xorr0 · March 10, 2022 05:20 · xorr0 · Sep 7, 2018 · xorr0 · Sep 8, 2018
diff --git a/riseupVPN.bat b/riseupVPN.bat
 @ECHO off

 rem.||(
 ** WINDOWS BATCH SCRIPT TO CONNECT TO RISEUP.NET VPN RED **
    https://riseup.net/en/vpn/vpn-red
    
    - my win10 x64 system wouldn't grab an IPv4 address upon the initial connection, so I forced this script to release and renew it's IPv4 address once the VPN was activated
    - also, my system would loose routes every so often, so I have an infinite loop at the end of this script that constantly adds the proper riseup.net VPN routes every 5 minutes.

    - to determine which ROUTES need to be implemented, watch when openvpn-gui connects and you will see a section like this -- which is where the routes are configured;

        Fri Sep 07 12:46:17 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
        Fri Sep 07 12:46:17 2018 C:\WINDOWS\system32\route.exe ADD 198.252.153.226 MASK 255.255.255.255 192.168.1.1
        Fri Sep 07 12:46:17 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
        Fri Sep 07 12:46:17 2018 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.0.1
        Fri Sep 07 12:46:17 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
        Fri Sep 07 12:46:18 2018 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.0.1
        Fri Sep 07 12:46:18 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem

    - so this is where you obtain the routes to "fix" things... as seen here, 3 lines are KEY
        C:\WINDOWS\system32\route.exe ADD 198.252.153.226 MASK 255.255.255.255 192.168.1.1
        C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.0.1
        C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.0.1
 )

 TITLE riseup-VPN
 SETLOCAL EnableExtensions
 SET EXE=openvpn-gui.exe
 ECHO [+]  Riseup.net (open)VPN RED on Windows
 ECHO [+]  Checking if openVPN is running.
 FOR /F %%x IN ('tasklist /NH /FI "IMAGENAME eq %EXE%"') DO IF %%x == %EXE% GOTO DIE
 GOTO LAUNCH
 GOTO ROUTES

 :DIE
 ECHO [!]  Detected openVPN was running, killing task.
 taskkill /im openvpn-gui.exe /f > nul 2> nul
 taskkill /im openvpn.exe /f > nul 2> nul
 ECHO [*]  Flushing DNS.
 ipconfig /flushdns >nul

 :LAUNCH
 ECHO [+]  Launching openVPN, connecting to riseup.net VPN RED
 cd "C:\Program Files\OpenVPN\bin"
 start /min openvpn-gui.exe --connect "windows-riseup.ovpn"
 TIMEOUT 1 >nul
 ECHO [+]  Waiting 65 seconds
 TIMEOUT 65 >nul
 ECHO [*]  Flushing DNS.
 ipconfig /flushdns >nul
 ECHO [*]  Checking which Windows interface is a TAP adapter
 FOR /F "USEBACKQ TOKENS=3 DELIMS=," %%A IN (`"WMIC NIC GET NETCONNECTIONID,Description /FORMAT:CSV | FINDSTR /I tap"`) DO (SET TAPinterface=%%~A)
 ECHO [+]  Interface %TAPinterface% is the TAP adapter
 ECHO [*]  Releasing IPv4 address on %TAPinterface%
 ipconfig /release "%TAPinterface%" >nul
 ECHO [+]  Waiting 5 seconds
 TIMEOUT 5 >nul
 ECHO [*]  Renewing IPv4 address on %TAPinterface%
 ipconfig /renew "%TAPinterface%" >nul
 TIMEOUT 1 >nul
 ::ipconfig /all | FINDSTR /I "IPv4 Address"* | FINDSTR 172
 FOR /F "USEBACKQ TOKENS=3 DELIMS= " %%B IN (`"netsh interface ipv4 show addresses "%TAPinterface%" | findstr /I address"`) DO (SET TAPinterfaceIPv4=%%~B)
 ECHO [+]  IPv4 address attached to %TAPinterface% is %TAPinterfaceIPv4%
 TIMEOUT 1 >nul
 ::netsh interface IPv4 set dnsserver "WiFi" dhcp
 ECHO [*]  Setup IPv4 riseup.net VPN routes
 C:\WINDOWS\system32\route.exe ADD 198.252.153.226 MASK 255.255.255.255 192.168.1.1 > nul 2> nul
 TIMEOUT 1 >nul
 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.0.1 > nul 2> nul
 TIMEOUT 1 >nul
 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.0.1 > nul 2> nul

