From dc0168911932f327de660037a4129088e7f5203e Mon Sep 17 00:00:00 2001
From: minikin <djminikin@gmail.com>
Date: Wed, 20 Dec 2023 12:49:43 +0100
Subject: [PATCH 01/66] chore: wip

---
 docs/FLUTTER_INTEGRATION_TEST.md              |  6 ++--
 .../0005-flutter-app.md                       | 36 +++++++++++++++++++
 2 files changed, 38 insertions(+), 4 deletions(-)
 create mode 100644 docs/src/architecture/09_architecture_decisions/0005-flutter-app.md

diff --git a/docs/FLUTTER_INTEGRATION_TEST.md b/docs/FLUTTER_INTEGRATION_TEST.md
index e4eb7fc7c29..06cc4c62492 100644
--- a/docs/FLUTTER_INTEGRATION_TEST.md
+++ b/docs/FLUTTER_INTEGRATION_TEST.md
@@ -42,10 +42,8 @@ and select the appropriate history.
 
 #### Web
 
-On Ubuntu you might be required to start chromedriver.  
-In a separate terminal run:  
-
-`chromedriver --port=4444`
+>On Ubuntu you might be required to start chromedriver.
+>In a separate terminal run: `chromedriver --port=4444`
 
 Navigate to `catalyst_voices` and run:
 
diff --git a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
new file mode 100644
index 00000000000..aa179c79d69
--- /dev/null
+++ b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
@@ -0,0 +1,36 @@
+---
+    title: 0005 Catalyst Voices Frontend App Architecture
+    adr:
+        author: Oleksandr Prokhorenko
+        created: 30-Nov-2023
+        status:  proposed
+    tags:
+        - flutter
+---
+
+--- *This is a template ADR to be copied and completed when adding new ADR* ---
+
+## Context
+
+What is the issue that we're seeing that is motivating this decision or change?
+
+## Assumptions
+
+Anything that could cause problems if untrue now or later
+
+## Decision
+
+What is the change that we're proposing and/or doing?
+
+## Risks
+
+Anything that could cause malfunction, delay, or other negative impacts
+
+## Consequences
+
+What becomes easier or more difficult to do because of this change?
+
+## More Information
+
+Provide additional evidence/confidence for the decision outcome
+Links to other decisions and resources might here appear as well.
\ No newline at end of file

From eccc9bf97ec7d82b7295d133b1ed69b5b0560b1c Mon Sep 17 00:00:00 2001
From: minikin <djminikin@gmail.com>
Date: Thu, 21 Dec 2023 15:30:36 +0100
Subject: [PATCH 02/66] Update 0005-flutter-app.md

---
 .../0005-flutter-app.md                       | 32 ++++++++++++++-----
 1 file changed, 24 insertions(+), 8 deletions(-)

diff --git a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
index aa179c79d69..90ebf708a6b 100644
--- a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
+++ b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
@@ -2,7 +2,7 @@
     title: 0005 Catalyst Voices Frontend App Architecture
     adr:
         author: Oleksandr Prokhorenko
-        created: 30-Nov-2023
+        created: 22-Dec-2023
         status:  proposed
     tags:
         - flutter
@@ -12,25 +12,41 @@
 
 ## Context
 
-What is the issue that we're seeing that is motivating this decision or change?
+For the Catalyst Voices Frontend App, our goal is to establish a structure that ensures scalability, maintainability, and a clear separation of concerns. With the complexity of voting events, it’s crucial to have an architecture that supports extensive functionality and easy adaptability to change.
 
 ## Assumptions
 
-Anything that could cause problems if untrue now or later
+* Clean Architecture will facilitate a clear separation of concerns across the app.
+* The BLoC pattern, combined with ViewModels, will streamline state management across the app.
+* Developers are or will become comfortable with reactive programming paradigms and Flutter’s Streams.
+* The Flutter community will continue to support and evolve the BLoC pattern.
+* The BLoC pattern will be sufficient to handle the app’s state management needs.
 
 ## Decision
 
-What is the change that we're proposing and/or doing?
+We have chosen to use BLoC with ViewModels, guided by Clean Architecture principles, for the development of the Catalyst Voices Frontend App. This approach will segregate the app into distinct layers - presentation,
+domain, and data, with BLoC serving as the intermediary for state management and business logic.
+The BLoC pattern will manage the app's state reactively, making it easier to handle complex state dependencies and asynchronous operations.The ViewModel layer will further aid in abstracting the presentation logic from BLoCs.
+
+TODO: Add diagram of the architecture
 
 ## Risks
 
-Anything that could cause malfunction, delay, or other negative impacts
+* Learning curve associated with Clean Architecture and BLoC pattern for developers not familiar with these concepts.
+* Overhead in setting up and managing BLoCs and ViewModels for simpler UI components.
+* Potential for boilerplate code, impacting readability and maintainability.
 
 ## Consequences
 
-What becomes easier or more difficult to do because of this change?
+* Enhanced maintainability and testability due to the separation of concerns.
+* Greater flexibility in changing or extending the app’s features.
+* Improved scalability, as new components can be added with minimal impact on existing code.
+* A consistent structure across the app, aiding new developers in understanding the codebase.
+
 
 ## More Information
 
-Provide additional evidence/confidence for the decision outcome
-Links to other decisions and resources might here appear as well.
\ No newline at end of file
+* Detailed documentation on Clean Architecture and how it applies to Flutter development.
+* Documentation and best practices for implementing BLoC and ViewModels in Flutter.
+* Examples of successful Flutter apps built using BLoC and Clean Architecture.
+* Training sessions or resources for the team to get proficient in these architectural concepts.
\ No newline at end of file

From e00ae8315a8165fa9540542b0b5743c1ca0a29c2 Mon Sep 17 00:00:00 2001
From: minikin <djminikin@gmail.com>
Date: Thu, 21 Dec 2023 16:20:11 +0100
Subject: [PATCH 03/66] Update 0005-flutter-app.md

---
 .../09_architecture_decisions/0005-flutter-app.md  | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
index 90ebf708a6b..5be5f129f74 100644
--- a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
+++ b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
@@ -12,7 +12,9 @@
 
 ## Context
 
-For the Catalyst Voices Frontend App, our goal is to establish a structure that ensures scalability, maintainability, and a clear separation of concerns. With the complexity of voting events, it’s crucial to have an architecture that supports extensive functionality and easy adaptability to change.
+For the Catalyst Voices Frontend App, our goal is to establish a structure that ensures scalability,
+maintainability, and a clear separation of concerns. With the complexity of voting events,
+it’s crucial to have an architecture that supports extensive functionality and easy adaptability to change.
 
 ## Assumptions
 
@@ -24,11 +26,11 @@ For the Catalyst Voices Frontend App, our goal is to establish a structure that
 
 ## Decision
 
-We have chosen to use BLoC with ViewModels, guided by Clean Architecture principles, for the development of the Catalyst Voices Frontend App. This approach will segregate the app into distinct layers - presentation,
-domain, and data, with BLoC serving as the intermediary for state management and business logic.
+We have chosen to use BLoC with ViewModels, guided by Clean Architecture principles,
+for the development of the Catalyst Voices Frontend App. This approach will segregate the app into distinct layers - presentation, domain, and data, with BLoC serving as the intermediary for state management and business logic.
 The BLoC pattern will manage the app's state reactively, making it easier to handle complex state dependencies and asynchronous operations.The ViewModel layer will further aid in abstracting the presentation logic from BLoCs.
 
-TODO: Add diagram of the architecture
+TODO: Add diagram of the architecture and how the different layers interact.
 
 ## Risks
 
@@ -43,10 +45,12 @@ TODO: Add diagram of the architecture
 * Improved scalability, as new components can be added with minimal impact on existing code.
 * A consistent structure across the app, aiding new developers in understanding the codebase.
 
-
 ## More Information
 
+TODO: Add links to resources
+
 * Detailed documentation on Clean Architecture and how it applies to Flutter development.
+* [The Clean Architecture](https://blog.cleancoder.com/uncle-bob/2012/08/13/the-clean-architecture.html)
 * Documentation and best practices for implementing BLoC and ViewModels in Flutter.
 * Examples of successful Flutter apps built using BLoC and Clean Architecture.
 * Training sessions or resources for the team to get proficient in these architectural concepts.
\ No newline at end of file

From 42c37554619eb6d3e3e7294f5b24902343ed9803 Mon Sep 17 00:00:00 2001
From: minikin <djminikin@gmail.com>
Date: Fri, 22 Dec 2023 14:26:35 +0100
Subject: [PATCH 04/66] Update 0005-flutter-app.md

---
 .../09_architecture_decisions/0005-flutter-app.md     | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
index 5be5f129f74..9c384dc7d7b 100644
--- a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
+++ b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
@@ -12,7 +12,7 @@
 
 ## Context
 
-For the Catalyst Voices Frontend App, our goal is to establish a structure that ensures scalability,
+Our goal for the Catalyst Voices Frontend App is to establish a structure that ensures scalability,
 maintainability, and a clear separation of concerns. With the complexity of voting events,
 it’s crucial to have an architecture that supports extensive functionality and easy adaptability to change.
 
@@ -47,10 +47,7 @@ TODO: Add diagram of the architecture and how the different layers interact.
 
