From 8f75c17e0be4835f216b9cb7aaf697182346f4c9 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Thu, 26 Oct 2023 11:52:50 +0200
Subject: [PATCH] global: switch eworm.de to new certificate chain (E1 / ISRG
 Root X2)

old chain: R3 / ISRG Root X1
new chain: E1 / ISRG Root X2

No user interaction or migration is required for existing installations
as we install 'E1' and 'ISRG Root X2' for some time already.
---
 INITIAL-COMMANDS.md             |  12 ++--
 README.d/01-download-certs.avif | Bin 2105 -> 4420 bytes
 README.d/02-import-certs.avif   | Bin 2266 -> 3606 bytes
 README.d/03-check-certs.avif    | Bin 4850 -> 8223 bytes
 README.md                       |  14 ++--
 certs/E1.pem                    | 119 --------------------------------
 global-config.rsc               |   4 +-
 global-functions                |   4 --
 global-functions.rsc            |   4 --
 9 files changed, 15 insertions(+), 142 deletions(-)

diff --git a/INITIAL-COMMANDS.md b/INITIAL-COMMANDS.md
index a53ae0f..da951aa 100644
--- a/INITIAL-COMMANDS.md
+++ b/INITIAL-COMMANDS.md
@@ -10,13 +10,13 @@ Initial commands
 Run the complete base installation:
 
     {
-      /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/R3.pem" dst-path="letsencrypt-R3.pem" as-value;
+      /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/E1.pem" dst-path="letsencrypt-E1.pem" as-value;
       :delay 1s;
-      /certificate/import file-name=letsencrypt-R3.pem passphrase="";
-      :if ([ :len [ /certificate/find where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" or fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" ] ] != 2) do={
+      /certificate/import file-name=letsencrypt-E1.pem passphrase="";
+      :if ([ :len [ /certificate/find where fingerprint="46494e30379059df18be52124305e606fc59070e5b21076ce113954b60517cda" or fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470" ] ] != 2) do={
         :error "Something is wrong with your certificates!";
       };
-      /file/remove "letsencrypt-R3.pem";
+      /file/remove "letsencrypt-E1.pem";
       :delay 1s;
       :foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={
         /system/script/add name=$Script source=([ /tool/fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script . ".rsc") output=user as-value]->"data");
@@ -24,8 +24,8 @@ Run the complete base installation:
       /system/script { run global-config; run global-functions; };
       /system/scheduler/add name="global-scripts" start-time=startup on-event="/system/script { run global-config; run global-functions; }";
       :global CertificateNameByCN;
-      $CertificateNameByCN "R3";
-      $CertificateNameByCN "ISRG Root X1";
+      $CertificateNameByCN "E1";
+      $CertificateNameByCN "ISRG Root X2";
     };
 
 Then continue setup with
diff --git a/README.d/01-download-certs.avif b/README.d/01-download-certs.avif
index 4da73fabdc93faddeca4f6dba83f23f877ac6edf..b27b23b8ca7990d261be1e4b23349de6d493f767 100644
GIT binary patch
literal 4420
zcmbVJbzD^Kw%!xWFu>4A!$^lncQ*qnArex;P=kyN9ijpv=t!fqpa=>`2uO&EbV-At
zG}00hg8?XKhVT2%y}$d{Id|>fv)8j?uXjD~1^@u%9uSIm4#K(vBqMtq)?FHhb#_0m
zEv*dzAX%JSfHS#9G7(Q#Z@<4N0N}BhfPXmIdt+Vx8AFT52H;L=AkzB`*4qa|j`RQk
z43IM<P^SU_MI|Xdi9mJ$K&3?D+F0zhlTA)49HhXF+(Q1sIY>%c*T>uEWC8YnS4d_3
z5Ue{H<VFsxpW9yp0Du<b>W?`&l6<Ha7Vn2Ac@r!i<3sYySbw}5$&(BsKzc=!K##|U
zU{5lXl$0b-;~XTd8;K%k049u&x8F64cL-@2Bmj#brC70eoHMybG7tcQg21<-06@2c
zb9Fws8Z=rAAdexfLIMK#13<}2PC#n^+mqtIxfrPi20;J_$w!a?A#rj)jEw)qS^nna
zJ`nh?IWZ&-{+pL0NCC+xPoCpX$8!L^u>snEbkND70B}4B=mL~57#v1H35UZG2udm%
zW+V+YH4Qr>6CE=*2QLpd2NxGg;H)r;?+iZ|mx!Y187XNwIXPZoWpyPPwX?EvGUOp3
z1Oh=rO~ZynvdNt0IxX{G+i?@XKnaL}NMiW_Farp}06K01cu9LwfKKc$DP*A#C<P2o
ziJ+n;HPq0PZwdm2LMSMpq)P|gAk_gV0|n!0X>Ayjxig&4msut<`3WVzPGvKT#n85Z
ztczb1g6b428#{-fkg$lTn4G+VqLQ+TuAaVup%L2nqU9wkYa83k7*{uU4^OO@e?VYR
za7bv_?dUr(v3KtgQc@p0OiRzm%*uaSQ26Y5QE^FC^{blNy871*Ev;?s9i3g>J;NiT
zAIHW&eV&;Avaq<cyt2CXb!T^vxc~jf&tC^*U1XjA*k8*2k1ht1E-(}dfx^kUK;U4q
za0V#FX=xavwmIC{mx)g%l9E{``AKCnf?w8Ro5jU%i0YJp+`QlpS=x!R|4dla|4Z4w
zh5e7N34jIyBK<rF1E2})*`C>a{>C=FHT@i;($en<k;E(a?0=8cRB2pW$!jTY^`NnK
z#QeN!7Q&YvoaTHD#)QgiuGgF?ZT%AO+ROzbW?(qYX|S)5+0t?TyE|5xoty9FhT0~o
z^Q$B4OCsJTgax%*%htqkQ||dY{N8w9V%K`3wA+{Nj!)TUt~@n!(8lu+fGM(x%L53O
z2Mw1ma>y}w4huZP^7>B}?XmjJNx83Z+Qsl!6b33-ORxQSwx(u>ITOW-4sVMSg)D<u
zY{J`Q<Mz5WW2~OAem0zx2zR*3Z+j0}YE-!e@~y$sDsM<9YWKN6_3+oHR@k~iZCd%Y
z(9SqiWB89-O+&KeR&;z0Mj$UK(KmItT;fq#N$Kz^>kuVDwp-2Bu$AU^{X%k*>=YqS
zzcJp&HEZ1>((TnlT-gtO#^MAtUB+i3Q0?0^V9$tL|BzjF;nU}tkVb?{!|u`1FD;Q~
z|JfXw$6fqoo(02$_XgvpCvS!J)bu^@OhUUQ5n%HX_H!xzTj(R{bBC8={BWiy7-V~G
zfSYc`K{muxE9HRqXURr;C5qv}3^P8oU$zs@eGF*um06`&RUIaDS>Xu;;|~q;ui|w&
z#%8u=&8k_Yjh}u10P|+9t+@m^#tvh>9pC=8W5v)dnaALsi$!)_PK1%q{ErQ#4!qJ=
zaemJ1s6B0y;><Hb^xeCBxtHYyVAs$TwOf;&(3Kpjp&Qn%48K^-*E~mhCRc7_T}@{U
zKCz={PiZ%Gu+e71Q}QDei67o0wV^MH*2b-6)S_Q>EJ3e+0=-Ecsi>$uUtRoDb<>RD
z@zn1e@zAFJ$$MQL8sQlBfqDBfX3)^uL~IO>SW!KT4Q90#Y|Yg5UZsN|o4PgaAsfOm
zdo34B@5@KOtkSu}eV=hji|VEh-~uyc>lT*p8Pej`{5}x-<EcXOTk*c+rIIaMt}9$T
zC3l*Lsz&V+<;C+hDZ}UhbbK4G@e(5wXAWM<W+#W|hIF4F(F|^?@qFG;I)kVjDdTP>
z^Kt>c74eB{b76#k=1J}`&?<cKUKtUa)|n^IV<kDud0`_gusn<atmav46NA&f;R;^f
zvB^}Ms>XN%fPL|bKnnbt((>X&UNkecC-I&m%fpPGf>^u(4B;K2G`BMzX&=uF8dE5o
z*NfuI^6s!QBwPTg2C0ayEYX^#{enc%*$<<Oe`?RCFg$e-OX*OsZappi_^ZtdZK;+r
zz*`<_ECMNUux_z163Ele2!9-E-qR$?{;l34E(nfF&H3oGDFL=Kf*zo42MwNg3tC2=
zmh9iidD5vC7g&Ci0L*?2#7SPX{_L4{CyP<-zMez2E<#1B-vn|DfFKDq1qZQ_`I*d~
z<No;(>|^d`vs!li!}VW9z?+3r;2pun=yP|KE}6mYcVV(K1=r)13*s$CTy^YgH&S2S
z89;qU{Rw=e@4oh8s^4<7uy^u(an1K>4pB6rJu`$?voD9<6#Aoc-BRdHtV>y0eXRIB
zglZkvl?8RxAKxyC6mpn5%=QMX9jafvrRZ;}^$|5xqxUYiSyIQZ@(loS<=Ult!mWBR
z);l9UR1g(lN@d%zi|116p$Xzt*&D^w_yrEFDe$o78O;`d-JP6e2Yq_^nkpws$pW$J
zpXVK{k`{0o%R1J5oi|#dg1<pl<HzfB75!+5U5~h(jraC-R#_%EjkUt<_OdtnR|TBB
z7@v3mrGhb|ofIRHb(0C=3Y=x9#!Yg?o#?%M8LQ3&{qepVyWAw~g;_SwxgHT_Iq_~L
zUZSw;c6&qNh;$}~V36)UY$Bo>dz$cAZGVy24xFEttPO35npiWN;;mssU5|LeNh76Y
zFSC$<f87~w^~NjMiih*<8yp9_L`0I@dPw0PEMbc+ksTVDSFE=D8p*dibXHzzEAYdl
zO#vR0CMwW7t0@@ah_>JLjU%dyE1G}&_AF(2{P6Pk<?ezj`RM8B`)^Q5zPX``w4Pv-
zM~-7RRF<c(_)fKvU-|PFYz?2I^1327$5kzUR%lJvYEs!XAarBhE#1xhqrg{!cuoDz
z`;MBy&4md8o9&xNniSQKet9lIRG*68-X*Rm?F0MWYVVlMK>GhVV23|7FWRQ5wP=ed
zf}4;%Y=P|RhUZ4jL!8Xg);H!_cyG3tY|}FDcOGK)OD~I6aC*BeSZ5ve%;asKpEhg>
zi^(ohe^6!DEhhGQH>ZvU#9cjGzW^&S$)9TFPJJUJDd4#PvPsf*e0uHH-GJ`zeeOfH
zh2md75K?e;Pe#`oX;O{>gK?k5cQ$$GGaQ16AxRPbF<qUey7o1Jxm>xPN5T~bDP2W7
zM?IxlJ`eV}*HcT*h~yK1{}#ue838JUlHjhA0zLg8R^|!yIalzsoUY5vs*j`|%y?51
zvKkyXCYH`LC+%-nGu1pYd49d*9dotbm@PE(;inh8m3~cG<vlU#0p3fZb{$Mraze2I
zlfU|U=?A8+-8M(O922^~qR{i<C>k%Dfb4tt$lK3^p53r1LGV>y=P3I24ytMJhH!JV
zwJ=7>!S83d?7af!VQpa^@k&7bwhfI-?{cH~g?YrX2xtcVC|+hp0%dZ3EmmTo@EBI!
zWqAeCL_59A+P=%FV6i3>dOcr5$M3B2tA}cus)-@IVl0<ayD<licE6z_=O?0Q#Z1>Y
z-q-HC9wN^;VjCm4zVygLg^!rL@bBsgMa^xV>O~*Fjps5GC?p~+dglZz)EK?&qV5+f
zUGzX%_OS)1^6ZBM7j^x~NL^g3TL>3mC|u$SNV3Ve$3hX8=s_QLDm897NS*0uxz>mM
z-SK;d9RL_t{6eIMEodcPJwA>$&D1eEYZ+i@;WsE@8_fqPxlwFHkH#B%_eyycUPw|<
z?j9eH|6@39u<L2I!lLs%M*mO4%JSl`KFj<>^`eq9>pR8aBkM1Y;w&%~^19h>8>QW`
zDmT0BUQi&@@2FgGnWPC!$7nYm^vE1i*Y)~>S9z+ymti~90hPZMALQZ2+Hd~ib25Ly
zcDjn`_x;q%7O;BGgmKrW!<F2d;|CTgyqtBqt~SF3ksRAL4P|9D1h_+NXLid&v3JUE
zTj}OcQQVbo{X%tD^v2Sb#?qiXK}hA}e!{C(!>Fk=9jiOwG1bk2h2}b%9_^294t-05
zubTCn+T#Zj8g#+WOUoRK1ir*bq2H<s<PNF`sv3-dW|zk?Xm5EZZr+|8$7gwRI<@Y%
zKJXAfUmbD1pC<2mjVD7wwELK#twL81Thd$xN908|5C;QAFnY_$=I2I?gJ)uEn2TND
zOL?KTHwKIu&P6&LD2%Exf>$>i;Ia=;y)2U9`qtVE>H)YZHRlmwYsdwrLzkl56kLK@
zhN}LvPtWc6MJ}maMd3}$94-~C+|)fS1VzklZ&xnKFQI}doSMgu+<yGtI^|J}guCAo
zp-ZUrRt>vPWHfMC>HkD8&%*YI&n5fin`xea2~}yA-7i%L<0~NjjfGV@M*Ks#RB!rC
zaKH95{=>3o`3a{3Qmwz!mYF$<&7SK}?ohOIv19s!6KNYS>|TsfXx2dFT>PCi-3shO
z1EXFG?(TW{G)_-Sx=tZYm0Blf+D$w5g<AUU{fxo~j+e@N6i{~E)%3_3N4-LBYhD(4
zFi!sLM7wZATc@{j!XicT;?~4ld8ZG>*LVkwcy@*O5PX$)dNm!Xn>H`>5s^FEb7D@H
z2(X`yW0&8t2pnWZ)bjkfb!By=Ur|H~$z&eTBmTKdT^Zik|GG{~K`(4TR`0T^WBd}|
z&XQisq&h)>>iY{Fio~0z@P~JFJr=5Nb%UxdpF+a2n4~o|x_H%W_9U|~iW3(%uq9WC
zXd+G=nR!d4$VcFCN9wU=gtGb^a<cKy=-d@2Va6$$FBSFfVQ0&zS89#IhR<8mL2rjh
z$>R5u!YgmU9jeyNMrz-7e2b0ZzH0MPR&cP5V_hl@J8c1eV8%4Y2F-n30xuC={rZU3
z)iv8xCh5?!;#&k`5Vbw^Zv9#>%zP&KyADN++I6K-O)sCbTYiBrY(?##E&5@&!m;8%
z3)bH|K*946*%I>y>(w_!ssalS>9_qRe(0u#{mOY9+BL;C%-z=2<O1jQMFyukZFZ&}
ziyIfoRU}g~%CQU#<jxp(u@pA3Rc+Ah6_peRa-=&M_M<9mL~!MZ5|2q8(F6JqXy9R8
z_JFXg67k^h8*xr8>bT)ip{sG?X)9JqgTjF=Fk)U;DC6*mg;HCxbN$;Xn<<4_YI-yk
gqpk~-HE1*O*wPunbScy-tq(aQUDLAle4A+WFM88eD*ylh