 :ROUTES
 ::INFINITE LOOP
 ECHO [+]  Waiting 5 minutes
 TIMEOUT 300 >nul
 ECHO [*]  Correcting IPv4 routes
 C:\WINDOWS\system32\route.exe ADD 198.252.153.226 MASK 255.255.255.255 192.168.1.1 > nul 2> nul
 TIMEOUT 1 >nul
 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.0.1 > nul 2> nul
 TIMEOUT 1 >nul
 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.0.1 > nul 2> nul
 GOTO ROUTES
diff --git a/windows-riseup.ovpn b/windows-riseup.ovpn
 ##
 ## Riseup VPN RED - Configuration file.
 ##
 ## We recommend you create a dedicated password to use in this VPN service, here: https://account.riseup.net/passwords?view=services
 ##
 ## If you don't have account with us you can create one at: https://account.riseup.net/user/new
 ## but you will need an invite code from a current member to signup.
 ##
 ## Additional tips to improve privacy using this VPN:
 ## - Block IPv6 connection on your device before connect to the VPN Server,
 ## otherwise your device will leak your real IPv6 address. VPN Red does not support IPv6 yet.
 ## - set the hour in your device to UTC-08h00 (Pacific Time);
 ## - use a browser in United States of America English (EN-US) language;
 ## - Try to block WebRTC, Canvas fingerprinting, CSP reports and remote fonts on your browser. Normally you need to use some extension for that. 
 ##
 ## More informations about benefits and limitations can be found at our web site: https://riseup.net/vpn/why-is-needed
 ##

 client
 tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
 cipher AES-256-CBC
 auth SHA256

 dev tun
 #tun-mtu 1500

 #dev tap
 # if dev tun does not work: dev tap
 proto udp
 # alternately (try instead if udp doens't work):
 #proto tcp

 route-method exe
 route-delay 2

 ##Riseup.net OpenVPN DNS server
 #nameserver 172.27.100.1

 dhcp-option DNS 172.27.100.1

 ##You can add the following to the client config file.
 #dhcp-option DNS <dns_server_ip_address>
 ###
 ##On the server side it would have been :
 #push "dhcp-option DNS <dns_server_ip_address>"


 remote 198.252.153.226 443
 #remote vpn.riseup.net 443
 #remote seattle.vpn.riseup.net 443
 #remote nyc.vpn.riseup.net 80

 # other possibilities, if the above does not work:
 #remote 198.252.153.226 80
 #remote 198.252.153.226 1194
 #auth-user-pass
 auth-user-pass auth.txt
 ## auth-user-pass auth.txt <<< requires you to have a filename 'auth.txt' with your username on line#1, and your password on line#2
 ## ^^ so no interaction to input the user+pass when connecting to the riseupVPN

 mute-replay-warnings

 redirect-gateway
 verb 4
 block-outside-dns
 # adjust this if your system does not support 1.2
 tls-version-min 1.0

 nobind
 persist-tun
 persist-key
 resolv-retry infinite
 remote-cert-tls server
 remote-cert-eku "TLS Web Server Authentication"
 verify-x509-name vpn.riseup.net name
 #script-security 0
 #script-security 2 system
 script-security 2
 ####
 #0 -- Strictly no calling of external programs.
 #1 -- (Default) Only call built-in executables such as ifconfig, ip, route, or netsh.
 #2 -- Allow calling of built-in executables and user-defined scripts.
 #3 -- Allow passwords to be passed to scripts via environmental variables (potentially unsafe).
 ##
 #up-delay