 ## More Information
 
-TODO: Add links to resources
-
-* Detailed documentation on Clean Architecture and how it applies to Flutter development.
 * [The Clean Architecture](https://blog.cleancoder.com/uncle-bob/2012/08/13/the-clean-architecture.html)
-* Documentation and best practices for implementing BLoC and ViewModels in Flutter.
-* Examples of successful Flutter apps built using BLoC and Clean Architecture.
-* Training sessions or resources for the team to get proficient in these architectural concepts.
\ No newline at end of file
+* [BLoC Pattern - DartConf 2018](https://youtu.be/PLHln7wHgPE?si=QJ8hXOCWz2WIYFye)
+* [BLoC Pub Documentation](https://bloclibrary.dev/)
+* [Flutter BLoC Examples](https://github.com/felangel/bloc/tree/master/examples)

From 3183dc21616b513486b15f7b0d6909e7e28bd1c5 Mon Sep 17 00:00:00 2001
From: minikin <djminikin@gmail.com>
Date: Mon, 25 Dec 2023 11:39:18 +0100
Subject: [PATCH 05/66] Update 0005-flutter-app.md

---
 .../0005-flutter-app.md                          | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
index 9c384dc7d7b..7d96f32cbed 100644
--- a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
+++ b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
@@ -27,10 +27,20 @@ it’s crucial to have an architecture that supports extensive functionality and
 ## Decision
 
 We have chosen to use BLoC with ViewModels, guided by Clean Architecture principles,
-for the development of the Catalyst Voices Frontend App. This approach will segregate the app into distinct layers - presentation, domain, and data, with BLoC serving as the intermediary for state management and business logic.
-The BLoC pattern will manage the app's state reactively, making it easier to handle complex state dependencies and asynchronous operations.The ViewModel layer will further aid in abstracting the presentation logic from BLoCs.
+for the development of the Catalyst Voices Frontend App.
+This approach will segregate the app into distinct layers - presentation, domain, and data,
+with BLoC serving as the intermediary for state management and business logic.
+The BLoC pattern will manage the app's state reactively,
+making it easier to handle complex state dependencies and asynchronous operations.
+The ViewModel layer will further aid in abstracting the presentation logic from BLoCs.
+
+
+
+
+
+### Practical Example
+
 
-TODO: Add diagram of the architecture and how the different layers interact.
 
 ## Risks
 

From d23779b77b6ffc0ac152c636e10cbbf99976f7a9 Mon Sep 17 00:00:00 2001
From: minikin <djminikin@gmail.com>
Date: Wed, 27 Dec 2023 16:44:04 +0100
Subject: [PATCH 06/66] Update 0005-flutter-app.md

---
 .../0005-flutter-app.md                       | 46 ++++++++++++++++++-
 1 file changed, 44 insertions(+), 2 deletions(-)

diff --git a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
index 7d96f32cbed..29e3496c5c7 100644
--- a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
+++ b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
@@ -26,7 +26,7 @@ it’s crucial to have an architecture that supports extensive functionality and
 
 ## Decision
 
-We have chosen to use BLoC with ViewModels, guided by Clean Architecture principles,
+We have chosen to use BLoC pattern alongside ViewModels, guided by Clean Architecture principles,
 for the development of the Catalyst Voices Frontend App.
 This approach will segregate the app into distinct layers - presentation, domain, and data,
 with BLoC serving as the intermediary for state management and business logic.
@@ -34,7 +34,49 @@ The BLoC pattern will manage the app's state reactively,
 making it easier to handle complex state dependencies and asynchronous operations.
 The ViewModel layer will further aid in abstracting the presentation logic from BLoCs.
 
-
+```mermaid
+---
+title: Catalyst Voices Fronted Architecture
+---
+flowchart LR
+    subgraph id1 [BLoC pattern in conjunction with ViewModels steered by the principles of Clean Architecture.]
+      subgraph id2 [Application Layer]
+      direction LR
+      subgraph id3 [Presentation Layer]
+      direction RL
+        subgraph id4 [Connect Wallet Screen]
+        id01[Widgets]
+        end
+        subgraph id5 [View All Events Screen]
+        id02[Widgets]
+        end
+        subgraph id6 [Settings Screen]
+        id03[Widgets]
+        end
+      end
+      subgraph id5555 [Business Layer]
+      direction RL
+        subgraph id7 [Connect Wallet Bloc]
+        end
+        subgraph id8 [View All Events Bloc]
+        end
+        subgraph id9 [Settings Bloc]
+        end
+      end
+      end
+    subgraph Domain Layer
+    cv1
+    cv2
+    end
+    subgraph Data Layer
+    cssdd1
+    cdd2
+    end
+    end
+    id4 <--> id7
+    id5 <--> id8
+    id6 <--> id9
+```
 
 
 

From 16bf4a2a8e84272511962118b6be90b15d3157e2 Mon Sep 17 00:00:00 2001
From: minikin <djminikin@gmail.com>
Date: Wed, 27 Dec 2023 17:41:44 +0100
Subject: [PATCH 07/66] Update 0005-flutter-app.md

---
 .../0005-flutter-app.md                       | 71 ++++++++++++-------
 1 file changed, 45 insertions(+), 26 deletions(-)

diff --git a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
index 29e3496c5c7..f429719ea8c 100644
--- a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
+++ b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
@@ -8,8 +8,6 @@
         - flutter
 ---
 
---- *This is a template ADR to be copied and completed when adding new ADR* ---
-
 ## Context
 
 Our goal for the Catalyst Voices Frontend App is to establish a structure that ensures scalability,
@@ -38,44 +36,65 @@ The ViewModel layer will further aid in abstracting the presentation logic from
 ---
 title: Catalyst Voices Fronted Architecture
 ---
-flowchart LR
-    subgraph id1 [BLoC pattern in conjunction with ViewModels steered by the principles of Clean Architecture.]
-      subgraph id2 [Application Layer]
+flowchart TB
+    subgraph id1 [BLoC pattern in conjunction with ViewModels steered by the principles of Clean Architecture]
+      subgraph al01 [Application Layer]
+      direction LR
+      subgraph al02 [Presentation Layer]
       direction LR
-      subgraph id3 [Presentation Layer]
-      direction RL
-        subgraph id4 [Connect Wallet Screen]
-        id01[Widgets]
+        subgraph al03 [Connect Wallet Screen]
+        w1[Widgets]
         end
-        subgraph id5 [View All Events Screen]
-        id02[Widgets]
+        subgraph al04 [View All Events Screen]
+        w2[Widgets]
         end
-        subgraph id6 [Settings Screen]
-        id03[Widgets]
+        subgraph al05 [Settings Screen]
+        w3[Widgets]
         end
       end
-      subgraph id5555 [Business Layer]
-      direction RL
-        subgraph id7 [Connect Wallet Bloc]
+      subgraph bl01 [Business Layer]
+      direction LR
+        subgraph bl02 [Connect Wallet Bloc]
+        vm01[State <---> Event <---> ViewModel]
         end
-        subgraph id8 [View All Events Bloc]
+        subgraph bl03 [View All Events Bloc]
+        vm02[State <---> Event <---> ViewModel]
         end
-        subgraph id9 [Settings Bloc]
+        subgraph bl04 [Settings Bloc]
+        vm03[State <---> Event <---> ViewModel]
         end
       end
       end
-    subgraph Domain Layer
-    cv1
-    cv2
+    subgraph dl01 [Domain Layer]
+    direction RL
+    subgraph dl02 [Connect Wallet Repository]
+    end
+    subgraph dl03 [Events Repository]
+    end
+    subgraph dl04 [User Repository]
+    end
     end
     subgraph Data Layer
-    cssdd1
-    cdd2
+    direction RL
+    subgraph dl05 [Connect Wallet API]
+    end
+    subgraph dl06 [Catalyst Events API]
+    end
+    subgraph dl07 [Local Storage]
+    end
     end
     end
-    id4 <--> id7
-    id5 <--> id8
-    id6 <--> id9
+    al03 <--> bl02
+    al04 <--> bl03
+    al05 <--> bl04
+    bl02 <--> dl02
+    bl03 <--> dl03
+    bl04 <--> dl04
+    dl02 <--> dl05
+    dl02 <--> dl07
+    dl03 <--> dl06
+    dl03 <--> dl07
+    dl04 <--> dl07
 ```
 
 

From 1b980f2b3f6f20eec36ecfe902d6e50a090b3f2e Mon Sep 17 00:00:00 2001
From: minikin <djminikin@gmail.com>
Date: Wed, 27 Dec 2023 17:44:01 +0100
Subject: [PATCH 08/66] Update 0005-flutter-app.md

---
 .../architecture/09_architecture_decisions/0005-flutter-app.md   | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
index f429719ea8c..e5d3c69ce4f 100644
--- a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
+++ b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
@@ -122,3 +122,4 @@ flowchart TB
 * [BLoC Pattern - DartConf 2018](https://youtu.be/PLHln7wHgPE?si=QJ8hXOCWz2WIYFye)
 * [BLoC Pub Documentation](https://bloclibrary.dev/)
 * [Flutter BLoC Examples](https://github.com/felangel/bloc/tree/master/examples)
+* [ViewModel overview](https://developer.android.com/topic/libraries/architecture/viewmodel)

From bcc4891835e1399d67ed6e4a135bb7cb4df2d78e Mon Sep 17 00:00:00 2001
From: minikin <djminikin@gmail.com>
Date: Wed, 27 Dec 2023 17:46:21 +0100
Subject: [PATCH 09/66] Update 0005-flutter-app.md

---
 .../09_architecture_decisions/0005-flutter-app.md          | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
index e5d3c69ce4f..fa1bf0645db 100644
--- a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
+++ b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
@@ -97,8 +97,6 @@ flowchart TB
     dl04 <--> dl07
 ```
 
-
-
 ### Practical Example
 
 
@@ -121,5 +119,6 @@ flowchart TB
 * [The Clean Architecture](https://blog.cleancoder.com/uncle-bob/2012/08/13/the-clean-architecture.html)
 * [BLoC Pattern - DartConf 2018](https://youtu.be/PLHln7wHgPE?si=QJ8hXOCWz2WIYFye)
 * [BLoC Pub Documentation](https://bloclibrary.dev/)
-* [Flutter BLoC Examples](https://github.com/felangel/bloc/tree/master/examples)
-* [ViewModel overview](https://developer.android.com/topic/libraries/architecture/viewmodel)
+* [Flutter BLoC Examples](https://github.com/felangel/bloc/tree/master/examples) 
+* [So What Exactly is a View-Model?](https://www.infoq.com/articles/View-Model-Definition/)
+* [ViewModel Overview from Android Developers](https://developer.android.com/topic/libraries/architecture/viewmodel)

From e63d75cfbe7f6caa6f830b67503acf3428662ad7 Mon Sep 17 00:00:00 2001
From: minikin <djminikin@gmail.com>
Date: Fri, 29 Dec 2023 15:18:24 +0100
Subject: [PATCH 10/66] Update 0005-flutter-app.md