delta 1904
zcmV-$2aou~BDoNdA_4&Nkt9JW9%*cEV*mgE07L))0RRC200031009~R00$oc001ay
zX>Mi!000000g;>?k?d)I2PbW0VRRAz3JEwR@;EjS5YTBdj}A;^0^Kx2V&2}qq}ZSz
z;_l=D&+&pWw~bE&Tke5W%$D8P<kbxD{w+j&GPNag>}@0~z=St$no-d3wG)1IH&Rq8
zdj!<?i0_q?19kMUl1YHznBb|ol^eZxwFEXBuMIBe7Dy54aDiWc20K&HV6a^ITHujE
z=nLV`hMX4aHGAiCk3(2kN}55CAE8?Ew6@l~1pke0%k@*{!Xn{#F8rwjp%Zbwm0KZ-
z{M+@>LKl4fpvp?_RmdSwc#PC_8D@~ujcTPkY^NjfwHWgt_7{91x>dx@EBa6M#)gg>
zPkLn6cyo(95f3zf?T9Y}sDa|cj=F65HT4?3<EKTRFbtYBZ>c0VY{o&<+p6h^KP+ip
zk<|&DxH%8_WGU8{AhVxF&g0p)83hO}6~q2~J`#`gg?)&z6rH@psFf=3SKAu(H@!C*
zz9m*H&>Ck<dn#XWj~32;U;xB{xY1WBOC<i5H|*O8xPu^nwe}D%(JHHtOyA&MlMH-0
zy;;DH4(E>(H2U`rDDZoU59B}q$mhESE^oNHCv#tA*0PkiK08BHiGMO|c6#J66<D-X
zyb4_JhuQmp6gbBJWk+82aGwPc%AUffDz)CHNk=!;zxLU!p1zRmLb2@B2XV+9hNr^z
znK5cGf59n#eCtFtD*Q6LF*JlF=01^S142leOq@J?5VXYh9BXxEVsvu#Zrj5Z#WE*c
zc4uF9&Sq*sqx4y`tz9LJ{P0II4#0;#bl&7t2O29^7c73vFrA0NzrJ}|1HN)JH;?Q-
zg?<VgjRTit)C?RFsN11Q81$DXeC=YjfqfgHXO~BR=T<zEo!ZWKX)R~Bo;h>MA^gYJ
zK0;0ZDx#)s%`}gE<RqEA?bVKF82#PPv_KN6pR8%Vx-P4M)(dfkZp6yms*jMo!v{0(
zE@Yi{c-x7Cgd!yTi9|vyGvE*!DvyOUAX3&cGWR{bfqp^_h<G08*Cs;Aji~HOu;78N
z1?5wJi=~bReZ5M-7}dk_$);s|736he)}6pE`5v6~2dZ{hPP|E3!)=TV6|188)^}|Q
zMY7DmIl=WhKI*r(8&-JNipt!By8pqbnJr9<9;>;xrNzlo@ZX|=(e<B;8Ag8Zbgin+
z73U_dyRRS?2oqEC!S!c-%iNQ_X(&hD4osGRyAcp`*nKtOpXZ8fs6{L0EP;t>r!mzH
z1`&5S0f!er<~k4suf$ZtICPspLJZKH%;-D5>~qST96WJRHX388M*N)!V!8tTR)MC?
z9Q^~F4ibDq$5y(_Fm7(5>}At^<_Fl}L?0RYBiMxxS>OE%$@E}cWMuSrHAMSBrV~1U
zaaq3L?HLXWqDp*oA$je=?9{#IHiy%$5*ksb_sTj7U6F~&R6C7$EWGDSKci3R9wXFp
zDi$OA<DV;V{JUzA8SXv776i*-(K6C4a^!EP+0spUn--~2oaP+OYTYwV!(K$8i>~ck
zsgi(YDh-cn>tMndx~-sDZXrZ86k&3I17J&y2X|3va^@{{()Gin8dHJxJ5V?qEPyGk
zeNpy0ak7IJlq<QP<Yjhn+Tz7GJ)dn05{J9S&=(yJiMs~up^8@e-{l^>GVjk}&X~N>
z(2l@gR8GG%+dN?ic;z}eKm`XBy#3R2Q;dMem*teV<*<Cu>h9L=cHT3aQXtKLGo?Y3
zS^>9!u4e6*Y(3fQDe=G?7{M?f9-H+0WI-&Ij9#G~`G_(N6diT>GHqZ1y`z_c8ygjM
zuIF5Z5_aIO8AYL$q`ihR#|jgJ)y~vr^|c5NK7Wq5Rb46Mq5q?5jw6V{!_6J1-JMfe
zMT+f;?Pvgp7<=MG=VVfJuPWt#l09LKAG~^K!bTAdzGvw&K>in$MfmZaUn#l_OaoEY
zVu2J|tLJNcC0SG@nu75A|Eu>uN65`|G-Eit`vm5T=JU`W>Qstb@d{;zG#+G450Gu;
z>{rgn?1*E1;B&Lk|F?UKBanz$C;a)ltlad&6lju<3Gm}uEEVXhe6_uQJ6ZkPY(79I
zVW));!#aJO^u>~Ba@ldx!#K8NU3cP+yV4F#p2h3lILkb$a=$fo`p){QOBV-L4RNi$
zc#G@x*+`lRYM#HfiCBzh1+--6*ox5uP|Zm!d4m?@AO&g0tEd=v^JUk>l)YYIUB%7t
zY0?z5(SWcuT;vhggiwNiBLA4vYllKOiigFni^uEC(F+jv=g3X!Nxc^>Ho!BpqVvkr
z=<VD%Ja5aSCiGuOz(Ny8crIf5gQu88S$~KU`7M}ttsgl(d27<k`fVUD-vhW;*Y=F6
ztjFI%@baks2OYH(<Byb8in3!lg2(Yn+&hzwGHsRAps!UgHc#6#kVR?)aNkp19yX*$
qCX+3W0|x|}0$oHjX))W;PV6uod67BD?b6C!{S8JLG&5LX!J||i3#L*4