 ##
 #log openvpn.log

 <ca>
 -----BEGIN CERTIFICATE-----
 MIIF2jCCA8KgAwIBAgIIVogyQTSIzc8wDQYJKoZIhvcNAQELBQAwgYYxGDAWBgNV
 BAMTD1Jpc2V1cCBOZXR3b3JrczEYMBYGA1UEChMPUmlzZXVwIE5ldHdvcmtzMRAw
 DgYDVQQHEwdTZWF0dGxlMQswCQYDVQQIEwJXQTELMAkGA1UEBhMCVVMxJDAiBgkq
 hkiG9w0BCQEWFWNvbGxlY3RpdmVAcmlzZXVwLm5ldDAiGA8yMDE2MDEwMjIwMjU0
 MFoYDzIwMjYwMzMwMjAyNjAxWjCBhjEYMBYGA1UEAxMPUmlzZXVwIE5ldHdvcmtz
 MRgwFgYDVQQKEw9SaXNldXAgTmV0d29ya3MxEDAOBgNVBAcTB1NlYXR0bGUxCzAJ
 BgNVBAgTAldBMQswCQYDVQQGEwJVUzEkMCIGCSqGSIb3DQEJARYVY29sbGVjdGl2
 ZUByaXNldXAubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw2VV
 uoz4xqeB1ROIwXBRaj0prOqEFX89A7+2rslGRfjM8NPHyBLGleoHTK3DPwadtQeg
 ulaEOAjM5EMXTEX/o9H46L6h729HUWPCwVssvvOjyxTyGJDf7Ihd/Ab7ODtlJSyc
 g31aXMioA5pGz5QnS3VGz4nE9+NL+jobc/NbhaacsEPR/7xO7meRNu/1S+YiHK1y
 BSVrfap3XItlcNHDGNQkPyyJbS3pAS1lQs2HCBTzcFCamCkDOC7cRh9wZ4GH8U2f
 2s0mDD5zhRpheNW4gFBtGpqHiRXv7WJW612aaXzKQQoIq2loGNvOpnyBPKL3jjUT
 Rxv5IzWMV0nAofMCy25u/S4J65uSEd9mLNXFJ3rl+cFaybcOUXktTbS7bZy6cMyf
 /gO28bEXIWr5WfZf8jCbPyOVfExZquG3aS+0YPWmIJCheXQzgiwplZy93oND1GGQ
 f+1R2F7GPwNXQdefv2xm7PTWhHbSWHHmeY89qYED+yFJrX5ChoFoBbYs1lMmdU/C
 2MnQBFtvcVockXFAUONyMKiq8ZP6sQ1lu0rO9Bvkhx55sJLZOmjN3g4S1K97PbbI
 5DzHKcR0JQSt8ZtCY/MuMbwvlNYo98bFWvlfKET0KPtogNNH0PNfJmStKR8jWGjE
 HnUNXo7YDfK90iEKTjLz2K5CYzH5Dm6iYJNaaykCAwEAAaNGMEQwEgYDVR0TAQH/
 BAgwBgEB/wIBADAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTGek7ebtq2Ibm+
 2K6je1IMobvEkzANBgkqhkiG9w0BAQsFAAOCAgEAO2B3jnL+8LeoRkc282qUpHyu
 xYj0Qd68l0CJ0FjfA2OCR/6h1W4gZVH+fTd/mhgrNXj28GRT53JEh1jdRC7ENTXu
 W9O8I9gCbWQ6V4nkZ9lpq8UEmKTFGnngVu8VCmSDF+y0kFuEtmt0jyd2UkJfC/vy
 Gh78OCHEdGAeOTYHXamiuA9Z7wMuncPjP476gSW2kfWTdxV25ad4tT5dA5d42xDm
 YE2UKzHeB9amOmvyh08LPD0idT5oROCIHsHBhQC9oltJXO5j6GyHRg88C1inyv6R
 xk+w9ek4wSBpoJg5t3hdbZr3JTUsuu4WPtAET0fMQpJC+niaBbegwtvdLZFM+d8x
 ead3ZpMO+XrpazDFGtdPTQdi5EIYmr2RL9eTeQbVPwMB9TgFpBXP+iYIuTpNo8jn
 8zS4EcPRmz6PQJVK4zkHczfvquyU9RuOwEgb8qN4tSNxF0Z94uSVUoXCG9WZLf8q
 MfsGesYiR/qLnLn3MfAyWm3OVOUvGzczDE2T8VvY7rXc2+8ra5aK0TNAgEz9ey6D
 /dGzM1JCCe1A08s+2+eRX//pmqmOCoGrY7zwIVS2T249h6iIMM9yT0C3ZXRoTnVN
 osyidOkVuQr0YK6shJ0WaK4F1MktdjOZKPoIc9QLw+TrSU2hfyla36T0bNWMC/TJ
 YtxDI+d1jIFZ7zMmts4=
 -----END CERTIFICATE-----
 </ca>
	@ECHO off

	rem.\|\|(
	WINDOWS BATCH SCRIPT TO CONNECT TO RISEUP.NET VPN RED
	https://riseup.net/en/vpn/vpn-red