---
 .../0005-flutter-app.md                       | 55 ++++++++++++++++++-
 1 file changed, 52 insertions(+), 3 deletions(-)

diff --git a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
index fa1bf0645db..df9d306deb1 100644
--- a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
+++ b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
@@ -97,9 +97,57 @@ flowchart TB
     dl04 <--> dl07
 ```
 
-### Practical Example
-
-
+### Maintain Uniformity
+
+To the established patterns of the team. Avoid bypassing the structured layers.
+Ensure each layer maintains a clear relationship hierarchy, preventing direct interactions between non-adjacent layers.
+For instance, the presentation layer should never directly communicate with the data layer's APIs.
+Maintain the hierarchy where the data layer is dependent on the domain layer across all feature development.
+
+Effective naming conventions are crucial for ease of navigation within a project.
+While naming is flexible (some may refer to the data layer as infrastructure),
+consistency in these names is essential for maintaining a clear architectural understanding.
+Inconsistency can lead to a disorganized and challenging codebase, potentially causing confusion among team members.
+It's vital to adhere to the established guidelines within the codebase to avoid these issues.
+
+```txt
+├── catalyst_voices
+|   ├── libs
+│   │   ├── app
+│   │   │   └── app.dart
+|   |   |   └── utils.dart
+|   |   └── configs
+|   |   |   └── app_bloc_observer.dart
+|   |   |   └── bootstrap.dart
+|   |   |   └── main_dev.dart
+|   |   |   └── main_prod.dart
+|   |   |   └── main_preprod.dart
+|   |   |   └── main_qa.dart
+│   │   └── connect_wallet
+│   │   |   ├── connect_wallet_page.dart
+|   |   |   └── wallet_list_item.dart
+│   │   |   └── wallets_list.dart
+|   |   └── events
+|   |   |   └── events_page.dart
+|   |   |   └── events_list_item.dart
+|   |   |   └── other_event_widgets.dart
+│   │   ├── setting
+│   │   |   ├── settings_page.dart
+|   |   |   └── user_widget.dart
+|   |   |   └── app_settings.dart
+│   ├── packages
+│   │   ├── catalyst_voices_assets
+│   │   ├── catalyst_voices_blocs
+│   │   ├── catalyst_voices_localization
+│   │   ├── catalyst_voices_models
+│   │   ├── catalyst_voices_repositories
+│   │   ├── catalyst_voices_services
+│   │   ├── catalyst_voices_models
+│   │   ├── catalyst_voices_shared
+│   │   ├── catalyst_voices_view_models
+├── pubspec.lock
+├── pubspec.yaml
+```
 
 ## Risks
 
@@ -117,6 +165,7 @@ flowchart TB
 ## More Information
 
 * [The Clean Architecture](https://blog.cleancoder.com/uncle-bob/2012/08/13/the-clean-architecture.html)
+* [SOLID](https://www.digitalocean.com/community/conceptual-articles/s-o-l-i-d-the-first-five-principles-of-object-oriented-design)
 * [BLoC Pattern - DartConf 2018](https://youtu.be/PLHln7wHgPE?si=QJ8hXOCWz2WIYFye)
 * [BLoC Pub Documentation](https://bloclibrary.dev/)
 * [Flutter BLoC Examples](https://github.com/felangel/bloc/tree/master/examples) 

From 0539ac955248f37466551a146a31b738bbca1716 Mon Sep 17 00:00:00 2001
From: minikin <djminikin@gmail.com>
Date: Fri, 29 Dec 2023 15:25:25 +0100
Subject: [PATCH 11/66] Update 0005-flutter-app.md

---
 .../09_architecture_decisions/0005-flutter-app.md         | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
index df9d306deb1..346feafe040 100644
--- a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
+++ b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
@@ -11,7 +11,8 @@
 ## Context
 
 Our goal for the Catalyst Voices Frontend App is to establish a structure that ensures scalability,
-maintainability, and a clear separation of concerns. With the complexity of voting events,
+maintainability, and a clear separation of concerns.
+With the complexity of voting events,
 it’s crucial to have an architecture that supports extensive functionality and easy adaptability to change.
 
 ## Assumptions
@@ -99,7 +100,8 @@ flowchart TB
 
 ### Maintain Uniformity
 
-To the established patterns of the team. Avoid bypassing the structured layers.
+To the established patterns of the team.
+Avoid bypassing the structured layers.
 Ensure each layer maintains a clear relationship hierarchy, preventing direct interactions between non-adjacent layers.
 For instance, the presentation layer should never directly communicate with the data layer's APIs.
 Maintain the hierarchy where the data layer is dependent on the domain layer across all feature development.
@@ -168,6 +170,6 @@ It's vital to adhere to the established guidelines within the codebase to avoid
 * [SOLID](https://www.digitalocean.com/community/conceptual-articles/s-o-l-i-d-the-first-five-principles-of-object-oriented-design)
 * [BLoC Pattern - DartConf 2018](https://youtu.be/PLHln7wHgPE?si=QJ8hXOCWz2WIYFye)
 * [BLoC Pub Documentation](https://bloclibrary.dev/)
-* [Flutter BLoC Examples](https://github.com/felangel/bloc/tree/master/examples) 
+* [Flutter BLoC Examples](https://github.com/felangel/bloc/tree/master/examples)
 * [So What Exactly is a View-Model?](https://www.infoq.com/articles/View-Model-Definition/)
 * [ViewModel Overview from Android Developers](https://developer.android.com/topic/libraries/architecture/viewmodel)

From 07ad50cc66a37e113ea6cff796ab9cc876573905 Mon Sep 17 00:00:00 2001
From: minikin <djminikin@gmail.com>
Date: Wed, 3 Jan 2024 13:58:50 +0100
Subject: [PATCH 12/66] Update 0005-flutter-app.md

---
 .../architecture/09_architecture_decisions/0005-flutter-app.md | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
index 346feafe040..47e3295bf47 100644
--- a/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
+++ b/docs/src/architecture/09_architecture_decisions/0005-flutter-app.md
@@ -34,9 +34,6 @@ making it easier to handle complex state dependencies and asynchronous operation
 The ViewModel layer will further aid in abstracting the presentation logic from BLoCs.
 
 ```mermaid
----
-title: Catalyst Voices Fronted Architecture
----
 flowchart TB
     subgraph id1 [BLoC pattern in conjunction with ViewModels steered by the principles of Clean Architecture]
       subgraph al01 [Application Layer]

From ec8ea17dc553baed5d8c00a389af31279a501cbd Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Thu, 4 Jan 2024 16:00:15 +0700
Subject: [PATCH 13/66] docs(docs): Use latest docs builders and fix concepts
 page

---
 docs/Earthfile                           | 6 +++---
 docs/src/architecture/08_concepts/.pages | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)
 create mode 100644 docs/src/architecture/08_concepts/.pages

diff --git a/docs/Earthfile b/docs/Earthfile
index e257d603446..a10978793b0 100644
--- a/docs/Earthfile
+++ b/docs/Earthfile
@@ -6,7 +6,7 @@ VERSION 0.7
 # Copy all the source we need to build the docs
 src:
     # Common src setup
-    DO github.com/input-output-hk/catalyst-ci/earthly/docs:v2.0.11+SRC
+    DO github.com/input-output-hk/catalyst-ci/earthly/docs:v2.0.16+SRC
 
     # Now copy into that any artifacts we pull from the builds.
     COPY --dir ../+repo-docs/repo /docs/includes
@@ -21,12 +21,12 @@ src:
 docs:
     FROM +src
 
-    DO github.com/input-output-hk/catalyst-ci/earthly/docs:v2.0.11+BUILD
+    DO github.com/input-output-hk/catalyst-ci/earthly/docs:v2.0.16+BUILD
 
 # Make a locally runable container that can serve the docs.
 local:
     # Build a self contained service to show built docs locally.
-    DO github.com/input-output-hk/catalyst-ci/earthly/docs:v2.0.11+PACKAGE
+    DO github.com/input-output-hk/catalyst-ci/earthly/docs:v2.0.16+PACKAGE
 
     # Copy the static pages into the container
     COPY +docs/ /usr/share/nginx/html
diff --git a/docs/src/architecture/08_concepts/.pages b/docs/src/architecture/08_concepts/.pages
new file mode 100644
index 00000000000..582fe53ade2
--- /dev/null
+++ b/docs/src/architecture/08_concepts/.pages
@@ -0,0 +1 @@
+title: Concepts
\ No newline at end of file

From d6e5ce88f23c4b25bb7442094f119b2841ed7f35 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Thu, 11 Jan 2024 20:08:31 +0700
Subject: [PATCH 14/66] docs(cips): Start drafting the CIPS for milestone 2

---
 .../draft-cips/role-registration/cip-xxxx.md  | 74 +++++++++++++++----
 1 file changed, 59 insertions(+), 15 deletions(-)

diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
index 62dc1898982..1d4352f86c2 100644
--- a/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
@@ -9,27 +9,18 @@ Implementors: []
 Discussions:
     - https://github.com/cardano-foundation/cips/pulls/?
 Created: 2023-10-24
-License: CC-BY-4.0
+License: CC-BY-4.0 / Apache 2.0
 ---
 
-<!-- Existing categories:
-
-- Meta     | For meta-CIPs which typically serves another category or group of categories.
-- Wallets  | For standardization across wallets (hardware, full-node or light).
-- Tokens   | About tokens (fungible or non-fungible) and minting policies in general.
-- Metadata | For proposals around metadata (on-chain or off-chain).
-- Tools    | A broad category for ecosystem tools not falling into any other category.
-- Plutus   | Changes or additions to Plutus
-- Ledger   | For proposals regarding the Cardano ledger (including Reward Sharing Schemes)
-- Catalyst | For proposals affecting Project Catalyst / the Jormungandr project
-
--->
-
 <!-- markdownlint-disable MD025-->
 # Role Based Access Control Registration
 
 ## Abstract
 <!-- A short (\~200 word) description of the proposed solution and the technical issue being addressed. -->
+dApps such as Project Catalyst need robust, secure and extensible means for users to register under various roles
+and for the dApp to be able to validate actions against those roles.
+While these Role based registrations are required for future functionality of Project Catalyst, they are also
+intended to be generally useful to any dApp with User roles.
 