diff --git a/README.d/02-import-certs.avif b/README.d/02-import-certs.avif
index 308be5b93a610328562c5b242af9f837b1e11829..d42994b961cd6c9e7d5949853f9bd5b155bd5b4c 100644
GIT binary patch
literal 3606
zcmbVNXIK;I7M_qmAS6hTCLq1HYZ9tbM2fVqf)JXD5Q;$pp-5d^DYAeF(iD**O={r6
zg3?5U5SoZ63QDgk%}@la+zGmS?{k0cy=R_x&U?Od=6vV<=9y;z01)>K3Zu9NlRN>?
zn4V1X#E?m@o_GU{0RTX7WRD<MW)3v@3+_GvKPUiDNW`E&In(=)-2QCCMIi-|_j3^N
zu1xarBQhf+0AK-_D<C+^0RTn@<NXNY3;^s_AU7b9eD^2W&j^8m2eX9vglq5-jG>>8
z-~IrH{>p%9<4}?(6U;&(Qh>*g1^~cCbPpu%Z^_)$n?wnqfZl>cA^L%ymlR0x06l0>
zY48>cf}27LCGD@Uv$KO9=^BhNj1p(A00)VFJ^{W&pHOfZ6u@=`ToNEr$ga#BXb=Db
zgRsQFz=t}??ymbsV`ioZFx!BmfZzbW12CqNeSqaZJsAJwieQcf0tKL;zXAdZa%Mdn
z6aT^aesX3Vgylz{IFPga<ehLZ0F8bB+8f=Q2Dr^l%uK+I_6G%ky)nQLU}s~4v$3+n
z;cyNPb_9|ah2-Q!9^yH8fcLPFnCM|45fO1|RXK4<WhoI6c})f7BN#O`H8DADT`jDR
zDozc{Yy#on;6QRB1yLwLtb~XJ_J6j$b^y%|C_+H7k^l=D0!2giXn+_vCo5#%en?>o
zg~C|b;Ora-POzYXn|V@D78sP36$TzUBofR6Ff=QV1jc~vptUPp(w`R_m0G|qb)xn$
zpUn_M8s`=e&4J(-5IiI#BP%Dbps1#<p{b>P)X>P-<fN&Y`Dt4_g1v*I6Vctn)9V7s
zJ22={a7buacuefoxZmRw64TN%GH>3>x}9BER9teew5+_M?vMJ0`wtqMnmamaUG(mr
z-oEEAhF`uK8GZd`W_E6VVe##|_e<*=n_C~ZcXmI0X6j<<{L_9Y`!8K+P!|gf28F?y
zx*#keOyOu4s|1FP$G{ry>VHrY8^z9hBDJ9QF^3e+hQa3+FofWjR-2JoXG+^w_V<KE
z|6j`f683LhZvZ3|0=_&b8qf#U_kdLuRMG+2oQ1h$83{YPfU<%*$fvr;S?Rswx(e?#
zQi44aM@*X1^KsrRPl|MMVseO#fxyfMGi9Q)iwxBQzC@M#??v4S1W`AjSo5%X{yD8h
zD!zo6=WwC#%)q0E*`I0LF5YPqT{9OekIAp@G>4fe^DRxpVN$}&0}EWJB~=O~8QF&x
zQ?n%bgG3$L&(hjn4Z?NWl<<At4{-f~v!ku=p4^`#)BIP`F!hYvIv8cckoNN8jIo{(
z#x5Nl!qbBL<ey7hInQUH!@!NCc8B+xJYDSL4{7R~Bx&vlXxeLhHh#k2<|-d2D{Me1
z2wMthKOa&tXEOZt-3(c8LDU3MFsqbi1(%y_k>?zDa?*Wtjcj8{Pw<<UHLOnzJp~a|
z{Jm6A<ReX}!orXGe*Ii%xon!kFi(8t!r?h>`pLtWeYGm&7m}}5M#Hzy&J2oIAq_<D
zM)m9zec>c*?Cb%a6LXYvu0Cl7QqV&>(6hT~%l&`&&pAuGsJ!&R7@4EWvl3JWg(HYD
zIsT3szLn)J^_Nvl*RpM~<E_@QH+(MJtE4CA5NpDL`I?~0Z`#C*{bsH_@*b*<%Q;@p
z7@;~ZE}@QouxS3GK7Z~^iy@KXd%*C9Y4tTas?}&}EY+Lb9%9XJ;jv+G&VLI2Wqh;C
zdOh5!CSF=2J9?@}@((MGfQj$ZELV<PC`<(8|1PK~Q5B7gv)R<nu`yo#R%2zu;AyDy
z)aWG7hHB~A%LLOYckdp%{HUiI=}B*MA|h@e?}%|O3+4Vkro4)*-9~i!izLnIV%a~h
z+c@t!pCys=IQcS5&bxMYOFoi=9}-W=_&7aV?^C1JkC#I4-a1X#nD5H|5YP50{!7cP
z^ao8#X4I3f>hGvHy;`<fClp^T!B~C}wjzkBC+74N3EFS~nsNni#nBTFciu=iQ~70Y
z9)BU|v|#n|Vh^L37?t|ZVDb5&E}4PcmF(@C2{ZC4hrPf*2f}Llxbj`rL9qy36FAX)
zW7%SpioC4!(gXF64`y7yHcV1;a)>Z5aSijBD4R29-odTw8gJ2#Qa5Fu80YjXxt-n_
z$DCORE^7z!*mbY44WH2Fe`UhBdb`Jn>v@6M4kL|i)J&V8&ydKOcgw7DirYzTmGa(B
zx409kX%uCyq{L#{|7~USdHLfClK<G7jyG#1nHMj~sCvBSiIJUU8`|*~#iTrHpB^p`
zEEKeHY;`VgeO6S3xh*SfW=R>-JLRD2p9c>Iie_II-_&}A=h9W9*#Ty$+bLOB+ku_6
zh`<5kxz2!JEf?4Nl(cm+z75;>33i{E4&1fX6VH2U6x1-{cZrXudWhlzW7XGS|9VW+
zKW4aVwrNFGot}<wYkK$qQ?^;{c)Pb-O693MlqXUCF3aBp>hTQTIM%Yw+EFU``0MjP
z5ZBRUil7(x*?(0ir@JF-J=g`OMs)ml*BvtK<b=JGWDrm7lQJLbPv3cyAKQRZvi^ds
z8#B`w#G$o)aY<Y7@~w|6s8e@L8>2Z%x#?uu00IyeFFO%{*#q!!%e+=QgpyiGq+^B6
z!?9;eLHVrxWp8#9&HQW*sW~Ji#pj*Rxbha5C$2?&eBTxD@@1$^SmCp;CbfO<YA*hc
zps@+N)KCK&j9GcDkN>X_+j|Z000<5(nGG!sZtiC!>;$`|JIjQcq1)tSTZ;6p)3Oag
zWjRT^>SC%TgEbaWODBirj%}6?hBV5Sc3LM>aCIGwW1sCVNqc9cV^<xTLZ!#ktV;0@
zO|68Rjw85xyJK9fLtGk)F9qke;n3+bG9BI!dMa1C0pdN2gZvA1!G#0*tG)LpuaU+D
z?h%%&Tbsl0rbQcV+f-z6!M484wHn*M7+mKOS*><hQ?as!Oa+cv81f6m4t5t*KbJMF
zd)nCHC4B=up_h?WVED3Jm@%Yt;&J}qb!ZZoL)!D=D<1}OdpIA4oNv;Sb)zz3TRR<N
zRb8l~l`9FJ?$fi|TRnOaYv|e6FR*@NZ+lOz;=Lvx6?{2%^8(GD-sU^$tJjbes;dXP
z78bLP&AuEF)LSyH|1D4l(2L!E8^t%0#$SOgpyO{eyA`s%FpR|KI-Blp9V|TDotrPQ
zTV0Pa=*&K{Ir=TJ?o*e4xPpPRz@n-CSLz`A?ocoXcl2_R>6sDo5W%TPawKk}<vJn5
zW%>?%ygUYykm-<Iwb(R(^U9QvE#&r7QKrad!eW&GP5ja3dj`!<UaG4&K1twAI7`2h
zk|!?d-k;ztYA!^UioH5oU0gAq>+Bc8N_XS^we(0=`ucZE^Ek_avWw3z5D?d-;vZ*R
zBpjICsqw4gw>RzHtPc}M-5z*U#(S+TPUl`@TorEAFEv8__2qL^v2ZZ}SyTDI=t9B6
zVMbmH{>xBBg7QriYDXj?E$dsU3MyJ%Pp6{5$*J-Bq*UUQETn^u+|9^ubrX;J7X71|
zwG<GxhWO?If#PRw2M-SJsy%tvQIFpej&(!p4ZbEgsb$*QWeyhc72YVK+IM_v%ibDl
zRr_V*sA3=CH_swIejRN#TA$a)Hm~QV^d5aTbfR#Mw$gPJckD?8Tg6*ZIRMo_srp##
zG^_9)wPXQ17a0T4Yp;4*<t9w!Q;iC*%dJj%e($fcDdSHTSDMU$?a4$|pUSD7k~VLU
z;3~b1$#UL-)2fbFT6yMqJP3Q*CHHGm(Z~7U4zQ8+j{Z`qY<b_DhA`Sn`^EVB8Z@`-
z`@%?ESFg#~Ne^eP1XioDenkzzinL=K4mDX>(Sj3L>%C9Db}6{50h2c~f^<GWYss#5
zErNbGU^(@6w28&w+t`AGro*<MEupq5h8kj3_7f0%9>>*FH#D#w+OqWywHnSI*}Hb<
zSF~tcTZl&k(H+^hWS$iYsdI#jHgc|!y1xo69?RW0djEUM_}=qRWp4Q~?`*ynY@9}?
zk9k%^YC6;I-8d;1e?C|5QWN<@$x79N@f}Me=?AT32ee4TqT{I=fYr1PcREW+)~T<r
zB_pib=fe!plAd*>(<4;Id`d!b)#_F0Qp@N>tS|DHOH}*zY$F9Lcip6_EAirtTPp_;
zqEp9{m)+yeVD|(Xo1I@qTrVL2$g1?L$Q~zwQefF0_v}S?m_u-Y^{eu4YLBDBlal<M
V>lEuNZGY>#dG7l{hs<{5zW|K-%Q*l5