	- my win10 x64 system wouldn't grab an IPv4 address upon the initial connection, so I forced this script to release and renew it's IPv4 address once the VPN was activated
	- also, my system would loose routes every so often, so I have an infinite loop at the end of this script that constantly adds the proper riseup.net VPN routes every 5 minutes.

	- to determine which ROUTES need to be implemented, watch when openvpn-gui connects and you will see a section like this -- which is where the routes are configured;

	Fri Sep 07 12:46:17 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
	Fri Sep 07 12:46:17 2018 C:\WINDOWS\system32\route.exe ADD 198.252.153.226 MASK 255.255.255.255 192.168.1.1
	Fri Sep 07 12:46:17 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
	Fri Sep 07 12:46:17 2018 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.0.1
	Fri Sep 07 12:46:17 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
	Fri Sep 07 12:46:18 2018 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.0.1
	Fri Sep 07 12:46:18 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem

	- so this is where you obtain the routes to "fix" things... as seen here, 3 lines are KEY
	C:\WINDOWS\system32\route.exe ADD 198.252.153.226 MASK 255.255.255.255 192.168.1.1
	C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.0.1
	C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.0.1
	)

	TITLE riseup-VPN
	SETLOCAL EnableExtensions
	SET EXE=openvpn-gui.exe
	ECHO [+] Riseup.net (open)VPN RED on Windows
	ECHO [+] Checking if openVPN is running.
	FOR /F %%x IN ('tasklist /NH /FI "IMAGENAME eq %EXE%"') DO IF %%x == %EXE% GOTO DIE
	GOTO LAUNCH
	GOTO ROUTES

	:DIE
	ECHO [!] Detected openVPN was running, killing task.
	taskkill /im openvpn-gui.exe /f > nul 2> nul
	taskkill /im openvpn.exe /f > nul 2> nul
	ECHO [*] Flushing DNS.
	ipconfig /flushdns >nul

	:LAUNCH
	ECHO [+] Launching openVPN, connecting to riseup.net VPN RED
	cd "C:\Program Files\OpenVPN\bin"
	start /min openvpn-gui.exe --connect "windows-riseup.ovpn"
	TIMEOUT 1 >nul
	ECHO [+] Waiting 65 seconds
	TIMEOUT 65 >nul
	ECHO [*] Flushing DNS.
	ipconfig /flushdns >nul
	ECHO [*] Checking which Windows interface is a TAP adapter
	FOR /F "USEBACKQ TOKENS=3 DELIMS=," %%A IN (`"WMIC NIC GET NETCONNECTIONID,Description /FORMAT:CSV \| FINDSTR /I tap"`) DO (SET TAPinterface=%%~A)
	ECHO [+] Interface %TAPinterface% is the TAP adapter
	ECHO [*] Releasing IPv4 address on %TAPinterface%
	ipconfig /release "%TAPinterface%" >nul
	ECHO [+] Waiting 5 seconds
	TIMEOUT 5 >nul
	ECHO [*] Renewing IPv4 address on %TAPinterface%
	ipconfig /renew "%TAPinterface%" >nul
	TIMEOUT 1 >nul
	::ipconfig /all \| FINDSTR /I "IPv4 Address"* \| FINDSTR 172
	FOR /F "USEBACKQ TOKENS=3 DELIMS= " %%B IN (`"netsh interface ipv4 show addresses "%TAPinterface%" \| findstr /I address"`) DO (SET TAPinterfaceIPv4=%%~B)
	ECHO [+] IPv4 address attached to %TAPinterface% is %TAPinterfaceIPv4%
	TIMEOUT 1 >nul
	::netsh interface IPv4 set dnsserver "WiFi" dhcp
	ECHO [*] Setup IPv4 riseup.net VPN routes
	C:\WINDOWS\system32\route.exe ADD 198.252.153.226 MASK 255.255.255.255 192.168.1.1 > nul 2> nul
	TIMEOUT 1 >nul
	C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.0.1 > nul 2> nul
	TIMEOUT 1 >nul
	C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.0.1 > nul 2> nul