 ## Motivation: why is this CIP necessary?
 <!-- A clear explanation that introduces the reason for a proposal, its use cases and stakeholders. 
@@ -37,6 +28,40 @@ If the CIP changes an established design then it must outline design issues that
 For complex proposals, authors must write a Cardano Problem Statement (CPS) as defined in CIP-9999 
 and link to it as the `Motivation`. -->
 
+CIP-36 contains a limited form of role registration limited to voters and dreps.
+
+However, Project Catalyst has a large (and growing) number of roles identified in the system, all of
+which can benefit from on-chain registration.
+
+A non-exhaustive list of the roles Project Catalyst needs to identify on-chain are:
+
+1. Proposers.
+2. Co-Proposers.
+3. Proposal Reviewers.
+4. Voters.
+5. Representative voters.
+6. Tally committee members.
+7. Administrators.
+8. Audit committee members.
+
+Individual dApps may have their own unique list of roles they wish users to register for.
+Roles are such that an individual user may hold multiple roles, one of the purposes of this
+CIP is to allow the user  to unambiguously assert they are acting in the capacity of a selected role.
+
+CIP-36 offers a "purpose" field, but offers no way to manage it, and offers no way to allow it to be used unambiguously.
+The "purpose" field therefore is insufficient for the needs of identifying roles.
+
+CIP-36 also does not allow the voting key to be validated.
+This makes it impossible to determine if the registration voting key is usable, and owned by the registering user, or has
+been duplicated from another registration on-chain or is just a random number.
+
+It also offers no way to identify the difference between a voter registering for themselves, and a voter registering to be a dRep.
+
+These are some of the key reasons, CIP-36 is insufficient for future Project Catalyst needs.
+
+Registering for various roles and having role specific keys is generally useful for dApps, so while this CIP is
+motivated to solve problems with Project Catalyst, it is also intended to be generally applicable to other dApps.
+
 ## Specification
 <!-- The technical specification should describe the proposed improvement in sufficient technical detail. 
 In particular, it should provide enough information that an implementation can be performed solely on the basis 
@@ -45,6 +70,19 @@ This is necessary to facilitate multiple, interoperable implementations.
 This must include how the CIP should be versioned. 
 If a proposal defines structure of on-chain data it must include a CDDL schema in it's specification.-->
 
+Role registration is achieved by using two metadata records attached to the same transaction.
+
+### Metadata Labels
+
+| Label | Description |
+| ---   | --- |
+| 72220 | The RBAC Metadata Label |
+| 72221 | The RBAC Metadata witness set Label |
+
+Both pieces of metadata must be present for the registration to be valid.
+
+Note: **7222 is RBAC when decoded using the telephone ITU E.161 standard**
+
 ## Rationale: how does this CIP achieve its goals?
 <!-- The rationale fleshes out the specification by describing what motivated the design and what led to 
 particular design decisions.
@@ -66,4 +104,10 @@ and answer any questions that the CPS poses for potential solutions.
 <!-- A plan to meet those criteria. Or `N/A` if not applicable. -->
 
 ## Copyright
-<!-- The CIP must be explicitly licensed under acceptable copyright terms. -->
+
+This CIP is licensed under [CC-BY-4.0]
+
+Code samples and reference material are licensed under [Apache 2.0]
+
+[CC-BY-4.0]: https://creativecommons.org/licenses/by/4.0/legalcode
+[Apache 2.0]: https://www.apache.org/licenses/LICENSE-2.0.html

From 211293dcc9607d5329612e15c5feed291b8f3b0b Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Fri, 12 Jan 2024 21:00:00 +0700
Subject: [PATCH 15/66] docs(cips): More text for RBAC metadata draft

---
 .../draft-cips/role-registration/cip-xxxx.md  | 76 ++++++++++++++++++-
 1 file changed, 72 insertions(+), 4 deletions(-)

diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
index 1d4352f86c2..e2b599a6795 100644
--- a/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
@@ -74,15 +74,81 @@ Role registration is achieved by using two metadata records attached to the same
 
 ### Metadata Labels
 
-| Label | Description |
+| Metadata Label | Description |
 | ---   | --- |
-| 72220 | The RBAC Metadata Label |
-| 72221 | The RBAC Metadata witness set Label |
+| `7222` | The RBAC Metadata Label |
+| `7223` | The RBAC Metadata witness set Label |
 
-Both pieces of metadata must be present for the registration to be valid.
+Both pieces of metadata must be present in the same transaction for the registration to be valid.
+
+`7222` AND `7223` define this Metadata as being Role Registration Metadata.
+These Metadata key should not be used for another purpose.
 
 Note: **7222 is RBAC when decoded using the telephone ITU E.161 standard**
 
+### Metadata Encoding
+
+* The metadata will be encoded with [CBOR].
+* The [CBOR] metadata will be encoded strictly according to [CBOR - Core Deterministic Encoding Requirements].
+* There **MUST NOT** be any duplicate keys in a map.
+* UTF-8 strings **MUST** be valid UTF-8.
+* Tags **MUST NOT** be used unless specified in the specification.
+* Any Tags defined in the specification are **REQUIRED**, and they **MUST** be present in the encoded data.
+* Fields which should be tagged, but which are not tagged will be considered invalid.
+
+These validity checks apply only to the encoding and decoding of the metadata itself.  
+There are other validity requirements based on the role registration data itself.
+Each dApp may have further validity requirements beyond those stated herein.
+
+### High level overview of Role Registration metadata
+
+At a high level, Role registration will collect the following data:
+
+1. A [role public key or non-empty group of role public keys]();
+2. A [stake address for the network that this transaction is submitted to]();
+3. An *Optional* [Shelley payment address]().
+4. A [nonce]() that identifies that most recent registration.
+5. The [purpose]() of the registration.
+6. A [dApp ID]() which defines the dApp the registration belongs to.
+6. An *Optional* [expiry timestamp]().
+7. Optional dApp defined [extended registration metadata]().
+
+The formal specification for the `7222` Metadata is [CIPxxxx Metadata CDDL][].
+
+Informally, all Registrations follow the same generalized Format:
+
+```cbor
+7222: {
+  // Role Public Key or Role Public Key Array
+  1: h'a6a3c0447aeb9cc54cf6422ba32b294e5e1c3ef6d782f2acff4a70694c4d1663' or ,
+     [[h'A71A8700248D4C91E01A2A2CB5F4F0E664F084EB761C6792AEDD28160C1E403C', 50], [h'C606D983C5545800FAF20519D21988AA0A13271BA12BA9A8643FCFAD58697C97', 50]]
+  // Stake Public Key
+  2: h'ad4b948699193634a39dd56f779a2951a24779ad52aa7916f6912b8ec4702cee',
+  // Payment Address
+  3: h'00588e8e1d18cba576a4d35758069fe94e53f638b6faf7c07b8abd2bc5c5cdee47b60edc7772855324c85033c638364214cbfc6627889f81c4',
+  // nonce
+  4: 5479467,
+  // Purpose
+  5: 0,
+  // dApp ID
+  6: h'',
+  // Expires - Optional
+  7: 0,
+  // dApp Defined Metadata - Optional
+  100: <Any>
+}
+```
+
+Keys between `8` and `99` are reserved for any future extensions to this specification.
+They must not be defined by any dApp for private use.
+These 
+
+Keys above `100` are reserved for dApp specific use, and may be defined either formally or informally by any dApp.
+General parsers of this data should accept, but not otherwise interpret keys `100`+ unless they specifically understand
+the requirements of the identified dApp.
+
+### High level overview of the Role Registration witness data
+
 ## Rationale: how does this CIP achieve its goals?
 <!-- The rationale fleshes out the specification by describing what motivated the design and what led to 
 particular design decisions.
@@ -111,3 +177,5 @@ Code samples and reference material are licensed under [Apache 2.0]
 
 [CC-BY-4.0]: https://creativecommons.org/licenses/by/4.0/legalcode
 [Apache 2.0]: https://www.apache.org/licenses/LICENSE-2.0.html
+[CBOR]: https://www.rfc-editor.org/rfc/rfc8949.html
+[CBOR - Core Deterministic Encoding Requirements]: https://www.rfc-editor.org/rfc/rfc8949.html#section-4.2.1

From f5fe3e94e05174363664f069c9030cf69ec7665f Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Thu, 18 Jan 2024 21:10:23 +0700
Subject: [PATCH 16/66] docs(cips): WIP updates to draft cip for role
 registration

---
 .../draft-cips/role-registration/cip-xxxx.md  | 383 +++++++++++++++++-
 1 file changed, 372 insertions(+), 11 deletions(-)

diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
index e2b599a6795..2cfd02dbca4 100644
--- a/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
@@ -104,33 +104,38 @@ Each dApp may have further validity requirements beyond those stated herein.
 
 At a high level, Role registration will collect the following data:
 
-1. A [role public key or non-empty group of role public keys]();
+1. A [role public key or non-empty list of role public keys](#subkey-1---role-specific-public-key-or-role-public-key-array);
 2. A [stake address for the network that this transaction is submitted to]();
 3. An *Optional* [Shelley payment address]().
 4. A [nonce]() that identifies that most recent registration.
-5. The [purpose]() of the registration.
+5. The [role]() being registered.
 6. A [dApp ID]() which defines the dApp the registration belongs to.
 6. An *Optional* [expiry timestamp]().
 7. Optional dApp defined [extended registration metadata]().
 
 The formal specification for the `7222` Metadata is [CIPxxxx Metadata CDDL][].
 