delta 2066
zcmV+t2<`Wl9NH0(A_4&Nkt9JW9%*cEV*mgE07L))0RRC200031009~R00+PT001ay
zX>Mi!000000g;>?k?d)I2gq$?VRRAz3JEwR@;EjS5YTBdun$aR0^Kx2V&2}qq}ZSz
z;_l=D&+&pWw~bE&Tke5W%$D8P<kbxD{w+j&GPNag>}@0~z=St$no-d3wG)1IH&Rq8
zdj!<<FW`_4#h;z;cTFN6RSq2t#0u(Sp=jOMb#`MPs?Z&WRa2mUKPB4tj{)e>Wujl!
z|MdGi+;8ZNeSZwLSd`6eq3C6Q|G7&IfD&WZdzVt}Rm#Ybab|KXEB-{A^l&9(3on=l
zVJ=OR;J6AamKn-EH?g>l%X_$^S@n@|HBQ8ID=ZPg8$2Dlx^D{MBw#+zg2^Vjd^B_0
z!Z|CiC-{Lgui*)Qd4{tHT*INeKQO3fsRau>$_$HXO6ECBFStjGXFo6iQ2K!U?CxG2
z57LE3#-##X-v#Fr=COVXGEn@;H$1^8tv_`TjLt=Q{k4DrRcFp%eZ@QtZNJa3!7Nwf
z!k>px+KK>F=dht+=MDG1b86xiX(y^RvHko%@wP+zO}J-&4Y>wwt`oXj(X9WVSYMno
zYHN$%i=^FGD|D#=yzRcJ5{!tUF}n7)-dYs@QLX`WrPf-UK@_DecPVQ~4B5@ZoFP;^
zK-)#QbjkJ^vYz5pwq|fYdJvuJs{9vXG{ZM_SAYTaO^^k!%1HM1&}foYF24#_*jpoP
zLxN%EbEy%3=S`7n^#<M}p9tYY)t5xis3;=_f->1!VBjDxCSzL$#)*^1w?7WV%yvrT
z1Ob7&jICU!@)|_dd5SZ+VssRP<KXTpO>#|lU8YFkeO;tLmz0;fI~cBoA<J}?RVN9e
zp@<=gH@>+UWK%tfU&)<oLzA~!5vFpzwl<pfoDH6Tx{P#|uWU|o&#vw`O>?DEG0%mS
zgG0#+s`9edU@wRUFY?KnYGxp;6Dt+ea-uxtQ?ay0nte}gVj@m)RO42Jd!JGJblfrf
zDLfUxxN`8$g=z3CwlH6ICmQOcsimXPoK(LXxElviz1I`JsB-q|eZtd^(DFpbCOGRb
zWr65_v0q2S75D=Ir60um=zj<U0_3-Y-3_}5CeIg|2EhK(sm=LtsV(Sk5X$c-U`ehc
zD=<?s$jO(qh9pT{xZFy%tJ;#CH)cDWuaaV0KAmrO!v?I2Aitq-O>A9OV01Z{_tKY&
zd#3M~1_&K6SDu|t5T{T68|BQq%wSz8qbD(c8my!m5uO)V^4Xz6N-BnOy#S(TJQJDR
zK7IsG;lzXO80;6F?{lG|lyh#g^uUiFrh8~k*b=)Vou1%42xh1Doh%YLMmO)i+820B
z>09TFwI*s6=e)&hFGf<6BJr3Mo+Mb`S|)A%^6@UaijlE|d{1kyT-#<OO;}`Go?UN$
zA?26Jk0AZ^wvw?dPJMIPB)=HN1hb0C7Hi44d^f4kz2VL+vIT7J7@MWR9lREGEPi7y
z*~K1XmnO2(d&Sx88fQ-sHTMhrawbl>yns=MaN3?MW)JiG$c7i9ze<kSaSN>ZZ{5Sx
z+Y@nF;1P(wp2a}zg4F<VeT*f}F^;r<E|@QRO=rP$T_~&@hm$$Yz;jUB`<XLtr=a>L
zjAhxKR7`;O2y9e;<_!~e!JNQhnz1I%ng2W^cyn9G>os%)Ny=xVl~YJ)N;c=ls|GUJ
z>h9Wy_tQRXZ0Il8{UEp7*{+313mPARMNk66o0vQ|JY9bT?Gr?lEQE<UIJ>rgjPi>#
z<abSLAo6c!NYF1IxNycKES#`}cMgATwGt4FMMuY-3ukB(|NkuT5LgQ)=YdJeCLlG~
ze${5d1wZO3yHqo&+;kdum!3~+;BZ0W{YIMRNrg=6^1C4+k4nj;n0FH=dufR1vkQ|j
zq`W2H&aai84s6lT`5N+1V09jU+-m{PgLQStyJpSZSlEbWbn^na{Z7rFr2-YQ#^b#5
zri046g&LPv@bj`N=~0g6p<i|2we4u>RTH%>@B0R@hw&z76<2;++M7qHGO{5AG}FpL
zTBo{kGVbme^TK{>y(T%<lSz|~+Ix)OrqLPHR`X)0{gv;3jMyIG9aQXp>%@gDFs?)2
zv7Pw>JDtyD{?TVheoB@0YE9!ZI-1pJj5+pvgi^k1At4|fh6B8;tRq5tk$s()BYZ?&
zHcRc|Z3=0y#~}O-TP1w1XGt!W7`y`P$&i8e3Wc^|iz3^<#~?u#nVJc%aO?0{x=pZl
z5R2Dp4r@h2C>O&1FgC}3NYl#NYft;b*N$pv7uPy{wQ1h^p*Pakf1Sv9vlpc~^j6nk
zl;~i#bt$PFPsx@DImb%{76})E4l}>|I%PH^Y!qnRl;i|IPGwT(PM1PPkq|o3R`a_l
zW$^_?e3#0;8Z{B!3Wv{}EnXa?{VcPi_>Ph;OCAL_qe?XZw!3+MLWDiezfl<kVUUAo
zA(YuLK>P>y{k^gUqA&!#x8wF)s@$x(Msm5x^0gK(aE>yiFvai(CGjst4jjvD<MyJA
zhCHpw5r8Nj8aS7}P>zf0wnbby7;NAPOAZH02lrTcliUabV=vCY5AhFC>f(80rQCHU
zv%(OJ-*r$Eo8eDYojzMOGwJ+gtVHH`&<!$(s|lPJH}2DIvgl-j{UMBazPsr}ge>Q5
ws~h4Rdo@JoahQv`Rphn}<kW+x`#jHDhHzK=4q)>EX{hm&s3gPpTdV$cu>VTyjsO4v