	:ROUTES
	::INFINITE LOOP
	ECHO [+] Waiting 5 minutes
	TIMEOUT 300 >nul
	ECHO [*] Correcting IPv4 routes
	C:\WINDOWS\system32\route.exe ADD 198.252.153.226 MASK 255.255.255.255 192.168.1.1 > nul 2> nul
	TIMEOUT 1 >nul
	C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.0.1 > nul 2> nul
	TIMEOUT 1 >nul
	C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.0.1 > nul 2> nul
	GOTO ROUTES
	##
	## Riseup VPN RED - Configuration file.
	##
	## We recommend you create a dedicated password to use in this VPN service, here: https://account.riseup.net/passwords?view=services
	##
	## If you don't have account with us you can create one at: https://account.riseup.net/user/new
	## but you will need an invite code from a current member to signup.
	##
	## Additional tips to improve privacy using this VPN:
	## - Block IPv6 connection on your device before connect to the VPN Server,
	## otherwise your device will leak your real IPv6 address. VPN Red does not support IPv6 yet.
	## - set the hour in your device to UTC-08h00 (Pacific Time);
	## - use a browser in United States of America English (EN-US) language;
	## - Try to block WebRTC, Canvas fingerprinting, CSP reports and remote fonts on your browser. Normally you need to use some extension for that.
	##
	## More informations about benefits and limitations can be found at our web site: https://riseup.net/vpn/why-is-needed
	##

	client
	tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
	cipher AES-256-CBC
	auth SHA256

	dev tun
	#tun-mtu 1500

	#dev tap
	# if dev tun does not work: dev tap
	proto udp
	# alternately (try instead if udp doens't work):
	#proto tcp

	route-method exe
	route-delay 2

	##Riseup.net OpenVPN DNS server
	#nameserver 172.27.100.1

	dhcp-option DNS 172.27.100.1

	##You can add the following to the client config file.
	#dhcp-option DNS <dns_server_ip_address>
	###
	##On the server side it would have been :
	#push "dhcp-option DNS <dns_server_ip_address>"


	remote 198.252.153.226 443
	#remote vpn.riseup.net 443
	#remote seattle.vpn.riseup.net 443
	#remote nyc.vpn.riseup.net 80

	# other possibilities, if the above does not work:
	#remote 198.252.153.226 80
	#remote 198.252.153.226 1194
	#auth-user-pass
	auth-user-pass auth.txt
	## auth-user-pass auth.txt <<< requires you to have a filename 'auth.txt' with your username on line#1, and your password on line#2
	## ^^ so no interaction to input the user+pass when connecting to the riseupVPN

	mute-replay-warnings

	redirect-gateway
	verb 4
	block-outside-dns
	# adjust this if your system does not support 1.2
	tls-version-min 1.0

	nobind
	persist-tun
	persist-key
	resolv-retry infinite
	remote-cert-tls server
	remote-cert-eku "TLS Web Server Authentication"
	verify-x509-name vpn.riseup.net name
	#script-security 0
	#script-security 2 system
	script-security 2
	####
	#0 -- Strictly no calling of external programs.
	#1 -- (Default) Only call built-in executables such as ifconfig, ip, route, or netsh.
	#2 -- Allow calling of built-in executables and user-defined scripts.
	#3 -- Allow passwords to be passed to scripts via environmental variables (potentially unsafe).
	##
	#up-delay