-Informally, all Registrations follow the same generalized Format:
+Informally, all Registrations follow the same generalized Format (Non-Normative):
 
 ```cbor
 7222: {
   // Role Public Key or Role Public Key Array
-  1: h'a6a3c0447aeb9cc54cf6422ba32b294e5e1c3ef6d782f2acff4a70694c4d1663' or ,
-     [[h'A71A8700248D4C91E01A2A2CB5F4F0E664F084EB761C6792AEDD28160C1E403C', 50], [h'C606D983C5545800FAF20519D21988AA0A13271BA12BA9A8643FCFAD58697C97', 50]]
+  1: #6.??? h'a6a3c0447aeb9cc54cf6422ba32b294e5e1c3ef6d782f2acff4a70694c4d1663' ; or
+     [#6.??? h'A71A8700248D4C91E01A2A2CB5F4F0E664F084EB761C6792AEDD28160C1E403C', 
+      #6.??? h'C606D983C5545800FAF20519D21988AA0A13271BA12BA9A8643FCFAD58697C97'] ; or
+     [
+      [#6.??? h'A71A8700248D4C91E01A2A2CB5F4F0E664F084EB761C6792AEDD28160C1E403C', 50], 
+      [#6.??? h'C606D983C5545800FAF20519D21988AA0A13271BA12BA9A8643FCFAD58697C97', 50]
+     ]
   // Stake Public Key
-  2: h'ad4b948699193634a39dd56f779a2951a24779ad52aa7916f6912b8ec4702cee',
+  2: #6.??? h'ad4b948699193634a39dd56f779a2951a24779ad52aa7916f6912b8ec4702cee',
   // Payment Address
-  3: h'00588e8e1d18cba576a4d35758069fe94e53f638b6faf7c07b8abd2bc5c5cdee47b60edc7772855324c85033c638364214cbfc6627889f81c4',
+  3: #6.???h'00588e8e1d18cba576a4d35758069fe94e53f638b6faf7c07b8abd2bc5c5cdee47b60edc7772855324c85033c638364214cbfc6627889f81c4',
   // nonce
   4: 5479467,
-  // Purpose
+  // Role
   5: 0,
-  // dApp ID
+  // dApp ID (UUID or ULID)
   6: h'',
   // Expires - Optional
   7: 0,
@@ -141,12 +146,368 @@ Informally, all Registrations follow the same generalized Format:
 
 Keys between `8` and `99` are reserved for any future extensions to this specification.
 They must not be defined by any dApp for private use.
-These 
+These keys, if defined, will be defined by a CIP which extends this base specification.
 
-Keys above `100` are reserved for dApp specific use, and may be defined either formally or informally by any dApp.
+Keys above `100` are reserved for dApp specific use, and may be defined either formally by a CIP or informally by any dApp.
 General parsers of this data should accept, but not otherwise interpret keys `100`+ unless they specifically understand
 the requirements of the identified dApp.
 
+### Subkey 1 - Role Specific Public Key OR Role Public Key Array
+
+Subkey 1 is either:
+
+* A Single [Role Specific Public Key](#subkey-1---role-key---single-role-specific-public-key); OR
+* A [Optionally Weighted List of Role Specific Public Keys](#grouped-role-registration-format).
+
+#### SubKey 1 - Role Key - Single Role Specific Public Key
+
+The Role Key is an [Ed25519-BIP32][CIP0003] public key.
+
+This is represented as a CBOR Byte-string, 32 bytes long.
+It is tagged with `#6.???` to unambiguously identify the key type.
+This is to allow the specification to evolve in a forward compatible manor if new key types are introduced.
+
+Any and All authoritative actions performed under the registered Role MUST be signed with an owned Role Key.
+How the dApp signs the data and what format that data or signature takes is not defined in this CIP.
+
+The Witness data informs if the Role key is being used by reference, and is not owned by the registration,
+or is owned and controlled by the registration.
+This distinction is important in cases where a Role is being delegated to another registration.
+The definition of the `purpose` will declare if it is valid for a particular Role to delegate or not and is
+outside the scope of this specification.
+
+Role keys MUST be derived using the following specific key derivation path.
+This is to allow Key recovery across compatible wallets.
+An implementation will be non-conforming to this specification if it does not use the defined Key derivation path.
+
+It is valid for multiple Stake addresses to register with the same Role key, but they MUST prove ownership of the key
+otherwise it will be identified as a delegation.
+The dApp defines the limits of this relationship, and that can differ on a role by role basis.
+
+Role keys MUST, as far as practically possible, be unique to a dApp to ensure they are not improperly used across dApps.
+The aim is for a Role key to unambiguously declare the intention of the user to act with their role.
+See [Key Derivation](#key-derivation) for details on how the Role key MUST be derived from the master key of the wallet.
+
+Other than the fact that a registration unambiguously associates one or more Stake addresses to a Role Specific Public Key,
+this CIP does not define how that is validated for any particular dApp or Role.
+A later section of this CIP will demonstrate possible validation scenarios that a dApp can adopt.
+
+Example:
+
+```cbor
+h'a6a3c0447aeb9cc54cf6422ba32b294e5e1c3ef6d782f2acff4a70694c4d1663'
+```
+
+##### Key Derivation
+
+It is REQUIRED that path based key derivation be used to generate the Role Specific Public Key.
+If a wallet is incapable of using path based key derivation as defined by this specification it is
+not capable of conforming to the requirements of this specification.
+
+Key derivation is used to avoid linking Role access keys directly with Cardano spending keys.
+It also provides a mechanism to unambiguously identify the role being asserted when data is signed.
+
+The Role Specific key derivation path must start with a specific segment:
+
+Path based key derivation is limited to 31 bits, per path component.
+The [dApp ID]() is 128 bits.  
+It is required that the Role key be, as far as practically possible, unique amongst dApps.
+This is to prevent a Role from one dApp being misused by another, either intentionally or inadvertently.
+
+The [dApp ID]() will be reduced to 31 bits by using Blake2B with a 31 bit digest over the [dApp ID]().
+While 31 bits is small, and could be subject to a collision attack, the intention here is not to prevent
+deliberately contrived collisions but to disambiguate dApps under normal circumstances.
+As the [dApp ID]() is not controllable, a malicious dApp could simply use the same dApp ID as another.
+Therefore it is not possible to protect against a collision and the [dApp ID]() is not a security mechanism
+in any event.
+
+However key derivation is limited to 31 bits, accordingly, the [dApp ID][] will be hashed with Blake2B and a
+31 bit digest will be produced.
+The aim is to as far as practical cause dApps to have distinct Role keys under normal circumstances.
+
+`m / 7222' / 1815' / account' / chain' / blake2b_31(dApp ID) / role`
+
+* `7222'` : The registration metadata field key from this CIP.
+* `1815'` : The year Ada Lovelace was born - Identifies this key as being for Cardano.
+* `account'` : The voters account
+* `chain'` : The chain on which the voter is registering.
+* `blake2b_31(uuid)` : The [dApp ID]()
+* `role` :  The role being registered for.
+
+Note: It is specifically required that the Role Key NOT CHANGE for registrations made from the same wallet for the same dApp UUID/Purpose.
+This is because its possible to make both single and array role registrations, and its critical the key be the same regardless of which is used.
+The necessity of this will be expanded on when the witness is discussed below.
+
+If the wallet does not use path based key derivation it is Essential that:
+
+* Role Specific Public Keys do not change from registration to registration for the same [dApp UUID][dApp-UUID]/Purpose.
+* Role Specific Public Keys are not the same for different Purposes for a UUID.
+* It is acceptable, though undesirable, for different [dApp UUID's][dApp-UUID] to use the same Role Specific Public Keys.
+
+#### SubKey 1 - Role Key - List of Role Keys
+
+Catalyst has the need to associate role registrations as a list, and optionally to have those registrations weighted.
+For example, this will be used to:
+
+* Define Voter Delegation to representatives.
+* Define Co-Proposers for Catalyst proposals.
+
+It is generally useful to be able to associate multiple role public keys together.
+
+How these role registration lists are used and validated by any dApp are outside the scope of this CIP.
+The [individual role keys](#subkey-1---role-key---single-role-specific-public-key) within a Role Key list are defined
+according to this specification above.
+
+There are two possible General formats of a role registration list is:
+
+* [Simple Role Key List](#simple-role-key-list)
+* [Weighted Role Key List](#weighted-role-key-list)
+
+A simple list is equivalent to a weighted role key list.
+If a Weighted list is expected in a registration, and a simple list is found in a registration,
+then it is interpreted as a weighted role key list where each entry is equally weighted.
+This can be used to decrease the size of the registration metadata by eliding the weights when
+they are all the same.
+
+However, the converse is not true.
+If a Role expects a simple role key list, and a weighted role key list is found in the registration then
+the format is invalid.  
+This is because it is not possible to determine the expected behavior of the unused weights.
+
+* [\<Role Public Key\>](#subkey-1---role-key---single-role-specific-public-key) : is the role specific public key defined above.
+  * This key can belong to the registering user themselves; or
+  * Can belong to another user,  either from the same or a different role registration.
+  * Must be for the same [dApp UUID][dApp-UUID].  (Cross dApp Registrations is not defined or supported by this CIP).
+* <Weight> : is a 4-byte unsigned integer (CBOR major type 0, The weight may range from 0 to 2^32-1).
+  * The dApp defines what the weight means.
+  * Other than validating it is in-range no further validation is done at the base registration level.
+  * For example:
+    * Project Catalyst uses the weight to apportion Voting Power in a delegation registration.
+    * Another dApp may use the weight to define the relative contribution each Role Key plays in a grouped registration.
+    * The dApp is responsible for defining what the Weight means for a particular role.
+    * If all weights are equal and convey no further meaning they can be elided to reduce the
+      size of the registration metadata.
+    * A dApp can specify if it is NOT valid to elide the Weight from a weighted role public key list.
