw== +-----END CERTIFICATE----- + +NAVER Global Root Certification Authority +========================================= +-----BEGIN CERTIFICATE----- +MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEMBQAwaTELMAkG +A1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRGT1JNIENvcnAuMTIwMAYDVQQD +DClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4 +NDJaFw0zNzA4MTgyMzU5NTlaMGkxCzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVT +UyBQTEFURk9STSBDb3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlv +biBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVAiQqrDZBb +UGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH38dq6SZeWYp34+hInDEW ++j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lEHoSTGEq0n+USZGnQJoViAbbJAh2+g1G7 +XNr4rRVqmfeSVPc0W+m/6imBEtRTkZazkVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2 +aacp+yPOiNgSnABIqKYPszuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4 +Yb8ObtoqvC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHfnZ3z +VHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaGYQ5fG8Ir4ozVu53B +A0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo0es+nPxdGoMuK8u180SdOqcXYZai +cdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3aCJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejy +YhbLgGvtPe31HzClrkvJE+2KAQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNV +HQ4EFgQU0p+I36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB +Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoNqo0hV4/GPnrK +21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatjcu3cvuzHV+YwIHHW1xDBE1UB +jCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm+LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bx +hYTeodoS76TiEJd6eN4MUZeoIUCLhr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTg +E34h5prCy8VCZLQelHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTH +D8z7p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8piKCk5XQ +A76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLRLBT/DShycpWbXgnbiUSY +qqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oG +I/hGoiLtk/bdmuYqh7GYVPEi92tF4+KOdh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmg +kpzNNIaRkPpkUZ3+/uul9XXeifdy +-----END CERTIFICATE----- + +AC RAIZ FNMT-RCM SERVIDORES SEGUROS +=================================== +-----BEGIN CERTIFICATE----- +MIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQswCQYDVQQGEwJF +UzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgwFgYDVQRhDA9WQVRFUy1RMjgy +NjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1SQ00gU0VSVklET1JFUyBTRUdVUk9TMB4XDTE4 +MTIyMDA5MzczM1oXDTQzMTIyMDA5MzczM1oweDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQt +UkNNMQ4wDAYDVQQLDAVDZXJlczEYMBYGA1UEYQwPVkFURVMtUTI4MjYwMDRKMSwwKgYDVQQDDCNB +QyBSQUlaIEZOTVQtUkNNIFNFUlZJRE9SRVMgU0VHVVJPUzB2MBAGByqGSM49AgEGBSuBBAAiA2IA +BPa6V1PIyqvfNkpSIeSX0oNnnvBlUdBeh8dHsVnyV0ebAAKTRBdp20LHsbI6GA60XYyzZl2hNPk2 +LEnb80b8s0RpRBNm/dfF/a82Tc4DTQdxz69qBdKiQ1oKUm8BA06Oi6NCMEAwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAG5L++/EYZg8k/QQW6rcx/n0m5JMAoGCCqG +SM49BAMDA2kAMGYCMQCuSuMrQMN0EfKVrRYj3k4MGuZdpSRea0R7/DjiT8ucRRcRTBQnJlU5dUoD +zBOQn5ICMQD6SmxgiHPz7riYYqnOK8LZiqZwMR2vsJRM60/G49HzYqc8/5MuB1xJAWdpEgJyv+c= +-----END CERTIFICATE----- + +GlobalSign Root R46 +=================== +-----BEGIN CERTIFICATE----- +MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUAMEYxCzAJBgNV +BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJv +b3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAX +BgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIi +MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08Es +CVeJOaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQGvGIFAha/ +r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud316HCkD7rRlr+/fKYIje +2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo0q3v84RLHIf8E6M6cqJaESvWJ3En7YEt +bWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSEy132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvj +K8Cd+RTyG/FWaha/LIWFzXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD4 +12lPFzYE+cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCNI/on +ccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzsx2sZy/N78CsHpdls +eVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqaByFrgY/bxFn63iLABJzjqls2k+g9 +vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEM +BQADggIBAHx47PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg +JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti2kM3S+LGteWy +gxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIkpnnpHs6i58FZFZ8d4kuaPp92 +CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRFFRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZm +OUdkLG5NrmJ7v2B0GbhWrJKsFjLtrWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qq +JZ4d16GLuc1CLgSkZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwye +qiv5u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP4vkYxboz +nxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6N3ec592kD3ZDZopD8p/7 +DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3vouXsXgxT7PntgMTzlSdriVZzH81Xwj3 +QEUxeCp6 +-----END CERTIFICATE----- + +GlobalSign Root E46 +=================== +-----BEGIN CERTIFICATE----- +MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYxCzAJBgNVBAYT +AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJvb3Qg +RTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNV +BAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcq +hkjOPQIBBgUrgQQAIgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkB +jtjqR+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGddyXqBPCCj +QjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQxCpCPtsad0kRL +gLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZk +vLtoURMMA/cVi4RguYv/Uo7njLwcAjA8+RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+ +CAezNIm8BZ/3Hobui3A= +-----END CERTIFICATE----- + +GLOBALTRUST 2020 +================ +-----BEGIN CERTIFICATE----- +MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkGA1UEBhMCQVQx +IzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVT +VCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYxMDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAh +BgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAy +MDIwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWi +D59bRatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9ZYybNpyrO +VPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3QWPKzv9pj2gOlTblzLmM +CcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPwyJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCm +fecqQjuCgGOlYx8ZzHyyZqjC0203b+J+BlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKA +A1GqtH6qRNdDYfOiaxaJSaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9OR +JitHHmkHr96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj04KlG +DfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9MedKZssCz3AwyIDMvU +clOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIwq7ejMZdnrY8XD2zHc+0klGvIg5rQ +mjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2nKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUw +AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1Ud +IwQYMBaAFNwuH9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA +VC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJCXtzoRlgHNQIw +4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd6IwPS3BD0IL/qMy/pJTAvoe9 +iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf+I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS +8cE54+X1+NZK3TTN+2/BT+MAi1bikvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2 +HcqtbepBEX4tdJP7wry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxS +vTOBTI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6CMUO+1918 +oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn4rnvyOL2NSl6dPrFf4IF +YqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+IaFvowdlxfv1k7/9nR4hYJS8+hge9+6jl +gqispdNpQ80xiEmEU5LAsTkbOYMBMMTyqfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg== +-----END CERTIFICATE----- + +ANF Secure Server Root CA +========================= +-----BEGIN CERTIFICATE----- +MIIF7zCCA9egAwIBAgIIDdPjvGz5a7EwDQYJKoZIhvcNAQELBQAwgYQxEjAQBgNVBAUTCUc2MzI4 +NzUxMDELMAkGA1UEBhMCRVMxJzAlBgNVBAoTHkFORiBBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lv +bjEUMBIGA1UECxMLQU5GIENBIFJhaXoxIjAgBgNVBAMTGUFORiBTZWN1cmUgU2VydmVyIFJvb3Qg +Q0EwHhcNMTkwOTA0MTAwMDM4WhcNMzkwODMwMTAwMDM4WjCBhDESMBAGA1UEBRMJRzYzMjg3NTEw +MQswCQYDVQQGEwJFUzEnMCUGA1UEChMeQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uMRQw +EgYDVQQLEwtBTkYgQ0EgUmFpejEiMCAGA1UEAxMZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9vdCBDQTCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANvrayvmZFSVgpCjcqQZAZ2cC4Ffc0m6p6zz +BE57lgvsEeBbphzOG9INgxwruJ4dfkUyYA8H6XdYfp9qyGFOtibBTI3/TO80sh9l2Ll49a2pcbnv +T1gdpd50IJeh7WhM3pIXS7yr/2WanvtH2Vdy8wmhrnZEE26cLUQ5vPnHO6RYPUG9tMJJo8gN0pcv +B2VSAKduyK9o7PQUlrZXH1bDOZ8rbeTzPvY1ZNoMHKGESy9LS+IsJJ1tk0DrtSOOMspvRdOoiXse +zx76W0OLzc2oD2rKDF65nkeP8Nm2CgtYZRczuSPkdxl9y0oukntPLxB3sY0vaJxizOBQ+OyRp1RM +VwnVdmPF6GUe7m1qzwmd+nxPrWAI/VaZDxUse6mAq4xhj0oHdkLePfTdsiQzW7i1o0TJrH93PB0j +7IKppuLIBkwC/qxcmZkLLxCKpvR/1Yd0DVlJRfbwcVw5Kda/SiOL9V8BY9KHcyi1Swr1+KuCLH5z +JTIdC2MKF4EA/7Z2Xue0sUDKIbvVgFHlSFJnLNJhiQcND85Cd8BEc5xEUKDbEAotlRyBr+Qc5RQe +8TZBAQIvfXOn3kLMTOmJDVb3n5HUA8ZsyY/b2BzgQJhdZpmYgG4t/wHFzstGH6wCxkPmrqKEPMVO +Hj1tyRRM4y5Bu8o5vzY8KhmqQYdOpc5LMnndkEl/AgMBAAGjYzBhMB8GA1UdIwQYMBaAFJxf0Gxj +o1+TypOYCK2Mh6UsXME3MB0GA1UdDgQWBBScX9BsY6Nfk8qTmAitjIelLFzBNzAOBgNVHQ8BAf8E +BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEATh65isagmD9uw2nAalxJ +UqzLK114OMHVVISfk/CHGT0sZonrDUL8zPB1hT+L9IBdeeUXZ701guLyPI59WzbLWoAAKfLOKyzx +j6ptBZNscsdW699QIyjlRRA96Gejrw5VD5AJYu9LWaL2U/HANeQvwSS9eS9OICI7/RogsKQOLHDt +dD+4E5UGUcjohybKpFtqFiGS3XNgnhAY3jyB6ugYw3yJ8otQPr0R4hUDqDZ9MwFsSBXXiJCZBMXM +5gf0vPSQ7RPi6ovDj6MzD8EpTBNO2hVWcXNyglD2mjN8orGoGjR0ZVzO0eurU+AagNjqOknkJjCb +5RyKqKkVMoaZkgoQI1YS4PbOTOK7vtuNknMBZi9iPrJyJ0U27U1W45eZ/zo1PqVUSlJZS2Db7v54 +EX9K3BR5YLZrZAPbFYPhor72I5dQ8AkzNqdxliXzuUJ92zg/LFis6ELhDtjTO0wugumDLmsx2d1H +hk9tl5EuT+IocTUW0fJz/iUrB0ckYyfI+PbZa/wSMVYIwFNCr5zQM378BvAxRAMU8Vjq8moNqRGy +g77FGr8H6lnco4g175x2MjxNBiLOFeXdntiP2t7SxDnlF4HPOEfrf4htWRvfn0IUrn7PqLBmZdo3 +r5+qPeoott7VMVgWglvquxl1AnMaykgaIZOQCo6ThKd9OyMYkomgjaw= +-----END CERTIFICATE----- + +Certum EC-384 CA +================ +-----BEGIN CERTIFICATE----- +MIICZTCCAeugAwIBAgIQeI8nXIESUiClBNAt3bpz9DAKBggqhkjOPQQDAzB0MQswCQYDVQQGEwJQ +TDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2Vy +dGlmaWNhdGlvbiBBdXRob3JpdHkxGTAXBgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwHhcNMTgwMzI2 +MDcyNDU0WhcNNDMwMzI2MDcyNDU0WjB0MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERh +dGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx +GTAXBgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATEKI6rGFtq +vm5kN2PkzeyrOvfMobgOgknXhimfoZTy42B4mIF4Bk3y7JoOV2CDn7TmFy8as10CW4kjPMIRBSqn +iBMY81CE1700LCeJVf/OTOffph8oxPBUw7l8t1Ot68KjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD +VR0OBBYEFI0GZnQkdjrzife81r1HfS+8EF9LMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNo +ADBlAjADVS2m5hjEfO/JUG7BJw+ch69u1RsIGL2SKcHvlJF40jocVYli5RsJHrpka/F2tNQCMQC0 +QoSZ/6vnnvuRlydd3LBbMHHOXjgaatkl5+r3YZJW+OraNsKHZZYuciUvf9/DE8k= +-----END CERTIFICATE----- + +Certum Trusted Root CA +====================== +-----BEGIN CERTIFICATE----- +MIIFwDCCA6igAwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6MQswCQYDVQQG +EwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0g +Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0Ew +HhcNMTgwMzE2MTIxMDEzWhcNNDMwMzE2MTIxMDEzWjB6MQswCQYDVQQGEwJQTDEhMB8GA1UEChMY +QXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBB +dXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEB +AQUAA4ICDwAwggIKAoICAQDRLY67tzbqbTeRn06TpwXkKQMlzhyC93yZn0EGze2jusDbCSzBfN8p +fktlL5On1AFrAygYo9idBcEq2EXxkd7fO9CAAozPOA/qp1x4EaTByIVcJdPTsuclzxFUl6s1wB52 +HO8AU5853BSlLCIls3Jy/I2z5T4IHhQqNwuIPMqw9MjCoa68wb4pZ1Xi/K1ZXP69VyywkI3C7Te2 +fJmItdUDmj0VDT06qKhF8JVOJVkdzZhpu9PMMsmN74H+rX2Ju7pgE8pllWeg8xn2A1bUatMn4qGt +g/BKEiJ3HAVz4hlxQsDsdUaakFjgao4rpUYwBI4Zshfjvqm6f1bxJAPXsiEodg42MEx51UGamqi4 +NboMOvJEGyCI98Ul1z3G4z5D3Yf+xOr1Uz5MZf87Sst4WmsXXw3Hw09Omiqi7VdNIuJGmj8PkTQk +fVXjjJU30xrwCSss0smNtA0Aq2cpKNgB9RkEth2+dv5yXMSFytKAQd8FqKPVhJBPC/PgP5sZ0jeJ +P/J7UhyM9uH3PAeXjA6iWYEMspA90+NZRu0PqafegGtaqge2Gcu8V/OXIXoMsSt0Puvap2ctTMSY +njYJdmZm/Bo/6khUHL4wvYBQv3y1zgD2DGHZ5yQD4OMBgQ692IU0iL2yNqh7XAjlRICMb/gv1SHK +HRzQ+8S1h9E6Tsd2tTVItQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSM+xx1 +vALTn04uSNn5YFSqxLNP+jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIBAEii1QAL +LtA/vBzVtVRJHlpr9OTy4EA34MwUe7nJ+jW1dReTagVphZzNTxl4WxmB82M+w85bj/UvXgF2Ez8s +ALnNllI5SW0ETsXpD4YN4fqzX4IS8TrOZgYkNCvozMrnadyHncI013nR03e4qllY/p0m+jiGPp2K +h2RX5Rc64vmNueMzeMGQ2Ljdt4NR5MTMI9UGfOZR0800McD2RrsLrfw9EAUqO0qRJe6M1ISHgCq8 +CYyqOhNf6DR5UMEQGfnTKB7U0VEwKbOukGfWHwpjscWpxkIxYxeU72nLL/qMFH3EQxiJ2fAyQOaA +4kZf5ePBAFmo+eggvIksDkc0C+pXwlM2/KfUrzHN/gLldfq5Jwn58/U7yn2fqSLLiMmq0Uc9Nneo +WWRrJ8/vJ8HjJLWG965+Mk2weWjROeiQWMODvA8s1pfrzgzhIMfatz7DP78v3DSk+yshzWePS/Tj +6tQ/50+6uaWTRRxmHyH6ZF5v4HaUMst19W7l9o/HuKTMqJZ9ZPskWkoDbGs4xugDQ5r3V7mzKWmT +OPQD8rv7gmsHINFSH5pkAnuYZttcTVoP0ISVoDwUQwbKytu4QTbaakRnh6+v40URFWkIsr4WOZck +bxJF0WddCajJFdr60qZfE2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyRVJ12AMXDuDjb +-----END CERTIFICATE----- + +TunTrust Root CA +================ +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgIUEwLV4kBMkkaGFmddtLu7sms+/BMwDQYJKoZIhvcNAQELBQAwYTELMAkG +A1UEBhMCVE4xNzA1BgNVBAoMLkFnZW5jZSBOYXRpb25hbGUgZGUgQ2VydGlmaWNhdGlvbiBFbGVj +dHJvbmlxdWUxGTAXBgNVBAMMEFR1blRydXN0IFJvb3QgQ0EwHhcNMTkwNDI2MDg1NzU2WhcNNDQw +NDI2MDg1NzU2WjBhMQswCQYDVQQGEwJUTjE3MDUGA1UECgwuQWdlbmNlIE5hdGlvbmFsZSBkZSBD +ZXJ0aWZpY2F0aW9uIEVsZWN0cm9uaXF1ZTEZMBcGA1UEAwwQVHVuVHJ1c3QgUm9vdCBDQTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMPN0/y9BFPdDCA61YguBUtB9YOCfvdZn56eY+hz +2vYGqU8ftPkLHzmMmiDQfgbU7DTZhrx1W4eI8NLZ1KMKsmwb60ksPqxd2JQDoOw05TDENX37Jk0b +bjBU2PWARZw5rZzJJQRNmpA+TkBuimvNKWfGzC3gdOgFVwpIUPp6Q9p+7FuaDmJ2/uqdHYVy7BG7 +NegfJ7/Boce7SBbdVtfMTqDhuazb1YMZGoXRlJfXyqNlC/M4+QKu3fZnz8k/9YosRxqZbwUN/dAd +gjH8KcwAWJeRTIAAHDOFli/LQcKLEITDCSSJH7UP2dl3RxiSlGBcx5kDPP73lad9UKGAwqmDrViW +VSHbhlnUr8a83YFuB9tgYv7sEG7aaAH0gxupPqJbI9dkxt/con3YS7qC0lH4Zr8GRuR5KiY2eY8f +Tpkdso8MDhz/yV3A/ZAQprE38806JG60hZC/gLkMjNWb1sjxVj8agIl6qeIbMlEsPvLfe/ZdeikZ +juXIvTZxi11Mwh0/rViizz1wTaZQmCXcI/m4WEEIcb9PuISgjwBUFfyRbVinljvrS5YnzWuioYas +DXxU5mZMZl+QviGaAkYt5IPCgLnPSz7ofzwB7I9ezX/SKEIBlYrilz0QIX32nRzFNKHsLA4KUiwS +VXAkPcvCFDVDXSdOvsC9qnyW5/yeYa1E0wCXAgMBAAGjYzBhMB0GA1UdDgQWBBQGmpsfU33x9aTI +04Y+oXNZtPdEITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFAaamx9TffH1pMjThj6hc1m0 +90QhMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAqgVutt0Vyb+zxiD2BkewhpMl +0425yAA/l/VSJ4hxyXT968pk21vvHl26v9Hr7lxpuhbI87mP0zYuQEkHDVneixCwSQXi/5E/S7fd +Ao74gShczNxtr18UnH1YeA32gAm56Q6XKRm4t+v4FstVEuTGfbvE7Pi1HE4+Z7/FXxttbUcoqgRY +YdZ2vyJ/0Adqp2RT8JeNnYA/u8EH22Wv5psymsNUk8QcCMNE+3tjEUPRahphanltkE8pjkcFwRJp +adbGNjHh/PqAulxPxOu3Mqz4dWEX1xAZufHSCe96Qp1bWgvUxpVOKs7/B9dPfhgGiPEZtdmYu65x +xBzndFlY7wyJz4sfdZMaBBSSSFCp61cpABbjNhzI+L/wM9VBD8TMPN3pM0MBkRArHtG5Xc0yGYuP +jCB31yLEQtyEFpslbei0VXF/sHyz03FJuc9SpAQ/3D2gu68zngowYI7bnV2UqL1g52KAdoGDDIzM +MEZJ4gzSqK/rYXHv5yJiqfdcZGyfFoxnNidF9Ql7v/YQCvGwjVRDjAS6oz/v4jXH+XTgbzRB0L9z +ZVcg+ZtnemZoJE6AZb0QmQZZ8mWvuMZHu/2QeItBcy6vVR/cO5JyboTT0GFMDcx2V+IthSIVNg3r +AZ3r2OvEhJn7wAzMMujjd9qDRIueVSjAi1jTkD5OGwDxFa2DK5o= +-----END CERTIFICATE----- + +HARICA TLS RSA Root CA 2021 +=========================== +-----BEGIN CERTIFICATE----- +MIIFpDCCA4ygAwIBAgIQOcqTHO9D88aOk8f0ZIk4fjANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQG +EwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u +cyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBSU0EgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTEwNTUz +OFoXDTQ1MDIxMzEwNTUzN1owbDELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRl +bWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgUlNB +IFJvb3QgQ0EgMjAyMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIvC569lmwVnlskN +JLnQDmT8zuIkGCyEf3dRywQRNrhe7Wlxp57kJQmXZ8FHws+RFjZiPTgE4VGC/6zStGndLuwRo0Xu +a2s7TL+MjaQenRG56Tj5eg4MmOIjHdFOY9TnuEFE+2uva9of08WRiFukiZLRgeaMOVig1mlDqa2Y +Ulhu2wr7a89o+uOkXjpFc5gH6l8Cct4MpbOfrqkdtx2z/IpZ525yZa31MJQjB/OCFks1mJxTuy/K +5FrZx40d/JiZ+yykgmvwKh+OC19xXFyuQnspiYHLA6OZyoieC0AJQTPb5lh6/a6ZcMBaD9YThnEv +dmn8kN3bLW7R8pv1GmuebxWMevBLKKAiOIAkbDakO/IwkfN4E8/BPzWr8R0RI7VDIp4BkrcYAuUR +0YLbFQDMYTfBKnya4dC6s1BG7oKsnTH4+yPiAwBIcKMJJnkVU2DzOFytOOqBAGMUuTNe3QvboEUH +GjMJ+E20pwKmafTCWQWIZYVWrkvL4N48fS0ayOn7H6NhStYqE613TBoYm5EPWNgGVMWX+Ko/IIqm +haZ39qb8HOLubpQzKoNQhArlT4b4UEV4AIHrW2jjJo3Me1xR9BQsQL4aYB16cmEdH2MtiKrOokWQ +CPxrvrNQKlr9qEgYRtaQQJKQCoReaDH46+0N0x3GfZkYVVYnZS6NRcUk7M7jAgMBAAGjQjBAMA8G +A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFApII6ZgpJIKM+qTW8VX6iVNvRLuMA4GA1UdDwEB/wQE +AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAPpBIqm5iFSVmewzVjIuJndftTgfvnNAUX15QvWiWkKQU +EapobQk1OUAJ2vQJLDSle1mESSmXdMgHHkdt8s4cUCbjnj1AUz/3f5Z2EMVGpdAgS1D0NTsY9FVq +QRtHBmg8uwkIYtlfVUKqrFOFrJVWNlar5AWMxajaH6NpvVMPxP/cyuN+8kyIhkdGGvMA9YCRotxD +QpSbIPDRzbLrLFPCU3hKTwSUQZqPJzLB5UkZv/HywouoCjkxKLR9YjYsTewfM7Z+d21+UPCfDtcR +j88YxeMn/ibvBZ3PzzfF0HvaO7AWhAw6k9a+F9sPPg4ZeAnHqQJyIkv3N3a6dcSFA1pj1bF1BcK5 +vZStjBWZp5N99sXzqnTPBIWUmAD04vnKJGW/4GKvyMX6ssmeVkjaef2WdhW+o45WxLM0/L5H9MG0 +qPzVMIho7suuyWPEdr6sOBjhXlzPrjoiUevRi7PzKzMHVIf6tLITe7pTBGIBnfHAT+7hOtSLIBD6 +Alfm78ELt5BGnBkpjNxvoEppaZS3JGWg/6w/zgH7IS79aPib8qXPMThcFarmlwDB31qlpzmq6YR/ +PFGoOtmUW4y/Twhx5duoXNTSpv4Ao8YWxw/ogM4cKGR0GQjTQuPOAF1/sdwTsOEFy9EgqoZ0njnn +kf3/W9b3raYvAwtt41dU63ZTGI0RmLo= +-----END CERTIFICATE----- + +HARICA TLS ECC Root CA 2021 +=========================== +-----BEGIN CERTIFICATE----- +MIICVDCCAdugAwIBAgIQZ3SdjXfYO2rbIvT/WeK/zjAKBggqhkjOPQQDAzBsMQswCQYDVQQGEwJH +UjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBD +QTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBFQ0MgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTExMDExMFoX +DTQ1MDIxMzExMDEwOVowbDELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWlj +IGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgRUNDIFJv +b3QgQ0EgMjAyMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABDgI/rGgltJ6rK9JOtDA4MM7KKrxcm1l +AEeIhPyaJmuqS7psBAqIXhfyVYf8MLA04jRYVxqEU+kw2anylnTDUR9YSTHMmE5gEYd103KUkE+b +ECUqqHgtvpBBWJAVcqeht6NCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUyRtTgRL+BNUW +0aq8mm+3oJUZbsowDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2cAMGQCMBHervjcToiwqfAi +rcJRQO9gcS3ujwLEXQNwSaSS6sUUiHCm0w2wqsosQJz76YJumgIwK0eaB8bRwoF8yguWGEEbo/Qw +CZ61IygNnxS2PFOiTAZpffpskcYqSUXm7LcT4Tps +-----END CERTIFICATE----- + +Autoridad de Certificacion Firmaprofesional CIF A62634068 +========================================================= +-----BEGIN CERTIFICATE----- +MIIGFDCCA/ygAwIBAgIIG3Dp0v+ubHEwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCRVMxQjBA +BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2 +MjYzNDA2ODAeFw0xNDA5MjMxNTIyMDdaFw0zNjA1MDUxNTIyMDdaMFExCzAJBgNVBAYTAkVTMUIw +QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB +NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD +Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P +B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY +7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH +ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI +plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX +MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX +LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK +bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU +vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMB0GA1Ud +DgQWBBRlzeurNR4APn7VdMActHNHDhpkLzASBgNVHRMBAf8ECDAGAQH/AgEBMIGmBgNVHSAEgZ4w +gZswgZgGBFUdIAAwgY8wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuZmlybWFwcm9mZXNpb25hbC5j +b20vY3BzMFwGCCsGAQUFBwICMFAeTgBQAGEAcwBlAG8AIABkAGUAIABsAGEAIABCAG8AbgBhAG4A +bwB2AGEAIAA0ADcAIABCAGEAcgBjAGUAbABvAG4AYQAgADAAOAAwADEANzAOBgNVHQ8BAf8EBAMC +AQYwDQYJKoZIhvcNAQELBQADggIBAHSHKAIrdx9miWTtj3QuRhy7qPj4Cx2Dtjqn6EWKB7fgPiDL +4QjbEwj4KKE1soCzC1HA01aajTNFSa9J8OA9B3pFE1r/yJfY0xgsfZb43aJlQ3CTkBW6kN/oGbDb +LIpgD7dvlAceHabJhfa9NPhAeGIQcDq+fUs5gakQ1JZBu/hfHAsdCPKxsIl68veg4MSPi3i1O1il +I45PVf42O+AMt8oqMEEgtIDNrvx2ZnOorm7hfNoD6JQg5iKj0B+QXSBTFCZX2lSX3xZEEAEeiGaP +cjiT3SC3NL7X8e5jjkd5KAb881lFJWAiMxujX6i6KtoaPc1A6ozuBRWV1aUsIC+nmCjuRfzxuIgA +LI9C2lHVnOUTaHFFQ4ueCyE8S1wF3BqfmI7avSKecs2tCsvMo2ebKHTEm9caPARYpoKdrcd7b/+A +lun4jWq9GJAd/0kakFI3ky88Al2CdgtR5xbHV/g4+afNmyJU72OwFW1TZQNKXkqgsqeOSQBZONXH +9IBk9W6VULgRfhVwOEqwf9DEMnDAGf/JOC0ULGb0QkTmVXYbgBVX/8Cnp6o5qtjTcNAuuuuUavpf +NIbnYrX9ivAwhZTJryQCL2/W3Wf+47BVTwSYT6RBVuKT0Gro1vP7ZeDOdcQxWQzugsgMYDNKGbqE +ZycPvEJdvSRUDewdcAZfpLz6IHxV +-----END CERTIFICATE----- + +vTrus ECC Root CA +================= +-----BEGIN CERTIFICATE----- +MIICDzCCAZWgAwIBAgIUbmq8WapTvpg5Z6LSa6Q75m0c1towCgYIKoZIzj0EAwMwRzELMAkGA1UE +BhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xGjAYBgNVBAMTEXZUcnVzIEVDQyBS +b290IENBMB4XDTE4MDczMTA3MjY0NFoXDTQzMDczMTA3MjY0NFowRzELMAkGA1UEBhMCQ04xHDAa +BgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xGjAYBgNVBAMTEXZUcnVzIEVDQyBSb290IENBMHYw +EAYHKoZIzj0CAQYFK4EEACIDYgAEZVBKrox5lkqqHAjDo6LN/llWQXf9JpRCux3NCNtzslt188+c +ToL0v/hhJoVs1oVbcnDS/dtitN9Ti72xRFhiQgnH+n9bEOf+QP3A2MMrMudwpremIFUde4BdS49n +TPEQo0IwQDAdBgNVHQ4EFgQUmDnNvtiyjPeyq+GtJK97fKHbH88wDwYDVR0TAQH/BAUwAwEB/zAO +BgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDaAAwZQIwV53dVvHH4+m4SVBrm2nDb+zDfSXkV5UT +QJtS0zvzQBm8JsctBp61ezaf9SXUY2sAAjEA6dPGnlaaKsyh2j/IZivTWJwghfqrkYpwcBE4YGQL +YgmRWAD5Tfs0aNoJrSEGGJTO +-----END CERTIFICATE----- + +vTrus Root CA +============= +-----BEGIN CERTIFICATE----- +MIIFVjCCAz6gAwIBAgIUQ+NxE9izWRRdt86M/TX9b7wFjUUwDQYJKoZIhvcNAQELBQAwQzELMAkG +A1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xFjAUBgNVBAMTDXZUcnVzIFJv +b3QgQ0EwHhcNMTgwNzMxMDcyNDA1WhcNNDMwNzMxMDcyNDA1WjBDMQswCQYDVQQGEwJDTjEcMBoG +A1UEChMTaVRydXNDaGluYSBDby4sTHRkLjEWMBQGA1UEAxMNdlRydXMgUm9vdCBDQTCCAiIwDQYJ +KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL1VfGHTuB0EYgWgrmy3cLRB6ksDXhA/kFocizuwZots +SKYcIrrVQJLuM7IjWcmOvFjai57QGfIvWcaMY1q6n6MLsLOaXLoRuBLpDLvPbmyAhykUAyyNJJrI +ZIO1aqwTLDPxn9wsYTwaP3BVm60AUn/PBLn+NvqcwBauYv6WTEN+VRS+GrPSbcKvdmaVayqwlHeF +XgQPYh1jdfdr58tbmnDsPmcF8P4HCIDPKNsFxhQnL4Z98Cfe/+Z+M0jnCx5Y0ScrUw5XSmXX+6KA +YPxMvDVTAWqXcoKv8R1w6Jz1717CbMdHflqUhSZNO7rrTOiwCcJlwp2dCZtOtZcFrPUGoPc2BX70 +kLJrxLT5ZOrpGgrIDajtJ8nU57O5q4IikCc9Kuh8kO+8T/3iCiSn3mUkpF3qwHYw03dQ+A0Em5Q2 +AXPKBlim0zvc+gRGE1WKyURHuFE5Gi7oNOJ5y1lKCn+8pu8fA2dqWSslYpPZUxlmPCdiKYZNpGvu +/9ROutW04o5IWgAZCfEF2c6Rsffr6TlP9m8EQ5pV9T4FFL2/s1m02I4zhKOQUqqzApVg+QxMaPnu +1RcN+HFXtSXkKe5lXa/R7jwXC1pDxaWG6iSe4gUH3DRCEpHWOXSuTEGC2/KmSNGzm/MzqvOmwMVO +9fSddmPmAsYiS8GVP1BkLFTltvA8Kc9XAgMBAAGjQjBAMB0GA1UdDgQWBBRUYnBj8XWEQ1iO0RYg +scasGrz2iTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOC +AgEAKbqSSaet8PFww+SX8J+pJdVrnjT+5hpk9jprUrIQeBqfTNqK2uwcN1LgQkv7bHbKJAs5EhWd +nxEt/Hlk3ODg9d3gV8mlsnZwUKT+twpw1aA08XXXTUm6EdGz2OyC/+sOxL9kLX1jbhd47F18iMjr +jld22VkE+rxSH0Ws8HqA7Oxvdq6R2xCOBNyS36D25q5J08FsEhvMKar5CKXiNxTKsbhm7xqC5PD4 +8acWabfbqWE8n/Uxy+QARsIvdLGx14HuqCaVvIivTDUHKgLKeBRtRytAVunLKmChZwOgzoy8sHJn +xDHO2zTlJQNgJXtxmOTAGytfdELSS8VZCAeHvsXDf+eW2eHcKJfWjwXj9ZtOyh1QRwVTsMo554Wg +icEFOwE30z9J4nfrI8iIZjs9OXYhRvHsXyO466JmdXTBQPfYaJqT4i2pLr0cox7IdMakLXogqzu4 +sEb9b91fUlV1YvCXoHzXOP0l382gmxDPi7g4Xl7FtKYCNqEeXxzP4padKar9mK5S4fNBUvupLnKW +nyfjqnN9+BojZns7q2WwMgFLFT49ok8MKzWixtlnEjUwzXYuFrOZnk1PTi07NEPhmg4NpGaXutIc +SkwsKouLgU9xGqndXHt7CMUADTdA43x7VF8vhV929vensBxXVsFy6K2ir40zSbofitzmdHxghm+H +l3s= +-----END CERTIFICATE----- + +ISRG Root X2 +============ +-----BEGIN CERTIFICATE----- +MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQswCQYDVQQGEwJV +UzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElT +UkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVT +MSkwJwYDVQQKEyBJbnRlcm5ldCBTZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNS +RyBSb290IFgyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0H +ttwW+1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9ItgKbppb +d9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV +HQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZIzj0EAwMDaAAwZQIwe3lORlCEwkSHRhtF +cP9Ymd70/aTSVaYgLXTWNLxBo1BfASdWtL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5 +U6VR5CmD1/iQMVtCnwr1/q4AaOeMSQ+2b1tbFfLn +-----END CERTIFICATE----- + +HiPKI Root CA - G1 +================== +-----BEGIN CERTIFICATE----- +MIIFajCCA1KgAwIBAgIQLd2szmKXlKFD6LDNdmpeYDANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQG +EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xGzAZBgNVBAMMEkhpUEtJ +IFJvb3QgQ0EgLSBHMTAeFw0xOTAyMjIwOTQ2MDRaFw0zNzEyMzExNTU5NTlaME8xCzAJBgNVBAYT +AlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEbMBkGA1UEAwwSSGlQS0kg +Um9vdCBDQSAtIEcxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9B5/UnMyDHPkvRN0 +o9QwqNCuS9i233VHZvR85zkEHmpwINJaR3JnVfSl6J3VHiGh8Ge6zCFovkRTv4354twvVcg3Px+k +wJyz5HdcoEb+d/oaoDjq7Zpy3iu9lFc6uux55199QmQ5eiY29yTw1S+6lZgRZq2XNdZ1AYDgr/SE +YYwNHl98h5ZeQa/rh+r4XfEuiAU+TCK72h8q3VJGZDnzQs7ZngyzsHeXZJzA9KMuH5UHsBffMNsA +GJZMoYFL3QRtU6M9/Aes1MU3guvklQgZKILSQjqj2FPseYlgSGDIcpJQ3AOPgz+yQlda22rpEZfd +hSi8MEyr48KxRURHH+CKFgeW0iEPU8DtqX7UTuybCeyvQqww1r/REEXgphaypcXTT3OUM3ECoWqj +1jOXTyFjHluP2cFeRXF3D4FdXyGarYPM+l7WjSNfGz1BryB1ZlpK9p/7qxj3ccC2HTHsOyDry+K4 +9a6SsvfhhEvyovKTmiKe0xRvNlS9H15ZFblzqMF8b3ti6RZsR1pl8w4Rm0bZ/W3c1pzAtH2lsN0/ +Vm+h+fbkEkj9Bn8SV7apI09bA8PgcSojt/ewsTu8mL3WmKgMa/aOEmem8rJY5AIJEzypuxC00jBF +8ez3ABHfZfjcK0NVvxaXxA/VLGGEqnKG/uY6fsI/fe78LxQ+5oXdUG+3Se0CAwEAAaNCMEAwDwYD +VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ncX+l6o/vY9cdVouslGDDjYr7AwDgYDVR0PAQH/BAQD +AgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBQUfB13HAE4/+qddRxosuej6ip0691x1TPOhwEmSKsxBHi +7zNKpiMdDg1H2DfHb680f0+BazVP6XKlMeJ45/dOlBhbQH3PayFUhuaVevvGyuqcSE5XCV0vrPSl +tJczWNWseanMX/mF+lLFjfiRFOs6DRfQUsJ748JzjkZ4Bjgs6FzaZsT0pPBWGTMpWmWSBUdGSquE +wx4noR8RkpkndZMPvDY7l1ePJlsMu5wP1G4wB9TcXzZoZjmDlicmisjEOf6aIW/Vcobpf2Lll07Q +JNBAsNB1CI69aO4I1258EHBGG3zgiLKecoaZAeO/n0kZtCW+VmWuF2PlHt/o/0elv+EmBYTksMCv +5wiZqAxeJoBF1PhoL5aPruJKHJwWDBNvOIf2u8g0X5IDUXlwpt/L9ZlNec1OvFefQ05rLisY+Gpz +jLrFNe85akEez3GoorKGB1s6yeHvP2UEgEcyRHCVTjFnanRbEEV16rCf0OY1/k6fi8wrkkVbbiVg +hUbN0aqwdmaTd5a+g744tiROJgvM7XpWGuDpWsZkrUx6AEhEL7lAuxM+vhV4nYWBSipX3tUZQ9rb +yltHhoMLP7YNdnhzeSJesYAfz77RP1YQmCuVh6EfnWQUYDksswBVLuT1sw5XxJFBAJw/6KXf6vb/ +yPCtbVKoF6ubYfwSUTXkJf2vqmqGOQ== +-----END CERTIFICATE----- + +GlobalSign ECC Root CA - R4 +=========================== +-----BEGIN CERTIFICATE----- +MIIB3DCCAYOgAwIBAgINAgPlfvU/k/2lCSGypjAKBggqhkjOPQQDAjBQMSQwIgYDVQQLExtHbG9i +YWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds +b2JhbFNpZ24wHhcNMTIxMTEzMDAwMDAwWhcNMzgwMTE5MDMxNDA3WjBQMSQwIgYDVQQLExtHbG9i +YWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds +b2JhbFNpZ24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS4xnnTj2wlDp8uORkcA6SumuU5BwkW +ymOxuYb4ilfBV85C+nOh92VC/x7BALJucw7/xyHlGKSq2XE/qNS5zowdo0IwQDAOBgNVHQ8BAf8E +BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVLB7rUW44kB/+wpu+74zyTyjhNUwCgYI +KoZIzj0EAwIDRwAwRAIgIk90crlgr/HmnKAWBVBfw147bmF0774BxL4YSFlhgjICICadVGNA3jdg +UM/I2O2dgq43mLyjj0xMqTQrbO/7lZsm +-----END CERTIFICATE----- + +GTS Root R1 +=========== +-----BEGIN CERTIFICATE----- +MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQGEwJV +UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg +UjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE +ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaM +f/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7wCl7raKb0 +xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjwTcLCeoiKu7rPWRnWr4+w +B7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0PfyblqAj+lug8aJRT7oM6iCsVlgmy4HqMLnXW +nOunVmSPlk9orj2XwoSPwLxAwAtcvfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk +9+aCEI3oncKKiPo4Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zq +kUspzBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92wO1A +K/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70paDPvOmbsB4om3xPX +V2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrNVjzRlwW5y0vtOUucxD/SVRNuJLDW +cfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0T +AQH/BAUwAwEB/zAdBgNVHQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQAD +ggIBAJ+qQibbC5u+/x6Wki4+omVKapi6Ist9wTrYggoGxval3sBOh2Z5ofmmWJyq+bXmYOfg6LEe +QkEzCzc9zolwFcq1JKjPa7XSQCGYzyI0zzvFIoTgxQ6KfF2I5DUkzps+GlQebtuyh6f88/qBVRRi +ClmpIgUxPoLW7ttXNLwzldMXG+gnoot7TiYaelpkttGsN/H9oPM47HLwEXWdyzRSjeZ2axfG34ar +J45JK3VmgRAhpuo+9K4l/3wV3s6MJT/KYnAK9y8JZgfIPxz88NtFMN9iiMG1D53Dn0reWVlHxYci +NuaCp+0KueIHoI17eko8cdLiA6EfMgfdG+RCzgwARWGAtQsgWSl4vflVy2PFPEz0tv/bal8xa5me +LMFrUKTX5hgUvYU/Z6tGn6D/Qqc6f1zLXbBwHSs09dR2CQzreExZBfMzQsNhFRAbd03OIozUhfJF +fbdT6u9AWpQKXCBfTkBdYiJ23//OYb2MI3jSNwLgjt7RETeJ9r/tSQdirpLsQBqvFAnZ0E6yove+ +7u7Y/9waLd64NnHi/Hm3lCXRSHNboTXns5lndcEZOitHTtNCjv0xyBZm2tIMPNuzjsmhDYAPexZ3 +FL//2wmUspO8IFgV6dtxQ/PeEMMA3KgqlbbC1j+Qa3bbbP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3 +gm3c +-----END CERTIFICATE----- + +GTS Root R2 +=========== +-----BEGIN CERTIFICATE----- +MIIFVzCCAz+gAwIBAgINAgPlrsWNBCUaqxElqjANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQGEwJV +UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg +UjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE +ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3Lv +CvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3KgGjSY6Dlo7JUl +e3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9BuXvAuMC6C/Pq8tBcKSOWIm8Wb +a96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOdre7kRXuJVfeKH2JShBKzwkCX44ofR5GmdFrS ++LFjKBC4swm4VndAoiaYecb+3yXuPuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7M +kogwTZq9TwtImoS1mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJG +r61K8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqjx5RWIr9q +S34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsRnTKaG73VululycslaVNV +J1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0kzCqgc7dGtxRcw1PcOnlthYhGXmy5okL +dWTK1au8CcEYof/UVKGFPP0UJAOyh9OktwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0T +AQH/BAUwAwEB/zAdBgNVHQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQAD +ggIBAB/Kzt3HvqGf2SdMC9wXmBFqiN495nFWcrKeGk6c1SuYJF2ba3uwM4IJvd8lRuqYnrYb/oM8 +0mJhwQTtzuDFycgTE1XnqGOtjHsB/ncw4c5omwX4Eu55MaBBRTUoCnGkJE+M3DyCB19m3H0Q/gxh +swWV7uGugQ+o+MePTagjAiZrHYNSVc61LwDKgEDg4XSsYPWHgJ2uNmSRXbBoGOqKYcl3qJfEycel +/FVL8/B/uWU9J2jQzGv6U53hkRrJXRqWbTKH7QMgyALOWr7Z6v2yTcQvG99fevX4i8buMTolUVVn +jWQye+mew4K6Ki3pHrTgSAai/GevHyICc/sgCq+dVEuhzf9gR7A/Xe8bVr2XIZYtCtFenTgCR2y5 +9PYjJbigapordwj6xLEokCZYCDzifqrXPW+6MYgKBesntaFJ7qBFVHvmJ2WZICGoo7z7GJa7Um8M +7YNRTOlZ4iBgxcJlkoKM8xAfDoqXvneCbT+PHV28SSe9zE8P4c52hgQjxcCMElv924SgJPFI/2R8 +0L5cFtHvma3AH/vLrrw4IgYmZNralw4/KBVEqE8AyvCazM90arQ+POuV7LXTWtiBmelDGDfrs7vR +WGJB82bSj6p4lVQgw1oudCvV0b4YacCs1aTPObpRhANl6WLAYv7YTVWW4tAR+kg0Eeye7QUd5MjW +HYbL +-----END CERTIFICATE----- + +GTS Root R3 +=========== +-----BEGIN CERTIFICATE----- +MIICCTCCAY6gAwIBAgINAgPluILrIPglJ209ZjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEi +MCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMw +HhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZ +R29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjO +PQIBBgUrgQQAIgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout +736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2ADDL24CejQjBA +MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTB8Sa6oC2uhYHP0/Eq +Er24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEA9uEglRR7VKOQFhG/hMjqb2sXnh5GmCCbn9MN2azT +L818+FsuVbu/3ZL3pAzcMeGiAjEA/JdmZuVDFhOD3cffL74UOO0BzrEXGhF16b0DjyZ+hOXJYKaV +11RZt+cRLInUue4X +-----END CERTIFICATE----- + +GTS Root R4 +=========== +-----BEGIN CERTIFICATE----- +MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEi +MCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQw +HhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZ +R29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjO +PQIBBgUrgQQAIgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzu +hXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvRHYqjQjBA +MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSATNbrdP9JNqPV2Py1 +PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/C +r8deVl5c1RxYIigL9zC2L7F8AjEA8GE8p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh +4rsUecrNIdSUtUlD +-----END CERTIFICATE----- + +Telia Root CA v2 +================ +-----BEGIN CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIPAWdfJ9b+euPkrL4JWwWeMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYT +AkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2 +MjAeFw0xODExMjkxMTU1NTRaFw00MzExMjkxMTU1NTRaMEQxCzAJBgNVBAYTAkZJMRowGAYDVQQK +DBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2MjCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBALLQPwe84nvQa5n44ndp586dpAO8gm2h/oFlH0wnrI4AuhZ7 +6zBqAMCzdGh+sq/H1WKzej9Qyow2RCRj0jbpDIX2Q3bVTKFgcmfiKDOlyzG4OiIjNLh9vVYiQJ3q +9HsDrWj8soFPmNB06o3lfc1jw6P23pLCWBnglrvFxKk9pXSW/q/5iaq9lRdU2HhE8Qx3FZLgmEKn +pNaqIJLNwaCzlrI6hEKNfdWV5Nbb6WLEWLN5xYzTNTODn3WhUidhOPFZPY5Q4L15POdslv5e2QJl +tI5c0BE0312/UqeBAMN/mUWZFdUXyApT7GPzmX3MaRKGwhfwAZ6/hLzRUssbkmbOpFPlob/E2wnW +5olWK8jjfN7j/4nlNW4o6GwLI1GpJQXrSPjdscr6bAhR77cYbETKJuFzxokGgeWKrLDiKca5JLNr +RBH0pUPCTEPlcDaMtjNXepUugqD0XBCzYYP2AgWGLnwtbNwDRm41k9V6lS/eINhbfpSQBGq6WT0E +BXWdN6IOLj3rwaRSg/7Qa9RmjtzG6RJOHSpXqhC8fF6CfaamyfItufUXJ63RDolUK5X6wK0dmBR4 +M0KGCqlztft0DbcbMBnEWg4cJ7faGND/isgFuvGqHKI3t+ZIpEYslOqodmJHixBTB0hXbOKSTbau +BcvcwUpej6w9GU7C7WB1K9vBykLVAgMBAAGjYzBhMB8GA1UdIwQYMBaAFHKs5DN5qkWH9v2sHZ7W +xy+G2CQ5MB0GA1UdDgQWBBRyrOQzeapFh/b9rB2e1scvhtgkOTAOBgNVHQ8BAf8EBAMCAQYwDwYD +VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAoDtZpwmUPjaE0n4vOaWWl/oRrfxn83EJ +8rKJhGdEr7nv7ZbsnGTbMjBvZ5qsfl+yqwE2foH65IRe0qw24GtixX1LDoJt0nZi0f6X+J8wfBj5 +tFJ3gh1229MdqfDBmgC9bXXYfef6xzijnHDoRnkDry5023X4blMMA8iZGok1GTzTyVR8qPAs5m4H +eW9q4ebqkYJpCh3DflminmtGFZhb069GHWLIzoBSSRE/yQQSwxN8PzuKlts8oB4KtItUsiRnDe+C +y748fdHif64W1lZYudogsYMVoe+KTTJvQS8TUoKU1xrBeKJR3Stwbbca+few4GeXVtt8YVMJAygC +QMez2P2ccGrGKMOF6eLtGpOg3kuYooQ+BXcBlj37tCAPnHICehIv1aO6UXivKitEZU61/Qrowc15 +h2Er3oBXRb9n8ZuRXqWk7FlIEA04x7D6w0RtBPV4UBySllva9bguulvP5fBqnUsvWHMtTy3EHD70 +sz+rFQ47GUGKpMFXEmZxTPpT41frYpUJnlTd0cI8Vzy9OK2YZLe4A5pTVmBds9hCG1xLEooc6+t9 +xnppxyd/pPiL8uSUZodL6ZQHCRJ5irLrdATczvREWeAWysUsWNc8e89ihmpQfTU2Zqf7N+cox9jQ +raVplI/owd8k+BsHMYeB2F326CjYSlKArBPuUBQemMc= +-----END CERTIFICATE----- + +D-TRUST BR Root CA 1 2020 +========================= +-----BEGIN CERTIFICATE----- +MIIC2zCCAmCgAwIBAgIQfMmPK4TX3+oPyWWa00tNljAKBggqhkjOPQQDAzBIMQswCQYDVQQGEwJE +RTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEJSIFJvb3QgQ0EgMSAy +MDIwMB4XDTIwMDIxMTA5NDUwMFoXDTM1MDIxMTA5NDQ1OVowSDELMAkGA1UEBhMCREUxFTATBgNV +BAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBCUiBSb290IENBIDEgMjAyMDB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABMbLxyjR+4T1mu9CFCDhQ2tuda38KwOE1HaTJddZO0Flax7mNCq7 +dPYSzuht56vkPE4/RAiLzRZxy7+SmfSk1zxQVFKQhYN4lGdnoxwJGT11NIXe7WB9xwy0QVK5buXu +QqOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHOREKv/VbNafAkl1bK6CKBrqx9t +MA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6gPKA6hjhodHRwOi8vY3JsLmQtdHJ1c3Qu +bmV0L2NybC9kLXRydXN0X2JyX3Jvb3RfY2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVj +dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwQlIlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxP +PUQtVHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjOPQQD +AwNpADBmAjEAlJAtE/rhY/hhY+ithXhUkZy4kzg+GkHaQBZTQgjKL47xPoFWwKrY7RjEsK70Pvom +AjEA8yjixtsrmfu3Ubgko6SUeho/5jbiA1czijDLgsfWFBHVdWNbFJWcHwHP2NVypw87 +-----END CERTIFICATE----- + +D-TRUST EV Root CA 1 2020 +========================= +-----BEGIN CERTIFICATE----- +MIIC2zCCAmCgAwIBAgIQXwJB13qHfEwDo6yWjfv/0DAKBggqhkjOPQQDAzBIMQswCQYDVQQGEwJE +RTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEVWIFJvb3QgQ0EgMSAy +MDIwMB4XDTIwMDIxMTEwMDAwMFoXDTM1MDIxMTA5NTk1OVowSDELMAkGA1UEBhMCREUxFTATBgNV +BAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBFViBSb290IENBIDEgMjAyMDB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABPEL3YZDIBnfl4XoIkqbz52Yv7QFJsnL46bSj8WeeHsxiamJrSc8 +ZRCC/N/DnU7wMyPE0jL1HLDfMxddxfCxivnvubcUyilKwg+pf3VlSSowZ/Rk99Yad9rDwpdhQntJ +raOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFH8QARY3OqQo5FD4pPfsazK2/umL +MA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6gPKA6hjhodHRwOi8vY3JsLmQtdHJ1c3Qu +bmV0L2NybC9kLXRydXN0X2V2X3Jvb3RfY2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVj +dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwRVYlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxP +PUQtVHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjOPQQD +AwNpADBmAjEAyjzGKnXCXnViOTYAYFqLwZOZzNnbQTs7h5kXO9XMT8oi96CAy/m0sRtW9XLS/BnR +AjEAkfcwkz8QRitxpNA7RJvAKQIFskF3UfN5Wp6OFKBOQtJbgfM0agPnIjhQW+0ZT0MW +-----END CERTIFICATE----- + +DigiCert TLS ECC P384 Root G5 +============================= +-----BEGIN CERTIFICATE----- +MIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQswCQYDVQQGEwJV +UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURpZ2lDZXJ0IFRMUyBFQ0MgUDM4 +NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2MDExNDIzNTk1OVowTjELMAkGA1UEBhMCVVMx +FzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMSYwJAYDVQQDEx1EaWdpQ2VydCBUTFMgRUNDIFAzODQg +Um9vdCBHNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMFEoc8Rl1Ca3iOCNQfN0MsYndLxf3c1Tzvd +lHJS7cI7+Oz6e2tYIOyZrsn8aLN1udsJ7MgT9U7GCh1mMEy7H0cKPGEQQil8pQgO4CLp0zVozptj +n4S1mU1YoI71VOeVyaNCMEAwHQYDVR0OBBYEFMFRRVBZqz7nLFr6ICISB4CIfBFqMA4GA1UdDwEB +/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMQCJao1H5+z8blUD2Wds +Jk6Dxv3J+ysTvLd6jLRl0mlpYxNjOyZQLgGheQaRnUi/wr4CMEfDFXuxoJGZSZOoPHzoRgaLLPIx +AJSdYsiJvRmEFOml+wG4DXZDjC5Ty3zfDBeWUA== +-----END CERTIFICATE----- + +DigiCert TLS RSA4096 Root G5 +============================ +-----BEGIN CERTIFICATE----- +MIIFZjCCA06gAwIBAgIQCPm0eKj6ftpqMzeJ3nzPijANBgkqhkiG9w0BAQwFADBNMQswCQYDVQQG +EwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0 +MDk2IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcNNDYwMTE0MjM1OTU5WjBNMQswCQYDVQQGEwJV +UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0MDk2 +IFJvb3QgRzUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz0PTJeRGd/fxmgefM1eS8 +7IE+ajWOLrfn3q/5B03PMJ3qCQuZvWxX2hhKuHisOjmopkisLnLlvevxGs3npAOpPxG02C+JFvuU +AT27L/gTBaF4HI4o4EXgg/RZG5Wzrn4DReW+wkL+7vI8toUTmDKdFqgpwgscONyfMXdcvyej/Ces +tyu9dJsXLfKB2l2w4SMXPohKEiPQ6s+d3gMXsUJKoBZMpG2T6T867jp8nVid9E6P/DsjyG244gXa +zOvswzH016cpVIDPRFtMbzCe88zdH5RDnU1/cHAN1DrRN/BsnZvAFJNY781BOHW8EwOVfH/jXOnV +DdXifBBiqmvwPXbzP6PosMH976pXTayGpxi0KcEsDr9kvimM2AItzVwv8n/vFfQMFawKsPHTDU9q +TXeXAaDxZre3zu/O7Oyldcqs4+Fj97ihBMi8ez9dLRYiVu1ISf6nL3kwJZu6ay0/nTvEF+cdLvvy +z6b84xQslpghjLSR6Rlgg/IwKwZzUNWYOwbpx4oMYIwo+FKbbuH2TbsGJJvXKyY//SovcfXWJL5/ +MZ4PbeiPT02jP/816t9JXkGPhvnxd3lLG7SjXi/7RgLQZhNeXoVPzthwiHvOAbWWl9fNff2C+MIk +wcoBOU+NosEUQB+cZtUMCUbW8tDRSHZWOkPLtgoRObqME2wGtZ7P6wIDAQABo0IwQDAdBgNVHQ4E +FgQUUTMc7TZArxfTJc1paPKvTiM+s0EwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQEMBQADggIBAGCmr1tfV9qJ20tQqcQjNSH/0GEwhJG3PxDPJY7Jv0Y02cEhJhxw +GXIeo8mH/qlDZJY6yFMECrZBu8RHANmfGBg7sg7zNOok992vIGCukihfNudd5N7HPNtQOa27PShN +lnx2xlv0wdsUpasZYgcYQF+Xkdycx6u1UQ3maVNVzDl92sURVXLFO4uJ+DQtpBflF+aZfTCIITfN +MBc9uPK8qHWgQ9w+iUuQrm0D4ByjoJYJu32jtyoQREtGBzRj7TG5BO6jm5qu5jF49OokYTurWGT/ +u4cnYiWB39yhL/btp/96j1EuMPikAdKFOV8BmZZvWltwGUb+hmA+rYAQCd05JS9Yf7vSdPD3Rh9G +OUrYU9DzLjtxpdRv/PNn5AeP3SYZ4Y1b+qOTEZvpyDrDVWiakuFSdjjo4bq9+0/V77PnSIMx8IIh +47a+p6tv75/fTM8BuGJqIz3nCU2AG3swpMPdB380vqQmsvZB6Akd4yCYqjdP//fx4ilwMUc/dNAU +FvohigLVigmUdy7yWSiLfFCSCmZ4OIN1xLVaqBHG5cGdZlXPU8Sv13WFqUITVuwhd4GTWgzqltlJ +yqEI8pc7bZsEGCREjnwB8twl2F6GmrE52/WRMmrRpnCKovfepEWFJqgejF0pW8hL2JpqA15w8oVP +bEtoL8pU9ozaMv7Da4M/OMZ+ +-----END CERTIFICATE----- + +Certainly Root R1 +================= +-----BEGIN CERTIFICATE----- +MIIFRzCCAy+gAwIBAgIRAI4P+UuQcWhlM1T01EQ5t+AwDQYJKoZIhvcNAQELBQAwPTELMAkGA1UE +BhMCVVMxEjAQBgNVBAoTCUNlcnRhaW5seTEaMBgGA1UEAxMRQ2VydGFpbmx5IFJvb3QgUjEwHhcN +MjEwNDAxMDAwMDAwWhcNNDYwNDAxMDAwMDAwWjA9MQswCQYDVQQGEwJVUzESMBAGA1UEChMJQ2Vy +dGFpbmx5MRowGAYDVQQDExFDZXJ0YWlubHkgUm9vdCBSMTCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBANA21B/q3avk0bbm+yLA3RMNansiExyXPGhjZjKcA7WNpIGD2ngwEc/csiu+kr+O +5MQTvqRoTNoCaBZ0vrLdBORrKt03H2As2/X3oXyVtwxwhi7xOu9S98zTm/mLvg7fMbedaFySpvXl +8wo0tf97ouSHocavFwDvA5HtqRxOcT3Si2yJ9HiG5mpJoM610rCrm/b01C7jcvk2xusVtyWMOvwl +DbMicyF0yEqWYZL1LwsYpfSt4u5BvQF5+paMjRcCMLT5r3gajLQ2EBAHBXDQ9DGQilHFhiZ5shGI +XsXwClTNSaa/ApzSRKft43jvRl5tcdF5cBxGX1HpyTfcX35pe0HfNEXgO4T0oYoKNp43zGJS4YkN +KPl6I7ENPT2a/Z2B7yyQwHtETrtJ4A5KVpK8y7XdeReJkd5hiXSSqOMyhb5OhaRLWcsrxXiOcVTQ +AjeZjOVJ6uBUcqQRBi8LjMFbvrWhsFNunLhgkR9Za/kt9JQKl7XsxXYDVBtlUrpMklZRNaBA2Cnb +rlJ2Oy0wQJuK0EJWtLeIAaSHO1OWzaMWj/Nmqhexx2DgwUMFDO6bW2BvBlyHWyf5QBGenDPBt+U1 +VwV/J84XIIwc/PH72jEpSe31C4SnT8H2TsIonPru4K8H+zMReiFPCyEQtkA6qyI6BJyLm4SGcprS +p6XEtHWRqSsjAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud +DgQWBBTgqj8ljZ9EXME66C6ud0yEPmcM9DANBgkqhkiG9w0BAQsFAAOCAgEAuVevuBLaV4OPaAsz +HQNTVfSVcOQrPbA56/qJYv331hgELyE03fFo8NWWWt7CgKPBjcZq91l3rhVkz1t5BXdm6ozTaw3d +8VkswTOlMIAVRQdFGjEitpIAq5lNOo93r6kiyi9jyhXWx8bwPWz8HA2YEGGeEaIi1wrykXprOQ4v +MMM2SZ/g6Q8CRFA3lFV96p/2O7qUpUzpvD5RtOjKkjZUbVwlKNrdrRT90+7iIgXr0PK3aBLXWopB +GsaSpVo7Y0VPv+E6dyIvXL9G+VoDhRNCX8reU9ditaY1BMJH/5n9hN9czulegChB8n3nHpDYT3Y+ +gjwN/KUD+nsa2UUeYNrEjvn8K8l7lcUq/6qJ34IxD3L/DCfXCh5WAFAeDJDBlrXYFIW7pw0WwfgH +JBu6haEaBQmAupVjyTrsJZ9/nbqkRxWbRHDxakvWOF5D8xh+UG7pWijmZeZ3Gzr9Hb4DJqPb1OG7 +fpYnKx3upPvaJVQTA945xsMfTZDsjxtK0hzthZU4UHlG1sGQUDGpXJpuHfUzVounmdLyyCwzk5Iw +x06MZTMQZBf9JBeW0Y3COmor6xOLRPIh80oat3df1+2IpHLlOR+Vnb5nwXARPbv0+Em34yaXOp/S +X3z7wJl8OSngex2/DaeP0ik0biQVy96QXr8axGbqwua6OV+KmalBWQewLK8= +-----END CERTIFICATE----- + +Certainly Root E1 +================= +-----BEGIN CERTIFICATE----- +MIIB9zCCAX2gAwIBAgIQBiUzsUcDMydc+Y2aub/M+DAKBggqhkjOPQQDAzA9MQswCQYDVQQGEwJV +UzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0YWlubHkgUm9vdCBFMTAeFw0yMTA0 +MDEwMDAwMDBaFw00NjA0MDEwMDAwMDBaMD0xCzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlDZXJ0YWlu +bHkxGjAYBgNVBAMTEUNlcnRhaW5seSBSb290IEUxMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3m/4 +fxzf7flHh4axpMCK+IKXgOqPyEpeKn2IaKcBYhSRJHpcnqMXfYqGITQYUBsQ3tA3SybHGWCA6TS9 +YBk2QNYphwk8kXr2vBMj3VlOBF7PyAIcGFPBMdjaIOlEjeR2o0IwQDAOBgNVHQ8BAf8EBAMCAQYw +DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ygYy2R17ikq6+2uI1g4hevIIgcwCgYIKoZIzj0E +AwMDaAAwZQIxALGOWiDDshliTd6wT99u0nCK8Z9+aozmut6Dacpps6kFtZaSF4fC0urQe87YQVt8 +rgIwRt7qy12a7DLCZRawTDBcMPPaTnOGBtjOiQRINzf43TNRnXCve1XYAS59BWQOhriR +-----END CERTIFICATE----- + +Security Communication ECC RootCA1 +================================== +-----BEGIN CERTIFICATE----- +MIICODCCAb6gAwIBAgIJANZdm7N4gS7rMAoGCCqGSM49BAMDMGExCzAJBgNVBAYTAkpQMSUwIwYD +VQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYDVQQDEyJTZWN1cml0eSBDb21t +dW5pY2F0aW9uIEVDQyBSb290Q0ExMB4XDTE2MDYxNjA1MTUyOFoXDTM4MDExODA1MTUyOFowYTEL +MAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKzApBgNV +BAMTIlNlY3VyaXR5IENvbW11bmljYXRpb24gRUNDIFJvb3RDQTEwdjAQBgcqhkjOPQIBBgUrgQQA +IgNiAASkpW9gAwPDvTH00xecK4R1rOX9PVdu12O/5gSJko6BnOPpR27KkBLIE+CnnfdldB9sELLo +5OnvbYUymUSxXv3MdhDYW72ixvnWQuRXdtyQwjWpS4g8EkdtXP9JTxpKULGjQjBAMB0GA1UdDgQW +BBSGHOf+LaVKiwj+KBH6vqNm+GBZLzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAK +BggqhkjOPQQDAwNoADBlAjAVXUI9/Lbu9zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3L +snNdo4gIxwwCMQDAqy0Obe0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70e +N9k= +-----END CERTIFICATE----- + +BJCA Global Root CA1 +==================== +-----BEGIN CERTIFICATE----- +MIIFdDCCA1ygAwIBAgIQVW9l47TZkGobCdFsPsBsIDANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQG +EwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJVFkxHTAbBgNVBAMMFEJK +Q0EgR2xvYmFsIFJvb3QgQ0ExMB4XDTE5MTIxOTAzMTYxN1oXDTQ0MTIxMjAzMTYxN1owVDELMAkG +A1UEBhMCQ04xJjAkBgNVBAoMHUJFSUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQD +DBRCSkNBIEdsb2JhbCBSb290IENBMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPFm +CL3ZxRVhy4QEQaVpN3cdwbB7+sN3SJATcmTRuHyQNZ0YeYjjlwE8R4HyDqKYDZ4/N+AZspDyRhyS +sTphzvq3Rp4Dhtczbu33RYx2N95ulpH3134rhxfVizXuhJFyV9xgw8O558dnJCNPYwpj9mZ9S1Wn +P3hkSWkSl+BMDdMJoDIwOvqfwPKcxRIqLhy1BDPapDgRat7GGPZHOiJBhyL8xIkoVNiMpTAK+BcW +yqw3/XmnkRd4OJmtWO2y3syJfQOcs4ll5+M7sSKGjwZteAf9kRJ/sGsciQ35uMt0WwfCyPQ10WRj +eulumijWML3mG90Vr4TqnMfK9Q7q8l0ph49pczm+LiRvRSGsxdRpJQaDrXpIhRMsDQa4bHlW/KNn +MoH1V6XKV0Jp6VwkYe/iMBhORJhVb3rCk9gZtt58R4oRTklH2yiUAguUSiz5EtBP6DF+bHq/pj+b +OT0CFqMYs2esWz8sgytnOYFcuX6U1WTdno9uruh8W7TXakdI136z1C2OVnZOz2nxbkRs1CTqjSSh +GL+9V/6pmTW12xB3uD1IutbB5/EjPtffhZ0nPNRAvQoMvfXnjSXWgXSHRtQpdaJCbPdzied9v3pK +H9MiyRVVz99vfFXQpIsHETdfg6YmV6YBW37+WGgHqel62bno/1Afq8K0wM7o6v0PvY1NuLxxAgMB +AAGjQjBAMB0GA1UdDgQWBBTF7+3M2I0hxkjk49cULqcWk+WYATAPBgNVHRMBAf8EBTADAQH/MA4G +A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAUoKsITQfI/Ki2Pm4rzc2IInRNwPWaZ+4 +YRC6ojGYWUfo0Q0lHhVBDOAqVdVXUsv45Mdpox1NcQJeXyFFYEhcCY5JEMEE3KliawLwQ8hOnThJ +dMkycFRtwUf8jrQ2ntScvd0g1lPJGKm1Vrl2i5VnZu69mP6u775u+2D2/VnGKhs/I0qUJDAnyIm8 +60Qkmss9vk/Ves6OF8tiwdneHg56/0OGNFK8YT88X7vZdrRTvJez/opMEi4r89fO4aL/3Xtw+zuh +TaRjAv04l5U/BXCga99igUOLtFkNSoxUnMW7gZ/NfaXvCyUeOiDbHPwfmGcCCtRzRBPbUYQaVQNW +4AB+dAb/OMRyHdOoP2gxXdMJxy6MW2Pg6Nwe0uxhHvLe5e/2mXZgLR6UcnHGCyoyx5JO1UbXHfmp +GQrI+pXObSOYqgs4rZpWDW+N8TEAiMEXnM0ZNjX+VVOg4DwzX5Ze4jLp3zO7Bkqp2IRzznfSxqxx +4VyjHQy7Ct9f4qNx2No3WqB4K/TUfet27fJhcKVlmtOJNBir+3I+17Q9eVzYH6Eze9mCUAyTF6ps +3MKCuwJXNq+YJyo5UOGwifUll35HaBC07HPKs5fRJNz2YqAo07WjuGS3iGJCz51TzZm+ZGiPTx4S +SPfSKcOYKMryMguTjClPPGAyzQWWYezyr/6zcCwupvI= +-----END CERTIFICATE----- + +BJCA Global Root CA2 +==================== +-----BEGIN CERTIFICATE----- +MIICJTCCAaugAwIBAgIQLBcIfWQqwP6FGFkGz7RK6zAKBggqhkjOPQQDAzBUMQswCQYDVQQGEwJD +TjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJVFkxHTAbBgNVBAMMFEJKQ0Eg +R2xvYmFsIFJvb3QgQ0EyMB4XDTE5MTIxOTAzMTgyMVoXDTQ0MTIxMjAzMTgyMVowVDELMAkGA1UE +BhMCQ04xJjAkBgNVBAoMHUJFSUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRC +SkNBIEdsb2JhbCBSb290IENBMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ3LgJGNU2e1uVCxA/jl +SR9BIgmwUVJY1is0j8USRhTFiy8shP8sbqjV8QnjAyEUxEM9fMEsxEtqSs3ph+B99iK++kpRuDCK +/eHeGBIK9ke35xe/J4rUQUyWPGCWwf0VHKNCMEAwHQYDVR0OBBYEFNJKsVF/BvDRgh9Obl+rg/xI +1LCRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gAMGUCMBq8 +W9f+qdJUDkpd0m2xQNz0Q9XSSpkZElaA94M04TVOSG0ED1cxMDAtsaqdAzjbBgIxAMvMh1PLet8g +UXOQwKhbYdDFUDn9hf7B43j4ptZLvZuHjw/l1lOWqzzIQNph91Oj9w== +-----END CERTIFICATE----- + +Sectigo Public Server Authentication Root E46 +============================================= +-----BEGIN CERTIFICATE----- +MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQswCQYDVQQGEwJH +QjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBTZXJ2 +ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5 +WjBfMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0 +aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUr +gQQAIgNiAAR2+pmpbiDt+dd34wc7qNs9Xzjoq1WmVk/WSOrsfy2qw7LFeeyZYX8QeccCWvkEN/U0 +NSt3zn8gj1KjAIns1aeibVvjS5KToID1AZTc8GgHHs3u/iVStSBDHBv+6xnOQ6OjQjBAMB0GA1Ud +DgQWBBTRItpMWfFLXyY4qp3W7usNw/upYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB +/zAKBggqhkjOPQQDAwNnADBkAjAn7qRaqCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RH +lAFWovgzJQxC36oCMB3q4S6ILuH5px0CMk7yn2xVdOOurvulGu7t0vzCAxHrRVxgED1cf5kDW21U +SAGKcw== +-----END CERTIFICATE----- + +Sectigo Public Server Authentication Root R46 +============================================= +-----BEGIN CERTIFICATE----- +MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBfMQswCQYDVQQG +EwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBT +ZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwHhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1 +OTU5WjBfMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T +ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwggIiMA0GCSqGSIb3 +DQEBAQUAA4ICDwAwggIKAoICAQCTvtU2UnXYASOgHEdCSe5jtrch/cSV1UgrJnwUUxDaef0rty2k +1Cz66jLdScK5vQ9IPXtamFSvnl0xdE8H/FAh3aTPaE8bEmNtJZlMKpnzSDBh+oF8HqcIStw+Kxwf +GExxqjWMrfhu6DtK2eWUAtaJhBOqbchPM8xQljeSM9xfiOefVNlI8JhD1mb9nxc4Q8UBUQvX4yMP +FF1bFOdLvt30yNoDN9HWOaEhUTCDsG3XME6WW5HwcCSrv0WBZEMNvSE6Lzzpng3LILVCJ8zab5vu +ZDCQOc2TZYEhMbUjUDM3IuM47fgxMMxF/mL50V0yeUKH32rMVhlATc6qu/m1dkmU8Sf4kaWD5Qaz +Yw6A3OASVYCmO2a0OYctyPDQ0RTp5A1NDvZdV3LFOxxHVp3i1fuBYYzMTYCQNFu31xR13NgESJ/A +wSiItOkcyqex8Va3e0lMWeUgFaiEAin6OJRpmkkGj80feRQXEgyDet4fsZfu+Zd4KKTIRJLpfSYF +plhym3kT2BFfrsU4YjRosoYwjviQYZ4ybPUHNs2iTG7sijbt8uaZFURww3y8nDnAtOFr94MlI1fZ +EoDlSfB1D++N6xybVCi0ITz8fAr/73trdf+LHaAZBav6+CuBQug4urv7qv094PPK306Xlynt8xhW +6aWWrL3DkJiy4Pmi1KZHQ3xtzwIDAQABo0IwQDAdBgNVHQ4EFgQUVnNYZJX5khqwEioEYnmhQBWI +IUkwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAC9c +mTz8Bl6MlC5w6tIyMY208FHVvArzZJ8HXtXBc2hkeqK5Duj5XYUtqDdFqij0lgVQYKlJfp/imTYp +E0RHap1VIDzYm/EDMrraQKFz6oOht0SmDpkBm+S8f74TlH7Kph52gDY9hAaLMyZlbcp+nv4fjFg4 +exqDsQ+8FxG75gbMY/qB8oFM2gsQa6H61SilzwZAFv97fRheORKkU55+MkIQpiGRqRxOF3yEvJ+M +0ejf5lG5Nkc/kLnHvALcWxxPDkjBJYOcCj+esQMzEhonrPcibCTRAUH4WAP+JWgiH5paPHxsnnVI +84HxZmduTILA7rpXDhjvLpr3Etiga+kFpaHpaPi8TD8SHkXoUsCjvxInebnMMTzD9joiFgOgyY9m +pFuiTdaBJQbpdqQACj7LzTWb4OE4y2BThihCQRxEV+ioratF4yUQvNs+ZUH7G6aXD+u5dHn5Hrwd +Vw1Hr8Mvn4dGp+smWg9WY7ViYG4A++MnESLn/pmPNPW56MORcr3Ywx65LvKRRFHQV80MNNVIIb/b +E/FmJUNS0nAiNs2fxBx1IK1jcmMGDw4nztJqDby1ORrp0XZ60Vzk50lJLVU3aPAaOpg+VBeHVOmm +J1CJeyAvP/+/oYtKR5j/K3tJPsMpRmAYQqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL +-----END CERTIFICATE----- + +SSL.com TLS RSA Root CA 2022 +============================ +-----BEGIN CERTIFICATE----- +MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQG +EwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxTU0wuY29tIFRMUyBSU0Eg +Um9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloXDTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMC +VVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJv +b3QgQ0EgMjAyMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u +9nTPL3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OYt6/wNr/y +7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0insS657Lb85/bRi3pZ7Qcac +oOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3PnxEX4MN8/HdIGkWCVDi1FW24IBydm5M +R7d1VVm0U3TZlMZBrViKMWYPHqIbKUBOL9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDG +D6C1vBdOSHtRwvzpXGk3R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEW +TO6Af77wdr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS+YCk +8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYSd66UNHsef8JmAOSq +g+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoGAtUjHBPW6dvbxrB6y3snm/vg1UYk +7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2fgTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1Ud +EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsu +N+7jhHonLs0ZNbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt +hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsMQtfhWsSWTVTN +j8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvfR4iyrT7gJ4eLSYwfqUdYe5by +iB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJDPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjU +o3KUQyxi4U5cMj29TH0ZR6LDSeeWP4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqo +ENjwuSfr98t67wVylrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7Egkaib +MOlqbLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2wAgDHbICi +vRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3qr5nsLFR+jM4uElZI7xc7 +P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sjiMho6/4UIyYOf8kpIEFR3N+2ivEC+5BB0 +9+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA= +-----END CERTIFICATE----- + +SSL.com TLS ECC Root CA 2022 +============================ +-----BEGIN CERTIFICATE----- +MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQswCQYDVQQGEwJV +UzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxTU0wuY29tIFRMUyBFQ0MgUm9v +dCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2MDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMx +GDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3Qg +Q0EgMjAyMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWy +JGYmacCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFNSeR7T5v1 +5wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSJjy+j6CugFFR7 +81a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NWuCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGG +MAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w +7deedWo1dlJF4AIxAMeNb0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5 +Zn6g6g== +-----END CERTIFICATE----- + +Atos TrustedRoot Root CA ECC TLS 2021 +===================================== +-----BEGIN CERTIFICATE----- +MIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4wLAYDVQQDDCVB +dG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0wCwYDVQQKDARBdG9zMQswCQYD +VQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0MTcwOTI2MjJaMEwxLjAsBgNVBAMMJUF0b3Mg +VHJ1c3RlZFJvb3QgUm9vdCBDQSBFQ0MgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYT +AkRFMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEloZYKDcKZ9Cg3iQZGeHkBQcfl+3oZIK59sRxUM6K +DP/XtXa7oWyTbIOiaG6l2b4siJVBzV3dscqDY4PMwL502eCdpO5KTlbgmClBk1IQ1SQ4AjJn8ZQS +b+/Xxd4u/RmAo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2KCXWfeBmmnoJsmo7jjPX +NtNPojAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMDaAAwZQIwW5kp85wxtolrbNa9d+F851F+ +uDrNozZffPc8dz7kUK2o59JZDCaOMDtuCCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGY +a3cpetskz2VAv9LcjBHo9H1/IISpQuQo +-----END CERTIFICATE----- + +Atos TrustedRoot Root CA RSA TLS 2021 +===================================== +-----BEGIN CERTIFICATE----- +MIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBMMS4wLAYDVQQD +DCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIxMQ0wCwYDVQQKDARBdG9zMQsw +CQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00MTA0MTcwOTIxMDlaMEwxLjAsBgNVBAMMJUF0 +b3MgVHJ1c3RlZFJvb3QgUm9vdCBDQSBSU0EgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNV +BAYTAkRFMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtoAOxHm9BYx9sKOdTSJNy/BB +l01Z4NH+VoyX8te9j2y3I49f1cTYQcvyAh5x5en2XssIKl4w8i1mx4QbZFc4nXUtVsYvYe+W/CBG +vevUez8/fEc4BKkbqlLfEzfTFRVOvV98r61jx3ncCHvVoOX3W3WsgFWZkmGbzSoXfduP9LVq6hdK +ZChmFSlsAvFr1bqjM9xaZ6cF4r9lthawEO3NUDPJcFDsGY6wx/J0W2tExn2WuZgIWWbeKQGb9Cpt +0xU6kGpn8bRrZtkh68rZYnxGEFzedUlnnkL5/nWpo63/dgpnQOPF943HhZpZnmKaau1Fh5hnstVK +PNe0OwANwI8f4UDErmwh3El+fsqyjW22v5MvoVw+j8rtgI5Y4dtXz4U2OLJxpAmMkokIiEjxQGMY +sluMWuPD0xeqqxmjLBvk1cbiZnrXghmmOxYsL3GHX0WelXOTwkKBIROW1527k2gV+p2kHYzygeBY +Br3JtuP2iV2J+axEoctr+hbxx1A9JNr3w+SH1VbxT5Aw+kUJWdo0zuATHAR8ANSbhqRAvNncTFd+ +rrcztl524WWLZt+NyteYr842mIycg5kDcPOvdO3GDjbnvezBc6eUWsuSZIKmAMFwoW4sKeFYV+xa +fJlrJaSQOoD0IJ2azsct+bJLKZWD6TWNp0lIpw9MGZHQ9b8Q4HECAwEAAaNCMEAwDwYDVR0TAQH/ +BAUwAwEB/zAdBgNVHQ4EFgQUdEmZ0f+0emhFdcN+tNzMzjkz2ggwDgYDVR0PAQH/BAQDAgGGMA0G +CSqGSIb3DQEBDAUAA4ICAQAjQ1MkYlxt/T7Cz1UAbMVWiLkO3TriJQ2VSpfKgInuKs1l+NsW4AmS +4BjHeJi78+xCUvuppILXTdiK/ORO/auQxDh1MoSf/7OwKwIzNsAQkG8dnK/haZPso0UvFJ/1TCpl +Q3IM98P4lYsU84UgYt1UU90s3BiVaU+DR3BAM1h3Egyi61IxHkzJqM7F78PRreBrAwA0JrRUITWX +AdxfG/F851X6LWh3e9NpzNMOa7pNdkTWwhWaJuywxfW70Xp0wmzNxbVe9kzmWy2B27O3Opee7c9G +slA9hGCZcbUztVdF5kJHdWoOsAgMrr3e97sPWD2PAzHoPYJQyi9eDF20l74gNAf0xBLh7tew2Vkt +afcxBPTy+av5EzH4AXcOPUIjJsyacmdRIXrMPIWo6iFqO9taPKU0nprALN+AnCng33eU0aKAQv9q +TFsR0PXNor6uzFFcw9VUewyu1rkGd4Di7wcaaMxZUa1+XGdrudviB0JbuAEFWDlN5LuYo7Ey7Nmj +1m+UI/87tyll5gfp77YZ6ufCOB0yiJA8EytuzO+rdwY0d4RPcuSBhPm5dDTedk+SKlOxJTnbPP/l +PqYO5Wue/9vsL3SD3460s6neFE3/MaNFcyT6lSnMEpcEoji2jbDwN/zIIX8/syQbPYtuzE2wFg2W +HYMfRsCbvUOZ58SWLs5fyQ== +-----END CERTIFICATE----- + +TrustAsia Global Root CA G3 +=========================== +-----BEGIN CERTIFICATE----- +MIIFpTCCA42gAwIBAgIUZPYOZXdhaqs7tOqFhLuxibhxkw8wDQYJKoZIhvcNAQEMBQAwWjELMAkG +A1UEBhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xJDAiBgNVBAMM +G1RydXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHMzAeFw0yMTA1MjAwMjEwMTlaFw00NjA1MTkwMjEw +MTlaMFoxCzAJBgNVBAYTAkNOMSUwIwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMu +MSQwIgYDVQQDDBtUcnVzdEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzMwggIiMA0GCSqGSIb3DQEBAQUA +A4ICDwAwggIKAoICAQDAMYJhkuSUGwoqZdC+BqmHO1ES6nBBruL7dOoKjbmzTNyPtxNST1QY4Sxz +lZHFZjtqz6xjbYdT8PfxObegQ2OwxANdV6nnRM7EoYNl9lA+sX4WuDqKAtCWHwDNBSHvBm3dIZwZ +Q0WhxeiAysKtQGIXBsaqvPPW5vxQfmZCHzyLpnl5hkA1nyDvP+uLRx+PjsXUjrYsyUQE49RDdT/V +P68czH5GX6zfZBCK70bwkPAPLfSIC7Epqq+FqklYqL9joDiR5rPmd2jE+SoZhLsO4fWvieylL1Ag +dB4SQXMeJNnKziyhWTXAyB1GJ2Faj/lN03J5Zh6fFZAhLf3ti1ZwA0pJPn9pMRJpxx5cynoTi+jm +9WAPzJMshH/x/Gr8m0ed262IPfN2dTPXS6TIi/n1Q1hPy8gDVI+lhXgEGvNz8teHHUGf59gXzhqc +D0r83ERoVGjiQTz+LISGNzzNPy+i2+f3VANfWdP3kXjHi3dqFuVJhZBFcnAvkV34PmVACxmZySYg +WmjBNb9Pp1Hx2BErW+Canig7CjoKH8GB5S7wprlppYiU5msTf9FkPz2ccEblooV7WIQn3MSAPmea +mseaMQ4w7OYXQJXZRe0Blqq/DPNL0WP3E1jAuPP6Z92bfW1K/zJMtSU7/xxnD4UiWQWRkUF3gdCF +TIcQcf+eQxuulXUtgQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFEDk5PIj +7zjKsK5Xf/IhMBY027ySMB0GA1UdDgQWBBRA5OTyI+84yrCuV3/yITAWNNu8kjAOBgNVHQ8BAf8E +BAMCAQYwDQYJKoZIhvcNAQEMBQADggIBACY7UeFNOPMyGLS0XuFlXsSUT9SnYaP4wM8zAQLpw6o1 +D/GUE3d3NZ4tVlFEbuHGLige/9rsR82XRBf34EzC4Xx8MnpmyFq2XFNFV1pF1AWZLy4jVe5jaN/T +G3inEpQGAHUNcoTpLrxaatXeL1nHo+zSh2bbt1S1JKv0Q3jbSwTEb93mPmY+KfJLaHEih6D4sTNj +duMNhXJEIlU/HHzp/LgV6FL6qj6jITk1dImmasI5+njPtqzn59ZW/yOSLlALqbUHM/Q4X6RJpstl +cHboCoWASzY9M/eVVHUl2qzEc4Jl6VL1XP04lQJqaTDFHApXB64ipCz5xUG3uOyfT0gA+QEEVcys ++TIxxHWVBqB/0Y0n3bOppHKH/lmLmnp0Ft0WpWIp6zqW3IunaFnT63eROfjXy9mPX1onAX1daBli +2MjN9LdyR75bl87yraKZk62Uy5P2EgmVtqvXO9A/EcswFi55gORngS1d7XB4tmBZrOFdRWOPyN9y +aFvqHbgB8X7754qz41SgOAngPN5C8sLtLpvzHzW2NtjjgKGLzZlkD8Kqq7HK9W+eQ42EVJmzbsAS +ZthwEPEGNTNDqJwuuhQxzhB/HIbjj9LV+Hfsm6vxL2PZQl/gZ4FkkfGXL/xuJvYz+NO1+MRiqzFR +JQJ6+N1rZdVtTTDIZbpoFGWsJwt0ivKH +-----END CERTIFICATE----- + +TrustAsia Global Root CA G4 +=========================== +-----BEGIN CERTIFICATE----- +MIICVTCCAdygAwIBAgIUTyNkuI6XY57GU4HBdk7LKnQV1tcwCgYIKoZIzj0EAwMwWjELMAkGA1UE +BhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xJDAiBgNVBAMMG1Ry +dXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHNDAeFw0yMTA1MjAwMjEwMjJaFw00NjA1MTkwMjEwMjJa +MFoxCzAJBgNVBAYTAkNOMSUwIwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMSQw +IgYDVQQDDBtUcnVzdEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AATxs8045CVD5d4ZCbuBeaIVXxVjAd7Cq92zphtnS4CDr5nLrBfbK5bKfFJV4hrhPVbwLxYI+hW8 +m7tH5j/uqOFMjPXTNvk4XatwmkcN4oFBButJ+bAp3TPsUKV/eSm4IJijYzBhMA8GA1UdEwEB/wQF +MAMBAf8wHwYDVR0jBBgwFoAUpbtKl86zK3+kMd6Xg1mDpm9xy94wHQYDVR0OBBYEFKW7SpfOsyt/ +pDHel4NZg6ZvccveMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjBe8usGzEkxn0AA +bbd+NvBNEU/zy4k6LHiRUKNbwMp1JvK/kF0LgoxgKJ/GcJpo5PECMFxYDlZ2z1jD1xCMuo6u47xk +dUfFVZDj/bpV6wfEU6s3qe4hsiFbYI89MvHVI5TWWA== +-----END CERTIFICATE----- + +CommScope Public Trust ECC Root-01 +================================== +-----BEGIN CERTIFICATE----- +MIICHTCCAaOgAwIBAgIUQ3CCd89NXTTxyq4yLzf39H91oJ4wCgYIKoZIzj0EAwMwTjELMAkGA1UE +BhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBUcnVz +dCBFQ0MgUm9vdC0wMTAeFw0yMTA0MjgxNzM1NDNaFw00NjA0MjgxNzM1NDJaME4xCzAJBgNVBAYT +AlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3Qg +RUNDIFJvb3QtMDEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARLNumuV16ocNfQj3Rid8NeeqrltqLx +eP0CflfdkXmcbLlSiFS8LwS+uM32ENEp7LXQoMPwiXAZu1FlxUOcw5tjnSCDPgYLpkJEhRGnSjot +6dZoL0hOUysHP029uax3OVejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBSOB2LAUN3GGQYARnQE9/OufXVNMDAKBggqhkjOPQQDAwNoADBlAjEAnDPfQeMjqEI2 +Jpc1XHvr20v4qotzVRVcrHgpD7oh2MSg2NED3W3ROT3Ek2DS43KyAjB8xX6I01D1HiXo+k515liW +pDVfG2XqYZpwI7UNo5uSUm9poIyNStDuiw7LR47QjRE= +-----END CERTIFICATE----- + +CommScope Public Trust ECC Root-02 +================================== +-----BEGIN CERTIFICATE----- +MIICHDCCAaOgAwIBAgIUKP2ZYEFHpgE6yhR7H+/5aAiDXX0wCgYIKoZIzj0EAwMwTjELMAkGA1UE +BhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBUcnVz +dCBFQ0MgUm9vdC0wMjAeFw0yMTA0MjgxNzQ0NTRaFw00NjA0MjgxNzQ0NTNaME4xCzAJBgNVBAYT +AlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3Qg +RUNDIFJvb3QtMDIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAR4MIHoYx7l63FRD/cHB8o5mXxO1Q/M +MDALj2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmUv4RDsNuE +SgMjGWdqb8FuvAY5N9GIIvejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G +A1UdDgQWBBTmGHX/72DehKT1RsfeSlXjMjZ59TAKBggqhkjOPQQDAwNnADBkAjAmc0l6tqvmSfR9 +Uj/UQQSugEODZXW5hYA4O9Zv5JOGq4/nich/m35rChJVYaoR4HkCMHfoMXGsPHED1oQmHhS48zs7 +3u1Z/GtMMH9ZzkXpc2AVmkzw5l4lIhVtwodZ0LKOag== +-----END CERTIFICATE----- + +CommScope Public Trust RSA Root-01 +================================== +-----BEGIN CERTIFICATE----- +MIIFbDCCA1SgAwIBAgIUPgNJgXUWdDGOTKvVxZAplsU5EN0wDQYJKoZIhvcNAQELBQAwTjELMAkG +A1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBU +cnVzdCBSU0EgUm9vdC0wMTAeFw0yMTA0MjgxNjQ1NTRaFw00NjA0MjgxNjQ1NTNaME4xCzAJBgNV +BAYTAlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1 +c3QgUlNBIFJvb3QtMDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwSGWjDR1C45Ft +nYSkYZYSwu3D2iM0GXb26v1VWvZVAVMP8syMl0+5UMuzAURWlv2bKOx7dAvnQmtVzslhsuitQDy6 +uUEKBU8bJoWPQ7VAtYXR1HHcg0Hz9kXHgKKEUJdGzqAMxGBWBB0HW0alDrJLpA6lfO741GIDuZNq +ihS4cPgugkY4Iw50x2tBt9Apo52AsH53k2NC+zSDO3OjWiE260f6GBfZumbCk6SP/F2krfxQapWs +vCQz0b2If4b19bJzKo98rwjyGpg/qYFlP8GMicWWMJoKz/TUyDTtnS+8jTiGU+6Xn6myY5QXjQ/c +Zip8UlF1y5mO6D1cv547KI2DAg+pn3LiLCuz3GaXAEDQpFSOm117RTYm1nJD68/A6g3czhLmfTif +BSeolz7pUcZsBSjBAg/pGG3svZwG1KdJ9FQFa2ww8esD1eo9anbCyxooSU1/ZOD6K9pzg4H/kQO9 +lLvkuI6cMmPNn7togbGEW682v3fuHX/3SZtS7NJ3Wn2RnU3COS3kuoL4b/JOHg9O5j9ZpSPcPYeo +KFgo0fEbNttPxP/hjFtyjMcmAyejOQoBqsCyMWCDIqFPEgkBEa801M/XrmLTBQe0MXXgDW1XT2mH ++VepuhX2yFJtocucH+X8eKg1mp9BFM6ltM6UCBwJrVbl2rZJmkrqYxhTnCwuwwIDAQABo0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUN12mmnQywsL5x6YVEFm4 +5P3luG0wDQYJKoZIhvcNAQELBQADggIBAK+nz97/4L1CjU3lIpbfaOp9TSp90K09FlxD533Ahuh6 +NWPxzIHIxgvoLlI1pKZJkGNRrDSsBTtXAOnTYtPZKdVUvhwQkZyybf5Z/Xn36lbQnmhUQo8mUuJM +3y+Xpi/SB5io82BdS5pYV4jvguX6r2yBS5KPQJqTRlnLX3gWsWc+QgvfKNmwrZggvkN80V4aCRck +jXtdlemrwWCrWxhkgPut4AZ9HcpZuPN4KWfGVh2vtrV0KnahP/t1MJ+UXjulYPPLXAziDslg+Mkf +Foom3ecnf+slpoq9uC02EJqxWE2aaE9gVOX2RhOOiKy8IUISrcZKiX2bwdgt6ZYD9KJ0DLwAHb/W +NyVntHKLr4W96ioDj8z7PEQkguIBpQtZtjSNMgsSDesnwv1B10A8ckYpwIzqug/xBpMu95yo9GA+ +o/E4Xo4TwbM6l4c/ksp4qRyv0LAbJh6+cOx69TOY6lz/KwsETkPdY34Op054A5U+1C0wlREQKC6/ +oAI+/15Z0wUOlV9TRe9rh9VIzRamloPh37MG88EU26fsHItdkJANclHnYfkUyq+Dj7+vsQpZXdxc +1+SWrVtgHdqul7I52Qb1dgAT+GhMIbA1xNxVssnBQVocicCMb3SgazNNtQEo/a2tiRc7ppqEvOuM +6sRxJKi6KfkIsidWNTJf6jn7MZrVGczw +-----END CERTIFICATE----- + +CommScope Public Trust RSA Root-02 +================================== +-----BEGIN CERTIFICATE----- +MIIFbDCCA1SgAwIBAgIUVBa/O345lXGN0aoApYYNK496BU4wDQYJKoZIhvcNAQELBQAwTjELMAkG +A1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBU +cnVzdCBSU0EgUm9vdC0wMjAeFw0yMTA0MjgxNzE2NDNaFw00NjA0MjgxNzE2NDJaME4xCzAJBgNV +BAYTAlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1 +c3QgUlNBIFJvb3QtMDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDh+g77aAASyE3V +rCLENQE7xVTlWXZjpX/rwcRqmL0yjReA61260WI9JSMZNRTpf4mnG2I81lDnNJUDMrG0kyI9p+Kx +7eZ7Ti6Hmw0zdQreqjXnfuU2mKKuJZ6VszKWpCtYHu8//mI0SFHRtI1CrWDaSWqVcN3SAOLMV2MC +e5bdSZdbkk6V0/nLKR8YSvgBKtJjCW4k6YnS5cciTNxzhkcAqg2Ijq6FfUrpuzNPDlJwnZXjfG2W +Wy09X6GDRl224yW4fKcZgBzqZUPckXk2LHR88mcGyYnJ27/aaL8j7dxrrSiDeS/sOKUNNwFnJ5rp +M9kzXzehxfCrPfp4sOcsn/Y+n2Dg70jpkEUeBVF4GiwSLFworA2iI540jwXmojPOEXcT1A6kHkIf +hs1w/tkuFT0du7jyU1fbzMZ0KZwYszZ1OC4PVKH4kh+Jlk+71O6d6Ts2QrUKOyrUZHk2EOH5kQMr +eyBUzQ0ZGshBMjTRsJnhkB4BQDa1t/qp5Xd1pCKBXbCL5CcSD1SIxtuFdOa3wNemKfrb3vOTlycE +VS8KbzfFPROvCgCpLIscgSjX74Yxqa7ybrjKaixUR9gqiC6vwQcQeKwRoi9C8DfF8rhW3Q5iLc4t +Vn5V8qdE9isy9COoR+jUKgF4z2rDN6ieZdIs5fq6M8EGRPbmz6UNp2YINIos8wIDAQABo0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUR9DnsSL/nSz12Vdgs7Gx +cJXvYXowDQYJKoZIhvcNAQELBQADggIBAIZpsU0v6Z9PIpNojuQhmaPORVMbc0RTAIFhzTHjCLqB +KCh6krm2qMhDnscTJk3C2OVVnJJdUNjCK9v+5qiXz1I6JMNlZFxHMaNlNRPDk7n3+VGXu6TwYofF +1gbTl4MgqX67tiHCpQ2EAOHyJxCDut0DgdXdaMNmEMjRdrSzbymeAPnCKfWxkxlSaRosTKCL4BWa +MS/TiJVZbuXEs1DIFAhKm4sTg7GkcrI7djNB3NyqpgdvHSQSn8h2vS/ZjvQs7rfSOBAkNlEv41xd +gSGn2rtO/+YHqP65DSdsu3BaVXoT6fEqSWnHX4dXTEN5bTpl6TBcQe7rd6VzEojov32u5cSoHw2O +HG1QAk8mGEPej1WFsQs3BWDJVTkSBKEqz3EWnzZRSb9wO55nnPt7eck5HHisd5FUmrh1CoFSl+Nm +YWvtPjgelmFV4ZFUjO2MJB+ByRCac5krFk5yAD9UG/iNuovnFNa2RU9g7Jauwy8CTl2dlklyALKr +dVwPaFsdZcJfMw8eD/A7hvWwTruc9+olBdytoptLFwG+Qt81IR2tq670v64fG9PiO/yzcnMcmyiQ +iRM9HcEARwmWmjgb3bHPDcK0RPOWlc4yOo80nOAXx17Org3bhzjlP1v9mxnhMUF6cKojawHhRUzN +lM47ni3niAIi9G7oyOzWPPO5std3eqx7 +-----END CERTIFICATE----- + +Telekom Security TLS ECC Root 2020 +================================== +-----BEGIN CERTIFICATE----- +MIICQjCCAcmgAwIBAgIQNjqWjMlcsljN0AFdxeVXADAKBggqhkjOPQQDAzBjMQswCQYDVQQGEwJE +RTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBHbWJIMSswKQYDVQQDDCJUZWxl +a29tIFNlY3VyaXR5IFRMUyBFQ0MgUm9vdCAyMDIwMB4XDTIwMDgyNTA3NDgyMFoXDTQ1MDgyNTIz +NTk1OVowYzELMAkGA1UEBhMCREUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkg +R21iSDErMCkGA1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgRUNDIFJvb3QgMjAyMDB2MBAGByqG +SM49AgEGBSuBBAAiA2IABM6//leov9Wq9xCazbzREaK9Z0LMkOsVGJDZos0MKiXrPk/OtdKPD/M1 +2kOLAoC+b1EkHQ9rK8qfwm9QMuU3ILYg/4gND21Ju9sGpIeQkpT0CdDPf8iAC8GXs7s1J8nCG6NC +MEAwHQYDVR0OBBYEFONyzG6VmUex5rNhTNHLq+O6zd6fMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgEGMAoGCCqGSM49BAMDA2cAMGQCMHVSi7ekEE+uShCLsoRbQuHmKjYC2qBuGT8lv9pZ +Mo7k+5Dck2TOrbRBR2Diz6fLHgIwN0GMZt9Ba9aDAEH9L1r3ULRn0SyocddDypwnJJGDSA3PzfdU +ga/sf+Rn27iQ7t0l +-----END CERTIFICATE----- + +Telekom Security TLS RSA Root 2023 +================================== +-----BEGIN CERTIFICATE----- +MIIFszCCA5ugAwIBAgIQIZxULej27HF3+k7ow3BXlzANBgkqhkiG9w0BAQwFADBjMQswCQYDVQQG +EwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBHbWJIMSswKQYDVQQDDCJU +ZWxla29tIFNlY3VyaXR5IFRMUyBSU0EgUm9vdCAyMDIzMB4XDTIzMDMyODEyMTY0NVoXDTQ4MDMy +NzIzNTk1OVowYzELMAkGA1UEBhMCREUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJp +dHkgR21iSDErMCkGA1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgUlNBIFJvb3QgMjAyMzCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAO01oYGA88tKaVvC+1GDrib94W7zgRJ9cUD/h3VC +KSHtgVIs3xLBGYSJwb3FKNXVS2xE1kzbB5ZKVXrKNoIENqil/Cf2SfHVcp6R+SPWcHu79ZvB7JPP +GeplfohwoHP89v+1VmLhc2o0mD6CuKyVU/QBoCcHcqMAU6DksquDOFczJZSfvkgdmOGjup5czQRx +UX11eKvzWarE4GC+j4NSuHUaQTXtvPM6Y+mpFEXX5lLRbtLevOP1Czvm4MS9Q2QTps70mDdsipWo +l8hHD/BeEIvnHRz+sTugBTNoBUGCwQMrAcjnj02r6LX2zWtEtefdi+zqJbQAIldNsLGyMcEWzv/9 +FIS3R/qy8XDe24tsNlikfLMR0cN3f1+2JeANxdKz+bi4d9s3cXFH42AYTyS2dTd4uaNir73Jco4v +zLuu2+QVUhkHM/tqty1LkCiCc/4YizWN26cEar7qwU02OxY2kTLvtkCJkUPg8qKrBC7m8kwOFjQg +rIfBLX7JZkcXFBGk8/ehJImr2BrIoVyxo/eMbcgByU/J7MT8rFEz0ciD0cmfHdRHNCk+y7AO+oML +KFjlKdw/fKifybYKu6boRhYPluV75Gp6SG12mAWl3G0eQh5C2hrgUve1g8Aae3g1LDj1H/1Joy7S +WWO/gLCMk3PLNaaZlSJhZQNg+y+TS/qanIA7AgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAdBgNV +HQ4EFgQUtqeXgj10hZv3PJ+TmpV5dVKMbUcwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS2 +p5eCPXSFm/c8n5OalXl1UoxtRzANBgkqhkiG9w0BAQwFAAOCAgEAqMxhpr51nhVQpGv7qHBFfLp+ +sVr8WyP6Cnf4mHGCDG3gXkaqk/QeoMPhk9tLrbKmXauw1GLLXrtm9S3ul0A8Yute1hTWjOKWi0Fp +kzXmuZlrYrShF2Y0pmtjxrlO8iLpWA1WQdH6DErwM807u20hOq6OcrXDSvvpfeWxm4bu4uB9tPcy +/SKE8YXJN3nptT+/XOR0so8RYgDdGGah2XsjX/GO1WfoVNpbOms2b/mBsTNHM3dA+VKq3dSDz4V4 +mZqTuXNnQkYRIer+CqkbGmVps4+uFrb2S1ayLfmlyOw7YqPta9BO1UAJpB+Y1zqlklkg5LB9zVtz +aL1txKITDmcZuI1CfmwMmm6gJC3VRRvcxAIU/oVbZZfKTpBQCHpCNfnqwmbU+AGuHrS+w6jv/naa +oqYfRvaE7fzbzsQCzndILIyy7MMAo+wsVRjBfhnu4S/yrYObnqsZ38aKL4x35bcF7DvB7L6Gs4a8 +wPfc5+pbrrLMtTWGS9DiP7bY+A4A7l3j941Y/8+LN+ljX273CXE2whJdV/LItM3z7gLfEdxquVeE +HVlNjM7IDiPCtyaaEBRx/pOyiriA8A4QntOoUAw3gi/q4Iqd4Sw5/7W0cwDk90imc6y/st53BIe0 +o82bNSQ3+pCTE4FCxpgmdTdmQRCsu/WU48IxK63nI1bMNSWSs1A= +-----END CERTIFICATE----- + +FIRMAPROFESIONAL CA ROOT-A WEB +============================== +-----BEGIN CERTIFICATE----- +MIICejCCAgCgAwIBAgIQMZch7a+JQn81QYehZ1ZMbTAKBggqhkjOPQQDAzBuMQswCQYDVQQGEwJF +UzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25hbCBTQTEYMBYGA1UEYQwPVkFURVMtQTYyNjM0MDY4 +MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFMIENBIFJPT1QtQSBXRUIwHhcNMjIwNDA2MDkwMTM2 +WhcNNDcwMzMxMDkwMTM2WjBuMQswCQYDVQQGEwJFUzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25h +bCBTQTEYMBYGA1UEYQwPVkFURVMtQTYyNjM0MDY4MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFM +IENBIFJPT1QtQSBXRUIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARHU+osEaR3xyrq89Zfe9MEkVz6 +iMYiuYMQYneEMy3pA4jU4DP37XcsSmDq5G+tbbT4TIqk5B/K6k84Si6CcyvHZpsKjECcfIr28jlg +st7L7Ljkb+qbXbdTkBgyVcUgt5SjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUk+FD +Y1w8ndYn81LsF7Kpryz3dvgwHQYDVR0OBBYEFJPhQ2NcPJ3WJ/NS7Beyqa8s93b4MA4GA1UdDwEB +/wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjAdfKR7w4l1M+E7qUW/Runpod3JIha3RxEL2Jq68cgL +cFBTApFwhVmpHqTm6iMxoAACMQD94vizrxa5HnPEluPBMBnYfubDl94cT7iJLzPrSA8Z94dGXSaQ +pYXFuXqUPoeovQA= +-----END CERTIFICATE----- + +TWCA CYBER Root CA +================== +-----BEGIN CERTIFICATE----- +MIIFjTCCA3WgAwIBAgIQQAE0jMIAAAAAAAAAATzyxjANBgkqhkiG9w0BAQwFADBQMQswCQYDVQQG +EwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJUV0NB +IENZQkVSIFJvb3QgQ0EwHhcNMjIxMTIyMDY1NDI5WhcNNDcxMTIyMTU1OTU5WjBQMQswCQYDVQQG +EwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJUV0NB +IENZQkVSIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDG+Moe2Qkgfh1s +Ts6P40czRJzHyWmqOlt47nDSkvgEs1JSHWdyKKHfi12VCv7qze33Kc7wb3+szT3vsxxFavcokPFh +V8UMxKNQXd7UtcsZyoC5dc4pztKFIuwCY8xEMCDa6pFbVuYdHNWdZsc/34bKS1PE2Y2yHer43CdT +o0fhYcx9tbD47nORxc5zb87uEB8aBs/pJ2DFTxnk684iJkXXYJndzk834H/nY62wuFm40AZoNWDT +Nq5xQwTxaWV4fPMf88oon1oglWa0zbfuj3ikRRjpJi+NmykosaS3Om251Bw4ckVYsV7r8Cibt4LK +/c/WMw+f+5eesRycnupfXtuq3VTpMCEobY5583WSjCb+3MX2w7DfRFlDo7YDKPYIMKoNM+HvnKkH +IuNZW0CP2oi3aQiotyMuRAlZN1vH4xfyIutuOVLF3lSnmMlLIJXcRolftBL5hSmO68gnFSDAS9TM +fAxsNAwmmyYxpjyn9tnQS6Jk/zuZQXLB4HCX8SS7K8R0IrGsayIyJNN4KsDAoS/xUgXJP+92ZuJF +2A09rZXIx4kmyA+upwMu+8Ff+iDhcK2wZSA3M2Cw1a/XDBzCkHDXShi8fgGwsOsVHkQGzaRP6AzR +wyAQ4VRlnrZR0Bp2a0JaWHY06rc3Ga4udfmW5cFZ95RXKSWNOkyrTZpB0F8mAwIDAQABo2MwYTAO +BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSdhWEUfMFib5do5E83 +QOGt4A1WNzAdBgNVHQ4EFgQUnYVhFHzBYm+XaORPN0DhreANVjcwDQYJKoZIhvcNAQEMBQADggIB +AGSPesRiDrWIzLjHhg6hShbNcAu3p4ULs3a2D6f/CIsLJc+o1IN1KriWiLb73y0ttGlTITVX1olN +c79pj3CjYcya2x6a4CD4bLubIp1dhDGaLIrdaqHXKGnK/nZVekZn68xDiBaiA9a5F/gZbG0jAn/x +X9AKKSM70aoK7akXJlQKTcKlTfjF/biBzysseKNnTKkHmvPfXvt89YnNdJdhEGoHK4Fa0o635yDR +IG4kqIQnoVesqlVYL9zZyvpoBJ7tRCT5dEA7IzOrg1oYJkK2bVS1FmAwbLGg+LhBoF1JSdJlBTrq +/p1hvIbZv97Tujqxf36SNI7JAG7cmL3c7IAFrQI932XtCwP39xaEBDG6k5TY8hL4iuO/Qq+n1M0R +FxbIQh0UqEL20kCGoE8jypZFVmAGzbdVAaYBlGX+bgUJurSkquLvWL69J1bY73NxW0Qz8ppy6rBe +Pm6pUlvscG21h483XjyMnM7k8M4MZ0HMzvaAq07MTFb1wWFZk7Q+ptq4NxKfKjLji7gh7MMrZQzv +It6IKTtM1/r+t+FHvpw+PoP7UV31aPcuIYXcv/Fa4nzXxeSDwWrruoBa3lwtcHb4yOWHh8qgnaHl +IhInD0Q9HWzq1MKLL295q39QpsQZp6F6t5b5wR9iWqJDB0BeJsas7a5wFsWqynKKTbDPAYsDP27X +-----END CERTIFICATE----- + +SecureSign Root CA12 +==================== +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIUZvnHwa/swlG07VOX5uaCwysckBYwDQYJKoZIhvcNAQELBQAwUTELMAkG +A1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28uLCBMdGQuMR0wGwYDVQQDExRT +ZWN1cmVTaWduIFJvb3QgQ0ExMjAeFw0yMDA0MDgwNTM2NDZaFw00MDA0MDgwNTM2NDZaMFExCzAJ +BgNVBAYTAkpQMSMwIQYDVQQKExpDeWJlcnRydXN0IEphcGFuIENvLiwgTHRkLjEdMBsGA1UEAxMU +U2VjdXJlU2lnbiBSb290IENBMTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6OcE3 +emhFKxS06+QT61d1I02PJC0W6K6OyX2kVzsqdiUzg2zqMoqUm048luT9Ub+ZyZN+v/mtp7JIKwcc +J/VMvHASd6SFVLX9kHrko+RRWAPNEHl57muTH2SOa2SroxPjcf59q5zdJ1M3s6oYwlkm7Fsf0uZl +fO+TvdhYXAvA42VvPMfKWeP+bl+sg779XSVOKik71gurFzJ4pOE+lEa+Ym6b3kaosRbnhW70CEBF +EaCeVESE99g2zvVQR9wsMJvuwPWW0v4JhscGWa5Pro4RmHvzC1KqYiaqId+OJTN5lxZJjfU+1Uef +NzFJM3IFTQy2VYzxV4+Kh9GtxRESOaCtAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P +AQH/BAQDAgEGMB0GA1UdDgQWBBRXNPN0zwRL1SXm8UC2LEzZLemgrTANBgkqhkiG9w0BAQsFAAOC +AQEAPrvbFxbS8hQBICw4g0utvsqFepq2m2um4fylOqyttCg6r9cBg0krY6LdmmQOmFxv3Y67ilQi +LUoT865AQ9tPkbeGGuwAtEGBpE/6aouIs3YIcipJQMPTw4WJmBClnW8Zt7vPemVV2zfrPIpyMpce +mik+rY3moxtt9XUa5rBouVui7mlHJzWhhpmA8zNL4WukJsPvdFlseqJkth5Ew1DgDzk9qTPxpfPS +vWKErI4cqc1avTc7bgoitPQV55FYxTpE05Uo2cBl6XLK0A+9H7MV2anjpEcJnuDLN/v9vZfVvhga +aaI5gdka9at/yOPiZwud9AzqVN/Ssq+xIvEg37xEHA== +-----END CERTIFICATE----- + +SecureSign Root CA14 +==================== +-----BEGIN CERTIFICATE----- +MIIFcjCCA1qgAwIBAgIUZNtaDCBO6Ncpd8hQJ6JaJ90t8sswDQYJKoZIhvcNAQEMBQAwUTELMAkG +A1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28uLCBMdGQuMR0wGwYDVQQDExRT +ZWN1cmVTaWduIFJvb3QgQ0ExNDAeFw0yMDA0MDgwNzA2MTlaFw00NTA0MDgwNzA2MTlaMFExCzAJ +BgNVBAYTAkpQMSMwIQYDVQQKExpDeWJlcnRydXN0IEphcGFuIENvLiwgTHRkLjEdMBsGA1UEAxMU +U2VjdXJlU2lnbiBSb290IENBMTQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDF0nqh +1oq/FjHQmNE6lPxauG4iwWL3pwon71D2LrGeaBLwbCRjOfHw3xDG3rdSINVSW0KZnvOgvlIfX8xn +bacuUKLBl422+JX1sLrcneC+y9/3OPJH9aaakpUqYllQC6KxNedlsmGy6pJxaeQp8E+BgQQ8sqVb +1MWoWWd7VRxJq3qdwudzTe/NCcLEVxLbAQ4jeQkHO6Lo/IrPj8BGJJw4J+CDnRugv3gVEOuGTgpa +/d/aLIJ+7sr2KeH6caH3iGicnPCNvg9JkdjqOvn90Ghx2+m1K06Ckm9mH+Dw3EzsytHqunQG+bOE +kJTRX45zGRBdAuVwpcAQ0BB8b8VYSbSwbprafZX1zNoCr7gsfXmPvkPx+SgojQlD+Ajda8iLLCSx +jVIHvXiby8posqTdDEx5YMaZ0ZPxMBoH064iwurO8YQJzOAUbn8/ftKChazcqRZOhaBgy/ac18iz +ju3Gm5h1DVXoX+WViwKkrkMpKBGk5hIwAUt1ax5mnXkvpXYvHUC0bcl9eQjs0Wq2XSqypWa9a4X0 +dFbD9ed1Uigspf9mR6XU/v6eVL9lfgHWMI+lNpyiUBzuOIABSMbHdPTGrMNASRZhdCyvjG817XsY +AFs2PJxQDcqSMxDxJklt33UkN4Ii1+iW/RVLApY+B3KVfqs9TC7XyvDf4Fg/LS8EmjijAQIDAQAB +o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUBpOjCl4oaTeq +YR3r6/wtbyPk86AwDQYJKoZIhvcNAQEMBQADggIBAJaAcgkGfpzMkwQWu6A6jZJOtxEaCnFxEM0E +rX+lRVAQZk5KQaID2RFPeje5S+LGjzJmdSX7684/AykmjbgWHfYfM25I5uj4V7Ibed87hwriZLoA +ymzvftAj63iP/2SbNDefNWWipAA9EiOWWF3KY4fGoweITedpdopTzfFP7ELyk+OZpDc8h7hi2/Ds +Hzc/N19DzFGdtfCXwreFamgLRB7lUe6TzktuhsHSDCRZNhqfLJGP4xjblJUK7ZGqDpncllPjYYPG +FrojutzdfhrGe0K22VoF3Jpf1d+42kd92jjbrDnVHmtsKheMYc2xbXIBw8MgAGJoFjHVdqqGuw6q +nsb58Nn4DSEC5MUoFlkRudlpcyqSeLiSV5sI8jrlL5WwWLdrIBRtFO8KvH7YVdiI2i/6GaX7i+B/ +OfVyK4XELKzvGUWSTLNhB9xNH27SgRNcmvMSZ4PPmz+Ln52kuaiWA3rF7iDeM9ovnhp6dB7h7sxa +OgTdsxoEqBRjrLdHEoOabPXm6RUVkRqEGQ6UROcSjiVbgGcZ3GOTEAtlLor6CZpO2oYofaphNdgO +pygau1LgePhsumywbrmHXumZNTfxPWQrqaA0k89jL9WB365jJ6UeTo3cKXhZ+PmhIIynJkBugnLN +eLLIjzwec+fBH7/PzqUqm9tEZDKgu39cJRNItX+S +-----END CERTIFICATE----- + +SecureSign Root CA15 +==================== +-----BEGIN CERTIFICATE----- +MIICIzCCAamgAwIBAgIUFhXHw9hJp75pDIqI7fBw+d23PocwCgYIKoZIzj0EAwMwUTELMAkGA1UE +BhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28uLCBMdGQuMR0wGwYDVQQDExRTZWN1 +cmVTaWduIFJvb3QgQ0ExNTAeFw0yMDA0MDgwODMyNTZaFw00NTA0MDgwODMyNTZaMFExCzAJBgNV +BAYTAkpQMSMwIQYDVQQKExpDeWJlcnRydXN0IEphcGFuIENvLiwgTHRkLjEdMBsGA1UEAxMUU2Vj +dXJlU2lnbiBSb290IENBMTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQLUHSNZDKZmbPSYAi4Io5G +dCx4wCtELW1fHcmuS1Iggz24FG1Th2CeX2yF2wYUleDHKP+dX+Sq8bOLbe1PL0vJSpSRZHX+AezB +2Ot6lHhWGENfa4HL9rzatAy2KZMIaY+jQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgEGMB0GA1UdDgQWBBTrQciu/NWeUUj1vYv0hyCTQSvT9DAKBggqhkjOPQQDAwNoADBlAjEA2S6J +fl5OpBEHvVnCB96rMjhTKkZEBhd6zlHp4P9mLQlO4E/0BdGF9jVg3PVys0Z9AjBEmEYagoUeYWmJ +SwdLZrWeqrqgHkHZAXQ6bkU6iYAZezKYVWOr62Nuk22rGwlgMU4= +-----END CERTIFICATE----- + +D-TRUST BR Root CA 2 2023 +========================= +-----BEGIN CERTIFICATE----- +MIIFqTCCA5GgAwIBAgIQczswBEhb2U14LnNLyaHcZjANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQG +EwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEJSIFJvb3QgQ0Eg +MiAyMDIzMB4XDTIzMDUwOTA4NTYzMVoXDTM4MDUwOTA4NTYzMFowSDELMAkGA1UEBhMCREUxFTAT +BgNVBAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBCUiBSb290IENBIDIgMjAyMzCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK7/CVmRgApKaOYkP7in5Mg6CjoWzckjYaCT +cfKri3OPoGdlYNJUa2NRb0kz4HIHE304zQaSBylSa053bATTlfrdTIzZXcFhfUvnKLNEgXtRr90z +sWh81k5M/itoucpmacTsXld/9w3HnDY25QdgrMBM6ghs7wZ8T1soegj8k12b9py0i4a6Ibn08OhZ +WiihNIQaJZG2tY/vsvmA+vk9PBFy2OMvhnbFeSzBqZCTRphny4NqoFAjpzv2gTng7fC5v2Xx2Mt6 +++9zA84A9H3X4F07ZrjcjrqDy4d2A/wl2ecjbwb9Z/Pg/4S8R7+1FhhGaRTMBffb00msa8yr5LUL +QyReS2tNZ9/WtT5PeB+UcSTq3nD88ZP+npNa5JRal1QMNXtfbO4AHyTsA7oC9Xb0n9Sa7YUsOCIv +x9gvdhFP/Wxc6PWOJ4d/GUohR5AdeY0cW/jPSoXk7bNbjb7EZChdQcRurDhaTyN0dKkSw/bSuREV +MweR2Ds3OmMwBtHFIjYoYiMQ4EbMl6zWK11kJNXuHA7e+whadSr2Y23OC0K+0bpwHJwh5Q8xaRfX +/Aq03u2AnMuStIv13lmiWAmlY0cL4UEyNEHZmrHZqLAbWt4NDfTisl01gLmB1IRpkQLLddCNxbU9 +CZEJjxShFHR5PtbJFR2kWVki3PaKRT08EtY+XTIvAgMBAAGjgY4wgYswDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUZ5Dw1t61GNVGKX5cq/ieCLxklRAwDgYDVR0PAQH/BAQDAgEGMEkGA1UdHwRC +MEAwPqA8oDqGOGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfYnJfcm9vdF9jYV8y +XzIwMjMuY3JsMA0GCSqGSIb3DQEBDQUAA4ICAQA097N3U9swFrktpSHxQCF16+tIFoE9c+CeJyrr +d6kTpGoKWloUMz1oH4Guaf2Mn2VsNELZLdB/eBaxOqwjMa1ef67nriv6uvw8l5VAk1/DLQOj7aRv +U9f6QA4w9QAgLABMjDu0ox+2v5Eyq6+SmNMW5tTRVFxDWy6u71cqqLRvpO8NVhTaIasgdp4D/Ca4 +nj8+AybmTNudX0KEPUUDAxxZiMrcLmEkWqTqJwtzEr5SswrPMhfiHocaFpVIbVrg0M8JkiZmkdij +YQ6qgYF/6FKC0ULn4B0Y+qSFNueG4A3rvNTJ1jxD8V1Jbn6Bm2m1iWKPiFLY1/4nwSPFyysCu7Ff +/vtDhQNGvl3GyiEm/9cCnnRK3PgTFbGBVzbLZVzRHTF36SXDw7IyN9XxmAnkbWOACKsGkoHU6XCP +pz+y7YaMgmo1yEJagtFSGkUPFaUA8JR7ZSdXOUPPfH/mvTWze/EZTN46ls/pdu4D58JDUjxqgejB +WoC9EV2Ta/vH5mQ/u2kc6d0li690yVRAysuTEwrt+2aSEcr1wPrYg1UDfNPFIkZ1cGt5SAYqgpq/ +5usWDiJFAbzdNpQ0qTUmiteXue4Icr80knCDgKs4qllo3UCkGJCy89UDyibK79XH4I9TjvAA46jt +n/mtd+ArY0+ew+43u3gJhJ65bvspmZDogNOfJA== +-----END CERTIFICATE----- + +TrustAsia TLS ECC Root CA +========================= +-----BEGIN CERTIFICATE----- +MIICMTCCAbegAwIBAgIUNnThTXxlE8msg1UloD5Sfi9QaMcwCgYIKoZIzj0EAwMwWDELMAkGA1UE +BhMCQ04xJTAjBgNVBAoTHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xIjAgBgNVBAMTGVRy +dXN0QXNpYSBUTFMgRUNDIFJvb3QgQ0EwHhcNMjQwNTE1MDU0MTU2WhcNNDQwNTE1MDU0MTU1WjBY +MQswCQYDVQQGEwJDTjElMCMGA1UEChMcVHJ1c3RBc2lhIFRlY2hub2xvZ2llcywgSW5jLjEiMCAG +A1UEAxMZVHJ1c3RBc2lhIFRMUyBFQ0MgUm9vdCBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABLh/ +pVs/AT598IhtrimY4ZtcU5nb9wj/1WrgjstEpvDBjL1P1M7UiFPoXlfXTr4sP/MSpwDpguMqWzJ8 +S5sUKZ74LYO1644xST0mYekdcouJtgq7nDM1D9rs3qlKH8kzsaNCMEAwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQULIVTu7FDzTLqnqOH/qKYqKaT6RAwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49 +BAMDA2gAMGUCMFRH18MtYYZI9HlaVQ01L18N9mdsd0AaRuf4aFtOJx24mH1/k78ITcTaRTChD15K +eAIxAKORh/IRM4PDwYqROkwrULG9IpRdNYlzg8WbGf60oenUoWa2AaU2+dhoYSi3dOGiMQ== +-----END CERTIFICATE----- + +TrustAsia TLS RSA Root CA +========================= +-----BEGIN CERTIFICATE----- +MIIFgDCCA2igAwIBAgIUHBjYz+VTPyI1RlNUJDxsR9FcSpwwDQYJKoZIhvcNAQEMBQAwWDELMAkG +A1UEBhMCQ04xJTAjBgNVBAoTHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xIjAgBgNVBAMT +GVRydXN0QXNpYSBUTFMgUlNBIFJvb3QgQ0EwHhcNMjQwNTE1MDU0MTU3WhcNNDQwNTE1MDU0MTU2 +WjBYMQswCQYDVQQGEwJDTjElMCMGA1UEChMcVHJ1c3RBc2lhIFRlY2hub2xvZ2llcywgSW5jLjEi +MCAGA1UEAxMZVHJ1c3RBc2lhIFRMUyBSU0EgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP +ADCCAgoCggIBAMMWuBtqpERz5dZO9LnPWwvB0ZqB9WOwj0PBuwhaGnrhB3YmH49pVr7+NmDQDIPN +lOrnxS1cLwUWAp4KqC/lYCZUlviYQB2srp10Zy9U+5RjmOMmSoPGlbYJQ1DNDX3eRA5gEk9bNb2/ +mThtfWza4mhzH/kxpRkQcwUqwzIZheo0qt1CHjCNP561HmHVb70AcnKtEj+qpklz8oYVlQwQX1Fk +zv93uMltrOXVmPGZLmzjyUT5tUMnCE32ft5EebuyjBza00tsLtbDeLdM1aTk2tyKjg7/D8OmYCYo +zza/+lcK7Fs/6TAWe8TbxNRkoDD75f0dcZLdKY9BWN4ArTr9PXwaqLEX8E40eFgl1oUh63kd0Nyr +z2I8sMeXi9bQn9P+PN7F4/w6g3CEIR0JwqH8uyghZVNgepBtljhb//HXeltt08lwSUq6HTrQUNoy +IBnkiz/r1RYmNzz7dZ6wB3C4FGB33PYPXFIKvF1tjVEK2sUYyJtt3LCDs3+jTnhMmCWr8n4uIF6C +FabW2I+s5c0yhsj55NqJ4js+k8UTav/H9xj8Z7XvGCxUq0DTbE3txci3OE9kxJRMT6DNrqXGJyV1 +J23G2pyOsAWZ1SgRxSHUuPzHlqtKZFlhaxP8S8ySpg+kUb8OWJDZgoM5pl+z+m6Ss80zDoWo8SnT +q1mt1tve1CuBAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLgHkXlcBvRG/XtZ +ylomkadFK/hTMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQwFAAOCAgEAIZtqBSBdGBanEqT3 +Rz/NyjuujsCCztxIJXgXbODgcMTWltnZ9r96nBO7U5WS/8+S4PPFJzVXqDuiGev4iqME3mmL5Dw8 +veWv0BIb5Ylrc5tvJQJLkIKvQMKtuppgJFqBTQUYo+IzeXoLH5Pt7DlK9RME7I10nYEKqG/odv6L +TytpEoYKNDbdgptvT+Bz3Ul/KD7JO6NXBNiT2Twp2xIQaOHEibgGIOcberyxk2GaGUARtWqFVwHx +tlotJnMnlvm5P1vQiJ3koP26TpUJg3933FEFlJ0gcXax7PqJtZwuhfG5WyRasQmr2soaB82G39tp +27RIGAAtvKLEiUUjpQ7hRGU+isFqMB3iYPg6qocJQrmBktwliJiJ8Xw18WLK7nn4GS/+X/jbh87q +qA8MpugLoDzga5SYnH+tBuYc6kIQX+ImFTw3OffXvO645e8D7r0i+yiGNFjEWn9hongPXvPKnbwb +PKfILfanIhHKA9jnZwqKDss1jjQ52MjqjZ9k4DewbNfFj8GQYSbbJIweSsCI3zWQzj8C9GRh3sfI +B5XeMhg6j6JCQCTl1jNdfK7vsU1P1FeQNWrcrgSXSYk0ly4wBOeY99sLAZDBHwo/+ML+TvrbmnNz +FrwFuHnYWa8G5z9nODmxfKuU4CkUpijy323imttUQ/hHWKNddBWcwauwxzQ= +-----END CERTIFICATE----- + +D-TRUST EV Root CA 2 2023 +========================= +-----BEGIN CERTIFICATE----- +MIIFqTCCA5GgAwIBAgIQaSYJfoBLTKCnjHhiU19abzANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQG +EwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEVWIFJvb3QgQ0Eg +MiAyMDIzMB4XDTIzMDUwOTA5MTAzM1oXDTM4MDUwOTA5MTAzMlowSDELMAkGA1UEBhMCREUxFTAT +BgNVBAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBFViBSb290IENBIDIgMjAyMzCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANiOo4mAC7JXUtypU0w3uX9jFxPvp1sjW2l1 +sJkKF8GLxNuo4MwxusLyzV3pt/gdr2rElYfXR8mV2IIEUD2BCP/kPbOx1sWy/YgJ25yE7CUXFId/ +MHibaljJtnMoPDT3mfd/06b4HEV8rSyMlD/YZxBTfiLNTiVR8CUkNRFeEMbsh2aJgWi6zCudR3Mf +vc2RpHJqnKIbGKBv7FD0fUDCqDDPvXPIEysQEx6Lmqg6lHPTGGkKSv/BAQP/eX+1SH977ugpbzZM +lWGG2Pmic4ruri+W7mjNPU0oQvlFKzIbRlUWaqZLKfm7lVa/Rh3sHZMdwGWyH6FDrlaeoLGPaxK3 +YG14C8qKXO0elg6DpkiVjTujIcSuWMYAsoS0I6SWhjW42J7YrDRJmGOVxcttSEfi8i4YHtAxq910 +7PncjLgcjmgjutDzUNzPZY9zOjLHfP7KgiJPvo5iR2blzYfi6NUPGJ/lBHJLRjwQ8kTCZFZxTnXo +nMkmdMV9WdEKWw9t/p51HBjGGjp82A0EzM23RWV6sY+4roRIPrN6TagD4uJ+ARZZaBhDM7DS3LAa +QzXupdqpRlyuhoFBAUp0JuyfBr/CBTdkdXgpaP3F9ev+R/nkhbDhezGdpn9yo7nELC7MmVcOIQxF +AZRl62UJxmMiCzNJkkg8/M3OsD6Onov4/knFNXJHAgMBAAGjgY4wgYswDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQUqvyREBuHkV8Wub9PS5FeAByxMoAwDgYDVR0PAQH/BAQDAgEGMEkGA1UdHwRC +MEAwPqA8oDqGOGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfZXZfcm9vdF9jYV8y +XzIwMjMuY3JsMA0GCSqGSIb3DQEBDQUAA4ICAQCTy6UfmRHsmg1fLBWTxj++EI14QvBukEdHjqOS +Mo1wj/Zbjb6JzkcBahsgIIlbyIIQbODnmaprxiqgYzWRaoUlrRc4pZt+UPJ26oUFKidBK7GB0aL2 +QHWpDsvxVUjY7NHss+jOFKE17MJeNRqrphYBBo7q3C+jisosketSjl8MmxfPy3MHGcRqwnNU73xD +UmPBEcrCRbH0O1P1aa4846XerOhUt7KR/aypH/KH5BfGSah82ApB9PI+53c0BFLd6IHyTS9URZ0V +4U/M5d40VxDJI3IXcI1QcB9WbMy5/zpaT2N6w25lBx2Eof+pDGOJbbJAiDnXH3dotfyc1dZnaVuo +dNv8ifYbMvekJKZ2t0dT741Jj6m2g1qllpBFYfXeA08mD6iL8AOWsKwV0HFaanuU5nCT2vFp4LJi +TZ6P/4mdm13NRemUAiKN4DV/6PEEeXFsVIP4M7kFMhtYVRFP0OUnR3Hs7dpn1mKmS00PaaLJvOwi +S5THaJQXfuKOKD62xur1NGyfN4gHONuGcfrNlUhDbqNPgofXNJhuS5N5YHVpD/Aa1VP6IQzCP+k/ +HxiMkl14p3ZnGbuy6n/pcAlWVqOwDAstNl7F6cTVg8uGF5csbBNvh1qvSaYd2804BC5f4ko1Di1L ++KIkBI3Y4WNeApI02phhXBxvWHZks/wCuPWdCg== +-----END CERTIFICATE----- + +SwissSign RSA TLS Root CA 2022 - 1 +================================== +-----BEGIN CERTIFICATE----- +MIIFkzCCA3ugAwIBAgIUQ/oMX04bgBhE79G0TzUfRPSA7cswDQYJKoZIhvcNAQELBQAwUTELMAkG +A1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzErMCkGA1UEAxMiU3dpc3NTaWduIFJTQSBU +TFMgUm9vdCBDQSAyMDIyIC0gMTAeFw0yMjA2MDgxMTA4MjJaFw00NzA2MDgxMTA4MjJaMFExCzAJ +BgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxKzApBgNVBAMTIlN3aXNzU2lnbiBSU0Eg +VExTIFJvb3QgQ0EgMjAyMiAtIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDLKmji +C8NXvDVjvHClO/OMPE5Xlm7DTjak9gLKHqquuN6orx122ro10JFwB9+zBvKK8i5VUXu7LCTLf5Im +gKO0lPaCoaTo+nUdWfMHamFk4saMla+ju45vVs9xzF6BYQ1t8qsCLqSX5XH8irCRIFucdFJtrhUn +WXjyCcplDn/L9Ovn3KlMd/YrFgSVrpxxpT8q2kFC5zyEEPThPYxr4iuRR1VPuFa+Rd4iUU1OKNlf +GUEGjw5NBuBwQCMBauTLE5tzrE0USJIt/m2n+IdreXXhvhCxqohAWVTXz8TQm0SzOGlkjIHRI36q +OTw7D59Ke4LKa2/KIj4x0LDQKhySio/YGZxH5D4MucLNvkEM+KRHBdvBFzA4OmnczcNpI/2aDwLO +EGrOyvi5KaM2iYauC8BPY7kGWUleDsFpswrzd34unYyzJ5jSmY0lpx+Gs6ZUcDj8fV3oT4MM0ZPl +EuRU2j7yrTrePjxF8CgPBrnh25d7mUWe3f6VWQQvdT/TromZhqwUtKiE+shdOxtYk8EXlFXIC+OC +eYSf8wCENO7cMdWP8vpPlkwGqnj73mSiI80fPsWMvDdUDrtaclXvyFu1cvh43zcgTFeRc5JzrBh3 +Q4IgaezprClG5QtO+DdziZaKHG29777YtvTKwP1H8K4LWCDFyB02rpeNUIMmJCn3nTsPBQIDAQAB +o2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBRvjmKLk0Ow +4UD2p8P98Q+4DxU4pTAdBgNVHQ4EFgQUb45ii5NDsOFA9qfD/fEPuA8VOKUwDQYJKoZIhvcNAQEL +BQADggIBAKwsKUF9+lz1GpUYvyypiqkkVHX1uECry6gkUSsYP2OprphWKwVDIqO310aewCoSPY6W +lkDfDDOLazeROpW7OSltwAJsipQLBwJNGD77+3v1dj2b9l4wBlgzHqp41eZUBDqyggmNzhYzWUUo +8aWjlw5DI/0LIICQ/+Mmz7hkkeUFjxOgdg3XNwwQiJb0Pr6VvfHDffCjw3lHC1ySFWPtUnWK50Zp +y1FVCypM9fJkT6lc/2cyjlUtMoIcgC9qkfjLvH4YoiaoLqNTKIftV+Vlek4ASltOU8liNr3Cjlvr +zG4ngRhZi0Rjn9UMZfQpZX+RLOV/fuiJz48gy20HQhFRJjKKLjpHE7iNvUcNCfAWpO2Whi4Z2L6M +OuhFLhG6rlrnub+xzI/goP+4s9GFe3lmozm1O2bYQL7Pt2eLSMkZJVX8vY3PXtpOpvJpzv1/THfQ +wUY1mFwjmwJFQ5Ra3bxHrSL+ul4vkSkphnsh3m5kt8sNjzdbowhq6/TdAo9QAwKxuDdollDruF/U +KIqlIgyKhPBZLtU30WHlQnNYKoH3dtvi4k0NX/a3vgW0rk4N3hY9A4GzJl5LuEsAz/+MF7psYC0n +hzck5npgL7XTgwSqT0N1osGDsieYK7EOgLrAhV5Cud+xYJHT6xh+cHiudoO+cVrQkOPKwRYlZ0rw +tnu64ZzZ +-----END CERTIFICATE----- From 2ffbf9a746c853d1ab5e844e45e4a079e6f27b33 Mon Sep 17 00:00:00 2001 From: dowjames Date: Thu, 29 Jan 2026 12:51:55 -0500 Subject: [PATCH 21/30] rebase main --- examples/simple_repeater/MyMesh.cpp | 167 +- examples/simple_repeater/MyMesh.h | 37 +- examples/simple_repeater/UITask.cpp | 15 - examples/simple_room_server/MyMesh.cpp | 97 +- examples/simple_room_server/MyMesh.h | 8 - examples/simple_room_server/UITask.cpp | 15 - examples/simple_sensor/SensorMesh.cpp | 2 +- examples/simple_sensor/SensorMesh.h | 4 +- scripts/generate_cert_bundle.py | 215 -- src/Dispatcher.h | 1 - src/certs/x509_crt_bundle.bin | Bin 66969 -> 0 bytes src/helpers/CommonCLI.cpp | 527 +--- src/helpers/CommonCLI.h | 82 +- src/helpers/JWTHelper.cpp | 198 -- src/helpers/JWTHelper.h | 87 - src/helpers/MQTTMessageBuilder.cpp | 415 --- src/helpers/MQTTMessageBuilder.h | 213 -- src/helpers/bridges/MQTTBridge.cpp | 2870 ------------------- src/helpers/bridges/MQTTBridge.h | 427 --- ssl_certs/cacert.pem | 3556 ------------------------ variants/heltec_v3/platformio.ini | 83 - variants/heltec_v4/platformio.ini | 84 +- variants/sensecap_solar/platformio.ini | 47 +- variants/sensecap_solar/target.cpp | 14 +- variants/sensecap_solar/target.h | 6 +- variants/sensecap_solar/variant.cpp | 14 +- variants/sensecap_solar/variant.h | 3 +- 27 files changed, 114 insertions(+), 9073 deletions(-) delete mode 100644 scripts/generate_cert_bundle.py delete mode 100644 src/certs/x509_crt_bundle.bin delete mode 100644 src/helpers/JWTHelper.cpp delete mode 100644 src/helpers/JWTHelper.h delete mode 100644 src/helpers/MQTTMessageBuilder.cpp delete mode 100644 src/helpers/MQTTMessageBuilder.h delete mode 100644 src/helpers/bridges/MQTTBridge.cpp delete mode 100644 src/helpers/bridges/MQTTBridge.h delete mode 100644 ssl_certs/cacert.pem diff --git a/examples/simple_repeater/MyMesh.cpp b/examples/simple_repeater/MyMesh.cpp index c07fe2e2c..6d957cc09 100644 --- a/examples/simple_repeater/MyMesh.cpp +++ b/examples/simple_repeater/MyMesh.cpp @@ -1,6 +1,5 @@ #include "MyMesh.h" #include -#include // for qsort() /* ------------------------------ Config -------------------------------- */ @@ -145,39 +144,6 @@ uint8_t MyMesh::handleLoginReq(const mesh::Identity& sender, const uint8_t* secr return 13; // reply length } -// Comparison functions for qsort() - defined at file scope to avoid heap allocations -static int cmp_neighbours_newest_to_oldest(const void* a, const void* b) { - const NeighbourInfo* na = *(const NeighbourInfo**)a; - const NeighbourInfo* nb = *(const NeighbourInfo**)b; - if (nb->heard_timestamp > na->heard_timestamp) return 1; - if (nb->heard_timestamp < na->heard_timestamp) return -1; - return 0; -} - -static int cmp_neighbours_oldest_to_newest(const void* a, const void* b) { - const NeighbourInfo* na = *(const NeighbourInfo**)a; - const NeighbourInfo* nb = *(const NeighbourInfo**)b; - if (na->heard_timestamp > nb->heard_timestamp) return 1; - if (na->heard_timestamp < nb->heard_timestamp) return -1; - return 0; -} - -static int cmp_neighbours_strongest_to_weakest(const void* a, const void* b) { - const NeighbourInfo* na = *(const NeighbourInfo**)a; - const NeighbourInfo* nb = *(const NeighbourInfo**)b; - if (nb->snr > na->snr) return 1; - if (nb->snr < na->snr) return -1; - return 0; -} - -static int cmp_neighbours_weakest_to_strongest(const void* a, const void* b) { - const NeighbourInfo* na = *(const NeighbourInfo**)a; - const NeighbourInfo* nb = *(const NeighbourInfo**)b; - if (na->snr > nb->snr) return 1; - if (na->snr < nb->snr) return -1; - return 0; -} - uint8_t MyMesh::handleAnonRegionsReq(const mesh::Identity& sender, uint32_t sender_timestamp, const uint8_t* data) { if (anon_limiter.allow(rtc_clock.getCurrentTime())) { // request data has: {reply-path-len}{reply-path} @@ -324,47 +290,42 @@ int MyMesh::handleRequest(ClientInfo *sender, uint32_t sender_timestamp, uint8_t MESH_DEBUG_PRINTLN("REQ_TYPE_GET_NEIGHBOURS invalid pubkey_prefix_length=%d clamping to %d", pubkey_prefix_length, PUB_KEY_SIZE); } - // Early exit if no neighbours to avoid unnecessary processing - int16_t neighbours_count = 0; - for (int i = 0; i < MAX_NEIGHBOURS; i++) { - if (neighbours[i].heard_timestamp > 0) { - neighbours_count++; - } - } - - if (neighbours_count == 0) { - // No neighbours - return minimal response - memcpy(&reply_data[reply_offset], &neighbours_count, 2); reply_offset += 2; - uint16_t zero = 0; - memcpy(&reply_data[reply_offset], &zero, 2); reply_offset += 2; // results_count = 0 - return reply_offset; - } - // create copy of neighbours list, skipping empty entries so we can sort it separately from main list + int16_t neighbours_count = 0; NeighbourInfo* sorted_neighbours[MAX_NEIGHBOURS]; - int16_t sorted_idx = 0; for (int i = 0; i < MAX_NEIGHBOURS; i++) { auto neighbour = &neighbours[i]; if (neighbour->heard_timestamp > 0) { - sorted_neighbours[sorted_idx++] = neighbour; + sorted_neighbours[neighbours_count] = neighbour; + neighbours_count++; } } - // Sort neighbours based on order using qsort() - standard C library function - // qsort() doesn't allocate heap memory (uses stack-based recursion) and is O(n log n) - // This matches the pattern used elsewhere in the codebase (e.g., BaseChatMesh) + // sort neighbours based on order if (order_by == 0) { // sort by newest to oldest - qsort(sorted_neighbours, neighbours_count, sizeof(NeighbourInfo*), cmp_neighbours_newest_to_oldest); + MESH_DEBUG_PRINTLN("REQ_TYPE_GET_NEIGHBOURS sorting newest to oldest"); + std::sort(sorted_neighbours, sorted_neighbours + neighbours_count, [](const NeighbourInfo* a, const NeighbourInfo* b) { + return a->heard_timestamp > b->heard_timestamp; // desc + }); } else if (order_by == 1) { // sort by oldest to newest - qsort(sorted_neighbours, neighbours_count, sizeof(NeighbourInfo*), cmp_neighbours_oldest_to_newest); + MESH_DEBUG_PRINTLN("REQ_TYPE_GET_NEIGHBOURS sorting oldest to newest"); + std::sort(sorted_neighbours, sorted_neighbours + neighbours_count, [](const NeighbourInfo* a, const NeighbourInfo* b) { + return a->heard_timestamp < b->heard_timestamp; // asc + }); } else if (order_by == 2) { // sort by strongest to weakest - qsort(sorted_neighbours, neighbours_count, sizeof(NeighbourInfo*), cmp_neighbours_strongest_to_weakest); + MESH_DEBUG_PRINTLN("REQ_TYPE_GET_NEIGHBOURS sorting strongest to weakest"); + std::sort(sorted_neighbours, sorted_neighbours + neighbours_count, [](const NeighbourInfo* a, const NeighbourInfo* b) { + return a->snr > b->snr; // desc + }); } else if (order_by == 3) { // sort by weakest to strongest - qsort(sorted_neighbours, neighbours_count, sizeof(NeighbourInfo*), cmp_neighbours_weakest_to_strongest); + MESH_DEBUG_PRINTLN("REQ_TYPE_GET_NEIGHBOURS sorting weakest to strongest"); + std::sort(sorted_neighbours, sorted_neighbours + neighbours_count, [](const NeighbourInfo* a, const NeighbourInfo* b) { + return a->snr < b->snr; // asc + }); } // build results buffer @@ -448,19 +409,12 @@ void MyMesh::logRxRaw(float snr, float rssi, const uint8_t raw[], int len) { mesh::Utils::printHex(Serial, raw, len); Serial.println(); #endif - -#ifdef WITH_BRIDGE - if (_prefs.bridge_enabled) { - // Store raw radio data for MQTT messages - bridge.storeRawRadioData(raw, len, snr, rssi); - } -#endif } void MyMesh::logRx(mesh::Packet *pkt, int len, float score) { #ifdef WITH_BRIDGE if (_prefs.bridge_pkt_src == 1) { - bridge.onPacketReceived(pkt); + bridge.sendPacket(pkt); } #endif @@ -758,7 +712,9 @@ bool MyMesh::onPeerPathRecv(mesh::Packet *packet, int sender_idx, const uint8_t void MyMesh::onControlDataRecv(mesh::Packet* packet) { uint8_t type = packet->payload[0] & 0xF0; // just test upper 4 bits - if (type == CTL_TYPE_NODE_DISCOVER_REQ && packet->payload_len >= 6 && discover_limiter.allow(rtc_clock.getCurrentTime())) { + if (type == CTL_TYPE_NODE_DISCOVER_REQ && packet->payload_len >= 6 + && !_prefs.disable_fwd && discover_limiter.allow(rtc_clock.getCurrentTime()) + ) { int i = 1; uint8_t filter = packet->payload[i++]; uint32_t tag; @@ -793,10 +749,9 @@ MyMesh::MyMesh(mesh::MainBoard &board, mesh::Radio &radio, mesh::MillisecondCloc anon_limiter(4, 180) // max 4 every 3 minutes #if defined(WITH_RS232_BRIDGE) , bridge(&_prefs, WITH_RS232_BRIDGE, _mgr, &rtc) -#elif defined(WITH_ESPNOW_BRIDGE) +#endif +#if defined(WITH_ESPNOW_BRIDGE) , bridge(&_prefs, _mgr, &rtc) -#elif defined(WITH_MQTT_BRIDGE) - , bridge(&_prefs, _mgr, &rtc, &self_id) #endif { last_millis = 0; @@ -834,7 +789,7 @@ MyMesh::MyMesh(mesh::MainBoard &board, mesh::Radio &radio, mesh::MillisecondCloc // bridge defaults _prefs.bridge_enabled = 1; // enabled _prefs.bridge_delay = 500; // milliseconds - _prefs.bridge_pkt_src = 1; // logRx (RX packets) + _prefs.bridge_pkt_src = 0; // logTx _prefs.bridge_baud = 115200; // baud rate _prefs.bridge_channel = 1; // channel 1 @@ -845,26 +800,7 @@ MyMesh::MyMesh(mesh::MainBoard &board, mesh::Radio &radio, mesh::MillisecondCloc _prefs.gps_interval = 0; _prefs.advert_loc_policy = ADVERT_LOC_PREFS; - // MQTT defaults - StrHelper::strncpy(_prefs.mqtt_origin, "MeshCore-Repeater", sizeof(_prefs.mqtt_origin)); - StrHelper::strncpy(_prefs.mqtt_iata, "SEA", sizeof(_prefs.mqtt_iata)); - _prefs.mqtt_status_enabled = 1; // enabled - _prefs.mqtt_packets_enabled = 1; // enabled - _prefs.mqtt_raw_enabled = 0; // disabled - _prefs.mqtt_tx_enabled = 0; // disabled (RX only for now) - _prefs.mqtt_status_interval = 300000; // 5 minutes - - // WiFi defaults - StrHelper::strncpy(_prefs.wifi_ssid, "ssid_here", sizeof(_prefs.wifi_ssid)); - StrHelper::strncpy(_prefs.wifi_password, "password_here", sizeof(_prefs.wifi_password)); - - // Timezone defaults (Pacific Time with DST support) - StrHelper::strncpy(_prefs.timezone_string, "America/Los_Angeles", sizeof(_prefs.timezone_string)); - _prefs.timezone_offset = -8; // fallback - - // Let's Mesh Analyzer defaults (both enabled by default) - _prefs.mqtt_analyzer_us_enabled = 1; // enabled - _prefs.mqtt_analyzer_eu_enabled = 1; // enabled + _prefs.adc_multiplier = 0.0f; // 0.0f means use default board multiplier } void MyMesh::begin(FILESYSTEM *fs) { @@ -872,47 +808,12 @@ void MyMesh::begin(FILESYSTEM *fs) { _fs = fs; // load persisted prefs _cli.loadPrefs(_fs); - - // Ensure analyzer servers are enabled by default (in case no prefs were loaded) - if (_prefs.mqtt_analyzer_us_enabled == 0 && _prefs.mqtt_analyzer_eu_enabled == 0) { - _prefs.mqtt_analyzer_us_enabled = 1; // enabled - _prefs.mqtt_analyzer_eu_enabled = 1; // enabled - MESH_DEBUG_PRINTLN("Setting analyzer servers to enabled by default"); - } - - // Set MQTT origin to actual device name (not build-time ADVERT_NAME) - StrHelper::strncpy(_prefs.mqtt_origin, _prefs.node_name, sizeof(_prefs.mqtt_origin)); - MESH_DEBUG_PRINTLN("MQTT origin set to device name: %s", _prefs.mqtt_origin); - acl.load(_fs, self_id); // TODO: key_store.begin(); region_map.load(_fs); #if defined(WITH_BRIDGE) if (_prefs.bridge_enabled) { - // Set device public key for MQTT topics - char device_id[65]; - mesh::LocalIdentity self_id = getSelfId(); - mesh::Utils::toHex(device_id, self_id.pub_key, PUB_KEY_SIZE); - MESH_DEBUG_PRINTLN("Setting device ID: %s", device_id); - bridge.setDeviceID(device_id); - - // Set firmware version - bridge.setFirmwareVersion(getFirmwareVer()); - - // Set board model - bridge.setBoardModel(_cli.getBoard()->getManufacturerName()); - - // Set build date - bridge.setBuildDate(getBuildDate()); - -#ifdef WITH_MQTT_BRIDGE - // Set stats sources for automatic stats collection (optional - can be done in custom initialization) - // This enables stats to be included in status messages automatically - // this (Mesh*) inherits from Dispatcher, so it can be passed as Dispatcher* - bridge.setStatsSources(this, _radio, _cli.getBoard(), _ms); -#endif - bridge.begin(); } #endif @@ -923,6 +824,8 @@ void MyMesh::begin(FILESYSTEM *fs) { updateAdvertTimer(); updateFloodAdvertTimer(); + board.setAdcMultiplier(_prefs.adc_multiplier); + #if ENV_INCLUDE_GPS == 1 applyGpsPrefs(); #endif @@ -966,7 +869,7 @@ void MyMesh::sendSelfAdvertisement(int delay_millis, bool flood) { void MyMesh::updateAdvertTimer() { if (_prefs.advert_interval > 0) { // schedule local advert timer - next_local_advert = futureMillis((int)((uint32_t)_prefs.advert_interval * 2 * 60 * 1000)); + next_local_advert = futureMillis(((uint32_t)_prefs.advert_interval) * 2 * 60 * 1000); } else { next_local_advert = 0; // stop the timer } @@ -1271,14 +1174,12 @@ void MyMesh::handleCommand(uint32_t sender_timestamp, char *command, char *reply } void MyMesh::loop() { - // Check radio FIRST to ensure we don't miss incoming packets - // MQTT processing runs in a separate FreeRTOS task on Core 0, so we don't call bridge.loop() here - mesh::Mesh::loop(); - #ifdef WITH_BRIDGE - // bridge.loop() is now handled by FreeRTOS task on Core 0 - no need to call it here + bridge.loop(); #endif + mesh::Mesh::loop(); + if (next_flood_advert && millisHasNowPassed(next_flood_advert)) { mesh::Packet *pkt = createSelfAdvert(); if (pkt) sendFlood(pkt); diff --git a/examples/simple_repeater/MyMesh.h b/examples/simple_repeater/MyMesh.h index cde4292ab..0d5cd28a3 100644 --- a/examples/simple_repeater/MyMesh.h +++ b/examples/simple_repeater/MyMesh.h @@ -3,7 +3,6 @@ #include #include #include -#include #include #if defined(NRF52_PLATFORM) || defined(STM32_PLATFORM) @@ -24,11 +23,6 @@ #define WITH_BRIDGE #endif -#ifdef WITH_MQTT_BRIDGE -#include "helpers/bridges/MQTTBridge.h" -#define WITH_BRIDGE -#endif - #include #include #include @@ -41,6 +35,9 @@ #include #include "RateLimiter.h" +#ifdef WITH_BRIDGE +extern AbstractBridge* bridge; +#endif struct RepeaterStats { uint16_t batt_milli_volts; @@ -116,8 +113,6 @@ class MyMesh : public mesh::Mesh, public CommonCLICallbacks { RS232Bridge bridge; #elif defined(WITH_ESPNOW_BRIDGE) ESPNowBridge bridge; -#elif defined(WITH_MQTT_BRIDGE) - MQTTBridge bridge; #endif void putNeighbour(const mesh::Identity& id, uint32_t timestamp, float snr); @@ -222,17 +217,6 @@ class MyMesh : public mesh::Mesh, public CommonCLICallbacks { if (enable == bridge.isRunning()) return; if (enable) { - // Set device metadata before starting bridge (same as in begin()) - char device_id[65]; - mesh::LocalIdentity self_id = getSelfId(); - mesh::Utils::toHex(device_id, self_id.pub_key, PUB_KEY_SIZE); - bridge.setDeviceID(device_id); - bridge.setFirmwareVersion(getFirmwareVer()); - bridge.setBoardModel(_cli.getBoard()->getManufacturerName()); - bridge.setBuildDate(getBuildDate()); -#ifdef WITH_MQTT_BRIDGE - bridge.setStatsSources(this, _radio, _cli.getBoard(), _ms); -#endif bridge.begin(); } else @@ -244,23 +228,8 @@ class MyMesh : public mesh::Mesh, public CommonCLICallbacks { void restartBridge() override { if (!bridge.isRunning()) return; bridge.end(); - // Set device metadata before restarting bridge (same as in begin()) - char device_id[65]; - mesh::LocalIdentity self_id = getSelfId(); - mesh::Utils::toHex(device_id, self_id.pub_key, PUB_KEY_SIZE); - bridge.setDeviceID(device_id); - bridge.setFirmwareVersion(getFirmwareVer()); - bridge.setBoardModel(_cli.getBoard()->getManufacturerName()); - bridge.setBuildDate(getBuildDate()); -#ifdef WITH_MQTT_BRIDGE - bridge.setStatsSources(this, _radio, _cli.getBoard(), _ms); -#endif bridge.begin(); } - - int getQueueSize() override { - return bridge.getQueueSize(); - } #endif // To check if there is pending work diff --git a/examples/simple_repeater/UITask.cpp b/examples/simple_repeater/UITask.cpp index 269e9c7bf..d096d14b2 100644 --- a/examples/simple_repeater/UITask.cpp +++ b/examples/simple_repeater/UITask.cpp @@ -2,10 +2,6 @@ #include #include -#ifdef WITH_MQTT_BRIDGE - #include -#endif - #define AUTO_OFF_MILLIS 20000 // 20 seconds #define BOOT_SCREEN_MILLIS 4000 // 4 seconds @@ -81,17 +77,6 @@ void UITask::renderCurrScreen() { _display->setCursor(0, 30); sprintf(tmp, "BW: %03.2f CR: %d", _node_prefs->bw, _node_prefs->cr); _display->print(tmp); - -#ifdef WITH_MQTT_BRIDGE - // Display IP address for MQTT bridge devices - if (WiFi.status() == WL_CONNECTED) { - IPAddress ip = WiFi.localIP(); - _display->setCursor(0, 40); - _display->setColor(DisplayDriver::LIGHT); - snprintf(tmp, sizeof(tmp), "IP: %d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); - _display->print(tmp); - } -#endif } } diff --git a/examples/simple_room_server/MyMesh.cpp b/examples/simple_room_server/MyMesh.cpp index 44e82c5f7..22a3d208b 100644 --- a/examples/simple_room_server/MyMesh.cpp +++ b/examples/simple_room_server/MyMesh.cpp @@ -198,23 +198,9 @@ void MyMesh::logRxRaw(float snr, float rssi, const uint8_t raw[], int len) { mesh::Utils::printHex(Serial, raw, len); Serial.println(); #endif - -#ifdef WITH_MQTT_BRIDGE - if (_prefs.bridge_enabled) { - // Store raw radio data for MQTT messages (same as repeater) - bridge.storeRawRadioData(raw, len, snr, rssi); - } -#endif } void MyMesh::logRx(mesh::Packet *pkt, int len, float score) { -#ifdef WITH_MQTT_BRIDGE - if (_prefs.bridge_enabled && _prefs.bridge_pkt_src == 1) { - // Log received packets to MQTT (same as repeater) - bridge.onPacketReceived(pkt); - } -#endif - if (_logging) { File f = openAppend(PACKET_LOG_FILE); if (f) { @@ -234,13 +220,6 @@ void MyMesh::logRx(mesh::Packet *pkt, int len, float score) { } } void MyMesh::logTx(mesh::Packet *pkt, int len) { -#ifdef WITH_MQTT_BRIDGE - if (_prefs.bridge_enabled && _prefs.bridge_pkt_src == 0) { - // Log transmitted packets to MQTT (same as repeater) - bridge.sendPacket(pkt); - } -#endif - if (_logging) { File f = openAppend(PACKET_LOG_FILE); if (f) { @@ -608,11 +587,7 @@ void MyMesh::onAckRecv(mesh::Packet *packet, uint32_t ack_crc) { MyMesh::MyMesh(mesh::MainBoard &board, mesh::Radio &radio, mesh::MillisecondClock &ms, mesh::RNG &rng, mesh::RTCClock &rtc, mesh::MeshTables &tables) : mesh::Mesh(radio, ms, rng, rtc, *new StaticPoolPacketManager(32), tables), - _cli(board, rtc, sensors, acl, &_prefs, this), telemetry(MAX_PACKET_PAYLOAD - 4) -#ifdef WITH_MQTT_BRIDGE - , bridge(&_prefs, _mgr, &rtc, &self_id) -#endif -{ + _cli(board, rtc, sensors, acl, &_prefs, this), telemetry(MAX_PACKET_PAYLOAD - 4) { last_millis = 0; uptime_millis = 0; next_local_advert = next_flood_advert = 0; @@ -649,34 +624,6 @@ MyMesh::MyMesh(mesh::MainBoard &board, mesh::Radio &radio, mesh::MillisecondCloc _prefs.gps_interval = 0; _prefs.advert_loc_policy = ADVERT_LOC_PREFS; - // bridge defaults (same as repeater) - _prefs.bridge_enabled = 1; // enabled - _prefs.bridge_delay = 500; // milliseconds - _prefs.bridge_pkt_src = 1; // logRx (RX packets) - _prefs.bridge_baud = 115200; // baud rate - _prefs.bridge_channel = 1; // channel 1 - - // MQTT defaults (same as repeater) - StrHelper::strncpy(_prefs.mqtt_origin, "MeshCore-RoomServer", sizeof(_prefs.mqtt_origin)); - StrHelper::strncpy(_prefs.mqtt_iata, "SEA", sizeof(_prefs.mqtt_iata)); - _prefs.mqtt_status_enabled = 1; // enabled - _prefs.mqtt_packets_enabled = 1; // enabled - _prefs.mqtt_raw_enabled = 0; // disabled - _prefs.mqtt_tx_enabled = 0; // disabled (RX only for now) - _prefs.mqtt_status_interval = 300000; // 5 minutes - - // WiFi defaults (same as repeater) - StrHelper::strncpy(_prefs.wifi_ssid, "ssid_here", sizeof(_prefs.wifi_ssid)); - StrHelper::strncpy(_prefs.wifi_password, "password_here", sizeof(_prefs.wifi_password)); - - // Timezone defaults (same as repeater - Pacific Time with DST support) - StrHelper::strncpy(_prefs.timezone_string, "America/Los_Angeles", sizeof(_prefs.timezone_string)); - _prefs.timezone_offset = -8; // fallback - - // Let's Mesh Analyzer defaults (same as repeater - both enabled by default) - _prefs.mqtt_analyzer_us_enabled = 1; // enabled - _prefs.mqtt_analyzer_eu_enabled = 1; // enabled - next_post_idx = 0; next_client_idx = 0; next_push = 0; @@ -703,41 +650,6 @@ void MyMesh::begin(FILESYSTEM *fs) { #if ENV_INCLUDE_GPS == 1 applyGpsPrefs(); #endif -#ifdef WITH_MQTT_BRIDGE - // Ensure analyzer servers are enabled by default (in case no prefs were loaded) - same as repeater - if (_prefs.mqtt_analyzer_us_enabled == 0 && _prefs.mqtt_analyzer_eu_enabled == 0) { - _prefs.mqtt_analyzer_us_enabled = 1; // enabled - _prefs.mqtt_analyzer_eu_enabled = 1; // enabled - MESH_DEBUG_PRINTLN("Setting analyzer servers to enabled by default"); - } - - // Set MQTT origin to actual device name (not build-time ADVERT_NAME) - same as repeater - StrHelper::strncpy(_prefs.mqtt_origin, _prefs.node_name, sizeof(_prefs.mqtt_origin)); - MESH_DEBUG_PRINTLN("MQTT origin set to device name: %s", _prefs.mqtt_origin); - - if (_prefs.bridge_enabled) { - // Set device public key for MQTT topics (same as repeater) - char device_id[65]; - mesh::LocalIdentity self_id = getSelfId(); - mesh::Utils::toHex(device_id, self_id.pub_key, PUB_KEY_SIZE); - MESH_DEBUG_PRINTLN("Setting device ID: %s", device_id); - bridge.setDeviceID(device_id); - - // Set firmware version (same as repeater) - bridge.setFirmwareVersion(getFirmwareVer()); - - // Set board model (same as repeater) - bridge.setBoardModel(_cli.getBoard()->getManufacturerName()); - - // Set build date (same as repeater) - bridge.setBuildDate(getBuildDate()); - - // Set stats sources for automatic stats collection (same as repeater) - bridge.setStatsSources(this, _radio, _cli.getBoard(), _ms); - - bridge.begin(); - } -#endif } void MyMesh::applyTempRadioParams(float freq, float bw, uint8_t sf, uint8_t cr, int timeout_mins) { @@ -778,7 +690,7 @@ void MyMesh::sendSelfAdvertisement(int delay_millis, bool flood) { void MyMesh::updateAdvertTimer() { if (_prefs.advert_interval > 0) { // schedule local advert timer - next_local_advert = futureMillis((int)((uint32_t)_prefs.advert_interval * 2 * 60 * 1000)); + next_local_advert = futureMillis((uint32_t)_prefs.advert_interval * 2 * 60 * 1000); } else { next_local_advert = 0; // stop the timer } @@ -897,12 +809,7 @@ bool MyMesh::saveFilter(ClientInfo* client) { } void MyMesh::loop() { - // Check radio FIRST to ensure we don't miss incoming packets - // MQTT processing can take time, so we prioritize radio reception mesh::Mesh::loop(); -#ifdef WITH_MQTT_BRIDGE - // bridge.loop() is now handled by FreeRTOS task on Core 0 - no need to call it here -#endif if (millisHasNowPassed(next_push) && acl.getNumClients() > 0) { // check for ACK timeouts diff --git a/examples/simple_room_server/MyMesh.h b/examples/simple_room_server/MyMesh.h index 65e5de926..f470e55eb 100644 --- a/examples/simple_room_server/MyMesh.h +++ b/examples/simple_room_server/MyMesh.h @@ -23,11 +23,6 @@ #include #include -#ifdef WITH_MQTT_BRIDGE -#include "helpers/bridges/MQTTBridge.h" -#define WITH_BRIDGE -#endif - /* ------------------------------ Config -------------------------------- */ #ifndef FIRMWARE_BUILD_DATE @@ -115,9 +110,6 @@ class MyMesh : public mesh::Mesh, public CommonCLICallbacks { uint8_t pending_sf; uint8_t pending_cr; int matching_peer_indexes[MAX_CLIENTS]; -#ifdef WITH_MQTT_BRIDGE - MQTTBridge bridge; -#endif void addPost(ClientInfo* client, const char* postData); void pushPostToClient(ClientInfo* client, PostInfo& post); diff --git a/examples/simple_room_server/UITask.cpp b/examples/simple_room_server/UITask.cpp index 180dc7c5d..46311c5eb 100644 --- a/examples/simple_room_server/UITask.cpp +++ b/examples/simple_room_server/UITask.cpp @@ -2,10 +2,6 @@ #include #include -#ifdef WITH_MQTT_BRIDGE - #include -#endif - #define AUTO_OFF_MILLIS 20000 // 20 seconds #define BOOT_SCREEN_MILLIS 4000 // 4 seconds @@ -81,17 +77,6 @@ void UITask::renderCurrScreen() { _display->setCursor(0, 30); sprintf(tmp, "BW: %03.2f CR: %d", _node_prefs->bw, _node_prefs->cr); _display->print(tmp); - -#ifdef WITH_MQTT_BRIDGE - // Display IP address for MQTT bridge devices - if (WiFi.status() == WL_CONNECTED) { - IPAddress ip = WiFi.localIP(); - _display->setCursor(0, 40); - _display->setColor(DisplayDriver::LIGHT); - snprintf(tmp, sizeof(tmp), "IP: %d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); - _display->print(tmp); - } -#endif } } diff --git a/examples/simple_sensor/SensorMesh.cpp b/examples/simple_sensor/SensorMesh.cpp index 72ccafd61..8e27323ed 100644 --- a/examples/simple_sensor/SensorMesh.cpp +++ b/examples/simple_sensor/SensorMesh.cpp @@ -802,7 +802,7 @@ void SensorMesh::sendSelfAdvertisement(int delay_millis, bool flood) { void SensorMesh::updateAdvertTimer() { if (_prefs.advert_interval > 0) { // schedule local advert timer - next_local_advert = futureMillis((int)((uint32_t)_prefs.advert_interval * 2 * 60 * 1000)); + next_local_advert = futureMillis( ((uint32_t)_prefs.advert_interval) * 2 * 60 * 1000); } else { next_local_advert = 0; // stop the timer } diff --git a/examples/simple_sensor/SensorMesh.h b/examples/simple_sensor/SensorMesh.h index eb2d90c5a..ed3523458 100644 --- a/examples/simple_sensor/SensorMesh.h +++ b/examples/simple_sensor/SensorMesh.h @@ -33,11 +33,11 @@ #define PERM_RECV_ALERTS_HI (1 << 7) // high priority alerts #ifndef FIRMWARE_BUILD_DATE - #define FIRMWARE_BUILD_DATE "30 Nov 2025" + #define FIRMWARE_BUILD_DATE "29 Jan 2026" #endif #ifndef FIRMWARE_VERSION - #define FIRMWARE_VERSION "v1.11.0" + #define FIRMWARE_VERSION "v1.12.0" #endif #define FIRMWARE_ROLE "sensor" diff --git a/scripts/generate_cert_bundle.py b/scripts/generate_cert_bundle.py deleted file mode 100644 index 5c9664276..000000000 --- a/scripts/generate_cert_bundle.py +++ /dev/null @@ -1,215 +0,0 @@ -#!/usr/bin/env python -# -# modified ESP32 x509 certificate bundle generation utility to run with platformio -# -# Converts PEM and DER certificates to a custom bundle format which stores just the -# subject name and public key to reduce space -# -# The bundle will have the format: number of certificates; crt 1 subject name length; crt 1 public key length; -# crt 1 subject name; crt 1 public key; crt 2... -# -# SPDX-FileCopyrightText: 2018-2022 Espressif Systems (Shanghai) CO LTD -# SPDX-License-Identifier: Apache-2.0 - -from __future__ import with_statement - -from pathlib import Path -import os -import struct -import sys -import requests -from io import open - -Import("env") - -try: - from cryptography import x509 - from cryptography.hazmat.backends import default_backend - from cryptography.hazmat.primitives import serialization -except ImportError: - env.Execute("$PYTHONEXE -m pip install cryptography") - from cryptography import x509 - from cryptography.hazmat.backends import default_backend - from cryptography.hazmat.primitives import serialization - - -ca_bundle_bin_file = 'x509_crt_bundle.bin' -mozilla_cacert_url = 'https://curl.se/ca/cacert.pem' -adafruit_filtered_cacert_url = 'https://raw.githubusercontent.com/adafruit/certificates/main/data/roots-filtered.pem' -adafruit_full_cacert_url = 'https://raw.githubusercontent.com/adafruit/certificates/main/data/roots-full.pem' -certs_dir = Path("./ssl_certs") -binary_dir = Path("./src/certs") - -quiet = False - -def download_cacert_file(source): - if source == "mozilla": - response = requests.get(mozilla_cacert_url) - elif source == "adafruit": - response = requests.get(adafruit_filtered_cacert_url) - elif source == "adafruit-full": - response = requests.get(adafruit_full_cacert_url) - else: - raise InputError('Invalid certificate source') - - if response.status_code == 200: - - # Ensure the directory exists, create it if necessary - os.makedirs(certs_dir, exist_ok=True) - - # Generate the full path to the output file - output_file = os.path.join(certs_dir, "cacert.pem") - - # Write the certificate bundle to the output file with utf-8 encoding - with open(output_file, "w", encoding="utf-8") as f: - f.write(response.text) - - status('Certificate bundle downloaded to: %s' % output_file) - else: - status('Failed to fetch the certificate bundle.') - -def status(msg): - """ Print status message to stderr """ - if not quiet: - critical(msg) - - -def critical(msg): - """ Print critical message to stderr """ - sys.stderr.write('SSL Cert Store: ') - sys.stderr.write(msg) - sys.stderr.write('\n') - - -class CertificateBundle: - def __init__(self): - self.certificates = [] - self.compressed_crts = [] - - if os.path.isfile(ca_bundle_bin_file): - os.remove(ca_bundle_bin_file) - - def add_from_path(self, crts_path): - - found = False - for file_path in os.listdir(crts_path): - found |= self.add_from_file(os.path.join(crts_path, file_path)) - - if found is False: - raise InputError('No valid x509 certificates found in %s' % crts_path) - - def add_from_file(self, file_path): - try: - if file_path.endswith('.pem'): - status('Parsing certificates from %s' % file_path) - with open(file_path, 'r', encoding='utf-8') as f: - crt_str = f.read() - self.add_from_pem(crt_str) - return True - - elif file_path.endswith('.der'): - status('Parsing certificates from %s' % file_path) - with open(file_path, 'rb') as f: - crt_str = f.read() - self.add_from_der(crt_str) - return True - - except ValueError: - critical('Invalid certificate in %s' % file_path) - raise InputError('Invalid certificate') - - return False - - def add_from_pem(self, crt_str): - """ A single PEM file may have multiple certificates """ - - crt = '' - count = 0 - start = False - - for strg in crt_str.splitlines(True): - if strg == '-----BEGIN CERTIFICATE-----\n' and start is False: - crt = '' - start = True - elif strg == '-----END CERTIFICATE-----\n' and start is True: - crt += strg + '\n' - start = False - self.certificates.append(x509.load_pem_x509_certificate(crt.encode(), default_backend())) - count += 1 - if start is True: - crt += strg - - if count == 0: - raise InputError('No certificate found') - - status('Successfully added %d certificates' % count) - - def add_from_der(self, crt_str): - self.certificates.append(x509.load_der_x509_certificate(crt_str, default_backend())) - status('Successfully added 1 certificate') - - def create_bundle(self): - # Sort certificates in order to do binary search when looking up certificates - self.certificates = sorted(self.certificates, key=lambda cert: cert.subject.public_bytes(default_backend())) - - bundle = struct.pack('>H', len(self.certificates)) - - for crt in self.certificates: - """ Read the public key as DER format """ - pub_key = crt.public_key() - pub_key_der = pub_key.public_bytes(serialization.Encoding.DER, serialization.PublicFormat.SubjectPublicKeyInfo) - - """ Read the subject name as DER format """ - sub_name_der = crt.subject.public_bytes(default_backend()) - - name_len = len(sub_name_der) - key_len = len(pub_key_der) - len_data = struct.pack('>HH', name_len, key_len) - - bundle += len_data - bundle += sub_name_der - bundle += pub_key_der - - return bundle - -class InputError(RuntimeError): - def __init__(self, e): - super(InputError, self).__init__(e) - - -def main(): - - bundle = CertificateBundle() - - try: - cert_source = env.GetProjectOption("board_ssl_cert_source") - - if (cert_source == "mozilla" or cert_source == "adafruit"): - download_cacert_file(cert_source) - bundle.add_from_file(os.path.join(certs_dir, "cacert.pem")) - elif (cert_source == "folder"): - bundle.add_from_path(certs_dir) - except ValueError: - critical('Invalid configuration option: use \'board_ssl_cert_source\' parameter in platformio.ini' ) - raise InputError('Invalid certificate') - - status('Successfully added %d certificates in total' % len(bundle.certificates)) - - crt_bundle = bundle.create_bundle() - - # Ensure the directory exists, create it if necessary - os.makedirs(binary_dir, exist_ok=True) - - output_file = os.path.join(binary_dir, ca_bundle_bin_file) - - with open(output_file, 'wb') as f: - f.write(crt_bundle) - - status('Successfully created %s' % output_file) - - -try: - main() -except InputError as e: - print(e) - sys.exit(2) diff --git a/src/Dispatcher.h b/src/Dispatcher.h index bb6267116..25a41d82c 100644 --- a/src/Dispatcher.h +++ b/src/Dispatcher.h @@ -174,7 +174,6 @@ class Dispatcher { uint32_t getNumSentDirect() const { return n_sent_direct; } uint32_t getNumRecvFlood() const { return n_recv_flood; } uint32_t getNumRecvDirect() const { return n_recv_direct; } - uint16_t getErrFlags() const { return _err_flags; } // Get error flags void resetStats() { n_sent_flood = n_sent_direct = n_recv_flood = n_recv_direct = 0; _err_flags = 0; diff --git a/src/certs/x509_crt_bundle.bin b/src/certs/x509_crt_bundle.bin deleted file mode 100644 index 1105e5265a9bb2d9a0bddfc14901dd37d3347a41..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 66969 zcmb@uV_=@^wly5vwr!_jW7}?QG&URCw(T@#W7}3^H1?ady4K$P_Ivi*{hf3E<+<+s zc&?c-#~gFac?TdCfDMq0frSy80TK*Y83YU&NJN1Vi2>n{4^S|WLZ)U`t~L&4_Kb)O z@PC{E!$1fc**Tb*SnDzP0TMC5fTTtEpts|p)+ENhVOW_FZ&B;tt!=Z>$ACAB zO~9SFex>=&BKaADG>fq)`m2O8mwYEeRYbcOML$vfbeId347tAZDcxpOY$pI3Rim&at6Xdcvi9zpXK5Q1~gaUXo_B1Pl#9$-6Hx~L`|1H5oW88oN8bjK)`?ifB+mo zWDM+#C=5tHLkg{AWND_SXk%?;r^krTfcrD3Xuq5iDA?FI5D4-UI59H#0sY@02Kpn! zK<^<20tD#kI3~X!%)2rpQ})W}Q$~x?dO0WTRP=G9osJ1NV7xdXx%gHvZRdetbXkC$JiI*qCSQ!P+qZU!48r z0EBPCwGW8fyk1$iPUYN77$PudAR|ppv^%+zFce!U_4|f(?79aMXIE&m>+#KiPmZ?b zE@8MY%C8h@FK}*7Ejc*seb5FKs)@%oc~{rCMYCI3L${Mn!#egl?arnj3r>+vpOZ04 z$edOwBoPR3X1vjyX-{o@?!;RaL0h#=2WAHy(LRP~gx#Tw&PrWQhq&@e^CTDRt#jf{ z-|GNxb`Rl%&qPSiB(T-7e=;ygV@A24C9_cU2nlEEu|DA;1mGCTG2NE?LRZa6eZ`ht zPQPoT*CP+f!5gO7+-kDCs@UwL&Xys#N3hAmq#Hma-#EbBx`s-h?@|cv?kmCu61e8d zI*>raRh@^V4Ze27w+m!J92M!e671hY_uabrTdkXL$H_`p=wl{^Fouq zop7=ACGeYhIreZ9^y#(8i)Ir<$K^yzUdea_2rH#dfs*l8H%Q|$ck}`el6rK1Ug5fi zq*WppE2rP;E$1B^iIr01U?)DA0eskm6q1%U?An6W2qJ2$z|MOmYe2m!diKXWJjn^J z7c%qzauqV=09G;zJ>RoV9w0|HjNUZl7NkOh1&C+afn0%5-avBmAtq;Da{01#dR?^P zvd#Ba-C_b$@h}2)L}H}GMraS4e_|`JXn4{*t4%5bj9DW$U@w|ATVD%J=3*!J5g4nU z#Gu#%VM+>(R}ou7~^^`6CA%_Oj(f; z{+<2*C=Ruc5JIeedHWGtrr)9 zovu?%@6-r&9~}Gv>C1s=181@Y-DGO>C)rv6J0e!Z2EozUq^{3`i3fO(*>4&!@5N24 z*B6?dKH%zQ=D+%}73@i<>+qR%A(-SY zvsc}^)jkOQ2a^azli*_`Zs~CSk1P^6TFEa`bhC|k&s1#R9dDEmcsrOGG5wV7eU_L+w!@AgIL*RcHUy~L9{7rL3;$ZMT+G$Bsc1P*} zj7@qpwVVegnmTqC3{$t9UC1@S*RMi@eG_&xqfko0=}0i65oAj4R(W%7x==jeko|Dj zt5PdLS}gTrC4q)jaKaKxlLD4tbakgCX!BQ>#-qtyPHrSc{Wpmp?j5Y4B}gngSB4Jy zG&}&}8WgWgLajk-M&v-YT+0%7_{(E=gv!yf@F$giTUi!M!ZWQGpMp-gX*dFxKdztH zDIdG$RjjOeRJY)aKd;NOI!(aeyWpF%$%~NdX&z=yT;wWydXR?N(AW1(_|s9pz{(?7 zK7GP&!}jW{h-A5yGq^}darN}t5Iji{yZ}VBJi=ppjdJX=kio#; zHQzW75Fi-DpFaQtf&&WxfKVnC_49jo!KNJmVypE3P$+1jtwlPRrdxO%>RT+e!ngP3 z;!3vQ@L(?JlL?IUK{wSGR`nE8!>wcAGl4iZUI*X;aQW|lGZqG?ciH-nZw5;33j#m{ ztPcP(T^7nNo2Ll-+8ydHS?n$%X;7_yON+e%VM{m-aA44$O8#`gVXb|{Q!wOPnx{#S zEUb;T@^XM+wUfTN)Bed{|LU_LbM^=c{pXh89I9-`d*4cZuwLI44r|J4yhl1M0G{`( z<@$vh-^=e`Y8eU!LPSPdiB>^S`fqZChC$#LBv9ZN*C6=&(Qos%#n#77D$v?{5ZS7$ z-xCKQDT)S$xD_FluLP?xDEK~2#r$dCJu)mdvWQe$9dU(?u2CKxzXSpw1f4{!lwAU2 zV~=B2^<|-(CI&EOn`joeOYPZN^dyScL9nHqB|`dxlSyRtpbZ1Fnyps-jfM3rpj;EO zm!(9W_!I%=Sz8w+hEdV_>-ic~G~stFlUMIDdP@;AoxcHpgr0N6qcSRA$(rQuXWD)~#dnJWQ-zHOwXQdMe$M@f96@IHT{essMYsJK8-B#90)9x4tltJ25=IP7Q< zIn%Uvr$P7g)zPQP0Wzv<@1q9r>U{=gR)sy?ejL{pp8qh$`n9%uGTm3Abhj2z3peUh zN^ecYN-*JZG=!he6+@ojezaeuGKKi5=0XX=2e{WLDa|yIBmSFe2#0Tz!OUMh792KK z{ig)s9654G`6!NDM&M}ZI5NV+tkH1j$@~zucZ}kpK)Q79v^DP$wkKQMB%jvV0RXTx zDR!pQ?RlAkl5>XS=@-_^nd@YKhMD(0%-oE43^+fPGAh4=jXi;qouj>jk>Q`68508| zBO@#W^q<-X2IP$s1k3q+=S0;!qY*6-z-Ys*Ait?)s-5# z+iG1ybvLsK;6@wRj$vLK2fL$E1}b~~4)GYhLBv-$V5&QFf>j_?SRGXJ=N-T9hQ16# zNXtC+WN`8U>_lok2U|GhqJwJ0K~)cf_KW zHu`#&1fooTD$C#UX5T)wjmJ3|D0!YQ$+FD|;6qAk2~!VIkRE>w*T^?hY_LA566$Uf zbRt~p(+A3sxLlX^Sc~jD*j%sSxVplraMn4;2lU$s;l4e$6X&?>DB?;uEMV`B*~wEn z_c9S;%{Q8TCAau4D%6Xih-x=3lC1^PZANY|W|6N-h=m38L`qa@uz*09kErq{mR*kv zU$MQXRD$WTI3u`P{SY@r0VWlK%ANwf;7Kg_GFVL7A_iy!ZCrUHOSsV`y{l7ps%>>w zp>GVojSIF}*)~tFlWT?^EcRD!se4XP(6Tlqs9;^zs!28?u@8FGol5#_MLaSQf3;~8 zOMs{mk_ias1X3cP-{@48<>HJcT<9iaRU$YU_$YdEuF)y!)?LAcE~llx2rntIO8scv zW*<9tG9Y)rpSV!sWwm&S8x`8ntQOlM5laoD^5Sz0aiK$Ljg13S6%`j!vC^KGNjMyW zd9u;)4eJ=~)rC!J-g=T39VZ&yf~@7qjlL5R2Lq1Q9yls{k2PCkTgnmFc8lYKq6^>X zm$(I}%nZ$_(A~XFv0brR(J>h+M=JLpM7Kj7kTHp>Zo$FjXP?U-Rw;L2aJZ0UgyxH6 zs>uegmavjyOpneZM8Kw1gw;~HVc@?sfs%gXnBdB132Agiq8IJ^UXodt=kRkstv-HfYEnOM07%+Y|FNps*``Nz;GyXeev2Jtk zjk9t3AQ}`{liwA3@0a9r6g4QJL**H4S_G(%5<}vqm6?a`85&5)f+2^Eus+EyNj89~ z>vPD`u8YaWH%}P^$sOZ%+lEZMrY-}bGcgE+gQ3{XxVTJkC={{l1n{pp^8fd%EBxL; znq-^BKUyo>o%*`}MAWs03~TOAgp8BKZE9f5ln&ewk?;Fu*@XddVzrjKBepYgw->o1 z-&ATD$P~??qjn8s*Me$|9bcDb<>oHOBcT!Ib0FO%=efe&=uFx}SO?q&V`GM?R&3$T z-W3!}!<&2VZct8t6*|Bxp?+?!*q37+U@l$-HzP@TmLa? zBWXD2GbwBxkv*ZqphTix>qSGCha}gaY+bP%2I3l0q4~N)SKY5wC^KY;S zZ*uux=Y&GBWwMXzD{O_pQard3*TC}dq`qYMp3_8kxeLj(if_V6sKmC7G_1Lzhs3Pw zg*e0(?=S^)$OPm|s*h0jxkTD3O#-o}gzt$TZ7SL2BZARGhj(jsG~`q(TBkSZ#^9@4 zJkVapLnSqw^f>`5VH+v5NX4qivu5)xQm#}gIC0T3@TG-L3aHdK1_R~?aVaK_<)KAg z8JD8h4Crol3xdL&rD^KgfN2G3l0WbvW~MWDH}0{jf_jsWqZ5SVJYPO7Gg6A5-az{o z$#&n$^iZTfo^4ivKQSY^5z0anB7EiJEFv;~18KO+tU)*o2{jg0)S^5UJ9e@n<+eU6who!BZwG?VxnK{pTl#}9nf zuYN)wN;R-TEezB?)T7RPMKp8AQ#uRBA}Y5_`beyvHbms#4K6$Cy{$To^trXr=*rB| zpgrLUJ85jUxaxLFrg$mTmSl{Lr!BGf(z2v-Zvxhu0=62iVOZYX1?3w7z4sG}@)lys z%N$frCeV)lr(;%0nkKsgULM(UnpV2N?L4Qby*R3gg0exa2uZLvB$0BL5fpIN&616< z!zxr+v=Ghq+lYSk%HROF?vP`AlRn|dH!F5FY8T@#G4j+rZ}QGg`Z*^iyu7|&HdRXG z@bTSJ$_zUF(VZ`0xi;?7_3BuYLpf_txUtwjdPT)fEFqy7E+YV;^1sRU9^>Q6c z{}Hozv{CZum49vRCM$I3wtS1*CADqw!rLvInQAqHK(mt8 z=6l={+h=priAedp08JB+Yy=V;Z3@5cB-KSRO60Fw9Wl}y0WgXfsdyy0vQZbg0nj7Y zl-|?%YG-89L#4&;sY{O^)`e72_wK_7m&CSV(a3S}2EPQ5Hnx;1^N#`(Nz%qdgzbk^ z84n!3Q6F-bFHhHf+cHfLxpxClS-)0JuzYGUT+f(ca5zUWD)iVkivQJUbrjYba_p4xsbg8`ZMN>q*P(>faEbAWLJj()A zcUtBHT%213kHoxh7dwcp@H(g1EY-9w&+;*qux@~-o%XlF+qvsz#3Z)|@4aJ-okY?F zjCk|$y1{`pL};6mt{UfRl?l&VR;2)vo=_6VnL7^zMMb6|QqXj{QoW}4Pd^-;0OE0r zsfa@kNU;NC2E%pPZ`l|h+KDpoBJ4o}52XqKSoXzx>Gg(gc>7^NtM{riIoGx6nyGNS z)PuRx%p0;TwTqql<9ihlMNu^gT>CZ7Dn`4=&|=@*x`uu=`3W|mcV-j#yWj)EK=KO;s{GM?GcqDD!2L;OFyL~M;(r|fD(e6E z_|KV`u;Op2Ev=-iQ%@qPiayCW)#20RQsT?R_O9_cKE5b(k5Jx5>NmW>|IR@Th)Dl`7f*70Dg+X1kh879?Lf-rcq;2yhpq+oU=Zdt?*z=6d(EajPIKOG( zfMRUZVxEI*AqpkTdmWI#lUxZdZ5%vtS${Wt?Av56>Ww0#EzX-T zvj0Ar&i!UE4%9Q+*J69HrV9gqpzMB)lkW~2pDXjekRHtsBn8D4^@oNsC+V^y@FwwE zQ=-o2z)uC!AZ6K<=JyL6^XKj)2+jZoSVgvST@kYlymD>kkb;Yq4TU(oK}7j3_`=n4T znF6wQ|4<($mnWkiauG!G_(h;Q=y8sgl1jtY&Cq;-T-N}0WnBCw0zW#03H{z)uxVN& zE>LfN%Mt3x)z~Rm*7g{LbRJ5>EpD$_5}gme=45?BY}W3&cN7+1A%n59@D4pGY-U+fukEwTDgWSiP@ zSmq?=4|?_fa088&tUT!Ix>T(e#3rOenAQnvOP?T06kwVNlGH)NFAe79$TZBCS*tX9 z+*lt!E2mWeD0okRG{3Svrgx!L>c1vR33@4`bYRs@TlG{q87Ej!RmVFA=zzfM;~F^L zS$rSSO#OVqYXW-l3J&2jL9qhbk3vo#=y^fD{u>E+>W= zXSsV=khFLJ}ZwZa*$)khE!WaZEyA<-sz4lKF@mTlJ&bqOf%w!(9KU=wq7YEu2U zB}GhQZgPFfKnrSX`WyW>L+*;^YB!BpiNUQm?w&N}t_ z#YkrVyl92eI-msI2N)^ShqF0!*n3;m2GU*1Gb8P)sWWbLXbr)>g1{q^%xzHcRTcrH zn0XF|N-2K7l^=y-Q*~)q%%xX_U41e)*BMR*`#}9flHCa(Wdjh)BqKnWaj5BKNX0kw0{(LDx>{xepU1BY#zd(fN zT*B`B%AtO*TAgcO_zWxamn_E|1#-O)m+Cx`a+~e0+}|w|Uv-v%jOrt`CJ|XSv^y1w zd;z|BrwFH@&Y=%NDV`WyrFf2-AqDoJUjSxy`nOFfj9|wakLN4y<#hJ0K+f-ns8A2? zc&zWdh3v6fQyf@A6Uf*y)%B<>^K; zyhWV{1k^EuJr|CS=eRpx;mhl!#jJ7UYX2dU3@(*wDMFivj-O{?;m{A-<{NbKiYd4d zCF+F7t_s{_6c=WJK&TS?h9?Ku#&;8?R|5`*ym1+0@-1`_wB@oCCzri(Uo2mQCjO|{ zNnbP!K@nU`)p9#l`fDZV$ZEHQPE#(u@yzg2GkTx|GN zxe3}>SsB?GnCV&m)+4*cmNfyV&OyBaBO1X6tlhB}1``seX%#0$nIHewSVkk;&(9RE z`iNAd3AY`Ej~9qpRN6q>{0TO+rz(Kem5H_$N1y#ijiv<8@R;qVLxGO?gTeI&A~D1M zy|R94s|wJI$2sVU)V&M2{4g%j0%A=!w|nM~P3I{|I|SYH6d@DwPtC%oJACMfvkn)~ zjN8;?=4n!@mE{DyEy8Y~SM6zLsFj{F1O~mVPMqLCL+mdDqGtz}PPq1{Ka%nr2Hjkj z1WKvBwO+@`Wb=%DS*wIvl<;sEn2a*^x#M)?WZZT*XRSxEo*t&zD@mxzRDp>oV8tE1 z8!46@J0o{i;anO2SK=*Wckr-1pyI`mrIN@YhFRr zk^)F)Wi--3VysLe$tP5Uy|C32(6x^6k>|AO`SOxjakbMZ$!6(+&o;udJz;jdBU^`@ zc>Setk_--j@|auXf=9RWqulf=8NYlc3cCPE-e=Wf?4VQHNB6UEsGSny5X=$&hczKK zy@_pSkwMSf>sVj5mlc*vJFhDkwDx+`pYaxb=TqTd_*CE@V;d-B1bIgr6+J^Udjcsl zE3HEz4B#Cz)TQsS0+*o_&O)`dCR!f zQ#Hg&8$wQ2r~HfEwM1VPaW+_SS96@H7#;Wn+A}XCC1w(P`sGXcZs$z3n0!hA&m%`XLql+H6PA#weV-|w z&%MCNkIR`uFh0aA!$cWs0e|BRBlu_?VZy^X|LUn3Jf!n9s<#@(>^vjH#0seo5{rhg zm`N`B#6`Gse~hd7zYI9$-zvsYRRJ`m^!?gbnWfX#*ZmjW5;@BJw}E2jg9S%QO_@*qoA`*IskLk zCv5lODV^SGR9uCr@iX0&4)Q2jP4fX|;q&R(&#^mqq7aJh%G6Z9D+LY?U1=`UENe$v zbLa6cKl$yg{m`lfWwr@r8=pj$dFzybVUa5QM%XR~qI_J_n(-uzXNbD43>XgN)G(6s zQNXN?zTH$1O(leiT`%UPuu`UL1jQ(xT{0Hz9At7ZJ$MD$-M6ZShpN|z)8*^gs!z@I zOiDWEnT3W$T}0#DczRDqfh0XzO{OUqm`$Z;*8Td)C}mM{9;qPx`Q<0FtzhYU9qWZ9 z6l+Xovm!44khoq&W#k-r7ry(Zq1-d~76pMXnJA~A3L5GvMM=*YAE780S7l@1klWT1 z@;Aa#I?B_SgU=g$tFZft6bEky&XQ27`#f9}1~0~~opt>S52>68PSpU>8R8DH!Zz&< zmds=0#bxR%Bm#Q#h!~zBPfdyJ3xi>l3Dx?xIJ2nMhPR?Om+Z?deVPuS4db%Y!!h6L zreRKE$bv%aa<@K5(Ln8uS((ZoFMkB}4rAI!*0Om0#J5c}SYK}_JKy3d##?L#v(Or7 zJ7nMVkt>5#a`}z#_`e36pco_S`#}HCH69p6XES?y#rNG#0)Ekd>?R_k{qtDV#?tVQ z%|zP&#O$luJ@X19fkUz`k)uTu;);#c8gA0|j}<_sYBN&xcKdj@X9=QTU?$ns* zZh+ElUu#G)RBXylth3oBbB+n$)JFiyVu8<}i)EHy?}%vechluIU&*3ASzibIXf3@b z7dTR1bt=TyH>?r9JWcIUeAZF82UQAJumP&js60TV&19aGWPrRfwBpL<9>6Klrx5Z$ z@;$@3#P3ZRr@+>XdJ2f-M;+O$#WINUUN_W$6$5)T)ovyVvkn@%a-U|y2un!pWd>PP z4)|<;t&7|W3=FgfbU6P)^Wj=}@LisCEz{^C`tn%gxN*kpi_Tkn5-+9WcdsISwJK7U z0{#J>Hdwh~U|@I%4g3Uq7yZsEI}|gxf<0h3mq;=SfeUbGeF6j%4w1(a;8BndZpP;X zUmC(CR3c*lo+GvV)`PRZZJSzqMx1l68C`3a%b%0@RF-NxAFCd7#>`UjFMII=2k9NuCv@kuR-klT2;pJzQuU= zUx0g`zWiEJ|E**sV8Hvc6NW+mRWkl%_7MmR3jVt(3@n2VHfjd&WR5FqBPVyP+b}B5 znEq8dnHD(Dp3-C9{3z1VHOi-hNX#;NIak}E*p>3O{6O~8&kz8PM{&^ZbPDOjro>=^C$aR3{wq(SDBuU5 z;!U)N+hu&k&|hu$fsjZU(x1_=VM9U7}Ky5+T$ocfs29 zL4nXZtBQ$%zsAG2SzGpu%oVo69Nu;VJrS-Ouc4PY2%KLy(34&tStx5puVifK1VQmV zRbW~?-3{vouP=8;%~#HO&vJh`TR@ZgBFt<-J{dTPLu+wW=6M-Vazim)aen15i4*jU zoX2UGtAR*8Pi{+o>Pu^7>>C?YkFDl5`Vs0;L{{2G>z-O{2gH9w`?lV^&gfYnQ=W{N zV1x(d!S~b%4L}ylFv%EVBHVq4x+~)WFeQtI1&_21pMaMZAu)rL-a=)MkFIcj4RdTY-z$vtbJ9LF9CN|I8 zz-C~~s!?)(H6Jl9T{W7_&6G$5C$#X5TIp4PTqo)RN#7~eWQ#lCX?M%XfOe{Z9>{o^ zNG=BJxu?p@`I6m8YF7ZX^E2_q-w`MJOV<3?^LR&^Ri|tkmf{Jbx!KpmWIOT}Kkj@0a61VxCx8#@t4?DE)(GrZ z3!Li?XqD|x=aU}pI5SIZs_ovyx&S}Ye9c`G&1t#|e^ z$LGdUa0B51=MI4NpTu{9x-&=Fu-jqrP?b>u3d|%F*g=o_(ITdMQ>Of=xms8q@8spxt_H!^ zcI$z?|AO2*QU43%{@?EFKWF|w-PiXj^A891-)s{a$w^d(yCzDM;y`@M%N=`FSK)Vl zA&VDi#T|oKv9Hy1yqZXt@w@K4*CPwCoDa~n`#k-!qF=wE7}j1Rq^2(bIq>MMiSYfE z@1<+;8#UAS&xMVJ1j@MXKH8E|CQ_FO0RNgd?*)^Hf#9b?!xXi#F|joIxsF7jXk_PP zW?=N*kV*;uJwXFTh89&){CSE0VEX?R5hx6AC&xLBYqc|;w=toJk2~kZ@4=G^%+L1r zHr)H^V5QBRE-5K5T=IeXw&r2nAGhYAFKPX}`A6Pi8&Zf)QK>@NJu&%6eoeZ;%0i0Q z1(eRQY2kIhhA6Bw0`rbc4RYQfhNa}mGi3Beh9M;>F?de>G!LEb=EO8)Q0ti3g>+Ak zTX1M=%Y-`Sd{tC6cy%V@rC)c~23?_*B_>?Mq8AyKFfdQGYkoXM1-v)eUNOXL;sLj5 zyyDpx&R}ZPM9A7rw{SYg`Sjx=6~m}RS<_0Mq#pmMt~S0dXs!0!pgLB|att|d|4pf} z*cpOD<~D_tDy9a?I#Q~7u?M@YVZ*z9KZJ;bjGoZo#}CG#&jt^G4=yk6TF#G7L60XJ zHE^y8s`c$;=ktJ5$7oQkkcU{cbKeecikDvr88q( z`EhpVP>)s_w-*6EnmJ+$SsZ zSS-m09Hu7;r0z~R`)17nnC&6quN9|kNA_)RU$#d)yQjw`>LNfh!^Gn@x-}=QbuQ=_ z==`1^+v?Gw#P)*I`qC`ctB31>FP5*Pn~V(aw4^Eyyo_~H7Mgl^2Pcs;D$aI=-9wb` zLhy))@kL__9WNzSnM&)dFX~Y%-QyCRpxdAJ2RIVjSXgyPHmTk7EASSNY0ykvhP;aTcc2MM6L{q z{0<`ziQpJ4)fVyK&OJ*chEKJ6Y|$!IGs0}kBvMr&aT$K#z*+tsi^$$*n&FOAV1S5= z3#lTJuK$}8cqu_6tGMc6toVTwnjNDFb)r{j-axzxQKz}27a(CRG1JCws*shsruGd$ zHcnciCEuF;T}TXr#xeI0 zI%mAk*IG2oKae>)FY52xAc=GpMum#q*DvOLig z@0OTrjXDV`_x4K-JmCROQ2?A~%`9KOP#iMmo-GFgTqc>}Dh3j%%E#Hcw^ws&yoHN~ zZMc{ieSGMb+WQvB02P7m#d_Sg(F&K|6%n)({2{>Pk$0eM6FD6eBY7h3rY5%jnRsSm zu9sYVGm|?FA}>svig5Fpqf~L((`y0?Qn5`N6l5YtA}Y+u4>sq1dH}^)Gnx(DH;otU zQ9;L`uMpt1;7|cup&^#T4j59uy;>K|x^RuO2iSP+3S^3JTP7^<+Gg)dHo3nJNcT;2 zI|EPed9hjBhqV0s#3}t{vo65I%8_1qmLr(bH^NBuC<(1yz0{)VLn@aDc^*#Gvt0Ga z60P;VhiIa`U}4*}m=sI5EFPX@51rc%G}COIN@(I|4fs+bC)%ML1l-*jA>!!ZtbVHf zg`3nmH9UHT5D09g+=gW069{LV1Z};kk&yIHxe_s{=Y*x=Xb{EidK8R94iy2nOMNwA zQ+o(Z(x1WzIJw2~nFG{eS4JQm1NuG3eK|1WP z3(0B4HB#Ibv>*u@z2lo@FJW8N=hxOBHp?yrWULi0F!H@4jdBGJG+2L=6(4-2a-_Zc)Mw(cC zVe+^xwzi%%w8wpHt?tFkc)41d7JLAo3XV1F`gC-u7_+O`4+uE3ikWC&Mj>%$G9$Iy zq>|72uuR=g6blbgSo1cr zUQwrdx|Faxd7oj&M0p_1x*W4uxlkBvl9+Sl*hrfS5%GdccG&8grPp@%4M5{otCCnZ z!2WUF{p^UZEj*#mM>vzTtH$v+sCJ0YlrWjNSeY=Sr=bW}V zL~JKO6NpWI=x@iU*7y0COSxrL+vEx=)Igy$C?pS^0zjQ)gZ)vP)*n0-Y4=W(>k9bg4F>camr z=9vEz%+-y+A(%uSp(GVCQ9-G&d7DZN)Y)(nqr|*ndKV0rpVc{KxE+RJmsv2bJVGl< zRrM8MxpId}y_Ii}uFEX>F+mHh53hum=UJnD;VLwgWD0pgL;K)$EVw=6Akm`_We>F` zUZ*-;4Hb}K%e|gA(#3QI$Uz{8%{rx6S98`EXXeL?)<7YWvwjo;c`DchDiRuaqb}Nk zZ39S%(EL&|O)-qX0XdA!Hj!RY!RO#g4fK)a?UBIDbLLF%rlsyX!z4R#pq-vDrI@;@ zjdLNLZwI)vP1Sg>FmepaXRs*ztotCd8o2XsA(+QUIC{@+mZ7Wjz|fgwEl6v#N*rZm zdCW(SzRR>@@UpwWQ|G8j*cQ=!K+$o=K!i1->tU%9KF!Ke4Y~AP^UNm8UcE*2AVSBY zPy1@kcQ6<3)HPk7DZlaQ({hQKtrByK9lJximRKzpGbB&=*Z~I@YKm0axq3hV6B<=E zZs8QvP~|eN8-v_+IULxozwxM#CXykA1th3qm037K3-KUQaJ%a@ZbzBO?wxQ;>H3(d ze!v6Nj8Hxp*ytK{CT0Yg<)=dd1@hi}B{*jNj#y4KuFA7M#9)O0958nI z7LL}?UCSG6sp}mrn{anaTLH)c4)W;ew$CZ$7#}DJ(|wYUO+~wdoKT!-V?)Gx*>Sc%%EIiUvQ3P1r+N`9xP6Y_PJuUccSG4+_2k$R;zZ5}o@>pjs? z^}d50NM~c)1J^C@k~)I0JO}fT)ueEPc#hLfyG^eT3v3~5zP>n6*PzH@@y8;K`PvY5 zUi;wl_`t)BXt%gSAL!KQO4D5u9Ve1(GV;YdTaLJh>(-ZJ^Yo&*)97+>#O>+a9(Ww! z+H+x3o6ERqHL~T)NRSioGwITIVjHj*ldH`)|2EOi1~d#2Gn7%#yOkO7a*NTj-3Dku z5*ev8c9kptnQyI&j9dAPJmm0Zk(>OW>ZfC zXg(0p4=mCjq1ni#HX-0JP8d7NU_ga^K(2yl| za413gc01jSh{_Bev&hBHX}|zB)knlep-+skDKeT=K2NP}NHTYZ1GoMJq2Wk%YhX1F zEzmL5@);+ca1Wl*41M7ls($^{Cw(NgKI~>)Jy#8~z(5pwi=T;we<`(Qskj7gjA4o8zJ~TZ+y#; zxnL&loo2ehsor2l*Y3Nh34J(kZbTWTl<0vk@pd#4r(!Ugmo#&=p|AE7+$?t~ zciuCF_c+2H6*S@T9~Vs!6upSXWJu*NNJ&@`brAYbf{a6aOk*N`o@xoGzIpghTFwCGN-ns#S-(0;L#Jt_l4k&Hdq!RQ3 z7awx%L(eMd6VFV?c%&%=9)zixutk*7%nKzcA6gSsIz@0#aN}^hjB4?71S?fCvumO( zkQ#NZT%d}FiEjU( z!@!$lEL(Fpc~}i^!ih8`ZkfE2Tb(e9vgc$P@OT~eBa-ci)E7108w=V#n1jd2+5@qZ z6yZkrA=G22Vk_f#kUm7_(C4W>1*HjZ^_uC3gVB%0>9Gh4GCI~MY~)rG)l}&(##`qm zT@1Xv?FERYZi*quTs^&7jU~u>R6Au%`6@(#{E1tUd?`Zv6bKaZMzea0N$mohj299<{KkJU5jooJ(yFX2KMsx<$KW%tqxc|>@{QjNM zvV7mYgt41jl*k_0;n{7M1hsVjE!Y%35_FCjX5+(-tuIyjS|L-Hwx#y#$X27I)h)3Ro)envPsyvTU>lVW{|!^-ivK*=($5_r#!O z8zM>ywc*`7M(E_cee%{yU>H+6H)ulWu~@9VbRU>A6vYY}zqr{;FK;ehvn4*U$G+O|iaS22c8jEVT@tx1k>1U;ZxJ^0=RP~^i)}Jw# zdhekne(9m#WB$)q%)||itbe}GK+Zt=Gs<}XID6j&{(C3xpQQEM30sjI=K9AJo>^v* zOB;DTzuFSnD3cIv|0TsW7>cEZi?_-ILA#WP25pbfZhnq4md<~}d+~fF%11+eNx8&(6+q!ziESaG5*tYf)Stf>HNpv06Ud5hUprnW;edqT7q(QB5I@xav|9SH-B)}mF$pUMh!GkP-~6sp78gC3%& ziJ^#{xbB#@h5)Y29wc)&W!k*rIQ+rygg$${f@|#6luu!d{$Sk`7l#;D8RB_@$M6i} z>PGI7jvA7MV?V^tfivIGryF4flXs;VB>iyxC|MMul|H=#%MmEy;4!Bj)bmjWMoZzE z=T5=z@+hzTMVtkT;)*|*6Z!05{VfIeQ_IK!-j8NE-7dx%`@Qpy>{DiFhYkXQUK7g; z2w*p5A8!$v#G-3F-mTk3$Sr0=YJ&wPovep0cX$_@q_()!hjgT97dM|E)CD_-bY%yZ znwBl=&mb+b*)68u+}{{4?0I3_dd`yad?Ud2kcSZ=9o24=g5Y)VomyEsZHdVi_=AtVI&u>D9!L=kdT>qg_?PM8Yl zm{D(ml38kezypfi3%-RZc?&nGDr#VL=tJVw3f8myscHYDb-oA5RHeXRqMQNU=Bwjt za?vMox`Z7LX2VFl{7=!-Cfv14ul&u*MUatppmtx))REGzrJI1>LcE zeLY1Gy0E$+2#KzlXe|3BUmr<@IR^2J9^!6FFBMi(l6eXOv0zx4A0-Pwz)*1*ea=fU zEPC7*md78M3FdCv&6#O^L7u9$X4CVwwQzSz1RQnTXPwVElv;+MFtCwQ#OZ@2U*zV()=5p4G?0wg$48=3*~iDZOMa!c1wWJ{q8##i*S<(lEt@eNHL zydMt?b!F1RSCl{m*H$iMALnq0E%9k{eR_PI$3)YO5b}f%SzrsiLnCDBu=eZKgNI~r zUr_tcHN&Psbce+YDQ?ZUZbt?wV)imZ^;Fr*9Z*&sHaXAi=;_j*CR;micmTG*m=FA@ zD-{bl(d@(5_~8gRyXuQ_4r^tj>6mm6RY#gZ{ts<$8CKV}Y>VRVPH=a3cXtaGg1fuB z1$TERxJz(%cb7nLcLL;*m1OOlbI-cj=Y9MBWKMoC2Gy%twQ9Xptcl4kJE@LiO_uYw z7?iULe2J%WepK-(AO>B`_f1J><<5-;scs$GUC3u?dS78JHkD1$J_0XW9r(xDI`x|d z`l0`P@2@%b&+nb}*DL;a-uoZS)e^w>?T3vXj!}l)x$j^hF6u;}sr~B2`;RoaEBu=T zVwq6#t-TK@NBgTjnD;e=O!e1%Lm5{B-bSpzn*YFxv5&HZ*@qkV1@ONq$kW(I4HwQ}f%-CHZ# z4}A)P!l?15d424OX|l2!&|+6$tP;-jt+s5tg~tRCj!$27(fFL_mSU0upe$yAWE?tC zPM$fw`d_|B$pNW?K6p8e+OmSKfvD9rf;6iJ<1|cE?>uLD9$F@kc!L;h;|o=s>WGuc z83YQDx#BZV@~{e;Nv1CC#G!fkP>{3e4?p#7gC6lAaDqwvX4ujIh1yL`Zbk}1qA$VV zjXs15x)ulcsuR(?Db=G#KOQ%jCToP~d`iB-W;JN1VI zfibPuYX|=N{-d4k4ojOE`KOYyZ#R=E1mYAC=7`yW7>zIDk*v=a`qpWmF?|4J|2jec z#*-*23H*Cc@+T!wgAZJSP`sUQj+wi2zg|;Y*MxrR~x!y&A zkxL+4+ueiP_ahLL@98gTj0OU*3{=@O9BJP6)9IciKH-bD9nHG)@p*``gM7p)QQSag zn?XgDZPWIsEY}}!U4?L;%ig`ybS(2xNr}}>8>2+`T#34_H#W(^&opEse~cMfHE`*mX)fIFnb@2Rp>DKJ0ho48X*q++8Es~K zQD<(nL~t~`q~{@u@NV5v!Z=g#;l=S|UimjCC}aN5eRmN9fvM`5dZ}h7BEiYVHFJ{O z3w2xou$@tOTl~Eh76hvjUS7jB5ta=dadbKFc%z0-d?MAhR#YbfS=noB^C81yLm)ng zU-0W=)M$oleD0Y+FDb>$qsH2q>)$qVTkyjylXASKu%o9Xo)jH zeay(m3BUB+R0C@pYWRE`q80K`CY&>3{)l!lAkRa*eAlxRJoolOE}H&P1X6vOd3+NY z8^i-(HZ3ThzjbL{rtOc+E%zFCGQXi?0c8dvdV=rA2@3g*A&veI1Z;?JX>DcdU~Tt$UEv2O_AjU+ zCM_o@ApL_E`-=+uQ{Yw5zAeYXKD$kb%67)0n$eF6kP*p+&(ahrRd-ilemD*bb?I9( zuWakxh!er>h+&7WfJ568u)kkvnQBtl9P#I}XSZ?=g;&=n9V?<7SN__x-RU7VuH(U1 zV}IF+*$^5V%mN!tp1XqzqR;!O^3>z~XknOq4f~yd{_yxW(E0NfT)a`+^`fDX06K0+%5|GaaljD|X(8Qt<{c|}9bIDb6k6t>%$+HVR z_b3Iq{CxBa^zkr9J!*`KyJsxfthc?u6qZB+@Q}ud6%7KR#eHOhs|g9|OO7hqH-R?! z_p1bbfE7yWyh?-@gmkZR&Cx<6^7HbkLVn;hKV1uIKLT%$h^jzW10V_7S5n<+9o@d*(k{Jh8Q3TvZhHBQ%k+`b>I1 zWRzXfmp0}xBpH`Sp~G7Y*q;!`n-BV@PNuR+fRt9F4O&P@(3Iv(hR0qCNV*b`tmrQ^ zq!)P!nttWf{~36%Q0@1?`;EASf%z}=>#xoX2KN{J`Xj4b=-S)kGkuplf9GK6IsS;% zW@;oS+{Dft(}*59>E`7{LRdKa%~xJl08ENEfe~@oaKiHpngLT!kugppbHAjrVRC<-kGZ)(Z1))NeCbMS*`YkH05^;3Q1$6aC#m>0i_ z#bp-7C+^Buh?IPDCeLT8h3PHQGXNN+FhsO(S5epc7SbDO1iQMDA{uH)WfXpsYS0jOuR-y{IY!N#kT?~BZmAT_UsKDye3H6tD=2l#nJ@4 zO;O&({GMTrJ_etC@zkt%(-+LOMSBn5;l%aGlUhbl!vN+lU!GMF>b0FZ=&BH4`~K$> z{}25zB|Z6%ewg52{jj{Fo`tFYtF}r1H5L3XTH*%6_@{jF%6&0&sIO#BJC}T+TyB!o z43yy!RUdm8%!{3!0!SOmd<9`4j#SiI-0oWqJukB@!-~ZY^qg=JPa#mIYJ}0Q4<{dS z>E5r5*b7v&0#r#-@z<1XaY=R4WbEXm9lznkJ%^~B+#zNG&q}WwQnXwFAC9WmJomqn z8=xr|EFVe0&u1W4Rnypsz)CI6goU|;V&Wj=fJ&mhQgUt<7I_XBVa4}Vr%AQ86c^VW zmfldBs#I(h&MKud_qRK9^jQXD!qOUC*6)`YD>Gskn_A}$Mqu4)&UZW0k*^sUE_}Pm zR$0o7%t5lxVYHL%R)UnAu5J{>TYgbB%nJtZevT-`mMv`QK2jWRdp%bl!#aA7+E2Bv zfL@&>EzeV(pzZYWIu$JJ9NPK;v@iE1+_90S4S-$sK^Y{3%;CQayJAbCo^WC6;pIWW3#VjF*v{LAj^9qD{G``b4Wv{ zx%6Gus@ft#=lvjwL^OFgk+BYpUM(n@jV7IM8F#?PdCKXLp_Xwi8}-CRG-%nh4Z1vf zblk&my--A<>@y*(DQ!)kc{RF*7cZ0{<85ODJIgu6c5ac8)`=3Qb~Yx!?%0Y9oZ#X8 z`Q5=B?A*2of?kRFIgis7U*3LI*YjD4s!Ul>5k?(F7d2dmK|4kGA`s2kJGx8nGt_Gs z)H0~5iy2rsGa2V3!0Zd7#>Vlp@#EtH$KkTiTl#lRIUs|r?tEG_XoPQ1#3f#e=v?VZ z(mt8f@MUoIqVM6*e!ZM1eEN(+otR7zUKewKspEf1PX%T#KbOn}b}$eMqZ3Ykub5`F zbt}^XMx3@lMauU~NoRXAPu%X!kO^YOj;Q8eD=HVChi&rffSv;oSYJOddn#^ z(g20X@hKeH0<1oB;^(~@`B#i1`y0lQm1Dr6$NCH7z@P{^y4rj%Bmzn_9PCUCtV~Rd zY`+);U>NjYUkm+JZGL#0{pHv9hyHY7;Qd_}_^k6+A%g4c8`GUrM!=Q4AiN!Q*iUD#h;<0v!A>mG^f{=%W(dwxcpC7^v5r)7o=xgfVT$F&pmUrp50V&3 zs8j~CSOi0k(EPSVimBd7{K?nWHCkBSgg9QisTT2qLO?f9V1$TuuIqwP9zoXoIwXoY=baEwQ|3#ut)R8Q`$yE;rkW4-szo4G2-4NIoz zbDWjJCz5@cJ8oniyN(MbBP4qp=1?o}GI6rS*<y(a7v2(q8qjs=t$}e*tzTTl37@1~CDCBOVViKc&ky8=EgER&zZGo9X8)>+Y;tPjqU zR=u)Qb>R5PIZljCG8RAm3jcGF$Mmb*{xRnjEJG!r$$w6`e4pXO0LJK+c7fp31dv*< z$T~(WR+WWe(3*PtIOn<;ttU-Lx6aNpzgc{MO}*lRco1o#fND2z#T2}gtp)vVQx%+& z{${L~&6!*VBj!uToZ_=BjScT!e{bmLb8_fwr{tWlV3it9HZWW#>;qdy72z`3q?_ss?w;HdhB z$xUirXOsIwiu@=prk(398G#+e{aq4`-ee*axtc2UA}(U%b7#nEtPi)|vhC8Re5%_=e0 z&@rxU^J=-qU;5<6$1g z>FQl8F~PGPl9f#_71*2}PwX1yY5q~f1fFX0Vi|kHv}ssE&vI~5UvEtZUacf5rxmoo zD0c$OsV2anTAD+#lm63rxD-%T!%q#T{3|o^d(Qg}<-tIHpKB=TTiX~iP|;KTpiT(? z{tW*o%KI^h`lY(3q5nsxJt@|M3f1?;HVczc4tmZ#@7+pv8*(pPo`Jkn*J51LEt(ZS zD7Vsqv^S02B1};n*H32moQK$8wkR0(38nX>>1W{k^MXMa3JM1z7D;l_9L$^0iOVWc zf%D0@wpM~+C^cpVozWe&PyGOPP@OR+g!yG9dvUBjG^z_hCMsd6oZGAy) z57muzymjD%SBVT)C;4*sd9o1{sA^4f*50QUg!NUG;v!IO#S-xy0YX(P0g}K(n8s$- zT~@7N9Bfk`2=4&?dq(*G`+xaP1AT9UzW-nT)Nogc8|J~{2!4*S%m~QWO+@NG=~*UX z#&o(pd{)u8RRL6jzZ?xul53V9sRa~%oA{hYe(df5y(eg{GCrhRvtQ27{i#_13RDh@ zG%!l2p1(eDYSwnuU*PIiWWXmkKt4%yJR7E0=Pd{hxTa_UT#ZydT!F{w{j45vbDUWy zN|Vh!t)D165uC$-xj^G2MP7zam6vmzzTj8p*H%7HgMjr&>=6Tf>61}+Tz=G(R(|=D zyjen7D>2hl+XwHUo0}SY$|#RYh|4$0d>?%c`MSbG`V#3=p(d_p2boVY=vpJ#gOpB_ zvOd=6$D>EUuNqN$C@MIPq(tuXyz9v1B9HI~g8!Ihw@pn|yK0mKz(1L<9GRx&F2YJW zZzps#(Rm2FI*#7HK%w6Pl)MWF{s6=BxGf!Qwn*Yy8Pwc@{^AID?vTgK zse9xNxrB_j!R8~?vc13Ww;15I_?Dff$aF^iv8)yo-|7I(O4bhNQylL*i8RIIX=e@3 zm<*Y24w{`$e)rawvbgZFU-;Auh*o)mi^_O=Lh`$&qv;$?-Oi2!hJOXKpK>pD0p#ja z-c@(fFYrF<>NQJlV~jxeInw$xrN=`;gvo+(;2lzgrN=!lzsH;a%vfC)N61sOU48P! zU6wXD4VK9fYQ2PI&uf=8Ik$o&Goh9-F`r5e_l)mFk6Bz{sxCsXTxVIrEWu`N8en@= zRUgPbaZMsgGgdZX=3#^a4@2@EkaAid(u(*XWO{diP;(NfS+~4dI-6(W2hk$9pb9Q;sFA4Ok(a^d z5@j++fquzl8b@?So`uWD6~qe~vw2yfMdiV1X}VNWT^a3nph(B4Wp!kyg;&nGkHrf~ zlxvwi%{bs<6|9HiqMS8wWkuL}hykW@$5$SM#e6gPD(so6O4*9W1>|R~Z+!f?>+G0M z=&Mx~wnK&lul%8ZCD7qZW9LF4#pBBQRa_DohzcE)HCrDKawQbNN9r(aU-E^sAcl_> zmsU-~X4J~B8ubsfm0jQnE@geV0vd*WmPM#%bPqsazHb-%>GN6BUc?&r$-q zOqlhs6=xbwQ|~^0V(J1DzWp*$09#}P!5m6`^)vGR&sy}4jUOpJ@ekSo=f5<5-^-9Z z6Fc+Yo!>w3^j*R^6NpLjsp~|3EZ}34BN!Re7v9b+a$IZic8Vw6T=&P1?&fOv$0-#< zPbRgF%`1?{gUC0s{ZKeY^wKSOVo=<=2!a$I1rTtXga zXdK0}xLPJ#ll7F6TB%0|lBI^&h}5*RHep^XmLC(YzW~|h`V2{dTx)N%?SVV6Ya%{+ zh-y4mP)*(VIi3u`AY2ZlT1H~WT`uir58@v9!(CBNtQ4lQ@BdVb{$CrP1x>CkZ9>TYP6I ztmf(=c}X$6YmmI-k{c_}SvxLIF*4J+6#K+5wH&StjOMfkOzJwYu)*?Lqxgv$aQg$= z6ne2Zx)P=-j-@KxX*ymF3-#6$-39v7vp2!)zMg|8L2~#yRNgVGBdS7mYjzP|GuYGn z^=Etny5sc_*7k?Jx>&ghs^s#fYk``-pR8g-}a#)J*7bsT?WiW!r&BdbN zm!;cq|AIzM^VD&CRrlDAahoPFdkSi`#C(;0aSRwXh2IaKUEhi>EAFn){dDlolugX2 z*5n?Q{JeQ4A9Yki?vtWT9+Jpf|0mh6-II64ie#2nuJz$h?%`c%(x*P&?dMMI0!m0s z6&mb)90ufH&jB}+Sx3b1d)q;*hR##(!HBTxxO2Oz{olI&Miqj81`RDuRTw&~^ z`Tfz}@afNCQ+X51{zaxk@~m_3K&PPu99HxZ*}4j{6Qyv&(U6=g;+frXy}OM7c1rvY zL!-;bS%qb$6b@SPuFOE6J00*yF!>d%4*eAPH`1CRD8Yc{h_I384^~$CtK3H1$4;m@Y<2f z{nn8ytNuN8fO#Wi;%H@T;;f7RYJ_I^{m^_j2W_|qCC(^L)gr=Tc$=YU;EB@& z@JgL0AH8N}kJBKJD+SBw=R2klL^cc2Y6|*h<;t{CCcQn$Fyv_Prig9P#*?_}v%!Pk6vfXr35nFS&6(Dt) zdl{EXm^p)D&8pmn_g)>f*}k~T!`fZ%0L?;7!|)0YF->&o*>ZJ0y|d1)y6_q-*;zZ<{8ESmBg052DT@7w zKea!HUim(;{WS{PRaz#MDmiv=`)cC`dvv%J_ZQV{mpjMq+?N|Ot6Km$@|AUyAPeER zhHCw16eRNwyy-)RGy<VW+>}Nlfw74IrpVq>B0ff5I>qcjsFe)o3(3<} zST73(kH6NpJ*M5Z)=c)@3VFxuYT;6a&(L7 zhDc5yzS;g`oIJzc-48=NN#qJJ%r*MYKI;6BJltrCh2E2ZCUHU zKXuX5zY}lt<4P{{)CtYaqwpL3)aDO@mFo{IkTVZ@fz{n`UhEOXC0Z;_`C-*5)u{u| ztbhkI>WKZyV11AZ7K;4a-O4tq;4I-Jnbwx;3&x(!hjQ63OJSV-Yh(&m-&zfBn1p_^ zK?<)p==ZGm9|*mF1P^0rb6GzAP{)vxS7?&F?hyjR zNk9yVJOtagqeR2bZ|>`3+yvgl^}}EfTM$`TLhB0JqMBj>Xq`R}!i6^HGE454;pj z@Q^diYfLwKQ(I%02d5Zv(rOjkxbrZYs2Yo$O}!WfxSyG7>O-7mVLF!L&5@I=k@8+r zK7x#*9_yH}o6Q_AXv)b&Xu38j7_bV=!%~@QsXSjXhW#3t#O*sYW6D|lZcJ?Ct zh@!uq$7z^SLi9(~+(TW^#Rr*QvPY}(lZOR`JM)4cIZW}jeE$CKU(4seB(2H<5~>2S zG(rM@n$CMEn8QBJj^h;L(}9G?K>DM?^!Uq%F`93`;9$>X7!B}k1Px0m^)5x!;2hqsk}2hh zZRw7B)>qx1+Q;;b+gp#HBH+CNn>ZlT>663UIT|M<6*CLI3T5qNTVRH&Tr(jY@Wqtw-ZsT zet&dMp4R9${5&zw1fTUaDYF_oJ@Zie{YuH2@&P>oxn-p5m1Ar;>C0;0ZBNyPu)0uQ z12Fk51bqoC)7Dw~M{vT=>YDsf%O4s|A&MJ`XoVrw*)#_}qhAspS#c=#tt%HL4@u!C ztcr$c*C9OwQbZmNlA+>vO3jXXz*sQDkfxC`6ml2cE=@}18hqnQ5wPppv`M-kZlUUR zAgnGkCuAg^aiQ$&%%Qtb1Rdf#b28c%S%l>&PZ%5sAsvLTC<3Pa+NJ%7zhzTiWr)wl zq*FClxd4OR9c{B9iP7o>SXFg|iYp8@mM^ytGu4BSu%&F6*`P4_#>rezL(Pf#u#pY3 zg4XdNakoqTE?$*_B!W}AR3=qmQkxX`XY9RhD3fO(rYHPfGNF;N{w1LN?gRB3B2#4k zU&#Ibd2v}&zw1nt1qoahEe9qxaDGMVE(bUy+OU3gbI^ULYM1J`;G=!couS}2+%A9` zD|@(a0|dJm`6WxXe8scPC2GGw-!iX z_a4FxIGW0ohz*VphT#m9G|I|QkCRE#1q+e{Pvlod%N~s z2KP%A_o~-ndHK*P8t6;12Kl{ikz zpI9biY``~a!7f8DX;l>5Td0Xgykkjy^6KJm{c`g6A02VjufWZ84YvEk6DspsBCX#} z*p9yU)rGaZECr&?PujJ83ayI4*GzX%w5&iSQ+K(995#gW9=Sf+Tm2~Qd`pD}l2DOu zTfj%TEFieY9e{AX#S?D6O%)@iBG>e`U1Xh5K}ME*NgGoDEDBBrY}1CH2+(Y21Ub#V zOa?_fmgdE>=swuo)p4sGp}OP)zq<0mMDJvpa4oy3LAdV}kyi-^Hy3=Cq`Tj+x%Dt1 zFT-TjBqeriXw)KRy4VgcOmp{Gy8z66z8L6A7dkyVr|Ifgk15e}Dm>6Qg4y`+eKSQK zYe-N9bf=ttGnl%>d$=ysTBs{$FWQXoTC(Knln9a{yr9}bWgGS?e1MR*zl!Q zW9(z?%P^dU{P0bW56UP+ccEqP+3Z6SL$NK}&e|6nu7^9H#m+0B)$scUaab#oBINx^ zi7DoRE282PN z_q9Tly>ezX!`NEnsV<0bOx0B@>+uD5!r;GbXchv;(%m5L=q)hXvM+(a*p~7rc)^2j z=!3pH=!m!OqVVgiTUMy*;%+HtlYBRPA;k(uT-wnS;QU-He_g%TPd81Y9^nQhn`o*C zRKl8k{Pc+855tBx6wBtl;7haH+q}uk{9=5~Ycw@;%|G#8j~U(uj29n6WBkqzi^L+% z0VOWaz8bD17=cJ#8y^%??8GE87HL@PX`ZSkmK%R!OS=-kJ=@9KY4`X|kS-JNo_if% zHhg4mvzc{sFsZeG#fL)qXES~1n>aKq%&3}^w6vk<8$g&1Odfb%cA_D=D3~dr7c7-| z*~tj*O1b>2mrBYR&b1bhsMr(uEd9@WJW8*C^Y_drDgQTTfc!?tRqr+8zAu8qm(;b< zwfc=S_&MqaMn?H@sp2m?z+ZsqmBRkR^4m`wU2JY9B2*}KM?1(zs*Xf5QN%Q8`xTKx zp82X=lujf}{uYOfq48<5+=)BS3LPm!ab6t{&=adB~q_Up!0G*T|IEYD+M>)k%*v@ut5RdYr|zEvmhP?)+?M z%{?%z{`tj9yUf4+S?kr&h=OY#x)hz!C4Y-IUbJ1$Ds5e~xEgIQ(CQk3Uj#8bQ&~9R zZjp8TMqX@{nm+Bc^Cofn1u|#=Oua&`A`&s#{R&#KM31zDU?Y-*$u$X0BI1U3PArR! zL4wH+R0gI&CHz7)Dl~YiyblqHBfI>6KKcKVm(TpilixS(mNOsPfyOYIJjEIRq|szW z*rj(@1Vwfxe@pvn7>jgnL9EYlalV1jzuu^bKc}cEn38#w-L8nIJ!))OL@S@$l@!r% zpKw$4X*FZBePrW~{Zj0vFf}%TQcqnTI=7l-&#*?f<}lXQbcfH+JNZzDeXvmOav{UU7LbVgh>Ps>pnG!x+<&GWzU40(Pf~@CTdUDsCJ=?2XgWV zNTGX(HS@tRYU1h$MesJ4w2@(xn*22wX;+>8l&QE2`ZwS+6@=Y~;}-#tqnjvJ-h5uu zet~7HAJJq3vvo#p(-#J7BTxF%k{w}H_O*8t!hrHCgeb@n^S>a`14=oX;~HhS(iJ$- z;qcd44tcsl98Z}wXi?S_7`2%PUOT+)x!H46B&RO;W+YZH`|^^h++pYiI8Pr{z?z;b zkA2GS11R1<;Behv*26D>rt3gm8E(yT;*J5J$;zEB4?7&ogm6JBVY%T*%;rb9u%Gyh zDg~6t3vQR-RmvkxyD)sdv8l#KLkE(|o(K3d_+Am*fBfXL{L=^+THYbTfH5Vdc3KCb zi7-;sf!d{$N|?q{8)v9ON)g|mrwPSUDOe{{+ahoU3?*T6fc#sA_D;z~ZJ6bW9G%pV zWPFT);|t(%*W!^|yvth*A#HQtk=xegI+zBEI0(}yfd8Jz6HB=Ju+$eBB0b`u(H7w#5G==z(G2l{5rIC0@I?9}7hPoX8qmdF6|x#`x>U zb@vj7>vEQ12&*3J-JJlO!=WcUi-Sf<6?X7>0%7LWKJQ&qVq`2&Rgj(@DXm^d&m&91 zM059CFHc9p#&WJ!SASz)@A*Wd?b8g@CYgZ+U)R&!WemKwij~e&TeS{=Tg)uhl6v$4 zjnc*%undde@u)fS5e>hbL+6yvv0*PM{ekz{OU7D;?(74s+2h&;j}?AFHd398P4oDI z9al(Pkxu|NnS`B0{Wq?J%&yTvz~gPayFy0( zt9Aa-_WT0Ue@tXmpeut%;k{O&1ZR;l>9$aKiZ&;fe(6bl3(~S85+nSA^+?PXnB5Nf z4BCM}NykD=P)gJ3;gO9^t}9e?W|xshy{A-w;IXr{lRz7oYlM7MXPM(P&sdna*#TF*V7 zqkDsR2WpM;jMzR&58h2t1u09q`Z>2a#tg4JM&!f0-Q*_Q0#wW)4@bmN8wWX>G@KaW z=eOk9FD*f4gOBf^)mHnZoCZq?m+avSt~G!{_~bGP{Z4Zolqh+W$V_o8A{nU-07&(9 zS!MG?8~HqIY0504a}#pMCzk#8z?m@<51I%{D7*^U+aoC?35;CvYJ2J-jo0UA!9}kq zm%k9Q>5TX`z-PlB3?_JYsKkJ}P4J+0TCYRK1Ntv8V~z3`oHwNz&n3rj6$Q8?kmhSZ z+*3K!0f2CCG@(T9Z+wifFpg!y>1>=njvZ`=?4YIqwFWZJJZtTsY}M?Pj}ox44X%-C z1o;?{$5>f$YK|UOQ~hGG6&?PeI7xhbP-f%`Y(m=%O0XIi*O@Ld`%5ew*b^w>H0c(D zf+yoD{Ey&Mer?_qe{0^9q<(dr;K)#d->-YyTj)CJ{`&Csnw+qyy{R$2F0DQ7FI!_^ zWQ14d=EvuMp%}$KkKuFkdI2Ek1GQ)@QEt0?>@!)qZB@K{zm|&1Z+3Y|xO^#fRpVa% z=7F8Hm;~g)Yc2qCAkfwhOf7OtXE0l;l_$nykal2_+CPfL_o=-mj2VbFSq1Yc+`2@2 zS$bRsm>_R)nmO)m;)pa102;UUo3X(Gi^B35hN9N}-7TZ}>94?b0)|5f6>y;X{XS-< z^v~0$(Pyw^8(9hV*IOjZ7HI1N?97K@PgDCKD7rKPUS$K$vLg!0U*E@KV1a0u^bhqu zHX>&yHzHCs&Z~}kWTH=vkh}!R64SngagoUcL@J~z0yMPp(8CD`*f{JouP>lX@b6JV zgt5ngt`Uu%6674`w@N7g)*oMPl@t)^X`LDB11n)^zwI82+jG@*bwmqly@WNv<^(cW zr?G=xG_vM|H;L)APYqf-pU%9PxT+f*1G*y&!PK?f3}HB1QNs#*^ojiw%x+rdQH0T2 z%EWw#z%58@CqbHCp+*RjZ+X&`bhE7elkxoN3$m!6RpypH~{^C8v6JHVF zuv=sG{Vp)XwzUZ#AUQ*Rmv>_FgK1yzeBF11i!}pNx7Ri11|B$tjih!Ml|6PW(re*( z&~s~;k>iX~d6+{pRcbJ6fNcG&O`?Y~At84BgXdfbBnsxWz0!8TprR1^rRdaxpf zyT9)R&IotS_z`_?U!za?x9EE{{rx#@hl0To6p@gWkQKxKzE4s@R6Hf zX34;C{qQ*nkXy|65-v9xHj|HS6SF4zQWQJ3np1cDu~9S=IB0>%>f}x&+=*@7Dlz76 z!HX&weJ+gUG$6)KbycUQr+II{n3zaTA4>n$$WuzCh|k49!W1cKQyO*#GMkZ}^D(RQ zGQAIpk`}ujglRdS9noyPALCYxlTaX-@ToV1TzN6PfF9}|9c{Rb?b)>`2Hk}{rCjZ# zW_>io6F9v##BlF3S2bZ!6quz8_;U=Bca=GI2<$`Ch=V40_uw_ll!3n6fmJH`Jbl|2 ztToiifW!2G;TyQaOD&4vC{ufmc3NU<5rVS5SyK`)|8h6+KxArIuqF%Fw@-P-jJ`Lj z1;eU>rU&ncb9jmtFosQsyoIegzWd&SQgtYt=7RqT6c)-9Nci7$B7&eBA_b&{Phy|5Ct zm?b`pAkM+)Xj6Upn8H%Og5cc5BmQZ=Ywv=HcVQzigN%EYzYPke?Pf26WZu^ySag=c zF;~#y&OT(%v%^giZ-#IPRb^ts+CybBKMWj^P20baRJ9OL)9Xde1pMQH+fwuXH+j6$ z?z+zL{ljPYwg{P~)}L3+-oC=P{}=K1k28>r5uca{CFA;L`D)<%T?sq^LdYrwMYVY< z=BPd-QIx(gI_iLL)K8#@)Lu{2@2d!3PZT{p?GGeJ_G6jc>xwU3tM6Nt{zZxW z<(&P>mYBTKB@V8Cj}&2GghXG@)^}@}S4j6qM6sY{K8C=D2dX{?D#KO{cbrTWiHh?W zCxz}uV2hx*pkQEw)~#YH6Nze>)d7Rmy_sh`4^uWlSW)S$OerNDs-)=Fb4t5jYfI8~ zpv7~VLzj0)$vs4bV^)fjQ*?24oINKzfjVJFhohggpYre=m#^$2tvIV#N-MDuJ=Ub% z&bOX3EQ3EwvL8U9)L8ui@7v>YbQaV{8UeoQ3k-@=G<9lbi8sYy3&kI%f$iKFw+~HZ ztf&(W-G|j5FSplD>8Zbtik9{2A6a{|QZd^j#d~jzl4f4mX~`R^N14_Jzh|`W!3eES zh^lg9Th|cb8erWzGoIp@Nz$~}!xX0p#s>T9kc=;3e-1j0Rh^yJh-EYL!L(Upp8Z;H zl_boi<9^?(>D^F*oOTgSGrswR`PvQa>w3!T8Y5Z+^4la0_e8WPKuj77D{l@pFav); zfBznt*fqxf;C!|NwDA%elS(LGLr$Bnv~n3sY1cyN8=ppE0o@uYcg6S*0yc(+6HpzObdGc%|W$oGDr0sNG=b3C=O z?5!Xr2Z_ymN4-01dD*S~>evEKsDHs%s%TU;b8J$vRW6FRab~q$W}F#3H(g2WYM^1* zh@W@rnzRCO{9jzOp+!tE#0y02nYmuz2c235Fs?wSg02Ej_L`R%%T+#%7dFIH$(4Db z5+&a9o#Qj3twZ(qf{3_!7d^L6e=Mj>?<1nT<0i0ZtBjKEmy*Y)AP_`-bPV-Mpr}3KA)c$K#{VDr`LdO0}LoHx$ z`d!PSZ(?O_VQp+`X#ew$(@*E{S6jK?e(jZ<|80!&Pd#drcY!7!Ag|~72g?eI<@KhC-2fPvc*I z6v-gLL#lg#V;2_E0M(Mt!~(y3y#7%VZ-}WHK;t#D{b!%*H>KDgb6XEu6P8)Nu>J15 z?Dgx|6uN6F)%QlfDoUuU1w!ME+ZMPJDPEN6+x8b$okdslW0od7pX+qI)UcH5XrwG-mWf`FWwcLj>m}a?J z}3I6p#*W1S+<_IvhepG}lV6Ml~WU z$|+-PQQIfP^ciuPO_b?d1}mN4U2rsJ3+Y$&0&A&$+!G$}&G9$9mFKPYLTlm-1)5C6 z0~iA(I0Lg>BS^;-63OY?_ZjXk=hs6A>n~}&n*Z`7?`0&2#~oJa>Keq)l7)Z9cN8Xu z7Zuqz8`(fTBn+ZWj;|7X)Js&mY{LK{^i1?T`W&9-`U7+|MM-5~iG*5lhkiDD z%$M3P&L+JNl$Zf6a9cN(A;$%D^7sz8NCNh_#7o2D)H&)bor5@{WV#wr4>B`$u12_7 zsL=#8&nIDTZGa^uc)d*-kW2?~-wnGVhwXp4(SaY0qYm)CcrtrR6U$gB|G;zQoiebt`pjL7%Rrd38QQKyV6=#x4PA`ZJ+C1@G-k>WDZYkD7fXj+k;26yB9-Q5 zY9=`s6ekp3m+vm^d113@!H4)S=E&Yt27El}Hln+^f$nMnWUIYCyvC`i1E~yf^v7S& z`4g5zP5={2I$*A(ru6TS)jFH59*x)1JS`=^F-q5yaDBrzh7TlE2aSmlaQ2-HlnzF) z{gx?&RgvIG^D7Ep^ZWn1DEvoj@r&9q_8k(T-E~aJ7GKv~RBcp!!1eCZwc0`~V<{j1 z%9N2Z^cAYaVGl)>?KfLIZ_nw_ARbX$(^|y7@SPTKNr&Ieus*PBmD;3=!EXBsfE`IZ zR8g!k9m^MZyHYgaCjFF8qnb{ebS()hB zUvVxy6YJlc1PsDo13%-}?a4nO#2<6~7zT&o8};f#12nksc;W;P|Cv4x(p8uZ@=M_G0hdYMw$~52=tnz+L3v5MLY79NZHKL2Iz;(fK(Z$bwY}F)3wuJy!0F& z9r9w|V&_;(L*ZLy5xLd%FH`T}P_NdKPa?lxWUo+)}|5;WWpsdy0^u+b?kXQpHK$gT!qp;2m_?nxHJzo?k9;$Vha}&_=JigjBB%FT40gNbBBA%F*mKLc41ORii?XIi%~Bi0_ZI3 ze7^P!rR@pNkJKJ&Z<4ln*w`?P$fx=H6hgy$XvUR35UUx`qxF?+&O;UQZ@ApvfOwc9 zzpl5PDgv7Tyff)6R&C+bEe8pY`&|BXzVf;wU{ylBqAWFqm0rNziHR^cuRAu#>cQr; zA~-k!tJkfK;c9kzH|1Nq__5=S3mQ(LO_w(}R!;2Ki9zo9zBs6;8x>BcgmLxcP{;&l z##H}L)F7NmZL@Uk3l?d)!=9F;Ln?CI=1Fb>ZKdcB z(dgn)tPeDEeJiIWfg%ErW1J$@CSO>k)1p<6iJF5Ux_conl7cA7WwsqUmwUrkHnwxn z)yIj|9T=9qpXn`^R=3Qyp0t1F`2Tjg{&)EG*IF`U^q=_kH|X>#YY_U!?E}vRx)tuE z2sj6gg!C0)*S@vYg0=}9tuuQ(uM0NHqo_ep*}AXFxliE9yrsdP>!D)d~?MI1LAxc7d!x%>#A{ff)Aeyd%t^Rj=T zLM0I)IhkL3VqEPV3@z>Ph2&nBjw=h(GW>MAfJVmsTZ8)jYM!Ij>oEQAol8Ojf9Crq zQ8^T=6>C5Bsr&V6DOPX_8Tv>KTqd@zuqMqH8iW_WKmQDceYcUsBUN#$bxcq%P&(G^ z<&@R_z{|><&DC|wfGFY+$D``g_YjgYyjyBETfZz2jnFkeFBsC@am|jDAgv5~$GRip z?~Y}g#_q*a_Nxpt8 z(wN7Fx8{AIIj3UC^R)zI@d!{$#9W`+g^@++`I5L77Z%J;x!6Bb%_hM$W9@-Uc(YMH zIJ-CrVLQg zu5??!w{_2*$1wfzg+S4uuh9715gaTY#aE@DYzHt3z01sYpt4xU2TTug_;7Q&%Q0`(U3#4oi1n(z+nL*W>i8&eGa!y3)p<}v3k&nHZ_Qxd{ zpzdh@rfbq@jMd^I6ESYQyVDifNMy8~5$(vF{E?L^G&R0C<9IZ*`ko}@okjy)IG&{| zagm})PXNodQG`AmiOd{k%@b_$nfj74Kn<9OBGXN>%Z3* zv(hvFC96TE`Ss1;-Ya%ahIaVh=_5lchu?Do{{Ll#q0?i^M=ShS4XN{IaIWGN9&Psh zQkBBDa`WPc$KEt0JvDu<$0@qr2(AM_8V?|BH_R+l&g0(rQHps0A;)t?xt5xrrDEf< zeQp5bSIPS8^*QIu_`()0up6oiwR1c z>NhkJJohHdiBpk!peP|MyFODj(&W!lKOQo!Npv^2!He^_Ya}aIW@<4w$bmn}6RhP= zn8;xv>06SdNK>XH}1OUieG|kD{fCvM1HPc0ITZ%r-U8kwc(B z?_XuPKrfr98FOy)syh<#H4uVrBjBXtKFEX}!LJu28(p?eJ2jw><`|1J^d(@ZCz5Ak zBmB&Ma?e0ND)OTDFr~%lDj2+BHu@HmUuL|d<)Pk5BL0HxKBmBb7pztv&S!NKNyVp- z%czbcm}c;Na_awM?yaM$T(|aNx*McBq`SMjySux)Lt461LPA362I=ljX+%JjZoY-F zxBHy4U(cJr?;i)_Sq}{FHSby1ob#G!``hrc2p78QPQBc?;%eEOv$uhU(Ic_}aV**m z^JuOs3t$qt?>i~NYxi-7imSe=HF!(PXzma`D+vLiyx~Z)%#ehL9VPHY!$5%x_F5yT zO8tDD>OoOBAd;}}`y9MT!zt4fbpctwvX{e%#iBZtA?7O1Fo((J9FlD`U&ih*lI`eZ zH~pE2L$^ zUd3N3yl~L}+#C(}M|1R_ed^yTyx#-azccy2!N%VCIW-o7ChZolL36}QAq#{R`)Hb= zdDkH$tv+V$ZuJR!It0^C)L+s!D1F8+d<*sU7I9&v|ELHT#x32j|bAb0G)=7ernfYpWMp2$!rpKePAhy9j6k$0r&$XUGlWeHbgOTe9=XBZ$_iLr_ir7O+*=RtAVzV( ze}=hxKupVJU|h9PGQExpY$x8p)c|dd$BBUaE(&9S$us=Lv#B{PSD)c&e)Vt?px4i2-pkwYggpA074Wn-R9y1;MH?E~=X~Fa0Aiqn^+?*WakIqXM5T)`2wb!r&oY5JC z6Mhgghb)Vst*+W(;a{c}X9{4dZEy}GY52-@7m`3<9kT2&^sxHgK9|L@V^CQ*4-n1b ztjHQ91Cz~&7Ij%t}S1-)R2l>w3v3wA{zg>*xcMiA5?E-t!@Vn&b;kwT@AE@TsAOzI7G5rvH(5{#wq2?*Cv@a>HDyf@4Fz~95khP zW!3>9w(UvvoXsN<+?TfgMfF`);+040tuWJ0* z0TEuMn>b90G<+u?yf1XUD6wL82HMyhqjY7u@c1h<^2d1{WQ!Ei$W}96RJ2 zLte!KsXV)jx78?4;XaT~As@BQ&kHSw_fgq3lQGkeYbVM85u@D>?h0rcm*)HE&jWlI zt2gRDMIi*79J!gwi$vsmk&WBSl6Odh0HZ{MqUu1(JKTlFDy&N`*Z#ikjZeznU5;Ue z$TU#u4_yP8ydwEek`ne++hCe&nROl+Q86+BfyEpatsa1m%=@kK zFNs&fAOwH{p~uE>f;&EpayyD`&YAUt*SL|R$9m`BC;NVGkSKs!ntSU7#|dHTFQrS+ zig8ue{+VLl#ox;#UGs&7oel|;bcfvgk6N}{4jt}D9e2PNFBVHgkTjS|T`^}T^V`KY z$*s;Zn6D(E45DWAYq>%?^4>_v`0|a*>)W{Ly^>~+&sibfwH-sljd{QpiE;=fM;Ti8cgR=lkTt1aRxq+B1xnu%bbUY=vA4Bmz>pH`l5Ma1)X?Uq4c zTaTC1e$;~|6=^og@S7_r@mp7MB?K>5Xvi|gwqaOVBEYJe$6vdjUms2iX0JRX5SCl@ zrkQG^driMx+E~FglU`U)wx4MYWRPI+C{HAbd1)S3W(biLd(ymLyPv>hU3aSfQ5R=4 z8m}xFELrlDl{RHd(stE->sC^_wp~F~?Y)d@G`W;Inom&n zsB^+Jx)cOlw8CU8K6E=q-Y(J5eee!aYw&BB9&?HdXEZckF}Ln8v*YcY_p-ZqL^O}ZSLn7V>paMNQd+B5ITY2tdIPHw%irdg=m^=9@(J6pOH{)oYpGC zi}S4OgvZQRNFG6P3pV+HOaNZU=ocpoC_)29>Arg*N^w;|KvRc^{NHtU{E0gdFyMX5 zIN;F5MF3^!@4z{r0fbPA_1`NMhA3lBPS zGDgUWT4kXDQB>^4y4O?*8T@KpBlB+mqnIv7Uw$zivU+pSv;3@B+jr?wFee8Q4#skx zJq-W{tXp*=2tr*^%2jaa33I5=wRL|Sz*E7JiCq@{+*>U_D3suUH6qwwzmigpx8Cls zvhxdhX64q|;c=z^Whk$c*TL&sO}XNOJ)dX1S0&!WH&-{i*fk24|4?2RvDWk&W?rjz9<0=$_!$9(kkhQ=7X;XP6#`L4zrOz zbb;Jrb59--W*nQEBp|_4ZLT?d#WW9!He73LoutpYMVz2M!f|Wb=2X49%EN1X696O= zv{&s9-Pp?TiXQ%4DJSMKp#}yB4@e~yV!aA-u^&;#)R)IrQ+@mB^~-$$<=kh|uN*J1 ziMEy;Ac!>3!d|$0z6tXDu5AB!8~;nnM#MnyJ^RJ{!wr4AkAUUl-=cEy-*=98?8Z4; zthH?GO7SodGgvYob`_J+4HEI5L@sD{ZBQ2TYLvNUj8=N%guwSO5S-!^a-bim^`+Y4 zl~sG53?WZ#>(7DnC?P5l^yNHz?bn`Ls*bLy>h#tk(V?rl*)`qDnJH-!Nd$@RL(nN? z$gT^wt>Y#w9L{IL*+D`)V@lewLp`~H#494hOqK)iKD|S2?AC+9@zHV?0sSg3v(N4W z5+!Ep>bWW!F>urk^2H2`YM+O^b+;-8<@I&|`}l^J67^PMVgr`y#KU| ztS~u1kzOv$uou#S`-Yzf@gc=Kl&J;@GR-f8IaAri1N#uk%(PbGfV%2>m@RTKiexYg zbU@8(NfvhPmcBAyEhKNvljp2M*1)(V)e(y|x$LwIcT02Q)zlSo3yVm#^pg0po{xfK zmf&QJ*1#MeX-KsdmcH_JDb@_k%PT(1>YAKCx-suBjd_%d`P6< zL#SwNUsV zfFb1{_$my5P1w}c#o5>bu(2D!Ghq$jnfL>6{kHY(X9@yG{7;`hjnMr}Kmc>gf4}~1 ztm8qwq+|BYB~r#{>m+i1o4L?P+`%)rv||m+^inn&|wl(xlzgTI<$1EcfnuPn)m_YSGwP8oNzo za!KldIN}#Qq^LbS+=nXeSK!PR;DSM&pwz$vd$F=*AL}kgtwrkg0JN2#$ZCOz)n(sR zRWo*?k3HU_g*1rYRDX3?TaL0}(|;q{aJGBCQ`6Bz__7Q*tdPFlY~GjR+ww@27dwa0baGVp|OBT>gX&QF~yo*kB9%d~{PbM}r1vR*(Pn5pN z$O_>8u5admB*gR=efuw2|DV-+RGdGozo4@-U^SKrp`^&4S@CZWm~-iVoh=IT(_ObdqdU~^astXC^y^ruldsO)Q_-EOF0G;F>$PY9;#u4 zdE+~_Fawf4jA_g^#QR|rOj`NPs6og_oEX{ZTuynrH-(F{7>up}jxyp(eqgcC3kuJH zs->%>2#l+3&hplyN~cfF5z?Mr&IMGQyXnv4O<+<_%42oVR= z1}BU309m((Ye%fgXqwtKjWLC9bh`Y>Mj@I%1TJN~VHk9M$Tkm61}9?m2$&5c5_RIku>Hk7Q z{yrhW+G{NrF+Cb>p7N7NH`q)!@UNPX2MKWMv6f4vD&LPSkBq`6n5Uuf6ZPHZSSf&Rr2 ze{3d)L477`Y3yY0Y;WfB7oxO3%N>7y{)dD8W0u&(^jqEITiYza?E=8Izsb2~T6sZ) zTm?}{Mgzb?K@{n&N&<~wO-C+d~vB?bduompzN<$6Cf5>33e2 zQ5+hBnWbOdoFpQFZv;{ZZS`54?c#(ONJYFo@NV`3WIhry#9vvpRP28w6;xwJ@gIL_)>mv^qRda;c;Wgf(elyfDZF)VP3P6IM>J zyPbWTntB3-Bo0#r9SpIi`WJP$br>J#M6(yFpT8UGageGsC|s>sJiOzcRd;IT9~i7& zleWGhu>pM#-j>`y>db8xV6uf>PIoO1egaXS>3r_Ntlgh?OHP$nn-L!!Kg|`y=O$1) zs${6>K*8VJt93FME!l#mEj#dNE-QnQQgQy^QIZ-qf3HUvu#zWDd^;0S(L5%eDz54s zD>`6K5t58+!Ek&mxz6fsvX}NQX-W14H=k+`#as2$9Moko@?89UJ(1wT*F&?YHPZY& zTV1=MhJ{KDOw>C|IL5 zmm{)kHK5eR1>&n!suPDU4o*$ZD{hr>_o?3FBTT!%OfJ3oWZ9TX5i8LHd8H)GbvC5R zO7pJB>V4MrN#F*G)qBxJ^O~_olKco5l^L`qs*?G`>#|WY4JOanIPEmf9w>;;a(@I~ zpdXAdmH@|V{)^+4l>66xz<)L&{Okk%wK4UN^5dVwZvWI6{6w_&8`qmC-Lh{M`8ivA zmL+il2fuqSr_qGj-`K;Vc9hQ1bv~1@PnNQ^-ohaAk|;xsRqNEPZDBOyF;PwWwI)Pf zA`9gzI*Y5^NnmY%id+TOGbO199tT&4(YMrP&oY>K-qb|B85O=i|K#v^G>*)jG$zM{ zK20J(vsQ&Elc+p29tt115~eWJc380maQR-+9C3aS zS`QX<`A{(06>1=1v1JLX0u;6FW=RC^DaQh(ht@Sx)lf0-;}F^Z19q|o*a*vCL?W&9 z%eal4pc;UAM@Us!QchG^nNUGSP(@5$N%osjr2C2AfWlFJfA23C?B7+SenUuKKl3$F zr%oUOrVKt#Tfw+8F3AN$)M?J!REtu&SnZW`BfXI8{-QUj7Ncny2F4^a*CO(Y09)9H zeyjcGdYX~$TOTE|7}0O|;;V)R3pR7dh?EOJ*cgVDKz5dxbh~?ZuRkOAM-7VLha_T3 z)#mP?m{?9ce_;e%KL~=?9<11+vvgJQ%qsmdLFJM~d%xooWgyCoa(qfnyw>VNoHNBO zgIL`V6lA}n)1cWjOX@}R8K%_61h1B8y=5`wEy-B;0!kK;L`e~14R^vzM+BGNr~#Sl zv&@)A9?K(pZUuUcqn>vYxHwjDo2?>m7Dmx@lROMN5bTzyTIu0n9gAwv`LlMfM{<=} zH$h*$!t7}I+I}_{9R@FS3DNY`_6RJgBUNU*WmvyI$9ZW|(Tz4vx%~gzHn3C@}?U3?J zwn4`EGnP)THlN@_xvK#;j`0}K>Jn6(QSA=xXNh8KjC7UuFsZFlJusOABwLlal@lyf@>jGL!C^Wdt$WcL{-8mKCG@9uL|A!Vl|T zF6DpIPW+|;>+gdQlGkvJv?%8kr&ZOfn;<9wIh^{Evblp~ESfHdEfBbS@15R$tfb!% zR0%^Xk*faa6SS*sRku>(Iu->n5lYe_HXDP;4|X<>o8Wix+PLdnKZZ^|4-*T7nh7Sz z#1}nr637;yeSbNq3ZNqt?g>?bgaengv@x{%gFONcThQ3W(8kgkFk$ULCrC%nz|73b z!O8?!G{XK9E&zqY|M}9tYQ1<`(D@tvEAH!gO<72Dyo1^MPNBeFkvkVgYp_d#1Evf2 z6{dfDU09O<|0mqZ*%AZu{{?#aGFjpn!9Wi15w@Y3XI|DJs?@D~M~=Ok+Y-ViSca*Eq#I z3K&S5N5A-@s=wEr3bvMz=_$(%(9-5=8!RT~4>QYVb9K*EduoR>j#8+uGutU^U8Eev3Asoi`GJv%&EE?o}p1V6iv>*g*kj0z_{5 zbjS23d4(*jhmm|6YDH;o zf|PqFOvs_hYl>dL=~3vv`^YakKK?e-{x)RVT`SqXJSimSbL)GlSgFJ-5u!~-Q9}he zq=hY39~rFLHSmrCh}?m?(QSfx3LVlXuCdKkB!RaazES3hiUM(Z`h5+<#A2RA-$sl9AK z-sg@!sp{0tE`*h#UaZDEugjJGu77p_{j>Q+|HPGkDH%(c+SmYQ{f!9)jSWpqZ2>+!SxVI@y{6iHC>WWjwcjBi(ER1{1D_aiSV_$MBA2lSM-vJ4AV(VX^ci#id)3 zKtqyoBu&l$Im~t1DJf1q6N!wf#DlgyPEaH6nNx9I1CSj+0smJ|`e*PASO5lC>-bv@ zjOyBZYnlmeo-zne+BAV+ayPa~iV0|FcUK$+LuPB#JF;{v&ev4;ltwKF6QRg(sPx>HEYjCe?aw|*m z8t`iFA~pByoJ=du8InjKPlM2y#JCV05%3$;q=;q^5hUs~*e{abvi0jJ4kkp;g7NC$2!0x`&o>=YRgK(~?xkoi>EYPc4-EuF z%D>*r{}M#?6B|Y){sW?tur#+I{DxBj<~>cnjd23jGkjYW^qX+GZ)C@L_jaabhnAM9 z=)+DR|KKQ@WW6I*_iPf2c|Hv8JAKO{fvTQ{>ez|2!csv^uIZJeIi6(~jzXysS+bx@ zsn^OV9G_1mZ5`wNjO)va^t%f~uH=mr+pl^LmpKx)Aa**gH9!n*8Ka0YxSF{?3oz z{man0xX`~Nm<5amTq#njxzwtmP5fJ5j^niRYR)t{@EJXF_BPjD37Fz>Uhgnw049^!AhrUm0U<1`g+5U5MqDbv+(cKzBG{^da-fb6z5D;n1?=Q3ZeoID?6f9 z-^wDYY++0s`)->yV?2-p;HY-L+(7`p-H%Kd1`hR~NbHmae>U(M!Xc^w2oscP|KPOy zC2j6!^Um!)`W?44bH=^pya^PiAC;qR+RHR1E0#t;eR+IQzbZ9i+?b*X=# zw8#ra;Irtr(8$6ykd6?B1E4U~pF8DT_v?y}clKG+w?}aIr1f7iGY~Q>FBY}T@}b7; z6NE`tD9|blVYUNn-&M$&^%g@{u4#9Anzc-+C(DGzt0;f56CylW>Z zTv{2R#$U1%#g9l^x(1?y*oWhGm{lMPPaht2Hn^O9WHs;2Yt<_om1-0{7_h*Hhes1b z*_tvjiWEv~t?h$?y1FlsG0AcRZlf=?VMbiwrvT)$z(S#ZmYstTLpxq#ru$uU3W9X} z4ckXH^BvEDk@L|hrL0*X;to-#>Tj*wrg)CN%+aoHJUcANq^B9=qu#dUesm(MVhh#o z_qUEx#gXbIG~}%uR@i{zYJV4NEU3%?rOA_q=iY1_?=^&^V9@bpzBM^4HnsO5)e1PN zz(@N99u+6ogi78dr(^a#(RH2om(6vMSi2NbGMZQTG$lO|#m7hK5cKshGV;s$Bkb63 z#b3}y>i4j)$N=4ACYqy8vhPaNMnUwddt-&dcn$*%D!mnYWRKk_!1v-+C^LrGdsfF^ zFUp?8UgdWp(e2;s`jGlkG#0xU+lc~O;KxX{Gk{{&@z<-V%81N>_&s-n5^^;$bT9?n zwx72U4*ol4Y-;>{N5GHOB8G4X0G*UjrDXynb1W>J?2JDUT2Q!WrnJglmgaW$f85M( zVDjH{(59^LMlQVbw(lcv7m2H?QG4bcBTVXx9isW!*rK{mFKptO1b#_eMVoT|(i&G> zk%7JiQ(dUwhcIm#@7@O=uO%QifMId@>6DV?FbT{E@W`3;&4>VQ-zTE zHWnK42-U|inY|B11Qb1ARJxmd8k8#zx`4a@C-(T|!~j$JLxwPLP-1ejDzr+%vOiOD zSU7ONf85mhpX{k369*F;0|Sc`BMk%9(**#9BM}6U3=2wX5&rxmgvz2yYLX)IN}|eu zAH`LbH*f+@MRJ z^jtxR(W8Rq_sh^UojxBZ{iIFl6N_hntwAX;3l_4$JE;~#zs9e9;GPHoi5}-b{8X&t zfn3-*@Ir@ddb)a#Y#do7wT$&Wz8mf_ka8~P3fgNLVzL@1r@NOmJA6?1XjJU5;XFg{ z&IY>jDqB0-Da}?ND$ z?c3rLUJZNb`E;(#Cu91^Ej8?+WsRW^-`_1SmqC?(q%KRmDVD*H7|%lLtGX4P%s!3% z1)7>>YVc((JW!cACB*{pITlzwUc1|alTOczp{W4D58x#QvmtTvu&3+%nOIZo5&S3K zO1RM%8<#wgsnH1ent^cDalF%8nqo(YrNwIj)>>~M>#>Gg)lXB2yx^*+UHA@`ip^6Jr)Hw5Z`YCExs?bwJ!j_{?@e*S= zh1i6D#VZDH1ga+Ak+eBRvIz`FJVm37HhJJE2a0uo{2(G)S>wPc^5Kg%qBWzEu^@NE z=;2}gORQ-Y$d#5p2>&k8AqZqG*o}r`dgD>-=ru;f<7Te2==gHKx0@+sS?6HZNiqdJe2vw^~vTM(~RjRb>Vq+GeDM5Yv)DWe}$j7RlOR| zSVoNp_V`)~jD7z_Av5*;=A0^v4_2X+MSpe4bi+_yV)#L4YHRd0-Xd`bsY^c?uT?2! z;>bax_Qr!g*&7y(fld;YY@9UYZjLNJ-cXy@hytNLAZI!t@)X0Bj=6|j1I!P|WUQa= zntKg+7kw~it4pU{JwTm^hq$^4j%jx2N^f##>J`QA--6D4GO+mc0-eqJ#XkP~n$;fC zl>n+hLE9w0f%U;aL7*JH4*y=Lw0uk&A%U7}dk%7Gxqvg?K=Ji(pHH}Bb*?&!bhy<1 zfXHJHsBY4wZ+<(s0y42)nU(d9eY^WY7rmXxc`X6v>XoroYf6F@A7CxHYUbKGe8h9G zJ2LDdGRxsE+aaG#P5spJgJZgZ)_ELF9_o=3tbs&pa$~IVyZz@^LynpLi4QF1A#&*l zcQqc+%nr?FMQ%qp&Ij19;d_Wt36s=dI;L4rD|vCW$I%87fPA$j{!0;#a%s)61Ia3#RdnfCECp+G{^(}B}?)ox_7Itn8 zEVp4N0NHFyuIqoPOi8zdNpsUo`=b)Yh~iu2dr7n!zjh! zGX*v!P4SUXpBplNMAjM5kuKk_Hmg;f5^-}{W-&t&s!2W$P2O5==M;>~;PhcVe}8Jj z#TBcKD#!bo3K-73FlU7-Meind%h~(wN)Acp5w{n)oT5{OIVUL5idR0{wEpMi`UmK_ zRkV}MBk@A+GGv2s9QMm!Ms8#9Q#JW!4diygDUKvPQKg$Dmg%pZra6Zm2o_kJ&T9q6 z8G*YG*N|y3bO{<2CiSq2E!QBKDTWl1uZvZNRYDa+ORpurODYgxOZ|V5)PK{KvM?}x zx24oSZRryq*f${QU&ns`kvV;XA|989b9>w^02xdu_mv?iA7b((A=L2Xg2-YBsHgvv zFpx^<%00mcphiI>ofQXkrZs}}nUP+|0Vo1PbVx;BUmZy0Emn@`52Lw@bnsI3Saezr zS`bI=U-I4!O+Zru1p~}!V8Ab@|DV36f3|}C?L7rxzrQQJv|W2#?al_knPi9Jq?nlV z6LaCa0{b4{>X=6lj_6pI#_u)>?GQ?5E@gT*rRy$c21w6`2vCzxe{5!G;e*C5mP|gT z79j0P?JxeENp@TU1C;tg>rM6w<=`eOa+MugI_@KeetMNt*M-;Ae- zXnL;=u$z126^|Jpshxca37H@?ZKX{tnlK$9QjZ@VYH|-2bJo*H4vVba(W#b4D!6eA z!&bzc^{|XAMAf(Bf`nRx=DrxNcNXxP73iK}ehwdei6Kgv&g2Th_?hzgfHlZ&ospj}M zop-njQ@UR|E?1<3tdV<|fL?MqPPioG+C z5QQC-;?>=%fMU6Tpd}W?b@2R#WU&5SV7m}d;nmy&16}`=*u_qa>;1_{(?po|2n3Qr zOE7DLp81;iVY712g9oT~Di=uK6|*^fUqB8LEMYGB|mmlZI8{bQdT6e^0i zlc^zK_ZOio0KK&Uq?e{nf5bqjkjjQOX7)}djMxmAPudBCiVPrdkQb4Ef^uXmZ7p2@ zu;UNg3yO;W^Rs`gu)pn|m=K7Ha@vZ=xm4`LQ2|SvF74>tjnw51yKM;{gWsa(he-L7 zPpObzxy+rX{?0|war8(iURLm-bYQ_M)Lo=S(=1g%uXcvUL1cW1Jz2<-hoQ%@M(GQY zY~DgMrw?vU0crM0FnZb>bRXf&XW9*wEb$LBM$a(;vF$yw`i^WGUi3s<#y8T;oTfzNS&Nik+Bap9ECA@a*S)25m)A`S%`WjV*!#7CyUQdy7 zT8Wnd&E(aTl0Crl7vnWgD|W&bE|qf}t16I!n~Ei}$kV>8=$j$Jnu-|$H*|z_7T<}) zLTLk&9h1v?Em7X`{PMe9eeoo%pkJf~Xx;vSy2AiEvT1)N%A!vj+Z>!MolODl+fHtP zQ8s77Z|&PZawS+e^gmzzmM#IZ=%?TL$;SZ-;F6+!>hK11fB(RUzuQ|ILucnFI}?MW-wz1+%u+ZIV@8yoIMzX+`#c!aCzWoD@0$-+fmOpiO9 zDb+0`f^CU~Itofrf1#pL1)Y=VUgzXEI?>_b7imr8H7t`Gg>U~tNUnh(;tz%$_If@A zjV*3M(mT)f7Temn>T0YMn&w1#wi`{PG4%CC6gB5k0kg{DjT81I@iW};cx!*Noo=gu zcciBuLPf*xvHV@b2nechV4O*{n@rbfR0a&D%`o^kMpT%c<3YHJ{Jq^c^9fSwIV$T0 z5?%0enre3pvgy?(*AMixWl$X8Y(xmlkQdIdE~c`S*!OPgyBN8pX3)|r`mxV-^=}{> zec%b^g7ItqM!O{bQxMxvTL*{#2lVzYAT9J(JywJ92<|7%%hx)+=Ru6}4f0Vrt-{etF=uL2BJifrTv*0T{H_XnGq_a5G>QqX_|6l0y| ztf(r3rg}q4Jf`2WN0Rnvjwm1*$Gj=Ueiwordad75rC?V$2{SV5=toeD<8!WTN31_g zy*uNhTRGR&C$j?%ym+L3*Gb}ecQZg5oP1hmr3gIXKDUpOca0r<8-&yJF7?a}f>~Jd z)gx@(&5wlr#Z#R1t1fD#PeqYxw|*m8O{0gQdC=Ri_DoXfd2-YeIa zVEeq!yQOA{JR2r-Kad^#;ftf=VK?r+aXtoG_A!q6^b1uGkU7c05v`4?OM9l=!5Qvw z!IG@D;j(30Z)k#i8K<}0s{ThQE*`~u>G_yf< zjpflW%d5yx6j1RFGgP;7cV8CL7r~?RZ?fXBbBSpDJsM0J7d{r9dDN&5hfFc`cvKd| z8m^8(DOVhZ-#y#TfZxr49IT&OWZ5qPp>GeuN*Vl@lyLZPZ%1Mb9Hx+*ux8S(lxrP=dC zLIw9_DcIQd9S{QtLA{wu1x{kL=fl<9&MvCrke-2@B@Cz{J7AHODX3&Zh)v2pnRlbx zxNAH&WpfZx1m;C)47jT_%PW}4>Sle9I#Fup?%%CT=#%db{>66#uIrClE)*)Hpp&H+ zUoC%de{0S`weE5%<(XajC zfR(_%citV2Mo?dGG+8cj1~CgR10*%}iGxv#dI^PrxkJA0zL3l%|8x<8BloIy*&(f; z3AhTJ4^r;)*^NBCCIj(a8J3#$W&q^fDY|O_r=s`HHEX?#T#;6tCfOTd!2#eA6HPl3#c2VPp*vPC0fHcVIJ8q{*!fJBc?uZlsg!SEgE z`V9EozN1zyOfa%kBm+0Z772`|DHTp3`B2Ukn1Mjqi(9&{i(j9U!vMoM_BA}F|Y-Fc}Mo8aZ%$Ew=*|zg^YGtZ-o8+?nfTWm|*n4w^lUvPONeyRjY|P#)+5Nk$z@ zv6^-9@A3+JGA|)NOMT#|(Bf>&OdRa2j10fX5CGu+F#9m5_=0kP{at^%@9QVqFf1zU z(~D2_PD4wtp9ltk@Al~_Alw3s^n4520Acs{kn8vG*z$oj^{$CZa!_1>Qy~^`b{1@) zzO!U=arr5joOcTBA@aI*5$+hy6nro)bz=^mpD2?7BILfihF`ALfT3Ld^G=zUk21$B z)dZ#sO&;eJrH)O<@)~%r*IWow^NuWJ))FwJTgx6zGjeXl7uB6kq4O%;L{ROrXhk?% zuluYs=^;&(fQsz~-dY@nk>QL=7mVp zOG|IkkY?K^3LMmt#4runi%yqBc;k=b-)IX*jgFQeS`ESJHRXuMep#%Cfz>d@U~VGW zcE|D^mZD4WmZwK@uX;&uk!3Wpu5fi2U#udd4n6B;-22fK|Ff;tICS=nk9>sz)V*3d z;xiiW(txsP!&oUuH=#A&v(;)+X6?qh0+GRTe|H`{lEa|VqRjya8IXr^o%D2AdZfsr zGymBz7kEuc(TgvRI-Hbq9a1Dw=la0LQ(?{&bhRV?yrlMVzxl6kaVO!O$k-2EN_K-9f|u$|eX5LhtKb zye2dvvmXJkc9|PL1KMXZ7`wcHyDpHXYnGlCU`P81+&eZbMo@YHaykEJQ@KC8dw!&HPopSL z0K~VAcK<;B_BXu>pyJ;2u7g3(UfjBF$D_}b8Ks}|DZxUF2?F`2ZorW8-~oeu=AC*8 zoeH<^x_xu&9!Yf$Y9P%Pg-(KA0quAubw;63`w)(6$8SSV53Q;FS{s%*eY2Z4;@XPl zxOy65A1M4uY5xzugQp1K@4kcI0Wk3&RT8FP)T+wiNmqNvMa*5&so4vBNgRM2Ta`cb z+)$y!O8X+k1-W<^9wB>+Z~jo!a1l<{}QPX{L{2({Rzs{C2kN z?iNb66G)eYt&JL0?>}|6+SEs#BD~Dl&a|;izw(e^5S^{qfaei4xMNCDByTnE9-^za z{v_7lPxz{ez;sOls<}|E^dwk}J>=lyNT7tUxttSKrcRp-4n?F6v3G4*+T!PR#o%se zF*#el^qXXiB_C#WL7tb2N3iueZ)uFNKd2Azx9;oqWWE(m-z?A~t!