	##
	#log openvpn.log

	<ca>
	-----BEGIN CERTIFICATE-----
	MIIF2jCCA8KgAwIBAgIIVogyQTSIzc8wDQYJKoZIhvcNAQELBQAwgYYxGDAWBgNV
	BAMTD1Jpc2V1cCBOZXR3b3JrczEYMBYGA1UEChMPUmlzZXVwIE5ldHdvcmtzMRAw
	DgYDVQQHEwdTZWF0dGxlMQswCQYDVQQIEwJXQTELMAkGA1UEBhMCVVMxJDAiBgkq
	hkiG9w0BCQEWFWNvbGxlY3RpdmVAcmlzZXVwLm5ldDAiGA8yMDE2MDEwMjIwMjU0
	MFoYDzIwMjYwMzMwMjAyNjAxWjCBhjEYMBYGA1UEAxMPUmlzZXVwIE5ldHdvcmtz
	MRgwFgYDVQQKEw9SaXNldXAgTmV0d29ya3MxEDAOBgNVBAcTB1NlYXR0bGUxCzAJ
	BgNVBAgTAldBMQswCQYDVQQGEwJVUzEkMCIGCSqGSIb3DQEJARYVY29sbGVjdGl2
	ZUByaXNldXAubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw2VV
	uoz4xqeB1ROIwXBRaj0prOqEFX89A7+2rslGRfjM8NPHyBLGleoHTK3DPwadtQeg
	ulaEOAjM5EMXTEX/o9H46L6h729HUWPCwVssvvOjyxTyGJDf7Ihd/Ab7ODtlJSyc
	g31aXMioA5pGz5QnS3VGz4nE9+NL+jobc/NbhaacsEPR/7xO7meRNu/1S+YiHK1y
	BSVrfap3XItlcNHDGNQkPyyJbS3pAS1lQs2HCBTzcFCamCkDOC7cRh9wZ4GH8U2f
	2s0mDD5zhRpheNW4gFBtGpqHiRXv7WJW612aaXzKQQoIq2loGNvOpnyBPKL3jjUT
	Rxv5IzWMV0nAofMCy25u/S4J65uSEd9mLNXFJ3rl+cFaybcOUXktTbS7bZy6cMyf
	/gO28bEXIWr5WfZf8jCbPyOVfExZquG3aS+0YPWmIJCheXQzgiwplZy93oND1GGQ
	f+1R2F7GPwNXQdefv2xm7PTWhHbSWHHmeY89qYED+yFJrX5ChoFoBbYs1lMmdU/C
	2MnQBFtvcVockXFAUONyMKiq8ZP6sQ1lu0rO9Bvkhx55sJLZOmjN3g4S1K97PbbI
	5DzHKcR0JQSt8ZtCY/MuMbwvlNYo98bFWvlfKET0KPtogNNH0PNfJmStKR8jWGjE
	HnUNXo7YDfK90iEKTjLz2K5CYzH5Dm6iYJNaaykCAwEAAaNGMEQwEgYDVR0TAQH/
	BAgwBgEB/wIBADAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTGek7ebtq2Ibm+
	2K6je1IMobvEkzANBgkqhkiG9w0BAQsFAAOCAgEAO2B3jnL+8LeoRkc282qUpHyu
	xYj0Qd68l0CJ0FjfA2OCR/6h1W4gZVH+fTd/mhgrNXj28GRT53JEh1jdRC7ENTXu
	W9O8I9gCbWQ6V4nkZ9lpq8UEmKTFGnngVu8VCmSDF+y0kFuEtmt0jyd2UkJfC/vy
	Gh78OCHEdGAeOTYHXamiuA9Z7wMuncPjP476gSW2kfWTdxV25ad4tT5dA5d42xDm
	YE2UKzHeB9amOmvyh08LPD0idT5oROCIHsHBhQC9oltJXO5j6GyHRg88C1inyv6R
	xk+w9ek4wSBpoJg5t3hdbZr3JTUsuu4WPtAET0fMQpJC+niaBbegwtvdLZFM+d8x
	ead3ZpMO+XrpazDFGtdPTQdi5EIYmr2RL9eTeQbVPwMB9TgFpBXP+iYIuTpNo8jn
	8zS4EcPRmz6PQJVK4zkHczfvquyU9RuOwEgb8qN4tSNxF0Z94uSVUoXCG9WZLf8q
	MfsGesYiR/qLnLn3MfAyWm3OVOUvGzczDE2T8VvY7rXc2+8ra5aK0TNAgEz9ey6D
	/dGzM1JCCe1A08s+2+eRX//pmqmOCoGrY7zwIVS2T249h6iIMM9yT0C3ZXRoTnVN
	osyidOkVuQr0YK6shJ0WaK4F1MktdjOZKPoIc9QLw+TrSU2hfyla36T0bNWMC/TJ
	YtxDI+d1jIFZ7zMmts4=
	-----END CERTIFICATE-----
	</ca>