+
+Each dApp defines what is meant by a Role Key List.
+They define if the List is weighted or not and how it is to be interpreted, in reference to the Role itself.
+
+##### Simple Role Key List
+
+```cbor
+  [ <Role Public Key 1>, <Role Public Key 2>, ... ]
+```
+
+example:
+
+```cbor
+[ 
+    h'A71A8700248D4C91E01A2A2CB5F4F0E664F084EB761C6792AEDD28160C1E403C', 
+    h'C606D983C5545800FAF20519D21988AA0A13271BA12BA9A8643FCFAD58697C97'
+]
+```
+
+##### Weighted Role Key List
+
+```cbor
+  [
+    [ <Role Public Key 1>, <Weight 1> ],
+    [ <Role Public Key 2>, <Weight 2> ],
+    ...
+  ]
+```
+
+example:
+
+```cbor
+[
+  [h'A71A8700248D4C91E01A2A2CB5F4F0E664F084EB761C6792AEDD28160C1E403C', 25],
+  [h'C606D983C5545800FAF20519D21988AA0A13271BA12BA9A8643FCFAD58697C97', 75]
+]
+```
+
+#### Tooling
+
+Supporting tooling should clearly define and differentiate this as a unique key type, describing such keys as "CIP-xx role keys".
+When utilizing Bech32 encoding the appropriate `role_sk` and `role_vk` prefixes should be used as described in [CIP-05](https://github.com/cardano-foundation/CIPs/tree/master/CIP-0005)
+
+Examples of acceptable `keyType`s for supporting tools:
+
+| `keyType` | Description |
+| --------- | ----------- |
+| `CIP36RoleSigningKey_ed25519` | CIPxx Role Signing Key |
+| `CIP36RoleVerificationKey_ed25519` | CIPxx Role Verification Key |
+
+For hardware implementations:
+| `keyType` | Description |
+| --------- | ----------- |
+| `CIP36RoleVerificationKey_ed25519` | Hardware CIPxx Role Verification Key |
+| `CIP36RoleHWSigningFile_ed25519` | Hardware CIPxx Role Signing File |
+
+### SubKey 2 - Stake Public Key
+
+This is represented as a CBOR Byte-string, 32 bytes long.
+
+This is the actual ed25519 Stake Public key of the wallet, and NOT the stake key public hash.
+This is the primary key [
+  [h'A71A8700248D4C91E01A2A2CB5F4F0E664F084EB761C6792AEDD28160C1E403C', 25],
+  [h'C606D983C5545800FAF20519D21988AA0A13271BA12BA9A8643FCFAD58697C97', 75]
+]associating the users wallet with their role key.
+How the dApp uses this information is dApp specific.
+For example Project Catalyst uses this information to derive voting power for a voter role.
+
+It is an ed25519 public key, and is represented as a byte-string 32 bytes in length.
+ Example:
+
+```cbor
+h'ad4b948699193634a39dd56f779a2951a24779ad52aa7916f6912b8ec4702cee'
+```
+
+### SubKey 3 - Payment Address (OPTIONAL)
+
+This is represented as a CBOR Byte-string, Between 29 and 57 bytes long (inclusive).
+
+If Present, this is a Shelley payment address as defined by [CIP-0019].
+If must be discriminated for the same network this transaction is submitted to.
+Its purpose is to enable a role registration to receive rewards.
+How or what rewards can be earned are outside the scope of this CIP.
+
+For CIP-15 compatibility ONLY,  in a CIP-15 format registration, a Stake Reward Address may also be present in Subkey 3.
+
+This Subkey is optional, because not all roles will need or offer the ability to be earn rewards for the role.
+In these cases, the payment address is redundant.
+The dApp defines if this field is required or not for a particular role, and that is outside the scope of this CIP.
+
+### SubKey 4 - Nonce
+
+The `nonce` is an unsigned integer (of CBOR major type 0).
+
+It SHOULD be monotonically rising across all transactions with the same staking key.
+A simple way to ensure the `nonce` is monotonically increasing, without reference to the previous `nonce` is to use the the current slot number, at the time the transaction is created.
+
+The `nonce` is specific to the dAPP UUID and Purpose.
+The greatest `nonce` for any particular `dApp UUID` + `purpose` is the latest registration transaction, regardless of the order they are seen on the blockchain itself.
+
+For example, given the following transactions for the same Stake Address:
+
+| Slot No | Purpose | UUID | Nonce |
+| ---     | ---     | ---  | ---   |
+| 6128480 | 0       | h'ca7a195772774f8884dd5990f4c2ef95' | 6128420 |
+| 6128500 | 0       | h'ca7a195772774f8884dd5990f4c2ef95' | 6128400 |
+| 6128520 | 0       | h'ca7a195772774f8884dd5990f4c2ef95' | 6128380 |
+
+The transaction in the earlier slot# 6128480 would be the latest of these 3 registrations, because it has the highest `nonce`.
+ This can occur because it is possible for transactions in a small window of time to be added to a block in a different sequence to the one they were posted in.
+
+The `nonce` when used correctly, therefore unambiguously defines the chronological order of the transactions.
+
+In the event that a `nonce` is exactly the same in two or more registrations for the same dApp UUID/Purpose,  then the chronological order they appear in the blockchain determines which of the ambiguous `nonce` are the latest, for example:
+
+| Slot No | Purpose | UUID | Nonce |
+| ---     | ---     | ---  | ---   |
+| 6128480 | 0       | h'ca7a195772774f8884dd5990f4c2ef95' | 6128420 |
+| 6128500 | 0       | h'ca7a195772774f8884dd5990f4c2ef95' | 6128420 |
+| 6128520 | 0       | h'ca7a195772774f8884dd5990f4c2ef95' | 6128420 |
+
+The registration in Slot No 6128520 is the latest registration, because the `nonce` is unable to unambiguously define the chronological order the transactions were posted.
+
+The dApp defines for every purpose what a `later` vs `older` registration means.
+It is common that a later `nonce` obsoletes an earlier registration for the same purpose.
+
+The full definition of registration validity and priority with respect to chronology of the transactions is outside the scope of this CIP and must be defined by every dApp which implements this specification.
+
+### SubKey 5 - Purpose
+
+The `purpose` is an unsigned integer (of CBOR major type 0).
+
+Purpose defines the PURPOSE the registration transaction is for.
+The dApp can define any number of purposes, and their definition is outside the scope of this specification.
+
+The combination of a [dApp UUID][dApp-UUID] and Purpose defines a specific role registration for a dApp.7
+
+For example,  in Project Catalyst Purpose 0 defines a Voter registration.
+
+This specification is not limited to this definition for Purpose 0, and any other dApp may assign a different Purpose to Purpose 0, within its unique [dApp UUID][dApp-UUID].
+
+### SubKey 6 - dApp UUID
+
+This is represented as a CBOR Byte-string, 16 bytes long.
+
+Each dApp that uses this specification MUST define a [Random V4 UUID](https://www.rfc-editor.org/rfc/rfc4122).
+Other UUID version types are invalid.
+Nil or MAX UUID V4 are also invalid and must not be used.
+The Random UUID must be properly generated using a good quality RNG.
+
+Briefly, the Display Format of a Valid V4 UUID is:
+
+```uuid
+xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx
+```
+
+y has the bit pattern [10xxxxxx].
+
+All `x` Bytes/Bits are randomly determined.
+
+However, in the registration transaction it is always represented in its compact format of 128 bits (16 bytes).
+
+It is recommended that dApps register their self allocated UUID in the following table.
+
+UUID Registration:
+| `UUID` | dApp Assigned | CIP Defining Roles |
+| --------- | ----------- | --- |
+| `ca7a1957-7277-4f88-84dd-5990f4c2ef95` | Project Catalyst UUID | CIP-62 |
+
+However as the chance of a collision if a Random UUID is highly unlikely (103 Trillion Properly generated v4 UUID's have a 1 in 1 billion chance of collision.) this is not a requirement.
+
+It is in the dApp implementors self interest to generate a good quality UUID to allow them to correctly distinguish their registrations vs those of another application.
+
+### SubKey 7 - Expires (Optional)
+
+The Expiry is represented by an unsigned integer (of CBOR major type 0) a maximum of 64 bits in size.
+
+If the Expires sub key is not present, it defaults to 0.
+The Expires subkey set to 0 = DO NOT EXPIRE.
+
+Any other value defines the time, as an integer number of seconds since 1/1/1970 UTC.
+Otherwise known as Unix Epoch time.
+When the Unix Epoch time exceeds the Expires time, the registration should be considered obsolete or invalid.
+
+For example an expires time of 1688169600 will be considered expired only after Saturday, July 1, 2023 0:00:00 UTC.
+
+This allows dApps and Role registrations to be bounded by the creator of the registration ONLY.
+
+Individual dApps will specify how exceeding Unix Epoch time effects the registration.
+The dApp may define that expiry is not available, in which case this field will have no effect.
+However, if it is supported by the dApp, it must be interpreted as defined here.
+
+The dApp is also free to apply other "expiry" conditions to old registrations, and they are outside the scope of this specification.
+For example,  a dApp may reject or ignore all registrations that were placed on chain more than 6 months before they are used, regardless of the setting of `expires`.
+
+### SubKey 8-99 - Reserved
+
+These subkeys are reserved and may not be used by a dApp that conforms to this specification.
+If these keys are defined at a later date, they will de defined ina CIP which either updates or obsoletes this specification.
+
+Any dApp which uses Subkeys 8-99 violates this CIP and is non-conformant.
+However, a wallet should not reject the creation of a registration that violates this rule, to allow for future upgrades or amendments to the specification without necessitating tooling changes to support them.
+
+### SubKey 100+ - dApp Defined Extended Metadata
+
+Subkeys 100+ are available for dApp authors to add further metadata to registrations under this CIP.
+The dApp author should clearly document what this metadata is, how it is represented and formatted.
+
+It is valid for different extended metadata to be defined for different purposes for the same [dApp UUID][dApp-UUID].
+
+Examples of extended metadata:
+
+* Social Media contacts for a particular role.
+* A Description of the person or group covered by the registration.
+* Links to other systems with expanded information related to the registration.
+
+The wallet when signing these registration transactions should not validate this metadata strictly.
+If the wallet believes it is invalid, it can warn the user, but should still allow it to be signed.