*w<;~lqu^C+p& z{-xyctg&LB{kFOB43_Kqqp%Qu#6rk0>et1VjR=FrXbQD*G`uXBJ;#G_gjL?slst(x zp3Ap&@We9jkpmCaxG$#jH?kj{jR&Q5Z~^%gW&Vs3u)?rq{)2** zs#wRX0t!Qahl%d|H#9_V#K$PIAVl3df-uQzXDe%m6?U!9WI`Po_KQBChpsO?3as8v z2!;C>FmuuA;0q!L8joQ*T2mhuMK&<%a9N43cYA8i5n{hRu}XX6)T%BuC7s=ZboWk1 zaOVh*SC1k)Yowz_aj95*Cq((X)L7f(#)cnG5QB^>3ogr@Cw=y6VBbOkL2LStQc{H{ zhGAd^9EDfc)*}(n&grY>qv}rf9YCl>gg=xsW#8*`gZJBg4vlCI2hDaO3XQ9b1%17e z8%{A?kRXY8IDxonDfrZ8@7!Xa$sc?;78kWmqmh&QJyI?-uaHsUK7%#4gdIL0 zhePhVP!099GMJ$W8DTW+OUTP-PCj|ZBPZd8&1aS^aM7@?>R^p>RA_X(h`9JnMMi9& z%{GY}!3B(wh)>bU@_ zBKB*pzYA}XUqeM3j6&5q43jkk3XjZRRBZ-s(@An6(v<=6~Z5N7DhS-ns0bN zD%rQszAdo)FL)d5auu!8YYUP+uUS%i9W4r`pI2q$I8{LIXJ`nSLdE`8SDb#x7?fJ=Y6@{b*As412z&uaLzXm-#ak)H-bT=P_rUcF^f4SLxUIGWkcc zY8d$zb_!%_@g>f_RxYes{h~JC>;hwm#E*fnnhP5p(+>cAcf zmu#g>WP?sdZ37|ikUud?r60G28L-G6u$-83CbPk1QoAyHoU`yLQ@8T*@|y=2Im>?Q zXoJMHo_@Fw8%&iWiQI}F$>vd?dDR}^CM*$g5KqaTTQl2U+KJyd3-9C}lk9V94PL5;9z4=$zWEU~dqg{ETBhbm`*Cf@xtxTX7N~<&)dgB|K~e+TKY?vm zF#+N9xi79PM(g0A@bifdL4AQz5s|a>J@v301p;-I625yEWBMuuQ|Mg{Av$4fnc6R8 z;+i*L_=z*m#iSGhtJm5+8t%-WZ49c1;3FE(?He@%tSa3nojwXEFfz_Y1nSZgnN(az zet4zxqhtD@AAMvAPkCtUUmecBnTP&4C#mdW=wxPTYGd-3dh3sr^as%rC@STjul+-{ z?mwNAwjFhX-d)7rfmGRR=SnPQdv4}8fEub{c8k}~5Am|nMF?N!S!S+9V&9_@X4Oi% zGf}GDHyuW=65lwjkQ=6czR(Iew8LtOpjipgo^`pk*6)pYjieMIrh3-sio5H-tx_p{ zrRt;(f^~)AsCj@-0qN44EzxdMdsg`F)P&tL;r*eQp8tlevW(H&Q36=w7Ow2uJ5QiA zLznUAK?267)lODe@aaP{2(BaSw^0$DnqQ6l^=tG^8Lo;OWZksz-Sk-Ae@szJkF5FP zUpU&f!o=tkKfbPyd}aMcQfD$fX)=GySR2~yiOxgX1utdh`3w}8=0q9-!tUB#_aQ;t z*YCkX5}*e#F#fNy`xz{t{&TQ^`cJ_E>fZ+oTnrrFjV|Lq1q)BMSAmI@?QcWfzi$%s zyS3RR*>Yxr8Zy{b&T4jfiTTbWPAOoOkZ>m7?jYUy)Jiq^^({NecXe zr~N6QxSnHkji&|?1T>IC$4+I&+d1!eROfDDz2u)Bbt|{%6&fn}PHDMPT|RN8|yd5i5KPFtcihzH3JeLsFmXd1#(U<4a+Kt0_k1B-cv5oX!tvaDYI8si!%CmMeJi>4S{biJFS-oIQ8huR14dZHKQyhy znc9Mk)5I4Q?XA7Ql=Lx^E8wy%t^3SE*9;HZ$oxV4pvw9s*<$8c;H0P+Q;I{_8VG`< z@QZpI=N6MshJxjTGb$g#==+JQpO55fs#xUSwNugesN%W`7+|~rQRR&C2mh|erB6YB z(Jw*-OuQj7z(0NMkf;!XPb}8Xj3Nv|PY+;Fx&KomaDe+t_a`F+qW}ZncWJW!Xa35Q zm;neCpaYoow~Yi{SEc+o5qCU1V7k0ew9nplvBeiA>D~LD?~4xsB!j;=5EnJN#3Ke zjfXlaIqke=(qfzt%}+*0e=ln1oHY=OeI6OA!K{5+YAjeCh^ssB3S&5dO?R?j!4+pC ziu{w8gy6j>7DNSkx?HD&_-b8lpfbu%RkVaIqcFx+bf1@TiZmsIT!@?zmLAVoYTRpo z;DhY-tEh-ovNYa=dcWhvuZoJkw9f}DH4WFxts1G=kionZ+L%Jx=~tX)=kd_Rx5do} z`Oi{%-^KuYy+-shIfus#TdWM9y$R{$dT&WVdjfBv`2TIy^IzdW8kA@7obtDMcd^qVOUq`K-)8Juc@NQ~}dGy0jaAsSIAE&DRTt|Jbb*BC$Q#S>sWcOx2voDzXfz`!*S&>CR*;J;e zzI7V&e(L(oe6Qn?@1v^u;$mU+ec6Mh=3B1+s;+XHlf@MlRg=lRs)17_r|zH|!)8$8 z-+&ZQz(E|?P7GmQ;A#v|7Z%z&wlpvYrC4rZ1JFUkz*QF@Ila8p5`E`@U!L z{Gx(<;Kj$lv%Qik6^c^RQj0*xW`ie=!CJ*Mk~M*avw@ics@b{*+K|Ft1uBj{7X;iT zji?(4=7Mcgw>dlgI+m-I?{R;Mk7YRPyTg@&ju~ce-~5}!*uT(18 zmLY|ws;cTI+^v;uxY@WnQtgo7zh{#leQ$V@`rE{uPqU%GcfCcM-n{zo_4CBny_Pwx zp%}kS=En0yEJ{Bw-?{$B z^Q8gf^0HS(JEl5HoxGLk7g2Qn-?yg9{l$rFTuaq&Y>vO|>L*il&ClplQ5XOBX2}a# z4Gj#gavP36pS52oTwP{yhCWyO-mGlCxYW-w~sB)7Pcj%*l8Dd7lG5Qr@2M9^|MnF@NvH4q?EAk4$Ir3*BChi+bB&*oPg41-?Ju70 zHrXTDy>3q6^X+w8gEty0J9~6?pq;9o2?LL`Su;fgvPAYY`dMuD~lwag>5B!Y426%5|)M1ia`gG(L?Moh+Q+sN%`l}M2_xaN}|0TaE zh&5ZAUcT<++?r4qt3}Cy@?Re(U0LbQZg)n3;VLMjTtW)HkRaFw33g$A_td1SRA6HC z&QDHE&B-)$GH?KSjZ4@vq_ikIvock|DKjTCw>ULN0XUK!l9~;=7&I$0TLD<11CMwp z%1u=8E-fm}Ed`np66)j`;^=J%E$_I6RlE~{62N8wXf_IX22CZfobydB%1*7y1X&4| z^fg2rs0K9vCZhn_z2Tjojbs8yUogl%1;R%=tuHk&UbQ>>@=P5e^Ol>v)zcd;=RN;F zJ7B8agsEXp*ClJzT6!n_VwAPwf0Saey=Tvhj-TBstMwLtHGksJC!t!|Tqoj?7r$8T@@&*j~U;d83)GpBdz%$=UNTwq7&gnB+*b&Hbw&;Q=?6MF0` zs>F2S!Gk~iYrC$W3<)@6&3{U)q2)qg*x|mg`c5Td{b#LQdzY?|HoJHEj!v%iapAp@ u$~w=UF8O|g`|Ya<4lXOE?w)-0LW9XRw+cRahRJRZ-@W|##$O!V0t5g -#ifdef ESP_PLATFORM -#include -#include -#endif -#ifdef WITH_MQTT_BRIDGE -#include "bridges/MQTTBridge.h" - -// Helper function to calculate total size of MQTT fields for file format compatibility -// Uses NodePrefs struct to get accurate field sizes -static size_t getMQTTFieldsSize(const NodePrefs* prefs) { - return sizeof(prefs->mqtt_origin) + sizeof(prefs->mqtt_iata) + - sizeof(prefs->mqtt_status_enabled) + sizeof(prefs->mqtt_packets_enabled) + - sizeof(prefs->mqtt_raw_enabled) + sizeof(prefs->mqtt_tx_enabled) + - sizeof(prefs->mqtt_status_interval) + sizeof(prefs->wifi_ssid) + - sizeof(prefs->wifi_password) + sizeof(prefs->timezone_string) + - sizeof(prefs->timezone_offset) + sizeof(prefs->mqtt_server) + - sizeof(prefs->mqtt_port) + sizeof(prefs->mqtt_username) + - sizeof(prefs->mqtt_password) + sizeof(prefs->mqtt_analyzer_us_enabled) + - sizeof(prefs->mqtt_analyzer_eu_enabled) + sizeof(prefs->mqtt_owner_public_key) + - sizeof(prefs->mqtt_email); -} -#endif // Believe it or not, this std C function is busted on some platforms! static uint32_t _atoi(const char* sp) { @@ -45,37 +23,13 @@ static bool isValidName(const char *n) { } void CommonCLI::loadPrefs(FILESYSTEM* fs) { - bool is_fresh_install = false; - bool is_upgrade = false; - if (fs->exists("/com_prefs")) { loadPrefsInt(fs, "/com_prefs"); // new filename } else if (fs->exists("/node_prefs")) { loadPrefsInt(fs, "/node_prefs"); - is_upgrade = true; // Migrating from old filename savePrefs(fs); // save to new filename fs->remove("/node_prefs"); // remove old - } else { - // File doesn't exist - set default bridge settings for fresh installs - is_fresh_install = true; - _prefs->bridge_pkt_src = 1; // Default to RX (logRx) for new installs } -#ifdef WITH_MQTT_BRIDGE - // Load MQTT preferences from separate file - loadMQTTPrefs(fs); - // Sync MQTT prefs to NodePrefs so existing code (like MQTTBridge) can access them - syncMQTTPrefsToNodePrefs(); - - // For MQTT bridge, migrate bridge.source to RX (logRx) only on fresh installs or upgrades - // This ensures new users get the correct default, but respects existing user choices - // MQTT bridge with TX requires mqtt.tx to be enabled (disabled by default), - // so RX is the sensible default for MQTT bridge installations - if ((is_fresh_install || is_upgrade) && _prefs->bridge_pkt_src == 0) { - MESH_DEBUG_PRINTLN("MQTT Bridge: Migrating bridge.source from tx to rx (MQTT bridge default)"); - _prefs->bridge_pkt_src = 1; // Set to RX (logRx) - savePrefs(fs); // Save the updated preference - } -#endif } void CommonCLI::loadPrefsInt(FILESYSTEM* fs, const char* filename) { @@ -127,33 +81,7 @@ void CommonCLI::loadPrefsInt(FILESYSTEM* fs, const char* filename) { file.read((uint8_t *)&_prefs->discovery_mod_timestamp, sizeof(_prefs->discovery_mod_timestamp)); // 162 file.read((uint8_t *)&_prefs->adc_multiplier, sizeof(_prefs->adc_multiplier)); // 166 file.read((uint8_t *)_prefs->owner_info, sizeof(_prefs->owner_info)); // 170 - // MQTT settings - skip reading from main prefs file (now stored separately) - // For backward compatibility, we'll skip these bytes if they exist in old files - // The actual MQTT prefs will be loaded from /mqtt_prefs in loadMQTTPrefs() - // Skip MQTT fields for file format compatibility (whether MQTT bridge is enabled or not) -#ifdef WITH_MQTT_BRIDGE - size_t mqtt_fields_size = getMQTTFieldsSize(_prefs); -#else - // If MQTT bridge not enabled, still skip these fields for file format compatibility - size_t mqtt_fields_size = - sizeof(_prefs->mqtt_origin) + sizeof(_prefs->mqtt_iata) + - sizeof(_prefs->mqtt_status_enabled) + sizeof(_prefs->mqtt_packets_enabled) + - sizeof(_prefs->mqtt_raw_enabled) + sizeof(_prefs->mqtt_tx_enabled) + - sizeof(_prefs->mqtt_status_interval) + sizeof(_prefs->wifi_ssid) + - sizeof(_prefs->wifi_password) + sizeof(_prefs->timezone_string) + - sizeof(_prefs->timezone_offset) + sizeof(_prefs->mqtt_server) + - sizeof(_prefs->mqtt_port) + sizeof(_prefs->mqtt_username) + - sizeof(_prefs->mqtt_password) + sizeof(_prefs->mqtt_analyzer_us_enabled) + - sizeof(_prefs->mqtt_analyzer_eu_enabled) + sizeof(_prefs->mqtt_owner_public_key) + - sizeof(_prefs->mqtt_email); -#endif - uint8_t skip_buffer[512]; // Large enough buffer - size_t remaining = mqtt_fields_size; - while (remaining > 0) { - size_t to_read = remaining > sizeof(skip_buffer) ? sizeof(skip_buffer) : remaining; - file.read(skip_buffer, to_read); - remaining -= to_read; - } + // 290 // sanitise bad pref values _prefs->rx_delay_base = constrain(_prefs->rx_delay_base, 0, 20.0f); @@ -166,6 +94,7 @@ void CommonCLI::loadPrefsInt(FILESYSTEM* fs, const char* filename) { _prefs->cr = constrain(_prefs->cr, 5, 8); _prefs->tx_power_dbm = constrain(_prefs->tx_power_dbm, 1, 30); _prefs->multi_acks = constrain(_prefs->multi_acks, 0, 1); + _prefs->adc_multiplier = constrain(_prefs->adc_multiplier, 0.0f, 10.0f); // sanitise bad bridge pref values _prefs->bridge_enabled = constrain(_prefs->bridge_enabled, 0, 1); @@ -236,216 +165,18 @@ void CommonCLI::savePrefs(FILESYSTEM* fs) { file.write((uint8_t *)&_prefs->discovery_mod_timestamp, sizeof(_prefs->discovery_mod_timestamp)); // 162 file.write((uint8_t *)&_prefs->adc_multiplier, sizeof(_prefs->adc_multiplier)); // 166 file.write((uint8_t *)_prefs->owner_info, sizeof(_prefs->owner_info)); // 170 - // MQTT settings - no longer saved here (stored in separate /mqtt_prefs file) - // Write zeros/padding to maintain file format compatibility -#ifdef WITH_MQTT_BRIDGE - size_t mqtt_fields_size = getMQTTFieldsSize(_prefs); -#else - // If MQTT bridge not enabled, still write zeros for file format compatibility - size_t mqtt_fields_size = - sizeof(_prefs->mqtt_origin) + sizeof(_prefs->mqtt_iata) + - sizeof(_prefs->mqtt_status_enabled) + sizeof(_prefs->mqtt_packets_enabled) + - sizeof(_prefs->mqtt_raw_enabled) + sizeof(_prefs->mqtt_tx_enabled) + - sizeof(_prefs->mqtt_status_interval) + sizeof(_prefs->wifi_ssid) + - sizeof(_prefs->wifi_password) + sizeof(_prefs->timezone_string) + - sizeof(_prefs->timezone_offset) + sizeof(_prefs->mqtt_server) + - sizeof(_prefs->mqtt_port) + sizeof(_prefs->mqtt_username) + - sizeof(_prefs->mqtt_password) + sizeof(_prefs->mqtt_analyzer_us_enabled) + - sizeof(_prefs->mqtt_analyzer_eu_enabled) + sizeof(_prefs->mqtt_owner_public_key) + - sizeof(_prefs->mqtt_email); -#endif - memset(pad, 0, sizeof(pad)); - size_t remaining = mqtt_fields_size; - while (remaining > 0) { - size_t to_write = remaining > sizeof(pad) ? sizeof(pad) : remaining; - file.write(pad, to_write); - remaining -= to_write; - } - - file.close(); - } -#ifdef WITH_MQTT_BRIDGE - // Save MQTT preferences to separate file - syncNodePrefsToMQTTPrefs(); // Sync any changes from NodePrefs to MQTTPrefs - saveMQTTPrefs(fs); -#endif -} - -#ifdef WITH_MQTT_BRIDGE -// Set default values for MQTT preferences (used when file doesn't exist or is corrupted) -static void setMQTTPrefsDefaults(MQTTPrefs* prefs) { - memset(prefs, 0, sizeof(MQTTPrefs)); - // Set sensible defaults matching MQTTBridge expectations - prefs->mqtt_status_enabled = 1; // enabled by default - prefs->mqtt_packets_enabled = 1; // enabled by default - prefs->mqtt_raw_enabled = 0; // disabled by default - prefs->mqtt_tx_enabled = 0; // disabled by default (RX only) - prefs->mqtt_status_interval = 300000; // 5 minutes default - prefs->mqtt_analyzer_us_enabled = 1; // enabled by default - prefs->mqtt_analyzer_eu_enabled = 1; // enabled by default - #ifdef MQTT_WIFI_POWER_SAVE_DEFAULT - prefs->wifi_power_save = MQTT_WIFI_POWER_SAVE_DEFAULT; // 0=min, 1=none, 2=max - #else - prefs->wifi_power_save = 0; // Default to WIFI_PS_MIN_MODEM (0=min) - #endif - // String fields are already zero-initialized by memset -} - -void CommonCLI::loadMQTTPrefs(FILESYSTEM* fs) { - // Initialize with defaults first - setMQTTPrefsDefaults(&_mqtt_prefs); - - bool file_existed = fs->exists("/mqtt_prefs"); - if (file_existed) { - // Load from separate MQTT prefs file -#if defined(RP2040_PLATFORM) - File file = fs->open("/mqtt_prefs", "r"); -#else - File file = fs->open("/mqtt_prefs"); -#endif - if (file) { - // Verify file size is correct before reading - if (file.size() >= sizeof(_mqtt_prefs)) { - size_t bytes_read = file.read((uint8_t *)&_mqtt_prefs, sizeof(_mqtt_prefs)); - if (bytes_read != sizeof(_mqtt_prefs)) { - // File read incomplete - reinitialize to defaults - setMQTTPrefsDefaults(&_mqtt_prefs); - } - } else { - // File too small - reinitialize to defaults - setMQTTPrefsDefaults(&_mqtt_prefs); - } - file.close(); - } - } else { - // Migration: Try to read from old /com_prefs file if it exists - // This handles the case where MQTT settings were previously stored in /com_prefs - if (fs->exists("/com_prefs")) { -#if defined(RP2040_PLATFORM) - File file = fs->open("/com_prefs", "r"); -#else - File file = fs->open("/com_prefs"); -#endif - if (file) { - // Skip to MQTT section (after advert_loc_policy at offset 161) - // Calculate offset: we need to skip everything up to and including advert_loc_policy - size_t offset_to_mqtt = - sizeof(_prefs->airtime_factor) + sizeof(_prefs->node_name) + 4 + // pad - sizeof(_prefs->node_lat) + sizeof(_prefs->node_lon) + - sizeof(_prefs->password) + sizeof(_prefs->freq) + - sizeof(_prefs->tx_power_dbm) + sizeof(_prefs->disable_fwd) + - sizeof(_prefs->advert_interval) + 1 + // pad - sizeof(_prefs->rx_delay_base) + sizeof(_prefs->tx_delay_factor) + - sizeof(_prefs->guest_password) + sizeof(_prefs->direct_tx_delay_factor) + 4 + // pad - sizeof(_prefs->sf) + sizeof(_prefs->cr) + - sizeof(_prefs->allow_read_only) + sizeof(_prefs->multi_acks) + - sizeof(_prefs->bw) + sizeof(_prefs->agc_reset_interval) + 3 + // pad - sizeof(_prefs->flood_max) + sizeof(_prefs->flood_advert_interval) + - sizeof(_prefs->interference_threshold) + sizeof(_prefs->bridge_enabled) + - sizeof(_prefs->bridge_delay) + sizeof(_prefs->bridge_pkt_src) + - sizeof(_prefs->bridge_baud) + sizeof(_prefs->bridge_channel) + - sizeof(_prefs->bridge_secret) + 4 + // pad - sizeof(_prefs->gps_enabled) + sizeof(_prefs->gps_interval) + - sizeof(_prefs->advert_loc_policy); - - // Check if file is large enough and seek succeeded - if (file.size() >= offset_to_mqtt + sizeof(_mqtt_prefs)) { - if (file.seek(offset_to_mqtt)) { - size_t bytes_read = file.read((uint8_t *)&_mqtt_prefs, sizeof(_mqtt_prefs)); - if (bytes_read == sizeof(_mqtt_prefs)) { - // Successfully migrated - save to new location for future use - file.close(); - saveMQTTPrefs(fs); - return; // Migration successful - } - } - } - file.close(); - // Migration failed - defaults already set, just return - return; - } - } - // No file exists and migration didn't happen - defaults already set - } -} + // 290 -void CommonCLI::saveMQTTPrefs(FILESYSTEM* fs) { -#if defined(NRF52_PLATFORM) || defined(STM32_PLATFORM) - fs->remove("/mqtt_prefs"); - File file = fs->open("/mqtt_prefs", FILE_O_WRITE); -#elif defined(RP2040_PLATFORM) - File file = fs->open("/mqtt_prefs", "w"); -#else - File file = fs->open("/mqtt_prefs", "w", true); -#endif - if (file) { - file.write((uint8_t *)&_mqtt_prefs, sizeof(_mqtt_prefs)); file.close(); } } -void CommonCLI::syncMQTTPrefsToNodePrefs() { - // Copy MQTT prefs to NodePrefs so existing code can access them - // Use StrHelper::strncpy to ensure proper null termination - StrHelper::strncpy(_prefs->mqtt_origin, _mqtt_prefs.mqtt_origin, sizeof(_prefs->mqtt_origin)); - StrHelper::strncpy(_prefs->mqtt_iata, _mqtt_prefs.mqtt_iata, sizeof(_prefs->mqtt_iata)); - _prefs->mqtt_status_enabled = _mqtt_prefs.mqtt_status_enabled; - _prefs->mqtt_packets_enabled = _mqtt_prefs.mqtt_packets_enabled; - _prefs->mqtt_raw_enabled = _mqtt_prefs.mqtt_raw_enabled; - _prefs->mqtt_tx_enabled = _mqtt_prefs.mqtt_tx_enabled; - _prefs->mqtt_status_interval = _mqtt_prefs.mqtt_status_interval; - StrHelper::strncpy(_prefs->wifi_ssid, _mqtt_prefs.wifi_ssid, sizeof(_prefs->wifi_ssid)); - StrHelper::strncpy(_prefs->wifi_password, _mqtt_prefs.wifi_password, sizeof(_prefs->wifi_password)); - _prefs->wifi_power_save = _mqtt_prefs.wifi_power_save; - StrHelper::strncpy(_prefs->timezone_string, _mqtt_prefs.timezone_string, sizeof(_prefs->timezone_string)); - _prefs->timezone_offset = _mqtt_prefs.timezone_offset; - StrHelper::strncpy(_prefs->mqtt_server, _mqtt_prefs.mqtt_server, sizeof(_prefs->mqtt_server)); - _prefs->mqtt_port = _mqtt_prefs.mqtt_port; - StrHelper::strncpy(_prefs->mqtt_username, _mqtt_prefs.mqtt_username, sizeof(_prefs->mqtt_username)); - StrHelper::strncpy(_prefs->mqtt_password, _mqtt_prefs.mqtt_password, sizeof(_prefs->mqtt_password)); - _prefs->mqtt_analyzer_us_enabled = _mqtt_prefs.mqtt_analyzer_us_enabled; - _prefs->mqtt_analyzer_eu_enabled = _mqtt_prefs.mqtt_analyzer_eu_enabled; - StrHelper::strncpy(_prefs->mqtt_owner_public_key, _mqtt_prefs.mqtt_owner_public_key, sizeof(_prefs->mqtt_owner_public_key)); - StrHelper::strncpy(_prefs->mqtt_email, _mqtt_prefs.mqtt_email, sizeof(_prefs->mqtt_email)); -} - -void CommonCLI::syncNodePrefsToMQTTPrefs() { - // Copy NodePrefs to MQTT prefs (used when saving after changes via CLI) - // Use StrHelper::strncpy to ensure proper null termination - StrHelper::strncpy(_mqtt_prefs.mqtt_origin, _prefs->mqtt_origin, sizeof(_mqtt_prefs.mqtt_origin)); - StrHelper::strncpy(_mqtt_prefs.mqtt_iata, _prefs->mqtt_iata, sizeof(_mqtt_prefs.mqtt_iata)); - _mqtt_prefs.mqtt_status_enabled = _prefs->mqtt_status_enabled; - _mqtt_prefs.mqtt_packets_enabled = _prefs->mqtt_packets_enabled; - _mqtt_prefs.mqtt_raw_enabled = _prefs->mqtt_raw_enabled; - _mqtt_prefs.mqtt_tx_enabled = _prefs->mqtt_tx_enabled; - _mqtt_prefs.mqtt_status_interval = _prefs->mqtt_status_interval; - StrHelper::strncpy(_mqtt_prefs.wifi_ssid, _prefs->wifi_ssid, sizeof(_mqtt_prefs.wifi_ssid)); - StrHelper::strncpy(_mqtt_prefs.wifi_password, _prefs->wifi_password, sizeof(_mqtt_prefs.wifi_password)); - _mqtt_prefs.wifi_power_save = _prefs->wifi_power_save; - StrHelper::strncpy(_mqtt_prefs.timezone_string, _prefs->timezone_string, sizeof(_mqtt_prefs.timezone_string)); - _mqtt_prefs.timezone_offset = _prefs->timezone_offset; - StrHelper::strncpy(_mqtt_prefs.mqtt_server, _prefs->mqtt_server, sizeof(_mqtt_prefs.mqtt_server)); - _mqtt_prefs.mqtt_port = _prefs->mqtt_port; - StrHelper::strncpy(_mqtt_prefs.mqtt_username, _prefs->mqtt_username, sizeof(_mqtt_prefs.mqtt_username)); - StrHelper::strncpy(_mqtt_prefs.mqtt_password, _prefs->mqtt_password, sizeof(_mqtt_prefs.mqtt_password)); - _mqtt_prefs.mqtt_analyzer_us_enabled = _prefs->mqtt_analyzer_us_enabled; - _mqtt_prefs.mqtt_analyzer_eu_enabled = _prefs->mqtt_analyzer_eu_enabled; - StrHelper::strncpy(_mqtt_prefs.mqtt_owner_public_key, _prefs->mqtt_owner_public_key, sizeof(_mqtt_prefs.mqtt_owner_public_key)); - StrHelper::strncpy(_mqtt_prefs.mqtt_email, _prefs->mqtt_email, sizeof(_mqtt_prefs.mqtt_email)); -} -#endif - #define MIN_LOCAL_ADVERT_INTERVAL 60 void CommonCLI::savePrefs() { - uint8_t old_advert_interval = _prefs->advert_interval; if (_prefs->advert_interval * 2 < MIN_LOCAL_ADVERT_INTERVAL) { _prefs->advert_interval = 0; // turn it off, now that device has been manually configured } - // If advert_interval was changed, update the timer to reflect the change - if (old_advert_interval != _prefs->advert_interval) { - _callbacks->updateAdvertTimer(); - } _callbacks->savePrefs(); } @@ -483,10 +214,6 @@ void CommonCLI::handleCommand(uint32_t sender_timestamp, const char* command, ch } else { strcpy(reply, "ERR: clock cannot go backwards"); } - } else if (memcmp(command, "memory", 6) == 0) { - sprintf(reply, "Free: %d, Min: %d, Max: %d, Queue: %d", - ESP.getFreeHeap(), ESP.getMinFreeHeap(), ESP.getMaxAllocHeap(), - _callbacks->getQueueSize()); } else if (memcmp(command, "start ota", 9) == 0) { if (!_board->startOTAUpdate(_prefs->node_name, reply)) { strcpy(reply, "Error"); @@ -634,79 +361,6 @@ void CommonCLI::handleCommand(uint32_t sender_timestamp, const char* command, ch sprintf(reply, "> %d", (uint32_t)_prefs->bridge_channel); } else if (memcmp(config, "bridge.secret", 13) == 0) { sprintf(reply, "> %s", _prefs->bridge_secret); -#endif -#ifdef WITH_MQTT_BRIDGE - } else if (memcmp(config, "mqtt.origin", 11) == 0) { - sprintf(reply, "> %s", _prefs->mqtt_origin); - } else if (memcmp(config, "mqtt.iata", 9) == 0) { - sprintf(reply, "> %s", _prefs->mqtt_iata); - } else if (memcmp(config, "mqtt.status", 11) == 0) { - sprintf(reply, "> %s", _prefs->mqtt_status_enabled ? "on" : "off"); - } else if (memcmp(config, "mqtt.packets", 12) == 0) { - sprintf(reply, "> %s", _prefs->mqtt_packets_enabled ? "on" : "off"); - } else if (memcmp(config, "mqtt.raw", 8) == 0) { - sprintf(reply, "> %s", _prefs->mqtt_raw_enabled ? "on" : "off"); - } else if (memcmp(config, "mqtt.tx", 7) == 0) { - sprintf(reply, "> %s", _prefs->mqtt_tx_enabled ? "on" : "off"); - } else if (memcmp(config, "mqtt.interval", 13) == 0) { - // Display interval in minutes (rounded) - uint32_t minutes = (_prefs->mqtt_status_interval + 29999) / 60000; // Round up - sprintf(reply, "> %u minutes (%lu ms)", minutes, _prefs->mqtt_status_interval); - } else if (memcmp(config, "mqtt.server", 11) == 0) { - sprintf(reply, "> %s", _prefs->mqtt_server); - } else if (memcmp(config, "mqtt.port", 9) == 0) { - sprintf(reply, "> %d", _prefs->mqtt_port); - } else if (memcmp(config, "mqtt.username", 13) == 0) { - sprintf(reply, "> %s", _prefs->mqtt_username); - } else if (memcmp(config, "mqtt.password", 13) == 0) { - sprintf(reply, "> %s", _prefs->mqtt_password); - } else if (memcmp(config, "wifi.ssid", 9) == 0) { - sprintf(reply, "> %s", _prefs->wifi_ssid); - } else if (memcmp(config, "wifi.pwd", 8) == 0) { - sprintf(reply, "> %s", _prefs->wifi_password); - } else if (memcmp(config, "wifi.status", 11) == 0) { - wl_status_t status = WiFi.status(); - const char* status_str; - switch(status) { - case WL_CONNECTED: status_str = "connected"; break; - case WL_NO_SSID_AVAIL: status_str = "no_ssid"; break; - case WL_CONNECT_FAILED: status_str = "connect_failed"; break; - case WL_CONNECTION_LOST: status_str = "connection_lost"; break; - case WL_DISCONNECTED: status_str = "disconnected"; break; - default: status_str = "unknown"; break; - } - if (status == WL_CONNECTED) { - sprintf(reply, "> %s, IP: %s, RSSI: %d dBm", status_str, WiFi.localIP().toString().c_str(), WiFi.RSSI()); - } else { - sprintf(reply, "> %s (code: %d)", status_str, status); - } - } else if (memcmp(config, "wifi.powersave", 14) == 0) { - uint8_t ps = _prefs->wifi_power_save; - const char* ps_name = (ps == 1) ? "none" : (ps == 2) ? "max" : "min"; - sprintf(reply, "> %s", ps_name); - } else if (memcmp(config, "timezone", 8) == 0) { - sprintf(reply, "> %s", _prefs->timezone_string); - } else if (memcmp(config, "timezone.offset", 15) == 0) { - sprintf(reply, "> %d", _prefs->timezone_offset); - } else if (memcmp(config, "mqtt.analyzer.us", 17) == 0) { - sprintf(reply, "> %s", _prefs->mqtt_analyzer_us_enabled ? "on" : "off"); - } else if (memcmp(config, "mqtt.analyzer.eu", 17) == 0) { - sprintf(reply, "> %s", _prefs->mqtt_analyzer_eu_enabled ? "on" : "off"); - } else if (sender_timestamp == 0 && memcmp(config, "mqtt.owner", 10) == 0) { // from serial command line only - if (_prefs->mqtt_owner_public_key[0] != '\0') { - sprintf(reply, "> %s", _prefs->mqtt_owner_public_key); - } else { - strcpy(reply, "> (not set)"); - } - } else if (sender_timestamp == 0 && memcmp(config, "mqtt.email", 10) == 0) { // from serial command line only - if (_prefs->mqtt_email[0] != '\0') { - sprintf(reply, "> %s", _prefs->mqtt_email); - } else { - strcpy(reply, "> (not set)"); - } - } else if (memcmp(config, "mqtt.config.valid", 17) == 0) { - bool valid = MQTTBridge::isConfigValid(_prefs); - sprintf(reply, "> %s", valid ? "valid" : "invalid"); #endif } else if (memcmp(config, "adc.multiplier", 14) == 0) { float adc_mult = _board->getAdcMultiplier(); @@ -949,168 +603,19 @@ void CommonCLI::handleCommand(uint32_t sender_timestamp, const char* command, ch savePrefs(); strcpy(reply, "OK"); #endif -#ifdef WITH_MQTT_BRIDGE - } else if (memcmp(config, "mqtt.origin ", 12) == 0) { - StrHelper::strncpy(_prefs->mqtt_origin, &config[12], sizeof(_prefs->mqtt_origin)); - savePrefs(); - strcpy(reply, "OK"); - } else if (memcmp(config, "mqtt.iata ", 10) == 0) { - StrHelper::strncpy(_prefs->mqtt_iata, &config[10], sizeof(_prefs->mqtt_iata)); - // Convert IATA code to uppercase (IATA codes are conventionally uppercase) - for (int i = 0; _prefs->mqtt_iata[i]; i++) { - _prefs->mqtt_iata[i] = toupper(_prefs->mqtt_iata[i]); - } - savePrefs(); - strcpy(reply, "OK"); - } else if (memcmp(config, "mqtt.status ", 12) == 0) { - _prefs->mqtt_status_enabled = memcmp(&config[12], "on", 2) == 0; - savePrefs(); - strcpy(reply, "OK"); - } else if (memcmp(config, "mqtt.packets ", 13) == 0) { - _prefs->mqtt_packets_enabled = memcmp(&config[13], "on", 2) == 0; - savePrefs(); - strcpy(reply, "OK"); - } else if (memcmp(config, "mqtt.raw ", 9) == 0) { - _prefs->mqtt_raw_enabled = memcmp(&config[9], "on", 2) == 0; - savePrefs(); - strcpy(reply, "OK"); - } else if (memcmp(config, "mqtt.tx ", 8) == 0) { - _prefs->mqtt_tx_enabled = memcmp(&config[8], "on", 2) == 0; - savePrefs(); - strcpy(reply, "OK"); - } else if (memcmp(config, "mqtt.interval ", 14) == 0) { - uint32_t minutes = _atoi(&config[14]); - if (minutes >= 1 && minutes <= 60) { // 1 minute to 60 minutes - _prefs->mqtt_status_interval = minutes * 60000; // Convert minutes to milliseconds - savePrefs(); - // Restart bridge to pick up new interval value - _callbacks->restartBridge(); - sprintf(reply, "OK - interval set to %u minutes (%lu ms), bridge restarted", minutes, _prefs->mqtt_status_interval); - } else { - strcpy(reply, "Error: interval must be between 1-60 minutes"); - } - } else if (memcmp(config, "wifi.ssid ", 10) == 0) { - StrHelper::strncpy(_prefs->wifi_ssid, &config[10], sizeof(_prefs->wifi_ssid)); - savePrefs(); - strcpy(reply, "OK"); - } else if (memcmp(config, "wifi.pwd ", 9) == 0) { - StrHelper::strncpy(_prefs->wifi_password, &config[9], sizeof(_prefs->wifi_password)); - savePrefs(); - strcpy(reply, "OK"); - } else if (memcmp(config, "wifi.powersave ", 15) == 0) { - const char* value = &config[15]; - uint8_t ps_value; - bool valid = false; - if (memcmp(value, "min", 3) == 0 && (value[3] == 0 || value[3] == ' ')) { - ps_value = 0; - valid = true; - } else if (memcmp(value, "none", 4) == 0 && (value[4] == 0 || value[4] == ' ')) { - ps_value = 1; - valid = true; - } else if (memcmp(value, "max", 3) == 0 && (value[3] == 0 || value[3] == ' ')) { - ps_value = 2; - valid = true; - } - - if (!valid) { - strcpy(reply, "Error: must be none, min, or max"); - } else { - _prefs->wifi_power_save = ps_value; - savePrefs(); - - // Apply immediately if WiFi is connected - #ifdef ESP_PLATFORM - if (WiFi.status() == WL_CONNECTED) { - wifi_ps_type_t ps_mode = (ps_value == 1) ? WIFI_PS_NONE : - (ps_value == 2) ? WIFI_PS_MAX_MODEM : WIFI_PS_MIN_MODEM; - esp_err_t ps_result = esp_wifi_set_ps(ps_mode); - if (ps_result == ESP_OK) { - const char* ps_name = (ps_value == 1) ? "none" : (ps_value == 2) ? "max" : "min"; - sprintf(reply, "OK - power save set to %s", ps_name); - } else { - sprintf(reply, "OK - saved, but failed to apply: %d", ps_result); - } - } else { - const char* ps_name = (ps_value == 1) ? "none" : (ps_value == 2) ? "max" : "min"; - sprintf(reply, "OK - saved as %s (will apply on next WiFi connection)", ps_name); - } - #else - const char* ps_name = (ps_value == 1) ? "none" : (ps_value == 2) ? "max" : "min"; - sprintf(reply, "OK - saved as %s", ps_name); - #endif - } - } else if (memcmp(config, "timezone ", 9) == 0) { - StrHelper::strncpy(_prefs->timezone_string, &config[9], sizeof(_prefs->timezone_string)); - savePrefs(); - strcpy(reply, "OK"); - } else if (memcmp(config, "timezone.offset ", 16) == 0) { - int8_t offset = _atoi(&config[16]); - if (offset >= -12 && offset <= 14) { - _prefs->timezone_offset = offset; - savePrefs(); - strcpy(reply, "OK"); - } else { - strcpy(reply, "Error: timezone offset must be between -12 and +14"); - } - } else if (memcmp(config, "mqtt.server ", 12) == 0) { - StrHelper::strncpy(_prefs->mqtt_server, &config[12], sizeof(_prefs->mqtt_server)); - savePrefs(); - strcpy(reply, "OK"); - } else if (memcmp(config, "mqtt.port ", 10) == 0) { - int port = atoi(&config[10]); - if (port > 0 && port <= 65535) { - _prefs->mqtt_port = port; - savePrefs(); - strcpy(reply, "OK"); - } else { - strcpy(reply, "Error: port must be between 1 and 65535"); - } - } else if (memcmp(config, "mqtt.username ", 14) == 0) { - StrHelper::strncpy(_prefs->mqtt_username, &config[14], sizeof(_prefs->mqtt_username)); - savePrefs(); - strcpy(reply, "OK"); - } else if (memcmp(config, "mqtt.password ", 14) == 0) { - StrHelper::strncpy(_prefs->mqtt_password, &config[14], sizeof(_prefs->mqtt_password)); - savePrefs(); - strcpy(reply, "OK"); - } else if (memcmp(config, "mqtt.analyzer.us ", 17) == 0) { - _prefs->mqtt_analyzer_us_enabled = memcmp(&config[17], "on", 2) == 0; - savePrefs(); - strcpy(reply, "OK"); - } else if (memcmp(config, "mqtt.analyzer.eu ", 17) == 0) { - _prefs->mqtt_analyzer_eu_enabled = memcmp(&config[17], "on", 2) == 0; - savePrefs(); - strcpy(reply, "OK"); - } else if (memcmp(config, "mqtt.owner ", 11) == 0) { - // Validate that it's a valid hex string of the correct length (64 hex chars = 32 bytes) - const char* owner_key = &config[11]; - int key_len = strlen(owner_key); - if (key_len == 64) { - // Validate hex characters - bool valid = true; - for (int i = 0; i < key_len; i++) { - if (!((owner_key[i] >= '0' && owner_key[i] <= '9') || - (owner_key[i] >= 'A' && owner_key[i] <= 'F') || - (owner_key[i] >= 'a' && owner_key[i] <= 'f'))) { - valid = false; - break; - } - } - if (valid) { - StrHelper::strncpy(_prefs->mqtt_owner_public_key, owner_key, sizeof(_prefs->mqtt_owner_public_key)); - savePrefs(); - strcpy(reply, "OK"); - } else { - strcpy(reply, "Error: invalid hex characters in public key"); - } - } else { - strcpy(reply, "Error: public key must be 64 hex characters (32 bytes)"); - } - } else if (memcmp(config, "mqtt.email ", 11) == 0) { - StrHelper::strncpy(_prefs->mqtt_email, &config[11], sizeof(_prefs->mqtt_email)); - savePrefs(); - strcpy(reply, "OK"); -#endif + } else if (memcmp(config, "adc.multiplier ", 15) == 0) { + _prefs->adc_multiplier = atof(&config[15]); + if (_board->setAdcMultiplier(_prefs->adc_multiplier)) { + savePrefs(); + if (_prefs->adc_multiplier == 0.0f) { + strcpy(reply, "OK - using default board multiplier"); + } else { + sprintf(reply, "OK - multiplier set to %.3f", _prefs->adc_multiplier); + } + } else { + _prefs->adc_multiplier = 0.0f; + strcpy(reply, "Error: unsupported by this board"); + }; } else { sprintf(reply, "unknown config: %s", config); } diff --git a/src/helpers/CommonCLI.h b/src/helpers/CommonCLI.h index 361261ae2..8661d1e6d 100644 --- a/src/helpers/CommonCLI.h +++ b/src/helpers/CommonCLI.h @@ -5,7 +5,7 @@ #include #include -#if defined(WITH_RS232_BRIDGE) || defined(WITH_ESPNOW_BRIDGE) || defined(WITH_MQTT_BRIDGE) +#if defined(WITH_RS232_BRIDGE) || defined(WITH_ESPNOW_BRIDGE) #define WITH_BRIDGE #endif @@ -39,7 +39,7 @@ struct NodePrefs { // persisted to file // Bridge settings uint8_t bridge_enabled; // boolean uint16_t bridge_delay; // milliseconds (default 500 ms) - uint8_t bridge_pkt_src; // 0 = logTx, 1 = logRx (default logRx) + uint8_t bridge_pkt_src; // 0 = logTx, 1 = logRx (default logTx) uint32_t bridge_baud; // 9600, 19200, 38400, 57600, 115200 (default 115200) uint8_t bridge_channel; // 1-14 (ESP-NOW only) char bridge_secret[16]; // for XOR encryption of bridge packets (ESP-NOW only) @@ -52,72 +52,8 @@ struct NodePrefs { // persisted to file uint32_t discovery_mod_timestamp; float adc_multiplier; char owner_info[120]; - // MQTT settings (stored separately in /mqtt_prefs, but kept here for backward compatibility) - char mqtt_origin[32]; // Device name for MQTT topics - char mqtt_iata[8]; // IATA code for MQTT topics - uint8_t mqtt_status_enabled; // Enable status messages - uint8_t mqtt_packets_enabled; // Enable packet messages - uint8_t mqtt_raw_enabled; // Enable raw messages - uint8_t mqtt_tx_enabled; // Enable TX packet uplinking - uint32_t mqtt_status_interval; // Status publish interval (ms) - - // WiFi settings - char wifi_ssid[32]; // WiFi SSID - char wifi_password[64]; // WiFi password - uint8_t wifi_power_save; // WiFi power save mode: 0=min, 1=none, 2=max (default: 0=min) - - // Timezone settings - char timezone_string[32]; // Timezone string (e.g., "America/Los_Angeles") - int8_t timezone_offset; // Timezone offset in hours (-12 to +14) - fallback - - // MQTT server settings - char mqtt_server[64]; // MQTT server hostname - uint16_t mqtt_port; // MQTT server port - char mqtt_username[32]; // MQTT username - char mqtt_password[64]; // MQTT password - - // Let's Mesh Analyzer settings - uint8_t mqtt_analyzer_us_enabled; // Enable US analyzer server - uint8_t mqtt_analyzer_eu_enabled; // Enable EU analyzer server - char mqtt_owner_public_key[65]; // Owner public key (hex string, same length as repeater public key) - char mqtt_email[64]; // Owner email address for matching nodes with owners }; -#ifdef WITH_MQTT_BRIDGE -// MQTT preferences stored in separate file to avoid conflicts with upstream NodePrefs changes -struct MQTTPrefs { - // MQTT settings - char mqtt_origin[32]; // Device name for MQTT topics - char mqtt_iata[8]; // IATA code for MQTT topics - uint8_t mqtt_status_enabled; // Enable status messages - uint8_t mqtt_packets_enabled; // Enable packet messages - uint8_t mqtt_raw_enabled; // Enable raw messages - uint8_t mqtt_tx_enabled; // Enable TX packet uplinking - uint32_t mqtt_status_interval; // Status publish interval (ms) - - // WiFi settings - char wifi_ssid[32]; // WiFi SSID - char wifi_password[64]; // WiFi password - uint8_t wifi_power_save; // WiFi power save mode: 0=min, 1=none, 2=max (default: 0=min) - - // Timezone settings - char timezone_string[32]; // Timezone string (e.g., "America/Los_Angeles") - int8_t timezone_offset; // Timezone offset in hours (-12 to +14) - fallback - - // MQTT server settings - char mqtt_server[64]; // MQTT server hostname - uint16_t mqtt_port; // MQTT server port - char mqtt_username[32]; // MQTT username - char mqtt_password[64]; // MQTT password - - // Let's Mesh Analyzer settings - uint8_t mqtt_analyzer_us_enabled; // Enable US analyzer server - uint8_t mqtt_analyzer_eu_enabled; // Enable EU analyzer server - char mqtt_owner_public_key[65]; // Owner public key (hex string, same length as repeater public key) - char mqtt_email[64]; // Owner email address for matching nodes with owners -}; -#endif - class CommonCLICallbacks { public: virtual void savePrefs() = 0; @@ -151,10 +87,6 @@ class CommonCLICallbacks { virtual void restartBridge() { // no op by default }; - - virtual int getQueueSize() { - return 0; // no op by default - }; }; class CommonCLI { @@ -165,19 +97,10 @@ class CommonCLI { SensorManager* _sensors; ClientACL* _acl; char tmp[PRV_KEY_SIZE*2 + 4]; -#ifdef WITH_MQTT_BRIDGE - MQTTPrefs _mqtt_prefs; -#endif mesh::RTCClock* getRTCClock() { return _rtc; } void savePrefs(); void loadPrefsInt(FILESYSTEM* _fs, const char* filename); -#ifdef WITH_MQTT_BRIDGE - void loadMQTTPrefs(FILESYSTEM* fs); - void saveMQTTPrefs(FILESYSTEM* fs); - void syncMQTTPrefsToNodePrefs(); - void syncNodePrefsToMQTTPrefs(); -#endif public: CommonCLI(mesh::MainBoard& board, mesh::RTCClock& rtc, SensorManager& sensors, ClientACL& acl, NodePrefs* prefs, CommonCLICallbacks* callbacks) @@ -186,6 +109,5 @@ class CommonCLI { void loadPrefs(FILESYSTEM* _fs); void savePrefs(FILESYSTEM* _fs); void handleCommand(uint32_t sender_timestamp, const char* command, char* reply); - mesh::MainBoard* getBoard() { return _board; } uint8_t buildAdvertData(uint8_t node_type, uint8_t* app_data); }; diff --git a/src/helpers/JWTHelper.cpp b/src/helpers/JWTHelper.cpp deleted file mode 100644 index dc4154ba3..000000000 --- a/src/helpers/JWTHelper.cpp +++ /dev/null @@ -1,198 +0,0 @@ -#include "JWTHelper.h" -#include -#include -#include -#include "ed_25519.h" -#include "mbedtls/base64.h" - -// Base64 URL encoding table (without padding) -static const char base64url_chars[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; - -bool JWTHelper::createAuthToken( - const mesh::LocalIdentity& identity, - const char* audience, - unsigned long issuedAt, - unsigned long expiresIn, - char* token, - size_t tokenSize, - const char* owner, - const char* client, - const char* email -) { - if (!audience || !token || tokenSize == 0) { - return false; - } - - // Use current time if not specified - if (issuedAt == 0) { - issuedAt = time(nullptr); - } - - // Create header - char header[256]; - size_t headerLen = createHeader(header, sizeof(header)); - if (headerLen == 0) { - return false; - } - - // Get public key as UPPERCASE HEX string - char publicKeyHex[65]; - mesh::Utils::toHex(publicKeyHex, identity.pub_key, PUB_KEY_SIZE); - for (int i = 0; publicKeyHex[i]; i++) { - publicKeyHex[i] = toupper(publicKeyHex[i]); - } - - // Create payload - char payload[512]; - size_t payloadLen = createPayload(publicKeyHex, audience, issuedAt, expiresIn, payload, sizeof(payload), owner, client, email); - if (payloadLen == 0) { - return false; - } - - // Create signing input: header.payload - char signingInput[768]; - size_t signingInputLen = headerLen + 1 + payloadLen; - if (signingInputLen >= sizeof(signingInput)) { - return false; - } - - memcpy(signingInput, header, headerLen); - signingInput[headerLen] = '.'; - memcpy(signingInput + headerLen + 1, payload, payloadLen); - - // Sign the data using direct Ed25519 signing - uint8_t signature[64]; - mesh::LocalIdentity identity_copy = identity; - - uint8_t export_buffer[96]; - size_t exported_size = identity_copy.writeTo(export_buffer, sizeof(export_buffer)); - - if (exported_size != 96) { - return false; - } - - uint8_t* private_key = export_buffer; - uint8_t* public_key = export_buffer + 64; - - ed25519_sign(signature, (const unsigned char*)signingInput, signingInputLen, public_key, private_key); - - // Verify the signature locally - int verify_result = ed25519_verify(signature, (const unsigned char*)signingInput, signingInputLen, public_key); - if (verify_result != 1) { - Serial.println("JWTHelper: Signature verification failed!"); - return false; - } - - // Convert signature to hex - char signatureHex[129]; - for (int i = 0; i < 64; i++) { - sprintf(signatureHex + (i * 2), "%02X", signature[i]); - } - signatureHex[128] = '\0'; - - // Create final token: header.payload.signatureHex (MeshCore Decoder format) - size_t sigHexLen = strlen(signatureHex); - size_t totalLen = headerLen + 1 + payloadLen + 1 + sigHexLen; - if (totalLen >= tokenSize) { - return false; - } - - memcpy(token, header, headerLen); - token[headerLen] = '.'; - memcpy(token + headerLen + 1, payload, payloadLen); - token[headerLen + 1 + payloadLen] = '.'; - memcpy(token + headerLen + 1 + payloadLen + 1, signatureHex, sigHexLen); - token[totalLen] = '\0'; - - return true; -} - -size_t JWTHelper::base64UrlEncode(const uint8_t* input, size_t inputLen, char* output, size_t outputSize) { - if (!input || !output || outputSize == 0) { - return 0; - } - - size_t outlen = 0; - int ret = mbedtls_base64_encode((unsigned char*)output, outputSize - 1, &outlen, input, inputLen); - - if (ret != 0) { - return 0; - } - - // Convert to base64 URL format in-place (replace + with -, / with _, remove padding =) - for (size_t i = 0; i < outlen; i++) { - if (output[i] == '+') { - output[i] = '-'; - } else if (output[i] == '/') { - output[i] = '_'; - } - } - - // Remove padding '=' characters - while (outlen > 0 && output[outlen-1] == '=') { - outlen--; - } - output[outlen] = '\0'; - return outlen; -} - -size_t JWTHelper::createHeader(char* output, size_t outputSize) { - // Create JWT header: {"alg":"Ed25519","typ":"JWT"} - DynamicJsonDocument doc(256); - doc["alg"] = "Ed25519"; - doc["typ"] = "JWT"; - - char jsonBuffer[256]; - size_t len = serializeJson(doc, jsonBuffer, sizeof(jsonBuffer)); - if (len == 0 || len >= sizeof(jsonBuffer)) { - return 0; - } - - return base64UrlEncode((uint8_t*)jsonBuffer, len, output, outputSize); -} - -size_t JWTHelper::createPayload( - const char* publicKey, - const char* audience, - unsigned long issuedAt, - unsigned long expiresIn, - char* output, - size_t outputSize, - const char* owner, - const char* client, - const char* email -) { - // Create JWT payload - DynamicJsonDocument doc(512); - doc["publicKey"] = publicKey; - doc["aud"] = audience; - doc["iat"] = issuedAt; - - if (expiresIn > 0) { - doc["exp"] = issuedAt + expiresIn; - } - - // Add optional owner field if provided - if (owner && strlen(owner) > 0) { - doc["owner"] = owner; - } - - // Add optional client field if provided - if (client && strlen(client) > 0) { - doc["client"] = client; - } - - // Add optional email field if provided - if (email && strlen(email) > 0) { - doc["email"] = email; - } - - char jsonBuffer[512]; - size_t len = serializeJson(doc, jsonBuffer, sizeof(jsonBuffer)); - if (len == 0 || len >= sizeof(jsonBuffer)) { - return 0; - } - - return base64UrlEncode((uint8_t*)jsonBuffer, len, output, outputSize); -} - diff --git a/src/helpers/JWTHelper.h b/src/helpers/JWTHelper.h deleted file mode 100644 index a84889d89..000000000 --- a/src/helpers/JWTHelper.h +++ /dev/null @@ -1,87 +0,0 @@ -#pragma once - -#include "MeshCore.h" -#include "Identity.h" - -/** - * JWT Helper for creating authentication tokens - * - * This class provides functionality to create JWT-style authentication tokens - * signed with Ed25519 private keys for MQTT authentication. - */ -class JWTHelper { -public: - /** - * Create an authentication token for MQTT authentication - * - * @param identity LocalIdentity instance for signing - * @param audience Audience string (e.g., "mqtt-us-v1.letsmesh.net") - * @param issuedAt Unix timestamp (0 for current time) - * @param expiresIn Expiration time in seconds (0 for no expiration) - * @param token Buffer to store the resulting token - * @param tokenSize Size of the token buffer - * @param owner Optional owner public key in hex format (nullptr if not set) - * @param client Optional client string (nullptr if not set) - * @param email Optional email address (nullptr if not set) - * @return true if token was created successfully - */ - static bool createAuthToken( - const mesh::LocalIdentity& identity, - const char* audience, - unsigned long issuedAt = 0, - unsigned long expiresIn = 0, - char* token = nullptr, - size_t tokenSize = 0, - const char* owner = nullptr, - const char* client = nullptr, - const char* email = nullptr - ); - -private: - /** - * Base64 URL encode data - * - * @param input Input data - * @param inputLen Length of input data - * @param output Output buffer - * @param outputSize Size of output buffer - * @return Length of encoded data, or 0 on error - */ - static size_t base64UrlEncode(const uint8_t* input, size_t inputLen, char* output, size_t outputSize); - - /** - * Create JWT header - * - * @param output Output buffer - * @param outputSize Size of output buffer - * @return Length of header, or 0 on error - */ - static size_t createHeader(char* output, size_t outputSize); - - /** - * Create JWT payload - * - * @param publicKey Public key in hex format - * @param audience Audience string - * @param issuedAt Issued at timestamp - * @param expiresIn Expiration time in seconds (0 for no expiration) - * @param output Output buffer - * @param outputSize Size of output buffer - * @param owner Optional owner public key in hex format (nullptr if not set) - * @param client Optional client string (nullptr if not set) - * @param email Optional email address (nullptr if not set) - * @return Length of payload, or 0 on error - */ - static size_t createPayload( - const char* publicKey, - const char* audience, - unsigned long issuedAt, - unsigned long expiresIn, - char* output, - size_t outputSize, - const char* owner = nullptr, - const char* client = nullptr, - const char* email = nullptr - ); - -}; diff --git a/src/helpers/MQTTMessageBuilder.cpp b/src/helpers/MQTTMessageBuilder.cpp deleted file mode 100644 index 95edcc104..000000000 --- a/src/helpers/MQTTMessageBuilder.cpp +++ /dev/null @@ -1,415 +0,0 @@ -#include "MQTTMessageBuilder.h" -#include -#include -#include -#include "MeshCore.h" - -int MQTTMessageBuilder::buildStatusMessage( - const char* origin, - const char* origin_id, - const char* model, - const char* firmware_version, - const char* radio, - const char* client_version, - const char* status, - const char* timestamp, - char* buffer, - size_t buffer_size, - int battery_mv, - int uptime_secs, - int errors, - int queue_len, - int noise_floor, - int tx_air_secs, - int rx_air_secs -) { - // Use StaticJsonDocument to avoid heap fragmentation (fixed-size stack allocation) - StaticJsonDocument<768> doc; // Increased size to accommodate stats - JsonObject root = doc.to(); - - root["status"] = status; - root["timestamp"] = timestamp; - root["origin"] = origin; - root["origin_id"] = origin_id; - root["model"] = model; - root["firmware_version"] = firmware_version; - root["radio"] = radio; - root["client_version"] = client_version; - - // Add stats object if any stats are provided - if (battery_mv >= 0 || uptime_secs >= 0 || errors >= 0 || queue_len >= 0 || - noise_floor > -999 || tx_air_secs >= 0 || rx_air_secs >= 0) { - JsonObject stats = root.createNestedObject("stats"); - - if (battery_mv >= 0) { - stats["battery_mv"] = battery_mv; - } - if (uptime_secs >= 0) { - stats["uptime_secs"] = uptime_secs; - } - if (errors >= 0) { - stats["errors"] = errors; - } - if (queue_len >= 0) { - stats["queue_len"] = queue_len; - } - if (noise_floor > -999) { - stats["noise_floor"] = noise_floor; - } - if (tx_air_secs >= 0) { - stats["tx_air_secs"] = tx_air_secs; - } - if (rx_air_secs >= 0) { - stats["rx_air_secs"] = rx_air_secs; - } - } - - size_t len = serializeJson(root, buffer, buffer_size); - return (len > 0 && len < buffer_size) ? len : 0; -} - -int MQTTMessageBuilder::buildPacketMessage( - const char* origin, - const char* origin_id, - const char* timestamp, - const char* direction, - const char* time, - const char* date, - int len, - int packet_type, - const char* route, - int payload_len, - const char* raw, - float snr, - int rssi, - const char* hash, - const char* path, - char* buffer, - size_t buffer_size -) { - // Use StaticJsonDocument with fixed maximum size to avoid heap fragmentation - // Base JSON overhead ~200 bytes, raw hex can be up to 510 chars (255 bytes packet) - // Use maximum size (2048) to handle all packet sizes without heap allocation - StaticJsonDocument<2048> doc; - JsonObject root = doc.to(); - - // Format numeric values as strings to avoid String object allocations - char len_str[16]; - char packet_type_str[16]; - char payload_len_str[16]; - char snr_str[16]; - char rssi_str[16]; - - snprintf(len_str, sizeof(len_str), "%d", len); - snprintf(packet_type_str, sizeof(packet_type_str), "%d", packet_type); - snprintf(payload_len_str, sizeof(payload_len_str), "%d", payload_len); - snprintf(snr_str, sizeof(snr_str), "%.1f", snr); - snprintf(rssi_str, sizeof(rssi_str), "%d", rssi); - - root["origin"] = origin; - root["origin_id"] = origin_id; - root["timestamp"] = timestamp; - root["type"] = "PACKET"; - root["direction"] = direction; - root["time"] = time; - root["date"] = date; - root["len"] = len_str; - root["packet_type"] = packet_type_str; - root["route"] = route; - root["payload_len"] = payload_len_str; - root["raw"] = raw; - root["SNR"] = snr_str; - root["RSSI"] = rssi_str; - root["hash"] = hash; - - if (path && strlen(path) > 0) { - root["path"] = path; - } - - size_t json_len = serializeJson(root, buffer, buffer_size); - return (json_len > 0 && json_len < buffer_size) ? json_len : 0; -} - -int MQTTMessageBuilder::buildRawMessage( - const char* origin, - const char* origin_id, - const char* timestamp, - const char* raw, - char* buffer, - size_t buffer_size -) { - // Use StaticJsonDocument to avoid heap fragmentation (fixed-size stack allocation) - StaticJsonDocument<512> doc; - JsonObject root = doc.to(); - - root["origin"] = origin; - root["origin_id"] = origin_id; - root["timestamp"] = timestamp; - root["type"] = "RAW"; - root["data"] = raw; - - size_t len = serializeJson(root, buffer, buffer_size); - return (len > 0 && len < buffer_size) ? len : 0; -} - -int MQTTMessageBuilder::buildPacketJSON( - mesh::Packet* packet, - bool is_tx, - const char* origin, - const char* origin_id, - Timezone* timezone, - char* buffer, - size_t buffer_size -) { - if (!packet) return 0; - - // Get current device time (should be UTC since system timezone is set to UTC) - time_t now = time(nullptr); - - // Convert to local time using timezone library (for timestamp field only) - time_t local_time = timezone ? timezone->toLocal(now) : now; - struct tm* local_timeinfo = localtime(&local_time); - - // Format timestamp in ISO 8601 format (LOCAL TIME) - char timestamp[32]; - if (local_timeinfo) { - strftime(timestamp, sizeof(timestamp), "%Y-%m-%dT%H:%M:%S.000000", local_timeinfo); - } else { - strcpy(timestamp, "2024-01-01T12:00:00.000000"); - } - - // Get UTC time (since system timezone is UTC, time() returns UTC) - struct tm* utc_timeinfo = gmtime(&now); - - // Format time and date (ALWAYS UTC) - char time_str[16]; - char date_str[16]; - if (utc_timeinfo) { - strftime(time_str, sizeof(time_str), "%H:%M:%S", utc_timeinfo); - strftime(date_str, sizeof(date_str), "%d/%m/%Y", utc_timeinfo); - } else { - strcpy(time_str, "12:00:00"); - strcpy(date_str, "01/01/2024"); - } - - // Convert packet to hex - // MAX_TRANS_UNIT is 255 bytes, hex = 510 chars, but allow for larger with headers - char raw_hex[1024]; - packetToHex(packet, raw_hex, sizeof(raw_hex)); - - // Get packet characteristics - int packet_type = packet->getPayloadType(); - const char* route_str = getRouteTypeString(packet->isRouteDirect() ? 1 : 0); - - // Create proper packet hash using MeshCore's calculatePacketHash method - char hash_str[17]; - uint8_t packet_hash[MAX_HASH_SIZE]; - packet->calculatePacketHash(packet_hash); - bytesToHex(packet_hash, MAX_HASH_SIZE, hash_str, sizeof(hash_str)); - - // Build path string for direct packets - char path_str[128] = ""; - if (packet->isRouteDirect() && packet->path_len > 0) { - // Simplified path representation - snprintf(path_str, sizeof(path_str), "path_len_%d", packet->path_len); - } - - return buildPacketMessage( - origin, origin_id, timestamp, - is_tx ? "tx" : "rx", - time_str, date_str, - packet->path_len + packet->payload_len + 2, - packet_type, route_str, - packet->payload_len, - raw_hex, - 12.5f, // SNR - using reasonable default - -65, // RSSI - using reasonable default - hash_str, - packet->isRouteDirect() ? path_str : nullptr, - buffer, buffer_size - ); -} - -int MQTTMessageBuilder::buildPacketJSONFromRaw( - const uint8_t* raw_data, - int raw_len, - mesh::Packet* packet, - bool is_tx, - const char* origin, - const char* origin_id, - float snr, - float rssi, - Timezone* timezone, - char* buffer, - size_t buffer_size -) { - if (!packet || !raw_data || raw_len <= 0) return 0; - - // Get current device time (should be UTC since system timezone is set to UTC) - time_t now = time(nullptr); - - // Convert to local time using timezone library (for timestamp field only) - time_t local_time = timezone ? timezone->toLocal(now) : now; - struct tm* local_timeinfo = localtime(&local_time); - - // Format timestamp in ISO 8601 format (LOCAL TIME) - char timestamp[32]; - if (local_timeinfo) { - strftime(timestamp, sizeof(timestamp), "%Y-%m-%dT%H:%M:%S.000000", local_timeinfo); - } else { - strcpy(timestamp, "2024-01-01T12:00:00.000000"); - } - - // Get UTC time (since system timezone is UTC, time() returns UTC) - struct tm* utc_timeinfo = gmtime(&now); - - // Format time and date (ALWAYS UTC) - char time_str[16]; - char date_str[16]; - if (utc_timeinfo) { - strftime(time_str, sizeof(time_str), "%H:%M:%S", utc_timeinfo); - strftime(date_str, sizeof(date_str), "%d/%m/%Y", utc_timeinfo); - } else { - strcpy(time_str, "12:00:00"); - strcpy(date_str, "01/01/2024"); - } - - // Convert raw radio data to hex (this includes radio headers) - // MAX_TRANS_UNIT is 255 bytes, hex = 510 chars, but allow for larger with headers - char raw_hex[1024]; - bytesToHex(raw_data, raw_len, raw_hex, sizeof(raw_hex)); - - // Get packet characteristics from the parsed packet - int packet_type = packet->getPayloadType(); - const char* route_str = getRouteTypeString(packet->isRouteDirect() ? 1 : 0); - - // Create proper packet hash using MeshCore's calculatePacketHash method - char hash_str[17]; - uint8_t packet_hash[MAX_HASH_SIZE]; - packet->calculatePacketHash(packet_hash); - bytesToHex(packet_hash, MAX_HASH_SIZE, hash_str, sizeof(hash_str)); - - // Build path string for direct packets - char path_str[128] = ""; - if (packet->isRouteDirect() && packet->path_len > 0) { - // Simplified path representation - snprintf(path_str, sizeof(path_str), "path_len_%d", packet->path_len); - } - - return buildPacketMessage( - origin, origin_id, timestamp, - is_tx ? "tx" : "rx", - time_str, date_str, - raw_len, // Use actual raw radio data length - packet_type, route_str, - packet->payload_len, - raw_hex, - snr, // Use actual SNR from radio - rssi, // Use actual RSSI from radio - hash_str, - packet->isRouteDirect() ? path_str : nullptr, - buffer, buffer_size - ); -} - -int MQTTMessageBuilder::buildRawJSON( - mesh::Packet* packet, - const char* origin, - const char* origin_id, - Timezone* timezone, - char* buffer, - size_t buffer_size -) { - if (!packet) return 0; - - // Get current device time - time_t now = time(nullptr); - - // Convert to local time using timezone library - time_t local_time = timezone ? timezone->toLocal(now) : now; - struct tm* timeinfo = localtime(&local_time); - - // Format timestamp in ISO 8601 format - char timestamp[32]; - if (timeinfo) { - strftime(timestamp, sizeof(timestamp), "%Y-%m-%dT%H:%M:%S.000000", timeinfo); - } else { - strcpy(timestamp, "2024-01-01T12:00:00.000000"); - } - - // Convert packet to hex - // MAX_TRANS_UNIT is 255, so max hex size is 510 chars + null = 511 bytes - char raw_hex[1024]; - packetToHex(packet, raw_hex, sizeof(raw_hex)); - - return buildRawMessage(origin, origin_id, timestamp, raw_hex, buffer, buffer_size); -} - -const char* MQTTMessageBuilder::getPacketTypeString(int packet_type) { - switch (packet_type) { - case 0: return "0"; // REQ - case 1: return "1"; // RESPONSE - case 2: return "2"; // TXT_MSG - case 3: return "3"; // ACK - case 4: return "4"; // ADVERT - case 5: return "5"; // GRP_TXT - case 6: return "6"; // GRP_DATA - case 7: return "7"; // ANON_REQ - case 8: return "8"; // PATH - case 9: return "9"; // TRACE - case 10: return "10"; // MULTIPART - case 11: return "11"; // Type11 - case 12: return "12"; // Type12 - case 13: return "13"; // Type13 - case 14: return "14"; // Type14 - case 15: return "15"; // RAW_CUSTOM - default: return "0"; - } -} - -const char* MQTTMessageBuilder::getRouteTypeString(int route_type) { - switch (route_type) { - case 0: return "F"; // FLOOD - case 1: return "D"; // DIRECT - case 2: return "T"; // TRANSPORT_DIRECT - default: return "U"; // UNKNOWN - } -} - -void MQTTMessageBuilder::formatTimestamp(unsigned long timestamp, char* buffer, size_t buffer_size) { - // Simplified timestamp formatting - in real implementation would use proper time - snprintf(buffer, buffer_size, "2024-01-01T12:00:00.000000"); -} - -void MQTTMessageBuilder::formatTime(unsigned long timestamp, char* buffer, size_t buffer_size) { - // Simplified time formatting - snprintf(buffer, buffer_size, "12:00:00"); -} - -void MQTTMessageBuilder::formatDate(unsigned long timestamp, char* buffer, size_t buffer_size) { - // Simplified date formatting - snprintf(buffer, buffer_size, "01/01/2024"); -} - -void MQTTMessageBuilder::bytesToHex(const uint8_t* data, size_t len, char* hex, size_t hex_size) { - if (hex_size < len * 2 + 1) return; - - for (size_t i = 0; i < len; i++) { - snprintf(hex + i * 2, 3, "%02X", data[i]); - } - hex[len * 2] = '\0'; -} - -void MQTTMessageBuilder::packetToHex(mesh::Packet* packet, char* hex, size_t hex_size) { - // Serialize full on-air/wire format using Packet::writeTo() - // This includes header, transport codes (if present), path_len, path, and payload - uint8_t raw_buf[512]; - uint8_t raw_len = packet->writeTo(raw_buf); - if (raw_len == 0 || raw_len > sizeof(raw_buf)) return; - - // Check if hex buffer is large enough (2 hex chars per byte + null terminator) - if (hex_size < (size_t)raw_len * 2 + 1) return; - - // Convert serialized packet to hex - bytesToHex(raw_buf, raw_len, hex, hex_size); -} \ No newline at end of file diff --git a/src/helpers/MQTTMessageBuilder.h b/src/helpers/MQTTMessageBuilder.h deleted file mode 100644 index 9106e20c9..000000000 --- a/src/helpers/MQTTMessageBuilder.h +++ /dev/null @@ -1,213 +0,0 @@ -#pragma once - -#include "MeshCore.h" -#include -#include -#include - -/** - * @brief Utility class for building MQTT JSON messages - * - * This class handles the formatting of mesh packets and device status - * into JSON messages for MQTT publishing according to the MeshCore - * packet capture specification. - */ -class MQTTMessageBuilder { -private: - static const int JSON_BUFFER_SIZE = 1024; - -public: - /** - * Build status message JSON - * - * @param origin Device name - * @param origin_id Device public key (hex string) - * @param model Device model - * @param firmware_version Firmware version - * @param radio Radio information - * @param client_version Client version - * @param status Connection status ("online" or "offline") - * @param timestamp ISO 8601 timestamp - * @param buffer Output buffer for JSON string - * @param buffer_size Size of output buffer - * @param battery_mv Battery voltage in millivolts (optional, -1 to omit) - * @param uptime_secs Uptime in seconds (optional, -1 to omit) - * @param errors Error flags (optional, -1 to omit) - * @param queue_len Queue length (optional, -1 to omit) - * @param noise_floor Noise floor in dBm (optional, -999 to omit) - * @param tx_air_secs TX air time in seconds (optional, -1 to omit) - * @param rx_air_secs RX air time in seconds (optional, -1 to omit) - * @return Length of JSON string, or 0 on error - */ - static int buildStatusMessage( - const char* origin, - const char* origin_id, - const char* model, - const char* firmware_version, - const char* radio, - const char* client_version, - const char* status, - const char* timestamp, - char* buffer, - size_t buffer_size, - int battery_mv = -1, - int uptime_secs = -1, - int errors = -1, - int queue_len = -1, - int noise_floor = -999, - int tx_air_secs = -1, - int rx_air_secs = -1 - ); - - /** - * Build packet message JSON - * - * @param origin Device name - * @param origin_id Device public key (hex string) - * @param timestamp ISO 8601 timestamp - * @param direction Packet direction ("rx" or "tx") - * @param time Time in HH:MM:SS format - * @param date Date in DD/MM/YYYY format - * @param len Total packet length - * @param packet_type Packet type code - * @param route Routing type - * @param payload_len Payload length - * @param raw Raw packet data (hex string) - * @param snr Signal-to-noise ratio - * @param rssi Received signal strength - * @param hash Packet hash - * @param path Routing path (for direct packets) - * @param buffer Output buffer for JSON string - * @param buffer_size Size of output buffer - * @return Length of JSON string, or 0 on error - */ - static int buildPacketMessage( - const char* origin, - const char* origin_id, - const char* timestamp, - const char* direction, - const char* time, - const char* date, - int len, - int packet_type, - const char* route, - int payload_len, - const char* raw, - float snr, - int rssi, - const char* hash, - const char* path, - char* buffer, - size_t buffer_size - ); - - /** - * Build raw message JSON - * - * @param origin Device name - * @param origin_id Device public key (hex string) - * @param timestamp ISO 8601 timestamp - * @param raw Raw packet data (hex string) - * @param buffer Output buffer for JSON string - * @param buffer_size Size of output buffer - * @return Length of JSON string, or 0 on error - */ - static int buildRawMessage( - const char* origin, - const char* origin_id, - const char* timestamp, - const char* raw, - char* buffer, - size_t buffer_size - ); - - /** - * Convert packet to JSON message - * - * @param packet Mesh packet - * @param is_tx Whether packet was transmitted (true) or received (false) - * @param origin Device name - * @param origin_id Device public key (hex string) - * @param buffer Output buffer for JSON string - * @param buffer_size Size of output buffer - * @return Length of JSON string, or 0 on error - */ - static int buildPacketJSON( - mesh::Packet* packet, - bool is_tx, - const char* origin, - const char* origin_id, - Timezone* timezone, - char* buffer, - size_t buffer_size - ); - - static int buildPacketJSONFromRaw( - const uint8_t* raw_data, - int raw_len, - mesh::Packet* packet, - bool is_tx, - const char* origin, - const char* origin_id, - float snr, - float rssi, - Timezone* timezone, - char* buffer, - size_t buffer_size - ); - - /** - * Convert packet to raw JSON message - * - * @param packet Mesh packet - * @param origin Device name - * @param origin_id Device public key (hex string) - * @param buffer Output buffer for JSON string - * @param buffer_size Size of output buffer - * @return Length of JSON string, or 0 on error - */ - static int buildRawJSON( - mesh::Packet* packet, - const char* origin, - const char* origin_id, - Timezone* timezone, - char* buffer, - size_t buffer_size - ); - -private: - /** - * Convert packet type to string - */ - static const char* getPacketTypeString(int packet_type); - - /** - * Convert route type to string - */ - static const char* getRouteTypeString(int route_type); - - /** - * Format timestamp to ISO 8601 format - */ - static void formatTimestamp(unsigned long timestamp, char* buffer, size_t buffer_size); - - /** - * Format time to HH:MM:SS format - */ - static void formatTime(unsigned long timestamp, char* buffer, size_t buffer_size); - - /** - * Format date to DD/MM/YYYY format - */ - static void formatDate(unsigned long timestamp, char* buffer, size_t buffer_size); - - /** - * Convert bytes to hex string (uppercase) - */ - static void bytesToHex(const uint8_t* data, size_t len, char* hex, size_t hex_size); - - /** - * Convert packet to hex string - */ - static void packetToHex(mesh::Packet* packet, char* hex, size_t hex_size); -}; diff --git a/src/helpers/bridges/MQTTBridge.cpp b/src/helpers/bridges/MQTTBridge.cpp deleted file mode 100644 index 54dba14b8..000000000 --- a/src/helpers/bridges/MQTTBridge.cpp +++ /dev/null @@ -1,2870 +0,0 @@ -#include "MQTTBridge.h" -#include "../MQTTMessageBuilder.h" -#include -#include -#include - -#ifdef ESP_PLATFORM -#include -#include -#include -#include -#include -#endif - -// Helper function to strip quotes from strings (both single and double quotes) -static void stripQuotes(char* str, size_t max_len) { - if (!str || max_len == 0) return; - - size_t len = strlen(str); - if (len == 0) return; - - // Remove leading quote (single or double) - if (str[0] == '"' || str[0] == '\'') { - memmove(str, str + 1, len); - len--; - } - - // Remove trailing quote (single or double) - if (len > 0 && (str[len-1] == '"' || str[len-1] == '\'')) { - str[len-1] = '\0'; - } -} - -// Helper function to check if WiFi credentials are valid -static bool isWiFiConfigValid(const NodePrefs* prefs) { - // Check if WiFi SSID is configured (not empty) - if (strlen(prefs->wifi_ssid) == 0) { - return false; - } - - // WiFi password can be empty for open networks, so we don't check it - - return true; -} - -#ifdef WITH_MQTT_BRIDGE - -MQTTBridge::MQTTBridge(NodePrefs *prefs, mesh::PacketManager *mgr, mesh::RTCClock *rtc, mesh::LocalIdentity *identity) - : BridgeBase(prefs, mgr, rtc), _mqtt_client(nullptr), - _active_brokers(0), _queue_count(0), - _last_status_publish(0), _last_status_retry(0), _status_interval(300000), // 5 minutes default - _ntp_client(_ntp_udp, "pool.ntp.org", 0, 60000), _last_ntp_sync(0), _ntp_synced(false), _ntp_sync_pending(false), - _timezone(nullptr), _last_raw_len(0), _last_snr(0), _last_rssi(0), _last_raw_timestamp(0), - _analyzer_us_enabled(false), _analyzer_eu_enabled(false), _identity(identity), - _analyzer_us_client(nullptr), _analyzer_eu_client(nullptr), _config_valid(false), - _cached_has_brokers(false), _cached_has_analyzer_servers(false), - _last_memory_check(0), _skipped_publishes(0), - _last_no_broker_log(0), _last_config_warning(0), _dispatcher(nullptr), _radio(nullptr), _board(nullptr), _ms(nullptr) -#ifdef ESP_PLATFORM - , _packet_queue_handle(nullptr), _mqtt_task_handle(nullptr), _raw_data_mutex(nullptr) -#else - , _queue_head(0), _queue_tail(0) -#endif -{ - - // Initialize default values - strncpy(_origin, "MeshCore-Repeater", sizeof(_origin) - 1); - strncpy(_iata, "XXX", sizeof(_iata) - 1); - strncpy(_device_id, "DEVICE_ID_PLACEHOLDER", sizeof(_device_id) - 1); - strncpy(_firmware_version, "unknown", sizeof(_firmware_version) - 1); - strncpy(_board_model, "unknown", sizeof(_board_model) - 1); - strncpy(_build_date, "unknown", sizeof(_build_date) - 1); - _status_enabled = true; - _packets_enabled = true; - _raw_enabled = false; - _tx_enabled = false; // Disable TX packets by default - - // Initialize MQTT server settings with defaults (empty/null values) - _prefs->mqtt_server[0] = '\0'; // Empty string - _prefs->mqtt_port = 0; // Invalid port - _prefs->mqtt_username[0] = '\0'; // Empty string - _prefs->mqtt_password[0] = '\0'; // Empty string - - // Override with build flags if defined -#ifdef MQTT_SERVER - strncpy(_prefs->mqtt_server, MQTT_SERVER, sizeof(_prefs->mqtt_server) - 1); -#endif -#ifdef MQTT_PORT - _prefs->mqtt_port = MQTT_PORT; -#endif -#ifdef MQTT_USERNAME - strncpy(_prefs->mqtt_username, MQTT_USERNAME, sizeof(_prefs->mqtt_username) - 1); -#endif -#ifdef MQTT_PASSWORD - strncpy(_prefs->mqtt_password, MQTT_PASSWORD, sizeof(_prefs->mqtt_password) - 1); -#endif - - // Initialize packet queue (FreeRTOS queue will be created in begin()) - #ifdef ESP_PLATFORM - // Queue and mutex will be created in begin() - #else - // Initialize circular buffer for non-ESP32 platforms - memset(_packet_queue, 0, sizeof(_packet_queue)); - for (int i = 0; i < MAX_QUEUE_SIZE; i++) { - _packet_queue[i].has_raw_data = false; - } - #endif - - // Initialize throttle log timers - _last_no_broker_log = 0; - _last_analyzer_us_log = 0; - _last_analyzer_eu_log = 0; - - // Set default broker configuration - setBrokerDefaults(); -} - -void MQTTBridge::begin() { - MQTT_DEBUG_PRINTLN("Initializing MQTT Bridge..."); - - // Check if WiFi credentials are configured first - if (!isWiFiConfigValid(_prefs)) { - MQTT_DEBUG_PRINTLN("MQTT Bridge initialization skipped - WiFi credentials not configured"); - return; - } - - // Validate custom MQTT broker configuration (optional) - _config_valid = isMQTTConfigValid(); - if (!_config_valid) { - MQTT_DEBUG_PRINTLN("No valid custom MQTT server configured - analyzer servers will still work"); - } else { - MQTT_DEBUG_PRINTLN("Custom MQTT server configuration is valid"); - } - - // Update origin and IATA from preferences - strncpy(_origin, _prefs->mqtt_origin, sizeof(_origin) - 1); - _origin[sizeof(_origin) - 1] = '\0'; - strncpy(_iata, _prefs->mqtt_iata, sizeof(_iata) - 1); - _iata[sizeof(_iata) - 1] = '\0'; - - // Strip quotes from MQTT server configuration if present - stripQuotes(_prefs->mqtt_server, sizeof(_prefs->mqtt_server)); - stripQuotes(_prefs->mqtt_username, sizeof(_prefs->mqtt_username)); - stripQuotes(_prefs->mqtt_password, sizeof(_prefs->mqtt_password)); - - // Strip quotes from origin and IATA if present - stripQuotes(_origin, sizeof(_origin)); - stripQuotes(_iata, sizeof(_iata)); - - // Convert IATA code to uppercase (IATA codes are conventionally uppercase) - for (int i = 0; _iata[i]; i++) { - _iata[i] = toupper(_iata[i]); - } - - // Update enabled flags from preferences - _status_enabled = _prefs->mqtt_status_enabled; - _packets_enabled = _prefs->mqtt_packets_enabled; - _raw_enabled = _prefs->mqtt_raw_enabled; - _tx_enabled = _prefs->mqtt_tx_enabled; - // Set status interval to 5 minutes (300000 ms), or use preference if set and valid - if (_prefs->mqtt_status_interval >= 1000 && _prefs->mqtt_status_interval <= 3600000) { - _status_interval = _prefs->mqtt_status_interval; - } else { - // Invalid or uninitialized value - fix it in preferences and use default - _prefs->mqtt_status_interval = 300000; // Fix the preference value - _status_interval = 300000; // 5 minutes default - } - - // Check for configuration mismatch: bridge.source=tx but mqtt.tx=off - checkConfigurationMismatch(); - - MQTT_DEBUG_PRINTLN("Config: Origin=%s, IATA=%s, Device=%s", _origin, _iata, _device_id); - - #ifdef ESP_PLATFORM - // Create FreeRTOS queue for thread-safe packet queuing - _packet_queue_handle = xQueueCreate(MAX_QUEUE_SIZE, sizeof(QueuedPacket)); - if (_packet_queue_handle == nullptr) { - MQTT_DEBUG_PRINTLN("Failed to create packet queue!"); - return; - } - - // Create mutex for raw radio data protection - _raw_data_mutex = xSemaphoreCreateMutex(); - if (_raw_data_mutex == nullptr) { - MQTT_DEBUG_PRINTLN("Failed to create raw data mutex!"); - vQueueDelete(_packet_queue_handle); - _packet_queue_handle = nullptr; - return; - } - - // Initialize PsychicMqttClient (will be used by task) - _mqtt_client = new PsychicMqttClient(); - - // Optimize MQTT client configuration for memory efficiency - optimizeMqttClientConfig(_mqtt_client, false); - - // Set up event callbacks for the main MQTT client - _mqtt_client->onConnect([this](bool sessionPresent) { - MQTT_DEBUG_PRINTLN("MQTT broker connected"); - for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { - if (_brokers[i].enabled && !_brokers[i].connected) { - _brokers[i].connected = true; - _active_brokers++; - // Update cached broker status - _cached_has_brokers = isAnyBrokerConnected(); - break; - } - } - }); - - _mqtt_client->onDisconnect([this](bool sessionPresent) { - MQTT_DEBUG_PRINTLN("MQTT broker disconnected"); - for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { - if (_brokers[i].connected) { - _brokers[i].connected = false; - _active_brokers--; - // Update cached broker status - _cached_has_brokers = isAnyBrokerConnected(); - break; - } - } - }); - - // Set default broker from preferences or build flags - setBroker(0, _prefs->mqtt_server, _prefs->mqtt_port, _prefs->mqtt_username, _prefs->mqtt_password, true); - - // Setup Let's Mesh Analyzer servers configuration - _analyzer_us_enabled = _prefs->mqtt_analyzer_us_enabled; - _analyzer_eu_enabled = _prefs->mqtt_analyzer_eu_enabled; - MQTT_DEBUG_PRINTLN("Analyzer servers - US: %s, EU: %s", - _analyzer_us_enabled ? "enabled" : "disabled", - _analyzer_eu_enabled ? "enabled" : "disabled"); - - // Create FreeRTOS task for MQTT/WiFi processing on Core 0 - #ifndef MQTT_TASK_CORE - #define MQTT_TASK_CORE 0 - #endif - #ifndef MQTT_TASK_STACK_SIZE - #define MQTT_TASK_STACK_SIZE 8192 // Reverted: 6144 was too small, caused boot loop after NTP sync - #endif - #ifndef MQTT_TASK_PRIORITY - #define MQTT_TASK_PRIORITY 1 - #endif - - BaseType_t task_result = xTaskCreatePinnedToCore( - mqttTask, // Task function - "MQTTBridge", // Task name - MQTT_TASK_STACK_SIZE, // Stack size - this, // Parameter (this pointer) - MQTT_TASK_PRIORITY, // Priority - &_mqtt_task_handle, // Task handle - MQTT_TASK_CORE // Core ID (0) - ); - - if (task_result != pdPASS) { - MQTT_DEBUG_PRINTLN("Failed to create MQTT task!"); - vQueueDelete(_packet_queue_handle); - _packet_queue_handle = nullptr; - vSemaphoreDelete(_raw_data_mutex); - _raw_data_mutex = nullptr; - delete _mqtt_client; - _mqtt_client = nullptr; - return; - } - - MQTT_DEBUG_PRINTLN("MQTT task created on Core %d", MQTT_TASK_CORE); - #else - // Non-ESP32: Initialize WiFi directly (no task) - WiFi.mode(WIFI_STA); - WiFi.setAutoReconnect(true); - WiFi.setAutoConnect(true); - WiFi.begin(_prefs->wifi_ssid, _prefs->wifi_password); - - // Initialize PsychicMqttClient - _mqtt_client = new PsychicMqttClient(); - optimizeMqttClientConfig(_mqtt_client, false); - - // Set up event callbacks - _mqtt_client->onConnect([this](bool sessionPresent) { - MQTT_DEBUG_PRINTLN("MQTT broker connected"); - for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { - if (_brokers[i].enabled && !_brokers[i].connected) { - _brokers[i].connected = true; - _active_brokers++; - // Update cached broker status - _cached_has_brokers = isAnyBrokerConnected(); - break; - } - } - }); - - _mqtt_client->onDisconnect([this](bool sessionPresent) { - MQTT_DEBUG_PRINTLN("MQTT broker disconnected"); - for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { - if (_brokers[i].connected) { - _brokers[i].connected = false; - _active_brokers--; - // Update cached broker status - _cached_has_brokers = isAnyBrokerConnected(); - break; - } - } - }); - - setBroker(0, _prefs->mqtt_server, _prefs->mqtt_port, _prefs->mqtt_username, _prefs->mqtt_password, true); - _analyzer_us_enabled = _prefs->mqtt_analyzer_us_enabled; - _analyzer_eu_enabled = _prefs->mqtt_analyzer_eu_enabled; - setupAnalyzerClients(); - connectToBrokers(); - #endif - - _initialized = true; - MQTT_DEBUG_PRINTLN("MQTT Bridge initialized"); -} - -void MQTTBridge::end() { - MQTT_DEBUG_PRINTLN("Stopping MQTT Bridge..."); - - #ifdef ESP_PLATFORM - // Delete FreeRTOS task first (it will clean up WiFi/MQTT connections) - if (_mqtt_task_handle != nullptr) { - vTaskDelete(_mqtt_task_handle); - _mqtt_task_handle = nullptr; - // Give task time to clean up - vTaskDelay(pdMS_TO_TICKS(100)); - } - - // Clean up queued packets from FreeRTOS queue - if (_packet_queue_handle != nullptr) { - QueuedPacket queued; - while (xQueueReceive(_packet_queue_handle, &queued, 0) == pdTRUE) { - if (queued.packet) { - _mgr->free(queued.packet); - queued.packet = nullptr; - } - _queue_count--; - } - vQueueDelete(_packet_queue_handle); - _packet_queue_handle = nullptr; - } - - // Delete mutex - if (_raw_data_mutex != nullptr) { - vSemaphoreDelete(_raw_data_mutex); - _raw_data_mutex = nullptr; - } - #else - // Disconnect from all brokers - for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { - if (_brokers[i].enabled && _brokers[i].connected) { - _mqtt_client->disconnect(); - _brokers[i].connected = false; - } - } - - // Disconnect analyzer clients - if (_analyzer_us_client) { - _analyzer_us_client->disconnect(); - delete _analyzer_us_client; - _analyzer_us_client = nullptr; - } - if (_analyzer_eu_client) { - _analyzer_eu_client->disconnect(); - delete _analyzer_eu_client; - _analyzer_eu_client = nullptr; - } - - // Clean up queued packets to prevent memory leaks - for (int i = 0; i < _queue_count; i++) { - int index = (_queue_head + i) % MAX_QUEUE_SIZE; - if (_packet_queue[index].packet) { - _mgr->free(_packet_queue[index].packet); - _packet_queue[index].packet = nullptr; - } - memset(&_packet_queue[index], 0, sizeof(QueuedPacket)); - } - - _queue_count = 0; - _queue_head = 0; - _queue_tail = 0; - memset(_packet_queue, 0, sizeof(_packet_queue)); - #endif - - // Clean up timezone object to prevent memory leak - if (_timezone) { - delete _timezone; - _timezone = nullptr; - } - - // Clean up resources - if (_mqtt_client) { - delete _mqtt_client; - _mqtt_client = nullptr; - } - - _initialized = false; - MQTT_DEBUG_PRINTLN("MQTT Bridge stopped"); -} - -#ifdef ESP_PLATFORM -void MQTTBridge::mqttTask(void* parameter) { - MQTTBridge* bridge = static_cast(parameter); - if (bridge) { - bridge->mqttTaskLoop(); - } - // Task should never return, but if it does, delete itself - vTaskDelete(nullptr); -} - -void MQTTBridge::initializeWiFiInTask() { - MQTT_DEBUG_PRINTLN("Initializing WiFi in MQTT task..."); - - // Initialize WiFi - WiFi.mode(WIFI_STA); - - // Enable automatic reconnection - ESP32 will handle reconnection automatically - WiFi.setAutoReconnect(true); - WiFi.setAutoConnect(true); - - // Set up WiFi event handlers for better diagnostics and immediate disconnection detection - WiFi.onEvent([this](WiFiEvent_t event, WiFiEventInfo_t info) { - switch(event) { - case ARDUINO_EVENT_WIFI_STA_GOT_IP: - MQTT_DEBUG_PRINTLN("WiFi connected: %s", IPAddress(info.got_ip.ip_info.ip.addr).toString().c_str()); - // Set flag to trigger NTP sync from loop() instead of doing it here - if (!_ntp_synced && !