diff --git a/README.d/03-check-certs.avif b/README.d/03-check-certs.avif
index adf1161c9646f9f4575624e675abf927a9b4da13..3c7def2746b23206a3f47a6b1bc0d927c43e3258 100644
GIT binary patch
literal 8223
zcmbW2byOVPvgii}cX#-(;4Z--cwle{F2NbxVQ`0_!67)o-GXaycL?s90RjPn^C0J(
z``&tg-FvH7bye-Eu3f*~Yjpzv07?s2h@-JP*aGk(uhtH1!D$CJwonx36bArcxb4hc
zjbC#w!eC`)>-;Yl0B{7Gy8g$1wYFfB|Fpqy1iRY(&B46fS-`dqrmv9{000YkU3pQ=
zLI42E>m~jh!RP@181gT^I2dgIcapyul9#~zwdC~)V|NZtNe5epzXK5eSLP)x?FqJc
z)z?B2u(SEU8oYEgHFGijyXEVq)?i0x#}^9%JDNJYSUj+cqxp+{5g_f$?G*;g5$p;6
zyMly-^kUJB-8m%#DPLCrxTX%a&i1CZo-f0o0}ujUmI%R)cE+!{7l8r5z`?)<!vO#k
zV|Hf7e~(5^jtTJE=4F%@MFu<p;9g1o>Pz{*?MwV`|8)#l7$5-nVgp_j_~O6TBfRSW
z<KzF^f31Uo{a2r`7a#WDei!;n@FGZmuje1nn*c0%89AAkjs6Y_06eb%BmqbW2#5&q
zNQj7t$jC@2Xn5#osHkYfIJlU2<Rt%4kdu&+QPQ%}Q&O|gkdZO)F|u%Q^6>EdLoXo0
z&n3*p&BOKD1O^!y84VSU2pye>i;9ej>whfI-2iMP04>Z5EHwZY8wQ9C^V|pc=VeZK
zn7{Hblvhw796SOd5;6+vOTjm+*OLOm!U5so;a(0M#`h%;fWwBzq2d%rz*RLyq;|sN
z3XIP~qLHZW!B?C9MaymC9E6NQKuAPP@`jF{fsu)a_bng4fS{z5w2bU~IeB%B51Lxq
zI=ZH2<`$M#U~3mwH+K(Dh*xk(Xjpi}r^tlFq~w&;wDd3eUkeJ0ic3n%>gpT5H8wT3
zw0`gH>mL{#8XlRMots}+{IRsWwY{^uw|{VWbbNmC`||4g&&}=KE7vRMf8<|e{~s6j
z3l}UL91sril?w*e;}skm4xWk=0Y_XF(bx%>nkx_qPa;0Awg;JpTkRLViSslH0WHtg
zoAXz+zhwVCu%Q1H*?)okU#?{U8W85?<pHq)Vt|Wbszxqdhbc3#Pn0duHFTdxz^<6s
zUT^<kpSW08+`@qhb*ns8xdFYV<+eU~^B~jLbN|aC!5(YlO^|eqaT7XmFImK_BO;LW
z{j%WW#J4vceXv((*$hc0`VAw^x6U01{31%et(xae><^rKADpizeV+jx&j2*>%3k{~
ztNBKlAbXCS)~F(<74S+B=WM4n{3p0&%BL}v7}|hRB(xp>H35N1hm33)A&uqC>+y=A
z>rToqQVao#48wzeoH;Z9G5)Y%W9(Ak-#4OAkN}BmhQXZd#Y~OUcbRRnXE4fo2J{Gl
zH<m$9m_LhGKh(v(waHz!8G=i*8e}E9t@(OWpJ~~NcRzO_jg%a%OLi`UV=!RQ7g%31
zJRnPdarOb4{RSLt%}&IX!&>{NQ*)F<^lNNaza|@P$eO*KwO;rN+u~9H#srtLY4?$V
z(<|hp+SB~mGa%9ZVyc-+xq-tMi>Pi%YN?|+u2^6vr|t1fx18*49_GXQQ+Yd~A7OA0
zqcJUFs)NFh)>a4ggauW#!uB8&6B)vYUrw=J-oBFqX$b=;{(V=$n<rEpxci1(s*_uq
zCy&|(aa^z4_!}+e8ES8$61cWV`HOaAj%N)D)lQNNJe@6+LE}!kMRRB{88MU6C+$72
zAC-BXHDS4#tP^TgR#wr%c25BALw}B~TZu$<x*EvMF3w|b0oapsm?N26lgcSV52+8h
z>&1$bDESTkZx%cEiXsQWE4k|j4#ezQm-yTT*TaP?6Cjx*+*^fn23roHUozXHlZBRg
zh9DOLd)}syx~yK}K@qV^EIIOsgky5^r@3=9sD6S6<AAbZ`pJ}5GU6yR=*mC+V5$^4
z8-3=V@t{*&>gk|oAP-uc?ye1U;CL5<OoeL3hWD`Q6l){kO0GLhWfMaH(cEOIO^O?P
z!{NCjq)fTFIiEUj*%7*M)~7D)5~5>j-eZ1w7Hu~5rKl7x<?XpmJuNHYki@~LN;8mL
zc@6jre;Q>vq^gU?b9*Kwwd?CMfV$1fLme_DUNDTCUr{yFtWp}V0f~iK?v9^BOPt!a
zli5(3HIEe<=b)hk3^Xx~iNC3HPs~O-I8yim6&LAW6@(TUu@3?048Fnv3eE=r5AYgk
zORMYF+#4GpC(3Xir2xhhwGj?yOd{HxLPfc<1+Q{<MgMqwrtfWvYkJ>yo(u-Qrxab&
zCMugynXsvvZ^b$S1g`$<H})@v8cSII8sGX6?Bbi3gd1(<v&Kg@)4TOZaa7Hgf6g^P
z^Eri`z|WvBNH1_0*hKq_iLqgv?L8augTkZ(iK9>4RRz}DdD0HY7XDq0Qk5h-dgfdG
zaAB6@jI70y(G95ktcQ-L^^pabh$UfY&ndnKrhe+`)Ss#LIu5k}TD_(Bi#$js%o5Q_
zMD&la`_<$Ytz4m;C0We&r}&sQ3s?ah2!w10;Ltr-d(dGC#yM&dEZ{g6Y`Fe4FyQ2x
z{tVEW1EBnJcFD2zsQ6gO%6q>Q!{kzuwN`mR3qo(7wyx3F@ie*ALH<09+dXp|fi&_k
z;&mZLVo`~HGR9e$9q3~JLC2E1*B)BS<Voh}bfYCnP+X|D)GEDwB0;A`_vT%j3DM9H
z>Tj~dKTdOZW-a?urxqPe?dLJO3(k~3@B`?hjq7swip8V-^knb}Qj9*$WK-#Y&5xbx
zjs!!lrz*U7593W$bnNu@_hLOMLi|1`Hna`xajw2w7(?)%K}>xH<Y{?R6y`6J>RGib
zmO)SmI84*U+zU7kO*f6Tx||kr=eB-jUH+DH+cuCtpbrP*9mF=ToUF`Y>Xwv6DYEFB
ztB(Hpq&IXh+ucbMKaZ=7HpZ2!FFomS<~`5zYoeC16MKp9t&nuLtR{0aPIJ#~9n8@e
zXyrE%UI*haWrB?m;6WDo2XP7=B2o;9CC#kEj!Me(W^;2(aQ~vH{%N)=KZ2b5F0hS=
zXhKl4KU4pXt=Puuj}`$T*7xX=aTaq9ZJc%r|B#n|8osp=>hZ#Lj&*Yo|Hq-*byspP
zr_9Z35p=i3#6#T(Z|@BpBV`1v8k-QR+P31;yTG_f;v(#=4oQVra>>3wbtMAJIx-l_
zM2zu)u`a=r@<cQNdJscguA*H;Fy(G6_iXi!>Y@up;ue(?t!bb0pv7>DDJ3C#_g>>p
zo(STOih)%p#s_tWstFJq#}6UxRyO6)Arzg6vsk3l<hz)ayn$(h%Bq;nB2xQrQ4Jr{
zSF6%k1kW2bDOR&@t7Oh8Bk#6_z-TEyX;_rJ>VkV7N+T{$)~VxqLBO7Z4c!4;`|J3$
zhg?e*fN+qqusuy7p}J?jP7#E~mSA^9*nu+Xw3|J7QX!MC32?4YP)X#SVLl6GXPwTK
z{5IVaA14&>rkOI@Wr(;8)xnn$rDj!twFXe(>?_(HHxY%JZs#(8$}SAT&sc4lp#dq*
zzR#BfeT-*zismE!C#TS9_NFJV!>0MNL*R=Xjz+R6Wl&{;41`$3COu{5dR->c#yesa
z4bPP_u6xEe;rt=_Uif6+OyVtW8{95?6^57E&#xplrln0c;U&6*DAG0nYybj?Ebt^p
zLiQG~@*L+{`*g-maKyY7h4wdI!itg%WY^o**CsPcdd_mXir4cby@EAUmSrUj{}TYs
zQmjwNqYSV6gzbsen$Ud!vF@7&!_bP$1oS}o{wb&ov;#hf`I@2Bkc?KzbsNy4X<=cD
zqXaXw>F=t=Dh;sxnN5|b=O$(rH05lDWd<q8-0M(s_9yx3=4b!$eP}x;JZ-|Kpf$l9
z>r!b@r2QTvPlX$Y=d$AjTLmjy{D%8dQjK_sK1`;o^4x6kxm*3Dbv&2=Y=c(Y5VOmk
z&Q!e)ml>GjVDGiaC~bM=<r`~MHq!xh{W^fl+P@mCSc9!EQyZa4iOsnYTP*xL+d8bU
z8dRcu@TTGI1il6lSK&J%fXg76rXt=v5xr{+l|0_wIKGA3tdICy0WMPIX7ISl;K)$V
z4;6}zK%@Izji2YtYQM2YEp504w&Km<PI};6<~C!CbG)`oDitwmA3R(a6`dOiYA1Tp
zsbPsb&21AmP9y6v`)tZBOfeFTDIQW$NcT-2WV4kZ<4zhXi1JSy@%f(W3bnC_J)G27
zTtai@JL3{>M<j{V|D<|vh4m|#3Oiydon(J+(PaQuii);h;K0{@)7HShn8PX{fDfB`
z*VAkHxFg>w+9m;ebR9*K%sG%-HXzxC(=3eJ9t>rU&kqo6e()_Vh;NZHDGThe=snpO
zCO$Qyf1H+c+sVi%fo}sZfb7dgYT<4*5|AkWQNR*OTV$37xU-%kK*-1LL^HS=f@HL!
zKaWS7{T}WYdLrPxD@TG>er4%ND>cpp2oN8fM(!}=Vl*mKtP>ZckdkVX$jUkqQR1}k
z#;HN*tH7*2F1*>-;h<WbtU7ZP5BD9>OusJq-NRgrN?|t-w1AZ*J#iw4zAV;qZfn`~
z<;vjP{3kz}W3C=NR!eJD7&!7ieil@OgUkT&Yu*9XcjN&#p<Z86i?vUFsESLtM+XN^
z0s{wUr?gnTT^ASs5ZdP%LUc7zrwC}zZ|Cq-5OU8kO0ZS*OH@j_juZ2l$_`>3@nyG^
zmGNwl`Li52DTSIKa*LFA-Y5)Z`zecDu8e$R+tr7%PTS~er$0})*B}X7G72^;#Y6+X
z$GGK&4Jk9k8sF*(qc}^K<%anOh3}@NExzKN##>`69a+0BkQDaZm{+a5T_hy5p^fc6
zWo_ktWRA{{%nyoW$c6nMD(3SN00)4A%>SlN)RvMecZTbjQo#&%jYraCeZ4b|HdUSO
zn`=pVLMa>j0d${MLZUXEjz@lYjUNG>lW;1%0o~wYFdmZJQzWG=a6~~P7nEuzj{@a!
zbpBRMV9ZO@ToO{8@s84Gx;%|g#A7}Ud^|oE#5n>4r<44&tpVlj+GEaXACyK~Q;tp`
z%Cu?|kZX%$qn!jCm?MK*N!?p57m>4xJGk1k1QB$FXbm5J_G2>B3Rx=wmHb`i2b1*;
zsA-cG;$zYX(UW^{N=Czbtp9*cOrVuZS}N(txT!9zY>uVl`Ma*ah1EYSp3KBhbzBfc
zedjG^@qZfTyJBZ{qMxoz(rPG8D$br{f*BiJ5&iBROsV_qefS_$Vs-jeZHCSVE6Bpe
zg@z-J1Kzi@v#6rb=KYQl=eer+=GAaa6C&Asm3P6<rR)<(Dx$SX`+Q}QKrMc-T>{%%
z6{Z>|iTLZ$3AB|aK=@k=*2)|u*G&juG!6TF4;Z#pgLakCEo7;U7+eQyAusMDwEiVV
z!zjF8djX`i<>VxbbQZI6;4yw{h&~jHh-sCR*8YhzcVx_kckcn`GP}qa$2Yj3wLd)t
zx80(ja+dDShj$7n5v)7GHfc?O*4|7+HfUn($oKA<oJ1Sp2Y=>j*<6IG@eM*8XLygu
zmK>h9baI>1l2MGP<{+K0H>^i)Ia27gxgn1fz?r=VDY$1OF1r-UGe)(@v2N)XYQ(Sb
z5Tki>|BkPN8Baa%&zm((4o<EZ%Th2_q<`D!fPoQW7j<ApmIUpuI`ve&vwb@`Bb6V^
z*7&s{6dm`fj1Rc0=gs!~5=R=}h1eSuq2a6RbP0T>taj;#YLvM4>t8Tpv_`7rBNj+U
zSg%T`*;#es@A=zt8HzNK<k0d8VK8qI+%3@5r~7j8d|B=eW0p5eBQ~vh_EX`xxA%Ku
z-7ka%OMF|m0*@-d^1@Jdn6pIRM$<vieBx4nnFI4T>5QhM4@*)m?;ndKuvdlpVif6E
zc_D&_^uugbsdfre6cU6v9)(vpEVbcJq7#X9o@rGsP>eRg1h>*{C67c$a|i(8;=6t1
z=+-bNGs{;TqC>_EF8?fJ%dafS{HEp9^Xc-<EI)s0ku!eL7ZcAHM(~&_I4Q%Vg4?EV
z?A>WBvT7N<{Y~91Yaw2?GXAL}F7T9Sjg?IzqC^n}Au235%QW2sY|%_FuF&xTRu3(8
zAG#~hlv%^=w=F#h9oJ2nd~)smqa??_LG%Z!q3lgl%mo>(`c(e|X{$i;4i^Q4*Fbta
zS=vXrqB1=_p^NJ4??G5YByWUqGuWTgK!ue6K9iK;f;P-y!i@fkH(ipqW!^R&z6-Nd
z(f(Loc<)Fo1t%5%8Rg-VO`CaEK)X{5Duv??V>OaMV<%-O^^ku@2p-9Dw34<)QR8O%
zDUAJm3)Dv33r`6Ro6LXUzH?KIZzn=kt|`l9-0ccYu<eaTE76A?VGy2|yyv*CuD8mn
zv*e%;1dFk$ma;2;_bnE8Ru%$jpma5~%gDF#h>}3ygyzt%epC=aFZ64qCg8grN_N3P
zjRHpPvr0UTMr1bbYqoo7F86ND%X{-WTlDzD>ft&H&7pO*PR;$oC6p88HWye@ExcO;
z6?3smerZXnB7IR*98$l_Ya*Y=6zaop5ss2EK%Ro)<<`RRe(paegHTV-yg$~j+j`S@
zIY6YfW?k1Gc*qtcQn^{Nj?>Viss%S;34$)MGWJwLX16?AMlUCV(v^&b?{aHl#PY+|
zA$z5ddqSDQ6sql^B;}d?XPB+WHE%I0?}pVfD_O&DKI<&j-1I~x$WarrC|NbE4pm-^
zVJ;UN=2H~>5NxWChdP@M#@u|gS<fK&<+-wte|@A-aANko8PCWYx8b)DCZk~o<!z=?
zgQu-gm)qxat#@VN!WfLb$D)#(yfSKRR1rD!qEU^<>GdiAZgpe~joGii(krJe4i1S&
z-O_3#>NUGla9A5kuHbSpRRspmG5EkI!^;(J15xqk{bQB)a6F$EwxNx8Odo<lQ#r_k
zhN#Dm%(+A&i=isx@?ICznx82jau9zZw!dp2`!Z|YR=QN5A?+amyupV~9@*^dnyQ$H
z=vkFd4i1uyX@6i1#oKW6J)i@EEkZ2d2ARXR?ZsWo`xIB#O4J6o6xDfa1Yf?7R{)4m
z9ED6*QFFA{=?*5xg(kPf!9elP9{f8^L);IxQXGS|aZjScWv4?xJXwFQL)#)Cto(0Y
zEF(O_E$gYN$j14rB5x;%k;fQL<`kt|`cL&68GQM60CK8sa>1H=Jxn|qOD^>ozT>AA
z%iONan?Fq`R{?wJ&ON11v4Xr_TPzMEZ>Miv{Km-oW=FZVG3XzQlnZtW8F7jX`*2d5
z4LPjnKDAqWD!UQa7knO<xi5CNnVLQ|K_&_<o(%r&DSB@$vtd*!=tlaDVl+=;w>0d%
z3^84zM(FJOfI4#AMOrUK!NyMvRUO-{iPYfM0Sx$?mN&J!!wH@(K)n6|A5UG5(B-8A
z@63$HK3Ka{F`dsF2B!X`QRZ0Y+>Xxx5P#jC!F}i34;DdH+b$@eyr0g{hPzJo&3d(<
z5cU(v>0^P#clcLrT{pxnjo}m|tVCOrRXPES2AVng<jp+AF9-bW6TZ*;)fMl0Hc<96
zH&Fu(Rb#T|vHda=vq-RiG%<ib`z*g-l7>NpQ4=jU`*Y|U{c67bAgb^si|ickr9(g@
z%$Db;1v)jglvoidfnqnlkSbDP1OqS)ke7#kZ6cwz)B#RmuyGx+BypBC;@-c3t5e$N
zFdf1U(^OVPL@C*8yG<L6eet=+5!3UYm!DH?X<Ka{WRl!2uL-qlsy%u_?{1T6GoaCp
zc%MSJ{xIZ|@3c%GL_k1jedqt4mWi`@T<tdOTkPNl6)|;P&HUb(4CQj7GlTe|-VQGm
zj7{p-IFgW)@p1Sj{`8!I@!U<4HRzEwV8ohA%k;3beIH$#^iq;IKIL7<ipqUzz0m1?
z`xiQ9?msk_Ew_{Yq6y!#CXp+X#4y4MTg&Nx5@iB=p{4ef(3phZ&U!+CSgBUu!rYK%
zAq2a9ip$%rP{jralX2KAcH9)L<=NfNo2>;d{9<A`#>Cx2vo!<Glq6&j0Uqw2FW(bk
zlM_<Ecs<f1m6QXckrSq9+SIB0hCa8+WrWum%RATL?PUKe?`wEo<1txm{y^|u-IzrK
zBGL7mLhT!Gb;<Yf(;L{^I%9f=VotNF(W|0+7o8%XcptjmjchUy@8?nC8s>IW&zhaM
zoe}Q1XZ)+^F`;=$J8?qk6c;<6dmDVGgUf`gLDXI$ARe3`$S_@V_m%sga<G!#hkmrA
z;wD#{1@ZinC?lxcWD2>q85BL%{m|&2CwyOZ6G(pVnR18^oL{<*TjBS6{kaFXv~Nen
zGsJV3WwF$fb%;+LZkc4LCvZFd48s!oIR&Nb99_}wp}`{U3EC~>rOHq?U%h`ezC3>8
zF-pLoij>{bF3%QYIyg1AGg?!An+Km2!Cbjy19fLhV`2Wn&CwPLPu*pim8e!}oAh2X
zU771*{rD^4bmhr{fYB$`bzGADlhdsl_Ip^u=`~inIkv~tJ{kCULUbt~2l=xk;1zT4
z<u`?^@>93N($RSxOi4}Qqq4bf`=dI0cuAE=3lGGelS`7u&mSeUSkK4A*^mYO88Pj1
zW$uqnZ{i0^9Ifw}D^fVE$SSTopMs^Y?`tbnOg?S1Gas;0N&9t)dSRSx)l{QKMWLE!
zRXOTlGp1(PP8i+2;T@}YssUSH#x<Y2waqLfEj2U8fLu;MWj7jPgm?d#>fBJ^M-k43
zVN~KTJXP<5B8VgHSupcb=(Prh>uZ+0mI5e}$uZr`aXw_4Q31@G3$`Q=@`9LsQ^*m@
z(oDuE`BRlE+Rv1FPY^9Kg>h|rv*EBpcAkl;7Zd$Rd}&Prc{|S+D&BHlam@HJ_iu{1
zSk>M%Y9JX@i;<>DtJ>vE#aP~B^Q6Kd5RofT?vmp6G2wBqZ0;|iWqX#Jrb_{%%f!8F
zQNq>;f3Rbjen(s_T_COhIY<)~e8d(XP^b=j=JC;m&KJ&q#*{#h?}5G|KUK0%e@Ly*
zokTnD{5EpXoCRM}WBlz&tsP&(vtG4rYOTj3E=mv0jotBfhrk^od#l>;llQ#<-n&cH
z7`x2nNs|hx0E+!dl(1BEM+L?sL$kIbvb1kPQi{*KW(PO8J2o3@oU(q}b$zV}r2ylR
znR+9noDUnIFkT<4YRCm)*w_?3abHAxua@##0*P_1uZ+9N>xQ@xj{dHgb=UHbT5Hw}
zw?GM733cD;MY1?pc)#o&<4%MixcS9J$tPbC4>)t#s`XN5<6N6y+5EzDDi{aUVhM=O
zcHm)F(<!|vy2v#wN%iHbwRVovbDxWDaM6*ZIVu^B_3Zo3s;cYCb|)oA>l;u$Z{~HL
zQrkDq{zFqD`IR^)KO>N0_rof4&IOPnygDmcHrrSW;ox?&zx0SN?J;L+1Ml)!99Twz
zmf9K%uBq~&3e*@<+d`rwU`TsvU-h|nP6dx(QEbRfDZZOv8KL4Iq#~pqJxK#T7d$PV
zNAh(_jjX33mp+2{JU4LjjqH9gev$e3yVe^#-iMH0!OaZ^Yx`i>mWcgvjL(QIgf_Fl
z-k4RGSi>ZYuvn<mQ6s#IHt4DR?xRKp`HU>#DC9SPG@C~g)dPUd|3c2h^X#<r?V^@P
zQy{Nr+IfCoRl`Eh!Wx8E-9_&SJ=p3idX!h`iE8C{jXzOMhv&OnO;Gi+0QvJUq|Z<V
zwC{4wCtZg$OKVX!6J0VG2{1{5x5#wsXcRy8$i#VYxy7!m+S?a|FQDcTPtjZ@?$ku0
zjp!KlQs4gRXdtb_^efCrr@B*dc$kpBv@5gDGr#`*g|$&(F;LfI7($K}=lavrdh3UF
zI<Rp%87cFT4$nz~jW*}9-Q{M<5Us!`tFXX5RjKyUx5)k3D?7Ba;zLimrwyxf^>(u~
z@(23Bs-r_3Soi`uXp98I(-jc0TKqh^qc`n}Gl&WXJIOVJH3ALVEVWd>{X?~do9Bug
z2s65>TAS36pA%e9!s9H~Wf0tQI8^lGoH7`|gT;iFrigx0k3K5SH!7JOld$C9=98Pz
z*>(K$;B%dey$onE9Cq4EH&;@w#+(H?nj+U7J-+FJqp6zDuU-$aKV|>%pd!THlN3KK
zF!DLyzg=OllNfz(5fnP>&rJ54mAv#LqBz@<Zf5FD=bZa9RqIeH1;<eD9tNA_CY^f6
zuTJ1^$j$`#vxUSb&(FQSnS!<V;X7h3C?aAiJY<VD8t>xH5f~drk@o2me&;9i`0)t`
zPVH)U)V@X4swF5_oTDlw#^Oi2S)gJY#=$ozkhse^wKsoId+!FTUz8Qaxp+mg6&^Q7
zymi~=kd@zf#qBcQo-N`YtLnjhs)0N{sAYh$G9daBQB=@T;!4eU&1h&+!Y8eaeE)rQ
ze`_-Rm=z88uf&xdR&q4F<mQ$XSebY86MA`^0|QDPH>=ubZ(ubdIU?biw3|TFUlOad
n!m2H2q+R<+Hi<pxIx1b*GuBZxC#5*_7lTA+FNdS@2m<~Og3bOe