+This is because definition of this metadata is intentionally fluid to allow the dApp authors to add or remove optional metadata, and this should be able to occur without breaking supporting tooling.
+
 ### High level overview of the Role Registration witness data
 
 ## Rationale: how does this CIP achieve its goals?

From d85ff2687cea8f785c6b8c0881eaf6b0a16c825f Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Thu, 18 Jan 2024 22:28:24 +0700
Subject: [PATCH 17/66] docs(cips): define draft specification for a ULID cbor
 tag

---
 docs/src/catalyst-standards/cbor_tags/ulid.md | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 docs/src/catalyst-standards/cbor_tags/ulid.md

diff --git a/docs/src/catalyst-standards/cbor_tags/ulid.md b/docs/src/catalyst-standards/cbor_tags/ulid.md
new file mode 100644
index 00000000000..74bc1dbbe20
--- /dev/null
+++ b/docs/src/catalyst-standards/cbor_tags/ulid.md
@@ -0,0 +1,30 @@
+# ULIDs for CBOR
+
+This document specifies a tag for ULIDs in Concise Binary Object Representation (CBOR) [1].
+
+    Tag: 32770
+    Data item: byte string
+    Semantics: Binary ULID (https://github.com/ulid/spec/tree/master)
+    Point of contact: Steven Johnson <steven.johnson@iohk.io>
+    Description of semantics: https://github.com/input-output-hk/catalyst-voices/tree/main/docs/src/catalyst-standards/cbor_tags/ulid.md
+
+## Semantics
+
+Tag 32770 can be applied to a byte string (major type 2) to indicate that the byte string is a binary [ULID] as specified by the [ULID Binary Layout].
+
+## References
+
+[1] C.
+Bormann, and P.
+Hoffman.
+"Concise Binary Object Representation (CBOR)".
+RFC 7049, October 2013.
+
+[2] [Universally Unique Lexicographically Sortable Identifier][ULID]
+
+## Author
+
+Steven Johnson <steven.johnson@iohk.io>
+
+[ULID]: https://github.com/ulid/spec/blob/master/README.md
+[ULID Binary Layout]: https://github.com/ulid/spec/blob/master/README.md

From 069e18085e0ce86b98c618648471413057294d47 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Thu, 18 Jan 2024 22:29:09 +0700
Subject: [PATCH 18/66] docs(cips): Further WIP edits to RBAC

---
 .config/dictionaries/project.dic              |  4 +-
 .../draft-cips/role-registration/cip-xxxx.md  | 60 +++++++++----------
 2 files changed, 31 insertions(+), 33 deletions(-)

diff --git a/.config/dictionaries/project.dic b/.config/dictionaries/project.dic
index 73c6b017b12..342f9ac02bc 100644
--- a/.config/dictionaries/project.dic
+++ b/.config/dictionaries/project.dic
@@ -10,6 +10,7 @@ bluefireteam
 BROTLI
 cardano
 Catalyst
+cbor
 CEST
 cfbundle
 chromedriver
@@ -89,6 +90,7 @@ slotno
 sqlfluff
 Stefano
 stevenj
+Subkey
 subosito
 tacho
 thiserror
@@ -106,4 +108,4 @@ xcodeproj
 xctest
 xctestrun
 xcworkspace
-yoroi
\ No newline at end of file
+yoroi
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
index 2cfd02dbca4..5034b9ae3d6 100644
--- a/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
@@ -16,24 +16,20 @@ License: CC-BY-4.0 / Apache 2.0
 # Role Based Access Control Registration
 
 ## Abstract
-<!-- A short (\~200 word) description of the proposed solution and the technical issue being addressed. -->
+
 dApps such as Project Catalyst need robust, secure and extensible means for users to register under various roles
 and for the dApp to be able to validate actions against those roles.
 While these Role based registrations are required for future functionality of Project Catalyst, they are also
 intended to be generally useful to any dApp with User roles.
 
 ## Motivation: why is this CIP necessary?
-<!-- A clear explanation that introduces the reason for a proposal, its use cases and stakeholders. 
-If the CIP changes an established design then it must outline design issues that motivate a rework. 
-For complex proposals, authors must write a Cardano Problem Statement (CPS) as defined in CIP-9999 
-and link to it as the `Motivation`. -->
 
 CIP-36 contains a limited form of role registration limited to voters and dreps.
 
 However, Project Catalyst has a large (and growing) number of roles identified in the system, all of
 which can benefit from on-chain registration.
 
-A non-exhaustive list of the roles Project Catalyst needs to identify on-chain are:
+A non-exhaustive example list of the roles Project Catalyst needs to identify securely are:
 
 1. Proposers.
 2. Co-Proposers.
@@ -46,7 +42,7 @@ A non-exhaustive list of the roles Project Catalyst needs to identify on-chain a
 
 Individual dApps may have their own unique list of roles they wish users to register for.
 Roles are such that an individual user may hold multiple roles, one of the purposes of this
-CIP is to allow the user  to unambiguously assert they are acting in the capacity of a selected role.
+CIP is to allow the user to unambiguously assert they are acting in the capacity of a selected role.
 
 CIP-36 offers a "purpose" field, but offers no way to manage it, and offers no way to allow it to be used unambiguously.
 The "purpose" field therefore is insufficient for the needs of identifying roles.
@@ -63,12 +59,6 @@ Registering for various roles and having role specific keys is generally useful
 motivated to solve problems with Project Catalyst, it is also intended to be generally applicable to other dApps.
 
 ## Specification
-<!-- The technical specification should describe the proposed improvement in sufficient technical detail. 
-In particular, it should provide enough information that an implementation can be performed solely on the basis 
-of the design in the CIP. 
-This is necessary to facilitate multiple, interoperable implementations. 
-This must include how the CIP should be versioned. 
-If a proposal defines structure of on-chain data it must include a CDDL schema in it's specification.-->
 
 Role registration is achieved by using two metadata records attached to the same transaction.
 
@@ -136,7 +126,8 @@ Informally, all Registrations follow the same generalized Format (Non-Normative)
   // Role
   5: 0,
   // dApp ID (UUID or ULID)
-  6: h'',
+  6: #6.37    h'a3c12b1c98af4ee8b54278e77906c0fc'; or  // UUID
+     #6.32770 h'018d1d2acaf04486be189dbc5ae35e51',     // ULID
   // Expires - Optional
   7: 0,
   // dApp Defined Metadata - Optional
@@ -157,7 +148,7 @@ the requirements of the identified dApp.
 Subkey 1 is either:
 
 * A Single [Role Specific Public Key](#subkey-1---role-key---single-role-specific-public-key); OR
-* A [Optionally Weighted List of Role Specific Public Keys](#grouped-role-registration-format).
+* A [Optionally Weighted List of Role Specific Public Keys](#subkey-1---role-key---list-of-role-keys).
 
 #### SubKey 1 - Role Key - Single Role Specific Public Key
 
@@ -210,39 +201,43 @@ It also provides a mechanism to unambiguously identify the role being asserted w
 The Role Specific key derivation path must start with a specific segment:
 
 Path based key derivation is limited to 31 bits, per path component.
-The [dApp ID]() is 128 bits.  
+The [dApp ID] is 128 bits.  
 It is required that the Role key be, as far as practically possible, unique amongst dApps.
 This is to prevent a Role from one dApp being misused by another, either intentionally or inadvertently.
 
-The [dApp ID]() will be reduced to 31 bits by using Blake2B with a 31 bit digest over the [dApp ID]().
-While 31 bits is small, and could be subject to a collision attack, the intention here is not to prevent
-deliberately contrived collisions but to disambiguate dApps under normal circumstances.
-As the [dApp ID]() is not controllable, a malicious dApp could simply use the same dApp ID as another.
-Therefore it is not possible to protect against a collision and the [dApp ID]() is not a security mechanism
-in any event.
-
-However key derivation is limited to 31 bits, accordingly, the [dApp ID][] will be hashed with Blake2B and a
+However key derivation is limited to 31 bits, accordingly, the [dApp ID] will be hashed with Blake2B and a
 31 bit digest will be produced.
 The aim is to as far as practical cause dApps to have distinct Role keys under normal circumstances.
 
-`m / 7222' / 1815' / account' / chain' / blake2b_31(dApp ID) / role`
+`m / 7222' / 1815' / account' / chain' / hash(dApp ID) / role`
 
 * `7222'` : The registration metadata field key from this CIP.
 * `1815'` : The year Ada Lovelace was born - Identifies this key as being for Cardano.
 * `account'` : The voters account
 * `chain'` : The chain on which the voter is registering.
-* `blake2b_31(uuid)` : The [dApp ID]()
+* `hash(dapp ID)` : The [hashed](#hashdapp-id) [dApp ID]
 * `role` :  The role being registered for.
 
-Note: It is specifically required that the Role Key NOT CHANGE for registrations made from the same wallet for the same dApp UUID/Purpose.
-This is because its possible to make both single and array role registrations, and its critical the key be the same regardless of which is used.
+Note: It is specifically required that the Role Key NOT CHANGE for the same dApp UUID/Purpose for any compliant Wallet.
+This is because its possible to make both single and array role registrations, and its critical the key be the same in these.
+It also critical that the Role keys be freely transferable and recoverable across wallets.
 The necessity of this will be expanded on when the witness is discussed below.
 
-If the wallet does not use path based key derivation it is Essential that:
+##### hash(dapp ID)
+
+The [dApp ID] will be reduced to 31 bits by using Blake2B with a 32 bit digest over the [dApp ID].
 
-* Role Specific Public Keys do not change from registration to registration for the same [dApp UUID][dApp-UUID]/Purpose.
-* Role Specific Public Keys are not the same for different Purposes for a UUID.
-* It is acceptable, though undesirable, for different [dApp UUID's][dApp-UUID] to use the same Role Specific Public Keys.
+To ensure the hardening bit is not set, the high bit of the resultant hash will be forced to 0.
+
+```text
+  hash(dapp ID) == blake2b_32(dapp ID) & 0x7FFFFFFF
+```
+
+While 31 bits is small, and could be subject to a collision attack, the intention here is not to prevent
+deliberately contrived collisions but to disambiguate dApps under normal circumstances.
+As the [dApp ID] is not controllable, a malicious dApp could simply use the same dApp ID as another.