_ntp_sync_pending) { - _ntp_sync_pending = true; - } - break; - default: - break; - } - }); - - WiFi.begin(_prefs->wifi_ssid, _prefs->wifi_password); - - // WiFi connection is asynchronous - don't block here - // Auto-reconnect will handle connection in the background - - // Setup PsychicMqttClient WebSocket clients for analyzer servers - setupAnalyzerClients(); - - MQTT_DEBUG_PRINTLN("WiFi initialization started in task"); -} - -void MQTTBridge::mqttTaskLoop() { - // Initialize WiFi first - initializeWiFiInTask(); - - // Wait a bit for WiFi to start connecting - vTaskDelay(pdMS_TO_TICKS(1000)); - - // Main task loop - while (true) { - // Run the main MQTT bridge loop logic - // This replaces the original loop() method but runs in the task - - // Actively monitor and manage WiFi connection - static unsigned long last_wifi_check = 0; - static unsigned long last_wifi_reconnect_attempt = 0; - static wl_status_t last_wifi_status = WL_DISCONNECTED; - static bool wifi_status_initialized = false; - static unsigned long wifi_disconnected_time = 0; - - unsigned long now = millis(); - wl_status_t current_wifi_status = WiFi.status(); - - // Initialize last_wifi_status on first loop() call - if (!wifi_status_initialized) { - last_wifi_status = current_wifi_status; - wifi_status_initialized = true; - // Don't sync here - let the pending flag or transition handler do it - } - - // Check WiFi status every 10 seconds for faster detection - if (now - last_wifi_check > 10000) { - last_wifi_check = now; - - if (current_wifi_status == WL_CONNECTED) { - if (last_wifi_status != WL_CONNECTED) { - wifi_disconnected_time = 0; - // Configure WiFi power management for efficient operation - wifi_ps_type_t ps_mode; - uint8_t ps_pref = _prefs->wifi_power_save; - if (ps_pref == 1) { - ps_mode = WIFI_PS_NONE; - } else if (ps_pref == 2) { - ps_mode = WIFI_PS_MAX_MODEM; - } else { - ps_mode = WIFI_PS_MIN_MODEM; - } - esp_wifi_set_ps(ps_mode); - - // Set WiFi TX power - #ifdef MQTT_WIFI_TX_POWER - WiFi.setTxPower(MQTT_WIFI_TX_POWER); - #else - WiFi.setTxPower(WIFI_POWER_11dBm); - #endif - - // NTP sync will be handled by _ntp_sync_pending flag from WiFi event handler - // This prevents multiple simultaneous syncs - } - last_wifi_status = WL_CONNECTED; - } else { - if (last_wifi_status == WL_CONNECTED) { - wifi_disconnected_time = now; - } else if (wifi_disconnected_time > 0) { - unsigned long disconnected_duration = now - wifi_disconnected_time; - - // Try to force reconnection if disconnected for more than 30 seconds - if (disconnected_duration > 30000 && (now - last_wifi_reconnect_attempt) > 30000) { - last_wifi_reconnect_attempt = now; - WiFi.disconnect(); - WiFi.begin(_prefs->wifi_ssid, _prefs->wifi_password); - } - } - last_wifi_status = current_wifi_status; - } - } - - // Check for pending NTP sync (triggered from WiFi event handler) - if (_ntp_sync_pending && WiFi.status() == WL_CONNECTED) { - _ntp_sync_pending = false; - syncTimeWithNTP(); - } - - // Check if analyzer server settings have changed in preferences - static unsigned long last_analyzer_check = 0; - if (now - last_analyzer_check > 5000) { - last_analyzer_check = now; - if (_analyzer_us_enabled != _prefs->mqtt_analyzer_us_enabled || - _analyzer_eu_enabled != _prefs->mqtt_analyzer_eu_enabled) { - MQTT_DEBUG_PRINTLN("Analyzer settings changed - updating..."); - setupAnalyzerServers(); - } - } - - // Maintain broker connections - connectToBrokers(); - - // Maintain analyzer server connections - maintainAnalyzerConnections(); - - // Process packet queue - processPacketQueue(); - - // Periodic configuration check (throttled to avoid spam) - checkConfigurationMismatch(); - - // Periodic NTP sync (every hour) - only when connected - if (WiFi.status() == WL_CONNECTED && now - _last_ntp_sync > 3600000) { - syncTimeWithNTP(); - } - - // Publish status updates (handle millis() overflow correctly) - if (_status_enabled) { - // Use cached destination status (updated in connection callbacks) - early exit if no destinations - // Only refresh cache if status publish is enabled to avoid unnecessary checks - bool has_custom_brokers = _cached_has_brokers && _config_valid; - bool has_destinations = has_custom_brokers || _cached_has_analyzer_servers; - - // Early exit if no destinations - skip all the expensive logic below - if (!has_destinations) { - if (_last_status_retry != 0) { - _last_status_retry = 0; - } - } else { - bool should_publish = false; - - // First, check if we need to respect retry interval (prevents spam when publish keeps failing) - if (_last_status_retry != 0) { - unsigned long retry_elapsed = (now >= _last_status_retry) ? - (now - _last_status_retry) : - (ULONG_MAX - _last_status_retry + now + 1); - if (retry_elapsed < STATUS_RETRY_INTERVAL) { - // Too soon to retry - wait longer - should_publish = false; - } else { - // Retry interval has passed - allow retry - should_publish = true; - } - } else { - // No pending retry - check if normal interval has passed - // Handle case where _last_status_publish is 0 (first publish attempt) - if (_last_status_publish == 0) { - // First publish attempt - allow it immediately - should_publish = true; - } else { - // Calculate elapsed time since last successful publish - unsigned long elapsed = (now >= _last_status_publish) ? - (now - _last_status_publish) : - (ULONG_MAX - _last_status_publish + now + 1); - should_publish = (elapsed >= _status_interval); - } - } - - if (should_publish) { - // Only log elapsed time if we have a previous successful publish - if (_last_status_publish != 0) { - unsigned long elapsed = (now >= _last_status_publish) ? - (now - _last_status_publish) : - (ULONG_MAX - _last_status_publish + now + 1); - MQTT_DEBUG_PRINTLN("Status publish timer expired (elapsed: %lu ms, interval: %lu ms)", elapsed, _status_interval); - } else { - MQTT_DEBUG_PRINTLN("Status publish attempt (first publish or retry)"); - } - - _last_status_retry = now; - if (publishStatus()) { - _last_status_publish = now; - _last_status_retry = 0; - MQTT_DEBUG_PRINTLN("Status published successfully, next publish in %lu ms", _status_interval); - } else { - MQTT_DEBUG_PRINTLN("Status publish failed, will retry in %lu ms", STATUS_RETRY_INTERVAL); - // _last_status_retry already set above - will prevent immediate retry - } - } - } - } - - // Critical memory check (every 15 minutes) - only log warnings - static unsigned long last_critical_check = 0; - if (now - last_critical_check > 900000) { - size_t max_alloc = ESP.getMaxAllocHeap(); - if (max_alloc < 40000) { - MQTT_DEBUG_PRINTLN("CRITICAL: Low memory! Free: %d, Max: %d", ESP.getFreeHeap(), max_alloc); - } else if (max_alloc < 60000) { - MQTT_DEBUG_PRINTLN("WARNING: Memory pressure. Free: %d, Max: %d", ESP.getFreeHeap(), max_alloc); - } - last_critical_check = now; - } - - // Update cached analyzer server status periodically (every 5 seconds) - // This ensures cache stays accurate even if callbacks miss updates - static unsigned long last_analyzer_status_update = 0; - if (now - last_analyzer_status_update > 5000) { - _cached_has_analyzer_servers = (_analyzer_us_enabled && _analyzer_us_client && _analyzer_us_client->connected()) || - (_analyzer_eu_enabled && _analyzer_eu_client && _analyzer_eu_client->connected()); - last_analyzer_status_update = now; - } - - // Adaptive task delay based on work done - // Check if we have work to do (queue has packets or status needs publishing) - bool has_work = (_queue_count > 0); - if (!has_work && _status_enabled) { - // Check if status publish is needed soon - if (_last_status_publish == 0 || - (now - _last_status_publish >= (_status_interval - 10000))) { // Within 10s of next publish - has_work = true; - } - } - - // Adaptive delay: shorter when work pending, longer when idle - if (has_work) { - vTaskDelay(pdMS_TO_TICKS(5)); // 5ms delay when work pending - process faster - } else { - vTaskDelay(pdMS_TO_TICKS(50)); // 50ms delay when idle - save CPU - } - } -} -#endif - -bool MQTTBridge::isConfigValid() const { - return _config_valid; -} - -bool MQTTBridge::isConfigValid(const NodePrefs* prefs) { - // Check if MQTT server is configured (not default placeholder) - if (strlen(prefs->mqtt_server) == 0 || - strcmp(prefs->mqtt_server, "your-mqtt-broker.com") == 0) { - return false; - } - - // Check if MQTT port is valid - if (prefs->mqtt_port == 0 || prefs->mqtt_port > 65535) { - return false; - } - - // Username and password are optional - anonymous mode is supported - // Only reject if they contain the default placeholder values - if (strcmp(prefs->mqtt_username, "your-username") == 0) { - return false; - } - - if (strcmp(prefs->mqtt_password, "your-password") == 0) { - return false; - } - - return true; -} - -void MQTTBridge::checkConfigurationMismatch() { - // Check if bridge.source is set to tx (logTx) but mqtt.tx is disabled - // This would prevent packet publishing since sendPacket() requires both packets_enabled and tx_enabled - if (_prefs->bridge_pkt_src == 0 && _packets_enabled && !_tx_enabled) { - unsigned long now = millis(); - // Always log on first detection, then throttle to every 5 minutes to avoid spam - if (_last_config_warning == 0 || (now - _last_config_warning > CONFIG_WARNING_INTERVAL)) { - MQTT_DEBUG_PRINTLN("MQTT: Configuration mismatch detected! bridge.source=tx (logTx) but mqtt.tx=off. Packets will not be published. Run 'set bridge.source rx' or 'set mqtt.tx on' to fix."); - _last_config_warning = now; - } - } else { - // Configuration is correct, reset warning timer so we log immediately if it becomes wrong again - _last_config_warning = 0; - } -} - -bool MQTTBridge::isReady() const { - return _initialized && isWiFiConfigValid(_prefs); -} - -void MQTTBridge::loop() { - if (!_initialized) return; - - #ifdef ESP_PLATFORM - // On ESP32, loop() is a no-op - all processing happens in the FreeRTOS task - // This method is kept for API compatibility but does nothing - return; - #else - // Non-ESP32: Original loop implementation - // Actively monitor and manage WiFi connection - static unsigned long last_wifi_check = 0; - static unsigned long last_wifi_reconnect_attempt = 0; - static wl_status_t last_wifi_status = WL_DISCONNECTED; - static bool wifi_status_initialized = false; - static unsigned long wifi_disconnected_time = 0; - - unsigned long now = millis(); - wl_status_t current_wifi_status = WiFi.status(); - - // Initialize last_wifi_status on first loop() call - if (!wifi_status_initialized) { - last_wifi_status = current_wifi_status; - wifi_status_initialized = true; - if (current_wifi_status == WL_CONNECTED && !_ntp_synced) { - syncTimeWithNTP(); - } - } - - // Check WiFi status every 10 seconds for faster detection - if (now - last_wifi_check > 10000) { - last_wifi_check = now; - - if (current_wifi_status == WL_CONNECTED) { - if (last_wifi_status != WL_CONNECTED) { - wifi_disconnected_time = 0; - if (!_ntp_synced) { - syncTimeWithNTP(); - } - } - last_wifi_status = WL_CONNECTED; - } else { - if (last_wifi_status == WL_CONNECTED) { - wifi_disconnected_time = now; - } else if (wifi_disconnected_time > 0) { - unsigned long disconnected_duration = now - wifi_disconnected_time; - - // Try to force reconnection if disconnected for more than 30 seconds - if (disconnected_duration > 30000 && (now - last_wifi_reconnect_attempt) > 30000) { - last_wifi_reconnect_attempt = now; - WiFi.disconnect(); - WiFi.begin(_prefs->wifi_ssid, _prefs->wifi_password); - } - } - last_wifi_status = current_wifi_status; - } - } - - // Check for pending NTP sync (triggered from WiFi event handler) - if (_ntp_sync_pending && WiFi.status() == WL_CONNECTED) { - _ntp_sync_pending = false; - syncTimeWithNTP(); - } - - // Check if analyzer server settings have changed in preferences - static unsigned long last_analyzer_check = 0; - if (millis() - last_analyzer_check > 5000) { - last_analyzer_check = millis(); - if (_analyzer_us_enabled != _prefs->mqtt_analyzer_us_enabled || - _analyzer_eu_enabled != _prefs->mqtt_analyzer_eu_enabled) { - MQTT_DEBUG_PRINTLN("Analyzer settings changed - updating..."); - setupAnalyzerServers(); - } - } - - // Maintain broker connections - connectToBrokers(); - - // Maintain analyzer server connections - maintainAnalyzerConnections(); - - // Process packet queue - processPacketQueue(); - - // Periodic configuration check (throttled to avoid spam) - checkConfigurationMismatch(); - - // Periodic NTP sync (every hour) - only when connected - if (WiFi.status() == WL_CONNECTED && millis() - _last_ntp_sync > 3600000) { - syncTimeWithNTP(); - } - - // Publish status updates (handle millis() overflow correctly) - if (_status_enabled) { - // Use cached destination status (updated in connection callbacks) - early exit if no destinations - bool has_custom_brokers = _cached_has_brokers && _config_valid; - bool has_destinations = has_custom_brokers || _cached_has_analyzer_servers; - - // Only attempt to publish if we have destinations available - if (has_destinations) { - unsigned long now = millis(); - bool should_publish = false; - - // First, check if we need to respect retry interval (prevents spam when publish keeps failing) - if (_last_status_retry != 0) { - unsigned long retry_elapsed = (now >= _last_status_retry) ? - (now - _last_status_retry) : - (ULONG_MAX - _last_status_retry + now + 1); - if (retry_elapsed < STATUS_RETRY_INTERVAL) { - // Too soon to retry - wait longer - should_publish = false; - } else { - // Retry interval has passed - allow retry - should_publish = true; - } - } else { - // No pending retry - check if normal interval has passed - // Handle case where _last_status_publish is 0 (first publish attempt) - if (_last_status_publish == 0) { - // First publish attempt - allow it immediately - should_publish = true; - } else { - // Calculate elapsed time since last successful publish - unsigned long elapsed = (now >= _last_status_publish) ? - (now - _last_status_publish) : - (ULONG_MAX - _last_status_publish + now + 1); - should_publish = (elapsed >= _status_interval); - } - } - - if (should_publish) { - // Only log elapsed time if we have a previous successful publish - if (_last_status_publish != 0) { - unsigned long elapsed = (now >= _last_status_publish) ? - (now - _last_status_publish) : - (ULONG_MAX - _last_status_publish + now + 1); - MQTT_DEBUG_PRINTLN("Status publish timer expired (elapsed: %lu ms, interval: %lu ms)", elapsed, _status_interval); - } else { - MQTT_DEBUG_PRINTLN("Status publish attempt (first publish or retry)"); - } - - _last_status_retry = now; - if (publishStatus()) { - _last_status_publish = now; - _last_status_retry = 0; - MQTT_DEBUG_PRINTLN("Status published successfully, next publish in %lu ms", _status_interval); - } else { - MQTT_DEBUG_PRINTLN("Status publish failed, will retry in %lu ms", STATUS_RETRY_INTERVAL); - // _last_status_retry already set above - will prevent immediate retry - } - } - } else { - if (_last_status_retry != 0) { - _last_status_retry = 0; - } - } - - // Check if status hasn't been published successfully for too long - // If status publishes have been failing for > 10 minutes, force full MQTT reinitialization - if (_status_enabled && _last_status_publish != 0) { - unsigned long time_since_last_success = (now >= _last_status_publish) ? - (now - _last_status_publish) : - (ULONG_MAX - _last_status_publish + now + 1); - const unsigned long MAX_FAILURE_TIME_MS = 600000; // 10 minutes - - if (time_since_last_success > MAX_FAILURE_TIME_MS) { - static unsigned long last_reinit_log = 0; - if (now - last_reinit_log > 300000) { // Log every 5 minutes max - MQTT_DEBUG_PRINTLN("CRITICAL: Status publish has been failing for %lu ms (>%lu ms), forcing MQTT session reinitialization", - time_since_last_success, MAX_FAILURE_TIME_MS); - last_reinit_log = now; - } - - // Force full MQTT session reinitialization - // Disconnect all MQTT clients - if (_mqtt_client && _mqtt_client->connected()) { - _mqtt_client->disconnect(); - #ifdef ESP_PLATFORM - vTaskDelay(pdMS_TO_TICKS(100)); // Brief delay to allow disconnect - #else - delay(100); // Brief delay to allow disconnect - #endif - } - - // Disconnect analyzer clients - if (_analyzer_us_client && _analyzer_us_client->connected()) { - _analyzer_us_client->disconnect(); - } - if (_analyzer_eu_client && _analyzer_eu_client->connected()) { - _analyzer_eu_client->disconnect(); - } - - // Reset all broker connection states - for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { - if (_brokers[i].enabled) { - _brokers[i].connected = false; - _brokers[i].last_attempt = 0; // Allow immediate reconnect - } - } - _active_brokers = 0; - _cached_has_brokers = false; - _cached_has_analyzer_servers = false; - - // Reset status publish timestamp to allow fresh attempt after reconnection - _last_status_publish = 0; - _last_status_retry = 0; - - MQTT_DEBUG_PRINTLN("MQTT session reinitialized - reconnection will be attempted on next loop"); - } - } - } - #endif - - #ifdef ESP_PLATFORM - // Critical memory check (every 15 minutes) - only log warnings - static unsigned long last_critical_check = 0; - if (millis() - last_critical_check > 900000) { - size_t max_alloc = ESP.getMaxAllocHeap(); - if (max_alloc < 40000) { - MQTT_DEBUG_PRINTLN("CRITICAL: Low memory! Free: %d, Max: %d", ESP.getFreeHeap(), max_alloc); - } else if (max_alloc < 60000) { - MQTT_DEBUG_PRINTLN("WARNING: Memory pressure. Free: %d, Max: %d", ESP.getFreeHeap(), max_alloc); - } - last_critical_check = millis(); - } - #endif -} - -void MQTTBridge::onPacketReceived(mesh::Packet *packet) { - if (!_initialized || !_packets_enabled) return; - - // Check if we have any valid brokers to send to - bool has_valid_brokers = _config_valid || - (_analyzer_us_enabled && _analyzer_us_client) || - (_analyzer_eu_enabled && _analyzer_eu_client); - - if (!has_valid_brokers) return; - - // Queue packet for transmission - queuePacket(packet, false); -} - -void MQTTBridge::sendPacket(mesh::Packet *packet) { - if (!_initialized || !_packets_enabled || !_tx_enabled) return; - - // Queue packet for transmission (only if TX enabled) - queuePacket(packet, true); -} - -bool MQTTBridge::isMQTTConfigValid() { - // Check if MQTT server is configured (not default placeholder) - if (strlen(_prefs->mqtt_server) == 0 || - strcmp(_prefs->mqtt_server, "your-mqtt-broker.com") == 0) { - return false; - } - - // Check if MQTT port is valid - if (_prefs->mqtt_port == 0 || _prefs->mqtt_port > 65535) { - return false; - } - - // Username and password are optional - anonymous mode is supported - // Only reject if they contain the default placeholder values - if (strcmp(_prefs->mqtt_username, "your-username") == 0) { - return false; - } - - if (strcmp(_prefs->mqtt_password, "your-password") == 0) { - return false; - } - - return true; -} - -bool MQTTBridge::isIATAValid() const { - // Check if IATA code is configured (not empty, not default "XXX") - if (strlen(_iata) == 0 || strcmp(_iata, "XXX") == 0) { - return false; - } - return true; -} - -void MQTTBridge::connectToBrokers() { - // Check if MQTT configuration is valid before attempting connection - if (!_config_valid) { - return; - } - - // Check WiFi status first - don't attempt MQTT connection if WiFi is disconnected - if (WiFi.status() != WL_CONNECTED) { - // WiFi is not connected - skip MQTT connection attempts - // WiFi auto-reconnect will handle WiFi, then we can connect MQTT - static unsigned long last_wifi_warning = 0; - unsigned long now = millis(); - if (now - last_wifi_warning > 300000) { // Log every 5 minutes max - MQTT_DEBUG_PRINTLN("Skipping MQTT broker connection - WiFi not connected"); - last_wifi_warning = now; - } - return; - } - - // For now, connect to the first enabled broker - // TODO: Implement multi-broker support with PsychicMqttClient - for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { - if (!_brokers[i].enabled) continue; - - // Check if we need to attempt connection - // Allow immediate reconnect if last_attempt is 0 (was reset due to failure) - bool can_attempt = (_brokers[i].last_attempt == 0) || - (millis() - _brokers[i].last_attempt > _brokers[i].reconnect_interval); - - if (!_brokers[i].connected && can_attempt) { - MQTT_DEBUG_PRINTLN("Connecting to broker %d: %s:%d", i, _brokers[i].host, _brokers[i].port); - - // Generate unique client ID - char client_id[32]; - snprintf(client_id, sizeof(client_id), "%s_%d_%lu", _origin, i, millis()); - - // Set broker URI and connect using PsychicMqttClient API - char broker_uri[128]; - snprintf(broker_uri, sizeof(broker_uri), "mqtt://%s:%d", _brokers[i].host, _brokers[i].port); - _mqtt_client->setServer(broker_uri); - - // Set credentials if provided - if (strlen(_brokers[i].username) > 0) { - _mqtt_client->setCredentials(_brokers[i].username, _brokers[i].password); - } - - // Ensure we're disconnected before attempting new connection - if (_mqtt_client->connected()) { - _mqtt_client->disconnect(); - vTaskDelay(pdMS_TO_TICKS(100)); // Brief delay to allow disconnect to complete - } - - // Connect to the broker (PsychicMqttClient uses async connection) - _mqtt_client->connect(); - - // Update attempt timestamp - _brokers[i].last_attempt = millis(); - MQTT_DEBUG_PRINTLN("Initiating connection to broker %d", i); - } - - // Maintain connection and check for stale connections - if (_brokers[i].connected) { - // Check actual connection state - if it's stale, mark as disconnected and trigger reconnect - // PsychicMqttClient handles automatic reconnection internally, but we need to detect stale state - if (!_mqtt_client->connected()) { - MQTT_DEBUG_PRINTLN("Broker %d connection lost, marking for reconnect", i); - _brokers[i].connected = false; - _active_brokers--; - _brokers[i].last_attempt = 0; // Reset attempt time to allow immediate reconnect - // Update cached broker status - _cached_has_brokers = isAnyBrokerConnected(); - } - // Removed aggressive 4-hour health check that was causing connection instability. - // The MQTT client library handles connection health internally, and forcing - // disconnections on healthy connections was causing hours of downtime. - } else { - // Not connected - ensure we attempt reconnection if enough time has passed - // Reset last_attempt if it's been too long (prevents getting stuck) - if (_brokers[i].last_attempt > 0 && (millis() - _brokers[i].last_attempt) > 300000) { - // Been trying for more than 5 minutes - reset to allow fresh attempt - _brokers[i].last_attempt = 0; - } - } - } - - // Update cached broker status after connection attempts - _cached_has_brokers = isAnyBrokerConnected(); -} - -void MQTTBridge::processPacketQueue() { - #ifdef ESP_PLATFORM - // Use FreeRTOS queue - if (_packet_queue_handle == nullptr) { - return; - } - - // Update queue count from actual queue state - _queue_count = uxQueueMessagesWaiting(_packet_queue_handle); - - if (_queue_count == 0) { - return; - } - - // Use cached broker connection status to avoid redundant checks - bool has_connected_brokers = _cached_has_brokers || _cached_has_analyzer_servers; - - if (!has_connected_brokers) { - if (_queue_count > 0) { - unsigned long now = millis(); - if (now - _last_no_broker_log > NO_BROKER_LOG_INTERVAL) { - MQTT_DEBUG_PRINTLN("Queue has %d packets but no brokers connected", _queue_count); - _last_no_broker_log = now; - } - } - return; - } - - _last_no_broker_log = 0; - - // Process up to 1 packet per call to maintain responsiveness - int processed = 0; - int max_per_loop = 1; - unsigned long loop_start_time = millis(); - const unsigned long MAX_PROCESSING_TIME_MS = 30; - - while (processed < max_per_loop) { - unsigned long elapsed = millis() - loop_start_time; - if (elapsed > MAX_PROCESSING_TIME_MS) { - break; - } - - QueuedPacket queued; - // Try to receive from queue (non-blocking) - if (xQueueReceive(_packet_queue_handle, &queued, 0) != pdTRUE) { - break; // No more packets - } - - // Publish packet (use stored raw data if available) - publishPacket(queued.packet, queued.is_tx, - queued.has_raw_data ? queued.raw_data : nullptr, - queued.has_raw_data ? queued.raw_len : 0, - queued.has_raw_data ? queued.snr : 0.0f, - queued.has_raw_data ? queued.rssi : 0.0f); - - // Publish raw if enabled - if (_raw_enabled) { - publishRaw(queued.packet); - } - - // Free packet memory - // NOTE: PacketManager::free() is not thread-safe, but in practice this should be safe because: - // - Packets are allocated on Core 1 (main loop) and queued immediately - // - Once queued, packets are no longer accessed by Core 1 - // - Packets are only freed here on Core 0 (MQTT task) - // - There's no concurrent access to the same packet instance - // However, concurrent access to PacketManager's internal pool structures could theoretically - // cause issues. If problems occur, consider adding a mutex wrapper around PacketManager operations. - if (queued.packet) { - _mgr->free(queued.packet); - queued.packet = nullptr; - } - - _queue_count--; - processed++; - - // No need for vTaskDelay here - task already yields at end of main loop - } - #else - // Non-ESP32: Use circular buffer - if (_queue_count == 0) { - return; - } - - // Use cached broker connection status to avoid redundant checks - bool has_connected_brokers = _cached_has_brokers || _cached_has_analyzer_servers; - - if (!has_connected_brokers) { - if (_queue_count > 0) { - unsigned long now = millis(); - if (now - _last_no_broker_log > NO_BROKER_LOG_INTERVAL) { - MQTT_DEBUG_PRINTLN("Queue has %d packets but no brokers connected", _queue_count); - _last_no_broker_log = now; - } - } - return; - } - - _last_no_broker_log = 0; - - int processed = 0; - int max_per_loop = 1; - unsigned long loop_start_time = millis(); - const unsigned long MAX_PROCESSING_TIME_MS = 30; - - while (_queue_count > 0 && processed < max_per_loop) { - unsigned long elapsed = millis() - loop_start_time; - if (elapsed > MAX_PROCESSING_TIME_MS) { - break; - } - - QueuedPacket& queued = _packet_queue[_queue_head]; - - publishPacket(queued.packet, queued.is_tx, - queued.has_raw_data ? queued.raw_data : nullptr, - queued.has_raw_data ? queued.raw_len : 0, - queued.has_raw_data ? queued.snr : 0.0f, - queued.has_raw_data ? queued.rssi : 0.0f); - - if (_raw_enabled) { - publishRaw(queued.packet); - } - - if (queued.packet) { - _mgr->free(queued.packet); - queued.packet = nullptr; - } - - dequeuePacket(); - processed++; - } - #endif -} - -bool MQTTBridge::publishStatus() { - // Check if IATA is configured before attempting to publish - if (!isIATAValid()) { - static unsigned long last_iata_warning = 0; - unsigned long now = millis(); - // Only log this warning every 5 minutes to avoid spam - if (now - last_iata_warning > 300000) { - MQTT_DEBUG_PRINTLN("MQTT: Cannot publish status - IATA code not configured (current: '%s'). Please set mqtt.iata via CLI.", _iata); - last_iata_warning = now; - } - return false; - } - - // Memory pressure check: Use same threshold as packet publishes for consistency - // Status publishes should not be skipped more aggressively than packets - #ifdef ESP32 - unsigned long now = millis(); - if (now - _last_memory_check > 5000) { // Check every 5 seconds - size_t max_alloc = ESP.getMaxAllocHeap(); - if (max_alloc < 60000) { // Less than 60KB max alloc = severe fragmentation (same as packets) - static unsigned long last_status_skip_log = 0; - if (now - last_status_skip_log > 300000) { // Log every 5 minutes - MQTT_DEBUG_PRINTLN("MQTT: Skipping status publish due to memory pressure (Max alloc: %d)", max_alloc); - last_status_skip_log = now; - } - return false; // Skip status publish - } - _last_memory_check = now; - } - #endif - - // Use cached destination status to avoid redundant checks - // Note: Connection state is verified in connectToBrokers() which runs before publishStatus() - bool has_custom_brokers = _cached_has_brokers && _config_valid; - bool has_destinations = has_custom_brokers || _cached_has_analyzer_servers; - - if (!has_destinations) { - return false; // No destinations available - } - - // Don't do aggressive pre-check like before - if packets are publishing successfully, - // the connection is likely fine. The actual publish attempt will handle connection issues. - - // Status messages with stats can be larger (~400-500 bytes), so increase buffer size - char json_buffer[768]; // Increased from 512 to accommodate stats object - char origin_id[65]; - char timestamp[32]; - char radio_info[64]; - - // Get current timestamp in ISO 8601 format - struct tm timeinfo; - if (getLocalTime(&timeinfo)) { - strftime(timestamp, sizeof(timestamp), "%Y-%m-%dT%H:%M:%S.000000", &timeinfo); - } else { - strcpy(timestamp, "2024-01-01T12:00:00.000000"); - } - - // Build radio info string (freq,bw,sf,cr) - snprintf(radio_info, sizeof(radio_info), "%.6f,%.1f,%d,%d", - _prefs->freq, _prefs->bw, _prefs->sf, _prefs->cr); - - // Use actual device ID - strncpy(origin_id, _device_id, sizeof(origin_id) - 1); - origin_id[sizeof(origin_id) - 1] = '\0'; - - // Build client version string - char client_version[64]; - getClientVersion(client_version, sizeof(client_version)); - - // Collect stats on-demand if sources are available - int battery_mv = -1; - int uptime_secs = -1; - int errors = -1; - int noise_floor = -999; - int tx_air_secs = -1; - int rx_air_secs = -1; - - if (_board) { - battery_mv = _board->getBattMilliVolts(); - } - if (_ms) { - uptime_secs = _ms->getMillis() / 1000; - } - if (_dispatcher) { - errors = _dispatcher->getErrFlags(); - tx_air_secs = _dispatcher->getTotalAirTime() / 1000; - rx_air_secs = _dispatcher->getReceiveAirTime() / 1000; - } - if (_radio) { - noise_floor = (int16_t)_radio->getNoiseFloor(); - } - - // Build status message with stats - int len = MQTTMessageBuilder::buildStatusMessage( - _origin, - origin_id, - _board_model, // model - now dynamic! - _firmware_version, // firmware version - radio_info, - client_version, // client version - "online", - timestamp, - json_buffer, - sizeof(json_buffer), - battery_mv, - uptime_secs, - errors, - _queue_count, // Use current queue length - noise_floor, - tx_air_secs, - rx_air_secs - ); - - if (len > 0) { - bool published = false; - - // Build topic string once and reuse (optimization: avoid redundant snprintf calls) - char topic[128]; - snprintf(topic, sizeof(topic), "meshcore/%s/%s/status", _iata, _device_id); - size_t json_len = strlen(json_buffer); // Cache length to avoid multiple strlen() calls - - // Publish to all connected custom brokers - // Use same logic as packet publishes for consistency - if (_config_valid && _mqtt_client) { - // Share the same broker URI tracking as packet publishes to avoid sync issues - // Track last broker URI to avoid calling setServer() unnecessarily (memory optimization) - // setServer() may allocate memory, so we only call it when the broker changes - static char last_broker_uri_shared[128] = ""; - - for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { - // Verify broker is actually connected (state might be stale) - if (_brokers[i].enabled && _brokers[i].connected) { - // Check connection state right before publish (like packet publishes do) - if (!_mqtt_client->connected()) { - // Connection lost - mark as disconnected but don't disconnect here - // (packet publishes handle this more gracefully) - _brokers[i].connected = false; - _active_brokers--; - _brokers[i].last_attempt = 0; - _cached_has_brokers = isAnyBrokerConnected(); - continue; - } - - // Build broker URI - char broker_uri[128]; - snprintf(broker_uri, sizeof(broker_uri), "mqtt://%s:%d", _brokers[i].host, _brokers[i].port); - - // Only call setServer() if broker URI changed (reduces memory allocations) - if (strcmp(broker_uri, last_broker_uri_shared) != 0) { - _mqtt_client->setServer(broker_uri); - strncpy(last_broker_uri_shared, broker_uri, sizeof(last_broker_uri_shared) - 1); - last_broker_uri_shared[sizeof(last_broker_uri_shared) - 1] = '\0'; - } - - // Publish with timeout check - don't block if connection is slow - int publish_result = _mqtt_client->publish(topic, 1, true, json_buffer, json_len); - if (publish_result > 0) { - published = true; - } else { - // Publish failed - connection may be stale, force disconnect and mark for reconnect - static unsigned long last_status_publish_fail_log = 0; - unsigned long now = millis(); - if (now - last_status_publish_fail_log > 60000) { // Log every minute max - MQTT_DEBUG_PRINTLN("Status publish failed (result=%d), forcing broker %d reconnect", publish_result, i); - last_status_publish_fail_log = now; - } - // Force disconnect to trigger reconnection - if (_mqtt_client->connected()) { - _mqtt_client->disconnect(); - } - _brokers[i].connected = false; - _active_brokers--; - _brokers[i].last_attempt = 0; // Reset attempt time to allow immediate reconnect - // Update cached broker status - _cached_has_brokers = isAnyBrokerConnected(); - } - } - } - } else if (_config_valid) { - // Connection state is out of sync - mark all brokers as disconnected - // (Same logic as packet publishes) - for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { - if (_brokers[i].enabled && _brokers[i].connected) { - _brokers[i].connected = false; - _active_brokers--; - } - } - _cached_has_brokers = false; - } - - // Always publish to Let's Mesh Analyzer servers if enabled and connected - // Use shared helper function to publish same JSON to both servers (avoids duplication) - // Use same memory threshold as main check (60000) for consistency - if (_cached_has_analyzer_servers) { - #ifdef ESP32 - size_t max_alloc = ESP.getMaxAllocHeap(); - if (max_alloc >= 60000) { // Same threshold as main memory check - #endif - // publishToAnalyzerServers returns true if at least one publish succeeded - if (publishToAnalyzerServers(topic, json_buffer, true)) { // retained=true for status - published = true; - } - #ifdef ESP32 - } - #endif - } - - // Return true if we successfully published to at least one destination - if (published) { - MQTT_DEBUG_PRINTLN("Status published"); - return true; - } - } - - return false; // Failed to build or publish message -} - -void MQTTBridge::publishPacket(mesh::Packet* packet, bool is_tx, - const uint8_t* raw_data, int raw_len, - float snr, float rssi) { - if (!packet) return; - - // Check if IATA is configured before attempting to publish - if (!isIATAValid()) { - static unsigned long last_iata_warning = 0; - unsigned long now = millis(); - // Only log this warning every 5 minutes to avoid spam - if (now - last_iata_warning > 300000) { - MQTT_DEBUG_PRINTLN("MQTT: Cannot publish packet - IATA code not configured (current: '%s'). Please set mqtt.iata via CLI.", _iata); - last_iata_warning = now; - } - return; - } - - // Memory pressure check: Skip publishes when heap is severely fragmented - // This prevents further fragmentation and allows memory to recover - // Threshold: Max alloc < 60KB indicates severe fragmentation - #ifdef ESP32 - unsigned long now = millis(); - if (now - _last_memory_check > 5000) { // Check every 5 seconds - size_t max_alloc = ESP.getMaxAllocHeap(); - if (max_alloc < 60000) { // Less than 60KB max alloc = severe fragmentation - _skipped_publishes++; - static unsigned long last_skip_log = 0; - if (now - last_skip_log > 60000) { // Log every minute - MQTT_DEBUG_PRINTLN("MQTT: Skipping publish due to memory pressure (Max alloc: %d, skipped: %d)", max_alloc, _skipped_publishes); - last_skip_log = now; - } - return; // Skip this publish to allow memory to recover - } - _last_memory_check = now; - } - #endif - - // Size-adaptive buffer: estimate needed size based on packet size - // Most packets are <100 bytes (need ~400 byte JSON), large packets need ~1500 bytes - // Optimized: Use 1024 bytes for most packets, only 2048 for very large packets (>200 bytes) - int packet_size = packet->getRawLength(); - size_t json_buffer_size = (packet_size > 200) ? 2048 : 1024; - // Allocate buffer based on actual needed size to save stack memory - char json_buffer[1024]; // Default to 1024, will handle large packets separately if needed - char json_buffer_large[2048]; // Only used for large packets - char* active_buffer = (packet_size > 200) ? json_buffer_large : json_buffer; - size_t active_buffer_size = (packet_size > 200) ? 2048 : 1024; - char origin_id[65]; - - // Use actual device ID - strncpy(origin_id, _device_id, sizeof(origin_id) - 1); - origin_id[sizeof(origin_id) - 1] = '\0'; - - // Build packet message using raw radio data if provided - // Use size-adaptive buffer size based on actual packet size - int len; - if (raw_data && raw_len > 0) { - // Use provided raw radio data - len = MQTTMessageBuilder::buildPacketJSONFromRaw( - raw_data, raw_len, packet, is_tx, _origin, origin_id, - snr, rssi, _timezone, active_buffer, active_buffer_size - ); - } else if (_last_raw_len > 0 && (millis() - _last_raw_timestamp) < 1000) { - // Fallback to global raw radio data (within 1 second of packet) - len = MQTTMessageBuilder::buildPacketJSONFromRaw( - _last_raw_data, _last_raw_len, packet, is_tx, _origin, origin_id, - _last_snr, _last_rssi, _timezone, active_buffer, active_buffer_size - ); - } else { - // Fallback to reconstructed packet data - len = MQTTMessageBuilder::buildPacketJSON( - packet, is_tx, _origin, origin_id, _timezone, active_buffer, active_buffer_size - ); - } - - if (len > 0) { - // Build topic string once and reuse (optimization: avoid redundant snprintf calls) - char topic[128]; - snprintf(topic, sizeof(topic), "meshcore/%s/%s/packets", _iata, _device_id); - size_t json_len = strlen(active_buffer); // Cache length to avoid multiple strlen() calls - - // Publish to custom brokers (only if config is valid) - // Double-check client is actually connected before attempting publish - if (_config_valid && _mqtt_client && _mqtt_client->connected()) { - // Track last broker URI to avoid calling setServer() unnecessarily (memory optimization) - // setServer() may allocate memory, so we only call it when the broker changes - static char last_broker_uri[128] = ""; - - for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { - // Verify broker is actually connected (state might be stale) - if (_brokers[i].enabled && _brokers[i].connected && _mqtt_client->connected()) { - // Build broker URI - char broker_uri[128]; - snprintf(broker_uri, sizeof(broker_uri), "mqtt://%s:%d", _brokers[i].host, _brokers[i].port); - - // Only call setServer() if broker URI changed (reduces memory allocations) - if (strcmp(broker_uri, last_broker_uri) != 0) { - _mqtt_client->setServer(broker_uri); - strncpy(last_broker_uri, broker_uri, sizeof(last_broker_uri) - 1); - last_broker_uri[sizeof(last_broker_uri) - 1] = '\0'; - } - - // Publish with timeout check - don't block if connection is slow - // This prevents blocking the main loop when MQTT broker is slow or unresponsive - int publish_result = _mqtt_client->publish(topic, 1, false, active_buffer, json_len); // qos=1, retained=false - if (publish_result <= 0) { - // Publish failed - connection may be stale, force disconnect and mark for reconnect - static unsigned long last_publish_fail_log = 0; - unsigned long now = millis(); - if (now - last_publish_fail_log > 60000) { // Log every minute max - MQTT_DEBUG_PRINTLN("Publish failed (result=%d), forcing broker %d reconnect", publish_result, i); - last_publish_fail_log = now; - } - // Force disconnect to trigger reconnection - if (_mqtt_client->connected()) { - _mqtt_client->disconnect(); - } - _brokers[i].connected = false; - _active_brokers--; - _brokers[i].last_attempt = 0; // Reset attempt time to allow immediate reconnect - // Update cached broker status - _cached_has_brokers = isAnyBrokerConnected(); - } - } - } - } else if (_config_valid) { - // Connection state is out of sync - mark all brokers as disconnected - for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { - if (_brokers[i].enabled && _brokers[i].connected) { - _brokers[i].connected = false; - _active_brokers--; - } - } - } - - // Always publish to Let's Mesh Analyzer servers (independent of custom broker config) - // Skip analyzer servers if memory is severely fragmented (they're less critical than custom brokers) - #ifdef ESP32 - size_t max_alloc = ESP.getMaxAllocHeap(); - if (max_alloc >= 60000) { // Only publish to analyzer servers if memory is OK - publishToAnalyzerServers(topic, json_buffer, false); - } - #else - publishToAnalyzerServers(topic, json_buffer, false); - #endif - } else { - // Debug: log when packet message building fails - uint8_t packet_type = packet->getPayloadType(); - if (packet_type == 4 || packet_type == 9) { // ADVERT or TRACE - MQTT_DEBUG_PRINTLN("Failed to build packet JSON for type=%d (len=%d), packet not published", packet_type, len); - } - } -} - -void MQTTBridge::publishRaw(mesh::Packet* packet) { - if (!packet) return; - - // Check if IATA is configured before attempting to publish - if (!isIATAValid()) { - static unsigned long last_iata_warning = 0; - unsigned long now = millis(); - // Only log this warning every 5 minutes to avoid spam - if (now - last_iata_warning > 300000) { - MQTT_DEBUG_PRINTLN("MQTT: Cannot publish raw packet - IATA code not configured (current: '%s'). Please set mqtt.iata via CLI.", _iata); - last_iata_warning = now; - } - return; - } - - // Size-adaptive buffer for raw JSON: use 1024 for most packets, 2048 for large ones - int packet_size = packet->getRawLength(); - char json_buffer[1024]; // Default to 1024, will handle large packets separately if needed - char json_buffer_large[2048]; // Only used for large packets - char* active_buffer = (packet_size > 200) ? json_buffer_large : json_buffer; - size_t active_buffer_size = (packet_size > 200) ? 2048 : 1024; - char origin_id[65]; - - // Use actual device ID - strncpy(origin_id, _device_id, sizeof(origin_id) - 1); - origin_id[sizeof(origin_id) - 1] = '\0'; - - // Build raw message - int len = MQTTMessageBuilder::buildRawJSON( - packet, _origin, origin_id, _timezone, active_buffer, active_buffer_size - ); - - if (len > 0) { - // Build topic string once and reuse (optimization: avoid redundant snprintf calls) - char topic[128]; - snprintf(topic, sizeof(topic), "meshcore/%s/%s/raw", _iata, _device_id); - size_t json_len = strlen(active_buffer); // Cache length to avoid multiple strlen() calls - - // Publish to custom brokers (only if config is valid) - // Double-check client is actually connected before attempting publish - if (_config_valid && _mqtt_client && _mqtt_client->connected()) { - // Track last broker URI to avoid calling setServer() unnecessarily (memory optimization) - // setServer() may allocate memory, so we only call it when the broker changes - static char last_broker_uri_raw[128] = ""; - - for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { - // Verify broker is actually connected (state might be stale) - if (_brokers[i].enabled && _brokers[i].connected && _mqtt_client->connected()) { - // Build broker URI - char broker_uri[128]; - snprintf(broker_uri, sizeof(broker_uri), "mqtt://%s:%d", _brokers[i].host, _brokers[i].port); - - // Only call setServer() if broker URI changed (reduces memory allocations) - if (strcmp(broker_uri, last_broker_uri_raw) != 0) { - _mqtt_client->setServer(broker_uri); - strncpy(last_broker_uri_raw, broker_uri, sizeof(last_broker_uri_raw) - 1); - last_broker_uri_raw[sizeof(last_broker_uri_raw) - 1] = '\0'; - } - - // Publish with timeout check - don't block if connection is slow - int publish_result = _mqtt_client->publish(topic, 1, false, active_buffer, json_len); // qos=1, retained=false - if (publish_result <= 0) { - // Publish failed - connection may be stale, force disconnect and mark for reconnect - static unsigned long last_raw_publish_fail_log = 0; - unsigned long now = millis(); - if (now - last_raw_publish_fail_log > 60000) { // Log every minute max - MQTT_DEBUG_PRINTLN("Raw publish failed (result=%d), forcing broker %d reconnect", publish_result, i); - last_raw_publish_fail_log = now; - } - // Force disconnect to trigger reconnection - if (_mqtt_client->connected()) { - _mqtt_client->disconnect(); - } - _brokers[i].connected = false; - _active_brokers--; - _brokers[i].last_attempt = 0; // Reset attempt time to allow immediate reconnect - // Update cached broker status - _cached_has_brokers = isAnyBrokerConnected(); - } - } - } - } - - // Always publish to Let's Mesh Analyzer servers (independent of custom broker config) - // Skip analyzer servers if memory is severely fragmented (they're less critical than custom brokers) - #ifdef ESP32 - size_t max_alloc = ESP.getMaxAllocHeap(); - if (max_alloc >= 60000) { // Only publish to analyzer servers if memory is OK - publishToAnalyzerServers(topic, active_buffer, false); - } - #else - publishToAnalyzerServers(topic, active_buffer, false); - #endif - } -} - -void MQTTBridge::queuePacket(mesh::Packet* packet, bool is_tx) { - #ifdef ESP_PLATFORM - // Use FreeRTOS queue for thread-safe operation - if (_packet_queue_handle == nullptr) { - return; // Queue not initialized - } - - QueuedPacket queued; - memset(&queued, 0, sizeof(QueuedPacket)); - - queued.packet = packet; - queued.timestamp = millis(); - queued.is_tx = is_tx; - queued.has_raw_data = false; - - // Capture raw radio data with mutex protection - // Use non-blocking mutex to prevent Core 1 from blocking - if mutex is busy, skip raw data - if (!is_tx) { - if (xSemaphoreTake(_raw_data_mutex, 0) == pdTRUE) { - unsigned long current_time = millis(); - if (_last_raw_len > 0 && (current_time - _last_raw_timestamp) < 1000) { - if (_last_raw_len <= sizeof(queued.raw_data)) { - memcpy(queued.raw_data, _last_raw_data, _last_raw_len); - queued.raw_len = _last_raw_len; - queued.snr = _last_snr; - queued.rssi = _last_rssi; - queued.has_raw_data = true; - } - } - xSemaphoreGive(_raw_data_mutex); - } - // If mutex unavailable, packet is queued without raw data (acceptable trade-off for responsiveness) - } - - // Try to send to queue (non-blocking) - if (xQueueSend(_packet_queue_handle, &queued, 0) != pdTRUE) { - // Queue full - try to remove oldest packet - QueuedPacket oldest; - if (xQueueReceive(_packet_queue_handle, &oldest, 0) == pdTRUE) { - if (oldest.packet) { - MQTT_DEBUG_PRINTLN("Queue full, dropping oldest packet"); - _mgr->free(oldest.packet); - } - // Now try to send again - if (xQueueSend(_packet_queue_handle, &queued, 0) != pdTRUE) { - MQTT_DEBUG_PRINTLN("Failed to queue packet after dropping oldest"); - return; - } - } else { - MQTT_DEBUG_PRINTLN("Queue full and cannot remove oldest packet"); - return; - } - } - - // Update queue count (approximate, since we can't atomically update it) - UBaseType_t queue_messages = uxQueueMessagesWaiting(_packet_queue_handle); - _queue_count = queue_messages; - #else - // Non-ESP32: Use circular buffer - if (_queue_count >= MAX_QUEUE_SIZE) { - QueuedPacket& oldest = _packet_queue[_queue_head]; - if (oldest.packet) { - MQTT_DEBUG_PRINTLN("Queue full, dropping oldest packet (queue size: %d)", _queue_count); - _mgr->free(oldest.packet); - oldest.packet = nullptr; - } - dequeuePacket(); - } - - QueuedPacket& queued = _packet_queue[_queue_tail]; - memset(&queued, 0, sizeof(QueuedPacket)); - - queued.packet = packet; - queued.timestamp = millis(); - queued.is_tx = is_tx; - queued.has_raw_data = false; - - if (!is_tx && _last_raw_len > 0 && (millis() - _last_raw_timestamp) < 1000) { - if (_last_raw_len <= sizeof(queued.raw_data)) { - memcpy(queued.raw_data, _last_raw_data, _last_raw_len); - queued.raw_len = _last_raw_len; - queued.snr = _last_snr; - queued.rssi = _last_rssi; - queued.has_raw_data = true; - } - } - - _queue_tail = (_queue_tail + 1) % MAX_QUEUE_SIZE; - _queue_count++; - #endif -} - -void MQTTBridge::dequeuePacket() { - #ifdef ESP_PLATFORM - // On ESP32, dequeuePacket() is not used - we use FreeRTOS queue operations directly - // This method should never be called on ESP32 - return; - #else - // Non-ESP32: Use circular buffer - if (_queue_count == 0) return; - - // Clear the dequeued packet structure to free memory and prevent stale data - QueuedPacket& dequeued = _packet_queue[_queue_head]; - memset(&dequeued, 0, sizeof(QueuedPacket)); - dequeued.has_raw_data = false; // Explicitly set after memset - - _queue_head = (_queue_head + 1) % MAX_QUEUE_SIZE; - _queue_count--; - #endif -} - -bool MQTTBridge::isAnyBrokerConnected() { - for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { - if (_brokers[i].enabled && _brokers[i].connected) { - return true; - } - } - return false; -} - -void MQTTBridge::setBrokerDefaults() { - for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { - memset(&_brokers[i], 0, sizeof(MQTTBroker)); - _brokers[i].port = 1883; - _brokers[i].qos = 0; - _brokers[i].enabled = false; - _brokers[i].connected = false; - _brokers[i].reconnect_interval = 5000; // 5 seconds - } -} - -void MQTTBridge::setBroker(int broker_index, const char* host, uint16_t port, - const char* username, const char* password, bool enabled) { - if (broker_index < 0 || broker_index >= MAX_MQTT_BROKERS_COUNT) return; - - MQTTBroker& broker = _brokers[broker_index]; - strncpy(broker.host, host, sizeof(broker.host) - 1); - broker.port = port; - strncpy(broker.username, username, sizeof(broker.username) - 1); - strncpy(broker.password, password, sizeof(broker.password) - 1); - broker.enabled = enabled; - broker.connected = false; - broker.reconnect_interval = 5000; -} - -void MQTTBridge::setOrigin(const char* origin) { - strncpy(_origin, origin, sizeof(_origin) - 1); - _origin[sizeof(_origin) - 1] = '\0'; -} - -void MQTTBridge::setIATA(const char* iata) { - strncpy(_iata, iata, sizeof(_iata) - 1); - _iata[sizeof(_iata) - 1] = '\0'; - // Convert IATA code to uppercase (IATA codes are conventionally uppercase) - for (int i = 0; _iata[i]; i++) { - _iata[i] = toupper(_iata[i]); - } -} - -void MQTTBridge::setDeviceID(const char* device_id) { - strncpy(_device_id, device_id, sizeof(_device_id) - 1); - _device_id[sizeof(_device_id) - 1] = '\0'; - MQTT_DEBUG_PRINTLN("Device ID set to: %s", _device_id); -} - -void MQTTBridge::setFirmwareVersion(const char* firmware_version) { - strncpy(_firmware_version, firmware_version, sizeof(_firmware_version) - 1); - _firmware_version[sizeof(_firmware_version) - 1] = '\0'; -} - -void MQTTBridge::setBoardModel(const char* board_model) { - strncpy(_board_model, board_model, sizeof(_board_model) - 1); - _board_model[sizeof(_board_model) - 1] = '\0'; -} - -void MQTTBridge::setBuildDate(const char* build_date) { - strncpy(_build_date, build_date, sizeof(_build_date) - 1); - _build_date[sizeof(_build_date) - 1] = '\0'; -} - -void MQTTBridge::storeRawRadioData(const uint8_t* raw_data, int len, float snr, float rssi) { - if (len > 0 && len <= sizeof(_last_raw_data)) { - #ifdef ESP_PLATFORM - // Protect with mutex for thread-safe access - if (_raw_data_mutex != nullptr && xSemaphoreTake(_raw_data_mutex, pdMS_TO_TICKS(100)) == pdTRUE) { - memcpy(_last_raw_data, raw_data, len); - _last_raw_len = len; - _last_snr = snr; - _last_rssi = rssi; - _last_raw_timestamp = millis(); - xSemaphoreGive(_raw_data_mutex); - MQTT_DEBUG_PRINTLN("Stored raw radio data: %d bytes, SNR=%.1f, RSSI=%.1f", len, snr, rssi); - } - #else - memcpy(_last_raw_data, raw_data, len); - _last_raw_len = len; - _last_snr = snr; - _last_rssi = rssi; - _last_raw_timestamp = millis(); - MQTT_DEBUG_PRINTLN("Stored raw radio data: %d bytes, SNR=%.1f, RSSI=%.1f", len, snr, rssi); - #endif - } -} - -void MQTTBridge::setupAnalyzerServers() { - // Update analyzer server settings from preferences - bool previous_us_enabled = _analyzer_us_enabled; - bool previous_eu_enabled = _analyzer_eu_enabled; - - _analyzer_us_enabled = _prefs->mqtt_analyzer_us_enabled; - _analyzer_eu_enabled = _prefs->mqtt_analyzer_eu_enabled; - - MQTT_DEBUG_PRINTLN("Analyzer servers - US: %s, EU: %s", - _analyzer_us_enabled ? "enabled" : "disabled", - _analyzer_eu_enabled ? "enabled" : "disabled"); - - // Create authentication token if any analyzer servers are enabled - // Only create tokens if WiFi is connected and NTP is synced (to ensure correct timestamps) - if (_analyzer_us_enabled || _analyzer_eu_enabled) { - if (WiFi.status() == WL_CONNECTED && _ntp_synced) { - if (createAuthToken()) { - MQTT_DEBUG_PRINTLN("Created authentication token for analyzer servers"); - // Update client credentials with new tokens if clients exist - if (_analyzer_us_enabled && _analyzer_us_client && strlen(_auth_token_us) > 0) { - _analyzer_us_client->setCredentials(_analyzer_username, _auth_token_us); - } - if (_analyzer_eu_enabled && _analyzer_eu_client && strlen(_auth_token_eu) > 0) { - _analyzer_eu_client->setCredentials(_analyzer_username, _auth_token_eu); - } - } else { - MQTT_DEBUG_PRINTLN("Failed to create authentication token"); - } - } else { - MQTT_DEBUG_PRINTLN("Deferring JWT token creation - WiFi: %s, NTP: %s", - (WiFi.status() == WL_CONNECTED) ? "connected" : "disconnected", - _ntp_synced ? "synced" : "not synced"); - } - } - - // If settings changed and bridge is already initialized, recreate clients - // This handles the case where settings change after initialization - if (_initialized && (previous_us_enabled != _analyzer_us_enabled || previous_eu_enabled != _analyzer_eu_enabled)) { - MQTT_DEBUG_PRINTLN("Analyzer server settings changed - recreating clients"); - setupAnalyzerClients(); - } -} - -bool MQTTBridge::createAuthToken() { - if (!_identity) { - MQTT_DEBUG_PRINTLN("No identity for auth token"); - return false; - } - - // Create username in the format: v1_{UPPERCASE_PUBLIC_KEY} - char public_key_hex[65]; - mesh::Utils::toHex(public_key_hex, _identity->pub_key, PUB_KEY_SIZE); - snprintf(_analyzer_username, sizeof(_analyzer_username), "v1_%s", public_key_hex); - - bool us_token_created = false; - bool eu_token_created = false; - - unsigned long current_time = time(nullptr); - unsigned long expires_in = 86400; // 24 hours - bool time_synced = (current_time >= 1000000000); - - // Prepare owner public key (if set) - convert to uppercase hex - const char* owner_key = nullptr; - char owner_key_uppercase[65]; - if (_prefs->mqtt_owner_public_key[0] != '\0') { - strncpy(owner_key_uppercase, _prefs->mqtt_owner_public_key, sizeof(owner_key_uppercase) - 1); - owner_key_uppercase[sizeof(owner_key_uppercase) - 1] = '\0'; - for (int i = 0; owner_key_uppercase[i]; i++) { - owner_key_uppercase[i] = toupper(owner_key_uppercase[i]); - } - owner_key = owner_key_uppercase; - } - - char client_version[64]; - getClientVersion(client_version, sizeof(client_version)); - - const char* email = (_prefs->mqtt_email[0] != '\0') ? _prefs->mqtt_email : nullptr; - - // Create JWT token for US server - if (_analyzer_us_enabled) { - if (JWTHelper::createAuthToken( - *_identity, "mqtt-us-v1.letsmesh.net", - 0, expires_in, _auth_token_us, sizeof(_auth_token_us), - owner_key, client_version, email)) { - us_token_created = true; - _token_us_expires_at = time_synced ? (current_time + expires_in) : 0; - } else { - MQTT_DEBUG_PRINTLN("Failed to create US token"); - _token_us_expires_at = 0; - } - } - - // Create JWT token for EU server - if (_analyzer_eu_enabled) { - if (JWTHelper::createAuthToken( - *_identity, "mqtt-eu-v1.letsmesh.net", - 0, expires_in, _auth_token_eu, sizeof(_auth_token_eu), - owner_key, client_version, email)) { - eu_token_created = true; - _token_eu_expires_at = time_synced ? (current_time + expires_in) : 0; - } else { - MQTT_DEBUG_PRINTLN("Failed to create EU token"); - _token_eu_expires_at = 0; - } - } - - if (us_token_created || eu_token_created) { - MQTT_DEBUG_PRINTLN("Auth tokens created (US:%s EU:%s)", - us_token_created ? "yes" : "no", eu_token_created ? "yes" : "no"); - } - - return us_token_created || eu_token_created; -} - -bool MQTTBridge::publishToAnalyzerServers(const char* topic, const char* payload, bool retained) { - if (!_analyzer_us_enabled && !_analyzer_eu_enabled) return false; - - bool published = false; - - // Publish to US server if enabled - if (_analyzer_us_enabled && _analyzer_us_client) { - if (publishToAnalyzerClient(_analyzer_us_client, topic, payload, retained)) { - published = true; - } - } - - // Publish to EU server if enabled - if (_analyzer_eu_enabled && _analyzer_eu_client) { - if (publishToAnalyzerClient(_analyzer_eu_client, topic, payload, retained)) { - published = true; - } - } - - return published; // Return true if at least one publish succeeded -} - -// Google Trust Services - GTS Root R4 -const char* GTS_ROOT_R4 = - "-----BEGIN CERTIFICATE-----\n" - "MIIDejCCAmKgAwIBAgIQf+UwvzMTQ77dghYQST2KGzANBgkqhkiG9w0BAQsFADBX\n" - "MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEQMA4GA1UE\n" - "CxMHUm9vdCBDQTEbMBkGA1UEAxMSR2xvYmFsU2lnbiBSb290IENBMB4XDTIzMTEx\n" - "NTAzNDMyMVoXDTI4MDEyODAwMDA0MlowRzELMAkGA1UEBhMCVVMxIjAgBgNVBAoT\n" - "GUdvb2dsZSBUcnVzdCBTZXJ2aWNlcyBMTEMxFDASBgNVBAMTC0dUUyBSb290IFI0\n" - "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE83Rzp2iLYK5DuDXFgTB7S0md+8Fhzube\n" - "Rr1r1WEYNa5A3XP3iZEwWus87oV8okB2O6nGuEfYKueSkWpz6bFyOZ8pn6KY019e\n" - "WIZlD6GEZQbR3IvJx3PIjGov5cSr0R2Ko4H/MIH8MA4GA1UdDwEB/wQEAwIBhjAd\n" - "BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDwYDVR0TAQH/BAUwAwEB/zAd\n" - "BgNVHQ4EFgQUgEzW63T/STaj1dj8tT7FavCUHYwwHwYDVR0jBBgwFoAUYHtmGkUN\n" - "l8qJUC99BM00qP/8/UswNgYIKwYBBQUHAQEEKjAoMCYGCCsGAQUFBzAChhpodHRw\n" - "Oi8vaS5wa2kuZ29vZy9nc3IxLmNydDAtBgNVHR8EJjAkMCKgIKAehhxodHRwOi8v\n" - "Yy5wa2kuZ29vZy9yL2dzcjEuY3JsMBMGA1UdIAQMMAowCAYGZ4EMAQIBMA0GCSqG\n" - "SIb3DQEBCwUAA4IBAQAYQrsPBtYDh5bjP2OBDwmkoWhIDDkic574y04tfzHpn+cJ\n" - "odI2D4SseesQ6bDrarZ7C30ddLibZatoKiws3UL9xnELz4ct92vID24FfVbiI1hY\n" - "+SW6FoVHkNeWIP0GCbaM4C6uVdF5dTUsMVs/ZbzNnIdCp5Gxmx5ejvEau8otR/Cs\n" - "kGN+hr/W5GvT1tMBjgWKZ1i4//emhA1JG1BbPzoLJQvyEotc03lXjTaCzv8mEbep\n" - "8RqZ7a2CPsgRbuvTPBwcOMBBmuFeU88+FSBX6+7iP0il8b4Z0QFqIwwMHfs/L6K1\n" - "vepuoxtGzi4CZ68zJpiq1UvSqTbFJjtbD4seiMHl\n" - "-----END CERTIFICATE-----\n"; - -void MQTTBridge::setupAnalyzerClients() { - MQTT_DEBUG_PRINTLN("Setting up PsychicMqttClient WebSocket clients..."); - MQTT_DEBUG_PRINTLN("Analyzer servers - US: %s, EU: %s", - _analyzer_us_enabled ? "enabled" : "disabled", - _analyzer_eu_enabled ? "enabled" : "disabled"); - - // Clean up existing clients if they're no longer enabled - // This handles the case where settings change after initialization - if (!_analyzer_us_enabled && _analyzer_us_client) { - MQTT_DEBUG_PRINTLN("US analyzer disabled - cleaning up client"); - _analyzer_us_client->disconnect(); - delete _analyzer_us_client; - _analyzer_us_client = nullptr; - } - - if (!_analyzer_eu_enabled && _analyzer_eu_client) { - MQTT_DEBUG_PRINTLN("EU analyzer disabled - cleaning up client"); - _analyzer_eu_client->disconnect(); - delete _analyzer_eu_client; - _analyzer_eu_client = nullptr; - } - - if (!_analyzer_us_enabled && !_analyzer_eu_enabled) { - MQTT_DEBUG_PRINTLN("No analyzer servers enabled, skipping PsychicMqttClient setup"); - return; - } - - // Setup US server client (only if enabled and doesn't already exist) - if (_analyzer_us_enabled && !_analyzer_us_client) { - _analyzer_us_client = new PsychicMqttClient(); - - // Optimize MQTT client configuration for memory efficiency - // Analyzer clients use 768-byte JWT tokens, need larger buffer for CONNECT message - optimizeMqttClientConfig(_analyzer_us_client, true); - - // Set up event callbacks for US server - _analyzer_us_client->onConnect([this](bool sessionPresent) { - MQTT_DEBUG_PRINTLN("Connected to US analyzer"); - // Update cached analyzer server status - _cached_has_analyzer_servers = (_analyzer_us_enabled && _analyzer_us_client && _analyzer_us_client->connected()) || - (_analyzer_eu_enabled && _analyzer_eu_client && _analyzer_eu_client->connected()); - publishStatusToAnalyzerClient(_analyzer_us_client, "mqtt-us-v1.letsmesh.net"); - }); - - _analyzer_us_client->onDisconnect([this](bool sessionPresent) { - MQTT_DEBUG_PRINTLN("Disconnected from US analyzer"); - // Update cached analyzer server status - _cached_has_analyzer_servers = (_analyzer_us_enabled && _analyzer_us_client && _analyzer_us_client->connected()) || - (_analyzer_eu_enabled && _analyzer_eu_client && _analyzer_eu_client->connected()); - }); - - _analyzer_us_client->onError([this](esp_mqtt_error_codes error) { - MQTT_DEBUG_PRINTLN("US analyzer error: type=%d, code=%d", error.error_type, error.connect_return_code); - }); - - _analyzer_us_client->setServer("wss://mqtt-us-v1.letsmesh.net:443/mqtt"); - _analyzer_us_client->setCredentials(_analyzer_username, _auth_token_us); - _analyzer_us_client->setCACert(GTS_ROOT_R4); - - if (WiFi.status() == WL_CONNECTED && _ntp_synced) { - _analyzer_us_client->connect(); - } - } - - // Setup EU server client (only if enabled and doesn't already exist) - if (_analyzer_eu_enabled && !_analyzer_eu_client) { - _analyzer_eu_client = new PsychicMqttClient(); - - // Optimize MQTT client configuration for memory efficiency - // Analyzer clients use 768-byte JWT tokens, need larger buffer for CONNECT message - optimizeMqttClientConfig(_analyzer_eu_client, true); - - // Set up event callbacks for EU server - _analyzer_eu_client->onConnect([this](bool sessionPresent) { - MQTT_DEBUG_PRINTLN("Connected to EU analyzer"); - // Update cached analyzer server status - _cached_has_analyzer_servers = (_analyzer_us_enabled && _analyzer_us_client && _analyzer_us_client->connected()) || - (_analyzer_eu_enabled && _analyzer_eu_client && _analyzer_eu_client->connected()); - publishStatusToAnalyzerClient(_analyzer_eu_client, "mqtt-eu-v1.letsmesh.net"); - }); - - _analyzer_eu_client->onDisconnect([this](bool sessionPresent) { - MQTT_DEBUG_PRINTLN("Disconnected from EU analyzer"); - // Update cached analyzer server status - _cached_has_analyzer_servers = (_analyzer_us_enabled && _analyzer_us_client && _analyzer_us_client->connected()) || - (_analyzer_eu_enabled && _analyzer_eu_client && _analyzer_eu_client->connected()); - }); - - _analyzer_eu_client->onError([this](esp_mqtt_error_codes error) { - MQTT_DEBUG_PRINTLN("EU analyzer error: type=%d, code=%d", error.error_type, error.connect_return_code); - }); - - _analyzer_eu_client->setServer("wss://mqtt-eu-v1.letsmesh.net:443/mqtt"); - _analyzer_eu_client->setCredentials(_analyzer_username, _auth_token_eu); - _analyzer_eu_client->setCACert(GTS_ROOT_R4); - - if (WiFi.status() == WL_CONNECTED && _ntp_synced) { - _analyzer_eu_client->connect(); - } - } -} - -bool MQTTBridge::publishToAnalyzerClient(PsychicMqttClient* client, const char* topic, const char* payload, bool retained) { - if (!client) { - return false; // Don't log null client - this is expected if analyzer is disabled - } - - if (!client->connected()) { - // Throttle log spam - only log periodically for each analyzer server - unsigned long now = millis(); - bool should_log = false; - - if (client == _analyzer_us_client && (now - _last_analyzer_us_log > ANALYZER_LOG_INTERVAL)) { - should_log = true; - _last_analyzer_us_log = now; - } else if (client == _analyzer_eu_client && (now - _last_analyzer_eu_log > ANALYZER_LOG_INTERVAL)) { - should_log = true; - _last_analyzer_eu_log = now; - } - - if (should_log) { - MQTT_DEBUG_PRINTLN("PsychicMqttClient not connected - skipping publish to topic: %s", topic); - } - return false; - } - - // Reset log timer when connected - if (client == _analyzer_us_client) { - _last_analyzer_us_log = 0; - } else if (client == _analyzer_eu_client) { - _last_analyzer_eu_log = 0; - } - - int result = client->publish(topic, 1, retained, payload, strlen(payload)); - if (result <= 0) { - static unsigned long last_analyzer_publish_fail_log = 0; - unsigned long now = millis(); - if (now - last_analyzer_publish_fail_log > 60000) { // Log every minute max - MQTT_DEBUG_PRINTLN("Analyzer publish failed (result=%d)", result); - last_analyzer_publish_fail_log = now; - } - return false; - } - - return true; // Publish succeeded -} - -void MQTTBridge::publishStatusToAnalyzerClient(PsychicMqttClient* client, const char* server_name) { - if (!client || !client->connected()) { - return; - } - - // Check if IATA is configured before attempting to publish - if (!isIATAValid()) { - static unsigned long last_iata_warning = 0; - unsigned long now = millis(); - // Only log this warning every 5 minutes to avoid spam - if (now - last_iata_warning > 300000) { - MQTT_DEBUG_PRINTLN("MQTT: Cannot publish status to analyzer - IATA code not configured (current: '%s'). Please set mqtt.iata via CLI.", _iata); - last_iata_warning = now; - } - return; - } - - // Create status message - char status_topic[128]; - snprintf(status_topic, sizeof(status_topic), "meshcore/%s/%s/status", _iata, _device_id); - - // Build proper status message using MQTTMessageBuilder - // Status messages with stats can be larger (~400-500 bytes) - char json_buffer[768]; // Increased from 512 to accommodate stats object - char origin_id[65]; - char timestamp[32]; - char radio_info[64]; - - // Get current timestamp in ISO 8601 format - struct tm timeinfo; - if (getLocalTime(&timeinfo)) { - strftime(timestamp, sizeof(timestamp), "%Y-%m-%dT%H:%M:%S.000000", &timeinfo); - } else { - strcpy(timestamp, "2024-01-01T12:00:00.000000"); - } - - // Build radio info string (freq,bw,sf,cr) - snprintf(radio_info, sizeof(radio_info), "%.6f,%.1f,%d,%d", - _prefs->freq, _prefs->bw, _prefs->sf, _prefs->cr); - - // Use actual device ID - strncpy(origin_id, _device_id, sizeof(origin_id) - 1); - origin_id[sizeof(origin_id) - 1] = '\0'; - - // Build client version string - char client_version[64]; - getClientVersion(client_version, sizeof(client_version)); - - // Collect stats on-demand if sources are available - int battery_mv = -1; - int uptime_secs = -1; - int errors = -1; - int noise_floor = -999; - int tx_air_secs = -1; - int rx_air_secs = -1; - - if (_board) { - battery_mv = _board->getBattMilliVolts(); - } - if (_ms) { - uptime_secs = _ms->getMillis() / 1000; - } - if (_dispatcher) { - errors = _dispatcher->getErrFlags(); - tx_air_secs = _dispatcher->getTotalAirTime() / 1000; - rx_air_secs = _dispatcher->getReceiveAirTime() / 1000; - } - if (_radio) { - noise_floor = (int16_t)_radio->getNoiseFloor(); - } - - // Build status message using MQTTMessageBuilder with stats - int len = MQTTMessageBuilder::buildStatusMessage( - _origin, - origin_id, - _board_model, // model - _firmware_version, // firmware version - radio_info, - client_version, // client version - "online", - timestamp, - json_buffer, - sizeof(json_buffer), - battery_mv, - uptime_secs, - errors, - _queue_count, // Use current queue length - noise_floor, - tx_air_secs, - rx_air_secs - ); - - if (len > 0) { - int result = client->publish(status_topic, 1, true, json_buffer, strlen(json_buffer)); - if (result <= 0) { - MQTT_DEBUG_PRINTLN("Status publish to %s failed", server_name); - } - } -} - -void MQTTBridge::maintainAnalyzerConnections() { - if (!_identity) { - return; - } - - // Check WiFi status first - don't attempt MQTT reconnection if WiFi is disconnected - if (WiFi.status() != WL_CONNECTED) { - return; - } - - // Check NTP sync status - JWT tokens require valid timestamps - if (!_ntp_synced) { - return; - } - - // Create JWT tokens if they don't exist yet and conditions are met - if ((_analyzer_us_enabled || _analyzer_eu_enabled) && - (strlen(_auth_token_us) == 0 && strlen(_auth_token_eu) == 0)) { - if (createAuthToken()) { - if (_analyzer_us_enabled && _analyzer_us_client && strlen(_auth_token_us) > 0) { - _analyzer_us_client->setCredentials(_analyzer_username, _auth_token_us); - if (!_analyzer_us_client->connected()) { - _analyzer_us_client->connect(); - } - } - if (_analyzer_eu_enabled && _analyzer_eu_client && strlen(_auth_token_eu) > 0) { - _analyzer_eu_client->setCredentials(_analyzer_username, _auth_token_eu); - if (!_analyzer_eu_client->connected()) { - _analyzer_eu_client->connect(); - } - } - } - } - - unsigned long current_time = time(nullptr); - // If time is not synced (time() returns 0 or very small value), skip expiration checks - // Tokens will still work but we can't track expiration properly - // If expiration time was set before time sync, it will be a small value, so we'll renew - bool time_synced = (current_time >= 1000000000); // After year 2001 - - const unsigned long RENEWAL_BUFFER = 60; // Renew tokens 60 seconds before expiration (minimal buffer to avoid downtime) - const unsigned long DISCONNECT_THRESHOLD = 60; // Only disconnect if token expires within 60 seconds - const unsigned long RENEWAL_THROTTLE_MS = 60000; // Don't attempt renewal more than once per minute - const unsigned long RECONNECT_THROTTLE_MS = 60000; // Don't attempt reconnection more than once per minute - - unsigned long now_millis = millis(); - - // Check and renew US server token if needed - if (_analyzer_us_enabled && _analyzer_us_client) { - // Check if token is expired or will expire soon - // Only check expiration if time is synced - if time isn't synced, we can't validate expiration - // If time wasn't synced when token was created, expiration time will be invalid (< 1000000000), so renew when time syncs - bool token_needs_renewal = false; - if (!time_synced) { - // Time not synced yet - only renew if token is missing (expires_at == 0) - // Don't renew if token exists but expiration is invalid - wait for time sync - token_needs_renewal = (_token_us_expires_at == 0); - } else { - // Time is synced - check if token needs renewal - token_needs_renewal = (_token_us_expires_at == 0) || - !(_token_us_expires_at >= 1000000000) || // Expiration time invalid (created before time sync) - (current_time >= _token_us_expires_at) || - (current_time >= (_token_us_expires_at - RENEWAL_BUFFER)); - } - - // Throttle renewal attempts - don't try more than once per minute to avoid blocking - bool can_attempt_renewal = (now_millis - _last_token_renewal_attempt_us) >= RENEWAL_THROTTLE_MS; - - // Check if client is disconnected and needs reconnection with new token - bool needs_reconnect = !_analyzer_us_client->connected(); - - if (token_needs_renewal && can_attempt_renewal) { - _last_token_renewal_attempt_us = now_millis; - - // Prepare owner public key (if set) - convert to uppercase hex - const char* owner_key = nullptr; - char owner_key_uppercase[65]; - if (_prefs->mqtt_owner_public_key[0] != '\0') { - // Copy and convert to uppercase - strncpy(owner_key_uppercase, _prefs->mqtt_owner_public_key, sizeof(owner_key_uppercase) - 1); - owner_key_uppercase[sizeof(owner_key_uppercase) - 1] = '\0'; - for (int i = 0; owner_key_uppercase[i]; i++) { - owner_key_uppercase[i] = toupper(owner_key_uppercase[i]); - } - owner_key = owner_key_uppercase; - } - - // Build client version string (same format as used in status messages) - char client_version[64]; - getClientVersion(client_version, sizeof(client_version)); - - // Get email from preferences (if set) - const char* email = nullptr; - if (_prefs->mqtt_email[0] != '\0') { - email = _prefs->mqtt_email; - } - - // Store old expiration time before renewing (to check if we need to disconnect) - unsigned long old_token_expires_at = _token_us_expires_at; - - // Renew the token - if (JWTHelper::createAuthToken( - *_identity, "mqtt-us-v1.letsmesh.net", - 0, 86400, _auth_token_us, sizeof(_auth_token_us), - owner_key, client_version, email)) { - unsigned long expires_in = 86400; // 24 hours - _token_us_expires_at = time_synced ? (current_time + expires_in) : 0; - MQTT_DEBUG_PRINTLN("US token renewed"); - - _analyzer_us_client->setCredentials(_analyzer_username, _auth_token_us); - - bool old_token_expired_or_imminent = !time_synced || - (old_token_expires_at == 0) || - (current_time >= old_token_expires_at) || - (time_synced && old_token_expires_at >= 1000000000 && - current_time >= (old_token_expires_at - DISCONNECT_THRESHOLD)); - - if (old_token_expired_or_imminent && _analyzer_us_client->connected()) { - _analyzer_us_client->disconnect(); - _last_reconnect_attempt_us = now_millis; - _analyzer_us_client->connect(); - } else if (!_analyzer_us_client->connected()) { - _last_reconnect_attempt_us = now_millis; - _analyzer_us_client->connect(); - } - } else { - MQTT_DEBUG_PRINTLN("Failed to renew US token"); - _token_us_expires_at = 0; - } - } else if (needs_reconnect) { - unsigned long reconnect_elapsed = (now_millis >= _last_reconnect_attempt_us) ? - (now_millis - _last_reconnect_attempt_us) : - (ULONG_MAX - _last_reconnect_attempt_us + now_millis + 1); - if (reconnect_elapsed >= RECONNECT_THROTTLE_MS) { - _last_reconnect_attempt_us = now_millis; - _analyzer_us_client->connect(); - } else { - static unsigned long last_throttle_log_us = 0; - if (now_millis - last_throttle_log_us > 300000) { - last_throttle_log_us = now_millis; - } - } - } - } - - // Check and renew EU server token if needed - if (_analyzer_eu_enabled && _analyzer_eu_client) { - // Check if token is expired or will expire soon - // Only check expiration if time is synced - if time isn't synced, we can't validate expiration - // If time wasn't synced when token was created, expiration time will be invalid (< 1000000000), so renew when time syncs - bool token_needs_renewal = false; - if (!time_synced) { - // Time not synced yet - only renew if token is missing (expires_at == 0) - // Don't renew if token exists but expiration is invalid - wait for time sync - token_needs_renewal = (_token_eu_expires_at == 0); - } else { - // Time is synced - check if token needs renewal - token_needs_renewal = (_token_eu_expires_at == 0) || - !(_token_eu_expires_at >= 1000000000) || // Expiration time invalid (created before time sync) - (current_time >= _token_eu_expires_at) || - (current_time >= (_token_eu_expires_at - RENEWAL_BUFFER)); - } - - // Throttle renewal attempts - don't try more than once per minute to avoid blocking - bool can_attempt_renewal = (now_millis - _last_token_renewal_attempt_eu) >= RENEWAL_THROTTLE_MS; - - // Check if client is disconnected and needs reconnection with new token - bool needs_reconnect = !_analyzer_eu_client->connected(); - - if (token_needs_renewal && can_attempt_renewal) { - _last_token_renewal_attempt_eu = now_millis; - - // Prepare owner public key (if set) - convert to uppercase hex - const char* owner_key = nullptr; - char owner_key_uppercase[65]; - if (_prefs->mqtt_owner_public_key[0] != '\0') { - // Copy and convert to uppercase - strncpy(owner_key_uppercase, _prefs->mqtt_owner_public_key, sizeof(owner_key_uppercase) - 1); - owner_key_uppercase[sizeof(owner_key_uppercase) - 1] = '\0'; - for (int i = 0; owner_key_uppercase[i]; i++) { - owner_key_uppercase[i] = toupper(owner_key_uppercase[i]); - } - owner_key = owner_key_uppercase; - } - - // Build client version string - char client_version[64]; - getClientVersion(client_version, sizeof(client_version)); - - // Get email from preferences (if set) - const char* email = nullptr; - if (_prefs->mqtt_email[0] != '\0') { - email = _prefs->mqtt_email; - } - - // Store old expiration time before renewing (to check if we need to disconnect) - unsigned long old_token_expires_at = _token_eu_expires_at; - - // Renew the token - if (JWTHelper::createAuthToken( - *_identity, "mqtt-eu-v1.letsmesh.net", - 0, 86400, _auth_token_eu, sizeof(_auth_token_eu), - owner_key, client_version, email)) { - unsigned long expires_in = 86400; // 24 hours - _token_eu_expires_at = time_synced ? (current_time + expires_in) : 0; - MQTT_DEBUG_PRINTLN("EU token renewed"); - - _analyzer_eu_client->setCredentials(_analyzer_username, _auth_token_eu); - - bool old_token_expired_or_imminent = !time_synced || - (old_token_expires_at == 0) || - (current_time >= old_token_expires_at) || - (time_synced && old_token_expires_at >= 1000000000 && - current_time >= (old_token_expires_at - DISCONNECT_THRESHOLD)); - - if (old_token_expired_or_imminent && _analyzer_eu_client->connected()) { - _analyzer_eu_client->disconnect(); - _last_reconnect_attempt_eu = now_millis; - _analyzer_eu_client->connect(); - } else if (!_analyzer_eu_client->connected()) { - _last_reconnect_attempt_eu = now_millis; - _analyzer_eu_client->connect(); - } - } else { - MQTT_DEBUG_PRINTLN("Failed to renew EU token"); - _token_eu_expires_at = 0; - } - } else if (needs_reconnect) { - unsigned long reconnect_elapsed = (now_millis >= _last_reconnect_attempt_eu) ? - (now_millis - _last_reconnect_attempt_eu) : - (ULONG_MAX - _last_reconnect_attempt_eu + now_millis + 1); - if (reconnect_elapsed >= RECONNECT_THROTTLE_MS) { - _last_reconnect_attempt_eu = now_millis; - _analyzer_eu_client->connect(); - } - } - } - - // Note: PsychicMqttClient handles automatic reconnection internally, - // but we need to ensure tokens are renewed before reconnection attempts -} - -void MQTTBridge::setMessageTypes(bool status, bool packets, bool raw) { - _status_enabled = status; - _packets_enabled = packets; - _raw_enabled = raw; -} - -int MQTTBridge::getConnectedBrokers() const { - int count = 0; - for (int i = 0; i < MAX_MQTT_BROKERS_COUNT; i++) { - if (_brokers[i].enabled && _brokers[i].connected) { - count++; - } - } - return count; -} - -int MQTTBridge::getQueueSize() const { - #ifdef ESP_PLATFORM - // Get actual queue size from FreeRTOS queue - if (_packet_queue_handle != nullptr) { - return uxQueueMessagesWaiting(_packet_queue_handle); - } - return 0; - #else - return _queue_count; - #endif -} - -void MQTTBridge::setStatsSources(mesh::Dispatcher* dispatcher, mesh::Radio* radio, - mesh::MainBoard* board, mesh::MillisecondClock* ms) { - _dispatcher = dispatcher; - _radio = radio; - _board = board; - _ms = ms; -} - -void MQTTBridge::syncTimeWithNTP() { - if (!WiFi.isConnected()) { - MQTT_DEBUG_PRINTLN("Cannot sync time - WiFi not connected"); - return; - } - - // Prevent multiple simultaneous NTP syncs - // Check if we're already synced and sync was recent (within last 5 seconds) - unsigned long now = millis(); - if (_ntp_synced && (now - _last_ntp_sync) < 5000) { - // Already synced recently, skip - return; - } - - // Set flag to prevent concurrent syncs - static bool sync_in_progress = false; - if (sync_in_progress) { - return; // Another sync is already in progress - } - sync_in_progress = true; - - MQTT_DEBUG_PRINTLN("Syncing time with NTP..."); - - // Test DNS resolution before attempting NTP sync - #ifdef ESP_PLATFORM - IPAddress resolved_ip; - if (!WiFi.hostByName("pool.ntp.org", resolved_ip)) { - MQTT_DEBUG_PRINTLN("WARNING: DNS resolution failed for pool.ntp.org - NTP sync may fail"); - } - #endif - - // Begin NTP client - _ntp_client.begin(); - - // Force update (blocking call with timeout) - if (_ntp_client.forceUpdate()) { - unsigned long epochTime = _ntp_client.getEpochTime(); - - // Set system timezone to UTC first - // This ensures time() returns UTC time - configTime(0, 0, "pool.ntp.org"); - - // Update the device's RTC clock with UTC time (if available) - if (_rtc) { - _rtc->setCurrentTime(epochTime); - } - - // Mark NTP as synced regardless of RTC availability - // JWT tokens need valid time, which is now available via time() - bool was_ntp_synced = _ntp_synced; - _ntp_synced = true; - _last_ntp_sync = millis(); - sync_in_progress = false; // Clear sync flag - - MQTT_DEBUG_PRINTLN("Time synced: %lu", epochTime); - - if (!was_ntp_synced) { - unsigned long current_time = time(nullptr); - unsigned long expires_in = 86400; // 24 hours - - // If tokens were created before NTP sync (expires_at == 0), set expiration times now - if (_analyzer_us_enabled && _token_us_expires_at == 0 && strlen(_auth_token_us) > 0) { - _token_us_expires_at = current_time + expires_in; - MQTT_DEBUG_PRINTLN("US token expiration set after NTP sync: %lu", _token_us_expires_at); - } - - if (_analyzer_eu_enabled && _token_eu_expires_at == 0 && strlen(_auth_token_eu) > 0) { - _token_eu_expires_at = current_time + expires_in; - } - - // If tokens don't exist yet (deferred during begin()), create them now - if ((_analyzer_us_enabled || _analyzer_eu_enabled) && - (strlen(_auth_token_us) == 0 && strlen(_auth_token_eu) == 0)) { - if (createAuthToken()) { - if (_analyzer_us_enabled && _analyzer_us_client && strlen(_auth_token_us) > 0) { - _analyzer_us_client->setCredentials(_analyzer_username, _auth_token_us); - if (!_analyzer_us_client->connected()) { - _analyzer_us_client->connect(); - } - } - if (_analyzer_eu_enabled && _analyzer_eu_client && strlen(_auth_token_eu) > 0) { - _analyzer_eu_client->setCredentials(_analyzer_username, _auth_token_eu); - if (!