delta 4677
zcmV-L61wf5K=LJ!A_4&Nkt9JW9%*cEV*mgE07L))0RRC200031009~R01?;#001ay
zX>Mi!000000g;>?k?bG=l#>ksNPiLFZDe6|5&#MbI3@BqHV_cdX)?$oOk@JxG(%$E
z-oB*RpdaGy<N?p|f-$#^PXk--fmFaokDzw{&f6;5U%ewwC?|FMFjn3Rh66=+b%*xA
zS6Nx1OAN#Fv#Uh=mWal4L^0bOtVRUfnN`<Qy5S$NU(VIBNh9OE%N<{(n16Ewu4r;(
zV(%qDNe2k=#;(}{VhLJ#>yhU(PG?cCvDbDYki61?@R&D$g0tBBT?8V<Da`Ll6_IRC
z*IVpU0IYb^xideDPPAU=XFA&f{W#1s(l_y+a3D&ZFP0(kAV2Vvq(hT!>ztgAXWlPb
zu-pQ3Tu%Gi_3o!t9M+5)sedZBDx>POHO`XmY;t6_I%|ike}(iZsv{)PXAkUr&6Sd^
zoy?iXD64yQW2cW~-1KRLpEw}o`od#{CGPPz#w8e3AQaY+`W1qAkF*F+Pp1ev7(WO-
zj+x=BX~jTQ->@Frh`&ln!_=bqsMD6rtN48~htTvC%0*$>=x6AMQ-9D#f$TI8!iviP
zTGgbL^b~hO!~d4)O|#sQo3pL?p(6AlPig?K4;`^eKc1)xlsM{VFf?Oy*RDhYF;Z<<
z_hZ`%?4a!l+`C0bW?4VrsvAZsSMLmXDIBb5@tAh^RMmy#Ewh7WkMY>J=jKB01&#?I
z064^)^w{Hu+D&6!zJKIQy!@xpl7FhoTwCX`KZGy1#`jqU6u1M3!>H{Z1n>yu5-$8_
zbJWLWsNNs1hO>69r@34dOWa2KzI)$pXY9DT8_O<xe+yYERzN;x%CirQSvP{zAcZRv
zlTkMdtFYjp&2PIJD$U0;^plIHGOO~|p}T=|CP(z~b?!Z`pMP1)hBL&)S8INo{C5)0
zw&zTB`1`bMop5?Y6*I1<9f)%_ozn{vj*)|0#bPemj(|RccPG^^^ZVY(g)1j`^iI}Z
zhA+5hmHsUZO4q-($3(w&j$m<TsA6vOa`VwtD7IG{k@%s=;NgQ9?Z~t86F40Soi<L6
zy<lM)0d(O;Vt-VW%&hoiuND=$R_(YBeFX{JdsNwkLmRWnF4k|A9XlTEiQ>zLo_QwA
zdQj70wM-mSLl-{;AEn=>rTTkTWfc*P?%0UT_B6%pwK0$uys+R7OJ@=BaV-IoE*AB-
zcWyBW0Gb{~zMiYxxuS-9q47J*mjoc==bi4cKCEA*MSsdM|A0o?54sC=t_2SfO-<)L
zVR5r)4LzAC3W`vkDe-~Hp0LEz0xSYs`?j6?p&*v<^07i;CEs*vw}@^OKtJsD7-Ky>
z%Qc{XQ5s2&#S;ZO;8&lWFCO19lXCIqfJNt!#J>sLY4=HydP?O{!-+;Hu7oyI(|1k;
zQU6xsyng^aL%|f?D5L*5OA}C_Rvf!nj3X0TSki0HlPTbHzm^Z|_FcoDshx}}IM-EH
zrlJo4^c++FDs7#1F}@epXGyHhV#08)h1np`ZBsWYNqFmvqr?CtFXhrbNZt0cc-Bbr
zi*92y73c&hbCy@F(m`1+=$T9+#F>Zg)gNzpJb#><(#mzSCf^aThxZtD^f1u*458S*
zd*9&-N=!=7fKtNmWmVrVHGalQmNdu(gLoZ23A9{6N2HLoEP=(JbA46RFolj55n5y#
zS9Nr}JMfLcDVm;cx;aw8Zf%TNm$#tNw_ka8qNJh}N@n=DQv*zjWiaAS&wF2m-L7tG
zwtqVhAvtIA$x<#D<fj@MV(%0W(Q3+S7L-U0ejEg(YeT>~W{C>aES7utJU5;i-2TKx
zl6&<sTX#Qo<4k`C)gXu!@BHZVRgbo8Cide9OHaEX{eLHRT5sg5LD93oMmJBUfAXMN
zx`tSoPek#cLFAUz8nU5@8&B-?=WwK4%6~4CI&KSS;4lGvU-0CrrTj%Rnx%ZtFei>h
z-d|PWoi4EWdt$0K`pA4TFp!<nr-Keh41MmEfyx}8?A=IOBXfTy+v<_WNx81Xn8JrT
zyOL`Z$-WYrjT5-YI9NQB3%l&mr|tcwX|hlF48xs$k$W@=su7_LarR8qzR#wKbAMpA
zIh+&%bw{(q#aD5#Vb4m{!YA@(5PPa?UrU2o!!9U#X&aZxHiCskj<l180ER&cs)qFe
z5Ga1Q28<JK@sy&&gv3MC1Fbk1Dzz9*Dc$S0akajm5R1GEYj3S&ntvC7vO5Nj20mCM
za`FVP5^>TCtsCTQ_5G_j9$VnD{(n&Z&-?fy3Jb%sx6A#l-8>yqMD%KIT@cxtw)tCB
z4;d9_@3obs0fG$Y=u5)r<&VkWHl2mhu5n6a>@%uqWZhhC=9D#8L^$?=!_r<Gb?C}i
zq^Er!rnup9JRl*gnXWnHVUFx6x}m6mAe?UstkkZ6t(q+HjgH*o1MDZoWq)?2XpP&L
z?q*PS24k`0j~O%^)p-H?&Zi8GT$X-dp_Ebj7$t$~smLLRWmE;^H*qxNOEaY7$<$-f
z3>DjdROq>yV1ceUvGw2&NcyhqQ3s-T(6+iM+Sf7gtNI~Ij{$PCp!Nj#8)auO<WmFY
z>2V&!6U`_e3W8I(|43T~L4PNu7fa}c$iA0qsfr=_Cn-)fDM6!`Dq)|{nNv|1gmA}_
z8V9CU6zuoNW3tay@V;)sa>OORpjnme)sb(LwR0Sqei4W4LdES(vuu~7t>a?xWexvA
zBMfCH6-~=T=(N2SFXV-eQe-J4DhY2!D67vsHEjTdu?1mGq?din5`VP08Om#xtTsC2
zlk3_KN_gH35ANGtaG~M{#GoQvej2ihk5-1cF$VqPov++7h3+W_Gsm;j%@u6a>P?LL
zXpR%}jW?*sUAJn~*dQ=HJA8XD{;z(v4}_WMbV@1PIKDaS<~J&<uX=!7ISCn}cjA<Z
zJ$g9N1b@9&uU{;!`G3t}HvS8Tme^HIhtm|(;8|ORj8-v&L?$9xJ-JicKttW9Vp8&+
zO5!cYTJ44M=&yFgRcX;^*SSA7>1?gn*GS?)*C#(Mo3PEE<UK;RcTUVo%Ie{fW0l{0
zA^F$6;Q}Ai1RD2oe~&&XwN5|e2#&OdtF(uuI80i*Hg?XZ&wr~rCt*lx3b@_QB!9!G
z3lSeHr1SM#70S$FkF?UN8%d9&aGzO}D1{)CK?qJR8K1bx0O|ms3!XJ^xTwmkPLuI%
z@y!oirk7L&<nhR}wrkYUsQFCbHenP2f$2MM)_HQeEwh8ZA#&sh@P=nT<1;AUxtgFV
zf9D33W&!9gdVg1#^#_Gs3Lfp;PI=A$P!Ft3sJFpKQc)}`ofd7uSjwks9zo#*j9UVN
z(k~T~WV%9#eypb#7s=BDcDf8mbA&f<_ns_8jA4ZOw&&hF=MEFMm`ZBhzjmzjhw;Au
z4~eN;K=F4Rdw%cOYrt~-9l^%g#KBT_2_w!vL*qrDMt?zaqwprQT{w@@zCyS?EN|>w
ztH9KAY2QO--uSr)=coF{ENc9$JP#`>3QQ+AATnlLlPKdC)4fKiT`3MhO+LHT)196Y
z%atuaeH-tAxbz0I;@$Q%-kSmbEFfDBt)l-%%j7njq&<5KCh4(HKfT`Jm1f7o`~CN?
zy{Xcl%74xExUiC;5t&ryApbu(+Io*r45peL98!rtou4JMTry9PBc!S^mt||vuBVuw
z`9RUM2z~@A;V(UV+}66q8Or`cCo1%08flUc)Mx=g@?5kGivEoC`d{0mih_Gl2GUd$
zA-F;l+SCyOaeVEH#gIo$7=-^MqOl~du@F?=Zhstw-v9C^q0uRjsW1Vk-E7EQ!4fa=
zc{*}&!_+>0HmAuEZd5mkehIxqdsGq^=y<6jz|2$EOBq`%HUHFSA&I%+-5Qb}u^f($
zBDdz(X9E3%?#szjL2GGDe`?1vK!f{GagQ;{u7^S8`KdJ5l1eydDYCq9RnZwHh~U)O
zmwy<y!SC#r4)VZzCK%p6xG>t84X#V_Bp^Y*nt^(>T?-aHJB9Y6Rw=?m62NAI^9l0_
z+R>bJ)U%oIXkFTX0l}-%r}D4A?w3pqA&q6F^L+VTwwhCgHrO29XamKH8e}wyBVr_v
zmuuwI<(SC2r>tOk!Ck;oM%8HI<I206AAb@v9Id2*)a=$)7C1;;{9N825WkT*mz9P}
zIR_(l--;)xZ@3LQ(kOx$U|6{S)X`3u3dA*@DjI#)N;{b#Tiu+Ls;!9@#zv6izGqK5
zi^D_k(p}e^Bk1aof}Y}~XaL*%k6+i6)tb#?w`4*_kP+e4Cj*S?dm{`|-8{Iz=YLmS
zi^dv66e^Hr%EB;-u$+Z-3^o#O0;O9s+aU3KlMN{13^p`3S>@Vn%KV=nWi4oPvsl{A
zk<SIc!bPME!Tfhch$|I|I$d=&A4dbcSL-IYhjs*Xx+Zg&w(aA?Q8RZbM)|ch{SNtS
z5KoVdLunWY0$#=H8M(z|b<fU#Y=5e)oyvct1Ap8}ntF@7q(qip1T`r>+dkE)51kLh
z>qMott5oaE--fkP$fj-zHJ^+HqR<Rxz3p$71FTOuuyi}!k5HRpW-2PXMmwU-9hGj#
ziQ)0ZD1*Ar>Glb5<5QsnF=*C`L%`?L*ajDX<k0zx18Hz~@OZRC5D%!7kbjB0%-CeG
zvlE2Eno}03##6fp3#=^Gm^C!ti`#RF1pamo#i03#QM%8j@c4P_TMo!S{8%nZ8A0x@
z#Wrn!=4i?#V^!6;XvNM59L*$qAgOkHLMCoMEcIUUW~hE`e?wx>;eKE9n{qH2W?`GE
zA_?u+IeY=h)NDC1^@65UbbpemO?L%k`oR>!=p)LU!f0Z&h|$-zB~MwTeWW4k{n*~~
zT^Opz`dJ$D>JqoQM5O#D5=wzjg=^7uK7|<jn|ET}9wq>4wS=7ua_fcHxFfVum%lJX
z*Ww?;MHk%B7g^?BN~}f#^DkwxGx($JU$}QrDPek9_a{9=lFKG(Du48{SU+BV6Of_e
z$qlm0mkOiCoGKbNzts|b&*?g7ZmK^XW3$^0&kv#MH)*KBwI=E*=IY3<{k^m#;M1ZZ
zF?84~<Y^vZUti89<7kI%V@9vqlar9to#<(X$L(Ti5aeErYH)siP6&KA{xf1FG((os
zUO_DGeRC)5Im@xF6Mq<qNMZC$Fh6z}{cOUY5t)%*nGtd-jAjJ<knEEF>)9|;N{fz8
zPDL9>>(H2!Epq=)wD!7MN)s$wWeBhu6Pr0KD;PcxhBY*zwVv52c%ERLa{4D&{)J6e
z;-TJ2{51kLD<oNt<acWLB_b(%!2P3x+77UnU%B<-OYW704}Z*0ntH-NUn99D=~M8p
zzO|S#cU5NkUE~uS45ArBRz!@t@E}fx$&{5+Ie0e=*sr5Vu2^!2M-)2Fw_dqs)qS#3
zfQA8wUP!akm{GRs4noUuOW^XUDnV}lRqQ5bmVRy{mCi7fKo9(3W@_$I6bP@KAS&+?
z0x3E(>wAcgxPJh!DirgN^P`st+k)vwIS(9CFkUy`vWsfe-q%e_WKN@bm5*`r>Ojo}
zdlESo%#Qs+ZDBY!>;8!1LUN<y1@{w17c<w5u`miazR40egr3`|a$;(Sow3+w1ps=V
zQQ1}Q6)1!~B9}+Y;<HflF{h&rs4Yhye2n-T#6C>7EPoD<MUidr3YIg<y{EBorVi((
zeE!{DJ9{7E)iP+`sN&`aEI&LJUi787o%orq6J-6{R-I$*8V<<%ZpGEJg=(*Wv`h~|
z;y~^Y7Ee!yu^`8=inQ?fMB9ir#lUjt`<P9@vMMH?9t&-tzP;Jh;(sQvTI5<~cm7Jz
zxy+E4i+{K?NdoR_>Vtd<1!PL-*6#3xpU+B4)H+<Um!o&#1+fI~nG|3@n^YwS=N(8U
zz0m26xLjrxhm||H#5PBB<}i1#%XL#2I6x~)7P^}LnFZEK)61-SwtXE$$mjHt=CejN
z`7-+4?+=Bzc#`)wO*5me16G1$wW&f1t)whxWPgt;ydjrAHcwow`VWHgF7FHVX_pWx
zg}RIoqb|&&_CPShU!BL6J8&`q$guLAy>59;BwF+*{kvtQP_?3`3qj%}F)EV?xpi69
zxtb?0@1A$GS&Tt&50X(idf{cUN0??AO_8(0$tA9_KgaWW^%pM-))aTwN=JV&7?-E<
H)B+eyPq_~%

diff --git a/README.md b/README.md
index ec771f7..cadd9a0 100644
--- a/README.md
+++ b/README.md
@@ -59,7 +59,7 @@ download the certificates. If you intend to download the scripts from a
 different location (for example from github.com) install the corresponding
 certificate chain.
 
-    /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/R3.pem" dst-path="letsencrypt-R3.pem";
+    /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/E1.pem" dst-path="letsencrypt-E1.pem";
 
 ![screenshot: download certs](README.d/01-download-certs.avif)
 
@@ -67,21 +67,21 @@ Note that the commands above do *not* verify server certificate, so if you
 want to be safe download with your workstations's browser and transfer the
 files to your MikroTik device.
 
-* [ISRG Root X1](https://letsencrypt.org/certs/isrgrootx1.pem)
-* Let's Encrypt [R3](https://letsencrypt.org/certs/lets-encrypt-r3.pem)
+* [ISRG Root X2](https://letsencrypt.org/certs/isrg-root-x2.pem)
+* Let's Encrypt [E1](https://letsencrypt.org/certs/lets-encrypt-e1.pem)
 
 Then we import the certificates.
 
-    /certificate/import file-name=letsencrypt-R3.pem passphrase="";
+    /certificate/import file-name=letsencrypt-E1.pem passphrase="";
 
 ![screenshot: import certs](README.d/02-import-certs.avif)
 
 For basic verification we rename the certificates and print their count. Make
 sure the certificate count is **two**.
 