_analyzer_eu_client->connected()) { - _analyzer_eu_client->connect(); - } - } - } else { - MQTT_DEBUG_PRINTLN("Failed to create tokens after NTP sync"); - } - } - } - - sync_in_progress = false; // Clear sync flag on failure too - - // Set timezone from string (with DST support) - only if changed - static char last_timezone[64] = ""; - if (strcmp(_prefs->timezone_string, last_timezone) != 0) { - // Clean up old timezone object to prevent memory leak - if (_timezone) { - delete _timezone; - _timezone = nullptr; - } - - // Create timezone object based on timezone string - Timezone* tz = createTimezoneFromString(_prefs->timezone_string); - if (tz) { - _timezone = tz; - } else { - // Create UTC timezone as fallback - TimeChangeRule utc = {"UTC", Last, Sun, Mar, 0, 0}; - _timezone = new Timezone(utc, utc); - } - - strncpy(last_timezone, _prefs->timezone_string, sizeof(last_timezone) - 1); - last_timezone[sizeof(last_timezone) - 1] = '\0'; - - // Force memory defragmentation after timezone recreation - void* temp = malloc(1024); - if (temp) { - free(temp); - } - } - - // Get current time info - struct tm* utc_timeinfo = gmtime((time_t*)&epochTime); - struct tm* local_timeinfo = localtime((time_t*)&epochTime); - (void)utc_timeinfo; // Unused but kept for debugging if needed - (void)local_timeinfo; - } else { - MQTT_DEBUG_PRINTLN("NTP sync failed"); - sync_in_progress = false; // Clear sync flag on failure - } - - _ntp_client.end(); -} - -Timezone* MQTTBridge::createTimezoneFromString(const char* tz_string) { - // Create Timezone objects for common IANA timezone strings - - // North America - if (strcmp(tz_string, "America/Los_Angeles") == 0 || strcmp(tz_string, "America/Vancouver") == 0) { - TimeChangeRule pst = {"PST", First, Sun, Nov, 2, -480}; // UTC-8 - TimeChangeRule pdt = {"PDT", Second, Sun, Mar, 2, -420}; // UTC-7 - return new Timezone(pdt, pst); - } else if (strcmp(tz_string, "America/Denver") == 0) { - TimeChangeRule mst = {"MST", First, Sun, Nov, 2, -420}; // UTC-7 - TimeChangeRule mdt = {"MDT", Second, Sun, Mar, 2, -360}; // UTC-6 - return new Timezone(mdt, mst); - } else if (strcmp(tz_string, "America/Chicago") == 0) { - TimeChangeRule cst = {"CST", First, Sun, Nov, 2, -360}; // UTC-6 - TimeChangeRule cdt = {"CDT", Second, Sun, Mar, 2, -300}; // UTC-5 - return new Timezone(cdt, cst); - } else if (strcmp(tz_string, "America/New_York") == 0 || strcmp(tz_string, "America/Toronto") == 0) { - TimeChangeRule est = {"EST", First, Sun, Nov, 2, -300}; // UTC-5 - TimeChangeRule edt = {"EDT", Second, Sun, Mar, 2, -240}; // UTC-4 - return new Timezone(edt, est); - } else if (strcmp(tz_string, "America/Anchorage") == 0) { - TimeChangeRule akst = {"AKST", First, Sun, Nov, 2, -540}; // UTC-9 - TimeChangeRule akdt = {"AKDT", Second, Sun, Mar, 2, -480}; // UTC-8 - return new Timezone(akdt, akst); - } else if (strcmp(tz_string, "Pacific/Honolulu") == 0) { - TimeChangeRule hst = {"HST", Last, Sun, Oct, 2, -600}; // UTC-10 (no DST) - return new Timezone(hst, hst); - - // Europe - } else if (strcmp(tz_string, "Europe/London") == 0) { - TimeChangeRule gmt = {"GMT", Last, Sun, Oct, 2, 0}; // UTC+0 - TimeChangeRule bst = {"BST", Last, Sun, Mar, 1, 60}; // UTC+1 - return new Timezone(bst, gmt); - } else if (strcmp(tz_string, "Europe/Paris") == 0 || strcmp(tz_string, "Europe/Berlin") == 0) { - TimeChangeRule cet = {"CET", Last, Sun, Oct, 3, 60}; // UTC+1 - TimeChangeRule cest = {"CEST", Last, Sun, Mar, 2, 120}; // UTC+2 - return new Timezone(cest, cet); - } else if (strcmp(tz_string, "Europe/Moscow") == 0) { - TimeChangeRule msk = {"MSK", Last, Sun, Oct, 3, 180}; // UTC+3 (no DST since 2014) - return new Timezone(msk, msk); - - // Asia - } else if (strcmp(tz_string, "Asia/Tokyo") == 0) { - TimeChangeRule jst = {"JST", Last, Sun, Oct, 2, 540}; // UTC+9 (no DST) - return new Timezone(jst, jst); - } else if (strcmp(tz_string, "Asia/Shanghai") == 0 || strcmp(tz_string, "Asia/Hong_Kong") == 0) { - TimeChangeRule cst = {"CST", Last, Sun, Oct, 2, 480}; // UTC+8 (no DST) - return new Timezone(cst, cst); - } else if (strcmp(tz_string, "Asia/Kolkata") == 0) { - TimeChangeRule ist = {"IST", Last, Sun, Oct, 2, 330}; // UTC+5:30 (no DST) - return new Timezone(ist, ist); - } else if (strcmp(tz_string, "Asia/Dubai") == 0) { - TimeChangeRule gst = {"GST", Last, Sun, Oct, 2, 240}; // UTC+4 (no DST) - return new Timezone(gst, gst); - - // Australia - } else if (strcmp(tz_string, "Australia/Sydney") == 0 || strcmp(tz_string, "Australia/Melbourne") == 0) { - TimeChangeRule aest = {"AEST", First, Sun, Apr, 3, 600}; // UTC+10 - TimeChangeRule aedt = {"AEDT", First, Sun, Oct, 2, 660}; // UTC+11 - return new Timezone(aedt, aest); - } else if (strcmp(tz_string, "Australia/Perth") == 0) { - TimeChangeRule awst = {"AWST", Last, Sun, Oct, 2, 480}; // UTC+8 (no DST) - return new Timezone(awst, awst); - - // Timezone abbreviations (with DST handling) - } else if (strcmp(tz_string, "PDT") == 0 || strcmp(tz_string, "PST") == 0) { - // Pacific Time (PST/PDT) - TimeChangeRule pst = {"PST", First, Sun, Nov, 2, -480}; // UTC-8 - TimeChangeRule pdt = {"PDT", Second, Sun, Mar, 2, -420}; // UTC-7 - return new Timezone(pdt, pst); - } else if (strcmp(tz_string, "MDT") == 0 || strcmp(tz_string, "MST") == 0) { - // Mountain Time (MST/MDT) - TimeChangeRule mst = {"MST", First, Sun, Nov, 2, -420}; // UTC-7 - TimeChangeRule mdt = {"MDT", Second, Sun, Mar, 2, -360}; // UTC-6 - return new Timezone(mdt, mst); - } else if (strcmp(tz_string, "CDT") == 0 || strcmp(tz_string, "CST") == 0) { - // Central Time (CST/CDT) - TimeChangeRule cst = {"CST", First, Sun, Nov, 2, -360}; // UTC-6 - TimeChangeRule cdt = {"CDT", Second, Sun, Mar, 2, -300}; // UTC-5 - return new Timezone(cdt, cst); - } else if (strcmp(tz_string, "EDT") == 0 || strcmp(tz_string, "EST") == 0) { - // Eastern Time (EST/EDT) - TimeChangeRule est = {"EST", First, Sun, Nov, 2, -300}; // UTC-5 - TimeChangeRule edt = {"EDT", Second, Sun, Mar, 2, -240}; // UTC-4 - return new Timezone(edt, est); - } else if (strcmp(tz_string, "BST") == 0 || strcmp(tz_string, "GMT") == 0) { - // British Time (GMT/BST) - TimeChangeRule gmt = {"GMT", Last, Sun, Oct, 2, 0}; // UTC+0 - TimeChangeRule bst = {"BST", Last, Sun, Mar, 1, 60}; // UTC+1 - return new Timezone(bst, gmt); - } else if (strcmp(tz_string, "CEST") == 0 || strcmp(tz_string, "CET") == 0) { - // Central European Time (CET/CEST) - TimeChangeRule cet = {"CET", Last, Sun, Oct, 3, 60}; // UTC+1 - TimeChangeRule cest = {"CEST", Last, Sun, Mar, 2, 120}; // UTC+2 - return new Timezone(cest, cet); - - // UTC and simple offsets - } else if (strcmp(tz_string, "UTC") == 0) { - TimeChangeRule utc = {"UTC", Last, Sun, Mar, 0, 0}; - return new Timezone(utc, utc); - } else if (strncmp(tz_string, "UTC", 3) == 0) { - // Handle UTC+/-X format (UTC-8, UTC+5, etc.) - int offset = atoi(tz_string + 3); - TimeChangeRule utc_offset = {"UTC", Last, Sun, Mar, 0, offset * 60}; - return new Timezone(utc_offset, utc_offset); - } else if (strncmp(tz_string, "GMT", 3) == 0) { - // Handle GMT+/-X format (GMT-8, GMT+5, etc.) - int offset = atoi(tz_string + 3); - TimeChangeRule gmt_offset = {"GMT", Last, Sun, Mar, 0, offset * 60}; - return new Timezone(gmt_offset, gmt_offset); - } else if (strncmp(tz_string, "+", 1) == 0 || strncmp(tz_string, "-", 1) == 0) { - // Handle simple +/-X format (+5, -8, etc.) - int offset = atoi(tz_string); - TimeChangeRule offset_tz = {"TZ", Last, Sun, Mar, 0, offset * 60}; - return new Timezone(offset_tz, offset_tz); - } else { - // Unknown timezone, return null - MQTT_DEBUG_PRINTLN("Unknown timezone: %s", tz_string); - return nullptr; - } -} - -void MQTTBridge::getClientVersion(char* buffer, size_t buffer_size) const { - if (!buffer || buffer_size == 0) { - return; - } - // Generate client version string in format "meshcore/{firmware_version}" - snprintf(buffer, buffer_size, "meshcore/%s", _firmware_version); -} - -void MQTTBridge::optimizeMqttClientConfig(PsychicMqttClient* client, bool is_analyzer_client) { - if (!client) return; - - // Buffer size selection (optimized for memory): - // - Analyzer clients: Need 896 bytes for CONNECT message with 768-byte JWT tokens - // (CONNECT message: ~10 bytes overhead + 70 bytes username + 768 bytes password = ~850 bytes) - // Reduced from 1024 to 896 (128 bytes saved) - still safe with ~46 bytes headroom - // - Main client: Can use 640 bytes (smaller than default 768, but safe for regular publishes) - // Most JSON messages are <500 bytes, CONNECT messages are smaller without JWT tokens - // Reduced from 768 to 640 (128 bytes saved) - still safe with ~140 bytes headroom - int buffer_size = is_analyzer_client ? 896 : 640; - - client->setBufferSize(buffer_size); - - // Access ESP-IDF config to optimize additional settings - esp_mqtt_client_config_t* config = client->getMqttConfig(); - if (config) { - #if defined(ESP_IDF_VERSION_MAJOR) && ESP_IDF_VERSION_MAJOR >= 5 - if (config->buffer.out_size == 0 || config->buffer.out_size > buffer_size) { - config->buffer.out_size = buffer_size; - } - #endif - } -} - -void MQTTBridge::logMemoryStatus() { - MQTT_DEBUG_PRINTLN("Memory: Free=%d, Max=%d, Queue=%d/%d", - ESP.getFreeHeap(), ESP.getMaxAllocHeap(), _queue_count, MAX_QUEUE_SIZE); -} - -#endif - diff --git a/src/helpers/bridges/MQTTBridge.h b/src/helpers/bridges/MQTTBridge.h deleted file mode 100644 index 1d2b31dae..000000000 --- a/src/helpers/bridges/MQTTBridge.h +++ /dev/null @@ -1,427 +0,0 @@ -#pragma once - -#include "MeshCore.h" -#include "helpers/bridges/BridgeBase.h" -#include -#include -#include -#include -#include -#include "helpers/JWTHelper.h" - -#ifdef ESP_PLATFORM -#include -#include -#include -#include -#endif - -#if defined(MQTT_DEBUG) && defined(ARDUINO) - #include - // USB CDC-aware debug macros: only print if Serial is ready (non-blocking check) - // Serial.availableForWrite() returns bytes available in write buffer (>0 means ready) - // This prevents hangs when USB CDC isn't ready yet (e.g., ESP32-S3 native USB) - #define MQTT_DEBUG_PRINT(F, ...) do { if (Serial.availableForWrite() > 0) { Serial.printf("MQTT: " F, ##__VA_ARGS__); } } while(0) - #define MQTT_DEBUG_PRINTLN(F, ...) do { if (Serial.availableForWrite() > 0) { Serial.printf("MQTT: " F "\n", ##__VA_ARGS__); } } while(0) -#else - #define MQTT_DEBUG_PRINT(...) {} - #define MQTT_DEBUG_PRINTLN(...) {} -#endif - -#ifdef WITH_MQTT_BRIDGE - -/** - * @brief Bridge implementation using MQTT protocol for packet transport - * - * This bridge enables mesh packet transport over MQTT, allowing repeaters to - * uplink packet data to multiple MQTT brokers for monitoring and analysis. - * - * Features: - * - Multiple MQTT broker support - * - Automatic reconnection with exponential backoff - * - JSON message formatting for status, packets, and raw data - * - Configurable topics and QoS levels - * - Packet queuing during connection issues - * - * Message Types: - * - Status: Device connection status and metadata - * - Packets: Full packet data with RF characteristics - * - Raw: Minimal raw packet data for map integration - * - * Configuration: - * - Define WITH_MQTT_BRIDGE to enable this bridge - * - Configure brokers via CLI commands - * - Set origin name and IATA code for topic structure - */ -class MQTTBridge : public BridgeBase { -private: - PsychicMqttClient* _mqtt_client; - - // MQTT broker configuration - struct MQTTBroker { - char host[64]; - uint16_t port; - char username[32]; - char password[64]; - char client_id[32]; - uint8_t qos; - bool enabled; - bool connected; - unsigned long last_attempt; - unsigned long reconnect_interval; - }; - - static const int MAX_MQTT_BROKERS_COUNT = 3; - MQTTBroker _brokers[MAX_MQTT_BROKERS_COUNT]; - int _active_brokers; - - // Message configuration - char _origin[32]; - char _iata[8]; - char _device_id[65]; // Device public key (hex string) - char _firmware_version[64]; // Firmware version string - char _board_model[64]; // Board model string - char _build_date[32]; // Build date string - bool _status_enabled; - bool _packets_enabled; - bool _raw_enabled; - bool _tx_enabled; - unsigned long _last_status_publish; - unsigned long _status_interval; - - // Packet queue for offline scenarios - struct QueuedPacket { - mesh::Packet* packet; - unsigned long timestamp; - bool is_tx; - // Store raw radio data with each packet to avoid it being overwritten - uint8_t raw_data[256]; - int raw_len; - float snr; - float rssi; - bool has_raw_data; - }; - - static const int MAX_QUEUE_SIZE = 10; - - // FreeRTOS queue for thread-safe packet queuing - #ifdef ESP_PLATFORM - QueueHandle_t _packet_queue_handle; - TaskHandle_t _mqtt_task_handle; - SemaphoreHandle_t _raw_data_mutex; // Mutex for raw radio data - #else - // Fallback to circular buffer for non-ESP32 platforms - QueuedPacket _packet_queue[MAX_QUEUE_SIZE]; - int _queue_head; - int _queue_tail; - #endif - int _queue_count; // Protected by queue operations or mutex - - // NTP time sync - WiFiUDP _ntp_udp; - NTPClient _ntp_client; - unsigned long _last_ntp_sync; - bool _ntp_synced; - bool _ntp_sync_pending; // Flag to trigger NTP sync from loop() instead of event handler - - // Timezone handling - Timezone* _timezone; - - // Raw radio data storage - uint8_t _last_raw_data[256]; - int _last_raw_len; - float _last_snr; - float _last_rssi; - unsigned long _last_raw_timestamp; - - // Let's Mesh Analyzer support - bool _analyzer_us_enabled; - bool _analyzer_eu_enabled; - char _auth_token_us[768]; // JWT token for US server authentication (increased for owner/client fields) - char _auth_token_eu[768]; // JWT token for EU server authentication (increased for owner/client fields) - char _analyzer_username[70]; // Username in format v1_{UPPERCASE_PUBLIC_KEY} - - // Token expiration tracking - unsigned long _token_us_expires_at; - unsigned long _token_eu_expires_at; - - // Memory pressure monitoring - unsigned long _last_memory_check; - int _skipped_publishes; // Count of skipped publishes due to memory pressure - unsigned long _last_token_renewal_attempt_us; - unsigned long _last_token_renewal_attempt_eu; - unsigned long _last_reconnect_attempt_us; - unsigned long _last_reconnect_attempt_eu; - - // Status publish retry tracking - unsigned long _last_status_retry; // Track last retry attempt (separate from successful publish) - static const unsigned long STATUS_RETRY_INTERVAL = 30000; // Retry every 30 seconds if failed - - // Device identity for JWT token creation - mesh::LocalIdentity *_identity; - - // PsychicMqttClient instances for different brokers - PsychicMqttClient* _analyzer_us_client; - PsychicMqttClient* _analyzer_eu_client; - - // Configuration validation state - bool _config_valid; - - // Cached broker connection status (updated in callbacks to avoid redundant checks) - bool _cached_has_brokers; - bool _cached_has_analyzer_servers; - - // Throttle logging for disconnected broker messages - unsigned long _last_no_broker_log; - static const unsigned long NO_BROKER_LOG_INTERVAL = 30000; // Log every 30 seconds max - - // Throttle logging for analyzer client disconnected messages - unsigned long _last_analyzer_us_log; - unsigned long _last_analyzer_eu_log; - static const unsigned long ANALYZER_LOG_INTERVAL = 30000; // Log every 30 seconds max - unsigned long _last_config_warning; // Throttle configuration mismatch warnings - static const unsigned long CONFIG_WARNING_INTERVAL = 300000; // Log every 5 minutes max - - // Optional pointers for collecting stats internally (set by mesh if available) - mesh::Dispatcher* _dispatcher; // For air times and errors - mesh::Radio* _radio; // For noise floor - mesh::MainBoard* _board; // For battery voltage - mesh::MillisecondClock* _ms; // For uptime - - // Internal methods - void connectToBrokers(); - void processPacketQueue(); - bool publishStatus(); // Returns true if status was successfully published - - // FreeRTOS task function (runs on Core 0) - #ifdef ESP_PLATFORM - static void mqttTask(void* parameter); - void mqttTaskLoop(); // Main loop for MQTT task - void initializeWiFiInTask(); // WiFi initialization moved to task - #endif - void publishPacket(mesh::Packet* packet, bool is_tx, - const uint8_t* raw_data = nullptr, int raw_len = 0, - float snr = 0.0f, float rssi = 0.0f); - void publishRaw(mesh::Packet* packet); - void queuePacket(mesh::Packet* packet, bool is_tx); - void dequeuePacket(); - bool isAnyBrokerConnected(); - void setBrokerDefaults(); - void syncTimeWithNTP(); - Timezone* createTimezoneFromString(const char* tz_string); - bool isMQTTConfigValid(); - void checkConfigurationMismatch(); // Check for bridge.source/mqtt.tx mismatch - bool isIATAValid() const; // Check if IATA code is configured - -public: - /** - * Constructs an MQTTBridge instance - * - * @param prefs Node preferences for configuration settings - * @param mgr PacketManager for allocating and queuing packets - * @param rtc RTCClock for timestamping debug messages - * @param identity Device identity for JWT token creation - */ - MQTTBridge(NodePrefs *prefs, mesh::PacketManager *mgr, mesh::RTCClock *rtc, mesh::LocalIdentity *identity); - - /** - * Initializes the MQTT bridge - * - * - Sets up default broker configuration - * - Initializes WiFi client - * - Prepares MQTT clients for each broker - */ - void begin() override; - - /** - * Stops the MQTT bridge - * - * - Disconnects from all brokers - * - Clears packet queue - * - Releases resources - */ - void end() override; - - /** - * Checks if MQTT configuration is valid - * - * @return true if all required MQTT settings are properly configured - */ - bool isConfigValid() const; - - /** - * Static method to validate MQTT configuration from preferences - * - * @param prefs Node preferences containing MQTT settings - * @return true if all required MQTT settings are properly configured - */ - static bool isConfigValid(const NodePrefs* prefs); - - /** - * Check if MQTT bridge is ready to operate (has WiFi credentials) - * - * @return true if WiFi credentials are configured and bridge can connect - */ - bool isReady() const; - - /** - * Main loop handler - * - Maintains broker connections - * - Processes packet queue - * - Publishes status updates - */ - void loop() override; - - /** - * Called when a packet is received via mesh - * Queues the packet for MQTT publishing if enabled - * - * @param packet The received mesh packet - */ - void onPacketReceived(mesh::Packet *packet) override; - - /** - * Called when a packet needs to be transmitted via MQTT - * Publishes the packet to all connected brokers - * - * @param packet The mesh packet to transmit - */ - void sendPacket(mesh::Packet *packet) override; - - /** - * Configure MQTT broker settings - * - * @param broker_index Broker index (0-2) - * @param host Broker hostname - * @param port Broker port - * @param username MQTT username - * @param password MQTT password - * @param enabled Whether broker is enabled - */ - void setBroker(int broker_index, const char* host, uint16_t port, - const char* username, const char* password, bool enabled); - - /** - * Set device origin name for MQTT topics - * - * @param origin Device name - */ - void setOrigin(const char* origin); - - /** - * Set IATA code for MQTT topics - * - * @param iata Airport code - */ - void setIATA(const char* iata); - - /** - * Set device public key for MQTT topics - * - * @param device_id Device public key (hex string) - */ - void setDeviceID(const char* device_id); - - /** - * Set firmware version for status messages - * - * @param firmware_version Firmware version string - */ - void setFirmwareVersion(const char* firmware_version); - - /** - * Set board model for status messages - * - * @param board_model Board model string - */ - void setBoardModel(const char* board_model); - - /** - * Set build date for client version - * - * @param build_date Build date string - */ - void setBuildDate(const char* build_date); - - /** - * Stores raw radio data for MQTT messages - * - * @param raw_data Raw radio transmission data - * @param len Length of raw data - * @param snr Signal-to-noise ratio - * @param rssi Received signal strength indicator - */ - void storeRawRadioData(const uint8_t* raw_data, int len, float snr, float rssi); - - // Let's Mesh Analyzer methods - void setupAnalyzerServers(); - bool createAuthToken(); - bool publishToAnalyzerServers(const char* topic, const char* payload, bool retained = false); // Returns true if at least one publish succeeded - - // PsychicMqttClient WebSocket methods - void setupAnalyzerClients(); - void maintainAnalyzerConnections(); - bool publishToAnalyzerClient(PsychicMqttClient* client, const char* topic, const char* payload, bool retained = false); // Returns true if publish succeeded - void publishStatusToAnalyzerClient(PsychicMqttClient* client, const char* server_name); - - /** - * Optimize MQTT client configuration for memory efficiency - * Reduces buffer sizes to minimize memory usage while maintaining functionality - * - * @param client MQTT client to optimize - * @param is_analyzer_client If true, uses larger buffer for JWT tokens (768 bytes) - */ - void optimizeMqttClientConfig(PsychicMqttClient* client, bool is_analyzer_client = false); - - /** - * Enable/disable message types - * - * @param status Enable status messages - * @param packets Enable packet messages - * @param raw Enable raw messages - */ - void setMessageTypes(bool status, bool packets, bool raw); - - /** - * Get connection status for all brokers - * - * @return Number of connected brokers - */ - int getConnectedBrokers() const; - - /** - * Get queue status - * - * @return Number of queued packets - */ - int getQueueSize() const; - - /** - * Set optional pointers for stats collection. - * If these are set, stats will be collected automatically when publishing status. - * - * @param dispatcher Dispatcher (or Mesh*) for air times and errors - * @param radio Radio for noise floor - * @param board MainBoard for battery voltage - * @param ms MillisecondClock for uptime - */ - void setStatsSources(mesh::Dispatcher* dispatcher, mesh::Radio* radio, - mesh::MainBoard* board, mesh::MillisecondClock* ms); - -private: - /** - * Generate client version string in format "meshcore/{firmware_version}" - * Memory-efficient: writes to provided buffer, no dynamic allocation - * - * @param buffer Buffer to write the client version string to - * @param buffer_size Size of the buffer (must be at least 64 bytes) - */ - void getClientVersion(char* buffer, size_t buffer_size) const; - - /** - * Log memory status for debugging - */ - void logMemoryStatus(); -}; - -#endif diff --git a/ssl_certs/cacert.pem b/ssl_certs/cacert.pem deleted file mode 100644 index f04c55123..000000000 --- a/ssl_certs/cacert.pem +++ /dev/null @@ -1,3556 +0,0 @@ -## -## Bundle of CA Root Certificates -## -## Certificate data from Mozilla as of: Tue Sep 9 03:12:01 2025 GMT -## -## Find updated versions here: https://curl.se/docs/caextract.html -## -## This is a bundle of X.509 certificates of public Certificate Authorities -## (CA). These were automatically extracted from Mozilla's root certificates -## file (certdata.txt). This file can be found in the mozilla source tree: -## https://raw.githubusercontent.com/mozilla-firefox/firefox/refs/heads/release/security/nss/lib/ckfw/builtins/certdata.txt -## -## It contains the certificates in PEM format and therefore -## can be directly used with curl / libcurl / php_curl, or with -## an Apache+mod_ssl webserver for SSL client authentication. -## Just configure this file as the SSLCACertificateFile. -## -## Conversion done with mk-ca-bundle.pl version 1.29. -## SHA256: 0078e6bdd280fd89e1b883174387aae84b3eae2ee263416a5f8a14ee7f179ae9 -## - - -Entrust Root Certification Authority -==================================== ------BEGIN CERTIFICATE----- -MIIEkTCCA3mgAwIBAgIERWtQVDANBgkqhkiG9w0BAQUFADCBsDELMAkGA1UEBhMCVVMxFjAUBgNV -BAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0Lm5ldC9DUFMgaXMgaW5jb3Jw -b3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMWKGMpIDIwMDYgRW50cnVzdCwgSW5jLjEtMCsG -A1UEAxMkRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTA2MTEyNzIwMjM0 -MloXDTI2MTEyNzIwNTM0MlowgbAxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMu -MTkwNwYDVQQLEzB3d3cuZW50cnVzdC5uZXQvQ1BTIGlzIGluY29ycG9yYXRlZCBieSByZWZlcmVu -Y2UxHzAdBgNVBAsTFihjKSAyMDA2IEVudHJ1c3QsIEluYy4xLTArBgNVBAMTJEVudHJ1c3QgUm9v -dCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -ALaVtkNC+sZtKm9I35RMOVcF7sN5EUFoNu3s/poBj6E4KPz3EEZmLk0eGrEaTsbRwJWIsMn/MYsz -A9u3g3s+IIRe7bJWKKf44LlAcTfFy0cOlypowCKVYhXbR9n10Cv/gkvJrT7eTNuQgFA/CYqEAOww -Cj0Yzfv9KlmaI5UXLEWeH25DeW0MXJj+SKfFI0dcXv1u5x609mhF0YaDW6KKjbHjKYD+JXGIrb68 -j6xSlkuqUY3kEzEZ6E5Nn9uss2rVvDlUccp6en+Q3X0dgNmBu1kmwhH+5pPi94DkZfs0Nw4pgHBN -rziGLp5/V6+eF67rHMsoIV+2HNjnogQi+dPa2MsCAwEAAaOBsDCBrTAOBgNVHQ8BAf8EBAMCAQYw -DwYDVR0TAQH/BAUwAwEB/zArBgNVHRAEJDAigA8yMDA2MTEyNzIwMjM0MlqBDzIwMjYxMTI3MjA1 -MzQyWjAfBgNVHSMEGDAWgBRokORnpKZTgMeGZqTx90tD+4S9bTAdBgNVHQ4EFgQUaJDkZ6SmU4DH -hmak8fdLQ/uEvW0wHQYJKoZIhvZ9B0EABBAwDhsIVjcuMTo0LjADAgSQMA0GCSqGSIb3DQEBBQUA -A4IBAQCT1DCw1wMgKtD5Y+iRDAUgqV8ZyntyTtSx29CW+1RaGSwMCPeyvIWonX9tO1KzKtvn1ISM -Y/YPyyYBkVBs9F8U4pN0wBOeMDpQ47RgxRzwIkSNcUesyBrJ6ZuaAGAT/3B+XxFNSRuzFVJ7yVTa -v52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE2jTS -W3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0 -tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/WrQ8 ------END CERTIFICATE----- - -QuoVadis Root CA 2 -================== ------BEGIN CERTIFICATE----- -MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT -EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQx -ODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM -aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4IC -DwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6 -XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yk -lvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbB -lDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGy -lZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt -66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1Jdxn -wQ5hYIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh -D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xFSkyy -BNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQliBJIWENie -J0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1Ud -DgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGU -a6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT -ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2fBluornFdLwUv -Z+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3ZRPx3 -UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodm -VjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK -+JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrW -IozchLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1 -WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5X -f6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II -4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8 -VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u ------END CERTIFICATE----- - -QuoVadis Root CA 3 -================== ------BEGIN CERTIFICATE----- -MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT -EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQx -OTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM -aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4IC -DwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNgg -DhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUrH556VOij -KTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd8lyyBTNvijbO0BNO/79K -DDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJKjdhkf2mrk7AyxRllDdLkgbv -BNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwp -p5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8 -nT8KKdjcT5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEX -MJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZc6tsgLjoC2SToJyM -Gf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A4iLItLRkT9a6fUg+qGkM17uGcclz -uD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHT -BgkrBgEEAb5YAAMwgcUwgZMGCCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmlj -YXRlIGNvbnN0aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0 -aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudC4wLQYIKwYB -BQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYD -VR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4 -ywLQoUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UE -AxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZV -qyM07ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSemd1o417+s -hvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4E6oM3kJpK27z -POuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2 -Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp -8kokUvd0/bpO5qgdAm6xDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBC -bjPsMZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6szHXu -g/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0jWy10QJLZYxkNc91p -vGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeTmJlglFwjz1onl14LBQaTNx47aTbr -qZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto= ------END CERTIFICATE----- - -DigiCert Assured ID Root CA -=========================== ------BEGIN CERTIFICATE----- -MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw -IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzEx -MTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL -ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0Ew -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO -9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHy -UmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW -/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpy -oeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf -GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF -66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq -hkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2Bc -EkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38Fn -SbNd67IJKusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i -8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe -+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g== ------END CERTIFICATE----- - -DigiCert Global Root CA -======================= ------BEGIN CERTIFICATE----- -MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw -HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAw -MDAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 -dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsBCSDMAZOn -TjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97nh6Vfe63SKMI2tavegw5 -BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt43C/dxC//AH2hdmoRBBYMql1GNXRor5H -4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7PT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y -7vrTC0LUq7dBMtoM1O/4gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQAB -o2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbRTLtm -8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQEF -BQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/EsrhMAtudXH/vTBH1jLuG2cenTnmCmr -EbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIt -tep3Sp+dWOIrWcBAI+0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886 -UAb3LujEV0lsYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk -CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= ------END CERTIFICATE----- - -DigiCert High Assurance EV Root CA -================================== ------BEGIN CERTIFICATE----- -MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSsw -KQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAw -MFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ -MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFu -Y2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0t -Mqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMS -OO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3 -MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQ -NAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUe -h10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMB -Af8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSY -JhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQ -V8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFp -myPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkK -mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe -vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K ------END CERTIFICATE----- - -SwissSign Gold CA - G2 -====================== ------BEGIN CERTIFICATE----- -MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUw -EwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcN -MDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp -c3NTaWduIEFHMR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0B -AQEFAAOCAg8AMIICCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUq -t2/876LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5C -jCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpg -vd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDF -ylqM2tIrfKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvR -AiTysybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend -jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69yFGkO -peUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je883WX0XaxR -7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kgeDrpOVG2Y4OGi -GqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw -AwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64 -OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov -L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe645R88a7A3hfm -5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr -44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOf -Mke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6m -Gu6uLftIdxf+u+yvGPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxp -mo/a77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJk -vC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLf -KzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2Br -NU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6Lqj -viOvrv1vA+ACOzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ ------END CERTIFICATE----- - -SecureTrust CA -============== ------BEGIN CERTIFICATE----- -MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQG -EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNVBAMTDlNlY3VyZVRy -dXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAe -BgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQX -OZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO0gMdA+9t -DWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uH -GFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b -01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmH -ursCAwEAAaOBnTCBmjATBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/ -BAUwAwEB/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYj -aHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ -KoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSu -SceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHf -mbx8IVQr5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZ -nMUFdAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR -3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE= ------END CERTIFICATE----- - -Secure Global CA -================ ------BEGIN CERTIFICATE----- -MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQG -EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBH -bG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEg -MB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwg -Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jx -YDiJiQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQ -bqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJwB1g -8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYV -HDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi -0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud -EwEB/wQFMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCswKaAn -oCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsGAQQBgjcVAQQDAgEA -MA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0LURYD7xh8yOOvaliTFGCRsoTciE6+ -OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXOH0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cn -CDpOGR86p1hcF895P4vkp9MmI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/5 -3CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc -f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW ------END CERTIFICATE----- - -COMODO Certification Authority -============================== ------BEGIN CERTIFICATE----- -MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UE -BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG -A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNVBAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1 -dGhvcml0eTAeFw0wNjEyMDEwMDAwMDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEb -MBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFD -T01PRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH -+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI2GqGd0S7WWaXUF601CxwRM/aN5VCaTww -xHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV -4EajcNxo2f8ESIl33rXp+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA -1KGzqSX+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5OnKVI -rLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAOBgNVHQ8BAf8E -BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmNvbW9k -b2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOC -AQEAPpiem/Yb6dc5t3iuHXIYSdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CP -OGEIqB6BCsAvIC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/ -RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmc -IGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5ddBA6+C4OmF4O5MBKgxTMVBbkN -+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IBZQ== ------END CERTIFICATE----- - -COMODO ECC Certification Authority -================================== ------BEGIN CERTIFICATE----- -MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMC -R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE -ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB -dXRob3JpdHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0Ix -GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR -Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRo -b3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlILBs5BAH+X -4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8vCVlbpVsLM5ni -wz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8E -BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VG -FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA -U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY= ------END CERTIFICATE----- - -Certigna -======== ------BEGIN CERTIFICATE----- -MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNVBAYTAkZSMRIw -EAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4XDTA3MDYyOTE1MTMwNVoXDTI3 -MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwI -Q2VydGlnbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7q -XOEm7RFHYeGifBZ4QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyH -GxnygQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbwzBfsV1/p -ogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q130yGLMLLGq/jj8UEYkg -DncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKf -Irjxwo1p3Po6WAbfAgMBAAGjgbwwgbkwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQ -tCRZvgHyUtVF9lo53BEwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJ -BgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzjAQ/J -SP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAQEA -hQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8hbV6lUmPOEvjvKtpv6zf+EwLHyzs+ -ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFncfca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1klu -PBS1xp81HlDQwY9qcEQCYsuuHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY -1gkIl2PlwS6wt0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw -WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg== ------END CERTIFICATE----- - -ePKI Root Certification Authority -================================= ------BEGIN CERTIFICATE----- -MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQG -EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kg -Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMx -MjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEq -MCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0B -AQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAHSyZbCUNs -IZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAhijHyl3SJCRImHJ7K2RKi -lTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PRYfl61dd4s5oz9wCGzh1NlDiv -qOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX -12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0O -WQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+ -ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnao -lQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pHdmX2Os+PYhcZewoozRrSgx4hxyy/ -vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXi -Zo1jDiVN1Rmy5nk3pyKdVDECAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/Qkqi -MAwGA1UdEwQFMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH -ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B0 -1GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzq -KOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdV -xrsStZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEP -NXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+r -GNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUBo2M3IUxE -xJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjpKdx2qcgw+BRx -gMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C6pSe3VkQw63d4k3jMdXH7Ojy -sP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmOD -BCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZw= ------END CERTIFICATE----- - -certSIGN ROOT CA -================ ------BEGIN CERTIFICATE----- -MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYTAlJPMREwDwYD -VQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTAeFw0wNjA3MDQxNzIwMDRa -Fw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UE -CxMQY2VydFNJR04gUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7I -JUqOtdu0KBuqV5Do0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHH -rfAQUySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5dRdY4zTW2 -ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQOA7+j0xbm0bqQfWwCHTD -0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwvJoIQ4uNllAoEwF73XVv4EOLQunpL+943 -AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B -Af8EBAMCAcYwHQYDVR0OBBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IB -AQA+0hyJLjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecYMnQ8 -SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ44gx+FkagQnIl6Z0 -x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6IJd1hJyMctTEHBDa0GpC9oHRxUIlt -vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz -TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD ------END CERTIFICATE----- - -NetLock Arany (Class Gold) Főtanúsítvány -======================================== ------BEGIN CERTIFICATE----- -MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8G -A1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610 -dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBB -cmFueSAoQ2xhc3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgx -MjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxO -ZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlv -biBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6 -c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu -0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw -/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAk -H3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdw -fzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr+UBdADTHLpl1 -neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIB -BjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwW -qZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta -YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC -bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2FuLjbvrW5Kfna -NwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQu -dZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E= ------END CERTIFICATE----- - -Microsec e-Szigno Root CA 2009 -============================== ------BEGIN CERTIFICATE----- -MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYDVQQGEwJIVTER -MA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jv -c2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o -dTAeFw0wOTA2MTYxMTMwMThaFw0yOTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UE -BwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUt -U3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvPkd6mJviZpWNwrZuuyjNA -fW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tccbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG -0IMZfcChEhyVbUr02MelTTMuhTlAdX4UfIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKA -pxn1ntxVUwOXewdI/5n7N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm -1HxdrtbCxkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1+rUC -AwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTLD8bf -QkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAbBgNVHREE -FDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqGSIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0o -lZMEyL/azXm4Q5DwpL7v8u8hmLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfX -I/OMn74dseGkddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775 -tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c2Pm2G2JwCz02 -yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5tHMN1Rq41Bab2XD0h7lbwyYIi -LXpUq3DDfSJlgnCW ------END CERTIFICATE----- - -GlobalSign Root CA - R3 -======================= ------BEGIN CERTIFICATE----- -MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xv -YmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh -bFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT -aWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln -bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWt -iHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ -0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3 -rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjl -OCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2 -xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE -FI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7 -lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8 -EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdBj+1E -bddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18 -YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7r -kpeDMdmztcpHWD9f ------END CERTIFICATE----- - -Izenpe.com -========== ------BEGIN CERTIFICATE----- -MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQG -EwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEz -MTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMu -QS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ -03rKDx6sp4boFmVqscIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAK -ClaOxdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU -+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXC -PCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxT -OTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbK -F7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK -0GqfvEyNBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8Lhij+ -0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIBQFqNeb+Lz0vPqhbB -leStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+HMh3/1uaD7euBUbl8agW7EekFwID -AQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2luZm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+ -SVpFTlBFIFMuQS4gLSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBG -NjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx -MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O -BBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6l -Fn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbga -kEyrkgPH7UIBzg/YsfqikuFgba56awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8q -hT/AQKM6WfxZSzwoJNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Cs -g1lwLDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5 -aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mrZJfQRsN5 -nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqtujWTI6cfSN01RpiyEGjkpTHC -ClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZo -Q0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z -WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw== ------END CERTIFICATE----- - -Go Daddy Root Certificate Authority - G2 -======================================== ------BEGIN CERTIFICATE----- -MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT -B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMu -MTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5 -MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 -b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8G -A1UEAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKDE6bFIEMBO4Tx5oVJnyfq -9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD -+qK+ihVqf94Lw7YZFAXK6sOoBJQ7RnwyDfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutd -fMh8+7ArU6SSYmlRJQVhGkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMl -NAJWJwGRtDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEAAaNC -MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9 -BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmXWWcDYfF+OwYxdS2hII5PZYe096ac -vNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r -5N9ss4UXnT3ZJE95kTXWXwTrgIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYV -N8Gb5DKj7Tjo2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO -LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI4uJEvlz36hz1 ------END CERTIFICATE----- - -Starfield Root Certificate Authority - G2 -========================================= ------BEGIN CERTIFICATE----- -MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT -B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s -b2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0 -eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAw -DgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQg -VGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBB -dXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3twQP89o/8ArFv -W59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMgnLRJdzIpVv257IzdIvpy3Cdhl+72WoTs -bhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNk -N3mSwOxGXn/hbVNMYq/NHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7Nf -ZTD4p7dNdloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0HZbU -JtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC -AQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0GCSqGSIb3DQEBCwUAA4IBAQARWfol -TwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjUsHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx -4mcujJUDJi5DnUox9g61DLu34jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUw -F5okxBDgBPfg8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K -pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1mMpYjn0q7pBZ -c2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0 ------END CERTIFICATE----- - -Starfield Services Root Certificate Authority - G2 -================================================== ------BEGIN CERTIFICATE----- -MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT -B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s -b2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRl -IEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNV -BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxT -dGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2VydmljZXMg -Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC -AQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2 -h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4Pa -hHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLP -LJGmpufehRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFB -rMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUw -AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqG -SIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPP -E95Dz+I0swSdHynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTy -xQGjhdByPq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd -iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jza -YyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6 ------END CERTIFICATE----- - -AffirmTrust Commercial -====================== ------BEGIN CERTIFICATE----- -MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCVVMxFDAS -BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMB4XDTEw -MDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly -bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6Eqdb -DuKPHx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yrba0F8PrV -C8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPALMeIrJmqbTFeurCA+ukV6 -BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1yHp52UKqK39c/s4mT6NmgTWvRLpUHhww -MmWd5jyTXlBOeuM61G7MGvv50jeuJCqrVwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNV -HQ4EFgQUnZPGU4teyq8/nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC -AQYwDQYJKoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYGXUPG -hi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNjvbz4YYCanrHOQnDi -qX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivtZ8SOyUOyXGsViQK8YvxO8rUzqrJv -0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9gN53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0kh -sUlHRUe072o0EclNmsxZt9YCnlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8= ------END CERTIFICATE----- - -AffirmTrust Networking -====================== ------BEGIN CERTIFICATE----- -MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UEBhMCVVMxFDAS -BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMB4XDTEw -MDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly -bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEF -AAOCAQ8AMIIBCgKCAQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SE -Hi3yYJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbuakCNrmreI -dIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRLQESxG9fhwoXA3hA/Pe24 -/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gb -h+0t+nvujArjqWaJGctB+d1ENmHP4ndGyH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNV -HQ4EFgQUBx/S55zawm6iQLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC -AQYwDQYJKoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfOtDIu -UFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzuQY0x2+c06lkh1QF6 -12S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZLgo/bNjR9eUJtGxUAArgFU2HdW23 -WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4uolu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9 -/ZFvgrG+CJPbFEfxojfHRZ48x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s= ------END CERTIFICATE----- - -AffirmTrust Premium -=================== ------BEGIN CERTIFICATE----- -MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UEBhMCVVMxFDAS -BgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMB4XDTEwMDEy -OTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRy -dXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A -MIICCgKCAgEAxBLfqV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtn -BKAQJG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ+jjeRFcV -5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrSs8PhaJyJ+HoAVt70VZVs -+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmd -GPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d770O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5R -p9EixAqnOEhss/n/fauGV+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NI -S+LI+H+SqHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S5u04 -6uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4IaC1nEWTJ3s7xgaVY5 -/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TXOwF0lkLgAOIua+rF7nKsu7/+6qqo -+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYEFJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB -/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByv -MiPIs0laUZx2KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg -Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B8OWycvpEgjNC -6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQMKSOyARiqcTtNd56l+0OOF6S -L5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK -+4w1IX2COPKpVJEZNZOUbWo6xbLQu4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmV -BtWVyuEklut89pMFu+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFg -IxpHYoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8GKa1qF60 -g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaORtGdFNrHF+QFlozEJLUb -zxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6eKeC2uAloGRwYQw== ------END CERTIFICATE----- - -AffirmTrust Premium ECC -======================= ------BEGIN CERTIFICATE----- -MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMCVVMxFDASBgNV -BAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQcmVtaXVtIEVDQzAeFw0xMDAx -MjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U -cnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQA -IgNiAAQNMF4bFZ0D0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQ -N8O9ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0GA1UdDgQW -BBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAK -BggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/VsaobgxCd05DhT1wV/GzTjxi+zygk8N53X -57hG8f2h4nECMEJZh0PUUd+60wkyWs6Iflc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKM -eQ== ------END CERTIFICATE----- - -Certum Trusted Network CA -========================= ------BEGIN CERTIFICATE----- -MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQK -ExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIy -MTIwNzM3WhcNMjkxMjMxMTIwNzM3WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU -ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rHUV+rpDKmYYe2bg+G0jAC -l/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LMTXPb865Px1bVWqeWifrzq2jUI4ZZJ88J -J7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVUBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4 -fOQtf/WsX+sWn7Et0brMkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0 -cvW0QM8xAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNVHRMB -Af8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNVHQ8BAf8EBAMCAQYw -DQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15ysHhE49wcrwn9I0j6vSrEuVUEtRCj -jSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfLI9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1 -mS1FhIrlQgnXdAIv94nYmem8J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5aj -Zt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI -03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw= ------END CERTIFICATE----- - -TWCA Root Certification Authority -================================= ------BEGIN CERTIFICATE----- -MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJ -VEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMzWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQG -EwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NB -IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFEAcK0HMMx -QhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HHK3XLfJ+utdGdIzdjp9xC -oi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeXRfwZVzsrb+RH9JlF/h3x+JejiB03HFyP -4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/zrX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1r -y+UPizgN7gr8/g+YnzAx3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB -BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkqhkiG -9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeCMErJk/9q56YAf4lC -mtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdlsXebQ79NqZp4VKIV66IIArB6nCWlW -QtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVY -T0bf+215WfKEIlKuD8z7fDvnaspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocny -Yh0igzyXxfkZYiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw== ------END CERTIFICATE----- - -Security Communication RootCA2 -============================== ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc -U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVuaWNh -dGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoXDTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMC -SlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3Vy -aXR5IENvbW11bmljYXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -ANAVOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGrzbl+dp++ -+T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVMVAX3NuRFg3sUZdbcDE3R -3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQhNBqyjoGADdH5H5XTz+L62e4iKrFvlNV -spHEfbmwhRkGeC7bYRr6hfVKkaHnFtWOojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1K -EOtOghY6rCcMU/Gt1SSwawNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8 -QIH4D5csOPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB -CwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpFcoJxDjrSzG+ntKEj -u/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXcokgfGT+Ok+vx+hfuzU7jBBJV1uXk -3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6q -tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29 -mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03 ------END CERTIFICATE----- - -Actalis Authentication Root CA -============================== ------BEGIN CERTIFICATE----- -MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAM -BgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UE -AwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDky -MjExMjIwMlowazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlz -IFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290 -IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJ -wkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZa -by/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6 -zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f -YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2 -oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2Fbe8l -EfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w6D9Fz8+vm2/7 -hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf1xcGDXqVdFUNaBr8 -EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5 -jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLY -iDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt -ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQALe3KHwGCmSUyI -WOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0 -JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKx -K3JCaKygvU5a2hi/a5iB0P2avl4VSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+ -Xlff1ANATIGk0k9jpwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC -4yyXX04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo -2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhz -lefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXem -OR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9 -vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg== ------END CERTIFICATE----- - -Buypass Class 2 Root CA -======================= ------BEGIN CERTIFICATE----- -MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU -QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMB4X -DTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1owTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1 -eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIw -DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1 -g1Lr6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPVL4O2fuPn -9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC911K2GScuVr1QGbNgGE41b -/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHxMlAQTn/0hpPshNOOvEu/XAFOBz3cFIqU -CqTqc/sLUegTBxj6DvEr0VQVfTzh97QZQmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeff -awrbD02TTqigzXsu8lkBarcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgI -zRFo1clrUs3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLiFRhn -Bkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRSP/TizPJhk9H9Z2vX -Uq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN9SG9dKpN6nIDSdvHXx1iY8f93ZHs -M+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxPAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD -VR0OBBYEFMmAd+BikoL1RpzzuvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF -AAOCAgEAU18h9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s -A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3tOluwlN5E40EI -osHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo+fsicdl9sz1Gv7SEr5AcD48S -aq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYd -DnkM/crqJIByw5c/8nerQyIKx+u2DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWD -LfJ6v9r9jv6ly0UsH8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0 -oyLQI+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK75t98biGC -wWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h3PFaTWwyI0PurKju7koS -CTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPzY11aWOIv4x3kqdbQCtCev9eBCfHJxyYN -rJgWVqA= ------END CERTIFICATE----- - -Buypass Class 3 Root CA -======================= ------BEGIN CERTIFICATE----- -MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU -QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMyBSb290IENBMB4X -DTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFowTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1 -eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIw -DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRH -sJ8YZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3EN3coTRiR -5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9tznDDgFHmV0ST9tD+leh -7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX0DJq1l1sDPGzbjniazEuOQAnFN44wOwZ -ZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH -2xc519woe2v1n/MuwU8XKhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV -/afmiSTYzIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvSO1UQ -RwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D34xFMFbG02SrZvPA -Xpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgPK9Dx2hzLabjKSWJtyNBjYt1gD1iq -j6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD -VR0OBBYEFEe4zf/lb+74suwvTg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF -AAOCAgEAACAjQTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV -cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXSIGrs/CIBKM+G -uIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2HJLw5QY33KbmkJs4j1xrG0aG -Q0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsaO5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8 -ZORK15FTAaggiG6cX0S5y2CBNOxv033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2 -KSb12tjE8nVhz36udmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz -6MkEkbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg413OEMXbug -UZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvDu79leNKGef9JOxqDDPDe -eOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq4/g7u9xN12TyUb7mqqta6THuBrxzvxNi -Cp/HuZc= ------END CERTIFICATE----- - -T-TeleSec GlobalRoot Class 3 -============================ ------BEGIN CERTIFICATE----- -MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM -IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU -cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgx -MDAxMTAyOTU2WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz -dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD -ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK -9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YU -NpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZF -iP0Zf3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W -0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGjQjBA -MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GCahKqGFPr -AyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGwUgC4TeQbIXQb -fsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzT -ucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7h -P0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml -e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWw== ------END CERTIFICATE----- - -D-TRUST Root Class 3 CA 2 2009 -============================== ------BEGIN CERTIFICATE----- -MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQK -DAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTAe -Fw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NThaME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxE -LVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIw -DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOAD -ER03UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42tSHKXzlA -BF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9RySPocq60vFYJfxLLHLGv -KZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsMlFqVlNpQmvH/pStmMaTJOKDfHR+4CS7z -p+hnUquVH+BGPtikw8paxTGA6Eian5Rp/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUC -AwEAAaOCARowggEWMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ -4PGEMA4GA1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVjdG9y -eS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUyMENBJTIwMiUyMDIw -MDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwQ6BBoD+G -PWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAw -OS5jcmwwDQYJKoZIhvcNAQELBQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm -2H6NMLVwMeniacfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0 -o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4KzCUqNQT4YJEV -dT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8PIWmawomDeCTmGCufsYkl4ph -X5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3YJohw1+qRzT65ysCQblrGXnRl11z+o+I= ------END CERTIFICATE----- - -D-TRUST Root Class 3 CA 2 EV 2009 -================================= ------BEGIN CERTIFICATE----- -MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK -DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw -OTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK -DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw -OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfS -egpnljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHh -zRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T -7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60 -sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure35 -11H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyv -cop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFwOi8v -ZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xhc3MlMjAzJTIwQ0El -MjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRp -b25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xh -c3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+ -PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05 -nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lX -ANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudA -NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVv -w9y4AyHqnxbxLFS1 ------END CERTIFICATE----- - -CA Disig Root R2 -================ ------BEGIN CERTIFICATE----- -MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlNLMRMw -EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp -ZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQyMDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sx -EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp -c2lnIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbC -w3OeNcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNHPWSb6Wia -xswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3Ix2ymrdMxp7zo5eFm1tL7 -A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbeQTg06ov80egEFGEtQX6sx3dOy1FU+16S -GBsEWmjGycT6txOgmLcRK7fWV8x8nhfRyyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqV -g8NTEQxzHQuyRpDRQjrOQG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa -5Beny912H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJQfYE -koopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUDi/ZnWejBBhG93c+A -Ak9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORsnLMOPReisjQS1n6yqEm70XooQL6i -Fh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNV -HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5u -Qu0wDQYJKoZIhvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM -tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqfGopTpti72TVV -sRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkblvdhuDvEK7Z4bLQjb/D907Je -dR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka+elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W8 -1k/BfDxujRNt+3vrMNDcTa/F1balTFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjx -mHHEt38OFdAlab0inSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01 -utI3gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18DrG5gPcFw0 -sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3OszMOl6W8KjptlwlCFtaOg -UxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8xL4ysEr3vQCj8KWefshNPZiTEUxnpHikV -7+ZtsH8tZ/3zbBt1RqPlShfppNcL ------END CERTIFICATE----- - -ACCVRAIZ1 -========= ------BEGIN CERTIFICATE----- -MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UEAwwJQUNDVlJB -SVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQswCQYDVQQGEwJFUzAeFw0xMTA1 -MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQBgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwH -UEtJQUNDVjENMAsGA1UECgwEQUNDVjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4IC -DwAwggIKAoICAQCbqau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gM -jmoYHtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWoG2ioPej0 -RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpAlHPrzg5XPAOBOp0KoVdD -aaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhrIA8wKFSVf+DuzgpmndFALW4ir50awQUZ -0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDG -WuzndN9wrqODJerWx5eHk6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs7 -8yM2x/474KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMOm3WR -5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpacXpkatcnYGMN285J -9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPluUsXQA+xtrn13k/c4LOsOxFwYIRK -Q26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYIKwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRw -Oi8vd3d3LmFjY3YuZXMvZmlsZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEu -Y3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2 -VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeTVfZW6oHlNsyM -Hj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIGCCsGAQUFBwICMIIBFB6CARAA -QQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUAcgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBh -AO0AegAgAGQAZQAgAGwAYQAgAEEAQwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUA -YwBuAG8AbABvAGcA7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBj -AHQAcgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAAQwBQAFMA -IABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUAczAwBggrBgEFBQcCARYk -aHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2MuaHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0 -dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRtaW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2 -MV9kZXIuY3JsMA4GA1UdDwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZI -hvcNAQEFBQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdpD70E -R9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gUJyCpZET/LtZ1qmxN -YEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+mAM/EKXMRNt6GGT6d7hmKG9Ww7Y49 -nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepDvV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJ -TS+xJlsndQAJxGJ3KQhfnlmstn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3 -sCPdK6jT2iWH7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h -I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szAh1xA2syVP1Xg -Nce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xFd3+YJ5oyXSrjhO7FmGYvliAd -3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2HpPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3p -EfbRD0tVNEYqi4Y7 ------END CERTIFICATE----- - -TWCA Global Root CA -=================== ------BEGIN CERTIFICATE----- -MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcxEjAQBgNVBAoT -CVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMTVFdDQSBHbG9iYWwgUm9vdCBD -QTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQK -EwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3Qg -Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2C -nJfF10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz0ALfUPZV -r2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfChMBwqoJimFb3u/Rk28OKR -Q4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbHzIh1HrtsBv+baz4X7GGqcXzGHaL3SekV -tTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1W -KKD+u4ZqyPpcC1jcxkt2yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99 -sy2sbZCilaLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYPoA/p -yJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQABDzfuBSO6N+pjWxn -kjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcEqYSjMq+u7msXi7Kx/mzhkIyIqJdI -zshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMC -AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6g -cFGn90xHNcgL1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn -LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WFH6vPNOw/KP4M -8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNoRI2T9GRwoD2dKAXDOXC4Ynsg -/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlg -lPx4mI88k1HtQJAH32RjJMtOcQWh15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryP -A9gK8kxkRr05YuWW6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3m -i4TWnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5jwa19hAM8 -EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWzaGHQRiapIVJpLesux+t3 -zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmyKwbQBM0= ------END CERTIFICATE----- - -TeliaSonera Root CA v1 -====================== ------BEGIN CERTIFICATE----- -MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAwNzEUMBIGA1UE -CgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJvb3QgQ0EgdjEwHhcNMDcxMDE4 -MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwW -VGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+ -6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA -3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75Ljo1k -B1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJjmhn -Xb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxH -oLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3 -F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJ -oWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4pgd7 -gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTwEhDc -TwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVNAgMB -AAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qW -DNXr+nuqF+gTEjANBgkqhkiG9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNm -zqjMDfz1mgbldxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx -0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1TjTQpgcmLNkQfW -pb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBedY2gea+zDTYa4EzAvXUYNR0PV -G6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpc -c41teyWRyu5FrgZLAMzTsVlQ2jqIOylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOT -JsjrDNYmiLbAJM+7vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2 -qReWt88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcnHL/EVlP6 -Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVxSK236thZiNSQvxaz2ems -WWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY= ------END CERTIFICATE----- - -T-TeleSec GlobalRoot Class 2 -============================ ------BEGIN CERTIFICATE----- -MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM -IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU -cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgx -MDAxMTA0MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz -dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD -ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqvNK38DcLZ -SBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/F -vudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx970 -2cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGV -WOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGjQjBA -MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXy -YdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhyNsZt+U2e+iKo4YFWz827n+qrkRk4 -r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNf -vNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR -3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN -9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6Fuwg== ------END CERTIFICATE----- - -Atos TrustedRoot 2011 -===================== ------BEGIN CERTIFICATE----- -MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UEAwwVQXRvcyBU -cnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0xMTA3MDcxNDU4 -MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMMFUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsG -A1UECgwEQXRvczELMAkGA1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV -hTuXbyo7LjvPpvMpNb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr -54rMVD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+SZFhyBH+ -DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ4J7sVaE3IqKHBAUsR320 -HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0Lcp2AMBYHlT8oDv3FdU9T1nSatCQujgKR -z3bFmx5VdJx4IbHwLfELn8LVlhgf8FQieowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7R -l+lwrrw7GWzbITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZ -bNshMBgGA1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB -CwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8jvZfza1zv7v1Apt+h -k6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kPDpFrdRbhIfzYJsdHt6bPWHJxfrrh -TZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pcmaHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a9 -61qn8FYiqTxlVMYVqL2Gns2Dlmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G -3mB/ufNPRJLvKrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed ------END CERTIFICATE----- - -QuoVadis Root CA 1 G3 -===================== ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQELBQAwSDELMAkG -A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv -b3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJN -MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEg -RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakE -PBtVwedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWerNrwU8lm -PNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF34168Xfuw6cwI2H44g4hWf6 -Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh4Pw5qlPafX7PGglTvF0FBM+hSo+LdoIN -ofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXpUhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/l -g6AnhF4EwfWQvTA9xO+oabw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV -7qJZjqlc3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/GKubX -9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSthfbZxbGL0eUQMk1f -iyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KOTk0k+17kBL5yG6YnLUlamXrXXAkg -t3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOtzCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD -AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZI -hvcNAQELBQADggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC -MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2cDMT/uFPpiN3 -GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUNqXsCHKnQO18LwIE6PWThv6ct -Tr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP -+V04ikkwj+3x6xn0dxoxGE1nVGwvb2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh -3jRJjehZrJ3ydlo28hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fa -wx/kNSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNjZgKAvQU6 -O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhpq1467HxpvMc7hU6eFbm0 -FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFtnh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOV -hMJKzRwuJIczYOXD ------END CERTIFICATE----- - -QuoVadis Root CA 2 G3 -===================== ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQELBQAwSDELMAkG -A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv -b3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJN -MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIg -RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFh -ZiFfqq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMWn4rjyduY -NM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ymc5GQYaYDFCDy54ejiK2t -oIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+O7q414AB+6XrW7PFXmAqMaCvN+ggOp+o -MiwMzAkd056OXbxMmO7FGmh77FOm6RQ1o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+l -V0POKa2Mq1W/xPtbAd0jIaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZo -L1NesNKqIcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz8eQQ -sSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43ehvNURG3YBZwjgQQvD -6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l7ZizlWNof/k19N+IxWA1ksB8aRxh -lRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALGcC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTAD -AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZI -hvcNAQELBQADggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66 -AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RCroijQ1h5fq7K -pVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0GaW/ZZGYjeVYg3UQt4XAoeo0L9 -x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4nlv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgz -dWqTHBLmYF5vHX/JHyPLhGGfHoJE+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6X -U/IyAgkwo1jwDQHVcsaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+Nw -mNtddbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNgKCLjsZWD -zYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeMHVOyToV7BjjHLPj4sHKN -JeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4WSr2Rz0ZiC3oheGe7IUIarFsNMkd7Egr -O3jtZsSOeWmD3n+M ------END CERTIFICATE----- - -QuoVadis Root CA 3 G3 -===================== ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQELBQAwSDELMAkG -A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv -b3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJN -MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMg -RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286 -IxSR/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNuFoM7pmRL -Mon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXRU7Ox7sWTaYI+FrUoRqHe -6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+cra1AdHkrAj80//ogaX3T7mH1urPnMNA3 -I4ZyYUUpSFlob3emLoG+B01vr87ERRORFHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3U -VDmrJqMz6nWB2i3ND0/kA9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f7 -5li59wzweyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634RylsSqi -Md5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBpVzgeAVuNVejH38DM -dyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0QA4XN8f+MFrXBsj6IbGB/kE+V9/Yt -rQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD -AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZI -hvcNAQELBQADggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px -KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnIFUBhynLWcKzS -t/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5WvvoxXqA/4Ti2Tk08HS6IT7SdEQ -TXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFgu/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9Du -DcpmvJRPpq3t/O5jrFc/ZSXPsoaP0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGib -Ih6BJpsQBJFxwAYf3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmD -hPbl8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+DhcI00iX -0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HNPlopNLk9hM6xZdRZkZFW -dSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ywaZWWDYWGWVjUTR939+J399roD1B0y2 -PpxxVJkES/1Y+Zj0 ------END CERTIFICATE----- - -DigiCert Assured ID Root G2 -=========================== ------BEGIN CERTIFICATE----- -MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw -IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgw -MTE1MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL -ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSAn61UQbVH -35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4HteccbiJVMWWXvdMX0h5i89vq -bFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9HpEgjAALAcKxHad3A2m67OeYfcgnDmCXRw -VWmvo2ifv922ebPynXApVfSr/5Vh88lAbx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OP -YLfykqGxvYmJHzDNw6YuYjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+Rn -lTGNAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTO -w0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPIQW5pJ6d1Ee88hjZv -0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I0jJmwYrA8y8678Dj1JGG0VDjA9tz -d29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4GnilmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAW -hsI6yLETcDbYz+70CjTVW0z9B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0M -jomZmWzwPDCvON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo -IhNzbM8m9Yop5w== ------END CERTIFICATE----- - -DigiCert Assured ID Root G3 -=========================== ------BEGIN CERTIFICATE----- -MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV -UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYD -VQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1 -MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQ -BgcqhkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJfZn4f5dwb -RXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17QRSAPWXYQ1qAk8C3eNvJs -KTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgF -UaFNN6KDec6NHSrkhDAKBggqhkjOPQQDAwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5Fy -YZ5eEJJZVrmDxxDnOOlYJjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy -1vUhZscv6pZjamVFkpUBtA== ------END CERTIFICATE----- - -DigiCert Global Root G2 -======================= ------BEGIN CERTIFICATE----- -MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw -HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUx -MjAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 -dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkq -hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI2/Ou8jqJ -kTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx1x7e/dfgy5SDN67sH0NO -3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQq2EGnI/yuum06ZIya7XzV+hdG82MHauV -BJVJ8zUtluNJbd134/tJS7SsVQepj5WztCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyM -UNGPHgm+F6HmIcr9g+UQvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQAB -o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV5uNu -5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY1Yl9PMWLSn/pvtsr -F9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4NeF22d+mQrvHRAiGfzZ0JFrabA0U -WTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBH -QRFXGU7Aj64GxJUTFy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/ -iyK5S9kJRaTepLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl -MrY= ------END CERTIFICATE----- - -DigiCert Global Root G3 -======================= ------BEGIN CERTIFICATE----- -MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJV -UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYD -VQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAw -MDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5k -aWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0C -AQYFK4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6O -YwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0IwQDAP -BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNp -Yim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y -3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34 -VOKa5Vt8sycX ------END CERTIFICATE----- - -DigiCert Trusted Root G4 -======================== ------BEGIN CERTIFICATE----- -MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBiMQswCQYDVQQG -EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEw -HwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1 -MTIwMDAwWjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 -d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0G -CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEp -pz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllVcq9o -k3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7Fsa -vOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGY -QJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6 -MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtm -mnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7 -f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFH -dL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8 -oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud -DwEB/wQEAwIBhjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD -ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2SV1EY+CtnJYY -ZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd+SeuMIW59mdNOj6PWTkiU0Tr -yF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWcfFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy -7zBZLq7gcfJW5GqXb5JQbZaNaHqasjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iah -ixTXTBmyUEFxPT9NcCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN -5r5N0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie4u1Ki7wb -/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mIr/OSmbaz5mEP0oUA51Aa -5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tK -G48BtieVU+i2iW1bvGjUI+iLUaJW+fCmgKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP -82Z+ ------END CERTIFICATE----- - -COMODO RSA Certification Authority -================================== ------BEGIN CERTIFICATE----- -MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE -BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG -A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC -R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE -ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB -dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn -dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ -FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+ -5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG -x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX -2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL -OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3 -sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C -GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5 -WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E -FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w -DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt -rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+ -nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg -tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW -sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp -pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA -zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq -ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52 -7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I -LaZRfyHBNVOFBkpdn627G190 ------END CERTIFICATE----- - -USERTrust RSA Certification Authority -===================================== ------BEGIN CERTIFICATE----- -MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UE -BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK -ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UE -BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK -ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh -dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCAEmUXNg7D2wiz -0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2j -Y0K2dvKpOyuR+OJv0OwWIJAJPuLodMkYtJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFn -RghRy4YUVD+8M/5+bJz/Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O -+T23LLb2VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT79uq -/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6c0Plfg6lZrEpfDKE -Y1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmTYo61Zs8liM2EuLE/pDkP2QKe6xJM -lXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97lc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8 -yexDJtC/QV9AqURE9JnnV4eeUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+ -eLf8ZxXhyVeEHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd -BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF -MAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPFUp/L+M+ZBn8b2kMVn54CVVeW -FPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KOVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ -7l8wXEskEVX/JJpuXior7gtNn3/3ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQ -Eg9zKC7F4iRO/Fjs8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM -8WcRiQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYzeSf7dNXGi -FSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZXHlKYC6SQK5MNyosycdi -yA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9c -J2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRBVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGw -sAvgnEzDHNb842m1R0aBL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gx -Q+6IHdfGjjxDah2nGN59PRbxYvnKkKj9 ------END CERTIFICATE----- - -USERTrust ECC Certification Authority -===================================== ------BEGIN CERTIFICATE----- -MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDELMAkGA1UEBhMC -VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU -aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMC -VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU -aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqfloI+d61SRvU8Za2EurxtW2 -0eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinngo4N+LZfQYcTxmdwlkWOrfzCjtHDix6Ez -nPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNV -HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBB -HU6+4WMBzzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbWRNZu -9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg= ------END CERTIFICATE----- - -GlobalSign ECC Root CA - R5 -=========================== ------BEGIN CERTIFICATE----- -MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEkMCIGA1UECxMb -R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD -EwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMb -R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD -EwpHbG9iYWxTaWduMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6 -SFkc8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8kehOvRnkmS -h5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd -BgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYIKoZIzj0EAwMDaAAwZQIxAOVpEslu28Yx -uglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7 -yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL+SvzZpA3 ------END CERTIFICATE----- - -IdenTrust Commercial Root CA 1 -============================== ------BEGIN CERTIFICATE----- -MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQG -EwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS -b290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzES -MBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENB -IDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ld -hNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU+ehcCuz/ -mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gpS0l4PJNgiCL8mdo2yMKi -1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1bVoE/c40yiTcdCMbXTMTEl3EASX2MN0C -XZ/g1Ue9tOsbobtJSdifWwLziuQkkORiT0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl -3ZBWzvurpWCdxJ35UrCLvYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzy -NeVJSQjKVsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzV -WYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAg -xGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHix -uuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC -AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZI -hvcNAQELBQADggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH -6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqas6pg -ghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cndJZ5t+qnt -ozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmV -YjzlVYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUX -feu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/ro -kTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG4iZZRHUe -2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZmUlO+KWA2yUPHGNiiskz -Z2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7R -cGzM7vRX+Bi6hG6H ------END CERTIFICATE----- - -IdenTrust Public Sector Root CA 1 -================================= ------BEGIN CERTIFICATE----- -MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG -EwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3Rv -ciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcNMzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJV -UzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBS -b290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTy -P4o7ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6 -Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXI -rcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESf -qy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoS -mJxZZoY+rfGwyj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFn -ol57plzy9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9VGxyh -LrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctscvG29ZV/v -iDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKiq3IXAAaOReyL -4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8B -Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMw -DQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj -t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHVDRDtfULAj+7A -mgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9TaDKQGXSc3z1i9kKlT/YPyNt -GtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8GlwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFt -m6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMx -NRF4eKLg6TCMf4DfWN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4 -Mhn5+bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDI -ajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vC -ZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ -3Wl9af0AVqW3rLatt8o+Ae+c ------END CERTIFICATE----- - -Entrust Root Certification Authority - G2 -========================================= ------BEGIN CERTIFICATE----- -MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNV -BAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVy -bXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ug -b25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIw -HhcNMDkwNzA3MTcyNTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoT -DUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMx -OTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25s -eTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP -/vaCeb9zYQYKpSfYs1/TRU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXz -HHfV1IWNcCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hWwcKU -s/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1U1+cPvQXLOZprE4y -TGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0jaWvYkxN4FisZDQSA/i2jZRjJKRx -AgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ6 -0B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5Z -iXMRrEPR9RP/jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ -Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v1fN2D807iDgi -nWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4RnAuknZoh8/CbCzB428Hch0P+ -vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmHVHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xO -e4pIb4tF9g== ------END CERTIFICATE----- - -Entrust Root Certification Authority - EC1 -========================================== ------BEGIN CERTIFICATE----- -MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkGA1UEBhMCVVMx -FjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVn -YWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXpl -ZCB1c2Ugb25seTEzMDEGA1UEAxMqRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5 -IC0gRUMxMB4XDTEyMTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYw -FAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2Fs -LXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQg -dXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt -IEVDMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHy -AsWfoPZb1YsGGYZPUxBtByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef -9eNi1KlHBz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE -FLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVCR98crlOZF7ZvHH3h -vxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nXhTcGtXsI/esni0qU+eH6p44mCOh8 -kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G ------END CERTIFICATE----- - -CFCA EV ROOT -============ ------BEGIN CERTIFICATE----- -MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJDTjEwMC4GA1UE -CgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNB -IEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkxMjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEw -MC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQD -DAxDRkNBIEVWIFJPT1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnV -BU03sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpLTIpTUnrD -7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5/ZOkVIBMUtRSqy5J35DN -uF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp7hZZLDRJGqgG16iI0gNyejLi6mhNbiyW -ZXvKWfry4t3uMCz7zEasxGPrb382KzRzEpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7 -xzbh72fROdOXW3NiGUgthxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9f -py25IGvPa931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqotaK8K -gWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNgTnYGmE69g60dWIol -hdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfVPKPtl8MeNPo4+QgO48BdK4PRVmrJ -tqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hvcWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAf -BgNVHSMEGDAWgBTj/i39KNALtbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB -/wQEAwIBBjAdBgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB -ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObTej/tUxPQ4i9q -ecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdLjOztUmCypAbqTuv0axn96/Ua -4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBSESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sG -E5uPhnEFtC+NiWYzKXZUmhH4J/qyP5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfX -BDrDMlI1Dlb4pd19xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjn -aH9dCi77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN5mydLIhy -PDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe/v5WOaHIz16eGWRGENoX -kbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+ZAAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3C -ekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su ------END CERTIFICATE----- - -OISTE WISeKey Global Root GB CA -=============================== ------BEGIN CERTIFICATE----- -MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQG -EwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl -ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAw -MzJaFw0zOTEyMDExNTEwMzFaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYD -VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEds -b2JhbCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3HEokKtaX -scriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGxWuR51jIjK+FTzJlFXHtP -rby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk -9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNku7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4o -Qnc/nSMbsrY9gBQHTC5P99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvg -GUpuuy9rM2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB -/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZI -hvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrghcViXfa43FK8+5/ea4n32cZiZBKpD -dHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0 -VQreUGdNZtGn//3ZwLWoo4rOZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEui -HZeeevJuQHHfaPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic -Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM= ------END CERTIFICATE----- - -SZAFIR ROOT CA2 -=============== ------BEGIN CERTIFICATE----- -MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQELBQAwUTELMAkG -A1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6ZW5pb3dhIFMuQS4xGDAWBgNV -BAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkwNzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJ -BgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYD -VQQDDA9TWkFGSVIgUk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5Q -qEvNQLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT3PSQ1hNK -DJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw3gAeqDRHu5rr/gsUvTaE -2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr63fE9biCloBK0TXC5ztdyO4mTp4CEHCdJ -ckm1/zuVnsHMyAHs6A6KCpbns6aH5db5BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwi -ieDhZNRnvDF5YTy7ykHNXGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P -AQH/BAQDAgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsFAAOC -AQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw8PRBEew/R40/cof5 -O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOGnXkZ7/e7DDWQw4rtTw/1zBLZpD67 -oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCPoky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul -4+vJhaAlIDf7js4MNIThPIGyd05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6 -+/NNIxuZMzSgLvWpCz/UXeHPhJ/iGcJfitYgHuNztw== ------END CERTIFICATE----- - -Certum Trusted Network CA 2 -=========================== ------BEGIN CERTIFICATE----- -MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UE -BhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1 -bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGA1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29y -ayBDQSAyMCIYDzIwMTExMDA2MDgzOTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQ -TDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENl -cnRpZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENB -IDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWADGSdhhuWZGc/IjoedQF9 -7/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+o -CgCXhVqqndwpyeI1B+twTUrWwbNWuKFBOJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40b -Rr5HMNUuctHFY9rnY3lEfktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2p -uTRZCr+ESv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1mo130 -GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02isx7QBlrd9pPPV3WZ -9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOWOZV7bIBaTxNyxtd9KXpEulKkKtVB -Rgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgezTv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pye -hizKV/Ma5ciSixqClnrDvFASadgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vM -BhBgu4M1t15n3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD -AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI -hvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQF/xlhMcQSZDe28cmk4gmb3DW -Al45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTfCVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuA -L55MYIR4PSFk1vtBHxgP58l1cb29XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMo -clm2q8KMZiYcdywmdjWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tM -pkT/WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jbAoJnwTnb -w3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksqP/ujmv5zMnHCnsZy4Ypo -J/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Kob7a6bINDd82Kkhehnlt4Fj1F4jNy3eFm -ypnTycUm/Q1oBEauttmbjL4ZvrHG8hnjXALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLX -is7VmFxWlgPF7ncGNf/P5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7 -zAYspsbiDrW5viSP ------END CERTIFICATE----- - -Hellenic Academic and Research Institutions RootCA 2015 -======================================================= ------BEGIN CERTIFICATE----- -MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcT -BkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0 -aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl -YXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAx -MTIxWjCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMg -QWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNV -BAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIw -MTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDC+Kk/G4n8PDwEXT2QNrCROnk8Zlrv -bTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+eh -iGsxr/CL0BgzuNtFajT0AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+ -6PAQZe104S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06CojXd -FPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV9Cz82XBST3i4vTwr -i5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrDgfgXy5I2XdGj2HUb4Ysn6npIQf1F -GQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2 -fu/Z8VFRfS0myGlZYeCsargqNhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9mu -iNX6hME6wGkoLfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc -Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD -AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVdctA4GGqd83EkVAswDQYJKoZI -hvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0IXtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+ -D1hYc2Ryx+hFjtyp8iY/xnmMsVMIM4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrM -d/K4kPFox/la/vot9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+y -d+2VZ5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/eaj8GsGsVn -82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnhX9izjFk0WaSrT2y7Hxjb -davYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQl033DlZdwJVqwjbDG2jJ9SrcR5q+ss7F -Jej6A7na+RZukYT1HCjI/CbM1xyQVqdfbzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVt -J94Cj8rDtSvK6evIIVM4pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGa -JI7ZjnHKe7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0vm9q -p/UsQu0yrbYhnr68 ------END CERTIFICATE----- - -Hellenic Academic and Research Institutions ECC RootCA 2015 -=========================================================== ------BEGIN CERTIFICATE----- -MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0 -aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u -cyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj -aCBJbnN0aXR1dGlvbnMgRUNDIFJvb3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEw -MzcxMlowgaoxCzAJBgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmlj -IEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUQwQgYD -VQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIEVDQyBSb290 -Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKgQehLgoRc4vgxEZmGZE4JJS+dQS8KrjVP -dJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJajq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoK -Vlp8aQuqgAkkbH7BRqNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O -BBYEFLQiC4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaeplSTA -GiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7SofTUwJCA3sS61kFyjn -dc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR ------END CERTIFICATE----- - -ISRG Root X1 -============ ------BEGIN CERTIFICATE----- -MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UE -BhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQD -EwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQG -EwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMT -DElTUkcgUm9vdCBYMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54r -Vygch77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+0TM8ukj1 -3Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6UA5/TR5d8mUgjU+g4rk8K -b4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sWT8KOEUt+zwvo/7V3LvSye0rgTBIlDHCN -Aymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyHB5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ -4Q7e2RCOFvu396j3x+UCB5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf -1b0SHzUvKBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWnOlFu -hjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTnjh8BCNAw1FtxNrQH -usEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbwqHyGO0aoSCqI3Haadr8faqU9GY/r -OPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CIrU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4G -A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY -9umbbjANBgkqhkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL -ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ3BebYhtF8GaV -0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KKNFtY2PwByVS5uCbMiogziUwt -hDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJw -TdwJx4nLCgdNbOhdjsnvzqvHu7UrTkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nx -e5AW0wdeRlN8NwdCjNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZA -JzVcoyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq4RgqsahD -YVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPAmRGunUHBcnWEvgJBQl9n -JEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57demyPxgcYxn/eR44/KJ4EBs+lVDR3veyJ -m+kXQ99b21/+jh5Xos1AnX5iItreGCc= ------END CERTIFICATE----- - -AC RAIZ FNMT-RCM -================ ------BEGIN CERTIFICATE----- -MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNVBAYT -AkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTAeFw0wODEw -MjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJD -TTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBALpxgHpMhm5/yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcf -qQgfBBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAzWHFctPVr -btQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxFtBDXaEAUwED653cXeuYL -j2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z374jNUUeAlz+taibmSXaXvMiwzn15Cou -08YfxGyqxRxqAQVKL9LFwag0Jl1mpdICIfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mw -WsXmo8RZZUc1g16p6DULmbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnT -tOmlcYF7wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peSMKGJ -47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2ZSysV4999AeU14EC -ll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMetUqIJ5G+GR4of6ygnXYMgrwTJbFaa -i0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE -FPd9xf3E6Jobd2Sn9R2gzL+HYJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1o -dHRwOi8vd3d3LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD -nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1RXxlDPiyN8+s -D8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYMLVN0V2Ue1bLdI4E7pWYjJ2cJ -j+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrT -Qfv6MooqtyuGC2mDOL7Nii4LcK2NJpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW -+YJF1DngoABd15jmfZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7 -Ixjp6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp1txyM/1d -8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B9kiABdcPUXmsEKvU7ANm -5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wokRqEIr9baRRmW1FMdW4R58MD3R++Lj8UG -rp1MYp3/RgT408m2ECVAdf4WqslKYIYvuu8wd+RU4riEmViAqhOLUTpPSPaLtrM= ------END CERTIFICATE----- - -Amazon Root CA 1 -================ ------BEGIN CERTIFICATE----- -MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsFADA5MQswCQYD -VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMB4XDTE1 -MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv -bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC -ggEBALJ4gHHKeNXjca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgH -FzZM9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qwIFAGbHrQ -gLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6VOujw5H5SNz/0egwLX0t -dHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L93FcXmn/6pUCyziKrlA4b9v7LWIbxcce -VOF34GfID5yHI9Y/QCB/IIDEgEw+OyQmjgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB -/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3 -DQEBCwUAA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDIU5PM -CCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUsN+gDS63pYaACbvXy -8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vvo/ufQJVtMVT8QtPHRh8jrdkPSHCa -2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2 -xJNDd2ZhwLnoQdeXeGADbkpyrqXRfboQnoZsG4q5WTP468SQvvG5 ------END CERTIFICATE----- - -Amazon Root CA 2 -================ ------BEGIN CERTIFICATE----- -MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwFADA5MQswCQYD -VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAyMB4XDTE1 -MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv -bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC -ggIBAK2Wny2cSkxKgXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4 -kHbZW0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg1dKmSYXp -N+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K8nu+NQWpEjTj82R0Yiw9 -AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvd -fLC6HM783k81ds8P+HgfajZRRidhW+mez/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAEx -kv8LV/SasrlX6avvDXbR8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSS -btqDT6ZjmUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz7Mt0 -Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6+XUyo05f7O0oYtlN -c/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI0u1ufm8/0i2BWSlmy5A5lREedCf+ -3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSw -DPBMMPQFWAJI/TPlUq9LhONmUjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oA -A7CXDpO8Wqj2LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY -+gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kSk5Nrp+gvU5LE -YFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl7uxMMne0nxrpS10gxdr9HIcW -xkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygmbtmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQ -gj9sAq+uEjonljYE1x2igGOpm/HlurR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbW -aQbLU8uz/mtBzUF+fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoV -Yh63n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE76KlXIx3 -KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H9jVlpNMKVv/1F2Rs76gi -JUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT4PsJYGw= ------END CERTIFICATE----- - -Amazon Root CA 3 -================ ------BEGIN CERTIFICATE----- -MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5MQswCQYDVQQG -EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAzMB4XDTE1MDUy -NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ -MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZB -f8ANm+gBG1bG8lKlui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjr -Zt6jQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSrttvXBp43 -rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkrBqWTrBqYaGFy+uGh0Psc -eGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteMYyRIHN8wfdVoOw== ------END CERTIFICATE----- - -Amazon Root CA 4 -================ ------BEGIN CERTIFICATE----- -MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5MQswCQYDVQQG -EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSA0MB4XDTE1MDUy -NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ -MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN -/sGKe0uoe0ZLY7Bi9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri -83BkM6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV -HQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WBMAoGCCqGSM49BAMDA2gA -MGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlwCkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1 -AE47xDqUEpHJWEadIRNyp4iciuRMStuW1KyLa2tJElMzrdfkviT8tQp21KW8EA== ------END CERTIFICATE----- - -TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 -============================================= ------BEGIN CERTIFICATE----- -MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIxGDAWBgNVBAcT -D0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxpbXNlbCB2ZSBUZWtub2xvamlr -IEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0wKwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24g -TWVya2V6aSAtIEthbXUgU00xNjA0BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRp -ZmlrYXNpIC0gU3VydW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYD -VQQGEwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXllIEJpbGlt -c2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklUQUsxLTArBgNVBAsTJEth -bXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBTTTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11 -IFNNIFNTTCBLb2sgU2VydGlmaWthc2kgLSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAr3UwM6q7a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y8 -6Ij5iySrLqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INrN3wc -wv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2XYacQuFWQfw4tJzh0 -3+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/iSIzL+aFCr2lqBs23tPcLG07xxO9 -WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4fAJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQU -ZT/HiobGPN08VFw1+DrtUgxHV8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ -KoZIhvcNAQELBQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh -AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPfIPP54+M638yc -lNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4lzwDGrpDxpa5RXI4s6ehlj2R -e37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0j -q5Rm+K37DwhuJi1/FwcJsoz7UMCflo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM= ------END CERTIFICATE----- - -GDCA TrustAUTH R5 ROOT -====================== ------BEGIN CERTIFICATE----- -MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCQ04xMjAw -BgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8wHQYDVQQD -DBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVow -YjELMAkGA1UEBhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ -IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0B -AQEFAAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJjDp6L3TQs -AlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBjTnnEt1u9ol2x8kECK62p -OqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+uKU49tm7srsHwJ5uu4/Ts765/94Y9cnrr -pftZTqfrlYwiOXnhLQiPzLyRuEH3FMEjqcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ -9Cy5WmYqsBebnh52nUpmMUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQ -xXABZG12ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloPzgsM -R6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3GkL30SgLdTMEZeS1SZ -D2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeCjGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4 -oR24qoAATILnsn8JuLwwoC8N9VKejveSswoAHQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx -9hoh49pwBiFYFIeFd3mqgnkCAwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlR -MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg -p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZmDRd9FBUb1Ov9 -H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5COmSdI31R9KrO9b7eGZONn35 -6ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ryL3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd -+PwyvzeG5LuOmCd+uh8W4XAR8gPfJWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQ -HtZa37dG/OaG+svgIHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBD -F8Io2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV09tL7ECQ -8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQXR4EzzffHqhmsYzmIGrv -/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrqT8p+ck0LcIymSLumoRT2+1hEmRSuqguT -aaApJUqlyyvdimYHFngVV3Eb7PVHhPOeMTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== ------END CERTIFICATE----- - -SSL.com Root Certification Authority RSA -======================================== ------BEGIN CERTIFICATE----- -MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxDjAM -BgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24x -MTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYw -MjEyMTczOTM5WhcNNDEwMjEyMTczOTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx -EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NM -LmNvbSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcNAQEBBQAD -ggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2RxFdHaxh3a3by/ZPkPQ/C -Fp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aXqhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8 -P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcCC52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/ge -oeOy3ZExqysdBP+lSgQ36YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkp -k8zruFvh/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrFYD3Z -fBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93EJNyAKoFBbZQ+yODJ -gUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVcUS4cK38acijnALXRdMbX5J+tB5O2 -UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi8 -1xtZPCvM8hnIk2snYxnP/Okm+Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4s -bE6x/c+cCbqiM+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV -HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4GA1UdDwEB/wQE -AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGVcpNxJK1ok1iOMq8bs3AD/CUr -dIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBcHadm47GUBwwyOabqG7B52B2ccETjit3E+ZUf -ijhDPwGFpUenPUayvOUiaPd7nNgsPgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAsl -u1OJD7OAUN5F7kR/q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjq -erQ0cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jra6x+3uxj -MxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90IH37hVZkLId6Tngr75qNJ -vTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/YK9f1JmzJBjSWFupwWRoyeXkLtoh/D1JI -Pb9s2KJELtFOt3JY04kTlf5Eq/jXixtunLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406y -wKBjYZC6VWg3dGq2ktufoYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NI -WuuA8ShYIc2wBlX7Jz9TkHCpBB5XJ7k= ------END CERTIFICATE----- - -SSL.com Root Certification Authority ECC -======================================== ------BEGIN CERTIFICATE----- -MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMCVVMxDjAMBgNV -BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xMTAv -BgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEy -MTgxNDAzWhcNNDEwMjEyMTgxNDAzWjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAO -BgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv -bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuBBAAiA2IA -BEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI7Z4INcgn64mMU1jrYor+ -8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPgCemB+vNH06NjMGEwHQYDVR0OBBYEFILR -hXMw5zUE044CkvvlpNHEIejNMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTT -jgKS++Wk0cQh6M0wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCW -e+0F+S8Tkdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+gA0z -5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl ------END CERTIFICATE----- - -SSL.com EV Root Certification Authority RSA R2 -============================================== ------BEGIN CERTIFICATE----- -MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMQ4w -DAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9u -MTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy -MB4XDTE3MDUzMTE4MTQzN1oXDTQyMDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQI -DAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYD -VQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMIICIjAN -BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvqM0fNTPl9fb69LT3w23jh -hqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssufOePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7w -cXHswxzpY6IXFJ3vG2fThVUCAtZJycxa4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTO -Zw+oz12WGQvE43LrrdF9HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+ -B6KjBSYRaZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcAb9Zh -CBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQGp8hLH94t2S42Oim -9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQVPWKchjgGAGYS5Fl2WlPAApiiECto -RHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMOpgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+Slm -JuwgUHfbSguPvuUCYHBBXtSuUDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48 -+qvWBkofZ6aYMBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV -HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa49QaAJadz20Zp -qJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBWs47LCp1Jjr+kxJG7ZhcFUZh1 -++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nx -Y/hoLVUE0fKNsKTPvDxeH3jnpaAgcLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2G -guDKBAdRUNf/ktUM79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDz -OFSz/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXtll9ldDz7 -CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEmKf7GUmG6sXP/wwyc5Wxq -lD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKKQbNmC1r7fSOl8hqw/96bg5Qu0T/fkreR -rwU7ZcegbLHNYhLDkBvjJc40vG93drEQw/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1 -hlMYegouCRw2n5H9gooiS9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX -9hwJ1C07mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w== ------END CERTIFICATE----- - -SSL.com EV Root Certification Authority ECC -=========================================== ------BEGIN CERTIFICATE----- -MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxDjAMBgNV -BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xNDAy -BgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYw -MjEyMTgxNTIzWhcNNDEwMjEyMTgxNTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx -EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NM -LmNvbSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB -BAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMAVIbc/R/fALhBYlzccBYy -3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1KthkuWnBaBu2+8KGwytAJKaNjMGEwHQYDVR0O -BBYEFFvKXuXe0oGqzagtZFG22XKbl+ZPMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe -5d7SgarNqC1kUbbZcpuX5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJ -N+vp1RPZytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mm -m7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg== ------END CERTIFICATE----- - -GlobalSign Root CA - R6 -======================= ------BEGIN CERTIFICATE----- -MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEgMB4GA1UECxMX -R2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds -b2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQxMjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9i -YWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFs -U2lnbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQss -grRIxutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1kZguSgMpE -3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxDaNc9PIrFsmbVkJq3MQbF -vuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJwLnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqM -PKq0pPbzlUoSB239jLKJz9CgYXfIWHSw1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+ -azayOeSsJDa38O+2HBNXk7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05O -WgtH8wY2SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/hbguy -CLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4nWUx2OVvq+aWh2IMP -0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpYrZxCRXluDocZXFSxZba/jJvcE+kN -b7gu3GduyYsRtYQUigAZcIN5kZeR1BonvzceMgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQE -AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNV -HSMEGDAWgBSubAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN -nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGtIxg93eFyRJa0 -lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr6155wsTLxDKZmOMNOsIeDjHfrY -BzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLjvUYAGm0CuiVdjaExUd1URhxN25mW7xocBFym -Fe944Hn+Xds+qkxV/ZoVqW/hpvvfcDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr -3TsTjxKM4kEaSHpzoHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB1 -0jZpnOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfspA9MRf/T -uTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+vJJUEeKgDu+6B5dpffItK -oZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+t -JDfLRVpOoERIyNiwmcUVhAn21klJwGW45hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA= ------END CERTIFICATE----- - -OISTE WISeKey Global Root GC CA -=============================== ------BEGIN CERTIFICATE----- -MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQswCQYDVQQGEwJD -SDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEo -MCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRa -Fw00MjA1MDkwOTU4MzNaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQL -ExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh -bCBSb290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4nieUqjFqdr -VCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4Wp2OQ0jnUsYd4XxiWD1Ab -NTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd -BgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7TrYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0E -AwMDaAAwZQIwJsdpW9zV57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtk -AjEA2zQgMgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9 ------END CERTIFICATE----- - -UCA Global G2 Root -================== ------BEGIN CERTIFICATE----- -MIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9MQswCQYDVQQG -EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBHbG9iYWwgRzIgUm9vdDAeFw0x -NjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0xCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlU -cnVzdDEbMBkGA1UEAwwSVUNBIEdsb2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A -MIICCgKCAgEAxeYrb3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmT -oni9kmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzmVHqUwCoV -8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/RVogvGjqNO7uCEeBHANBS -h6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDcC/Vkw85DvG1xudLeJ1uK6NjGruFZfc8o -LTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIjtm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/ -R+zvWr9LesGtOxdQXGLYD0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBe -KW4bHAyvj5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6DlNaBa -4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6iIis7nCs+dwp4wwc -OxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznPO6Q0ibd5Ei9Hxeepl2n8pndntd97 -8XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O -BBYEFIHEjMz15DD/pQwIX4wVZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo -5sOASD0Ee/ojL3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5 -1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl1qnN3e92mI0A -Ds0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oUb3n09tDh05S60FdRvScFDcH9 -yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LVPtateJLbXDzz2K36uGt/xDYotgIVilQsnLAX -c47QN6MUPJiVAAwpBVueSUmxX8fjy88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHo -jhJi6IjMtX9Gl8CbEGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZk -bxqgDMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI+Vg7RE+x -ygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGyYiGqhkCyLmTTX8jjfhFn -RR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bXUB+K+wb1whnw0A== ------END CERTIFICATE----- - -UCA Extended Validation Root -============================ ------BEGIN CERTIFICATE----- -MIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQG -EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9u -IFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMxMDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8G -A1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIi -MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrs -iWogD4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvSsPGP2KxF -Rv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aopO2z6+I9tTcg1367r3CTu -eUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dksHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR -59mzLC52LqGj3n5qiAno8geK+LLNEOfic0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH -0mK1lTnj8/FtDw5lhIpjVMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KR -el7sFsLzKuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/TuDv -B0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41Gsx2VYVdWf6/wFlth -WG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs1+lvK9JKBZP8nm9rZ/+I8U6laUpS -NwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQDfwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS -3H5aBZ8eNJr34RQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL -BQADggIBADaNl8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR -ap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQVBcZEhrxH9cM -aVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5c6sq1WnIeJEmMX3ixzDx/BR4 -dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb -+7lsq+KePRXBOy5nAliRn+/4Qh8st2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOW -F3sGPjLtx7dCvHaj2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwi -GpWOvpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2CxR9GUeOc -GMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmxcmtpzyKEC2IPrNkZAJSi -djzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbMfjKaiJUINlK73nZfdklJrX+9ZSCyycEr -dhh2n1ax ------END CERTIFICATE----- - -Certigna Root CA -================ ------BEGIN CERTIFICATE----- -MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE -BhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAwMiA0ODE0NjMwODEwMDAzNjEZ -MBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0xMzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjda -MFoxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYz -MDgxMDAwMzYxGTAXBgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4IC -DwAwggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sOty3tRQgX -stmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9MCiBtnyN6tMbaLOQdLNyz -KNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPuI9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8 -JXrJhFwLrN1CTivngqIkicuQstDuI7pmTLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16 -XdG+RCYyKfHx9WzMfgIhC59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq -4NYKpkDfePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3YzIoej -wpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWTCo/1VTp2lc5ZmIoJ -lXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1kJWumIWmbat10TWuXekG9qxf5kBdI -jzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp/ -/TBt2dzhauH8XwIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw -HQYDVR0OBBYEFBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of -1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3d3cuY2Vy -dGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilodHRwOi8vY3JsLmNlcnRpZ25h -LmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYraHR0cDovL2NybC5kaGlteW90aXMuY29tL2Nl -cnRpZ25hcm9vdGNhLmNybDANBgkqhkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOIt -OoldaDgvUSILSo3L6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxP -TGRGHVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH60BGM+RFq -7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncBlA2c5uk5jR+mUYyZDDl3 -4bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdio2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd -8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS -6Cvu5zHbugRqh5jnxV/vfaci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaY -tlu3zM63Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayhjWZS -aX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw3kAP+HwV96LOPNde -E4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0= ------END CERTIFICATE----- - -emSign Root CA - G1 -=================== ------BEGIN CERTIFICATE----- -MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJJTjET -MBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRl -ZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBHMTAeFw0xODAyMTgxODMwMDBaFw00MzAyMTgx -ODMwMDBaMGcxCzAJBgNVBAYTAklOMRMwEQYDVQQLEwplbVNpZ24gUEtJMSUwIwYDVQQKExxlTXVk -aHJhIFRlY2hub2xvZ2llcyBMaW1pdGVkMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEcxMIIB -IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0u76WaK7p1b1TST0Bsew+eeuGQzf2N4aLTN -LnF115sgxk0pvLZoYIr3IZpWNVrzdr3YzZr/k1ZLpVkGoZM0Kd0WNHVO8oG0x5ZOrRkVUkr+PHB1 -cM2vK6sVmjM8qrOLqs1D/fXqcP/tzxE7lM5OMhbTI0Aqd7OvPAEsbO2ZLIvZTmmYsvePQbAyeGHW -DV/D+qJAkh1cF+ZwPjXnorfCYuKrpDhMtTk1b+oDafo6VGiFbdbyL0NVHpENDtjVaqSW0RM8LHhQ -6DqS0hdW5TUaQBw+jSztOd9C4INBdN+jzcKGYEho42kLVACL5HZpIQ15TjQIXhTCzLG3rdd8cIrH -hQIDAQABo0IwQDAdBgNVHQ4EFgQU++8Nhp6w492pufEhF38+/PB3KxowDgYDVR0PAQH/BAQDAgEG -MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFn/8oz1h31xPaOfG1vR2vjTnGs2 -vZupYeveFix0PZ7mddrXuqe8QhfnPZHr5X3dPpzxz5KsbEjMwiI/aTvFthUvozXGaCocV685743Q -NcMYDHsAVhzNixl03r4PEuDQqqE/AjSxcM6dGNYIAwlG7mDgfrbESQRRfXBgvKqy/3lyeqYdPV8q -+Mri/Tm3R7nrft8EI6/6nAYH6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeih -U80Bv2noWgbyRQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxx -iN66zB+Afko= ------END CERTIFICATE----- - -emSign ECC Root CA - G3 -======================= ------BEGIN CERTIFICATE----- -MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQGEwJJTjETMBEG -A1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEg -MB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4 -MTgzMDAwWjBrMQswCQYDVQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11 -ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g -RzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQjpQy4LRL1KPOxst3iAhKAnjlfSU2fySU0WXTsuwYc -58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyzdc6LBtCGI79G1Y4PPwT01xySfvalY8L1X44uT6EYGQIr -MgqCZH0Wk9GjQjBAMB0GA1UdDgQWBBR8XQKEE9TMipuBzhccLikenEhjQjAOBgNVHQ8BAf8EBAMC -AQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+D -CBeQyh+KTOgNG3qxrdWBCUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7 -jHvrZQnD+JbNR6iC8hZVdyR+EhCVBCyj ------END CERTIFICATE----- - -emSign Root CA - C1 -=================== ------BEGIN CERTIFICATE----- -MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCVVMx -EzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNp -Z24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UE -BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQD -ExNlbVNpZ24gUm9vdCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+up -ufGZBczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZHdPIWoU/ -Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH3DspVpNqs8FqOp099cGX -OFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvHGPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4V -I5b2P/AgNBbeCsbEBEV5f6f9vtKppa+cxSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleooms -lMuoaJuvimUnzYnu3Yy1aylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+ -XJGFehiqTbUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD -ggEBAMJKVvoVIXsoounlHfv4LcQ5lkFMOycsxGwYFYDGrK9HWS8mC+M2sO87/kOXSTKZEhVb3xEp -/6tT+LvBeA+snFOvV71ojD1pM/CjoCNjO2RnIkSt1XHLVip4kqNPEjE2NuLe/gDEo2APJ62gsIq1 -NnpSob0n9CAnYuhNlCQT5AoE6TyrLshDCUrGYQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9 -wC68AivTxEDkigcxHpvOJpkT+xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQ -BmIMMMAVSKeoWXzhriKi4gp6D/piq1JM4fHfyr6DDUI= ------END CERTIFICATE----- - -emSign ECC Root CA - C3 -======================= ------BEGIN CERTIFICATE----- -MIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQGEwJVUzETMBEG -A1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMxIDAeBgNVBAMTF2VtU2lnbiBF -Q0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowWjELMAkGA1UE -BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMSAwHgYDVQQD -ExdlbVNpZ24gRUNDIFJvb3QgQ0EgLSBDMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABP2lYa57JhAd -6bciMK4G9IGzsUJxlTm801Ljr6/58pc1kjZGDoeVjbk5Wum739D+yAdBPLtVb4OjavtisIGJAnB9 -SMVK4+kiVCJNk7tCDK93nCOmfddhEc5lx/h//vXyqaNCMEAwHQYDVR0OBBYEFPtaSNCAIEDyqOkA -B2kZd6fmw/TPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gA -MGUCMQC02C8Cif22TGK6Q04ThHK1rt0c3ta13FaPWEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwU -ZOR8loMRnLDRWmFLpg9J0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUQ== ------END CERTIFICATE----- - -Hongkong Post Root CA 3 -======================= ------BEGIN CERTIFICATE----- -MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQELBQAwbzELMAkG -A1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJSG9uZyBLb25nMRYwFAYDVQQK -Ew1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25na29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2 -MDMwMjI5NDZaFw00MjA2MDMwMjI5NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtv -bmcxEjAQBgNVBAcTCUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMX -SG9uZ2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz -iNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFOdem1p+/l6TWZ5Mwc50tf -jTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mIVoBc+L0sPOFMV4i707mV78vH9toxdCim -5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOe -sL4jpNrcyCse2m5FHomY2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj -0mRiikKYvLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+TtbNe/ -JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZbx39ri1UbSsUgYT2u -y1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+l2oBlKN8W4UdKjk60FSh0Tlxnf0h -+bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YKTE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsG -xVd7GYYKecsAyVKvQv83j+GjHno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwID -AQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e -i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEwDQYJKoZIhvcN -AQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG7BJ8dNVI0lkUmcDrudHr9Egw -W62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCkMpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWld -y8joRTnU+kLBEUx3XZL7av9YROXrgZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov -+BS5gLNdTaqX4fnkGMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDc -eqFS3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJmOzj/2ZQw -9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+l6mc1X5VTMbeRRAc6uk7 -nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6cJfTzPV4e0hz5sy229zdcxsshTrD3mUcY -hcErulWuBurQB7Lcq9CClnXO0lD+mefPL5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB -60PZ2Pierc+xYw5F9KBaLJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fq -dBb9HxEGmpv0 ------END CERTIFICATE----- - -Microsoft ECC Root Certificate Authority 2017 -============================================= ------BEGIN CERTIFICATE----- -MIICWTCCAd+gAwIBAgIQZvI9r4fei7FK6gxXMQHC7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV -UzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNyb3NvZnQgRUND -IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwHhcNMTkxMjE4MjMwNjQ1WhcNNDIwNzE4 -MjMxNjA0WjBlMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYw -NAYDVQQDEy1NaWNyb3NvZnQgRUNDIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwdjAQ -BgcqhkjOPQIBBgUrgQQAIgNiAATUvD0CQnVBEyPNgASGAlEvaqiBYgtlzPbKnR5vSmZRogPZnZH6 -thaxjG7efM3beaYvzrvOcS/lpaso7GMEZpn4+vKTEAXhgShC48Zo9OYbhGBKia/teQ87zvH2RPUB -eMCjVDBSMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTIy5lycFIM -+Oa+sgRXKSrPQhDtNTAQBgkrBgEEAYI3FQEEAwIBADAKBggqhkjOPQQDAwNoADBlAjBY8k3qDPlf -Xu5gKcs68tvWMoQZP3zVL8KxzJOuULsJMsbG7X7JNpQS5GiFBqIb0C8CMQCZ6Ra0DvpWSNSkMBaR -eNtUjGUBiudQZsIxtzm6uBoiB078a1QWIP8rtedMDE2mT3M= ------END CERTIFICATE----- - -Microsoft RSA Root Certificate Authority 2017 -============================================= ------BEGIN CERTIFICATE----- -MIIFqDCCA5CgAwIBAgIQHtOXCV/YtLNHcB6qvn9FszANBgkqhkiG9w0BAQwFADBlMQswCQYDVQQG -EwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTYwNAYDVQQDEy1NaWNyb3NvZnQg -UlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcwHhcNMTkxMjE4MjI1MTIyWhcNNDIw -NzE4MjMwMDIzWjBlMQswCQYDVQQGEwJVUzEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u -MTYwNAYDVQQDEy1NaWNyb3NvZnQgUlNBIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTcw -ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKW76UM4wplZEWCpW9R2LBifOZNt9GkMml -7Xhqb0eRaPgnZ1AzHaGm++DlQ6OEAlcBXZxIQIJTELy/xztokLaCLeX0ZdDMbRnMlfl7rEqUrQ7e -S0MdhweSE5CAg2Q1OQT85elss7YfUJQ4ZVBcF0a5toW1HLUX6NZFndiyJrDKxHBKrmCk3bPZ7Pw7 -1VdyvD/IybLeS2v4I2wDwAW9lcfNcztmgGTjGqwu+UcF8ga2m3P1eDNbx6H7JyqhtJqRjJHTOoI+ -dkC0zVJhUXAoP8XFWvLJjEm7FFtNyP9nTUwSlq31/niol4fX/V4ggNyhSyL71Imtus5Hl0dVe49F -yGcohJUcaDDv70ngNXtk55iwlNpNhTs+VcQor1fznhPbRiefHqJeRIOkpcrVE7NLP8TjwuaGYaRS -MLl6IE9vDzhTyzMMEyuP1pq9KsgtsRx9S1HKR9FIJ3Jdh+vVReZIZZ2vUpC6W6IYZVcSn2i51BVr -lMRpIpj0M+Dt+VGOQVDJNE92kKz8OMHY4Xu54+OU4UZpyw4KUGsTuqwPN1q3ErWQgR5WrlcihtnJ -0tHXUeOrO8ZV/R4O03QK0dqq6mm4lyiPSMQH+FJDOvTKVTUssKZqwJz58oHhEmrARdlns87/I6KJ -ClTUFLkqqNfs+avNJVgyeY+QW5g5xAgGwax/Dj0ApQIDAQABo1QwUjAOBgNVHQ8BAf8EBAMCAYYw -DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUCctZf4aycI8awznjwNnpv7tNsiMwEAYJKwYBBAGC -NxUBBAMCAQAwDQYJKoZIhvcNAQEMBQADggIBAKyvPl3CEZaJjqPnktaXFbgToqZCLgLNFgVZJ8og -6Lq46BrsTaiXVq5lQ7GPAJtSzVXNUzltYkyLDVt8LkS/gxCP81OCgMNPOsduET/m4xaRhPtthH80 -dK2Jp86519efhGSSvpWhrQlTM93uCupKUY5vVau6tZRGrox/2KJQJWVggEbbMwSubLWYdFQl3JPk -+ONVFT24bcMKpBLBaYVu32TxU5nhSnUgnZUP5NbcA/FZGOhHibJXWpS2qdgXKxdJ5XbLwVaZOjex -/2kskZGT4d9Mozd2TaGf+G0eHdP67Pv0RR0Tbc/3WeUiJ3IrhvNXuzDtJE3cfVa7o7P4NHmJweDy -AmH3pvwPuxwXC65B2Xy9J6P9LjrRk5Sxcx0ki69bIImtt2dmefU6xqaWM/5TkshGsRGRxpl/j8nW -ZjEgQRCHLQzWwa80mMpkg/sTV9HB8Dx6jKXB/ZUhoHHBk2dxEuqPiAppGWSZI1b7rCoucL5mxAyE -7+WL85MB+GqQk2dLsmijtWKP6T+MejteD+eMuMZ87zf9dOLITzNy4ZQ5bb0Sr74MTnB8G2+NszKT -c0QWbej09+CVgI+WXTik9KveCjCHk9hNAHFiRSdLOkKEW39lt2c0Ui2cFmuqqNh7o0JMcccMyj6D -5KbvtwEwXlGjefVwaaZBRA+GsCyRxj3qrg+E ------END CERTIFICATE----- - -e-Szigno Root CA 2017 -===================== ------BEGIN CERTIFICATE----- -MIICQDCCAeWgAwIBAgIMAVRI7yH9l1kN9QQKMAoGCCqGSM49BAMCMHExCzAJBgNVBAYTAkhVMREw -DwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UECgwNTWljcm9zZWMgTHRkLjEXMBUGA1UEYQwOVkFUSFUt -MjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3ppZ25vIFJvb3QgQ0EgMjAxNzAeFw0xNzA4MjIxMjA3MDZa -Fw00MjA4MjIxMjA3MDZaMHExCzAJBgNVBAYTAkhVMREwDwYDVQQHDAhCdWRhcGVzdDEWMBQGA1UE -CgwNTWljcm9zZWMgTHRkLjEXMBUGA1UEYQwOVkFUSFUtMjM1ODQ0OTcxHjAcBgNVBAMMFWUtU3pp -Z25vIFJvb3QgQ0EgMjAxNzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJbcPYrYsHtvxie+RJCx -s1YVe45DJH0ahFnuY2iyxl6H0BVIHqiQrb1TotreOpCmYF9oMrWGQd+HWyx7xf58etqjYzBhMA8G -A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSHERUI0arBeAyxr87GyZDv -vzAEwDAfBgNVHSMEGDAWgBSHERUI0arBeAyxr87GyZDvvzAEwDAKBggqhkjOPQQDAgNJADBGAiEA -tVfd14pVCzbhhkT61NlojbjcI4qKDdQvfepz7L9NbKgCIQDLpbQS+ue16M9+k/zzNY9vTlp8tLxO -svxyqltZ+efcMQ== ------END CERTIFICATE----- - -certSIGN Root CA G2 -=================== ------BEGIN CERTIFICATE----- -MIIFRzCCAy+gAwIBAgIJEQA0tk7GNi02MA0GCSqGSIb3DQEBCwUAMEExCzAJBgNVBAYTAlJPMRQw -EgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMTY2VydFNJR04gUk9PVCBDQSBHMjAeFw0xNzAy -MDYwOTI3MzVaFw00MjAyMDYwOTI3MzVaMEExCzAJBgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lH -TiBTQTEcMBoGA1UECxMTY2VydFNJR04gUk9PVCBDQSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIP -ADCCAgoCggIBAMDFdRmRfUR0dIf+DjuW3NgBFszuY5HnC2/OOwppGnzC46+CjobXXo9X69MhWf05 -N0IwvlDqtg+piNguLWkh59E3GE59kdUWX2tbAMI5Qw02hVK5U2UPHULlj88F0+7cDBrZuIt4Imfk -abBoxTzkbFpG583H+u/E7Eu9aqSs/cwoUe+StCmrqzWaTOTECMYmzPhpn+Sc8CnTXPnGFiWeI8Mg -wT0PPzhAsP6CRDiqWhqKa2NYOLQV07YRaXseVO6MGiKscpc/I1mbySKEwQdPzH/iV8oScLumZfNp -dWO9lfsbl83kqK/20U6o2YpxJM02PbyWxPFsqa7lzw1uKA2wDrXKUXt4FMMgL3/7FFXhEZn91Qqh -ngLjYl/rNUssuHLoPj1PrCy7Lobio3aP5ZMqz6WryFyNSwb/EkaseMsUBzXgqd+L6a8VTxaJW732 -jcZZroiFDsGJ6x9nxUWO/203Nit4ZoORUSs9/1F3dmKh7Gc+PoGD4FapUB8fepmrY7+EF3fxDTvf -95xhszWYijqy7DwaNz9+j5LP2RIUZNoQAhVB/0/E6xyjyfqZ90bp4RjZsbgyLcsUDFDYg2WD7rlc -z8sFWkz6GZdr1l0T08JcVLwyc6B49fFtHsufpaafItzRUZ6CeWRgKRM+o/1Pcmqr4tTluCRVLERL -iohEnMqE0yo7AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1Ud -DgQWBBSCIS1mxteg4BXrzkwJd8RgnlRuAzANBgkqhkiG9w0BAQsFAAOCAgEAYN4auOfyYILVAzOB -ywaK8SJJ6ejqkX/GM15oGQOGO0MBzwdw5AgeZYWR5hEit/UCI46uuR59H35s5r0l1ZUa8gWmr4UC -b6741jH/JclKyMeKqdmfS0mbEVeZkkMR3rYzpMzXjWR91M08KCy0mpbqTfXERMQlqiCA2ClV9+BB -/AYm/7k29UMUA2Z44RGx2iBfRgB4ACGlHgAoYXhvqAEBj500mv/0OJD7uNGzcgbJceaBxXntC6Z5 -8hMLnPddDnskk7RI24Zf3lCGeOdA5jGokHZwYa+cNywRtYK3qq4kNFtyDGkNzVmf9nGvnAvRCjj5 -BiKDUyUM/FHE5r7iOZULJK2v0ZXkltd0ZGtxTgI8qoXzIKNDOXZbbFD+mpwUHmUUihW9o4JFWklW -atKcsWMy5WHgUyIOpwpJ6st+H6jiYoD2EEVSmAYY3qXNL3+q1Ok+CHLsIwMCPKaq2LxndD0UF/tU -Sxfj03k9bWtJySgOLnRQvwzZRjoQhsmnP+mg7H/rpXdYaXHmgwo38oZJar55CJD2AhZkPuXaTH4M -NMn5X7azKFGnpyuqSfqNZSlO42sTp5SjLVFteAxEy9/eCG/Oo2Sr05WE1LlSVHJ7liXMvGnjSG4N -0MedJ5qq+BOS3R7fY581qRY27Iy4g/Q9iY/NtBde17MXQRBdJ3NghVdJIgc= ------END CERTIFICATE----- - -Trustwave Global Certification Authority -======================================== ------BEGIN CERTIFICATE----- -MIIF2jCCA8KgAwIBAgIMBfcOhtpJ80Y1LrqyMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJV -UzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2 -ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9u -IEF1dGhvcml0eTAeFw0xNzA4MjMxOTM0MTJaFw00MjA4MjMxOTM0MTJaMIGIMQswCQYDVQQGEwJV -UzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0NoaWNhZ28xITAfBgNVBAoMGFRydXN0d2F2 -ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UEAwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9u -IEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALldUShLPDeS0YLOvR29 -zd24q88KPuFd5dyqCblXAj7mY2Hf8g+CY66j96xz0XznswuvCAAJWX/NKSqIk4cXGIDtiLK0thAf -LdZfVaITXdHG6wZWiYj+rDKd/VzDBcdu7oaJuogDnXIhhpCujwOl3J+IKMujkkkP7NAP4m1ET4Bq -stTnoApTAbqOl5F2brz81Ws25kCI1nsvXwXoLG0R8+eyvpJETNKXpP7ScoFDB5zpET71ixpZfR9o -WN0EACyW80OzfpgZdNmcc9kYvkHHNHnZ9GLCQ7mzJ7Aiy/k9UscwR7PJPrhq4ufogXBeQotPJqX+ -OsIgbrv4Fo7NDKm0G2x2EOFYeUY+VM6AqFcJNykbmROPDMjWLBz7BegIlT1lRtzuzWniTY+HKE40 -Cz7PFNm73bZQmq131BnW2hqIyE4bJ3XYsgjxroMwuREOzYfwhI0Vcnyh78zyiGG69Gm7DIwLdVcE -uE4qFC49DxweMqZiNu5m4iK4BUBjECLzMx10coos9TkpoNPnG4CELcU9402x/RpvumUHO1jsQkUm -+9jaJXLE9gCxInm943xZYkqcBW89zubWR2OZxiRvchLIrH+QtAuRcOi35hYQcRfO3gZPSEF9NUqj -ifLJS3tBEW1ntwiYTOURGa5CgNz7kAXU+FDKvuStx8KU1xad5hePrzb7AgMBAAGjQjBAMA8GA1Ud -EwEB/wQFMAMBAf8wHQYDVR0OBBYEFJngGWcNYtt2s9o9uFvo/ULSMQ6HMA4GA1UdDwEB/wQEAwIB -BjANBgkqhkiG9w0BAQsFAAOCAgEAmHNw4rDT7TnsTGDZqRKGFx6W0OhUKDtkLSGm+J1WE2pIPU/H -PinbbViDVD2HfSMF1OQc3Og4ZYbFdada2zUFvXfeuyk3QAUHw5RSn8pk3fEbK9xGChACMf1KaA0H -ZJDmHvUqoai7PF35owgLEQzxPy0QlG/+4jSHg9bP5Rs1bdID4bANqKCqRieCNqcVtgimQlRXtpla -4gt5kNdXElE1GYhBaCXUNxeEFfsBctyV3lImIJgm4nb1J2/6ADtKYdkNy1GTKv0WBpanI5ojSP5R -vbbEsLFUzt5sQa0WZ37b/TjNuThOssFgy50X31ieemKyJo90lZvkWx3SD92YHJtZuSPTMaCm/zjd -zyBP6VhWOmfD0faZmZ26NraAL4hHT4a/RDqA5Dccprrql5gR0IRiR2Qequ5AvzSxnI9O4fKSTx+O -856X3vOmeWqJcU9LJxdI/uz0UA9PSX3MReO9ekDFQdxhVicGaeVyQYHTtgGJoC86cnn+OjC/QezH -Yj6RS8fZMXZC+fc8Y+wmjHMMfRod6qh8h6jCJ3zhM0EPz8/8AKAigJ5Kp28AsEFFtyLKaEjFQqKu -3R3y4G5OBVixwJAWKqQ9EEC+j2Jjg6mcgn0tAumDMHzLJ8n9HmYAsC7TIS+OMxZsmO0QqAfWzJPP -29FpHOTKyeC2nOnOcXHebD8WpHk= ------END CERTIFICATE----- - -Trustwave Global ECC P256 Certification Authority -================================================= ------BEGIN CERTIFICATE----- -MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYDVQQGEwJVUzER -MA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0d2F2ZSBI -b2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZp -Y2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYD -VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRy -dXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDI1 -NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH77bOYj -43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoNFWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqm -P62jQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt -0UrrdaVKEJmzsaGLSvcwCgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjz -RM4q3wghDDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 ------END CERTIFICATE----- - -Trustwave Global ECC P384 Certification Authority -================================================= ------BEGIN CERTIFICATE----- -MIICnTCCAiSgAwIBAgIMCL2Fl2yZJ6SAaEc7MAoGCCqGSM49BAMDMIGRMQswCQYDVQQGEwJVUzER -MA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0d2F2ZSBI -b2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDM4NCBDZXJ0aWZp -Y2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MjMxOTM2NDNaFw00MjA4MjMxOTM2NDNaMIGRMQswCQYD -VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRy -dXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDM4 -NCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTB2MBAGByqGSM49AgEGBSuBBAAiA2IABGvaDXU1CDFH -Ba5FmVXxERMuSvgQMSOjfoPTfygIOiYaOs+Xgh+AtycJj9GOMMQKmw6sWASr9zZ9lCOkmwqKi6vr -/TklZvFe/oyujUF5nQlgziip04pt89ZF1PKYhDhloKNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNV -HQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBRVqYSJ0sEyvRjLbKYHTsjnnb6CkDAKBggqhkjOPQQDAwNn -ADBkAjA3AZKXRRJ+oPM+rRk6ct30UJMDEr5E0k9BpIycnR+j9sKS50gU/k6bpZFXrsY3crsCMGcl -CrEMXu6pY5Jv5ZAL/mYiykf9ijH3g/56vxC+GCsej/YpHpRZ744hN8tRmKVuSw== ------END CERTIFICATE----- - -NAVER Global Root Certification Authority -========================================= ------BEGIN CERTIFICATE----- -MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEMBQAwaTELMAkG -A1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRGT1JNIENvcnAuMTIwMAYDVQQD -DClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4 -NDJaFw0zNzA4MTgyMzU5NTlaMGkxCzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVT -UyBQTEFURk9STSBDb3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlv -biBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVAiQqrDZBb -UGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH38dq6SZeWYp34+hInDEW -+j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lEHoSTGEq0n+USZGnQJoViAbbJAh2+g1G7 -XNr4rRVqmfeSVPc0W+m/6imBEtRTkZazkVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2 -aacp+yPOiNgSnABIqKYPszuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4 -Yb8ObtoqvC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHfnZ3z -VHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaGYQ5fG8Ir4ozVu53B -A0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo0es+nPxdGoMuK8u180SdOqcXYZai -cdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3aCJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejy -YhbLgGvtPe31HzClrkvJE+2KAQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNV -HQ4EFgQU0p+I36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB -Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoNqo0hV4/GPnrK -21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatjcu3cvuzHV+YwIHHW1xDBE1UB -jCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm+LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bx -hYTeodoS76TiEJd6eN4MUZeoIUCLhr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTg -E34h5prCy8VCZLQelHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTH -D8z7p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8piKCk5XQ -A76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLRLBT/DShycpWbXgnbiUSY -qqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oG -I/hGoiLtk/bdmuYqh7GYVPEi92tF4+KOdh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmg -kpzNNIaRkPpkUZ3+/uul9XXeifdy ------END CERTIFICATE----- - -AC RAIZ FNMT-RCM SERVIDORES SEGUROS -=================================== ------BEGIN CERTIFICATE----- -MIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQswCQYDVQQGEwJF -UzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgwFgYDVQRhDA9WQVRFUy1RMjgy -NjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1SQ00gU0VSVklET1JFUyBTRUdVUk9TMB4XDTE4 -MTIyMDA5MzczM1oXDTQzMTIyMDA5MzczM1oweDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQt -UkNNMQ4wDAYDVQQLDAVDZXJlczEYMBYGA1UEYQwPVkFURVMtUTI4MjYwMDRKMSwwKgYDVQQDDCNB -QyBSQUlaIEZOTVQtUkNNIFNFUlZJRE9SRVMgU0VHVVJPUzB2MBAGByqGSM49AgEGBSuBBAAiA2IA -BPa6V1PIyqvfNkpSIeSX0oNnnvBlUdBeh8dHsVnyV0ebAAKTRBdp20LHsbI6GA60XYyzZl2hNPk2 -LEnb80b8s0RpRBNm/dfF/a82Tc4DTQdxz69qBdKiQ1oKUm8BA06Oi6NCMEAwDwYDVR0TAQH/BAUw -AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAG5L++/EYZg8k/QQW6rcx/n0m5JMAoGCCqG -SM49BAMDA2kAMGYCMQCuSuMrQMN0EfKVrRYj3k4MGuZdpSRea0R7/DjiT8ucRRcRTBQnJlU5dUoD -zBOQn5ICMQD6SmxgiHPz7riYYqnOK8LZiqZwMR2vsJRM60/G49HzYqc8/5MuB1xJAWdpEgJyv+c= ------END CERTIFICATE----- - -GlobalSign Root R46 -=================== ------BEGIN CERTIFICATE----- -MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUAMEYxCzAJBgNV -BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJv -b3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAX -BgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIi -MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08Es -CVeJOaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQGvGIFAha/ -r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud316HCkD7rRlr+/fKYIje -2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo0q3v84RLHIf8E6M6cqJaESvWJ3En7YEt -bWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSEy132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvj -K8Cd+RTyG/FWaha/LIWFzXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD4 -12lPFzYE+cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCNI/on -ccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzsx2sZy/N78CsHpdls -eVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqaByFrgY/bxFn63iLABJzjqls2k+g9 -vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYD -VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEM -BQADggIBAHx47PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg -JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti2kM3S+LGteWy -gxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIkpnnpHs6i58FZFZ8d4kuaPp92 -CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRFFRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZm -OUdkLG5NrmJ7v2B0GbhWrJKsFjLtrWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qq -JZ4d16GLuc1CLgSkZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwye -qiv5u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP4vkYxboz -nxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6N3ec592kD3ZDZopD8p/7 -DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3vouXsXgxT7PntgMTzlSdriVZzH81Xwj3 -QEUxeCp6 ------END CERTIFICATE----- - -GlobalSign Root E46 -=================== ------BEGIN CERTIFICATE----- -MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYxCzAJBgNVBAYT -AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJvb3Qg -RTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNV -BAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcq -hkjOPQIBBgUrgQQAIgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkB -jtjqR+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGddyXqBPCCj -QjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQxCpCPtsad0kRL -gLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZk -vLtoURMMA/cVi4RguYv/Uo7njLwcAjA8+RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+ -CAezNIm8BZ/3Hobui3A= ------END CERTIFICATE----- - -GLOBALTRUST 2020 -================ ------BEGIN CERTIFICATE----- -MIIFgjCCA2qgAwIBAgILWku9WvtPilv6ZeUwDQYJKoZIhvcNAQELBQAwTTELMAkGA1UEBhMCQVQx -IzAhBgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVT -VCAyMDIwMB4XDTIwMDIxMDAwMDAwMFoXDTQwMDYxMDAwMDAwMFowTTELMAkGA1UEBhMCQVQxIzAh -BgNVBAoTGmUtY29tbWVyY2UgbW9uaXRvcmluZyBHbWJIMRkwFwYDVQQDExBHTE9CQUxUUlVTVCAy -MDIwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAri5WrRsc7/aVj6B3GyvTY4+ETUWi -D59bRatZe1E0+eyLinjF3WuvvcTfk0Uev5E4C64OFudBc/jbu9G4UeDLgztzOG53ig9ZYybNpyrO -VPu44sB8R85gfD+yc/LAGbaKkoc1DZAoouQVBGM+uq/ufF7MpotQsjj3QWPKzv9pj2gOlTblzLmM -CcpL3TGQlsjMH/1WljTbjhzqLL6FLmPdqqmV0/0plRPwyJiT2S0WR5ARg6I6IqIoV6Lr/sCMKKCm -fecqQjuCgGOlYx8ZzHyyZqjC0203b+J+BlHZRYQfEs4kUmSFC0iAToexIiIwquuuvuAC4EDosEKA -A1GqtH6qRNdDYfOiaxaJSaSjpCuKAsR49GiKweR6NrFvG5Ybd0mN1MkGco/PU+PcF4UgStyYJ9OR -JitHHmkHr96i5OTUawuzXnzUJIBHKWk7buis/UDr2O1xcSvy6Fgd60GXIsUf1DnQJ4+H4xj04KlG -DfV0OoIu0G4skaMxXDtG6nsEEFZegB31pWXogvziB4xiRfUg3kZwhqG8k9MedKZssCz3AwyIDMvU -clOGvGBG85hqwvG/Q/lwIHfKN0F5VVJjjVsSn8VoxIidrPIwq7ejMZdnrY8XD2zHc+0klGvIg5rQ -mjdJBKuxFshsSUktq6HQjJLyQUp5ISXbY9e2nKd+Qmn7OmMCAwEAAaNjMGEwDwYDVR0TAQH/BAUw -AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFNwuH9FhN3nkq9XVsxJxaD1qaJwiMB8GA1Ud -IwQYMBaAFNwuH9FhN3nkq9XVsxJxaD1qaJwiMA0GCSqGSIb3DQEBCwUAA4ICAQCR8EICaEDuw2jA -VC/f7GLDw56KoDEoqoOOpFaWEhCGVrqXctJUMHytGdUdaG/7FELYjQ7ztdGl4wJCXtzoRlgHNQIw -4Lx0SsFDKv/bGtCwr2zD/cuz9X9tAy5ZVp0tLTWMstZDFyySCstd6IwPS3BD0IL/qMy/pJTAvoe9 -iuOTe8aPmxadJ2W8esVCgmxcB9CpwYhgROmYhRZf+I/KARDOJcP5YBugxZfD0yyIMaK9MOzQ0MAS -8cE54+X1+NZK3TTN+2/BT+MAi1bikvcoskJ3ciNnxz8RFbLEAwW+uxF7Cr+obuf/WEPPm2eggAe2 -HcqtbepBEX4tdJP7wry+UUTF72glJ4DjyKDUEuzZpTcdN3y0kcra1LGWge9oXHYQSa9+pTeAsRxS -vTOBTI/53WXZFM2KJVj04sWDpQmQ1GwUY7VA3+vA/MRYfg0UFodUJ25W5HCEuGwyEn6CMUO+1918 -oa2u1qsgEu8KwxCMSZY13At1XrFP1U80DhEgB3VDRemjEdqso5nCtnkn4rnvyOL2NSl6dPrFf4IF -YqYK6miyeUcGbvJXqBUzxvd4Sj1Ce2t+/vdG6tHrju+IaFvowdlxfv1k7/9nR4hYJS8+hge9+6jl -gqispdNpQ80xiEmEU5LAsTkbOYMBMMTyqfrQA71yN2BWHzZ8vTmR9W0Nv3vXkg== ------END CERTIFICATE----- - -ANF Secure Server Root CA -========================= ------BEGIN CERTIFICATE----- -MIIF7zCCA9egAwIBAgIIDdPjvGz5a7EwDQYJKoZIhvcNAQELBQAwgYQxEjAQBgNVBAUTCUc2MzI4 -NzUxMDELMAkGA1UEBhMCRVMxJzAlBgNVBAoTHkFORiBBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lv -bjEUMBIGA1UECxMLQU5GIENBIFJhaXoxIjAgBgNVBAMTGUFORiBTZWN1cmUgU2VydmVyIFJvb3Qg -Q0EwHhcNMTkwOTA0MTAwMDM4WhcNMzkwODMwMTAwMDM4WjCBhDESMBAGA1UEBRMJRzYzMjg3NTEw -MQswCQYDVQQGEwJFUzEnMCUGA1UEChMeQU5GIEF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uMRQw -EgYDVQQLEwtBTkYgQ0EgUmFpejEiMCAGA1UEAxMZQU5GIFNlY3VyZSBTZXJ2ZXIgUm9vdCBDQTCC -AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANvrayvmZFSVgpCjcqQZAZ2cC4Ffc0m6p6zz -BE57lgvsEeBbphzOG9INgxwruJ4dfkUyYA8H6XdYfp9qyGFOtibBTI3/TO80sh9l2Ll49a2pcbnv -T1gdpd50IJeh7WhM3pIXS7yr/2WanvtH2Vdy8wmhrnZEE26cLUQ5vPnHO6RYPUG9tMJJo8gN0pcv -B2VSAKduyK9o7PQUlrZXH1bDOZ8rbeTzPvY1ZNoMHKGESy9LS+IsJJ1tk0DrtSOOMspvRdOoiXse -zx76W0OLzc2oD2rKDF65nkeP8Nm2CgtYZRczuSPkdxl9y0oukntPLxB3sY0vaJxizOBQ+OyRp1RM -VwnVdmPF6GUe7m1qzwmd+nxPrWAI/VaZDxUse6mAq4xhj0oHdkLePfTdsiQzW7i1o0TJrH93PB0j -7IKppuLIBkwC/qxcmZkLLxCKpvR/1Yd0DVlJRfbwcVw5Kda/SiOL9V8BY9KHcyi1Swr1+KuCLH5z -JTIdC2MKF4EA/7Z2Xue0sUDKIbvVgFHlSFJnLNJhiQcND85Cd8BEc5xEUKDbEAotlRyBr+Qc5RQe -8TZBAQIvfXOn3kLMTOmJDVb3n5HUA8ZsyY/b2BzgQJhdZpmYgG4t/wHFzstGH6wCxkPmrqKEPMVO -Hj1tyRRM4y5Bu8o5vzY8KhmqQYdOpc5LMnndkEl/AgMBAAGjYzBhMB8GA1UdIwQYMBaAFJxf0Gxj -o1+TypOYCK2Mh6UsXME3MB0GA1UdDgQWBBScX9BsY6Nfk8qTmAitjIelLFzBNzAOBgNVHQ8BAf8E -BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEATh65isagmD9uw2nAalxJ -UqzLK114OMHVVISfk/CHGT0sZonrDUL8zPB1hT+L9IBdeeUXZ701guLyPI59WzbLWoAAKfLOKyzx -j6ptBZNscsdW699QIyjlRRA96Gejrw5VD5AJYu9LWaL2U/HANeQvwSS9eS9OICI7/RogsKQOLHDt -dD+4E5UGUcjohybKpFtqFiGS3XNgnhAY3jyB6ugYw3yJ8otQPr0R4hUDqDZ9MwFsSBXXiJCZBMXM -5gf0vPSQ7RPi6ovDj6MzD8EpTBNO2hVWcXNyglD2mjN8orGoGjR0ZVzO0eurU+AagNjqOknkJjCb -5RyKqKkVMoaZkgoQI1YS4PbOTOK7vtuNknMBZi9iPrJyJ0U27U1W45eZ/zo1PqVUSlJZS2Db7v54 -EX9K3BR5YLZrZAPbFYPhor72I5dQ8AkzNqdxliXzuUJ92zg/LFis6ELhDtjTO0wugumDLmsx2d1H -hk9tl5EuT+IocTUW0fJz/iUrB0ckYyfI+PbZa/wSMVYIwFNCr5zQM378BvAxRAMU8Vjq8moNqRGy -g77FGr8H6lnco4g175x2MjxNBiLOFeXdntiP2t7SxDnlF4HPOEfrf4htWRvfn0IUrn7PqLBmZdo3 -r5+qPeoott7VMVgWglvquxl1AnMaykgaIZOQCo6ThKd9OyMYkomgjaw= ------END CERTIFICATE----- - -Certum EC-384 CA -================ ------BEGIN CERTIFICATE----- -MIICZTCCAeugAwIBAgIQeI8nXIESUiClBNAt3bpz9DAKBggqhkjOPQQDAzB0MQswCQYDVQQGEwJQ -TDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2Vy -dGlmaWNhdGlvbiBBdXRob3JpdHkxGTAXBgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwHhcNMTgwMzI2 -MDcyNDU0WhcNNDMwMzI2MDcyNDU0WjB0MQswCQYDVQQGEwJQTDEhMB8GA1UEChMYQXNzZWNvIERh -dGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkx -GTAXBgNVBAMTEENlcnR1bSBFQy0zODQgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATEKI6rGFtq -vm5kN2PkzeyrOvfMobgOgknXhimfoZTy42B4mIF4Bk3y7JoOV2CDn7TmFy8as10CW4kjPMIRBSqn -iBMY81CE1700LCeJVf/OTOffph8oxPBUw7l8t1Ot68KjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD -VR0OBBYEFI0GZnQkdjrzife81r1HfS+8EF9LMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNo -ADBlAjADVS2m5hjEfO/JUG7BJw+ch69u1RsIGL2SKcHvlJF40jocVYli5RsJHrpka/F2tNQCMQC0 -QoSZ/6vnnvuRlydd3LBbMHHOXjgaatkl5+r3YZJW+OraNsKHZZYuciUvf9/DE8k= ------END CERTIFICATE----- - -Certum Trusted Root CA -====================== ------BEGIN CERTIFICATE----- -MIIFwDCCA6igAwIBAgIQHr9ZULjJgDdMBvfrVU+17TANBgkqhkiG9w0BAQ0FADB6MQswCQYDVQQG -EwJQTDEhMB8GA1UEChMYQXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0g -Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0Ew -HhcNMTgwMzE2MTIxMDEzWhcNNDMwMzE2MTIxMDEzWjB6MQswCQYDVQQGEwJQTDEhMB8GA1UEChMY -QXNzZWNvIERhdGEgU3lzdGVtcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlvbiBB -dXRob3JpdHkxHzAdBgNVBAMTFkNlcnR1bSBUcnVzdGVkIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQDRLY67tzbqbTeRn06TpwXkKQMlzhyC93yZn0EGze2jusDbCSzBfN8p -fktlL5On1AFrAygYo9idBcEq2EXxkd7fO9CAAozPOA/qp1x4EaTByIVcJdPTsuclzxFUl6s1wB52 -HO8AU5853BSlLCIls3Jy/I2z5T4IHhQqNwuIPMqw9MjCoa68wb4pZ1Xi/K1ZXP69VyywkI3C7Te2 -fJmItdUDmj0VDT06qKhF8JVOJVkdzZhpu9PMMsmN74H+rX2Ju7pgE8pllWeg8xn2A1bUatMn4qGt -g/BKEiJ3HAVz4hlxQsDsdUaakFjgao4rpUYwBI4Zshfjvqm6f1bxJAPXsiEodg42MEx51UGamqi4 -NboMOvJEGyCI98Ul1z3G4z5D3Yf+xOr1Uz5MZf87Sst4WmsXXw3Hw09Omiqi7VdNIuJGmj8PkTQk -fVXjjJU30xrwCSss0smNtA0Aq2cpKNgB9RkEth2+dv5yXMSFytKAQd8FqKPVhJBPC/PgP5sZ0jeJ -P/J7UhyM9uH3PAeXjA6iWYEMspA90+NZRu0PqafegGtaqge2Gcu8V/OXIXoMsSt0Puvap2ctTMSY -njYJdmZm/Bo/6khUHL4wvYBQv3y1zgD2DGHZ5yQD4OMBgQ692IU0iL2yNqh7XAjlRICMb/gv1SHK -HRzQ+8S1h9E6Tsd2tTVItQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSM+xx1 -vALTn04uSNn5YFSqxLNP+jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQENBQADggIBAEii1QAL -LtA/vBzVtVRJHlpr9OTy4EA34MwUe7nJ+jW1dReTagVphZzNTxl4WxmB82M+w85bj/UvXgF2Ez8s -ALnNllI5SW0ETsXpD4YN4fqzX4IS8TrOZgYkNCvozMrnadyHncI013nR03e4qllY/p0m+jiGPp2K -h2RX5Rc64vmNueMzeMGQ2Ljdt4NR5MTMI9UGfOZR0800McD2RrsLrfw9EAUqO0qRJe6M1ISHgCq8 -CYyqOhNf6DR5UMEQGfnTKB7U0VEwKbOukGfWHwpjscWpxkIxYxeU72nLL/qMFH3EQxiJ2fAyQOaA -4kZf5ePBAFmo+eggvIksDkc0C+pXwlM2/KfUrzHN/gLldfq5Jwn58/U7yn2fqSLLiMmq0Uc9Nneo -WWRrJ8/vJ8HjJLWG965+Mk2weWjROeiQWMODvA8s1pfrzgzhIMfatz7DP78v3DSk+yshzWePS/Tj -6tQ/50+6uaWTRRxmHyH6ZF5v4HaUMst19W7l9o/HuKTMqJZ9ZPskWkoDbGs4xugDQ5r3V7mzKWmT -OPQD8rv7gmsHINFSH5pkAnuYZttcTVoP0ISVoDwUQwbKytu4QTbaakRnh6+v40URFWkIsr4WOZck -bxJF0WddCajJFdr60qZfE2Efv4WstK2tBZQIgx51F9NxO5NQI1mg7TyRVJ12AMXDuDjb ------END CERTIFICATE----- - -TunTrust Root CA -================ ------BEGIN CERTIFICATE----- -MIIFszCCA5ugAwIBAgIUEwLV4kBMkkaGFmddtLu7sms+/BMwDQYJKoZIhvcNAQELBQAwYTELMAkG -A1UEBhMCVE4xNzA1BgNVBAoMLkFnZW5jZSBOYXRpb25hbGUgZGUgQ2VydGlmaWNhdGlvbiBFbGVj -dHJvbmlxdWUxGTAXBgNVBAMMEFR1blRydXN0IFJvb3QgQ0EwHhcNMTkwNDI2MDg1NzU2WhcNNDQw -NDI2MDg1NzU2WjBhMQswCQYDVQQGEwJUTjE3MDUGA1UECgwuQWdlbmNlIE5hdGlvbmFsZSBkZSBD -ZXJ0aWZpY2F0aW9uIEVsZWN0cm9uaXF1ZTEZMBcGA1UEAwwQVHVuVHJ1c3QgUm9vdCBDQTCCAiIw -DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMPN0/y9BFPdDCA61YguBUtB9YOCfvdZn56eY+hz -2vYGqU8ftPkLHzmMmiDQfgbU7DTZhrx1W4eI8NLZ1KMKsmwb60ksPqxd2JQDoOw05TDENX37Jk0b -bjBU2PWARZw5rZzJJQRNmpA+TkBuimvNKWfGzC3gdOgFVwpIUPp6Q9p+7FuaDmJ2/uqdHYVy7BG7 -NegfJ7/Boce7SBbdVtfMTqDhuazb1YMZGoXRlJfXyqNlC/M4+QKu3fZnz8k/9YosRxqZbwUN/dAd -gjH8KcwAWJeRTIAAHDOFli/LQcKLEITDCSSJH7UP2dl3RxiSlGBcx5kDPP73lad9UKGAwqmDrViW -VSHbhlnUr8a83YFuB9tgYv7sEG7aaAH0gxupPqJbI9dkxt/con3YS7qC0lH4Zr8GRuR5KiY2eY8f -Tpkdso8MDhz/yV3A/ZAQprE38806JG60hZC/gLkMjNWb1sjxVj8agIl6qeIbMlEsPvLfe/ZdeikZ -juXIvTZxi11Mwh0/rViizz1wTaZQmCXcI/m4WEEIcb9PuISgjwBUFfyRbVinljvrS5YnzWuioYas -DXxU5mZMZl+QviGaAkYt5IPCgLnPSz7ofzwB7I9ezX/SKEIBlYrilz0QIX32nRzFNKHsLA4KUiwS -VXAkPcvCFDVDXSdOvsC9qnyW5/yeYa1E0wCXAgMBAAGjYzBhMB0GA1UdDgQWBBQGmpsfU33x9aTI -04Y+oXNZtPdEITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFAaamx9TffH1pMjThj6hc1m0 -90QhMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAqgVutt0Vyb+zxiD2BkewhpMl -0425yAA/l/VSJ4hxyXT968pk21vvHl26v9Hr7lxpuhbI87mP0zYuQEkHDVneixCwSQXi/5E/S7fd -Ao74gShczNxtr18UnH1YeA32gAm56Q6XKRm4t+v4FstVEuTGfbvE7Pi1HE4+Z7/FXxttbUcoqgRY -YdZ2vyJ/0Adqp2RT8JeNnYA/u8EH22Wv5psymsNUk8QcCMNE+3tjEUPRahphanltkE8pjkcFwRJp -adbGNjHh/PqAulxPxOu3Mqz4dWEX1xAZufHSCe96Qp1bWgvUxpVOKs7/B9dPfhgGiPEZtdmYu65x -xBzndFlY7wyJz4sfdZMaBBSSSFCp61cpABbjNhzI+L/wM9VBD8TMPN3pM0MBkRArHtG5Xc0yGYuP -jCB31yLEQtyEFpslbei0VXF/sHyz03FJuc9SpAQ/3D2gu68zngowYI7bnV2UqL1g52KAdoGDDIzM -MEZJ4gzSqK/rYXHv5yJiqfdcZGyfFoxnNidF9Ql7v/YQCvGwjVRDjAS6oz/v4jXH+XTgbzRB0L9z -ZVcg+ZtnemZoJE6AZb0QmQZZ8mWvuMZHu/2QeItBcy6vVR/cO5JyboTT0GFMDcx2V+IthSIVNg3r -AZ3r2OvEhJn7wAzMMujjd9qDRIueVSjAi1jTkD5OGwDxFa2DK5o= ------END CERTIFICATE----- - -HARICA TLS RSA Root CA 2021 -=========================== ------BEGIN CERTIFICATE----- -MIIFpDCCA4ygAwIBAgIQOcqTHO9D88aOk8f0ZIk4fjANBgkqhkiG9w0BAQsFADBsMQswCQYDVQQG -EwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u -cyBDQTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBSU0EgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTEwNTUz -OFoXDTQ1MDIxMzEwNTUzN1owbDELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRl -bWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgUlNB -IFJvb3QgQ0EgMjAyMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIvC569lmwVnlskN -JLnQDmT8zuIkGCyEf3dRywQRNrhe7Wlxp57kJQmXZ8FHws+RFjZiPTgE4VGC/6zStGndLuwRo0Xu -a2s7TL+MjaQenRG56Tj5eg4MmOIjHdFOY9TnuEFE+2uva9of08WRiFukiZLRgeaMOVig1mlDqa2Y -Ulhu2wr7a89o+uOkXjpFc5gH6l8Cct4MpbOfrqkdtx2z/IpZ525yZa31MJQjB/OCFks1mJxTuy/K -5FrZx40d/JiZ+yykgmvwKh+OC19xXFyuQnspiYHLA6OZyoieC0AJQTPb5lh6/a6ZcMBaD9YThnEv -dmn8kN3bLW7R8pv1GmuebxWMevBLKKAiOIAkbDakO/IwkfN4E8/BPzWr8R0RI7VDIp4BkrcYAuUR -0YLbFQDMYTfBKnya4dC6s1BG7oKsnTH4+yPiAwBIcKMJJnkVU2DzOFytOOqBAGMUuTNe3QvboEUH -GjMJ+E20pwKmafTCWQWIZYVWrkvL4N48fS0ayOn7H6NhStYqE613TBoYm5EPWNgGVMWX+Ko/IIqm -haZ39qb8HOLubpQzKoNQhArlT4b4UEV4AIHrW2jjJo3Me1xR9BQsQL4aYB16cmEdH2MtiKrOokWQ -CPxrvrNQKlr9qEgYRtaQQJKQCoReaDH46+0N0x3GfZkYVVYnZS6NRcUk7M7jAgMBAAGjQjBAMA8G -A1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFApII6ZgpJIKM+qTW8VX6iVNvRLuMA4GA1UdDwEB/wQE -AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAPpBIqm5iFSVmewzVjIuJndftTgfvnNAUX15QvWiWkKQU -EapobQk1OUAJ2vQJLDSle1mESSmXdMgHHkdt8s4cUCbjnj1AUz/3f5Z2EMVGpdAgS1D0NTsY9FVq -QRtHBmg8uwkIYtlfVUKqrFOFrJVWNlar5AWMxajaH6NpvVMPxP/cyuN+8kyIhkdGGvMA9YCRotxD -QpSbIPDRzbLrLFPCU3hKTwSUQZqPJzLB5UkZv/HywouoCjkxKLR9YjYsTewfM7Z+d21+UPCfDtcR -j88YxeMn/ibvBZ3PzzfF0HvaO7AWhAw6k9a+F9sPPg4ZeAnHqQJyIkv3N3a6dcSFA1pj1bF1BcK5 -vZStjBWZp5N99sXzqnTPBIWUmAD04vnKJGW/4GKvyMX6ssmeVkjaef2WdhW+o45WxLM0/L5H9MG0 -qPzVMIho7suuyWPEdr6sOBjhXlzPrjoiUevRi7PzKzMHVIf6tLITe7pTBGIBnfHAT+7hOtSLIBD6 -Alfm78ELt5BGnBkpjNxvoEppaZS3JGWg/6w/zgH7IS79aPib8qXPMThcFarmlwDB31qlpzmq6YR/ -PFGoOtmUW4y/Twhx5duoXNTSpv4Ao8YWxw/ogM4cKGR0GQjTQuPOAF1/sdwTsOEFy9EgqoZ0njnn -kf3/W9b3raYvAwtt41dU63ZTGI0RmLo= ------END CERTIFICATE----- - -HARICA TLS ECC Root CA 2021 -=========================== ------BEGIN CERTIFICATE----- -MIICVDCCAdugAwIBAgIQZ3SdjXfYO2rbIvT/WeK/zjAKBggqhkjOPQQDAzBsMQswCQYDVQQGEwJH -UjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBD -QTEkMCIGA1UEAwwbSEFSSUNBIFRMUyBFQ0MgUm9vdCBDQSAyMDIxMB4XDTIxMDIxOTExMDExMFoX -DTQ1MDIxMzExMDEwOVowbDELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWlj -IGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExJDAiBgNVBAMMG0hBUklDQSBUTFMgRUNDIFJv -b3QgQ0EgMjAyMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABDgI/rGgltJ6rK9JOtDA4MM7KKrxcm1l -AEeIhPyaJmuqS7psBAqIXhfyVYf8MLA04jRYVxqEU+kw2anylnTDUR9YSTHMmE5gEYd103KUkE+b -ECUqqHgtvpBBWJAVcqeht6NCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUyRtTgRL+BNUW -0aq8mm+3oJUZbsowDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2cAMGQCMBHervjcToiwqfAi -rcJRQO9gcS3ujwLEXQNwSaSS6sUUiHCm0w2wqsosQJz76YJumgIwK0eaB8bRwoF8yguWGEEbo/Qw -CZ61IygNnxS2PFOiTAZpffpskcYqSUXm7LcT4Tps ------END CERTIFICATE----- - -Autoridad de Certificacion Firmaprofesional CIF A62634068 -========================================================= ------BEGIN CERTIFICATE----- -MIIGFDCCA/ygAwIBAgIIG3Dp0v+ubHEwDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCRVMxQjBA -BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2 -MjYzNDA2ODAeFw0xNDA5MjMxNTIyMDdaFw0zNjA1MDUxNTIyMDdaMFExCzAJBgNVBAYTAkVTMUIw -QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB -NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD -Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P -B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY -7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH -ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI -plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX -MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX -LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK -bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU -vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMB0GA1Ud -DgQWBBRlzeurNR4APn7VdMActHNHDhpkLzASBgNVHRMBAf8ECDAGAQH/AgEBMIGmBgNVHSAEgZ4w -gZswgZgGBFUdIAAwgY8wLwYIKwYBBQUHAgEWI2h0dHA6Ly93d3cuZmlybWFwcm9mZXNpb25hbC5j -b20vY3BzMFwGCCsGAQUFBwICMFAeTgBQAGEAcwBlAG8AIABkAGUAIABsAGEAIABCAG8AbgBhAG4A -bwB2AGEAIAA0ADcAIABCAGEAcgBjAGUAbABvAG4AYQAgADAAOAAwADEANzAOBgNVHQ8BAf8EBAMC -AQYwDQYJKoZIhvcNAQELBQADggIBAHSHKAIrdx9miWTtj3QuRhy7qPj4Cx2Dtjqn6EWKB7fgPiDL -4QjbEwj4KKE1soCzC1HA01aajTNFSa9J8OA9B3pFE1r/yJfY0xgsfZb43aJlQ3CTkBW6kN/oGbDb -LIpgD7dvlAceHabJhfa9NPhAeGIQcDq+fUs5gakQ1JZBu/hfHAsdCPKxsIl68veg4MSPi3i1O1il -I45PVf42O+AMt8oqMEEgtIDNrvx2ZnOorm7hfNoD6JQg5iKj0B+QXSBTFCZX2lSX3xZEEAEeiGaP -cjiT3SC3NL7X8e5jjkd5KAb881lFJWAiMxujX6i6KtoaPc1A6ozuBRWV1aUsIC+nmCjuRfzxuIgA -LI9C2lHVnOUTaHFFQ4ueCyE8S1wF3BqfmI7avSKecs2tCsvMo2ebKHTEm9caPARYpoKdrcd7b/+A -lun4jWq9GJAd/0kakFI3ky88Al2CdgtR5xbHV/g4+afNmyJU72OwFW1TZQNKXkqgsqeOSQBZONXH -9IBk9W6VULgRfhVwOEqwf9DEMnDAGf/JOC0ULGb0QkTmVXYbgBVX/8Cnp6o5qtjTcNAuuuuUavpf -NIbnYrX9ivAwhZTJryQCL2/W3Wf+47BVTwSYT6RBVuKT0Gro1vP7ZeDOdcQxWQzugsgMYDNKGbqE -ZycPvEJdvSRUDewdcAZfpLz6IHxV ------END CERTIFICATE----- - -vTrus ECC Root CA -================= ------BEGIN CERTIFICATE----- -MIICDzCCAZWgAwIBAgIUbmq8WapTvpg5Z6LSa6Q75m0c1towCgYIKoZIzj0EAwMwRzELMAkGA1UE -BhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xGjAYBgNVBAMTEXZUcnVzIEVDQyBS -b290IENBMB4XDTE4MDczMTA3MjY0NFoXDTQzMDczMTA3MjY0NFowRzELMAkGA1UEBhMCQ04xHDAa -BgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xGjAYBgNVBAMTEXZUcnVzIEVDQyBSb290IENBMHYw -EAYHKoZIzj0CAQYFK4EEACIDYgAEZVBKrox5lkqqHAjDo6LN/llWQXf9JpRCux3NCNtzslt188+c -ToL0v/hhJoVs1oVbcnDS/dtitN9Ti72xRFhiQgnH+n9bEOf+QP3A2MMrMudwpremIFUde4BdS49n -TPEQo0IwQDAdBgNVHQ4EFgQUmDnNvtiyjPeyq+GtJK97fKHbH88wDwYDVR0TAQH/BAUwAwEB/zAO -BgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwMDaAAwZQIwV53dVvHH4+m4SVBrm2nDb+zDfSXkV5UT -QJtS0zvzQBm8JsctBp61ezaf9SXUY2sAAjEA6dPGnlaaKsyh2j/IZivTWJwghfqrkYpwcBE4YGQL -YgmRWAD5Tfs0aNoJrSEGGJTO ------END CERTIFICATE----- - -vTrus Root CA -============= ------BEGIN CERTIFICATE----- -MIIFVjCCAz6gAwIBAgIUQ+NxE9izWRRdt86M/TX9b7wFjUUwDQYJKoZIhvcNAQELBQAwQzELMAkG -A1UEBhMCQ04xHDAaBgNVBAoTE2lUcnVzQ2hpbmEgQ28uLEx0ZC4xFjAUBgNVBAMTDXZUcnVzIFJv -b3QgQ0EwHhcNMTgwNzMxMDcyNDA1WhcNNDMwNzMxMDcyNDA1WjBDMQswCQYDVQQGEwJDTjEcMBoG -A1UEChMTaVRydXNDaGluYSBDby4sTHRkLjEWMBQGA1UEAxMNdlRydXMgUm9vdCBDQTCCAiIwDQYJ -KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL1VfGHTuB0EYgWgrmy3cLRB6ksDXhA/kFocizuwZots -SKYcIrrVQJLuM7IjWcmOvFjai57QGfIvWcaMY1q6n6MLsLOaXLoRuBLpDLvPbmyAhykUAyyNJJrI -ZIO1aqwTLDPxn9wsYTwaP3BVm60AUn/PBLn+NvqcwBauYv6WTEN+VRS+GrPSbcKvdmaVayqwlHeF -XgQPYh1jdfdr58tbmnDsPmcF8P4HCIDPKNsFxhQnL4Z98Cfe/+Z+M0jnCx5Y0ScrUw5XSmXX+6KA -YPxMvDVTAWqXcoKv8R1w6Jz1717CbMdHflqUhSZNO7rrTOiwCcJlwp2dCZtOtZcFrPUGoPc2BX70 -kLJrxLT5ZOrpGgrIDajtJ8nU57O5q4IikCc9Kuh8kO+8T/3iCiSn3mUkpF3qwHYw03dQ+A0Em5Q2 -AXPKBlim0zvc+gRGE1WKyURHuFE5Gi7oNOJ5y1lKCn+8pu8fA2dqWSslYpPZUxlmPCdiKYZNpGvu -/9ROutW04o5IWgAZCfEF2c6Rsffr6TlP9m8EQ5pV9T4FFL2/s1m02I4zhKOQUqqzApVg+QxMaPnu -1RcN+HFXtSXkKe5lXa/R7jwXC1pDxaWG6iSe4gUH3DRCEpHWOXSuTEGC2/KmSNGzm/MzqvOmwMVO -9fSddmPmAsYiS8GVP1BkLFTltvA8Kc9XAgMBAAGjQjBAMB0GA1UdDgQWBBRUYnBj8XWEQ1iO0RYg -scasGrz2iTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOC -AgEAKbqSSaet8PFww+SX8J+pJdVrnjT+5hpk9jprUrIQeBqfTNqK2uwcN1LgQkv7bHbKJAs5EhWd -nxEt/Hlk3ODg9d3gV8mlsnZwUKT+twpw1aA08XXXTUm6EdGz2OyC/+sOxL9kLX1jbhd47F18iMjr -jld22VkE+rxSH0Ws8HqA7Oxvdq6R2xCOBNyS36D25q5J08FsEhvMKar5CKXiNxTKsbhm7xqC5PD4 -8acWabfbqWE8n/Uxy+QARsIvdLGx14HuqCaVvIivTDUHKgLKeBRtRytAVunLKmChZwOgzoy8sHJn -xDHO2zTlJQNgJXtxmOTAGytfdELSS8VZCAeHvsXDf+eW2eHcKJfWjwXj9ZtOyh1QRwVTsMo554Wg -icEFOwE30z9J4nfrI8iIZjs9OXYhRvHsXyO466JmdXTBQPfYaJqT4i2pLr0cox7IdMakLXogqzu4 -sEb9b91fUlV1YvCXoHzXOP0l382gmxDPi7g4Xl7FtKYCNqEeXxzP4padKar9mK5S4fNBUvupLnKW -nyfjqnN9+BojZns7q2WwMgFLFT49ok8MKzWixtlnEjUwzXYuFrOZnk1PTi07NEPhmg4NpGaXutIc -SkwsKouLgU9xGqndXHt7CMUADTdA43x7VF8vhV929vensBxXVsFy6K2ir40zSbofitzmdHxghm+H -l3s= ------END CERTIFICATE----- - -ISRG Root X2 -============ ------BEGIN CERTIFICATE----- -MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQswCQYDVQQGEwJV -UzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElT -UkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVT -MSkwJwYDVQQKEyBJbnRlcm5ldCBTZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNS -RyBSb290IFgyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0H -ttwW+1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9ItgKbppb -d9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV -HQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZIzj0EAwMDaAAwZQIwe3lORlCEwkSHRhtF -cP9Ymd70/aTSVaYgLXTWNLxBo1BfASdWtL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5 -U6VR5CmD1/iQMVtCnwr1/q4AaOeMSQ+2b1tbFfLn ------END CERTIFICATE----- - -HiPKI Root CA - G1 -================== ------BEGIN CERTIFICATE----- -MIIFajCCA1KgAwIBAgIQLd2szmKXlKFD6LDNdmpeYDANBgkqhkiG9w0BAQsFADBPMQswCQYDVQQG -EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xGzAZBgNVBAMMEkhpUEtJ -IFJvb3QgQ0EgLSBHMTAeFw0xOTAyMjIwOTQ2MDRaFw0zNzEyMzExNTU5NTlaME8xCzAJBgNVBAYT -AlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEbMBkGA1UEAwwSSGlQS0kg -Um9vdCBDQSAtIEcxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA9B5/UnMyDHPkvRN0 -o9QwqNCuS9i233VHZvR85zkEHmpwINJaR3JnVfSl6J3VHiGh8Ge6zCFovkRTv4354twvVcg3Px+k -wJyz5HdcoEb+d/oaoDjq7Zpy3iu9lFc6uux55199QmQ5eiY29yTw1S+6lZgRZq2XNdZ1AYDgr/SE -YYwNHl98h5ZeQa/rh+r4XfEuiAU+TCK72h8q3VJGZDnzQs7ZngyzsHeXZJzA9KMuH5UHsBffMNsA -GJZMoYFL3QRtU6M9/Aes1MU3guvklQgZKILSQjqj2FPseYlgSGDIcpJQ3AOPgz+yQlda22rpEZfd -hSi8MEyr48KxRURHH+CKFgeW0iEPU8DtqX7UTuybCeyvQqww1r/REEXgphaypcXTT3OUM3ECoWqj -1jOXTyFjHluP2cFeRXF3D4FdXyGarYPM+l7WjSNfGz1BryB1ZlpK9p/7qxj3ccC2HTHsOyDry+K4 -9a6SsvfhhEvyovKTmiKe0xRvNlS9H15ZFblzqMF8b3ti6RZsR1pl8w4Rm0bZ/W3c1pzAtH2lsN0/ -Vm+h+fbkEkj9Bn8SV7apI09bA8PgcSojt/ewsTu8mL3WmKgMa/aOEmem8rJY5AIJEzypuxC00jBF -8ez3ABHfZfjcK0NVvxaXxA/VLGGEqnKG/uY6fsI/fe78LxQ+5oXdUG+3Se0CAwEAAaNCMEAwDwYD -VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ncX+l6o/vY9cdVouslGDDjYr7AwDgYDVR0PAQH/BAQD -AgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBQUfB13HAE4/+qddRxosuej6ip0691x1TPOhwEmSKsxBHi -7zNKpiMdDg1H2DfHb680f0+BazVP6XKlMeJ45/dOlBhbQH3PayFUhuaVevvGyuqcSE5XCV0vrPSl -tJczWNWseanMX/mF+lLFjfiRFOs6DRfQUsJ748JzjkZ4Bjgs6FzaZsT0pPBWGTMpWmWSBUdGSquE -wx4noR8RkpkndZMPvDY7l1ePJlsMu5wP1G4wB9TcXzZoZjmDlicmisjEOf6aIW/Vcobpf2Lll07Q -JNBAsNB1CI69aO4I1258EHBGG3zgiLKecoaZAeO/n0kZtCW+VmWuF2PlHt/o/0elv+EmBYTksMCv -5wiZqAxeJoBF1PhoL5aPruJKHJwWDBNvOIf2u8g0X5IDUXlwpt/L9ZlNec1OvFefQ05rLisY+Gpz -jLrFNe85akEez3GoorKGB1s6yeHvP2UEgEcyRHCVTjFnanRbEEV16rCf0OY1/k6fi8wrkkVbbiVg -hUbN0aqwdmaTd5a+g744tiROJgvM7XpWGuDpWsZkrUx6AEhEL7lAuxM+vhV4nYWBSipX3tUZQ9rb -yltHhoMLP7YNdnhzeSJesYAfz77RP1YQmCuVh6EfnWQUYDksswBVLuT1sw5XxJFBAJw/6KXf6vb/ -yPCtbVKoF6ubYfwSUTXkJf2vqmqGOQ== ------END CERTIFICATE----- - -GlobalSign ECC Root CA - R4 -=========================== ------BEGIN CERTIFICATE----- -MIIB3DCCAYOgAwIBAgINAgPlfvU/k/2lCSGypjAKBggqhkjOPQQDAjBQMSQwIgYDVQQLExtHbG9i -YWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds -b2JhbFNpZ24wHhcNMTIxMTEzMDAwMDAwWhcNMzgwMTE5MDMxNDA3WjBQMSQwIgYDVQQLExtHbG9i -YWxTaWduIEVDQyBSb290IENBIC0gUjQxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds -b2JhbFNpZ24wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS4xnnTj2wlDp8uORkcA6SumuU5BwkW -ymOxuYb4ilfBV85C+nOh92VC/x7BALJucw7/xyHlGKSq2XE/qNS5zowdo0IwQDAOBgNVHQ8BAf8E -BAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUVLB7rUW44kB/+wpu+74zyTyjhNUwCgYI -KoZIzj0EAwIDRwAwRAIgIk90crlgr/HmnKAWBVBfw147bmF0774BxL4YSFlhgjICICadVGNA3jdg -UM/I2O2dgq43mLyjj0xMqTQrbO/7lZsm ------END CERTIFICATE----- - -GTS Root R1 -=========== ------BEGIN CERTIFICATE----- -MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQGEwJV -UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg -UjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE -ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0G -CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaM -f/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7wCl7raKb0 -xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjwTcLCeoiKu7rPWRnWr4+w -B7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0PfyblqAj+lug8aJRT7oM6iCsVlgmy4HqMLnXW -nOunVmSPlk9orj2XwoSPwLxAwAtcvfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk -9+aCEI3oncKKiPo4Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zq -kUspzBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92wO1A -K/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70paDPvOmbsB4om3xPX -V2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrNVjzRlwW5y0vtOUucxD/SVRNuJLDW -cfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0T -AQH/BAUwAwEB/zAdBgNVHQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQAD -ggIBAJ+qQibbC5u+/x6Wki4+omVKapi6Ist9wTrYggoGxval3sBOh2Z5ofmmWJyq+bXmYOfg6LEe -QkEzCzc9zolwFcq1JKjPa7XSQCGYzyI0zzvFIoTgxQ6KfF2I5DUkzps+GlQebtuyh6f88/qBVRRi -ClmpIgUxPoLW7ttXNLwzldMXG+gnoot7TiYaelpkttGsN/H9oPM47HLwEXWdyzRSjeZ2axfG34ar -J45JK3VmgRAhpuo+9K4l/3wV3s6MJT/KYnAK9y8JZgfIPxz88NtFMN9iiMG1D53Dn0reWVlHxYci -NuaCp+0KueIHoI17eko8cdLiA6EfMgfdG+RCzgwARWGAtQsgWSl4vflVy2PFPEz0tv/bal8xa5me -LMFrUKTX5hgUvYU/Z6tGn6D/Qqc6f1zLXbBwHSs09dR2CQzreExZBfMzQsNhFRAbd03OIozUhfJF -fbdT6u9AWpQKXCBfTkBdYiJ23//OYb2MI3jSNwLgjt7RETeJ9r/tSQdirpLsQBqvFAnZ0E6yove+ -7u7Y/9waLd64NnHi/Hm3lCXRSHNboTXns5lndcEZOitHTtNCjv0xyBZm2tIMPNuzjsmhDYAPexZ3 -FL//2wmUspO8IFgV6dtxQ/PeEMMA3KgqlbbC1j+Qa3bbbP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3 -gm3c ------END CERTIFICATE----- - -GTS Root R2 -=========== ------BEGIN CERTIFICATE----- -MIIFVzCCAz+gAwIBAgINAgPlrsWNBCUaqxElqjANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQGEwJV -UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg -UjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE -ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0G -CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3Lv -CvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3KgGjSY6Dlo7JUl -e3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9BuXvAuMC6C/Pq8tBcKSOWIm8Wb -a96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOdre7kRXuJVfeKH2JShBKzwkCX44ofR5GmdFrS -+LFjKBC4swm4VndAoiaYecb+3yXuPuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7M -kogwTZq9TwtImoS1mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJG -r61K8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqjx5RWIr9q -S34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsRnTKaG73VululycslaVNV -J1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0kzCqgc7dGtxRcw1PcOnlthYhGXmy5okL -dWTK1au8CcEYof/UVKGFPP0UJAOyh9OktwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0T -AQH/BAUwAwEB/zAdBgNVHQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQAD -ggIBAB/Kzt3HvqGf2SdMC9wXmBFqiN495nFWcrKeGk6c1SuYJF2ba3uwM4IJvd8lRuqYnrYb/oM8 -0mJhwQTtzuDFycgTE1XnqGOtjHsB/ncw4c5omwX4Eu55MaBBRTUoCnGkJE+M3DyCB19m3H0Q/gxh -swWV7uGugQ+o+MePTagjAiZrHYNSVc61LwDKgEDg4XSsYPWHgJ2uNmSRXbBoGOqKYcl3qJfEycel -/FVL8/B/uWU9J2jQzGv6U53hkRrJXRqWbTKH7QMgyALOWr7Z6v2yTcQvG99fevX4i8buMTolUVVn -jWQye+mew4K6Ki3pHrTgSAai/GevHyICc/sgCq+dVEuhzf9gR7A/Xe8bVr2XIZYtCtFenTgCR2y5 -9PYjJbigapordwj6xLEokCZYCDzifqrXPW+6MYgKBesntaFJ7qBFVHvmJ2WZICGoo7z7GJa7Um8M -7YNRTOlZ4iBgxcJlkoKM8xAfDoqXvneCbT+PHV28SSe9zE8P4c52hgQjxcCMElv924SgJPFI/2R8 -0L5cFtHvma3AH/vLrrw4IgYmZNralw4/KBVEqE8AyvCazM90arQ+POuV7LXTWtiBmelDGDfrs7vR -WGJB82bSj6p4lVQgw1oudCvV0b4YacCs1aTPObpRhANl6WLAYv7YTVWW4tAR+kg0Eeye7QUd5MjW -HYbL ------END CERTIFICATE----- - -GTS Root R3 -=========== ------BEGIN CERTIFICATE----- -MIICCTCCAY6gAwIBAgINAgPluILrIPglJ209ZjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEi -MCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMw -HhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZ -R29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcqhkjO -PQIBBgUrgQQAIgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUURout -736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2ADDL24CejQjBA -MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTB8Sa6oC2uhYHP0/Eq -Er24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEA9uEglRR7VKOQFhG/hMjqb2sXnh5GmCCbn9MN2azT -L818+FsuVbu/3ZL3pAzcMeGiAjEA/JdmZuVDFhOD3cffL74UOO0BzrEXGhF16b0DjyZ+hOXJYKaV -11RZt+cRLInUue4X ------END CERTIFICATE----- - -GTS Root R4 -=========== ------BEGIN CERTIFICATE----- -MIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEi -MCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQw -HhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZ -R29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjO -PQIBBgUrgQQAIgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzu -hXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvRHYqjQjBA -MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSATNbrdP9JNqPV2Py1 -PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/C -r8deVl5c1RxYIigL9zC2L7F8AjEA8GE8p/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh -4rsUecrNIdSUtUlD ------END CERTIFICATE----- - -Telia Root CA v2 -================ ------BEGIN CERTIFICATE----- -MIIFdDCCA1ygAwIBAgIPAWdfJ9b+euPkrL4JWwWeMA0GCSqGSIb3DQEBCwUAMEQxCzAJBgNVBAYT -AkZJMRowGAYDVQQKDBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2 -MjAeFw0xODExMjkxMTU1NTRaFw00MzExMjkxMTU1NTRaMEQxCzAJBgNVBAYTAkZJMRowGAYDVQQK -DBFUZWxpYSBGaW5sYW5kIE95ajEZMBcGA1UEAwwQVGVsaWEgUm9vdCBDQSB2MjCCAiIwDQYJKoZI -hvcNAQEBBQADggIPADCCAgoCggIBALLQPwe84nvQa5n44ndp586dpAO8gm2h/oFlH0wnrI4AuhZ7 -6zBqAMCzdGh+sq/H1WKzej9Qyow2RCRj0jbpDIX2Q3bVTKFgcmfiKDOlyzG4OiIjNLh9vVYiQJ3q -9HsDrWj8soFPmNB06o3lfc1jw6P23pLCWBnglrvFxKk9pXSW/q/5iaq9lRdU2HhE8Qx3FZLgmEKn -pNaqIJLNwaCzlrI6hEKNfdWV5Nbb6WLEWLN5xYzTNTODn3WhUidhOPFZPY5Q4L15POdslv5e2QJl -tI5c0BE0312/UqeBAMN/mUWZFdUXyApT7GPzmX3MaRKGwhfwAZ6/hLzRUssbkmbOpFPlob/E2wnW -5olWK8jjfN7j/4nlNW4o6GwLI1GpJQXrSPjdscr6bAhR77cYbETKJuFzxokGgeWKrLDiKca5JLNr -RBH0pUPCTEPlcDaMtjNXepUugqD0XBCzYYP2AgWGLnwtbNwDRm41k9V6lS/eINhbfpSQBGq6WT0E -BXWdN6IOLj3rwaRSg/7Qa9RmjtzG6RJOHSpXqhC8fF6CfaamyfItufUXJ63RDolUK5X6wK0dmBR4 -M0KGCqlztft0DbcbMBnEWg4cJ7faGND/isgFuvGqHKI3t+ZIpEYslOqodmJHixBTB0hXbOKSTbau -BcvcwUpej6w9GU7C7WB1K9vBykLVAgMBAAGjYzBhMB8GA1UdIwQYMBaAFHKs5DN5qkWH9v2sHZ7W -xy+G2CQ5MB0GA1UdDgQWBBRyrOQzeapFh/b9rB2e1scvhtgkOTAOBgNVHQ8BAf8EBAMCAQYwDwYD -VR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAoDtZpwmUPjaE0n4vOaWWl/oRrfxn83EJ -8rKJhGdEr7nv7ZbsnGTbMjBvZ5qsfl+yqwE2foH65IRe0qw24GtixX1LDoJt0nZi0f6X+J8wfBj5 -tFJ3gh1229MdqfDBmgC9bXXYfef6xzijnHDoRnkDry5023X4blMMA8iZGok1GTzTyVR8qPAs5m4H -eW9q4ebqkYJpCh3DflminmtGFZhb069GHWLIzoBSSRE/yQQSwxN8PzuKlts8oB4KtItUsiRnDe+C -y748fdHif64W1lZYudogsYMVoe+KTTJvQS8TUoKU1xrBeKJR3Stwbbca+few4GeXVtt8YVMJAygC -QMez2P2ccGrGKMOF6eLtGpOg3kuYooQ+BXcBlj37tCAPnHICehIv1aO6UXivKitEZU61/Qrowc15 -h2Er3oBXRb9n8ZuRXqWk7FlIEA04x7D6w0RtBPV4UBySllva9bguulvP5fBqnUsvWHMtTy3EHD70 -sz+rFQ47GUGKpMFXEmZxTPpT41frYpUJnlTd0cI8Vzy9OK2YZLe4A5pTVmBds9hCG1xLEooc6+t9 -xnppxyd/pPiL8uSUZodL6ZQHCRJ5irLrdATczvREWeAWysUsWNc8e89ihmpQfTU2Zqf7N+cox9jQ -raVplI/owd8k+BsHMYeB2F326CjYSlKArBPuUBQemMc= ------END CERTIFICATE----- - -D-TRUST BR Root CA 1 2020 -========================= ------BEGIN CERTIFICATE----- -MIIC2zCCAmCgAwIBAgIQfMmPK4TX3+oPyWWa00tNljAKBggqhkjOPQQDAzBIMQswCQYDVQQGEwJE -RTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEJSIFJvb3QgQ0EgMSAy -MDIwMB4XDTIwMDIxMTA5NDUwMFoXDTM1MDIxMTA5NDQ1OVowSDELMAkGA1UEBhMCREUxFTATBgNV -BAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBCUiBSb290IENBIDEgMjAyMDB2MBAG -ByqGSM49AgEGBSuBBAAiA2IABMbLxyjR+4T1mu9CFCDhQ2tuda38KwOE1HaTJddZO0Flax7mNCq7 -dPYSzuht56vkPE4/RAiLzRZxy7+SmfSk1zxQVFKQhYN4lGdnoxwJGT11NIXe7WB9xwy0QVK5buXu -QqOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHOREKv/VbNafAkl1bK6CKBrqx9t -MA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6gPKA6hjhodHRwOi8vY3JsLmQtdHJ1c3Qu -bmV0L2NybC9kLXRydXN0X2JyX3Jvb3RfY2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVj -dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwQlIlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxP -PUQtVHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjOPQQD -AwNpADBmAjEAlJAtE/rhY/hhY+ithXhUkZy4kzg+GkHaQBZTQgjKL47xPoFWwKrY7RjEsK70Pvom -AjEA8yjixtsrmfu3Ubgko6SUeho/5jbiA1czijDLgsfWFBHVdWNbFJWcHwHP2NVypw87 ------END CERTIFICATE----- - -D-TRUST EV Root CA 1 2020 -========================= ------BEGIN CERTIFICATE----- -MIIC2zCCAmCgAwIBAgIQXwJB13qHfEwDo6yWjfv/0DAKBggqhkjOPQQDAzBIMQswCQYDVQQGEwJE -RTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEVWIFJvb3QgQ0EgMSAy -MDIwMB4XDTIwMDIxMTEwMDAwMFoXDTM1MDIxMTA5NTk1OVowSDELMAkGA1UEBhMCREUxFTATBgNV -BAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBFViBSb290IENBIDEgMjAyMDB2MBAG -ByqGSM49AgEGBSuBBAAiA2IABPEL3YZDIBnfl4XoIkqbz52Yv7QFJsnL46bSj8WeeHsxiamJrSc8 -ZRCC/N/DnU7wMyPE0jL1HLDfMxddxfCxivnvubcUyilKwg+pf3VlSSowZ/Rk99Yad9rDwpdhQntJ -raOCAQ0wggEJMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFH8QARY3OqQo5FD4pPfsazK2/umL -MA4GA1UdDwEB/wQEAwIBBjCBxgYDVR0fBIG+MIG7MD6gPKA6hjhodHRwOi8vY3JsLmQtdHJ1c3Qu -bmV0L2NybC9kLXRydXN0X2V2X3Jvb3RfY2FfMV8yMDIwLmNybDB5oHegdYZzbGRhcDovL2RpcmVj -dG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwRVYlMjBSb290JTIwQ0ElMjAxJTIwMjAyMCxP -PUQtVHJ1c3QlMjBHbWJILEM9REU/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdDAKBggqhkjOPQQD -AwNpADBmAjEAyjzGKnXCXnViOTYAYFqLwZOZzNnbQTs7h5kXO9XMT8oi96CAy/m0sRtW9XLS/BnR -AjEAkfcwkz8QRitxpNA7RJvAKQIFskF3UfN5Wp6OFKBOQtJbgfM0agPnIjhQW+0ZT0MW ------END CERTIFICATE----- - -DigiCert TLS ECC P384 Root G5 -============================= ------BEGIN CERTIFICATE----- -MIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQswCQYDVQQGEwJV -UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURpZ2lDZXJ0IFRMUyBFQ0MgUDM4 -NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2MDExNDIzNTk1OVowTjELMAkGA1UEBhMCVVMx -FzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMSYwJAYDVQQDEx1EaWdpQ2VydCBUTFMgRUNDIFAzODQg -Um9vdCBHNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMFEoc8Rl1Ca3iOCNQfN0MsYndLxf3c1Tzvd -lHJS7cI7+Oz6e2tYIOyZrsn8aLN1udsJ7MgT9U7GCh1mMEy7H0cKPGEQQil8pQgO4CLp0zVozptj -n4S1mU1YoI71VOeVyaNCMEAwHQYDVR0OBBYEFMFRRVBZqz7nLFr6ICISB4CIfBFqMA4GA1UdDwEB -/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMQCJao1H5+z8blUD2Wds -Jk6Dxv3J+ysTvLd6jLRl0mlpYxNjOyZQLgGheQaRnUi/wr4CMEfDFXuxoJGZSZOoPHzoRgaLLPIx -AJSdYsiJvRmEFOml+wG4DXZDjC5Ty3zfDBeWUA== ------END CERTIFICATE----- - -DigiCert TLS RSA4096 Root G5 -============================ ------BEGIN CERTIFICATE----- -MIIFZjCCA06gAwIBAgIQCPm0eKj6ftpqMzeJ3nzPijANBgkqhkiG9w0BAQwFADBNMQswCQYDVQQG -EwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0 -MDk2IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcNNDYwMTE0MjM1OTU5WjBNMQswCQYDVQQGEwJV -UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0MDk2 -IFJvb3QgRzUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz0PTJeRGd/fxmgefM1eS8 -7IE+ajWOLrfn3q/5B03PMJ3qCQuZvWxX2hhKuHisOjmopkisLnLlvevxGs3npAOpPxG02C+JFvuU -AT27L/gTBaF4HI4o4EXgg/RZG5Wzrn4DReW+wkL+7vI8toUTmDKdFqgpwgscONyfMXdcvyej/Ces -tyu9dJsXLfKB2l2w4SMXPohKEiPQ6s+d3gMXsUJKoBZMpG2T6T867jp8nVid9E6P/DsjyG244gXa -zOvswzH016cpVIDPRFtMbzCe88zdH5RDnU1/cHAN1DrRN/BsnZvAFJNY781BOHW8EwOVfH/jXOnV -DdXifBBiqmvwPXbzP6PosMH976pXTayGpxi0KcEsDr9kvimM2AItzVwv8n/vFfQMFawKsPHTDU9q -TXeXAaDxZre3zu/O7Oyldcqs4+Fj97ihBMi8ez9dLRYiVu1ISf6nL3kwJZu6ay0/nTvEF+cdLvvy -z6b84xQslpghjLSR6Rlgg/IwKwZzUNWYOwbpx4oMYIwo+FKbbuH2TbsGJJvXKyY//SovcfXWJL5/ -MZ4PbeiPT02jP/816t9JXkGPhvnxd3lLG7SjXi/7RgLQZhNeXoVPzthwiHvOAbWWl9fNff2C+MIk -wcoBOU+NosEUQB+cZtUMCUbW8tDRSHZWOkPLtgoRObqME2wGtZ7P6wIDAQABo0IwQDAdBgNVHQ4E -FgQUUTMc7TZArxfTJc1paPKvTiM+s0EwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8w -DQYJKoZIhvcNAQEMBQADggIBAGCmr1tfV9qJ20tQqcQjNSH/0GEwhJG3PxDPJY7Jv0Y02cEhJhxw -GXIeo8mH/qlDZJY6yFMECrZBu8RHANmfGBg7sg7zNOok992vIGCukihfNudd5N7HPNtQOa27PShN -lnx2xlv0wdsUpasZYgcYQF+Xkdycx6u1UQ3maVNVzDl92sURVXLFO4uJ+DQtpBflF+aZfTCIITfN -MBc9uPK8qHWgQ9w+iUuQrm0D4ByjoJYJu32jtyoQREtGBzRj7TG5BO6jm5qu5jF49OokYTurWGT/ -u4cnYiWB39yhL/btp/96j1EuMPikAdKFOV8BmZZvWltwGUb+hmA+rYAQCd05JS9Yf7vSdPD3Rh9G -OUrYU9DzLjtxpdRv/PNn5AeP3SYZ4Y1b+qOTEZvpyDrDVWiakuFSdjjo4bq9+0/V77PnSIMx8IIh -47a+p6tv75/fTM8BuGJqIz3nCU2AG3swpMPdB380vqQmsvZB6Akd4yCYqjdP//fx4ilwMUc/dNAU -FvohigLVigmUdy7yWSiLfFCSCmZ4OIN1xLVaqBHG5cGdZlXPU8Sv13WFqUITVuwhd4GTWgzqltlJ -yqEI8pc7bZsEGCREjnwB8twl2F6GmrE52/WRMmrRpnCKovfepEWFJqgejF0pW8hL2JpqA15w8oVP -bEtoL8pU9ozaMv7Da4M/OMZ+ ------END CERTIFICATE----- - -Certainly Root R1 -================= ------BEGIN CERTIFICATE----- -MIIFRzCCAy+gAwIBAgIRAI4P+UuQcWhlM1T01EQ5t+AwDQYJKoZIhvcNAQELBQAwPTELMAkGA1UE -BhMCVVMxEjAQBgNVBAoTCUNlcnRhaW5seTEaMBgGA1UEAxMRQ2VydGFpbmx5IFJvb3QgUjEwHhcN -MjEwNDAxMDAwMDAwWhcNNDYwNDAxMDAwMDAwWjA9MQswCQYDVQQGEwJVUzESMBAGA1UEChMJQ2Vy -dGFpbmx5MRowGAYDVQQDExFDZXJ0YWlubHkgUm9vdCBSMTCCAiIwDQYJKoZIhvcNAQEBBQADggIP -ADCCAgoCggIBANA21B/q3avk0bbm+yLA3RMNansiExyXPGhjZjKcA7WNpIGD2ngwEc/csiu+kr+O -5MQTvqRoTNoCaBZ0vrLdBORrKt03H2As2/X3oXyVtwxwhi7xOu9S98zTm/mLvg7fMbedaFySpvXl -8wo0tf97ouSHocavFwDvA5HtqRxOcT3Si2yJ9HiG5mpJoM610rCrm/b01C7jcvk2xusVtyWMOvwl -DbMicyF0yEqWYZL1LwsYpfSt4u5BvQF5+paMjRcCMLT5r3gajLQ2EBAHBXDQ9DGQilHFhiZ5shGI -XsXwClTNSaa/ApzSRKft43jvRl5tcdF5cBxGX1HpyTfcX35pe0HfNEXgO4T0oYoKNp43zGJS4YkN -KPl6I7ENPT2a/Z2B7yyQwHtETrtJ4A5KVpK8y7XdeReJkd5hiXSSqOMyhb5OhaRLWcsrxXiOcVTQ -AjeZjOVJ6uBUcqQRBi8LjMFbvrWhsFNunLhgkR9Za/kt9JQKl7XsxXYDVBtlUrpMklZRNaBA2Cnb -rlJ2Oy0wQJuK0EJWtLeIAaSHO1OWzaMWj/Nmqhexx2DgwUMFDO6bW2BvBlyHWyf5QBGenDPBt+U1 -VwV/J84XIIwc/PH72jEpSe31C4SnT8H2TsIonPru4K8H+zMReiFPCyEQtkA6qyI6BJyLm4SGcprS -p6XEtHWRqSsjAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud -DgQWBBTgqj8ljZ9EXME66C6ud0yEPmcM9DANBgkqhkiG9w0BAQsFAAOCAgEAuVevuBLaV4OPaAsz -HQNTVfSVcOQrPbA56/qJYv331hgELyE03fFo8NWWWt7CgKPBjcZq91l3rhVkz1t5BXdm6ozTaw3d -8VkswTOlMIAVRQdFGjEitpIAq5lNOo93r6kiyi9jyhXWx8bwPWz8HA2YEGGeEaIi1wrykXprOQ4v -MMM2SZ/g6Q8CRFA3lFV96p/2O7qUpUzpvD5RtOjKkjZUbVwlKNrdrRT90+7iIgXr0PK3aBLXWopB -GsaSpVo7Y0VPv+E6dyIvXL9G+VoDhRNCX8reU9ditaY1BMJH/5n9hN9czulegChB8n3nHpDYT3Y+ -gjwN/KUD+nsa2UUeYNrEjvn8K8l7lcUq/6qJ34IxD3L/DCfXCh5WAFAeDJDBlrXYFIW7pw0WwfgH -JBu6haEaBQmAupVjyTrsJZ9/nbqkRxWbRHDxakvWOF5D8xh+UG7pWijmZeZ3Gzr9Hb4DJqPb1OG7 -fpYnKx3upPvaJVQTA945xsMfTZDsjxtK0hzthZU4UHlG1sGQUDGpXJpuHfUzVounmdLyyCwzk5Iw -x06MZTMQZBf9JBeW0Y3COmor6xOLRPIh80oat3df1+2IpHLlOR+Vnb5nwXARPbv0+Em34yaXOp/S -X3z7wJl8OSngex2/DaeP0ik0biQVy96QXr8axGbqwua6OV+KmalBWQewLK8= ------END CERTIFICATE----- - -Certainly Root E1 -================= ------BEGIN CERTIFICATE----- -MIIB9zCCAX2gAwIBAgIQBiUzsUcDMydc+Y2aub/M+DAKBggqhkjOPQQDAzA9MQswCQYDVQQGEwJV -UzESMBAGA1UEChMJQ2VydGFpbmx5MRowGAYDVQQDExFDZXJ0YWlubHkgUm9vdCBFMTAeFw0yMTA0 -MDEwMDAwMDBaFw00NjA0MDEwMDAwMDBaMD0xCzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlDZXJ0YWlu -bHkxGjAYBgNVBAMTEUNlcnRhaW5seSBSb290IEUxMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3m/4 -fxzf7flHh4axpMCK+IKXgOqPyEpeKn2IaKcBYhSRJHpcnqMXfYqGITQYUBsQ3tA3SybHGWCA6TS9 -YBk2QNYphwk8kXr2vBMj3VlOBF7PyAIcGFPBMdjaIOlEjeR2o0IwQDAOBgNVHQ8BAf8EBAMCAQYw -DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU8ygYy2R17ikq6+2uI1g4hevIIgcwCgYIKoZIzj0E -AwMDaAAwZQIxALGOWiDDshliTd6wT99u0nCK8Z9+aozmut6Dacpps6kFtZaSF4fC0urQe87YQVt8 -rgIwRt7qy12a7DLCZRawTDBcMPPaTnOGBtjOiQRINzf43TNRnXCve1XYAS59BWQOhriR ------END CERTIFICATE----- - -Security Communication ECC RootCA1 -================================== ------BEGIN CERTIFICATE----- -MIICODCCAb6gAwIBAgIJANZdm7N4gS7rMAoGCCqGSM49BAMDMGExCzAJBgNVBAYTAkpQMSUwIwYD -VQQKExxTRUNPTSBUcnVzdCBTeXN0ZW1zIENPLixMVEQuMSswKQYDVQQDEyJTZWN1cml0eSBDb21t -dW5pY2F0aW9uIEVDQyBSb290Q0ExMB4XDTE2MDYxNjA1MTUyOFoXDTM4MDExODA1MTUyOFowYTEL -MAkGA1UEBhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKzApBgNV -BAMTIlNlY3VyaXR5IENvbW11bmljYXRpb24gRUNDIFJvb3RDQTEwdjAQBgcqhkjOPQIBBgUrgQQA -IgNiAASkpW9gAwPDvTH00xecK4R1rOX9PVdu12O/5gSJko6BnOPpR27KkBLIE+CnnfdldB9sELLo -5OnvbYUymUSxXv3MdhDYW72ixvnWQuRXdtyQwjWpS4g8EkdtXP9JTxpKULGjQjBAMB0GA1UdDgQW -BBSGHOf+LaVKiwj+KBH6vqNm+GBZLzAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAK -BggqhkjOPQQDAwNoADBlAjAVXUI9/Lbu9zuxNuie9sRGKEkz0FhDKmMpzE2xtHqiuQ04pV1IKv3L -snNdo4gIxwwCMQDAqy0Obe0YottT6SXbVQjgUMzfRGEWgqtJsLKB7HOHeLRMsmIbEvoWTSVLY70e -N9k= ------END CERTIFICATE----- - -BJCA Global Root CA1 -==================== ------BEGIN CERTIFICATE----- -MIIFdDCCA1ygAwIBAgIQVW9l47TZkGobCdFsPsBsIDANBgkqhkiG9w0BAQsFADBUMQswCQYDVQQG -EwJDTjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJVFkxHTAbBgNVBAMMFEJK -Q0EgR2xvYmFsIFJvb3QgQ0ExMB4XDTE5MTIxOTAzMTYxN1oXDTQ0MTIxMjAzMTYxN1owVDELMAkG -A1UEBhMCQ04xJjAkBgNVBAoMHUJFSUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQD -DBRCSkNBIEdsb2JhbCBSb290IENBMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPFm -CL3ZxRVhy4QEQaVpN3cdwbB7+sN3SJATcmTRuHyQNZ0YeYjjlwE8R4HyDqKYDZ4/N+AZspDyRhyS -sTphzvq3Rp4Dhtczbu33RYx2N95ulpH3134rhxfVizXuhJFyV9xgw8O558dnJCNPYwpj9mZ9S1Wn -P3hkSWkSl+BMDdMJoDIwOvqfwPKcxRIqLhy1BDPapDgRat7GGPZHOiJBhyL8xIkoVNiMpTAK+BcW -yqw3/XmnkRd4OJmtWO2y3syJfQOcs4ll5+M7sSKGjwZteAf9kRJ/sGsciQ35uMt0WwfCyPQ10WRj -eulumijWML3mG90Vr4TqnMfK9Q7q8l0ph49pczm+LiRvRSGsxdRpJQaDrXpIhRMsDQa4bHlW/KNn -MoH1V6XKV0Jp6VwkYe/iMBhORJhVb3rCk9gZtt58R4oRTklH2yiUAguUSiz5EtBP6DF+bHq/pj+b -OT0CFqMYs2esWz8sgytnOYFcuX6U1WTdno9uruh8W7TXakdI136z1C2OVnZOz2nxbkRs1CTqjSSh -GL+9V/6pmTW12xB3uD1IutbB5/EjPtffhZ0nPNRAvQoMvfXnjSXWgXSHRtQpdaJCbPdzied9v3pK -H9MiyRVVz99vfFXQpIsHETdfg6YmV6YBW37+WGgHqel62bno/1Afq8K0wM7o6v0PvY1NuLxxAgMB -AAGjQjBAMB0GA1UdDgQWBBTF7+3M2I0hxkjk49cULqcWk+WYATAPBgNVHRMBAf8EBTADAQH/MA4G -A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEAUoKsITQfI/Ki2Pm4rzc2IInRNwPWaZ+4 -YRC6ojGYWUfo0Q0lHhVBDOAqVdVXUsv45Mdpox1NcQJeXyFFYEhcCY5JEMEE3KliawLwQ8hOnThJ -dMkycFRtwUf8jrQ2ntScvd0g1lPJGKm1Vrl2i5VnZu69mP6u775u+2D2/VnGKhs/I0qUJDAnyIm8 -60Qkmss9vk/Ves6OF8tiwdneHg56/0OGNFK8YT88X7vZdrRTvJez/opMEi4r89fO4aL/3Xtw+zuh -TaRjAv04l5U/BXCga99igUOLtFkNSoxUnMW7gZ/NfaXvCyUeOiDbHPwfmGcCCtRzRBPbUYQaVQNW -4AB+dAb/OMRyHdOoP2gxXdMJxy6MW2Pg6Nwe0uxhHvLe5e/2mXZgLR6UcnHGCyoyx5JO1UbXHfmp -GQrI+pXObSOYqgs4rZpWDW+N8TEAiMEXnM0ZNjX+VVOg4DwzX5Ze4jLp3zO7Bkqp2IRzznfSxqxx -4VyjHQy7Ct9f4qNx2No3WqB4K/TUfet27fJhcKVlmtOJNBir+3I+17Q9eVzYH6Eze9mCUAyTF6ps -3MKCuwJXNq+YJyo5UOGwifUll35HaBC07HPKs5fRJNz2YqAo07WjuGS3iGJCz51TzZm+ZGiPTx4S -SPfSKcOYKMryMguTjClPPGAyzQWWYezyr/6zcCwupvI= ------END CERTIFICATE----- - -BJCA Global Root CA2 -==================== ------BEGIN CERTIFICATE----- -MIICJTCCAaugAwIBAgIQLBcIfWQqwP6FGFkGz7RK6zAKBggqhkjOPQQDAzBUMQswCQYDVQQGEwJD -TjEmMCQGA1UECgwdQkVJSklORyBDRVJUSUZJQ0FURSBBVVRIT1JJVFkxHTAbBgNVBAMMFEJKQ0Eg -R2xvYmFsIFJvb3QgQ0EyMB4XDTE5MTIxOTAzMTgyMVoXDTQ0MTIxMjAzMTgyMVowVDELMAkGA1UE -BhMCQ04xJjAkBgNVBAoMHUJFSUpJTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZMR0wGwYDVQQDDBRC -SkNBIEdsb2JhbCBSb290IENBMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABJ3LgJGNU2e1uVCxA/jl -SR9BIgmwUVJY1is0j8USRhTFiy8shP8sbqjV8QnjAyEUxEM9fMEsxEtqSs3ph+B99iK++kpRuDCK -/eHeGBIK9ke35xe/J4rUQUyWPGCWwf0VHKNCMEAwHQYDVR0OBBYEFNJKsVF/BvDRgh9Obl+rg/xI -1LCRMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2gAMGUCMBq8 -W9f+qdJUDkpd0m2xQNz0Q9XSSpkZElaA94M04TVOSG0ED1cxMDAtsaqdAzjbBgIxAMvMh1PLet8g -UXOQwKhbYdDFUDn9hf7B43j4ptZLvZuHjw/l1lOWqzzIQNph91Oj9w== ------END CERTIFICATE----- - -Sectigo Public Server Authentication Root E46 -============================================= ------BEGIN CERTIFICATE----- -MIICOjCCAcGgAwIBAgIQQvLM2htpN0RfFf51KBC49DAKBggqhkjOPQQDAzBfMQswCQYDVQQGEwJH -QjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBTZXJ2 -ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwHhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1OTU5 -WjBfMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0 -aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUr -gQQAIgNiAAR2+pmpbiDt+dd34wc7qNs9Xzjoq1WmVk/WSOrsfy2qw7LFeeyZYX8QeccCWvkEN/U0 -NSt3zn8gj1KjAIns1aeibVvjS5KToID1AZTc8GgHHs3u/iVStSBDHBv+6xnOQ6OjQjBAMB0GA1Ud -DgQWBBTRItpMWfFLXyY4qp3W7usNw/upYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB -/zAKBggqhkjOPQQDAwNnADBkAjAn7qRaqCG76UeXlImldCBteU/IvZNeWBj7LRoAasm4PdCkT0RH -lAFWovgzJQxC36oCMB3q4S6ILuH5px0CMk7yn2xVdOOurvulGu7t0vzCAxHrRVxgED1cf5kDW21U -SAGKcw== ------END CERTIFICATE----- - -Sectigo Public Server Authentication Root R46 -============================================= ------BEGIN CERTIFICATE----- -MIIFijCCA3KgAwIBAgIQdY39i658BwD6qSWn4cetFDANBgkqhkiG9w0BAQwFADBfMQswCQYDVQQG -EwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1TZWN0aWdvIFB1YmxpYyBT -ZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwHhcNMjEwMzIyMDAwMDAwWhcNNDYwMzIxMjM1 -OTU5WjBfMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMTYwNAYDVQQDEy1T -ZWN0aWdvIFB1YmxpYyBTZXJ2ZXIgQXV0aGVudGljYXRpb24gUm9vdCBSNDYwggIiMA0GCSqGSIb3 -DQEBAQUAA4ICDwAwggIKAoICAQCTvtU2UnXYASOgHEdCSe5jtrch/cSV1UgrJnwUUxDaef0rty2k -1Cz66jLdScK5vQ9IPXtamFSvnl0xdE8H/FAh3aTPaE8bEmNtJZlMKpnzSDBh+oF8HqcIStw+Kxwf -GExxqjWMrfhu6DtK2eWUAtaJhBOqbchPM8xQljeSM9xfiOefVNlI8JhD1mb9nxc4Q8UBUQvX4yMP -FF1bFOdLvt30yNoDN9HWOaEhUTCDsG3XME6WW5HwcCSrv0WBZEMNvSE6Lzzpng3LILVCJ8zab5vu -ZDCQOc2TZYEhMbUjUDM3IuM47fgxMMxF/mL50V0yeUKH32rMVhlATc6qu/m1dkmU8Sf4kaWD5Qaz -Yw6A3OASVYCmO2a0OYctyPDQ0RTp5A1NDvZdV3LFOxxHVp3i1fuBYYzMTYCQNFu31xR13NgESJ/A -wSiItOkcyqex8Va3e0lMWeUgFaiEAin6OJRpmkkGj80feRQXEgyDet4fsZfu+Zd4KKTIRJLpfSYF -plhym3kT2BFfrsU4YjRosoYwjviQYZ4ybPUHNs2iTG7sijbt8uaZFURww3y8nDnAtOFr94MlI1fZ -EoDlSfB1D++N6xybVCi0ITz8fAr/73trdf+LHaAZBav6+CuBQug4urv7qv094PPK306Xlynt8xhW -6aWWrL3DkJiy4Pmi1KZHQ3xtzwIDAQABo0IwQDAdBgNVHQ4EFgQUVnNYZJX5khqwEioEYnmhQBWI -IUkwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAC9c -mTz8Bl6MlC5w6tIyMY208FHVvArzZJ8HXtXBc2hkeqK5Duj5XYUtqDdFqij0lgVQYKlJfp/imTYp -E0RHap1VIDzYm/EDMrraQKFz6oOht0SmDpkBm+S8f74TlH7Kph52gDY9hAaLMyZlbcp+nv4fjFg4 -exqDsQ+8FxG75gbMY/qB8oFM2gsQa6H61SilzwZAFv97fRheORKkU55+MkIQpiGRqRxOF3yEvJ+M -0ejf5lG5Nkc/kLnHvALcWxxPDkjBJYOcCj+esQMzEhonrPcibCTRAUH4WAP+JWgiH5paPHxsnnVI -84HxZmduTILA7rpXDhjvLpr3Etiga+kFpaHpaPi8TD8SHkXoUsCjvxInebnMMTzD9joiFgOgyY9m -pFuiTdaBJQbpdqQACj7LzTWb4OE4y2BThihCQRxEV+ioratF4yUQvNs+ZUH7G6aXD+u5dHn5Hrwd -Vw1Hr8Mvn4dGp+smWg9WY7ViYG4A++MnESLn/pmPNPW56MORcr3Ywx65LvKRRFHQV80MNNVIIb/b -E/FmJUNS0nAiNs2fxBx1IK1jcmMGDw4nztJqDby1ORrp0XZ60Vzk50lJLVU3aPAaOpg+VBeHVOmm -J1CJeyAvP/+/oYtKR5j/K3tJPsMpRmAYQqszKbrAKbkTidOIijlBO8n9pu0f9GBj39ItVQGL ------END CERTIFICATE----- - -SSL.com TLS RSA Root CA 2022 -============================ ------BEGIN CERTIFICATE----- -MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQG -EwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxTU0wuY29tIFRMUyBSU0Eg -Um9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloXDTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMC -VVMxGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJv -b3QgQ0EgMjAyMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u -9nTPL3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OYt6/wNr/y -7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0insS657Lb85/bRi3pZ7Qcac -oOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3PnxEX4MN8/HdIGkWCVDi1FW24IBydm5M -R7d1VVm0U3TZlMZBrViKMWYPHqIbKUBOL9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDG -D6C1vBdOSHtRwvzpXGk3R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEW -TO6Af77wdr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS+YCk -8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYSd66UNHsef8JmAOSq -g+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoGAtUjHBPW6dvbxrB6y3snm/vg1UYk -7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2fgTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1Ud -EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsu -N+7jhHonLs0ZNbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt -hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsMQtfhWsSWTVTN -j8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvfR4iyrT7gJ4eLSYwfqUdYe5by -iB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJDPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjU -o3KUQyxi4U5cMj29TH0ZR6LDSeeWP4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqo -ENjwuSfr98t67wVylrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7Egkaib -MOlqbLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2wAgDHbICi -vRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3qr5nsLFR+jM4uElZI7xc7 -P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sjiMho6/4UIyYOf8kpIEFR3N+2ivEC+5BB0 -9+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA= ------END CERTIFICATE----- - -SSL.com TLS ECC Root CA 2022 -============================ ------BEGIN CERTIFICATE----- -MIICOjCCAcCgAwIBAgIQFAP1q/s3ixdAW+JDsqXRxDAKBggqhkjOPQQDAzBOMQswCQYDVQQGEwJV -UzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQDDBxTU0wuY29tIFRMUyBFQ0MgUm9v -dCBDQSAyMDIyMB4XDTIyMDgyNTE2MzM0OFoXDTQ2MDgxOTE2MzM0N1owTjELMAkGA1UEBhMCVVMx -GDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgRUNDIFJvb3Qg -Q0EgMjAyMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABEUpNXP6wrgjzhR9qLFNoFs27iosU8NgCTWy -JGYmacCzldZdkkAZDsalE3D07xJRKF3nzL35PIXBz5SQySvOkkJYWWf9lCcQZIxPBLFNSeR7T5v1 -5wj4A4j3p8OSSxlUgaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSJjy+j6CugFFR7 -81a4Jl9nOAuc0DAdBgNVHQ4EFgQUiY8vo+groBRUe/NWuCZfZzgLnNAwDgYDVR0PAQH/BAQDAgGG -MAoGCCqGSM49BAMDA2gAMGUCMFXjIlbp15IkWE8elDIPDAI2wv2sdDJO4fscgIijzPvX6yv/N33w -7deedWo1dlJF4AIxAMeNb0Igj762TVntd00pxCAgRWSGOlDGxK0tk/UYfXLtqc/ErFc2KAhl3zx5 -Zn6g6g== ------END CERTIFICATE----- - -Atos TrustedRoot Root CA ECC TLS 2021 -===================================== ------BEGIN CERTIFICATE----- -MIICFTCCAZugAwIBAgIQPZg7pmY9kGP3fiZXOATvADAKBggqhkjOPQQDAzBMMS4wLAYDVQQDDCVB -dG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgRUNDIFRMUyAyMDIxMQ0wCwYDVQQKDARBdG9zMQswCQYD -VQQGEwJERTAeFw0yMTA0MjIwOTI2MjNaFw00MTA0MTcwOTI2MjJaMEwxLjAsBgNVBAMMJUF0b3Mg -VHJ1c3RlZFJvb3QgUm9vdCBDQSBFQ0MgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNVBAYT -AkRFMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEloZYKDcKZ9Cg3iQZGeHkBQcfl+3oZIK59sRxUM6K -DP/XtXa7oWyTbIOiaG6l2b4siJVBzV3dscqDY4PMwL502eCdpO5KTlbgmClBk1IQ1SQ4AjJn8ZQS -b+/Xxd4u/RmAo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR2KCXWfeBmmnoJsmo7jjPX -NtNPojAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMDaAAwZQIwW5kp85wxtolrbNa9d+F851F+ -uDrNozZffPc8dz7kUK2o59JZDCaOMDtuCCrCp1rIAjEAmeMM56PDr9NJLkaCI2ZdyQAUEv049OGY -a3cpetskz2VAv9LcjBHo9H1/IISpQuQo ------END CERTIFICATE----- - -Atos TrustedRoot Root CA RSA TLS 2021 -===================================== ------BEGIN CERTIFICATE----- -MIIFZDCCA0ygAwIBAgIQU9XP5hmTC/srBRLYwiqipDANBgkqhkiG9w0BAQwFADBMMS4wLAYDVQQD -DCVBdG9zIFRydXN0ZWRSb290IFJvb3QgQ0EgUlNBIFRMUyAyMDIxMQ0wCwYDVQQKDARBdG9zMQsw -CQYDVQQGEwJERTAeFw0yMTA0MjIwOTIxMTBaFw00MTA0MTcwOTIxMDlaMEwxLjAsBgNVBAMMJUF0 -b3MgVHJ1c3RlZFJvb3QgUm9vdCBDQSBSU0EgVExTIDIwMjExDTALBgNVBAoMBEF0b3MxCzAJBgNV -BAYTAkRFMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtoAOxHm9BYx9sKOdTSJNy/BB -l01Z4NH+VoyX8te9j2y3I49f1cTYQcvyAh5x5en2XssIKl4w8i1mx4QbZFc4nXUtVsYvYe+W/CBG -vevUez8/fEc4BKkbqlLfEzfTFRVOvV98r61jx3ncCHvVoOX3W3WsgFWZkmGbzSoXfduP9LVq6hdK -ZChmFSlsAvFr1bqjM9xaZ6cF4r9lthawEO3NUDPJcFDsGY6wx/J0W2tExn2WuZgIWWbeKQGb9Cpt -0xU6kGpn8bRrZtkh68rZYnxGEFzedUlnnkL5/nWpo63/dgpnQOPF943HhZpZnmKaau1Fh5hnstVK -PNe0OwANwI8f4UDErmwh3El+fsqyjW22v5MvoVw+j8rtgI5Y4dtXz4U2OLJxpAmMkokIiEjxQGMY -sluMWuPD0xeqqxmjLBvk1cbiZnrXghmmOxYsL3GHX0WelXOTwkKBIROW1527k2gV+p2kHYzygeBY -Br3JtuP2iV2J+axEoctr+hbxx1A9JNr3w+SH1VbxT5Aw+kUJWdo0zuATHAR8ANSbhqRAvNncTFd+ -rrcztl524WWLZt+NyteYr842mIycg5kDcPOvdO3GDjbnvezBc6eUWsuSZIKmAMFwoW4sKeFYV+xa -fJlrJaSQOoD0IJ2azsct+bJLKZWD6TWNp0lIpw9MGZHQ9b8Q4HECAwEAAaNCMEAwDwYDVR0TAQH/ -BAUwAwEB/zAdBgNVHQ4EFgQUdEmZ0f+0emhFdcN+tNzMzjkz2ggwDgYDVR0PAQH/BAQDAgGGMA0G -CSqGSIb3DQEBDAUAA4ICAQAjQ1MkYlxt/T7Cz1UAbMVWiLkO3TriJQ2VSpfKgInuKs1l+NsW4AmS -4BjHeJi78+xCUvuppILXTdiK/ORO/auQxDh1MoSf/7OwKwIzNsAQkG8dnK/haZPso0UvFJ/1TCpl -Q3IM98P4lYsU84UgYt1UU90s3BiVaU+DR3BAM1h3Egyi61IxHkzJqM7F78PRreBrAwA0JrRUITWX -AdxfG/F851X6LWh3e9NpzNMOa7pNdkTWwhWaJuywxfW70Xp0wmzNxbVe9kzmWy2B27O3Opee7c9G -slA9hGCZcbUztVdF5kJHdWoOsAgMrr3e97sPWD2PAzHoPYJQyi9eDF20l74gNAf0xBLh7tew2Vkt -afcxBPTy+av5EzH4AXcOPUIjJsyacmdRIXrMPIWo6iFqO9taPKU0nprALN+AnCng33eU0aKAQv9q -TFsR0PXNor6uzFFcw9VUewyu1rkGd4Di7wcaaMxZUa1+XGdrudviB0JbuAEFWDlN5LuYo7Ey7Nmj -1m+UI/87tyll5gfp77YZ6ufCOB0yiJA8EytuzO+rdwY0d4RPcuSBhPm5dDTedk+SKlOxJTnbPP/l -PqYO5Wue/9vsL3SD3460s6neFE3/MaNFcyT6lSnMEpcEoji2jbDwN/zIIX8/syQbPYtuzE2wFg2W -HYMfRsCbvUOZ58SWLs5fyQ== ------END CERTIFICATE----- - -TrustAsia Global Root CA G3 -=========================== ------BEGIN CERTIFICATE----- -MIIFpTCCA42gAwIBAgIUZPYOZXdhaqs7tOqFhLuxibhxkw8wDQYJKoZIhvcNAQEMBQAwWjELMAkG -A1UEBhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xJDAiBgNVBAMM -G1RydXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHMzAeFw0yMTA1MjAwMjEwMTlaFw00NjA1MTkwMjEw -MTlaMFoxCzAJBgNVBAYTAkNOMSUwIwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMu -MSQwIgYDVQQDDBtUcnVzdEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzMwggIiMA0GCSqGSIb3DQEBAQUA -A4ICDwAwggIKAoICAQDAMYJhkuSUGwoqZdC+BqmHO1ES6nBBruL7dOoKjbmzTNyPtxNST1QY4Sxz -lZHFZjtqz6xjbYdT8PfxObegQ2OwxANdV6nnRM7EoYNl9lA+sX4WuDqKAtCWHwDNBSHvBm3dIZwZ -Q0WhxeiAysKtQGIXBsaqvPPW5vxQfmZCHzyLpnl5hkA1nyDvP+uLRx+PjsXUjrYsyUQE49RDdT/V -P68czH5GX6zfZBCK70bwkPAPLfSIC7Epqq+FqklYqL9joDiR5rPmd2jE+SoZhLsO4fWvieylL1Ag -dB4SQXMeJNnKziyhWTXAyB1GJ2Faj/lN03J5Zh6fFZAhLf3ti1ZwA0pJPn9pMRJpxx5cynoTi+jm -9WAPzJMshH/x/Gr8m0ed262IPfN2dTPXS6TIi/n1Q1hPy8gDVI+lhXgEGvNz8teHHUGf59gXzhqc -D0r83ERoVGjiQTz+LISGNzzNPy+i2+f3VANfWdP3kXjHi3dqFuVJhZBFcnAvkV34PmVACxmZySYg -WmjBNb9Pp1Hx2BErW+Canig7CjoKH8GB5S7wprlppYiU5msTf9FkPz2ccEblooV7WIQn3MSAPmea -mseaMQ4w7OYXQJXZRe0Blqq/DPNL0WP3E1jAuPP6Z92bfW1K/zJMtSU7/xxnD4UiWQWRkUF3gdCF -TIcQcf+eQxuulXUtgQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFEDk5PIj -7zjKsK5Xf/IhMBY027ySMB0GA1UdDgQWBBRA5OTyI+84yrCuV3/yITAWNNu8kjAOBgNVHQ8BAf8E -BAMCAQYwDQYJKoZIhvcNAQEMBQADggIBACY7UeFNOPMyGLS0XuFlXsSUT9SnYaP4wM8zAQLpw6o1 -D/GUE3d3NZ4tVlFEbuHGLige/9rsR82XRBf34EzC4Xx8MnpmyFq2XFNFV1pF1AWZLy4jVe5jaN/T -G3inEpQGAHUNcoTpLrxaatXeL1nHo+zSh2bbt1S1JKv0Q3jbSwTEb93mPmY+KfJLaHEih6D4sTNj -duMNhXJEIlU/HHzp/LgV6FL6qj6jITk1dImmasI5+njPtqzn59ZW/yOSLlALqbUHM/Q4X6RJpstl -cHboCoWASzY9M/eVVHUl2qzEc4Jl6VL1XP04lQJqaTDFHApXB64ipCz5xUG3uOyfT0gA+QEEVcys -+TIxxHWVBqB/0Y0n3bOppHKH/lmLmnp0Ft0WpWIp6zqW3IunaFnT63eROfjXy9mPX1onAX1daBli -2MjN9LdyR75bl87yraKZk62Uy5P2EgmVtqvXO9A/EcswFi55gORngS1d7XB4tmBZrOFdRWOPyN9y -aFvqHbgB8X7754qz41SgOAngPN5C8sLtLpvzHzW2NtjjgKGLzZlkD8Kqq7HK9W+eQ42EVJmzbsAS -ZthwEPEGNTNDqJwuuhQxzhB/HIbjj9LV+Hfsm6vxL2PZQl/gZ4FkkfGXL/xuJvYz+NO1+MRiqzFR -JQJ6+N1rZdVtTTDIZbpoFGWsJwt0ivKH ------END CERTIFICATE----- - -TrustAsia Global Root CA G4 -=========================== ------BEGIN CERTIFICATE----- -MIICVTCCAdygAwIBAgIUTyNkuI6XY57GU4HBdk7LKnQV1tcwCgYIKoZIzj0EAwMwWjELMAkGA1UE -BhMCQ04xJTAjBgNVBAoMHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xJDAiBgNVBAMMG1Ry -dXN0QXNpYSBHbG9iYWwgUm9vdCBDQSBHNDAeFw0yMTA1MjAwMjEwMjJaFw00NjA1MTkwMjEwMjJa -MFoxCzAJBgNVBAYTAkNOMSUwIwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMSQw -IgYDVQQDDBtUcnVzdEFzaWEgR2xvYmFsIFJvb3QgQ0EgRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNi -AATxs8045CVD5d4ZCbuBeaIVXxVjAd7Cq92zphtnS4CDr5nLrBfbK5bKfFJV4hrhPVbwLxYI+hW8 -m7tH5j/uqOFMjPXTNvk4XatwmkcN4oFBButJ+bAp3TPsUKV/eSm4IJijYzBhMA8GA1UdEwEB/wQF -MAMBAf8wHwYDVR0jBBgwFoAUpbtKl86zK3+kMd6Xg1mDpm9xy94wHQYDVR0OBBYEFKW7SpfOsyt/ -pDHel4NZg6ZvccveMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjBe8usGzEkxn0AA -bbd+NvBNEU/zy4k6LHiRUKNbwMp1JvK/kF0LgoxgKJ/GcJpo5PECMFxYDlZ2z1jD1xCMuo6u47xk -dUfFVZDj/bpV6wfEU6s3qe4hsiFbYI89MvHVI5TWWA== ------END CERTIFICATE----- - -CommScope Public Trust ECC Root-01 -================================== ------BEGIN CERTIFICATE----- -MIICHTCCAaOgAwIBAgIUQ3CCd89NXTTxyq4yLzf39H91oJ4wCgYIKoZIzj0EAwMwTjELMAkGA1UE -BhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBUcnVz -dCBFQ0MgUm9vdC0wMTAeFw0yMTA0MjgxNzM1NDNaFw00NjA0MjgxNzM1NDJaME4xCzAJBgNVBAYT -AlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3Qg -RUNDIFJvb3QtMDEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARLNumuV16ocNfQj3Rid8NeeqrltqLx -eP0CflfdkXmcbLlSiFS8LwS+uM32ENEp7LXQoMPwiXAZu1FlxUOcw5tjnSCDPgYLpkJEhRGnSjot -6dZoL0hOUysHP029uax3OVejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G -A1UdDgQWBBSOB2LAUN3GGQYARnQE9/OufXVNMDAKBggqhkjOPQQDAwNoADBlAjEAnDPfQeMjqEI2 -Jpc1XHvr20v4qotzVRVcrHgpD7oh2MSg2NED3W3ROT3Ek2DS43KyAjB8xX6I01D1HiXo+k515liW -pDVfG2XqYZpwI7UNo5uSUm9poIyNStDuiw7LR47QjRE= ------END CERTIFICATE----- - -CommScope Public Trust ECC Root-02 -================================== ------BEGIN CERTIFICATE----- -MIICHDCCAaOgAwIBAgIUKP2ZYEFHpgE6yhR7H+/5aAiDXX0wCgYIKoZIzj0EAwMwTjELMAkGA1UE -BhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBUcnVz -dCBFQ0MgUm9vdC0wMjAeFw0yMTA0MjgxNzQ0NTRaFw00NjA0MjgxNzQ0NTNaME4xCzAJBgNVBAYT -AlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1c3Qg -RUNDIFJvb3QtMDIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAR4MIHoYx7l63FRD/cHB8o5mXxO1Q/M -MDALj2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmUv4RDsNuE -SgMjGWdqb8FuvAY5N9GIIvejQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G -A1UdDgQWBBTmGHX/72DehKT1RsfeSlXjMjZ59TAKBggqhkjOPQQDAwNnADBkAjAmc0l6tqvmSfR9 -Uj/UQQSugEODZXW5hYA4O9Zv5JOGq4/nich/m35rChJVYaoR4HkCMHfoMXGsPHED1oQmHhS48zs7 -3u1Z/GtMMH9ZzkXpc2AVmkzw5l4lIhVtwodZ0LKOag== ------END CERTIFICATE----- - -CommScope Public Trust RSA Root-01 -================================== ------BEGIN CERTIFICATE----- -MIIFbDCCA1SgAwIBAgIUPgNJgXUWdDGOTKvVxZAplsU5EN0wDQYJKoZIhvcNAQELBQAwTjELMAkG -A1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBU -cnVzdCBSU0EgUm9vdC0wMTAeFw0yMTA0MjgxNjQ1NTRaFw00NjA0MjgxNjQ1NTNaME4xCzAJBgNV -BAYTAlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1 -c3QgUlNBIFJvb3QtMDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwSGWjDR1C45Ft -nYSkYZYSwu3D2iM0GXb26v1VWvZVAVMP8syMl0+5UMuzAURWlv2bKOx7dAvnQmtVzslhsuitQDy6 -uUEKBU8bJoWPQ7VAtYXR1HHcg0Hz9kXHgKKEUJdGzqAMxGBWBB0HW0alDrJLpA6lfO741GIDuZNq -ihS4cPgugkY4Iw50x2tBt9Apo52AsH53k2NC+zSDO3OjWiE260f6GBfZumbCk6SP/F2krfxQapWs -vCQz0b2If4b19bJzKo98rwjyGpg/qYFlP8GMicWWMJoKz/TUyDTtnS+8jTiGU+6Xn6myY5QXjQ/c -Zip8UlF1y5mO6D1cv547KI2DAg+pn3LiLCuz3GaXAEDQpFSOm117RTYm1nJD68/A6g3czhLmfTif -BSeolz7pUcZsBSjBAg/pGG3svZwG1KdJ9FQFa2ww8esD1eo9anbCyxooSU1/ZOD6K9pzg4H/kQO9 -lLvkuI6cMmPNn7togbGEW682v3fuHX/3SZtS7NJ3Wn2RnU3COS3kuoL4b/JOHg9O5j9ZpSPcPYeo -KFgo0fEbNttPxP/hjFtyjMcmAyejOQoBqsCyMWCDIqFPEgkBEa801M/XrmLTBQe0MXXgDW1XT2mH -+VepuhX2yFJtocucH+X8eKg1mp9BFM6ltM6UCBwJrVbl2rZJmkrqYxhTnCwuwwIDAQABo0IwQDAP -BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUN12mmnQywsL5x6YVEFm4 -5P3luG0wDQYJKoZIhvcNAQELBQADggIBAK+nz97/4L1CjU3lIpbfaOp9TSp90K09FlxD533Ahuh6 -NWPxzIHIxgvoLlI1pKZJkGNRrDSsBTtXAOnTYtPZKdVUvhwQkZyybf5Z/Xn36lbQnmhUQo8mUuJM -3y+Xpi/SB5io82BdS5pYV4jvguX6r2yBS5KPQJqTRlnLX3gWsWc+QgvfKNmwrZggvkN80V4aCRck -jXtdlemrwWCrWxhkgPut4AZ9HcpZuPN4KWfGVh2vtrV0KnahP/t1MJ+UXjulYPPLXAziDslg+Mkf -Foom3ecnf+slpoq9uC02EJqxWE2aaE9gVOX2RhOOiKy8IUISrcZKiX2bwdgt6ZYD9KJ0DLwAHb/W -NyVntHKLr4W96ioDj8z7PEQkguIBpQtZtjSNMgsSDesnwv1B10A8ckYpwIzqug/xBpMu95yo9GA+ -o/E4Xo4TwbM6l4c/ksp4qRyv0LAbJh6+cOx69TOY6lz/KwsETkPdY34Op054A5U+1C0wlREQKC6/ -oAI+/15Z0wUOlV9TRe9rh9VIzRamloPh37MG88EU26fsHItdkJANclHnYfkUyq+Dj7+vsQpZXdxc -1+SWrVtgHdqul7I52Qb1dgAT+GhMIbA1xNxVssnBQVocicCMb3SgazNNtQEo/a2tiRc7ppqEvOuM -6sRxJKi6KfkIsidWNTJf6jn7MZrVGczw ------END CERTIFICATE----- - -CommScope Public Trust RSA Root-02 -================================== ------BEGIN CERTIFICATE----- -MIIFbDCCA1SgAwIBAgIUVBa/O345lXGN0aoApYYNK496BU4wDQYJKoZIhvcNAQELBQAwTjELMAkG -A1UEBhMCVVMxEjAQBgNVBAoMCUNvbW1TY29wZTErMCkGA1UEAwwiQ29tbVNjb3BlIFB1YmxpYyBU -cnVzdCBSU0EgUm9vdC0wMjAeFw0yMTA0MjgxNzE2NDNaFw00NjA0MjgxNzE2NDJaME4xCzAJBgNV -BAYTAlVTMRIwEAYDVQQKDAlDb21tU2NvcGUxKzApBgNVBAMMIkNvbW1TY29wZSBQdWJsaWMgVHJ1 -c3QgUlNBIFJvb3QtMDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDh+g77aAASyE3V -rCLENQE7xVTlWXZjpX/rwcRqmL0yjReA61260WI9JSMZNRTpf4mnG2I81lDnNJUDMrG0kyI9p+Kx -7eZ7Ti6Hmw0zdQreqjXnfuU2mKKuJZ6VszKWpCtYHu8//mI0SFHRtI1CrWDaSWqVcN3SAOLMV2MC -e5bdSZdbkk6V0/nLKR8YSvgBKtJjCW4k6YnS5cciTNxzhkcAqg2Ijq6FfUrpuzNPDlJwnZXjfG2W -Wy09X6GDRl224yW4fKcZgBzqZUPckXk2LHR88mcGyYnJ27/aaL8j7dxrrSiDeS/sOKUNNwFnJ5rp -M9kzXzehxfCrPfp4sOcsn/Y+n2Dg70jpkEUeBVF4GiwSLFworA2iI540jwXmojPOEXcT1A6kHkIf -hs1w/tkuFT0du7jyU1fbzMZ0KZwYszZ1OC4PVKH4kh+Jlk+71O6d6Ts2QrUKOyrUZHk2EOH5kQMr -eyBUzQ0ZGshBMjTRsJnhkB4BQDa1t/qp5Xd1pCKBXbCL5CcSD1SIxtuFdOa3wNemKfrb3vOTlycE -VS8KbzfFPROvCgCpLIscgSjX74Yxqa7ybrjKaixUR9gqiC6vwQcQeKwRoi9C8DfF8rhW3Q5iLc4t -Vn5V8qdE9isy9COoR+jUKgF4z2rDN6ieZdIs5fq6M8EGRPbmz6UNp2YINIos8wIDAQABo0IwQDAP -BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUR9DnsSL/nSz12Vdgs7Gx -cJXvYXowDQYJKoZIhvcNAQELBQADggIBAIZpsU0v6Z9PIpNojuQhmaPORVMbc0RTAIFhzTHjCLqB -KCh6krm2qMhDnscTJk3C2OVVnJJdUNjCK9v+5qiXz1I6JMNlZFxHMaNlNRPDk7n3+VGXu6TwYofF -1gbTl4MgqX67tiHCpQ2EAOHyJxCDut0DgdXdaMNmEMjRdrSzbymeAPnCKfWxkxlSaRosTKCL4BWa -MS/TiJVZbuXEs1DIFAhKm4sTg7GkcrI7djNB3NyqpgdvHSQSn8h2vS/ZjvQs7rfSOBAkNlEv41xd -gSGn2rtO/+YHqP65DSdsu3BaVXoT6fEqSWnHX4dXTEN5bTpl6TBcQe7rd6VzEojov32u5cSoHw2O -HG1QAk8mGEPej1WFsQs3BWDJVTkSBKEqz3EWnzZRSb9wO55nnPt7eck5HHisd5FUmrh1CoFSl+Nm -YWvtPjgelmFV4ZFUjO2MJB+ByRCac5krFk5yAD9UG/iNuovnFNa2RU9g7Jauwy8CTl2dlklyALKr -dVwPaFsdZcJfMw8eD/A7hvWwTruc9+olBdytoptLFwG+Qt81IR2tq670v64fG9PiO/yzcnMcmyiQ -iRM9HcEARwmWmjgb3bHPDcK0RPOWlc4yOo80nOAXx17Org3bhzjlP1v9mxnhMUF6cKojawHhRUzN -lM47ni3niAIi9G7oyOzWPPO5std3eqx7 ------END CERTIFICATE----- - -Telekom Security TLS ECC Root 2020 -================================== ------BEGIN CERTIFICATE----- -MIICQjCCAcmgAwIBAgIQNjqWjMlcsljN0AFdxeVXADAKBggqhkjOPQQDAzBjMQswCQYDVQQGEwJE -RTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBHbWJIMSswKQYDVQQDDCJUZWxl -a29tIFNlY3VyaXR5IFRMUyBFQ0MgUm9vdCAyMDIwMB4XDTIwMDgyNTA3NDgyMFoXDTQ1MDgyNTIz -NTk1OVowYzELMAkGA1UEBhMCREUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJpdHkg -R21iSDErMCkGA1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgRUNDIFJvb3QgMjAyMDB2MBAGByqG -SM49AgEGBSuBBAAiA2IABM6//leov9Wq9xCazbzREaK9Z0LMkOsVGJDZos0MKiXrPk/OtdKPD/M1 -2kOLAoC+b1EkHQ9rK8qfwm9QMuU3ILYg/4gND21Ju9sGpIeQkpT0CdDPf8iAC8GXs7s1J8nCG6NC -MEAwHQYDVR0OBBYEFONyzG6VmUex5rNhTNHLq+O6zd6fMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P -AQH/BAQDAgEGMAoGCCqGSM49BAMDA2cAMGQCMHVSi7ekEE+uShCLsoRbQuHmKjYC2qBuGT8lv9pZ -Mo7k+5Dck2TOrbRBR2Diz6fLHgIwN0GMZt9Ba9aDAEH9L1r3ULRn0SyocddDypwnJJGDSA3PzfdU -ga/sf+Rn27iQ7t0l ------END CERTIFICATE----- - -Telekom Security TLS RSA Root 2023 -================================== ------BEGIN CERTIFICATE----- -MIIFszCCA5ugAwIBAgIQIZxULej27HF3+k7ow3BXlzANBgkqhkiG9w0BAQwFADBjMQswCQYDVQQG -EwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0eSBHbWJIMSswKQYDVQQDDCJU -ZWxla29tIFNlY3VyaXR5IFRMUyBSU0EgUm9vdCAyMDIzMB4XDTIzMDMyODEyMTY0NVoXDTQ4MDMy -NzIzNTk1OVowYzELMAkGA1UEBhMCREUxJzAlBgNVBAoMHkRldXRzY2hlIFRlbGVrb20gU2VjdXJp -dHkgR21iSDErMCkGA1UEAwwiVGVsZWtvbSBTZWN1cml0eSBUTFMgUlNBIFJvb3QgMjAyMzCCAiIw -DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAO01oYGA88tKaVvC+1GDrib94W7zgRJ9cUD/h3VC -KSHtgVIs3xLBGYSJwb3FKNXVS2xE1kzbB5ZKVXrKNoIENqil/Cf2SfHVcp6R+SPWcHu79ZvB7JPP -GeplfohwoHP89v+1VmLhc2o0mD6CuKyVU/QBoCcHcqMAU6DksquDOFczJZSfvkgdmOGjup5czQRx -UX11eKvzWarE4GC+j4NSuHUaQTXtvPM6Y+mpFEXX5lLRbtLevOP1Czvm4MS9Q2QTps70mDdsipWo -l8hHD/BeEIvnHRz+sTugBTNoBUGCwQMrAcjnj02r6LX2zWtEtefdi+zqJbQAIldNsLGyMcEWzv/9 -FIS3R/qy8XDe24tsNlikfLMR0cN3f1+2JeANxdKz+bi4d9s3cXFH42AYTyS2dTd4uaNir73Jco4v -zLuu2+QVUhkHM/tqty1LkCiCc/4YizWN26cEar7qwU02OxY2kTLvtkCJkUPg8qKrBC7m8kwOFjQg -rIfBLX7JZkcXFBGk8/ehJImr2BrIoVyxo/eMbcgByU/J7MT8rFEz0ciD0cmfHdRHNCk+y7AO+oML -KFjlKdw/fKifybYKu6boRhYPluV75Gp6SG12mAWl3G0eQh5C2hrgUve1g8Aae3g1LDj1H/1Joy7S -WWO/gLCMk3PLNaaZlSJhZQNg+y+TS/qanIA7AgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAdBgNV -HQ4EFgQUtqeXgj10hZv3PJ+TmpV5dVKMbUcwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS2 -p5eCPXSFm/c8n5OalXl1UoxtRzANBgkqhkiG9w0BAQwFAAOCAgEAqMxhpr51nhVQpGv7qHBFfLp+ -sVr8WyP6Cnf4mHGCDG3gXkaqk/QeoMPhk9tLrbKmXauw1GLLXrtm9S3ul0A8Yute1hTWjOKWi0Fp -kzXmuZlrYrShF2Y0pmtjxrlO8iLpWA1WQdH6DErwM807u20hOq6OcrXDSvvpfeWxm4bu4uB9tPcy -/SKE8YXJN3nptT+/XOR0so8RYgDdGGah2XsjX/GO1WfoVNpbOms2b/mBsTNHM3dA+VKq3dSDz4V4 -mZqTuXNnQkYRIer+CqkbGmVps4+uFrb2S1ayLfmlyOw7YqPta9BO1UAJpB+Y1zqlklkg5LB9zVtz -aL1txKITDmcZuI1CfmwMmm6gJC3VRRvcxAIU/oVbZZfKTpBQCHpCNfnqwmbU+AGuHrS+w6jv/naa -oqYfRvaE7fzbzsQCzndILIyy7MMAo+wsVRjBfhnu4S/yrYObnqsZ38aKL4x35bcF7DvB7L6Gs4a8 -wPfc5+pbrrLMtTWGS9DiP7bY+A4A7l3j941Y/8+LN+ljX273CXE2whJdV/LItM3z7gLfEdxquVeE -HVlNjM7IDiPCtyaaEBRx/pOyiriA8A4QntOoUAw3gi/q4Iqd4Sw5/7W0cwDk90imc6y/st53BIe0 -o82bNSQ3+pCTE4FCxpgmdTdmQRCsu/WU48IxK63nI1bMNSWSs1A= ------END CERTIFICATE----- - -FIRMAPROFESIONAL CA ROOT-A WEB -============================== ------BEGIN CERTIFICATE----- -MIICejCCAgCgAwIBAgIQMZch7a+JQn81QYehZ1ZMbTAKBggqhkjOPQQDAzBuMQswCQYDVQQGEwJF -UzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25hbCBTQTEYMBYGA1UEYQwPVkFURVMtQTYyNjM0MDY4 -MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFMIENBIFJPT1QtQSBXRUIwHhcNMjIwNDA2MDkwMTM2 -WhcNNDcwMzMxMDkwMTM2WjBuMQswCQYDVQQGEwJFUzEcMBoGA1UECgwTRmlybWFwcm9mZXNpb25h -bCBTQTEYMBYGA1UEYQwPVkFURVMtQTYyNjM0MDY4MScwJQYDVQQDDB5GSVJNQVBST0ZFU0lPTkFM -IENBIFJPT1QtQSBXRUIwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARHU+osEaR3xyrq89Zfe9MEkVz6 -iMYiuYMQYneEMy3pA4jU4DP37XcsSmDq5G+tbbT4TIqk5B/K6k84Si6CcyvHZpsKjECcfIr28jlg -st7L7Ljkb+qbXbdTkBgyVcUgt5SjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUk+FD -Y1w8ndYn81LsF7Kpryz3dvgwHQYDVR0OBBYEFJPhQ2NcPJ3WJ/NS7Beyqa8s93b4MA4GA1UdDwEB -/wQEAwIBBjAKBggqhkjOPQQDAwNoADBlAjAdfKR7w4l1M+E7qUW/Runpod3JIha3RxEL2Jq68cgL -cFBTApFwhVmpHqTm6iMxoAACMQD94vizrxa5HnPEluPBMBnYfubDl94cT7iJLzPrSA8Z94dGXSaQ -pYXFuXqUPoeovQA= ------END CERTIFICATE----- - -TWCA CYBER Root CA -================== ------BEGIN CERTIFICATE----- -MIIFjTCCA3WgAwIBAgIQQAE0jMIAAAAAAAAAATzyxjANBgkqhkiG9w0BAQwFADBQMQswCQYDVQQG -EwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJUV0NB -IENZQkVSIFJvb3QgQ0EwHhcNMjIxMTIyMDY1NDI5WhcNNDcxMTIyMTU1OTU5WjBQMQswCQYDVQQG -EwJUVzESMBAGA1UEChMJVEFJV0FOLUNBMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJUV0NB -IENZQkVSIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDG+Moe2Qkgfh1s -Ts6P40czRJzHyWmqOlt47nDSkvgEs1JSHWdyKKHfi12VCv7qze33Kc7wb3+szT3vsxxFavcokPFh -V8UMxKNQXd7UtcsZyoC5dc4pztKFIuwCY8xEMCDa6pFbVuYdHNWdZsc/34bKS1PE2Y2yHer43CdT -o0fhYcx9tbD47nORxc5zb87uEB8aBs/pJ2DFTxnk684iJkXXYJndzk834H/nY62wuFm40AZoNWDT -Nq5xQwTxaWV4fPMf88oon1oglWa0zbfuj3ikRRjpJi+NmykosaS3Om251Bw4ckVYsV7r8Cibt4LK -/c/WMw+f+5eesRycnupfXtuq3VTpMCEobY5583WSjCb+3MX2w7DfRFlDo7YDKPYIMKoNM+HvnKkH -IuNZW0CP2oi3aQiotyMuRAlZN1vH4xfyIutuOVLF3lSnmMlLIJXcRolftBL5hSmO68gnFSDAS9TM -fAxsNAwmmyYxpjyn9tnQS6Jk/zuZQXLB4HCX8SS7K8R0IrGsayIyJNN4KsDAoS/xUgXJP+92ZuJF -2A09rZXIx4kmyA+upwMu+8Ff+iDhcK2wZSA3M2Cw1a/XDBzCkHDXShi8fgGwsOsVHkQGzaRP6AzR -wyAQ4VRlnrZR0Bp2a0JaWHY06rc3Ga4udfmW5cFZ95RXKSWNOkyrTZpB0F8mAwIDAQABo2MwYTAO -BgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSdhWEUfMFib5do5E83 -QOGt4A1WNzAdBgNVHQ4EFgQUnYVhFHzBYm+XaORPN0DhreANVjcwDQYJKoZIhvcNAQEMBQADggIB -AGSPesRiDrWIzLjHhg6hShbNcAu3p4ULs3a2D6f/CIsLJc+o1IN1KriWiLb73y0ttGlTITVX1olN -c79pj3CjYcya2x6a4CD4bLubIp1dhDGaLIrdaqHXKGnK/nZVekZn68xDiBaiA9a5F/gZbG0jAn/x -X9AKKSM70aoK7akXJlQKTcKlTfjF/biBzysseKNnTKkHmvPfXvt89YnNdJdhEGoHK4Fa0o635yDR -IG4kqIQnoVesqlVYL9zZyvpoBJ7tRCT5dEA7IzOrg1oYJkK2bVS1FmAwbLGg+LhBoF1JSdJlBTrq -/p1hvIbZv97Tujqxf36SNI7JAG7cmL3c7IAFrQI932XtCwP39xaEBDG6k5TY8hL4iuO/Qq+n1M0R -FxbIQh0UqEL20kCGoE8jypZFVmAGzbdVAaYBlGX+bgUJurSkquLvWL69J1bY73NxW0Qz8ppy6rBe -Pm6pUlvscG21h483XjyMnM7k8M4MZ0HMzvaAq07MTFb1wWFZk7Q+ptq4NxKfKjLji7gh7MMrZQzv -It6IKTtM1/r+t+FHvpw+PoP7UV31aPcuIYXcv/Fa4nzXxeSDwWrruoBa3lwtcHb4yOWHh8qgnaHl -IhInD0Q9HWzq1MKLL295q39QpsQZp6F6t5b5wR9iWqJDB0BeJsas7a5wFsWqynKKTbDPAYsDP27X ------END CERTIFICATE----- - -SecureSign Root CA12 -==================== ------BEGIN CERTIFICATE----- -MIIDcjCCAlqgAwIBAgIUZvnHwa/swlG07VOX5uaCwysckBYwDQYJKoZIhvcNAQELBQAwUTELMAkG -A1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28uLCBMdGQuMR0wGwYDVQQDExRT -ZWN1cmVTaWduIFJvb3QgQ0ExMjAeFw0yMDA0MDgwNTM2NDZaFw00MDA0MDgwNTM2NDZaMFExCzAJ -BgNVBAYTAkpQMSMwIQYDVQQKExpDeWJlcnRydXN0IEphcGFuIENvLiwgTHRkLjEdMBsGA1UEAxMU -U2VjdXJlU2lnbiBSb290IENBMTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6OcE3 -emhFKxS06+QT61d1I02PJC0W6K6OyX2kVzsqdiUzg2zqMoqUm048luT9Ub+ZyZN+v/mtp7JIKwcc -J/VMvHASd6SFVLX9kHrko+RRWAPNEHl57muTH2SOa2SroxPjcf59q5zdJ1M3s6oYwlkm7Fsf0uZl -fO+TvdhYXAvA42VvPMfKWeP+bl+sg779XSVOKik71gurFzJ4pOE+lEa+Ym6b3kaosRbnhW70CEBF -EaCeVESE99g2zvVQR9wsMJvuwPWW0v4JhscGWa5Pro4RmHvzC1KqYiaqId+OJTN5lxZJjfU+1Uef -NzFJM3IFTQy2VYzxV4+Kh9GtxRESOaCtAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P -AQH/BAQDAgEGMB0GA1UdDgQWBBRXNPN0zwRL1SXm8UC2LEzZLemgrTANBgkqhkiG9w0BAQsFAAOC -AQEAPrvbFxbS8hQBICw4g0utvsqFepq2m2um4fylOqyttCg6r9cBg0krY6LdmmQOmFxv3Y67ilQi -LUoT865AQ9tPkbeGGuwAtEGBpE/6aouIs3YIcipJQMPTw4WJmBClnW8Zt7vPemVV2zfrPIpyMpce -mik+rY3moxtt9XUa5rBouVui7mlHJzWhhpmA8zNL4WukJsPvdFlseqJkth5Ew1DgDzk9qTPxpfPS -vWKErI4cqc1avTc7bgoitPQV55FYxTpE05Uo2cBl6XLK0A+9H7MV2anjpEcJnuDLN/v9vZfVvhga -aaI5gdka9at/yOPiZwud9AzqVN/Ssq+xIvEg37xEHA== ------END CERTIFICATE----- - -SecureSign Root CA14 -==================== ------BEGIN CERTIFICATE----- -MIIFcjCCA1qgAwIBAgIUZNtaDCBO6Ncpd8hQJ6JaJ90t8sswDQYJKoZIhvcNAQEMBQAwUTELMAkG -A1UEBhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28uLCBMdGQuMR0wGwYDVQQDExRT -ZWN1cmVTaWduIFJvb3QgQ0ExNDAeFw0yMDA0MDgwNzA2MTlaFw00NTA0MDgwNzA2MTlaMFExCzAJ -BgNVBAYTAkpQMSMwIQYDVQQKExpDeWJlcnRydXN0IEphcGFuIENvLiwgTHRkLjEdMBsGA1UEAxMU -U2VjdXJlU2lnbiBSb290IENBMTQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDF0nqh -1oq/FjHQmNE6lPxauG4iwWL3pwon71D2LrGeaBLwbCRjOfHw3xDG3rdSINVSW0KZnvOgvlIfX8xn -bacuUKLBl422+JX1sLrcneC+y9/3OPJH9aaakpUqYllQC6KxNedlsmGy6pJxaeQp8E+BgQQ8sqVb -1MWoWWd7VRxJq3qdwudzTe/NCcLEVxLbAQ4jeQkHO6Lo/IrPj8BGJJw4J+CDnRugv3gVEOuGTgpa -/d/aLIJ+7sr2KeH6caH3iGicnPCNvg9JkdjqOvn90Ghx2+m1K06Ckm9mH+Dw3EzsytHqunQG+bOE -kJTRX45zGRBdAuVwpcAQ0BB8b8VYSbSwbprafZX1zNoCr7gsfXmPvkPx+SgojQlD+Ajda8iLLCSx -jVIHvXiby8posqTdDEx5YMaZ0ZPxMBoH064iwurO8YQJzOAUbn8/ftKChazcqRZOhaBgy/ac18iz -ju3Gm5h1DVXoX+WViwKkrkMpKBGk5hIwAUt1ax5mnXkvpXYvHUC0bcl9eQjs0Wq2XSqypWa9a4X0 -dFbD9ed1Uigspf9mR6XU/v6eVL9lfgHWMI+lNpyiUBzuOIABSMbHdPTGrMNASRZhdCyvjG817XsY -AFs2PJxQDcqSMxDxJklt33UkN4Ii1+iW/RVLApY+B3KVfqs9TC7XyvDf4Fg/LS8EmjijAQIDAQAB -o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUBpOjCl4oaTeq -YR3r6/wtbyPk86AwDQYJKoZIhvcNAQEMBQADggIBAJaAcgkGfpzMkwQWu6A6jZJOtxEaCnFxEM0E -rX+lRVAQZk5KQaID2RFPeje5S+LGjzJmdSX7684/AykmjbgWHfYfM25I5uj4V7Ibed87hwriZLoA -ymzvftAj63iP/2SbNDefNWWipAA9EiOWWF3KY4fGoweITedpdopTzfFP7ELyk+OZpDc8h7hi2/Ds -Hzc/N19DzFGdtfCXwreFamgLRB7lUe6TzktuhsHSDCRZNhqfLJGP4xjblJUK7ZGqDpncllPjYYPG -FrojutzdfhrGe0K22VoF3Jpf1d+42kd92jjbrDnVHmtsKheMYc2xbXIBw8MgAGJoFjHVdqqGuw6q -nsb58Nn4DSEC5MUoFlkRudlpcyqSeLiSV5sI8jrlL5WwWLdrIBRtFO8KvH7YVdiI2i/6GaX7i+B/ -OfVyK4XELKzvGUWSTLNhB9xNH27SgRNcmvMSZ4PPmz+Ln52kuaiWA3rF7iDeM9ovnhp6dB7h7sxa -OgTdsxoEqBRjrLdHEoOabPXm6RUVkRqEGQ6UROcSjiVbgGcZ3GOTEAtlLor6CZpO2oYofaphNdgO -pygau1LgePhsumywbrmHXumZNTfxPWQrqaA0k89jL9WB365jJ6UeTo3cKXhZ+PmhIIynJkBugnLN -eLLIjzwec+fBH7/PzqUqm9tEZDKgu39cJRNItX+S ------END CERTIFICATE----- - -SecureSign Root CA15 -==================== ------BEGIN CERTIFICATE----- -MIICIzCCAamgAwIBAgIUFhXHw9hJp75pDIqI7fBw+d23PocwCgYIKoZIzj0EAwMwUTELMAkGA1UE -BhMCSlAxIzAhBgNVBAoTGkN5YmVydHJ1c3QgSmFwYW4gQ28uLCBMdGQuMR0wGwYDVQQDExRTZWN1 -cmVTaWduIFJvb3QgQ0ExNTAeFw0yMDA0MDgwODMyNTZaFw00NTA0MDgwODMyNTZaMFExCzAJBgNV -BAYTAkpQMSMwIQYDVQQKExpDeWJlcnRydXN0IEphcGFuIENvLiwgTHRkLjEdMBsGA1UEAxMUU2Vj -dXJlU2lnbiBSb290IENBMTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQLUHSNZDKZmbPSYAi4Io5G -dCx4wCtELW1fHcmuS1Iggz24FG1Th2CeX2yF2wYUleDHKP+dX+Sq8bOLbe1PL0vJSpSRZHX+AezB -2Ot6lHhWGENfa4HL9rzatAy2KZMIaY+jQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD -AgEGMB0GA1UdDgQWBBTrQciu/NWeUUj1vYv0hyCTQSvT9DAKBggqhkjOPQQDAwNoADBlAjEA2S6J -fl5OpBEHvVnCB96rMjhTKkZEBhd6zlHp4P9mLQlO4E/0BdGF9jVg3PVys0Z9AjBEmEYagoUeYWmJ -SwdLZrWeqrqgHkHZAXQ6bkU6iYAZezKYVWOr62Nuk22rGwlgMU4= ------END CERTIFICATE----- - -D-TRUST BR Root CA 2 2023 -========================= ------BEGIN CERTIFICATE----- -MIIFqTCCA5GgAwIBAgIQczswBEhb2U14LnNLyaHcZjANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQG -EwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEJSIFJvb3QgQ0Eg -MiAyMDIzMB4XDTIzMDUwOTA4NTYzMVoXDTM4MDUwOTA4NTYzMFowSDELMAkGA1UEBhMCREUxFTAT -BgNVBAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBCUiBSb290IENBIDIgMjAyMzCC -AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK7/CVmRgApKaOYkP7in5Mg6CjoWzckjYaCT -cfKri3OPoGdlYNJUa2NRb0kz4HIHE304zQaSBylSa053bATTlfrdTIzZXcFhfUvnKLNEgXtRr90z -sWh81k5M/itoucpmacTsXld/9w3HnDY25QdgrMBM6ghs7wZ8T1soegj8k12b9py0i4a6Ibn08OhZ -WiihNIQaJZG2tY/vsvmA+vk9PBFy2OMvhnbFeSzBqZCTRphny4NqoFAjpzv2gTng7fC5v2Xx2Mt6 -++9zA84A9H3X4F07ZrjcjrqDy4d2A/wl2ecjbwb9Z/Pg/4S8R7+1FhhGaRTMBffb00msa8yr5LUL -QyReS2tNZ9/WtT5PeB+UcSTq3nD88ZP+npNa5JRal1QMNXtfbO4AHyTsA7oC9Xb0n9Sa7YUsOCIv -x9gvdhFP/Wxc6PWOJ4d/GUohR5AdeY0cW/jPSoXk7bNbjb7EZChdQcRurDhaTyN0dKkSw/bSuREV -MweR2Ds3OmMwBtHFIjYoYiMQ4EbMl6zWK11kJNXuHA7e+whadSr2Y23OC0K+0bpwHJwh5Q8xaRfX -/Aq03u2AnMuStIv13lmiWAmlY0cL4UEyNEHZmrHZqLAbWt4NDfTisl01gLmB1IRpkQLLddCNxbU9 -CZEJjxShFHR5PtbJFR2kWVki3PaKRT08EtY+XTIvAgMBAAGjgY4wgYswDwYDVR0TAQH/BAUwAwEB -/zAdBgNVHQ4EFgQUZ5Dw1t61GNVGKX5cq/ieCLxklRAwDgYDVR0PAQH/BAQDAgEGMEkGA1UdHwRC -MEAwPqA8oDqGOGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfYnJfcm9vdF9jYV8y -XzIwMjMuY3JsMA0GCSqGSIb3DQEBDQUAA4ICAQA097N3U9swFrktpSHxQCF16+tIFoE9c+CeJyrr -d6kTpGoKWloUMz1oH4Guaf2Mn2VsNELZLdB/eBaxOqwjMa1ef67nriv6uvw8l5VAk1/DLQOj7aRv -U9f6QA4w9QAgLABMjDu0ox+2v5Eyq6+SmNMW5tTRVFxDWy6u71cqqLRvpO8NVhTaIasgdp4D/Ca4 -nj8+AybmTNudX0KEPUUDAxxZiMrcLmEkWqTqJwtzEr5SswrPMhfiHocaFpVIbVrg0M8JkiZmkdij -YQ6qgYF/6FKC0ULn4B0Y+qSFNueG4A3rvNTJ1jxD8V1Jbn6Bm2m1iWKPiFLY1/4nwSPFyysCu7Ff -/vtDhQNGvl3GyiEm/9cCnnRK3PgTFbGBVzbLZVzRHTF36SXDw7IyN9XxmAnkbWOACKsGkoHU6XCP -pz+y7YaMgmo1yEJagtFSGkUPFaUA8JR7ZSdXOUPPfH/mvTWze/EZTN46ls/pdu4D58JDUjxqgejB -WoC9EV2Ta/vH5mQ/u2kc6d0li690yVRAysuTEwrt+2aSEcr1wPrYg1UDfNPFIkZ1cGt5SAYqgpq/ -5usWDiJFAbzdNpQ0qTUmiteXue4Icr80knCDgKs4qllo3UCkGJCy89UDyibK79XH4I9TjvAA46jt -n/mtd+ArY0+ew+43u3gJhJ65bvspmZDogNOfJA== ------END CERTIFICATE----- - -TrustAsia TLS ECC Root CA -========================= ------BEGIN CERTIFICATE----- -MIICMTCCAbegAwIBAgIUNnThTXxlE8msg1UloD5Sfi9QaMcwCgYIKoZIzj0EAwMwWDELMAkGA1UE -BhMCQ04xJTAjBgNVBAoTHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xIjAgBgNVBAMTGVRy -dXN0QXNpYSBUTFMgRUNDIFJvb3QgQ0EwHhcNMjQwNTE1MDU0MTU2WhcNNDQwNTE1MDU0MTU1WjBY -MQswCQYDVQQGEwJDTjElMCMGA1UEChMcVHJ1c3RBc2lhIFRlY2hub2xvZ2llcywgSW5jLjEiMCAG -A1UEAxMZVHJ1c3RBc2lhIFRMUyBFQ0MgUm9vdCBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABLh/ -pVs/AT598IhtrimY4ZtcU5nb9wj/1WrgjstEpvDBjL1P1M7UiFPoXlfXTr4sP/MSpwDpguMqWzJ8 -S5sUKZ74LYO1644xST0mYekdcouJtgq7nDM1D9rs3qlKH8kzsaNCMEAwDwYDVR0TAQH/BAUwAwEB -/zAdBgNVHQ4EFgQULIVTu7FDzTLqnqOH/qKYqKaT6RAwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49 -BAMDA2gAMGUCMFRH18MtYYZI9HlaVQ01L18N9mdsd0AaRuf4aFtOJx24mH1/k78ITcTaRTChD15K -eAIxAKORh/IRM4PDwYqROkwrULG9IpRdNYlzg8WbGf60oenUoWa2AaU2+dhoYSi3dOGiMQ== ------END CERTIFICATE----- - -TrustAsia TLS RSA Root CA -========================= ------BEGIN CERTIFICATE----- -MIIFgDCCA2igAwIBAgIUHBjYz+VTPyI1RlNUJDxsR9FcSpwwDQYJKoZIhvcNAQEMBQAwWDELMAkG -A1UEBhMCQ04xJTAjBgNVBAoTHFRydXN0QXNpYSBUZWNobm9sb2dpZXMsIEluYy4xIjAgBgNVBAMT -GVRydXN0QXNpYSBUTFMgUlNBIFJvb3QgQ0EwHhcNMjQwNTE1MDU0MTU3WhcNNDQwNTE1MDU0MTU2 -WjBYMQswCQYDVQQGEwJDTjElMCMGA1UEChMcVHJ1c3RBc2lhIFRlY2hub2xvZ2llcywgSW5jLjEi -MCAGA1UEAxMZVHJ1c3RBc2lhIFRMUyBSU0EgUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP -ADCCAgoCggIBAMMWuBtqpERz5dZO9LnPWwvB0ZqB9WOwj0PBuwhaGnrhB3YmH49pVr7+NmDQDIPN -lOrnxS1cLwUWAp4KqC/lYCZUlviYQB2srp10Zy9U+5RjmOMmSoPGlbYJQ1DNDX3eRA5gEk9bNb2/ -mThtfWza4mhzH/kxpRkQcwUqwzIZheo0qt1CHjCNP561HmHVb70AcnKtEj+qpklz8oYVlQwQX1Fk -zv93uMltrOXVmPGZLmzjyUT5tUMnCE32ft5EebuyjBza00tsLtbDeLdM1aTk2tyKjg7/D8OmYCYo -zza/+lcK7Fs/6TAWe8TbxNRkoDD75f0dcZLdKY9BWN4ArTr9PXwaqLEX8E40eFgl1oUh63kd0Nyr -z2I8sMeXi9bQn9P+PN7F4/w6g3CEIR0JwqH8uyghZVNgepBtljhb//HXeltt08lwSUq6HTrQUNoy -IBnkiz/r1RYmNzz7dZ6wB3C4FGB33PYPXFIKvF1tjVEK2sUYyJtt3LCDs3+jTnhMmCWr8n4uIF6C -FabW2I+s5c0yhsj55NqJ4js+k8UTav/H9xj8Z7XvGCxUq0DTbE3txci3OE9kxJRMT6DNrqXGJyV1 -J23G2pyOsAWZ1SgRxSHUuPzHlqtKZFlhaxP8S8ySpg+kUb8OWJDZgoM5pl+z+m6Ss80zDoWo8SnT -q1mt1tve1CuBAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLgHkXlcBvRG/XtZ -ylomkadFK/hTMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQwFAAOCAgEAIZtqBSBdGBanEqT3 -Rz/NyjuujsCCztxIJXgXbODgcMTWltnZ9r96nBO7U5WS/8+S4PPFJzVXqDuiGev4iqME3mmL5Dw8 -veWv0BIb5Ylrc5tvJQJLkIKvQMKtuppgJFqBTQUYo+IzeXoLH5Pt7DlK9RME7I10nYEKqG/odv6L -TytpEoYKNDbdgptvT+Bz3Ul/KD7JO6NXBNiT2Twp2xIQaOHEibgGIOcberyxk2GaGUARtWqFVwHx -tlotJnMnlvm5P1vQiJ3koP26TpUJg3933FEFlJ0gcXax7PqJtZwuhfG5WyRasQmr2soaB82G39tp -27RIGAAtvKLEiUUjpQ7hRGU+isFqMB3iYPg6qocJQrmBktwliJiJ8Xw18WLK7nn4GS/+X/jbh87q -qA8MpugLoDzga5SYnH+tBuYc6kIQX+ImFTw3OffXvO645e8D7r0i+yiGNFjEWn9hongPXvPKnbwb -PKfILfanIhHKA9jnZwqKDss1jjQ52MjqjZ9k4DewbNfFj8GQYSbbJIweSsCI3zWQzj8C9GRh3sfI -B5XeMhg6j6JCQCTl1jNdfK7vsU1P1FeQNWrcrgSXSYk0ly4wBOeY99sLAZDBHwo/+ML+TvrbmnNz -FrwFuHnYWa8G5z9nODmxfKuU4CkUpijy323imttUQ/hHWKNddBWcwauwxzQ= ------END CERTIFICATE----- - -D-TRUST EV Root CA 2 2023 -========================= ------BEGIN CERTIFICATE----- -MIIFqTCCA5GgAwIBAgIQaSYJfoBLTKCnjHhiU19abzANBgkqhkiG9w0BAQ0FADBIMQswCQYDVQQG -EwJERTEVMBMGA1UEChMMRC1UcnVzdCBHbWJIMSIwIAYDVQQDExlELVRSVVNUIEVWIFJvb3QgQ0Eg -MiAyMDIzMB4XDTIzMDUwOTA5MTAzM1oXDTM4MDUwOTA5MTAzMlowSDELMAkGA1UEBhMCREUxFTAT -BgNVBAoTDEQtVHJ1c3QgR21iSDEiMCAGA1UEAxMZRC1UUlVTVCBFViBSb290IENBIDIgMjAyMzCC -AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANiOo4mAC7JXUtypU0w3uX9jFxPvp1sjW2l1 -sJkKF8GLxNuo4MwxusLyzV3pt/gdr2rElYfXR8mV2IIEUD2BCP/kPbOx1sWy/YgJ25yE7CUXFId/ -MHibaljJtnMoPDT3mfd/06b4HEV8rSyMlD/YZxBTfiLNTiVR8CUkNRFeEMbsh2aJgWi6zCudR3Mf -vc2RpHJqnKIbGKBv7FD0fUDCqDDPvXPIEysQEx6Lmqg6lHPTGGkKSv/BAQP/eX+1SH977ugpbzZM -lWGG2Pmic4ruri+W7mjNPU0oQvlFKzIbRlUWaqZLKfm7lVa/Rh3sHZMdwGWyH6FDrlaeoLGPaxK3 -YG14C8qKXO0elg6DpkiVjTujIcSuWMYAsoS0I6SWhjW42J7YrDRJmGOVxcttSEfi8i4YHtAxq910 -7PncjLgcjmgjutDzUNzPZY9zOjLHfP7KgiJPvo5iR2blzYfi6NUPGJ/lBHJLRjwQ8kTCZFZxTnXo -nMkmdMV9WdEKWw9t/p51HBjGGjp82A0EzM23RWV6sY+4roRIPrN6TagD4uJ+ARZZaBhDM7DS3LAa -QzXupdqpRlyuhoFBAUp0JuyfBr/CBTdkdXgpaP3F9ev+R/nkhbDhezGdpn9yo7nELC7MmVcOIQxF -AZRl62UJxmMiCzNJkkg8/M3OsD6Onov4/knFNXJHAgMBAAGjgY4wgYswDwYDVR0TAQH/BAUwAwEB -/zAdBgNVHQ4EFgQUqvyREBuHkV8Wub9PS5FeAByxMoAwDgYDVR0PAQH/BAQDAgEGMEkGA1UdHwRC -MEAwPqA8oDqGOGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfZXZfcm9vdF9jYV8y -XzIwMjMuY3JsMA0GCSqGSIb3DQEBDQUAA4ICAQCTy6UfmRHsmg1fLBWTxj++EI14QvBukEdHjqOS -Mo1wj/Zbjb6JzkcBahsgIIlbyIIQbODnmaprxiqgYzWRaoUlrRc4pZt+UPJ26oUFKidBK7GB0aL2 -QHWpDsvxVUjY7NHss+jOFKE17MJeNRqrphYBBo7q3C+jisosketSjl8MmxfPy3MHGcRqwnNU73xD -UmPBEcrCRbH0O1P1aa4846XerOhUt7KR/aypH/KH5BfGSah82ApB9PI+53c0BFLd6IHyTS9URZ0V -4U/M5d40VxDJI3IXcI1QcB9WbMy5/zpaT2N6w25lBx2Eof+pDGOJbbJAiDnXH3dotfyc1dZnaVuo -dNv8ifYbMvekJKZ2t0dT741Jj6m2g1qllpBFYfXeA08mD6iL8AOWsKwV0HFaanuU5nCT2vFp4LJi -TZ6P/4mdm13NRemUAiKN4DV/6PEEeXFsVIP4M7kFMhtYVRFP0OUnR3Hs7dpn1mKmS00PaaLJvOwi -S5THaJQXfuKOKD62xur1NGyfN4gHONuGcfrNlUhDbqNPgofXNJhuS5N5YHVpD/Aa1VP6IQzCP+k/ -HxiMkl14p3ZnGbuy6n/pcAlWVqOwDAstNl7F6cTVg8uGF5csbBNvh1qvSaYd2804BC5f4ko1Di1L -+KIkBI3Y4WNeApI02phhXBxvWHZks/wCuPWdCg== ------END CERTIFICATE----- - -SwissSign RSA TLS Root CA 2022 - 1 -================================== ------BEGIN CERTIFICATE----- -MIIFkzCCA3ugAwIBAgIUQ/oMX04bgBhE79G0TzUfRPSA7cswDQYJKoZIhvcNAQELBQAwUTELMAkG -A1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzErMCkGA1UEAxMiU3dpc3NTaWduIFJTQSBU -TFMgUm9vdCBDQSAyMDIyIC0gMTAeFw0yMjA2MDgxMTA4MjJaFw00NzA2MDgxMTA4MjJaMFExCzAJ -BgNVBAYTAkNIMRUwEwYDVQQKEwxTd2lzc1NpZ24gQUcxKzApBgNVBAMTIlN3aXNzU2lnbiBSU0Eg -VExTIFJvb3QgQ0EgMjAyMiAtIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDLKmji -C8NXvDVjvHClO/OMPE5Xlm7DTjak9gLKHqquuN6orx122ro10JFwB9+zBvKK8i5VUXu7LCTLf5Im -gKO0lPaCoaTo+nUdWfMHamFk4saMla+ju45vVs9xzF6BYQ1t8qsCLqSX5XH8irCRIFucdFJtrhUn -WXjyCcplDn/L9Ovn3KlMd/YrFgSVrpxxpT8q2kFC5zyEEPThPYxr4iuRR1VPuFa+Rd4iUU1OKNlf -GUEGjw5NBuBwQCMBauTLE5tzrE0USJIt/m2n+IdreXXhvhCxqohAWVTXz8TQm0SzOGlkjIHRI36q -OTw7D59Ke4LKa2/KIj4x0LDQKhySio/YGZxH5D4MucLNvkEM+KRHBdvBFzA4OmnczcNpI/2aDwLO -EGrOyvi5KaM2iYauC8BPY7kGWUleDsFpswrzd34unYyzJ5jSmY0lpx+Gs6ZUcDj8fV3oT4MM0ZPl -EuRU2j7yrTrePjxF8CgPBrnh25d7mUWe3f6VWQQvdT/TromZhqwUtKiE+shdOxtYk8EXlFXIC+OC -eYSf8wCENO7cMdWP8vpPlkwGqnj73mSiI80fPsWMvDdUDrtaclXvyFu1cvh43zcgTFeRc5JzrBh3 -Q4IgaezprClG5QtO+DdziZaKHG29777YtvTKwP1H8K4LWCDFyB02rpeNUIMmJCn3nTsPBQIDAQAB -o2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBRvjmKLk0Ow -4UD2p8P98Q+4DxU4pTAdBgNVHQ4EFgQUb45ii5NDsOFA9qfD/fEPuA8VOKUwDQYJKoZIhvcNAQEL -BQADggIBAKwsKUF9+lz1GpUYvyypiqkkVHX1uECry6gkUSsYP2OprphWKwVDIqO310aewCoSPY6W -lkDfDDOLazeROpW7OSltwAJsipQLBwJNGD77+3v1dj2b9l4wBlgzHqp41eZUBDqyggmNzhYzWUUo -8aWjlw5DI/0LIICQ/+Mmz7hkkeUFjxOgdg3XNwwQiJb0Pr6VvfHDffCjw3lHC1ySFWPtUnWK50Zp -y1FVCypM9fJkT6lc/2cyjlUtMoIcgC9qkfjLvH4YoiaoLqNTKIftV+Vlek4ASltOU8liNr3Cjlvr -zG4ngRhZi0Rjn9UMZfQpZX+RLOV/fuiJz48gy20HQhFRJjKKLjpHE7iNvUcNCfAWpO2Whi4Z2L6M -OuhFLhG6rlrnub+xzI/goP+4s9GFe3lmozm1O2bYQL7Pt2eLSMkZJVX8vY3PXtpOpvJpzv1/THfQ -wUY1mFwjmwJFQ5Ra3bxHrSL+ul4vkSkphnsh3m5kt8sNjzdbowhq6/TdAo9QAwKxuDdollDruF/U -KIqlIgyKhPBZLtU30WHlQnNYKoH3dtvi4k0NX/a3vgW0rk4N3hY9A4GzJl5LuEsAz/+MF7psYC0n -hzck5npgL7XTgwSqT0N1osGDsieYK7EOgLrAhV5Cud+xYJHT6xh+cHiudoO+cVrQkOPKwRYlZ0rw -tnu64ZzZ ------END CERTIFICATE----- diff --git a/variants/heltec_v3/platformio.ini b/variants/heltec_v3/platformio.ini index a4f3706ce..6b61eff5d 100644 --- a/variants/heltec_v3/platformio.ini +++ b/variants/heltec_v3/platformio.ini @@ -51,9 +51,6 @@ build_flags = build_src_filter = ${Heltec_lora32_v3.build_src_filter} + +<../examples/simple_repeater> - - - - - - lib_deps = ${Heltec_lora32_v3.lib_deps} ${esp32_ota.lib_deps} @@ -105,48 +102,6 @@ lib_deps = ${Heltec_lora32_v3.lib_deps} ${esp32_ota.lib_deps} -[env:Heltec_v3_repeater_observer_mqtt] -extends = Heltec_lora32_v3 -upload_port = /dev/cu.usbserial-4 -build_flags = - ${Heltec_lora32_v3.build_flags} - -D DISPLAY_CLASS=SSD1306Display - -D ADVERT_NAME='"MQTT Observer"' - -D ADVERT_LAT=0.0 - -D ADVERT_LON=0.0 - -D ADMIN_PASSWORD='"password"' - -D MAX_NEIGHBOURS=50 - -D WITH_MQTT_BRIDGE=1 - -D MAX_MQTT_BROKERS=3 - -D MQTT_MAX_PACKET_SIZE=1024 - -D MQTT_DEBUG=1 - -D MESH_PACKET_LOGGING=1 - -D MESH_DEBUG=1 - -D CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y - -D ESP32_CPU_FREQ=160 - -D MQTT_WIFI_TX_POWER=WIFI_POWER_19_5dBm - -D MQTT_WIFI_POWER_SAVE_DEFAULT=1 -# -D WIFI_SSID='"ssid"' -# -D WIFI_PWD='"password"' -# -D MQTT_SERVER='"your-mqtt-broker.com"' -# -D MQTT_PORT=1883 -# -D MQTT_USERNAME='"your-username"' -# -D MQTT_PASSWORD='"your-password"' -build_src_filter = ${Heltec_lora32_v3.build_src_filter} - + - + - + - + - +<../examples/simple_repeater> -lib_deps = - ${Heltec_lora32_v3.lib_deps} - ${esp32_ota.lib_deps} - elims/PsychicMqttClient@^0.2.4 - bblanchon/ArduinoJson - arduino-libraries/NTPClient - JChristensen/Timezone - paulstoffregen/Time@1.6.1 - [env:Heltec_v3_room_server] extends = Heltec_lora32_v3 build_flags = @@ -166,41 +121,6 @@ lib_deps = ${Heltec_lora32_v3.lib_deps} ${esp32_ota.lib_deps} -[env:Heltec_v3_room_server_observer_mqtt] -extends = Heltec_lora32_v3 -build_flags = - ${Heltec_lora32_v3.build_flags} - -D DISPLAY_CLASS=SSD1306Display - -D ADVERT_NAME='"Heltec Room Observer"' - -D ADVERT_LAT=0.0 - -D ADVERT_LON=0.0 - -D ADMIN_PASSWORD='"password"' - -D ROOM_PASSWORD='"hello"' - -D WITH_MQTT_BRIDGE=1 - -D MAX_MQTT_BROKERS=3 - -D MQTT_MAX_PACKET_SIZE=1024 - -D MQTT_DEBUG=1 -; -D MESH_PACKET_LOGGING=1 -; -D MESH_DEBUG=1 - -D CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y - -D ESP32_CPU_FREQ=160 - -D MQTT_WIFI_TX_POWER=WIFI_POWER_19_5dBm - -D MQTT_WIFI_POWER_SAVE_DEFAULT=1 -build_src_filter = ${Heltec_lora32_v3.build_src_filter} - + - + - + - + - +<../examples/simple_room_server> -lib_deps = - ${Heltec_lora32_v3.lib_deps} - ${esp32_ota.lib_deps} - elims/PsychicMqttClient@^0.2.4 - bblanchon/ArduinoJson - arduino-libraries/NTPClient - JChristensen/Timezone - paulstoffregen/Time@1.6.1 - [env:Heltec_v3_terminal_chat] extends = Heltec_lora32_v3 build_flags = @@ -315,9 +235,6 @@ build_flags = ; -D MESH_DEBUG=1 build_src_filter = ${Heltec_lora32_v3.build_src_filter} +<../examples/simple_repeater> - - - - - - lib_deps = ${Heltec_lora32_v3.lib_deps} ${esp32_ota.lib_deps} diff --git a/variants/heltec_v4/platformio.ini b/variants/heltec_v4/platformio.ini index ed17387c8..ba7590094 100644 --- a/variants/heltec_v4/platformio.ini +++ b/variants/heltec_v4/platformio.ini @@ -17,11 +17,9 @@ build_flags = -D P_LORA_SCLK=9 -D P_LORA_MISO=11 -D P_LORA_MOSI=10 - -D P_LORA_PA_POWER=7 ; VFEM_Ctrl - GC1109 LDO power enable - -D P_LORA_PA_EN=2 ; CSD - GC1109 chip enable (HIGH=on) - -D P_LORA_PA_TX_EN=46 ; CPS - GC1109 PA mode (HIGH=full PA, LOW=bypass) - -D PIN_BOARD_SDA=17 - -D PIN_BOARD_SCL=18 + -D P_LORA_PA_POWER=7 ;power en + -D P_LORA_PA_EN=2 + -D P_LORA_PA_TX_EN=46 ;enable tx -D PIN_USER_BTN=0 -D PIN_VEXT_EN=36 -D PIN_VEXT_EN_ACTIVE=LOW @@ -31,8 +29,6 @@ build_flags = -D SX126X_DIO3_TCXO_VOLTAGE=1.8 -D SX126X_CURRENT_LIMIT=140 -D SX126X_RX_BOOSTED_GAIN=1 - ; GC1109 FEM: TX/RX switching is handled by DIO2 -> CTX pin (via SX126X_DIO2_AS_RF_SWITCH) - ; GPIO46 is CPS (power save), not TX control - do not use for RF switching -D PIN_GPS_RX=38 -D PIN_GPS_TX=39 -D PIN_GPS_RESET=42 @@ -125,80 +121,6 @@ lib_deps = ${heltec_v4_oled.lib_deps} ${esp32_ota.lib_deps} -[env:heltec_v4_repeater_observer_mqtt] -extends = Heltec_lora32_v4 -build_flags = - ${Heltec_lora32_v4.build_flags} - -D DISPLAY_CLASS=SSD1306Display - -D ADVERT_NAME='"MQTT Observer"' - -D ADVERT_LAT=0.0 - -D ADVERT_LON=0.0 - -D ADMIN_PASSWORD='"password"' - -D MAX_NEIGHBOURS=50 - -D WITH_MQTT_BRIDGE=1 - -D MAX_MQTT_BROKERS=3 - -D MQTT_MAX_PACKET_SIZE=1024 - -D MQTT_DEBUG=1 - -D MESH_PACKET_LOGGING=1 - -D MESH_DEBUG=1 - -D CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y - -D MQTT_WIFI_TX_POWER=WIFI_POWER_19_5dBm - -D MQTT_WIFI_POWER_SAVE_DEFAULT=1 -# -D WIFI_SSID='"ssid"' -# -D WIFI_PWD='"password"' -# -D MQTT_SERVER='"your-mqtt-broker.com"' -# -D MQTT_PORT=1883 -# -D MQTT_USERNAME='"your-username"' -# -D MQTT_PASSWORD='"your-password"' -build_src_filter = ${Heltec_lora32_v4.build_src_filter} - + - + - + - + - +<../examples/simple_repeater> -lib_deps = - ${Heltec_lora32_v4.lib_deps} - ${esp32_ota.lib_deps} - elims/PsychicMqttClient@^0.2.4 - bblanchon/ArduinoJson - arduino-libraries/NTPClient - JChristensen/Timezone - paulstoffregen/Time@1.6.1 - -[env:heltec_v4_room_server_observer_mqtt] -extends = Heltec_lora32_v4 -build_flags = - ${Heltec_lora32_v4.build_flags} - -D DISPLAY_CLASS=SSD1306Display - -D ADVERT_NAME='"Heltec Room Observer"' - -D ADVERT_LAT=0.0 - -D ADVERT_LON=0.0 - -D ADMIN_PASSWORD='"password"' - -D ROOM_PASSWORD='"hello"' - -D WITH_MQTT_BRIDGE=1 - -D MAX_MQTT_BROKERS=3 - -D MQTT_MAX_PACKET_SIZE=1024 - -D MQTT_DEBUG=1 -; -D MESH_PACKET_LOGGING=1 -; -D MESH_DEBUG=1 - -D CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=y - -D MQTT_WIFI_TX_POWER=WIFI_POWER_19_5dBm - -D MQTT_WIFI_POWER_SAVE_DEFAULT=1 -build_src_filter = ${Heltec_lora32_v4.build_src_filter} - + - + - + - + - +<../examples/simple_room_server> -lib_deps = - ${Heltec_lora32_v4.lib_deps} - ${esp32_ota.lib_deps} - elims/PsychicMqttClient@^0.2.4 - bblanchon/ArduinoJson - arduino-libraries/NTPClient - JChristensen/Timezone - paulstoffregen/Time@1.6.1 - [env:heltec_v4_room_server] extends = heltec_v4_oled build_flags = diff --git a/variants/sensecap_solar/platformio.ini b/variants/sensecap_solar/platformio.ini index 614d3ae28..d4fb7b442 100644 --- a/variants/sensecap_solar/platformio.ini +++ b/variants/sensecap_solar/platformio.ini @@ -8,7 +8,7 @@ build_flags = ${nrf52_base.build_flags} -I lib/nrf52/s140_nrf52_7.3.0_API/include/nrf52 -I variants/sensecap_solar -I src/helpers/nrf52 - -D ENV_INCLUDE_GPS=1 + -UENV_INCLUDE_GPS -D NRF52_PLATFORM=1 -D RADIO_CLASS=CustomSX1262 -D WRAPPER_CLASS=CustomSX1262Wrapper @@ -24,12 +24,6 @@ build_flags = ${nrf52_base.build_flags} -D SX126X_DIO3_TCXO_VOLTAGE=1.8 -D SX126X_CURRENT_LIMIT=140 -D SX126X_RX_BOOSTED_GAIN=1 - -D PIN_GPS_TX=7 - -D PIN_GPS_RX=6 - -D PIN_GPS_EN=18 - -D PIN_GPS_STANDBY=0 - -D PIN_GPS_EN_ACTIVE=HIGH - -D GPS_BAUD_RATE=9600 build_src_filter = ${nrf52_base.build_src_filter} + + @@ -39,7 +33,6 @@ upload_protocol = nrfutil lib_deps = ${nrf52_base.lib_deps} ${sensor_base.lib_deps} - stevemarple/MicroNMEA @ ^2.0.6 [env:SenseCap_Solar_repeater] extends = SenseCap_Solar @@ -65,4 +58,42 @@ build_flags = -D ADMIN_PASSWORD='"password"' ; -D MESH_PACKET_LOGGING=1 ; -D MESH_DEBUG=1 +build_src_filter = ${SenseCap_Solar.build_src_filter} + +<../examples/simple_room_server/*.cpp> + +[env:SenseCap_Solar_companion_radio_ble] +extends = SenseCap_Solar +board_build.ldscript = boards/nrf52840_s140_v7_extrafs.ld +board_upload.maximum_size = 708608 +build_flags = + ${SenseCap_Solar.build_flags} + -D MAX_CONTACTS=350 + -D MAX_GROUP_CHANNELS=40 + -D BLE_PIN_CODE=123456 + -D OFFLINE_QUEUE_SIZE=256 +; -D BLE_DEBUG_LOGGING=1 +; -D MESH_PACKET_LOGGING=1 +; -D MESH_DEBUG=1 +build_src_filter = ${SenseCap_Solar.build_src_filter} + + + +<../examples/companion_radio/*.cpp> +lib_deps = + ${SenseCap_Solar.lib_deps} + densaugeo/base64 @ ~1.4.0 + +[env:SenseCap_Solar_companion_radio_usb] +extends = SenseCap_Solar +board_build.ldscript = boards/nrf52840_s140_v7_extrafs.ld +board_upload.maximum_size = 708608 +build_flags = + ${SenseCap_Solar.build_flags} + -D MAX_CONTACTS=350 + -D MAX_GROUP_CHANNELS=40 +; -D MESH_PACKET_LOGGING=1 +; -D MESH_DEBUG=1 +build_src_filter = ${SenseCap_Solar.build_src_filter} + + + +<../examples/companion_radio/*.cpp> +lib_deps = + ${SenseCap_Solar.lib_deps} densaugeo/base64 @ ~1.4.0 \ No newline at end of file diff --git a/variants/sensecap_solar/target.cpp b/variants/sensecap_solar/target.cpp index bc21ce242..6bd7d31a7 100644 --- a/variants/sensecap_solar/target.cpp +++ b/variants/sensecap_solar/target.cpp @@ -2,10 +2,6 @@ #include "target.h" #include -#ifdef ENV_INCLUDE_GPS -#include -#endif - SenseCapSolarBoard board; RADIO_CLASS radio = new Module(P_LORA_NSS, P_LORA_DIO_1, P_LORA_RESET, P_LORA_BUSY, SPI); @@ -14,13 +10,7 @@ WRAPPER_CLASS radio_driver(radio, board); VolatileRTCClock fallback_clock; AutoDiscoverRTCClock rtc_clock(fallback_clock); - -#ifdef ENV_INCLUDE_GPS -MicroNMEALocationProvider nmea = MicroNMEALocationProvider(Serial1, &rtc_clock, PIN_GPS_STANDBY, PIN_GPS_EN); -EnvironmentSensorManager sensors = EnvironmentSensorManager(nmea); -#else -EnvironmentSensorManager sensors = EnvironmentSensorManager(); -#endif +EnvironmentSensorManager sensors; bool radio_init() { rtc_clock.begin(Wire); @@ -46,4 +36,4 @@ void radio_set_tx_power(uint8_t dbm) { mesh::LocalIdentity radio_new_identity() { RadioNoiseListener rng(radio); return mesh::LocalIdentity(&rng); // create new random identity -} \ No newline at end of file +} diff --git a/variants/sensecap_solar/target.h b/variants/sensecap_solar/target.h index 919b0e4f3..90d60ba52 100644 --- a/variants/sensecap_solar/target.h +++ b/variants/sensecap_solar/target.h @@ -9,10 +9,6 @@ #include #include -#ifdef ENV_INCLUDE_GPS -#include -#endif - extern SenseCapSolarBoard board; extern WRAPPER_CLASS radio_driver; extern AutoDiscoverRTCClock rtc_clock; @@ -22,4 +18,4 @@ bool radio_init(); uint32_t radio_get_rng_seed(); void radio_set_params(float freq, float bw, uint8_t sf, uint8_t cr); void radio_set_tx_power(uint8_t dbm); -mesh::LocalIdentity radio_new_identity(); \ No newline at end of file +mesh::LocalIdentity radio_new_identity(); diff --git a/variants/sensecap_solar/variant.cpp b/variants/sensecap_solar/variant.cpp index cff13a8d8..05774c102 100644 --- a/variants/sensecap_solar/variant.cpp +++ b/variants/sensecap_solar/variant.cpp @@ -48,6 +48,9 @@ const uint32_t g_ADigitalPinMap[] = { }; void initVariant() { + pinMode(GPS_EN, OUTPUT); + digitalWrite(GPS_EN, LOW); + pinMode(BATTERY_PIN, INPUT); pinMode(VBAT_ENABLE, OUTPUT); digitalWrite(VBAT_ENABLE, LOW); @@ -61,9 +64,8 @@ void initVariant() { pinMode(LED_BLUE, OUTPUT); digitalWrite(LED_BLUE, LOW); -#ifdef ENV_INCLUDE_GPS - // Initialize GPS enable pin (GPS will be powered on/off by sensor manager) - pinMode(PIN_GPS_EN, OUTPUT); - digitalWrite(PIN_GPS_EN, LOW); // Start with GPS off -#endif -} \ No newline at end of file + /* disable gps until we actually support it. + pinMode(GPS_EN, OUTPUT); + digitalWrite(GPS_EN, HIGH); + */ +} diff --git a/variants/sensecap_solar/variant.h b/variants/sensecap_solar/variant.h index 145363ca6..76494f48e 100644 --- a/variants/sensecap_solar/variant.h +++ b/variants/sensecap_solar/variant.h @@ -69,8 +69,7 @@ #define PIN_GPS_TX PIN_SERIAL1_RX #define PIN_GPS_RX PIN_SERIAL1_TX #define PIN_GPS_STANDBY (0) -#define PIN_GPS_EN (18) -#define GPS_EN PIN_GPS_EN // Alias for compatibility +#define GPS_EN (18) // QSPI Pins #define PIN_QSPI_SCK (21) From 384e4820528c296b3ccadbb21bd341e98e9d7d30 Mon Sep 17 00:00:00 2001 From: Liam Cottle Date: Tue, 3 Feb 2026 13:47:43 +1300 Subject: [PATCH 22/30] Create CNAME --- CNAME | 1 + 1 file changed, 1 insertion(+) create mode 100644 CNAME diff --git a/CNAME b/CNAME new file mode 100644 index 000000000..1b7d16714 --- /dev/null +++ b/CNAME @@ -0,0 +1 @@ +docs.meshcore.nz \ No newline at end of file From 4af31e552ed836e8cbb3fab2cb4d9a3ff056d99b Mon Sep 17 00:00:00 2001 From: liamcottle Date: Tue, 3 Feb 2026 17:51:22 +1300 Subject: [PATCH 23/30] refactor documentation --- docs/_stylesheets/extra.css | 5 + docs/cli_commands.md | 4 +- ...rotocol_guide.md => companion_protocol.md} | 550 +++++------------- docs/docs.md | 13 + docs/faq.md | 25 +- docs/index.md | 18 +- docs/qr_codes.md | 34 ++ docs/terminal_chat_cli.md | 96 +++ 8 files changed, 315 insertions(+), 430 deletions(-) rename docs/{protocol_guide.md => companion_protocol.md} (57%) create mode 100644 docs/docs.md create mode 100644 docs/qr_codes.md create mode 100644 docs/terminal_chat_cli.md diff --git a/docs/_stylesheets/extra.css b/docs/_stylesheets/extra.css index 55d1b1479..f9f75b120 100644 --- a/docs/_stylesheets/extra.css +++ b/docs/_stylesheets/extra.css @@ -9,3 +9,8 @@ .md-source__fact--version { display: none; } + +/* underline links */ +.md-typeset a { + text-decoration: underline; +} diff --git a/docs/cli_commands.md b/docs/cli_commands.md index 6b4f61578..f89d400ad 100644 --- a/docs/cli_commands.md +++ b/docs/cli_commands.md @@ -1,4 +1,6 @@ -# MeshCore Repeater & Room Server CLI Commands +# CLI Commands + +This document provides an overview of CLI commands that can be sent to MeshCore Repeaters, Room Servers and Sensors. ## Navigation diff --git a/docs/protocol_guide.md b/docs/companion_protocol.md similarity index 57% rename from docs/protocol_guide.md rename to docs/companion_protocol.md index ceedbbf05..9d45b59ef 100644 --- a/docs/protocol_guide.md +++ b/docs/companion_protocol.md @@ -1,26 +1,42 @@ -# MeshCore Device Communication Protocol Guide +# Companion Protocol -This document provides a comprehensive guide for communicating with MeshCore devices over Bluetooth Low Energy (BLE). It is platform-agnostic and can be used for Android, iOS, Python, JavaScript, or any other platform that supports BLE. +- **Last Updated**: 2026-01-03 +- **Protocol Version**: Companion Firmware v1.12.0+ -## ⚠️ Important Security Note +> NOTE: This document is still in development. Some information may be inaccurate. -**All secrets, hashes, and cryptographic values shown in this guide are EXAMPLE VALUES ONLY and are NOT real secrets.** +This document provides a comprehensive guide for communicating with MeshCore devices over Bluetooth Low Energy (BLE). -- The secret `9b647d242d6e1c5883fde0c5cf5c4c5e` used in examples is a made-up example value -- All hex values, public keys, and hashes in examples are for demonstration purposes only -- **Never use example secrets in production** - always generate new cryptographically secure random secrets -- This guide is for protocol documentation only - implement proper security practices in your actual implementation +It is platform-agnostic and can be used for Android, iOS, Python, JavaScript, or any other platform that supports BLE. + +## Official Libraries + +Please see the following repos for existing MeshCore Companion Protocol libraries. + +- JavaScript: [https://github.com/meshcore-dev/meshcore.js](https://github.com/meshcore-dev/meshcore.js) +- Python: [https://github.com/meshcore-dev/meshcore_py](https://github.com/meshcore-dev/meshcore_py) + +## Important Security Note + +All secrets, hashes, and cryptographic values shown in this guide are example values only. + +- All hex values, public keys and hashes are for demonstration purposes only +- Never use example secrets in production +- Always generate new cryptographically secure random secrets +- Please implement proper security practices in your implementation +- This guide is for protocol documentation only ## Table of Contents 1. [BLE Connection](#ble-connection) -2. [Protocol Overview](#protocol-overview) +2. [Packet Structure](#packet-structure) 3. [Commands](#commands) 4. [Channel Management](#channel-management) -5. [Secret Generation and QR Codes](#secret-generation-and-qr-codes) -6. [Message Handling](#message-handling) -7. [Response Parsing](#response-parsing) -8. [Example Implementation Flow](#example-implementation-flow) +5. [Message Handling](#message-handling) +6. [Response Parsing](#response-parsing) +7. [Example Implementation Flow](#example-implementation-flow) +8. [Best Practices](#best-practices) +9. [Troubleshooting](#troubleshooting) --- @@ -28,181 +44,111 @@ This document provides a comprehensive guide for communicating with MeshCore dev ### Service and Characteristics -MeshCore devices expose a BLE service with the following UUIDs: +MeshCore Companion devices expose a BLE service with the following UUIDs: -- **Service UUID**: `0000ff00-0000-1000-8000-00805f9b34fb` -- **RX Characteristic** (Device → Client): `0000ff01-0000-1000-8000-00805f9b34fb` -- **TX Characteristic** (Client → Device): `0000ff02-0000-1000-8000-00805f9b34fb` +- **Service UUID**: `6E400001-B5A3-F393-E0A9-E50E24DCCA9E` +- **RX Characteristic** (App → Firmware): `6E400002-B5A3-F393-E0A9-E50E24DCCA9E` +- **TX Characteristic** (Firmware → App): `6E400003-B5A3-F393-E0A9-E50E24DCCA9E` ### Connection Steps 1. **Scan for Devices** - - Scan for BLE devices advertising the MeshCore service UUID - - Filter by device name (typically contains "MeshCore" or similar) - - Note the device MAC address for reconnection + - Scan for BLE devices advertising the MeshCore Service UUID + - Optionally filter by device name (typically contains "MeshCore" prefix) + - Note the device MAC address for reconnection 2. **Connect to GATT** - - Connect to the device using the discovered MAC address - - Wait for connection to be established + - Connect to the device using the discovered MAC address + - Wait for connection to be established 3. **Discover Services and Characteristics** - - Discover the service with UUID `0000ff00-0000-1000-8000-00805f9b34fb` - - Discover RX characteristic (`0000ff01-...`) for receiving data - - Discover TX characteristic (`0000ff02-...`) for sending commands + - Discover the service with UUID `6E400001-B5A3-F393-E0A9-E50E24DCCA9E` + - Discover the RX characteristic `6E400002-B5A3-F393-E0A9-E50E24DCCA9E` + - Your app writes to this, the firmware reads from this + - Discover the TX characteristic `6E400003-B5A3-F393-E0A9-E50E24DCCA9E` + - The firmware writes to this, your app reads from this 4. **Enable Notifications** - - Subscribe to notifications on the RX characteristic - - Enable notifications/indications to receive data from the device - - On some platforms, you may need to write to a descriptor (e.g., `0x2902`) with value `0x01` or `0x02` - -5. **Send AppStart Command** - - Send the app start command (see [Commands](#commands)) to initialize communication - - Wait for OK response before sending other commands - -### Connection State Management - -- **Disconnected**: No connection established -- **Connecting**: Connection attempt in progress -- **Connected**: GATT connection established, ready for commands -- **Error**: Connection failed or lost + - Subscribe to notifications on the TX characteristic to receive data from the firmware + +5. **Send Initial Commands** + - Send `CMD_APP_START` to identify your app to firmware and get radio settings + - Send `CMD_DEVICE_QEURY` to fetch device info and negotiate supported protocol versions + - Send `CMD_SET_DEVICE_TIME` to set the firmware clock + - Send `CMD_GET_CONTACTS` to fetch all contacts + - Send `CMD_GET_CHANNEL` multiple times to fetch all channel slots + - Send `CMD_SYNC_NEXT_MESSAGE` to fetch the next message stored in firmware + - Setup listeners for push codes, such as `PUSH_CODE_MSG_WAITING` or `PUSH_CODE_ADVERT` + - See [Commands](#commands) section for information on other commands **Note**: MeshCore devices may disconnect after periods of inactivity. Implement auto-reconnect logic with exponential backoff. ### BLE Write Type -When writing commands to the TX characteristic, specify the write type: +When writing commands to the RX characteristic, specify the write type: - **Write with Response** (default): Waits for acknowledgment from device - **Write without Response**: Faster but no acknowledgment **Platform-specific**: + - **Android**: Use `BluetoothGattCharacteristic.WRITE_TYPE_DEFAULT` or `WRITE_TYPE_NO_RESPONSE` - **iOS**: Use `CBCharacteristicWriteType.withResponse` or `.withoutResponse` - **Python (bleak)**: Use `write_gatt_char()` with `response=True` or `False` -**Recommendation**: Use write with response for reliability, especially for critical commands like `SET_CHANNEL`. +**Recommendation**: Use write with response for reliability. ### MTU (Maximum Transmission Unit) The default BLE MTU is 23 bytes (20 bytes payload). For larger commands like `SET_CHANNEL` (66 bytes), you may need to: 1. **Request Larger MTU**: Request MTU of 512 bytes if supported - - Android: `gatt.requestMtu(512)` - - iOS: `peripheral.maximumWriteValueLength(for:)` - - Python (bleak): MTU is negotiated automatically + - Android: `gatt.requestMtu(512)` + - iOS: `peripheral.maximumWriteValueLength(for:)` + - Python (bleak): MTU is negotiated automatically -2. **Handle Chunking**: If MTU is small, commands may be split automatically by the BLE stack - - Ensure all chunks are sent before waiting for response - - Responses may also arrive in chunks - buffer until complete - -### Command Sequencing and Timing +### Command Sequencing **Critical**: Commands must be sent in the correct sequence: 1. **After Connection**: - - Wait for GATT connection established - - Wait for services/characteristics discovered - - Wait for notifications enabled (descriptor write complete) - - **Wait 200-1000ms** for device to be ready (some devices need initialization time) - - Send `APP_START` command - - **Wait for `PACKET_OK` response** before sending any other commands + - Wait for BLE connection to be established + - Wait for services/characteristics to be discovered + - Wait for notifications to be enabled + - Now you can safely send commands to the firmware 2. **Command-Response Matching**: - - Send one command at a time - - Wait for response before sending next command - - Use timeout (typically 5 seconds) - - Match response to command by: - - Command type (e.g., `GET_CHANNEL` → `PACKET_CHANNEL_INFO`) - - Sequence number (if implemented) - - First-in-first-out queue - -3. **Timing Considerations**: - - Minimum delay between commands: 50-100ms - - After `APP_START`: Wait 200-500ms before next command - - After `SET_CHANNEL`: Wait 500-1000ms for channel to be created - - After enabling notifications: Wait 200ms before sending commands - -**Example Flow**: -```python -# 1. Connect and discover -await connect_to_device(device) -await discover_services() -await enable_notifications() -await asyncio.sleep(0.2) # Wait for device ready - -# 2. Send AppStart -send_command(build_app_start()) -response = await wait_for_response(PACKET_OK, timeout=5.0) -if response.type != PACKET_OK: - raise Exception("AppStart failed") - -# 3. Now safe to send other commands -await asyncio.sleep(0.1) # Small delay between commands -send_command(build_device_query()) -response = await wait_for_response(PACKET_DEVICE_INFO, timeout=5.0) -``` + - Send one command at a time + - Wait for a response before sending another command + - Use a timeout (typically 5 seconds) + - Match response to command by type (e.g: `CMD_GET_CHANNEL` → `RESP_CODE_CHANNEL_INFO`) ### Command Queue Management -For reliable operation, implement a command queue: +For reliable operation, implement a command queue. -1. **Queue Structure**: - - Maintain a queue of pending commands - - Track which command is currently waiting for response - - Only send next command after receiving response or timeout +**Queue Structure**: -2. **Implementation**: -```python -class CommandQueue: - def __init__(self): - self.queue = [] - self.waiting_for_response = False - self.current_command = None - - async def send_command(self, command, expected_response_type, timeout=5.0): - if self.waiting_for_response: - # Queue the command - self.queue.append((command, expected_response_type, timeout)) - return - - self.waiting_for_response = True - self.current_command = (command, expected_response_type, timeout) - - # Send command - await write_to_tx_characteristic(command) - - # Wait for response - response = await wait_for_response(expected_response_type, timeout) - - self.waiting_for_response = False - self.current_command = None - - # Process next queued command - if self.queue: - next_cmd, next_type, next_timeout = self.queue.pop(0) - await self.send_command(next_cmd, next_type, next_timeout) - - return response -``` +- Maintain a queue of pending commands +- Track which command is currently waiting for a response +- Only send next command after receiving response or timeout + +**Error Handling**: -3. **Error Handling**: - - On timeout: Clear current command, process next in queue - - On error: Log error, clear current command, process next - - Don't block queue on single command failure +- On timeout, clear current command, process next in queue +- On error, log error, clear current command, process next --- -## Protocol Overview +## Packet Structure The MeshCore protocol uses a binary format with the following structure: -- **Commands**: Sent from client to device via TX characteristic -- **Responses**: Received from device via RX characteristic (notifications) -- **All multi-byte integers**: Little-endian byte order +- **Commands**: Sent from app to firmware via RX characteristic +- **Responses**: Received from firmware via TX characteristic notifications +- **All multi-byte integers**: Little-endian byte order (except CayenneLPP which is Big-endian) - **All strings**: UTF-8 encoding -### Packet Structure - Most packets follow this format: ``` [Packet Type (1 byte)] [Data (variable length)] @@ -283,7 +229,7 @@ Byte 1: Channel Index (0-7) Byte 0: 0x20 Byte 1: Channel Index (0-7) Bytes 2-33: Channel Name (32 bytes, UTF-8, null-padded) -Bytes 34-65: Secret (32 bytes, see [Secret Generation](#secret-generation)) +Bytes 34-65: Secret (32 bytes) ``` **Total Length**: 66 bytes @@ -298,7 +244,7 @@ Bytes 34-65: Secret (32 bytes, see [Secret Generation](#secret-generation)) - Padded with null bytes (0x00) if shorter **Secret Field** (32 bytes): -- For **private channels**: 32-byte secret (see [Secret Generation](#secret-generation)) +- For **private channels**: 32-byte secret - For **public channels**: All zeros (0x00) **Example** (create channel "YourChannelName" at index 1 with secret): @@ -380,170 +326,33 @@ Byte 0: 0x14 ### Channel Types -1. **Public Channels** (Index 0) - - No secret required - - Anyone with the channel name can join - - Use for open communication - -2. **Private Channels** (Indices 1-7) - - Require a 16-byte secret - - Secret is expanded to 32 bytes using SHA-512 (see [Secret Generation](#secret-generation)) - - Only devices with the secret can access the channel +1. **Public Channel** + - Uses a publicly known 16-byte key: `8b3387e9c5cdea6ac9e5edbaa115cd72` + - Anyone can join this channel, messages should be considered public + - Used as the default public group chat +2. **Hashtag Channels** + - Uses a secret key derived from the channel name + - It is the first 16 bytes of `sha256("#test")` + - For example hashtag channel `#test` has the key: `9cd8fcf22a47333b591d96a2b848b73f` + - Used as a topic based public group chat, separate from the default public channel +3. **Private Channels** + - Uses a randomly generated 16-byte secret key + - Messages should be considered private between those that know the secret + - Users should keep the key secret, and only share with those you want to communicate with + - Used as a secure private group chat ### Channel Lifecycle -1. **Create Channel**: - - Choose an available index (1-7 for private channels) - - Generate or provide a 16-byte secret - - Send `SET_CHANNEL` command with name and secret - - **Store the secret locally** (device does not return it) - -2. **Query Channel**: - - Send `GET_CHANNEL` command with channel index - - Parse `PACKET_CHANNEL_INFO` response - - Note: Secret will be null in response (security feature) - +1. **Set Channel**: + - Fetch all channel slots, and find one with empty name and all-zero secret + - Generate or provide a 16-byte secret + - Send `CMD_SET_CHANNEL` with name and secret +2. **Get Channel**: + - Send `CMD_GET_CHANNEL` with channel index + - Parse `RESP_CODE_CHANNEL_INFO` response 3. **Delete Channel**: - - Send `SET_CHANNEL` command with empty name and all-zero secret - - Or overwrite with a new channel - -### Channel Index Management - -- **Index 0**: Reserved for public channels -- **Indices 1-7**: Available for private channels -- If a channel exists at index 0 but should be private, migrate it to index 1-7 - ---- - -## Secret Generation and QR Codes - -### Secret Generation - -For private channels, generate a cryptographically secure 16-byte secret: - -**Pseudocode**: -```python -import secrets - -# Generate 16 random bytes -secret_bytes = secrets.token_bytes(16) - -# Convert to hex string for storage/sharing -secret_hex = secret_bytes.hex() # 32 hex characters -``` - -**Important**: Use a cryptographically secure random number generator (CSPRNG). Do not use predictable values. - -### Secret Expansion - -When sending the secret to the device via `SET_CHANNEL`, the 16-byte secret must be expanded to 32 bytes: - -**Process**: -1. Take the 16-byte secret -2. Compute SHA-512 hash: `hash = SHA-512(secret)` -3. Use the first 32 bytes of the hash as the secret field in the command - -**Pseudocode**: -```python -import hashlib - -secret_16_bytes = ... # Your 16-byte secret -sha512_hash = hashlib.sha512(secret_16_bytes).digest() # 64 bytes -secret_32_bytes = sha512_hash[:32] # First 32 bytes -``` - -This matches MeshCore's ED25519 key expansion method. - -### QR Code Format - -QR codes for sharing channel secrets use the following format: - -**URL Scheme**: -``` -meshcore://channel/add?name=&secret=<32HexChars> -``` - -**Parameters**: -- `name`: Channel name (URL-encoded if needed) -- `secret`: 32-character hexadecimal representation of the 16-byte secret - -**Example** (using example secret - NOT a real secret): -``` -meshcore://channel/add?name=YourChannelName&secret=9b647d242d6e1c5883fde0c5cf5c4c5e -``` - -**Alternative Formats** (for backward compatibility): - -1. **JSON Format**: -```json -{ - "name": "YourChannelName", - "secret": "9b647d242d6e1c5883fde0c5cf5c4c5e" -} -``` -*Note: The secret value above is an example only - generate your own secure random secret.* - -2. **Plain Hex** (32 hex characters): -``` -9b647d242d6e1c5883fde0c5cf5c4c5e -``` -*Note: This is an example hex value - always generate your own cryptographically secure random secret.* - -### QR Code Generation - -**Steps**: -1. Generate or use existing 16-byte secret -2. Convert to 32-character hex string (lowercase) -3. URL-encode the channel name -4. Construct the `meshcore://` URL -5. Generate QR code from the URL string - -**Example** (Python with `qrcode` library): -```python -import qrcode -from urllib.parse import quote -import secrets - -channel_name = "YourChannelName" -# Generate a real cryptographically secure secret (NOT the example value) -secret_bytes = secrets.token_bytes(16) -secret_hex = secret_bytes.hex() # This will be a different value each time - -# Example value shown in documentation: "9b647d242d6e1c5883fde0c5cf5c4c5e" -# DO NOT use the example value - always generate your own! - -url = f"meshcore://channel/add?name={quote(channel_name)}&secret={secret_hex}" -qr = qrcode.QRCode(version=1, box_size=10, border=5) -qr.add_data(url) -qr.make(fit=True) -img = qr.make_image(fill_color="black", back_color="white") -img.save("channel_qr.png") -``` - -### QR Code Scanning - -When scanning a QR code: - -1. **Parse URL Format**: - - Extract `name` and `secret` query parameters - - Validate secret is 32 hex characters - -2. **Parse JSON Format**: - - Parse JSON object - - Extract `name` and `secret` fields - -3. **Parse Plain Hex**: - - Extract only hex characters (0-9, a-f, A-F) - - Validate length is 32 characters - - Convert to lowercase - -4. **Validate Secret**: - - Must be exactly 32 hex characters (16 bytes) - - Convert hex string to bytes - -5. **Create Channel**: - - Use extracted name and secret - - Send `SET_CHANNEL` command + - Send `CMD_SET_CHANNEL` with empty name and all-zero secret + - Or overwrite with a new channel --- @@ -693,28 +502,28 @@ Use the `SEND_CHANNEL_MESSAGE` command (see [Commands](#commands)). ### Packet Types -| Value | Name | Description | -|-------|------|-------------| -| 0x00 | PACKET_OK | Command succeeded | -| 0x01 | PACKET_ERROR | Command failed | -| 0x02 | PACKET_CONTACT_START | Start of contact list | -| 0x03 | PACKET_CONTACT | Contact information | -| 0x04 | PACKET_CONTACT_END | End of contact list | -| 0x05 | PACKET_SELF_INFO | Device self-information | -| 0x06 | PACKET_MSG_SENT | Message sent confirmation | -| 0x07 | PACKET_CONTACT_MSG_RECV | Contact message (standard) | -| 0x08 | PACKET_CHANNEL_MSG_RECV | Channel message (standard) | -| 0x09 | PACKET_CURRENT_TIME | Current time response | -| 0x0A | PACKET_NO_MORE_MSGS | No more messages available | -| 0x0C | PACKET_BATTERY | Battery level | -| 0x0D | PACKET_DEVICE_INFO | Device information | -| 0x10 | PACKET_CONTACT_MSG_RECV_V3 | Contact message (V3 with SNR) | -| 0x11 | PACKET_CHANNEL_MSG_RECV_V3 | Channel message (V3 with SNR) | -| 0x12 | PACKET_CHANNEL_INFO | Channel information | -| 0x80 | PACKET_ADVERTISEMENT | Advertisement packet | -| 0x82 | PACKET_ACK | Acknowledgment | -| 0x83 | PACKET_MESSAGES_WAITING | Messages waiting notification | -| 0x88 | PACKET_LOG_DATA | RF log data (can be ignored) | +| Value | Name | Description | +|-------|----------------------------|-------------------------------| +| 0x00 | PACKET_OK | Command succeeded | +| 0x01 | PACKET_ERROR | Command failed | +| 0x02 | PACKET_CONTACT_START | Start of contact list | +| 0x03 | PACKET_CONTACT | Contact information | +| 0x04 | PACKET_CONTACT_END | End of contact list | +| 0x05 | PACKET_SELF_INFO | Device self-information | +| 0x06 | PACKET_MSG_SENT | Message sent confirmation | +| 0x07 | PACKET_CONTACT_MSG_RECV | Contact message (standard) | +| 0x08 | PACKET_CHANNEL_MSG_RECV | Channel message (standard) | +| 0x09 | PACKET_CURRENT_TIME | Current time response | +| 0x0A | PACKET_NO_MORE_MSGS | No more messages available | +| 0x0C | PACKET_BATTERY | Battery level | +| 0x0D | PACKET_DEVICE_INFO | Device information | +| 0x10 | PACKET_CONTACT_MSG_RECV_V3 | Contact message (V3 with SNR) | +| 0x11 | PACKET_CHANNEL_MSG_RECV_V3 | Channel message (V3 with SNR) | +| 0x12 | PACKET_CHANNEL_INFO | Channel information | +| 0x80 | PACKET_ADVERTISEMENT | Advertisement packet | +| 0x82 | PACKET_ACK | Acknowledgment | +| 0x83 | PACKET_MESSAGES_WAITING | Messages waiting notification | +| 0x88 | PACKET_LOG_DATA | RF log data (can be ignored) | ### Parsing Responses @@ -1081,33 +890,6 @@ def on_notification_received(data): send_command(tx_char, build_get_message()) ``` -### QR Code Sharing - -```python -import secrets -from urllib.parse import quote - -# 1. Generate QR code data -channel_name = "YourChannelName" -# Generate a real secret (NOT the example value from documentation) -secret_bytes = secrets.token_bytes(16) -secret_hex = secret_bytes.hex() - -# Example value in documentation: "9b647d242d6e1c5883fde0c5cf5c4c5e" -# DO NOT use example values - always generate your own secure random secrets! - -url = f"meshcore://channel/add?name={quote(channel_name)}&secret={secret_hex}" - -# 2. Generate QR code image -qr = qrcode.QRCode(version=1, box_size=10, border=5) -qr.add_data(url) -qr.make(fit=True) -img = qr.make_image(fill_color="black", back_color="white") - -# 3. Display or save QR code -img.save("channel_qr.png") -``` - --- ## Best Practices @@ -1121,81 +903,37 @@ img.save("channel_qr.png") - Always use cryptographically secure random number generators - Store secrets securely (encrypted storage) - Never log or transmit secrets in plain text - - Device does not return secrets - you must store them locally 3. **Message Handling**: - - Poll `GET_MESSAGE` periodically or when `PACKET_MESSAGES_WAITING` is received - - Handle message chunking for long messages (>133 characters) - - Implement message deduplication to avoid processing the same message twice - -4. **Error Handling**: - - Implement timeouts for all commands (typically 5 seconds) - - Handle `PACKET_ERROR` responses appropriately - - Log errors for debugging but don't expose sensitive information - -5. **Channel Management**: - - Avoid using channel index 0 for private channels - - Migrate channels from index 0 to 1-7 if needed - - Query channels after connection to discover existing channels - ---- - -## Platform-Specific Notes - -### Android -- Use `BluetoothGatt` API -- Request `BLUETOOTH_CONNECT` and `BLUETOOTH_SCAN` permissions (Android 12+) -- Enable notifications by writing to descriptor `0x2902` with value `0x01` or `0x02` + - Send `CMD_SYNC_NEXT_MESSAGE` when `PUSH_CODE_MSG_WAITING` is received + - Implement message deduplication to avoid display the same message twice -### iOS -- Use `CoreBluetooth` framework -- Implement `CBPeripheralDelegate` for notifications -- Request Bluetooth permissions in Info.plist +4. **Channel Management**: + - Fetch all channel slots even if you encounter an empty slot + - Ideally save new channels into the first empty slot -### Python -- Use `bleak` library for cross-platform BLE support -- Handle async/await for BLE operations -- Use `asyncio` for command-response patterns - -### JavaScript/Node.js -- Use `noble` or `@abandonware/noble` for BLE -- Handle callbacks or promises for async operations -- Use `Buffer` for binary data manipulation +5. **Error Handling**: + - Implement timeouts for all commands (typically 5 seconds) + - Handle `RESP_CODE_ERR` responses appropriately --- ## Troubleshooting ### Connection Issues + - **Device not found**: Ensure device is powered on and advertising - **Connection timeout**: Check Bluetooth permissions and device proximity - **GATT errors**: Ensure proper service/characteristic discovery ### Command Issues + - **No response**: Verify notifications are enabled, check connection state -- **Error responses**: Verify command format, check channel index validity -- **Timeout**: Increase timeout value or check device responsiveness +- **Error responses**: Verify command format and check error code +- **Timeout**: Increase timeout value or try again ### Message Issues -- **Messages not received**: Poll `GET_MESSAGE` command periodically -- **Duplicate messages**: Implement message deduplication using timestamps/hashes -- **Message truncation**: Split long messages into chunks - -### Secret/Channel Issues -- **Secret not working**: Verify secret expansion (SHA-512) is correct -- **Channel not found**: Query channels after connection to discover existing channels -- **Channel index 0**: Migrate to index 1-7 for private channels - ---- - -## References - -- MeshCore Python implementation: `meshcore_py-main/src/meshcore/` -- BLE GATT Specification: Bluetooth SIG Core Specification -- ED25519 Key Expansion: RFC 8032 - ---- - -**Last Updated**: 2025-01-01 -**Protocol Version**: Based on MeshCore v1.36.0+ +- **Messages not received**: Poll `GET_MESSAGE` command periodically +- **Duplicate messages**: Implement message deduplication using timestamp/content as a unique id +- **Message truncation**: Send long messages as separate shorter messages diff --git a/docs/docs.md b/docs/docs.md new file mode 100644 index 000000000..7fab4bb7d --- /dev/null +++ b/docs/docs.md @@ -0,0 +1,13 @@ +# Local Documentation + +This document explains how to build and view the MeshCore documentation locally. + +## Building and viewing Docs + +``` +pip install mkdocs +pip install mkdocs-material +``` + +- `mkdocs serve` - Start the live-reloading docs server. +- `mkdocs build` - Build the documentation site. diff --git a/docs/faq.md b/docs/faq.md index 66a942a4a..94d46d367 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -1,11 +1,6 @@ -**MeshCore-FAQ** -A list of frequently-asked questions and answers for MeshCore - -The current version of this MeshCore FAQ is at https://github.com/meshcore-dev/MeshCore/blob/main/docs/faq.md. -This MeshCore FAQ is also mirrored at https://github.com/LitBomb/MeshCore-FAQ and might have newer updates if pull requests on Scott's MeshCore repo are not approved yet. +# Frequently Asked Questions -author: https://github.com/LitBomb ---- +A list of frequently-asked questions and answers for MeshCore - [1. Introduction](#1-introduction) - [1.1. Q: What is MeshCore?](#11-q-what-is-meshcore) @@ -112,15 +107,15 @@ Anyone is able to build anything they like on top of MeshCore without paying any ### 1.2. Q: What do you need to start using MeshCore? **A:** Everything you need for MeshCore is available at: - Main web site: [https://meshcore.co.uk/](https://meshcore.co.uk/) - Firmware Flasher: https://flasher.meshcore.co.uk/ - Phone Client Applications: https://meshcore.co.uk/apps.html - MeshCore Firmware GitHub: https://github.com/ripplebiz/MeshCore - - NOTE: Andy Kirby has a very useful [intro video](https://www.youtube.com/watch?v=t1qne8uJBAc) for beginners. +- Main web site: [https://meshcore.co.uk](https://meshcore.co.uk) +- Firmware Flasher: [https://flasher.meshcore.co.uk](https://flasher.meshcore.co.uk) +- MeshCore Firmware on GitHub: [https://github.com/meshcore-dev/MeshCore](https://github.com/meshcore-dev/MeshCore) +- MeshCore Companion App: [https://meshcore.nz](https://meshcore.nz) +- MeshCore Map: [https://meshcore.co.uk/map.html](https://meshcore.co.uk/map.html) +- Andy Kirby has a very useful [intro video](https://www.youtube.com/watch?v=t1qne8uJBAc) for beginners. - You need LoRa hardware devices to run MeshCore firmware as clients or server (repeater and room server). +You need LoRa hardware devices to run MeshCore firmware as clients or server (repeater and room server). #### 1.2.1. Hardware MeshCore is available on a variety of 433MHz, 868MHz and 915MHz LoRa devices. For example, Lilygo T-Deck, T-Pager, RAK Wireless WisBlock RAK4631 devices (e.g. 19003, 19007, 19026), Heltec V3, Xiao S3 WIO, Xiao C3, Heltec T114, Station G2, Nano G2 Ultra, Seeed Studio T1000-E. More devices are being added regularly. @@ -535,7 +530,7 @@ MeshCore clients would need to reset path constantly and flood traffic across th This could change in the future if MeshCore develops a client firmware that repeats. [Source](https://discord.com/channels/826570251612323860/1330643963501351004/1354780032140054659) -### 5.12. Q: How do I add a node to the [MeshCore Map]([url](https://meshcore.co.uk/map.html)) +### 5.12. Q: How do I add a node to the [MeshCore Map](https://meshcore.co.uk/map.html) **A:** To add a BLE Companion radio, connect to the BLE Companion radio from the MeshCore smartphone app. In the app, tap the `3 dot` menu icon at the top right corner, then tap `Internet Map`. Tap the `3 dot` menu icon again and choose `Add me to the Map` diff --git a/docs/index.md b/docs/index.md index b4fb262b1..f4394f756 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,13 +1,15 @@ -# Welcome +# Introduction Welcome to the MeshCore documentation. -## Building and viewing Docs +Below are a few quick start guides. -``` -pip install mkdocs -pip install mkdocs-material -``` +- [Frequently Asked Questions](./faq.md) +- [CLI Commands](./cli_commands.md) +- [Companion Protocol](./companion_protocol.md) +- [Packet Structure](./packet_structure.md) +- [QR Codes](./qr_codes.md) -* `mkdocs serve` - Start the live-reloading docs server. -* `mkdocs build` - Build the documentation site. +If you find a mistake in any of our documentation, or find something is missing, please feel free to open a pull request for us to review. + +- [Documentation Source](https://github.com/meshcore-dev/MeshCore/tree/main/docs) diff --git a/docs/qr_codes.md b/docs/qr_codes.md new file mode 100644 index 000000000..364efa8ac --- /dev/null +++ b/docs/qr_codes.md @@ -0,0 +1,34 @@ +# QR Codes + +This document provides an overview of QR Code formats that can be used for sharing MeshCore channels and contacts. The formats described below are supported by the MeshCore mobile app. + +## Add Channel + +**Example URL**: + +``` +meshcore://channel/add?name=Public&secret=8b3387e9c5cdea6ac9e5edbaa115cd72 +``` + +**Parameters**: + +- `name`: Channel name (URL-encoded if needed) +- `secret`: 16-byte secret represented as 32 hex characters + +## Add Contact + +**Example URL**: + +``` +meshcore://contact/add?name=Example+Contact&public_key=9cd8fcf22a47333b591d96a2b848b73f457b1bb1a3ea2453a885f9e5787765b1&type=1 +``` + +**Parameters**: + +- `name`: Contact name (URL-encoded if needed) +- `public_key`: 32-byte public key represented as 64 hex characters +- `type`: numeric contact type + - `1`: Companion + - `2`: Repeater + - `3`: Room Server + - `4`: Sensor diff --git a/docs/terminal_chat_cli.md b/docs/terminal_chat_cli.md new file mode 100644 index 000000000..f053e64d8 --- /dev/null +++ b/docs/terminal_chat_cli.md @@ -0,0 +1,96 @@ +# Terminal Chat CLI + +Below are the commands you can enter into the Terminal Chat clients: + +``` +set freq {frequency} +``` +Set the LoRa frequency. Example: set freq 915.8 + +``` +set tx {tx-power-dbm} +``` +Sets LoRa transmit power in dBm. + +``` +set name {name} +``` +Sets your advertisement name. + +``` +set lat {latitude} +``` +Sets your advertisement map latitude. (decimal degrees) + +``` +set lon {longitude} +``` +Sets your advertisement map longitude. (decimal degrees) + +``` +set af {air-time-factor} +``` +Sets the transmit air-time-factor. + + +``` +time {epoch-secs} +``` +Set the device clock using UNIX epoch seconds. Example: time 1738242833 + + +``` +advert +``` +Sends an advertisement packet + +``` +clock +``` +Displays current time per device's clock. + + +``` +ver +``` +Shows the device version and firmware build date. + +``` +card +``` +Displays *your* 'business card', for other to manually _import_ + +``` +import {card} +``` +Imports the given card to your contacts. + +``` +list {n} +``` +List all contacts by most recent. (optional {n}, is the last n by advertisement date) + +``` +to +``` +Shows the name of current recipient contact. (for subsequent 'send' commands) + +``` +to {name-prefix} +``` +Sets the recipient to the _first_ matching contact (in 'list') by the name prefix. (ie. you don't have to type whole name) + +``` +send {text} +``` +Sends the text message (as DM) to current recipient. + +``` +reset path +``` +Resets the path to current recipient, for new path discovery. + +``` +public {text} +``` +Sends the text message to the built-in 'public' group channel From dccdc4d958be339ab15f2e85b1fb49c24764fb5a Mon Sep 17 00:00:00 2001 From: Don Patterson Date: Tue, 3 Feb 2026 18:06:23 -0800 Subject: [PATCH 24/30] Fix URLs --- docs/faq.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/faq.md b/docs/faq.md index 94d46d367..79c4e9a8a 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -290,7 +290,7 @@ This is a very low cost operation. AGC reset is done by simply setting `state = ### 3.8 Q: How do I make my repeater an observer on the mesh -**A:** The observer instruction is available here: https://analyzer.letsme.sh/observer/onboard +**A:** The observer instruction is available here: https://analyzer.letsmesh.net/observer/onboard --- @@ -607,7 +607,7 @@ From here, reference repeater and room server command line commands on MeshCore **A:** Yes. See the following: #### 5.14.1. meshcoremqtt -A Python script to send meshcore debug and packet capture data to MQTT for analysis. Cisien's version is a fork of Andrew-a-g's and is being used to to collect data for https://map.w0z.is/messages and https://analyzer.letsme.sh/ +A Python script to send meshcore debug and packet capture data to MQTT for analysis. Cisien's version is a fork of Andrew-a-g's and is being used to to collect data for https://map.w0z.is/messages and https://analyzer.letsmesh.net/ https://github.com/Cisien/meshcoretomqtt https://github.com/Andrew-a-g/meshcoretomqtt @@ -632,7 +632,7 @@ pyMC_Core is a Python port of MeshCore, designed for Raspberry Pi and similar ha https://github.com/rightup/pyMC_core #### 5.14.7. MeshCore Packet Decoder -A TypeScript library for decoding MeshCore mesh networking packets with full cryptographic support. Uses WebAssembly (WASM) for Ed25519 key derivation through the orlp/ed25519 library. It powers the [MeshCore Packet Analyzer](https://analyzer.letsme.sh/packets). +A TypeScript library for decoding MeshCore mesh networking packets with full cryptographic support. Uses WebAssembly (WASM) for Ed25519 key derivation through the orlp/ed25519 library. It powers the [MeshCore Packet Analyzer](https://analyzer.letsmesh.net/packets). https://github.com/michaelhart/meshcore-decoder #### 5.14.8. meshcore-pi From 6564bbd58e7b7e6d8f6cb2adc167c5c8c5ace551 Mon Sep 17 00:00:00 2001 From: liamcottle Date: Sun, 8 Feb 2026 13:00:59 +1300 Subject: [PATCH 25/30] migrate docs build script so cname survives --- .github/workflows/github-pages.yml | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/.github/workflows/github-pages.yml b/.github/workflows/github-pages.yml index e1ef22385..a3f53e3f3 100644 --- a/.github/workflows/github-pages.yml +++ b/.github/workflows/github-pages.yml @@ -23,12 +23,15 @@ jobs: with: ruby-version: 3.x - - name: Configure Git Credentials - run: | - git config user.name github-actions[bot] - git config user.email 41898282+github-actions[bot]@users.noreply.github.com - - - name: Build and Deploy + - name: Build run: | pip install mkdocs-material - mkdocs gh-deploy --force + mkdocs build + + - name: Deploy to GitHub Pages + uses: peaceiris/actions-gh-pages@v3 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + cname: docs.meshcore.nz + publish_dir: ./site + publish_branch: 'gh-pages' From 85aa052e1f35ca582b7cf9094e10ce6997a3e506 Mon Sep 17 00:00:00 2001 From: liamcottle Date: Sun, 8 Feb 2026 13:01:13 +1300 Subject: [PATCH 26/30] only deploy docs from main branch --- .github/workflows/github-pages.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/github-pages.yml b/.github/workflows/github-pages.yml index a3f53e3f3..d50a044c5 100644 --- a/.github/workflows/github-pages.yml +++ b/.github/workflows/github-pages.yml @@ -5,7 +5,6 @@ on: push: branches: - main - - docs permissions: contents: write From 4224ddff0bd96453941a8afccb7ca381d9df680d Mon Sep 17 00:00:00 2001 From: liamcottle Date: Sun, 8 Feb 2026 14:05:37 +1300 Subject: [PATCH 27/30] refactor packet format docs --- docs/index.md | 2 +- docs/packet_format.md | 120 +++++++++++++++++++++++++++++++++++++++ docs/packet_structure.md | 60 -------------------- docs/payloads.md | 17 +++--- 4 files changed, 130 insertions(+), 69 deletions(-) create mode 100644 docs/packet_format.md delete mode 100644 docs/packet_structure.md diff --git a/docs/index.md b/docs/index.md index f4394f756..9460a00c5 100644 --- a/docs/index.md +++ b/docs/index.md @@ -7,7 +7,7 @@ Below are a few quick start guides. - [Frequently Asked Questions](./faq.md) - [CLI Commands](./cli_commands.md) - [Companion Protocol](./companion_protocol.md) -- [Packet Structure](./packet_structure.md) +- [Packet Format](./packet_format.md) - [QR Codes](./qr_codes.md) If you find a mistake in any of our documentation, or find something is missing, please feel free to open a pull request for us to review. diff --git a/docs/packet_format.md b/docs/packet_format.md new file mode 100644 index 000000000..50f9c01a7 --- /dev/null +++ b/docs/packet_format.md @@ -0,0 +1,120 @@ +# Packet Format + +This document describes the MeshCore packet format. + +- `0xYY` indicates `YY` in hex notation. +- `0bYY` indicates `YY` in binary notation. +- Bit 0 indicates the bit furthest to the right: `0000000X` +- Bit 7 indicates the bit furthest to the left: `X0000000` + +## Version 1 Packet Format + +This is the protocol level packet structure used in MeshCore firmware v1.12.0 + +``` +[header][transport_codes(optional)][path_length][path][payload] +``` + +- [header](#header-format) - 1 byte + - 8-bit Format: `0bVVPPPPRR` - `V=Version` - `P=PayloadType` - `R=RouteType` + - Bits 0-1 - 2-bits - [Route Type](#route-types) + - `0x00`/`0b00` - `ROUTE_TYPE_TRANSPORT_FLOOD` - Flood Routing + Transport Codes + - `0x01`/`0b01` - `ROUTE_TYPE_FLOOD` - Flood Routing + - `0x02`/`0b10` - `ROUTE_TYPE_DIRECT` - Direct Routing + - `0x03`/`0b11` - `ROUTE_TYPE_TRANSPORT_DIRECT` - Direct Routing + Transport Codes + - Bits 2-5 - 4-bits - [Payload Type](#payload-types) + - `0x00`/`0b0000` - `PAYLOAD_TYPE_REQ` - Request (destination/source hashes + MAC) + - `0x01`/`0b0001` - `PAYLOAD_TYPE_RESPONSE` - Response to `REQ` or `ANON_REQ` + - `0x02`/`0b0010` - `PAYLOAD_TYPE_TXT_MSG` - Plain text message + - `0x03`/`0b0011` - `PAYLOAD_TYPE_ACK` - Acknowledgment + - `0x04`/`0b0100` - `PAYLOAD_TYPE_ADVERT` - Node advertisement + - `0x05`/`0b0101` - `PAYLOAD_TYPE_GRP_TXT` - Group text message (unverified) + - `0x06`/`0b0110` - `PAYLOAD_TYPE_GRP_DATA` - Group datagram (unverified) + - `0x07`/`0b0111` - `PAYLOAD_TYPE_ANON_REQ` - Anonymous request + - `0x08`/`0b1000` - `PAYLOAD_TYPE_PATH` - Returned path + - `0x09`/`0b1001` - `PAYLOAD_TYPE_TRACE` - Trace a path, collecting SNR for each hop + - `0x0A`/`0b1010` - `PAYLOAD_TYPE_MULTIPART` - Packet is part of a sequence of packets + - `0x0B`/`0b1011` - `PAYLOAD_TYPE_CONTROL` - Control packet data (unencrypted) + - `0x0C`/`0b1100` - reserved + - `0x0D`/`0b1101` - reserved + - `0x0E`/`0b1110` - reserved + - `0x0F`/`0b1111` - `PAYLOAD_TYPE_RAW_CUSTOM` - Custom packet (raw bytes, custom encryption) + - Bits 6-7 - 2-bits - [Payload Version](#payload-versions) + - `0x00`/`0b00` - v1 - 1-byte src/dest hashes, 2-byte MAC + - `0x01`/`0b01` - v2 - Future version (e.g., 2-byte hashes, 4-byte MAC) + - `0x02`/`0b10` - v3 - Future version + - `0x03`/`0b11` - v4 - Future version +- `transport_codes` - 4 bytes (optional) + - Only present for `ROUTE_TYPE_TRANSPORT_FLOOD` and `ROUTE_TYPE_TRANSPORT_DIRECT` + - `transport_code_1` - 2 bytes - `uint16_t` - calculated from region scope + - `transport_code_2` - 2 bytes - `uint16_t` - reserved +- `path_length` - 1 byte - Length of the path field in bytes +- `path` - size provided by `path_length` - Path to use for Direct Routing + - Up to a maximum of 64 bytes, defined by `MAX_PATH_SIZE` + - v1.12.0 firmware and older drops packets with `path_length` [larger than 64](https://github.com/meshcore-dev/MeshCore/blob/e812632235274ffd2382adf5354168aec765d416/src/Dispatcher.cpp#L144) +- `payload` - variable length - Payload Data + - Up to a maximum 184 bytes, defined by `MAX_PACKET_PAYLOAD` + - Generally this is the remainder of the raw packet data + - The firmware parses this data based on the provided Payload Type + - v1.12.0 firmware and older drops packets with `payload` sizes [larger than 184](https://github.com/meshcore-dev/MeshCore/blob/e812632235274ffd2382adf5354168aec765d416/src/Dispatcher.cpp#L152) + +### Packet Format + +| Field | Size (bytes) | Description | +|-----------------|----------------------------------|----------------------------------------------------------| +| header | 1 | Contains routing type, payload type, and payload version | +| transport_codes | 4 (optional) | 2x 16-bit transport codes (if ROUTE_TYPE_TRANSPORT_*) | +| path_length | 1 | Length of the path field in bytes | +| path | up to 64 (`MAX_PATH_SIZE`) | Stores the routing path if applicable | +| payload | up to 184 (`MAX_PACKET_PAYLOAD`) | Data for the provided Payload Type | + +> NOTE: see the [Payloads](./payloads.md) documentation for more information about the content of specific payload types. + +### Header Format + +Bit 0 means the lowest bit (1s place) + +| Bits | Mask | Field | Description | +|------|--------|-----------------|----------------------------------| +| 0-1 | `0x03` | Route Type | Flood, Direct, etc | +| 2-5 | `0x3C` | Payload Type | Request, Response, ACK, etc | +| 6-7 | `0xC0` | Payload Version | Versioning of the payload format | + +### Route Types + +| Value | Name | Description | +|--------|-------------------------------|----------------------------------| +| `0x00` | `ROUTE_TYPE_TRANSPORT_FLOOD` | Flood Routing + Transport Codes | +| `0x01` | `ROUTE_TYPE_FLOOD` | Flood Routing | +| `0x02` | `ROUTE_TYPE_DIRECT` | Direct Routing | +| `0x03` | `ROUTE_TYPE_TRANSPORT_DIRECT` | Direct Routing + Transport Codes | + +### Payload Types + +| Value | Name | Description | +|--------|---------------------------|----------------------------------------------| +| `0x00` | `PAYLOAD_TYPE_REQ` | Request (destination/source hashes + MAC) | +| `0x01` | `PAYLOAD_TYPE_RESPONSE` | Response to `REQ` or `ANON_REQ` | +| `0x02` | `PAYLOAD_TYPE_TXT_MSG` | Plain text message | +| `0x03` | `PAYLOAD_TYPE_ACK` | Acknowledgment | +| `0x04` | `PAYLOAD_TYPE_ADVERT` | Node advertisement | +| `0x05` | `PAYLOAD_TYPE_GRP_TXT` | Group text message (unverified) | +| `0x06` | `PAYLOAD_TYPE_GRP_DATA` | Group datagram (unverified) | +| `0x07` | `PAYLOAD_TYPE_ANON_REQ` | Anonymous request | +| `0x08` | `PAYLOAD_TYPE_PATH` | Returned path | +| `0x09` | `PAYLOAD_TYPE_TRACE` | Trace a path, collecting SNR for each hop | +| `0x0A` | `PAYLOAD_TYPE_MULTIPART` | Packet is part of a sequence of packets | +| `0x0B` | `PAYLOAD_TYPE_CONTROL` | Control packet data (unencrypted) | +| `0x0C` | reserved | reserved | +| `0x0D` | reserved | reserved | +| `0x0E` | reserved | reserved | +| `0x0F` | `PAYLOAD_TYPE_RAW_CUSTOM` | Custom packet (raw bytes, custom encryption) | + +### Payload Versions + +| Value | Version | Description | +|--------|---------|--------------------------------------------------| +| `0x00` | 1 | 1-byte src/dest hashes, 2-byte MAC | +| `0x01` | 2 | Future version (e.g., 2-byte hashes, 4-byte MAC) | +| `0x02` | 3 | Future version | +| `0x03` | 4 | Future version | diff --git a/docs/packet_structure.md b/docs/packet_structure.md deleted file mode 100644 index 92c410be5..000000000 --- a/docs/packet_structure.md +++ /dev/null @@ -1,60 +0,0 @@ -# Packet Structure - -| Field | Size (bytes) | Description | -|-----------------|----------------------------------|-----------------------------------------------------------| -| header | 1 | Contains routing type, payload type, and payload version. | -| transport_codes | 4 (optional) | 2x 16-bit transport codes (if ROUTE_TYPE_TRANSPORT_*) | -| path_len | 1 | Length of the path field in bytes. | -| path | up to 64 (`MAX_PATH_SIZE`) | Stores the routing path if applicable. | -| payload | up to 184 (`MAX_PACKET_PAYLOAD`) | The actual data being transmitted. | - -Note: see the [payloads doc](./payloads.md) for more information about the content of payload. - -## Header Breakdown - -bit 0 means the lowest bit (1s place) - -| Bits | Mask | Field | Description | -|-------|--------|-----------------|-----------------------------------------------| -| 0-1 | `0x03` | Route Type | Flood, Direct, Reserved - see below. | -| 2-5 | `0x3C` | Payload Type | Request, Response, ACK, etc. - see below. | -| 6-7 | `0xC0` | Payload Version | Versioning of the payload format - see below. | - -## Route Type Values - -| Value | Name | Description | -|--------|-------------------------------|--------------------------------------| -| `0x00` | `ROUTE_TYPE_TRANSPORT_FLOOD` | Flood routing mode + transport codes | -| `0x01` | `ROUTE_TYPE_FLOOD` | Flood routing mode (builds up path). | -| `0x02` | `ROUTE_TYPE_DIRECT` | Direct route (path is supplied). | -| `0x03` | `ROUTE_TYPE_TRANSPORT_DIRECT` | direct route + transport codes | - -## Payload Type Values - -| Value | Name | Description | -|--------|---------------------------|-----------------------------------------------| -| `0x00` | `PAYLOAD_TYPE_REQ` | Request (destination/source hashes + MAC). | -| `0x01` | `PAYLOAD_TYPE_RESPONSE` | Response to REQ or ANON_REQ. | -| `0x02` | `PAYLOAD_TYPE_TXT_MSG` | Plain text message. | -| `0x03` | `PAYLOAD_TYPE_ACK` | Acknowledgment. | -| `0x04` | `PAYLOAD_TYPE_ADVERT` | Node advertisement. | -| `0x05` | `PAYLOAD_TYPE_GRP_TXT` | Group text message (unverified). | -| `0x06` | `PAYLOAD_TYPE_GRP_DATA` | Group datagram (unverified). | -| `0x07` | `PAYLOAD_TYPE_ANON_REQ` | Anonymous request. | -| `0x08` | `PAYLOAD_TYPE_PATH` | Returned path. | -| `0x09` | `PAYLOAD_TYPE_TRACE` | trace a path, collecting SNI for each hop. | -| `0x0A` | `PAYLOAD_TYPE_MULTIPART` | packet is part of a sequence of packets. | -| `0x0B` | `PAYLOAD_TYPE_CONTROL` | control packet data (unencrypted) | -| `0x0C` | . | reserved | -| `0x0D` | . | reserved | -| `0x0E` | . | reserved | -| `0x0F` | `PAYLOAD_TYPE_RAW_CUSTOM` | Custom packet (raw bytes, custom encryption). | - -## Payload Version Values - -| Value | Version | Description | -|--------|---------|---------------------------------------------------| -| `0x00` | 1 | 1-byte src/dest hashes, 2-byte MAC. | -| `0x01` | 2 | Future version (e.g., 2-byte hashes, 4-byte MAC). | -| `0x02` | 3 | Future version. | -| `0x03` | 4 | Future version. | diff --git a/docs/payloads.md b/docs/payloads.md index aaa84166e..3648b6557 100644 --- a/docs/payloads.md +++ b/docs/payloads.md @@ -1,5 +1,6 @@ -# Meshcore payloads -Inside of each [meshcore packet](./packet_structure.md) is a payload, identified by the payload type in the packet header. The types of payloads are: +# Payload Format + +Inside each [MeshCore Packet](./packet_format.md) is a payload, identified by the payload type in the packet header. The types of payloads are: * Node advertisement. * Acknowledgment. @@ -80,12 +81,12 @@ Returned path, request, response, and plain text messages are all formatted in t Returned path messages provide a description of the route a packet took from the original author. Receivers will send returned path messages to the author of the original message. -| Field | Size (bytes) | Description | -|-------------|--------------|----------------------------------------------------------------------------------------------| -| path length | 1 | length of next field | -| path | see above | a list of node hashes (one byte each) | -| extra type | 1 | extra, bundled payload type, eg., acknowledgement or response. Same values as in [packet structure](./packet_structure.md) | -| extra | rest of data | extra, bundled payload content, follows same format as main content defined by this document | +| Field | Size (bytes) | Description | +|-------------|--------------|----------------------------------------------------------------------------------------------------------------------| +| path length | 1 | length of next field | +| path | see above | a list of node hashes (one byte each) | +| extra type | 1 | extra, bundled payload type, eg., acknowledgement or response. Same values as in [Packet Format](./packet_format.md) | +| extra | rest of data | extra, bundled payload content, follows same format as main content defined by this document | ## Request From 5170cefdb2123f0cfd1edf230c49ff3a5345e65d Mon Sep 17 00:00:00 2001 From: dowjames Date: Thu, 12 Feb 2026 15:07:19 -0500 Subject: [PATCH 28/30] fix ikoka handheld variant fix ikoka handheld variant --- variants/ikoka_handheld_nrf/platformio.ini | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/variants/ikoka_handheld_nrf/platformio.ini b/variants/ikoka_handheld_nrf/platformio.ini index d2bbeffe4..978f5f51b 100644 --- a/variants/ikoka_handheld_nrf/platformio.ini +++ b/variants/ikoka_handheld_nrf/platformio.ini @@ -1,10 +1,15 @@ [ikoka_handheld_nrf] extends = nrf52_base +board = seeed-xiao-afruitnrf52-nrf52840 +board_build.ldscript = boards/nrf52840_s140_v7.ld build_flags = ${nrf52_base.build_flags} ${sensor_base.build_flags} + -D NRF52_PLATFORM -D XIAO_NRF52 -I lib/nrf52/s140_nrf52_7.3.0_API/include -I lib/nrf52/s140_nrf52_7.3.0_API/include/nrf52 -I variants/ikoka_handheld_nrf + -I src/helpers/nrf52 + -D P_LORA_TX_LED=11 -UENV_INCLUDE_GPS -D IKOKA_NRF52 -D RADIO_CLASS=CustomSX1262 @@ -48,7 +53,7 @@ build_src_filter = ${ikoka_handheld_nrf.build_src_filter} +<../examples/companion_radio/*.cpp> [env:ikoka_handheld_nrf_e22_30dbm_096_companion_radio_ble] -extends = ikoka_nrf52 +extends = ikoka_handheld_nrf build_flags = ${ikoka_handheld_nrf_ssd1306_companion.build_flags} -D BLE_PIN_CODE=123456 -D LORA_TX_POWER=20 @@ -56,7 +61,7 @@ build_src_filter = ${ikoka_handheld_nrf_ssd1306_companion.build_src_filter} + [env:ikoka_handheld_nrf_e22_30dbm_096_rotated_companion_radio_ble] -extends = ikoka_nrf52 +extends = ikoka_handheld_nrf build_flags = ${ikoka_handheld_nrf_ssd1306_companion.build_flags} -D BLE_PIN_CODE=123456 -D LORA_TX_POWER=20 @@ -65,20 +70,20 @@ build_src_filter = ${ikoka_handheld_nrf_ssd1306_companion.build_src_filter} + [env:ikoka_handheld_nrf_e22_30dbm_096_companion_radio_usb] -extends = ikoka_nrf52 +extends = ikoka_handheld_nrf build_flags = ${ikoka_handheld_nrf_ssd1306_companion.build_flags} -D LORA_TX_POWER=20 build_src_filter = ${ikoka_handheld_nrf_ssd1306_companion.build_src_filter} [env:ikoka_handheld_nrf_e22_30dbm_096_rotated_companion_radio_usb] -extends = ikoka_nrf52 +extends = ikoka_handheld_nrf build_flags = ${ikoka_handheld_nrf_ssd1306_companion.build_flags} -D LORA_TX_POWER=20 -D DISPLAY_ROTATION=2 build_src_filter = ${ikoka_handheld_nrf_ssd1306_companion.build_src_filter} [env:ikoka_handheld_nrf_e22_30dbm_repeater] -extends = ikoka_nrf52 +extends = ikoka_handheld_nrf build_flags = ${ikoka_handheld_nrf.build_flags} -D ADVERT_NAME='"ikoka_handheld Repeater"' @@ -91,7 +96,7 @@ build_src_filter = ${ikoka_handheld_nrf.build_src_filter} +<../examples/simple_repeater/*.cpp> [env:ikoka_handheld_nrf_e22_30dbm_room_server] -extends = ikoka_nrf52 +extends = ikoka_handheld_nrf build_flags = ${ikoka_handheld_nrf.build_flags} -D ADVERT_NAME='"ikoka_handheld Room"' From c57e0c76acc345d1417d48d57ba7c2bdda32a229 Mon Sep 17 00:00:00 2001 From: dowjames Date: Sat, 14 Feb 2026 11:54:45 -0500 Subject: [PATCH 29/30] update/fix ikoka handheld update/fix ikoka handheld and add 33dbm variant --- variants/ikoka_handheld_nrf/platformio.ini | 50 +++++++++++++++++++--- 1 file changed, 43 insertions(+), 7 deletions(-) diff --git a/variants/ikoka_handheld_nrf/platformio.ini b/variants/ikoka_handheld_nrf/platformio.ini index d2bbeffe4..b6183d4d3 100644 --- a/variants/ikoka_handheld_nrf/platformio.ini +++ b/variants/ikoka_handheld_nrf/platformio.ini @@ -1,12 +1,15 @@ [ikoka_handheld_nrf] extends = nrf52_base +board = seeed-xiao-afruitnrf52-nrf52840 +board_build.ldscript = boards/nrf52840_s140_v7.ld build_flags = ${nrf52_base.build_flags} ${sensor_base.build_flags} + -D NRF52_PLATFORM -D IKOKA_NRF52 -I lib/nrf52/s140_nrf52_7.3.0_API/include -I lib/nrf52/s140_nrf52_7.3.0_API/include/nrf52 -I variants/ikoka_handheld_nrf + -I src/helpers/nrf52 -UENV_INCLUDE_GPS - -D IKOKA_NRF52 -D RADIO_CLASS=CustomSX1262 -D WRAPPER_CLASS=CustomSX1262Wrapper -D P_LORA_TX_LED=11 @@ -48,7 +51,7 @@ build_src_filter = ${ikoka_handheld_nrf.build_src_filter} +<../examples/companion_radio/*.cpp> [env:ikoka_handheld_nrf_e22_30dbm_096_companion_radio_ble] -extends = ikoka_nrf52 +extends = ikoka_handheld_nrf build_flags = ${ikoka_handheld_nrf_ssd1306_companion.build_flags} -D BLE_PIN_CODE=123456 -D LORA_TX_POWER=20 @@ -56,7 +59,7 @@ build_src_filter = ${ikoka_handheld_nrf_ssd1306_companion.build_src_filter} + [env:ikoka_handheld_nrf_e22_30dbm_096_rotated_companion_radio_ble] -extends = ikoka_nrf52 +extends = ikoka_handheld_nrf build_flags = ${ikoka_handheld_nrf_ssd1306_companion.build_flags} -D BLE_PIN_CODE=123456 -D LORA_TX_POWER=20 @@ -65,20 +68,20 @@ build_src_filter = ${ikoka_handheld_nrf_ssd1306_companion.build_src_filter} + [env:ikoka_handheld_nrf_e22_30dbm_096_companion_radio_usb] -extends = ikoka_nrf52 +extends = ikoka_handheld_nrf build_flags = ${ikoka_handheld_nrf_ssd1306_companion.build_flags} -D LORA_TX_POWER=20 build_src_filter = ${ikoka_handheld_nrf_ssd1306_companion.build_src_filter} [env:ikoka_handheld_nrf_e22_30dbm_096_rotated_companion_radio_usb] -extends = ikoka_nrf52 +extends = ikoka_handheld_nrf build_flags = ${ikoka_handheld_nrf_ssd1306_companion.build_flags} -D LORA_TX_POWER=20 -D DISPLAY_ROTATION=2 build_src_filter = ${ikoka_handheld_nrf_ssd1306_companion.build_src_filter} [env:ikoka_handheld_nrf_e22_30dbm_repeater] -extends = ikoka_nrf52 +extends = ikoka_handheld_nrf build_flags = ${ikoka_handheld_nrf.build_flags} -D ADVERT_NAME='"ikoka_handheld Repeater"' @@ -91,7 +94,7 @@ build_src_filter = ${ikoka_handheld_nrf.build_src_filter} +<../examples/simple_repeater/*.cpp> [env:ikoka_handheld_nrf_e22_30dbm_room_server] -extends = ikoka_nrf52 +extends = ikoka_handheld_nrf build_flags = ${ikoka_handheld_nrf.build_flags} -D ADVERT_NAME='"ikoka_handheld Room"' @@ -101,3 +104,36 @@ build_flags = -D LORA_TX_POWER=20 build_src_filter = ${ikoka_handheld_nrf.build_src_filter} +<../examples/simple_room_server/*.cpp> + +[env:ikoka_handheld_nrf_e22_33dbm_repeater] +extends = ikoka_handheld_nrf +; limit txpower to 9dBm on E22-900M33S to avoid hardware damage +; to the rf amplifier frontend. 9dBm in -> 33dBm out +build_flags = + ${ikoka_handheld_nrf.build_flags} + -D MANUFACTURER_STRING='"Ikoka handheld-E22-33dBm"' + -D LORA_TX_POWER=9 + -D ADVERT_NAME='"ikoka_handheld Repeater"' + -D ADVERT_LAT=0.0 + -D ADVERT_LON=0.0 + -D ADMIN_PASSWORD='"password"' + -D MAX_NEIGHBOURS=50 +build_src_filter = ${ikoka_handheld_nrf.build_src_filter} + +<../examples/simple_repeater/*.cpp> + +[env:ikoka_handheld_nrf_e22_33dbm_room_server] +extends = ikoka_handheld_nrf +; limit txpower to 9dBm on E22-900M33S to avoid hardware damage +; to the rf amplifier frontend. 9dBm in -> 33dBm out +build_flags = + ${ikoka_handheld_nrf.build_flags} + -D MANUFACTURER_STRING='"Ikoka handheld-E22-33dBm"' + -D LORA_TX_POWER=9 + -D ADVERT_NAME='"ikoka_handheld Room"' + -D ADVERT_LAT=0.0 + -D ADVERT_LON=0.0 + -D ADMIN_PASSWORD='"password"' +build_src_filter = ${ikoka_handheld_nrf.build_src_filter} + +<../examples/simple_room_server/*.cpp> + + From f1b57fe237df59e291d4cec6056b1314ab49ae5d Mon Sep 17 00:00:00 2001 From: dowjames Date: Sat, 14 Feb 2026 12:02:29 -0500 Subject: [PATCH 30/30] add 33dbm companion builds add 33dbm companion builds --- variants/ikoka_handheld_nrf/platformio.ini | 39 ++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/variants/ikoka_handheld_nrf/platformio.ini b/variants/ikoka_handheld_nrf/platformio.ini index 255991eaf..5a120fc92 100644 --- a/variants/ikoka_handheld_nrf/platformio.ini +++ b/variants/ikoka_handheld_nrf/platformio.ini @@ -80,6 +80,45 @@ build_flags = ${ikoka_handheld_nrf_ssd1306_companion.build_flags} -D DISPLAY_ROTATION=2 build_src_filter = ${ikoka_handheld_nrf_ssd1306_companion.build_src_filter} +[env:ikoka_handheld_nrf_e22_33dbm_096_companion_radio_ble] +; limit txpower to 9dBm on E22-900M33S to avoid hardware damage +; to the rf amplifier frontend. 9dBm in -> 33dBm out +extends = ikoka_handheld_nrf +build_flags = ${ikoka_handheld_nrf_ssd1306_companion.build_flags} + -D BLE_PIN_CODE=123456 + -D LORA_TX_POWER=9 +build_src_filter = ${ikoka_handheld_nrf_ssd1306_companion.build_src_filter} + + + +[env:ikoka_handheld_nrf_e22_33dbm_096_rotated_companion_radio_ble] +; limit txpower to 9dBm on E22-900M33S to avoid hardware damage +; to the rf amplifier frontend. 9dBm in -> 33dBm out +extends = ikoka_handheld_nrf +build_flags = ${ikoka_handheld_nrf_ssd1306_companion.build_flags} + -D BLE_PIN_CODE=123456 + -D LORA_TX_POWER=9 + -D DISPLAY_ROTATION=2 +build_src_filter = ${ikoka_handheld_nrf_ssd1306_companion.build_src_filter} + + + +[env:ikoka_handheld_nrf_e22_33dbm_096_companion_radio_usb] +; limit txpower to 9dBm on E22-900M33S to avoid hardware damage +; to the rf amplifier frontend. 9dBm in -> 33dBm out +extends = ikoka_handheld_nrf +build_flags = ${ikoka_handheld_nrf_ssd1306_companion.build_flags} + -D LORA_TX_POWER=9 +build_src_filter = ${ikoka_handheld_nrf_ssd1306_companion.build_src_filter} + +[env:ikoka_handheld_nrf_e22_33dbm_096_rotated_companion_radio_usb] +; limit txpower to 9dBm on E22-900M33S to avoid hardware damage +; to the rf amplifier frontend. 9dBm in -> 33dBm out +extends = ikoka_handheld_nrf +build_flags = ${ikoka_handheld_nrf_ssd1306_companion.build_flags} + -D LORA_TX_POWER=9 + -D DISPLAY_ROTATION=2 +build_src_filter = ${ikoka_handheld_nrf_ssd1306_companion.build_src_filter} + + [env:ikoka_handheld_nrf_e22_30dbm_repeater] extends = ikoka_handheld_nrf build_flags =