-    /certificate/set name="R3" [ find where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" ];
-    /certificate/set name="ISRG-Root-X1" [ find where fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" ];
-    /certificate/print count-only where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" or fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6";
+    /certificate/set name="E1" [ find where common-name="E1" ];
+    /certificate/set name="ISRG-Root-X2" [ find where common-name="ISRG Root X2" ];
+    /certificate/print count-only where fingerprint="46494e30379059df18be52124305e606fc59070e5b21076ce113954b60517cda" or fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470";
 
 ![screenshot: check certs](README.d/03-check-certs.avif)
 
diff --git a/certs/E1.pem b/certs/E1.pem
index 4c3c212..a62fc03 100644
--- a/certs/E1.pem
+++ b/certs/E1.pem
@@ -122,122 +122,3 @@ zj0EAwMDaAAwZQIwe3lORlCEwkSHRhtFcP9Ymd70/aTSVaYgLXTWNLxBo1BfASdW
 tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1
 /q4AaOeMSQ+2b1tbFfLn
 -----END CERTIFICATE-----
-Certificate:
-    Data:
-        Version: 3 (0x2)
-        Serial Number:
-            82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00
-        Signature Algorithm: sha256WithRSAEncryption
-        Issuer: C = US, O = Internet Security Research Group, CN = ISRG Root X1
-        Validity
-            Not Before: Jun  4 11:04:38 2015 GMT
-            Not After : Jun  4 11:04:38 2035 GMT
-        Subject: C = US, O = Internet Security Research Group, CN = ISRG Root X1
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (4096 bit)
-                Modulus:
-                    00:ad:e8:24:73:f4:14:37:f3:9b:9e:2b:57:28:1c:
-                    87:be:dc:b7:df:38:90:8c:6e:3c:e6:57:a0:78:f7:
-                    75:c2:a2:fe:f5:6a:6e:f6:00:4f:28:db:de:68:86:
-                    6c:44:93:b6:b1:63:fd:14:12:6b:bf:1f:d2:ea:31:
-                    9b:21:7e:d1:33:3c:ba:48:f5:dd:79:df:b3:b8:ff:
-                    12:f1:21:9a:4b:c1:8a:86:71:69:4a:66:66:6c:8f:
-                    7e:3c:70:bf:ad:29:22:06:f3:e4:c0:e6:80:ae:e2:
-                    4b:8f:b7:99:7e:94:03:9f:d3:47:97:7c:99:48:23:
-                    53:e8:38:ae:4f:0a:6f:83:2e:d1:49:57:8c:80:74:
-                    b6:da:2f:d0:38:8d:7b:03:70:21:1b:75:f2:30:3c:
-                    fa:8f:ae:dd:da:63:ab:eb:16:4f:c2:8e:11:4b:7e:
-                    cf:0b:e8:ff:b5:77:2e:f4:b2:7b:4a:e0:4c:12:25:
-                    0c:70:8d:03:29:a0:e1:53:24:ec:13:d9:ee:19:bf:
-                    10:b3:4a:8c:3f:89:a3:61:51:de:ac:87:07:94:f4:
-                    63:71:ec:2e:e2:6f:5b:98:81:e1:89:5c:34:79:6c:
-                    76:ef:3b:90:62:79:e6:db:a4:9a:2f:26:c5:d0:10:
-                    e1:0e:de:d9:10:8e:16:fb:b7:f7:a8:f7:c7:e5:02:
-                    07:98:8f:36:08:95:e7:e2:37:96:0d:36:75:9e:fb:
-                    0e:72:b1:1d:9b:bc:03:f9:49:05:d8:81:dd:05:b4:
-                    2a:d6:41:e9:ac:01:76:95:0a:0f:d8:df:d5:bd:12:
-                    1f:35:2f:28:17:6c:d2:98:c1:a8:09:64:77:6e:47:
-                    37:ba:ce:ac:59:5e:68:9d:7f:72:d6:89:c5:06:41:
-                    29:3e:59:3e:dd:26:f5:24:c9:11:a7:5a:a3:4c:40:
-                    1f:46:a1:99:b5:a7:3a:51:6e:86:3b:9e:7d:72:a7:
-                    12:05:78:59:ed:3e:51:78:15:0b:03:8f:8d:d0:2f:
-                    05:b2:3e:7b:4a:1c:4b:73:05:12:fc:c6:ea:e0:50:
-                    13:7c:43:93:74:b3:ca:74:e7:8e:1f:01:08:d0:30:
-                    d4:5b:71:36:b4:07:ba:c1:30:30:5c:48:b7:82:3b:
-                    98:a6:7d:60:8a:a2:a3:29:82:cc:ba:bd:83:04:1b:
-                    a2:83:03:41:a1:d6:05:f1:1b:c2:b6:f0:a8:7c:86:
-                    3b:46:a8:48:2a:88:dc:76:9a:76:bf:1f:6a:a5:3d:
-                    19:8f:eb:38:f3:64:de:c8:2b:0d:0a:28:ff:f7:db:
-                    e2:15:42:d4:22:d0:27:5d:e1:79:fe:18:e7:70:88:
-                    ad:4e:e6:d9:8b:3a:c6:dd:27:51:6e:ff:bc:64:f5:
-                    33:43:4f
-                Exponent: 65537 (0x10001)
-        X509v3 extensions:
-            X509v3 Key Usage: critical
-                Certificate Sign, CRL Sign
-            X509v3 Basic Constraints: critical
-                CA:TRUE
-            X509v3 Subject Key Identifier: 
-                79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E
-    Signature Algorithm: sha256WithRSAEncryption
-         55:1f:58:a9:bc:b2:a8:50:d0:0c:b1:d8:1a:69:20:27:29:08:
-         ac:61:75:5c:8a:6e:f8:82:e5:69:2f:d5:f6:56:4b:b9:b8:73:
-         10:59:d3:21:97:7e:e7:4c:71:fb:b2:d2:60:ad:39:a8:0b:ea:
-         17:21:56:85:f1:50:0e:59:eb:ce:e0:59:e9:ba:c9:15:ef:86:
-         9d:8f:84:80:f6:e4:e9:91:90:dc:17:9b:62:1b:45:f0:66:95:
-         d2:7c:6f:c2:ea:3b:ef:1f:cf:cb:d6:ae:27:f1:a9:b0:c8:ae:
-         fd:7d:7e:9a:fa:22:04:eb:ff:d9:7f:ea:91:2b:22:b1:17:0e:
-         8f:f2:8a:34:5b:58:d8:fc:01:c9:54:b9:b8:26:cc:8a:88:33:
-         89:4c:2d:84:3c:82:df:ee:96:57:05:ba:2c:bb:f7:c4:b7:c7:
-         4e:3b:82:be:31:c8:22:73:73:92:d1:c2:80:a4:39:39:10:33:
-         23:82:4c:3c:9f:86:b2:55:98:1d:be:29:86:8c:22:9b:9e:e2:
-         6b:3b:57:3a:82:70:4d:dc:09:c7:89:cb:0a:07:4d:6c:e8:5d:
-         8e:c9:ef:ce:ab:c7:bb:b5:2b:4e:45:d6:4a:d0:26:cc:e5:72:
-         ca:08:6a:a5:95:e3:15:a1:f7:a4:ed:c9:2c:5f:a5:fb:ff:ac:
-         28:02:2e:be:d7:7b:bb:e3:71:7b:90:16:d3:07:5e:46:53:7c:
-         37:07:42:8c:d3:c4:96:9c:d5:99:b5:2a:e0:95:1a:80:48:ae:
-         4c:39:07:ce:cc:47:a4:52:95:2b:ba:b8:fb:ad:d2:33:53:7d:
-         e5:1d:4d:6d:d5:a1:b1:c7:42:6f:e6:40:27:35:5c:a3:28:b7:
-         07:8d:e7:8d:33:90:e7:23:9f:fb:50:9c:79:6c:46:d5:b4:15:
-         b3:96:6e:7e:9b:0c:96:3a:b8:52:2d:3f:d6:5b:e1:fb:08:c2:
-         84:fe:24:a8:a3:89:da:ac:6a:e1:18:2a:b1:a8:43:61:5b:d3:
-         1f:dc:3b:8d:76:f2:2d:e8:8d:75:df:17:33:6c:3d:53:fb:7b:
-         cb:41:5f:ff:dc:a2:d0:61:38:e1:96:b8:ac:5d:8b:37:d7:75:
-         d5:33:c0:99:11:ae:9d:41:c1:72:75:84:be:02:41:42:5f:67:
-         24:48:94:d1:9b:27:be:07:3f:b9:b8:4f:81:74:51:e1:7a:b7:
-         ed:9d:23:e2:be:e0:d5:28:04:13:3c:31:03:9e:dd:7a:6c:8f:
-         c6:07:18:c6:7f:de:47:8e:3f:28:9e:04:06:cf:a5:54:34:77:
-         bd:ec:89:9b:e9:17:43:df:5b:db:5f:fe:8e:1e:57:a2:cd:40:
-         9d:7e:62:22:da:de:18:27
------BEGIN CERTIFICATE-----
-MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
-TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
-cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
-WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
-ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
-MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
-h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
-0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
-A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
-T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
-B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
-B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
-KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
-OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
-jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
-qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
-rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
-HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
-hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
-ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
-3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
-NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
-ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
-TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
-jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
-oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
-4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
-mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
-emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
------END CERTIFICATE-----
diff --git a/global-config.rsc b/global-config.rsc
index 0c0a7b9..dfb25ec 100644
--- a/global-config.rsc
+++ b/global-config.rsc
@@ -88,11 +88,11 @@
 :global FwAddrLists {
 #  "allow"={
 #    { url="https://eworm.de/ros/fw-addr-lists/allow";
-#      cert="R3" };
+#      cert="E1" };
 #  };
   "block"={
 #    { url="https://eworm.de/ros/fw-addr-lists/block";
-#      cert="R3" };
+#      cert="E1" };
     { url="https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt";
       cert="GlobalSign Atlas R3 DV TLS CA 2022 Q3" };
     { url="https://sslbl.abuse.ch/blacklist/sslipblacklist.txt";
diff --git a/global-functions b/global-functions
index ce55b15..431a343 100644
--- a/global-functions
+++ b/global-functions
@@ -54,10 +54,6 @@
   :global SymbolForNotification;
   :global ValidateSyntax;
 
-  :if ([ $CertificateAvailable "R3" ] = false) do={
-    $LogPrintExit2 warning $0 ("Downloading certificate failed, trying without.") false;
-  }
-
   :if ([ $CertificateAvailable "E1" ] = false) do={
     $LogPrintExit2 warning $0 ("Downloading certificate failed, trying without.") false;
   }
diff --git a/global-functions.rsc b/global-functions.rsc
index 12e13fe..96b8845 100644
--- a/global-functions.rsc
+++ b/global-functions.rsc
@@ -865,10 +865,6 @@
   :global SymbolForNotification;
   :global ValidateSyntax;
 
-  :if ([ $CertificateAvailable "R3" ] = false) do={
-    $LogPrintExit2 warning $0 ("Downloading certificate failed, trying without.") false;
-  }
-
   :if ([ $CertificateAvailable "E1" ] = false) do={
     $LogPrintExit2 warning $0 ("Downloading certificate failed, trying without.") false;
   }