+Therefore it is not possible to protect against a collision and the [dApp ID] is not a security mechanism
+in any event.
 
 #### SubKey 1 - Role Key - List of Role Keys
 
@@ -540,3 +535,4 @@ Code samples and reference material are licensed under [Apache 2.0]
 [Apache 2.0]: https://www.apache.org/licenses/LICENSE-2.0.html
 [CBOR]: https://www.rfc-editor.org/rfc/rfc8949.html
 [CBOR - Core Deterministic Encoding Requirements]: https://www.rfc-editor.org/rfc/rfc8949.html#section-4.2.1
+[CIP0003]: https://cips.cardano.org/cip/CIP-0003

From 0680e0735000dc2ffbd756266cf58d47b5a390f4 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Thu, 18 Jan 2024 23:14:34 +0700
Subject: [PATCH 19/66] docs(cips): fix ulid spec binary encoding reference

---
 docs/src/catalyst-standards/cbor_tags/ulid.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/src/catalyst-standards/cbor_tags/ulid.md b/docs/src/catalyst-standards/cbor_tags/ulid.md
index 74bc1dbbe20..2ba79b7b635 100644
--- a/docs/src/catalyst-standards/cbor_tags/ulid.md
+++ b/docs/src/catalyst-standards/cbor_tags/ulid.md
@@ -27,4 +27,4 @@ RFC 7049, October 2013.
 Steven Johnson <steven.johnson@iohk.io>
 
 [ULID]: https://github.com/ulid/spec/blob/master/README.md
-[ULID Binary Layout]: https://github.com/ulid/spec/blob/master/README.md
+[ULID Binary Layout]: https://github.com/ulid/spec/tree/master#binary-layout-and-byte-order

From d849fdee8354b3c23fc7a063eab9f72c825bbfc7 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Thu, 18 Jan 2024 23:15:28 +0700
Subject: [PATCH 20/66] docs(cips): Add a tag to the epoch time.

---
 .../draft-cips/role-registration/cip-xxxx.md                  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
index 5034b9ae3d6..be3d97c8e1f 100644
--- a/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
@@ -84,7 +84,7 @@ Note: **7222 is RBAC when decoded using the telephone ITU E.161 standard**
 * UTF-8 strings **MUST** be valid UTF-8.
 * Tags **MUST NOT** be used unless specified in the specification.
 * Any Tags defined in the specification are **REQUIRED**, and they **MUST** be present in the encoded data.
-* Fields which should be tagged, but which are not tagged will be considered invalid.
+  * Fields which should be tagged, but which are not tagged will be considered invalid.
 
 These validity checks apply only to the encoding and decoding of the metadata itself.  
 There are other validity requirements based on the role registration data itself.
@@ -129,7 +129,7 @@ Informally, all Registrations follow the same generalized Format (Non-Normative)
   6: #6.37    h'a3c12b1c98af4ee8b54278e77906c0fc'; or  // UUID
      #6.32770 h'018d1d2acaf04486be189dbc5ae35e51',     // ULID
   // Expires - Optional
-  7: 0,
+  7: #6.1 0,
   // dApp Defined Metadata - Optional
   100: <Any>
 }

From 9766001e51657c1110a5febc42690570e84e0338 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Fri, 19 Jan 2024 15:16:04 +0700
Subject: [PATCH 21/66] docs(cips): Add CBOR tag cip for ED25519-BIP32 Keys,
 Derivation paths and Signatures

---
 .../draft-cips/ed25519-cbor-tags/cip-xxxx.md  | 174 ++++++++++++++++++
 1 file changed, 174 insertions(+)
 create mode 100644 docs/src/catalyst-standards/draft-cips/ed25519-cbor-tags/cip-xxxx.md

diff --git a/docs/src/catalyst-standards/draft-cips/ed25519-cbor-tags/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/ed25519-cbor-tags/cip-xxxx.md
new file mode 100644
index 00000000000..3be607106ec
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/ed25519-cbor-tags/cip-xxxx.md
@@ -0,0 +1,174 @@
+---
+CIP: /?
+Title: CBOR Tag definition for CIP-0003 ED25519-BIP32 Keys
+Category: MetaData
+Status: Proposed
+Authors:
+    - Steven Johnson<steven.johnson@iohk.io>
+Implementors: []
+Discussions:
+    - https://github.com/cardano-foundation/cips/pulls/?
+Created: 2024-1-19
+License: CC-BY-4.0
+--- 
+
+<!-- cspell: words secp -->
+
+<!-- markdownlint-disable MD025-->
+# [CBOR] Tag definition for [CIP-0003] [ED25519-BIP32] Keys
+
+## Abstract
+
+[CIP-0003] defines [ED25519-BIP32] Keys, Key derivation and a signature scheme.
+
+These elements are commonly found in [CBOR] data structures within metadata on Cardano.
+[CBOR] allows the definition of Tags to unambiguously define data structures encoded in [CBOR].
+IANA maintains the registry of these Tags as the [IANA CBOR Tag Registry].
+This CIP simply defines Tags to be registered with IANA and standardizes encoding of these data structures when the Tags are used.
+
+While use of these tags would be recommended, they would not be mandatory.
+
+## Motivation: why is this CIP necessary?
+
+Tags are a useful addition to [CBOR] encoding which allows encoded data to be unambiguously identified.
+Judicious use of tags in [CDDL] Specs and [CBOR] encoding can ease forward compatibility.
+The Tag on an encoded field can be used to identify what is contained in a particular field.
+
+For example, without this Tag definition, a metadata CIP which uses [ED25519-BIP32] public keys:
+
+1. Is likely to just encode public keys as a byte string of 32 bytes; and
+2. Needs to redundantly define how the keys are encoded in the byte string.
+3. Different metadata may encode these keys differently which can lead to confusion and potential error.
+
+However, [BIP32] defines secp256k1 keys and derivation, which are also 32 bytes long.  
+There is no standard compliant way for a metadata CIP currently to clearly define which particular key is being encoded.
+While bespoke schemes could be utilized, it is generally better to utilize pre-existing industry standards.
+Bespoke schemes are also likely to vary from Metadata CIP to metadata CIP causing a lack of uniformity and greater chance of error.
+Using the Tags system built into [CBOR] allows for uniformity of specification and encoding.
+Not using Tags makes Metadata CIPs either more complex or limits their flexibility and constrains forward compatibility.
+
+Bitcoin defines CBOR Tags at: [BCR-2020-006]
+
+## Specification
+
+| Type | [CBOR] Tag | IANA Registered |
+| -- | -- | -- |
+| [ED25519-BIP32 Private Key](#ed25519-bip32-private-key) | 32771 | :heavy_multiplication_x: |
+| [ED25519-BIP32 Extended Private Key](#ed25519-bip32-extended-private-key) | 32772 | :heavy_multiplication_x: |
+| [ED25519-BIP32 Public Key](#ed25519-bip32-public-key) | 32773 | :heavy_multiplication_x: |
+| [ED25519-BIP32 Derivation Path](#ed25519-bip32-derivation-path) | 32774 | :heavy_multiplication_x: |
+| [ED25519-BIP32 Private Key](#ed25519-bip32-signature) | 32775 | :heavy_multiplication_x: |
+
+### ED25519-BIP32 Private Key
+
+This key is defined in [ED25519-BIP32].
+
+This is encoded as a byte string of size 32 bytes.
+
+#### CDDL
+
+```cddl
+ed25519_private_key = #6.32771(bstr .size 32)
+```
+
+Data for the key inside the byte string is encoded in [network byte order].
+
+### ED25519-BIP32 Extended Private Key
+
+This key is defined in [ED25519-BIP32].
+
+This is encoded as a byte string of size 64 bytes.
+
+#### CDDL
+
+```cddl
+ed25519_extended_private_key = #6.32772(bstr .size 64)
+```
+
+Data for the key inside the byte string is encoded in [network byte order].
+
+### ED25519-BIP32 Public Key
+
+This key is defined in [ED25519-BIP32].
+
+This is encoded as a byte string of size 32 bytes.
+
+#### CDDL
+
+```cddl
+ed25519_public_key = #6.32773(bstr .size 32)
+```
+
+Data for the key inside the byte string is encoded in [network byte order].
+
+### ED25519-BIP32 Derivation Path
+
+[ED25519-BIP32] defines that the derivation path is composed of 32 bit integers.
+Where the most significant bit defines if the derivation is hardened or not.
+
+This is encoded as a CBOR Array, where each element is the component of the path.
+There can be as many elements to the path as required.
+Each element must be no larger than a 32 bit integer.
+
+For example the path `m / 1852' / 1815' / 0' / 23 / 45` would be encoded as:
+
+```cbor
+[0x8000073c, 0x80000717, 0x80000000, 0x17, 0x2d]
+```
+
+#### CDDL
+
+```cddl
+ed25519_derivation_path = #6.32774([* path_element])
+path_element = uint .le 0xffffffff
+```
+
+### ED25519-BIP32 Signature
+
+[ED25519-BIP32] defines how signatures can be generated from private keys.
+These signatures are defined to be 64 bytes long.
+
+Signatures are encoded as a byte string of size 64 bytes.
+
+#### CDDL
+
+```cddl
+ed25519_bip32_signature = #6.32775(bstr .size 64)
+```
+
+Data for the signature inside the byte string is encoded in [network byte order].
+
+## Rationale: how does this CIP achieve its goals?
+
+By defining concrete CBOR tags,  it is possible for metadata to unambiguously mark the kind of data encoded.
+This is conformant with the intent of Tags in [CBOR], and aligns with prior use in [BCR-2020-006].
+An official published spec is required to register these Tags with IANA and so this document also serves that purpose.
+
+## Path to Active
+
+### Acceptance Criteria
+
+* At least 1 Metadata CIP uses at least 1 of the tags defined in this CIP.
+* IANA register the Tags as defined.
+
+### Implementation Plan
+
+* Some of these Tags will be used by Project Catalyst in their new metadata CIPs.
+* Project Catalyst will also make the application to IANA to register the Tags when appropriate.
+
+## Copyright
+
+This CIP is licensed under [CC-BY-4.0]
+
+Code samples and reference material are licensed under [Apache 2.0]
+
+[CC-BY-4.0]: https://creativecommons.org/licenses/by/4.0/legalcode
+[Apache 2.0]: https://www.apache.org/licenses/LICENSE-2.0.html
+[CBOR]: https://www.rfc-editor.org/rfc/rfc8949.html
+[CDDL]: https://www.rfc-editor.org/rfc/rfc8610
+[CIP-0003]: https://cips.cardano.org/cip/CIP-0003
+[BIP32]: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
+[BCR-2020-006]: https://github.com/BlockchainCommons/Research/blob/master/papers/bcr-2020-006-urtypes.md
+[IANA CBOR Tag Registry]: https://www.iana.org/assignments/cbor-tags/cbor-tags.xhtml
+[network byte order]: https://datatracker.ietf.org/doc/html/rfc1700
+[ED25519-BIP32]: https://github.com/input-output-hk/adrestia/raw/bdf00e4e7791d610d273d227be877bc6dd0dbcfb/user-guide/static/Ed25519_BIP.pdf

From d0682f7bedcdbe7ff29fcb68039ef0fb65d3dc41 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Fri, 19 Jan 2024 17:06:38 +0700
Subject: [PATCH 22/66] docs(cips): Properly define the field tags to use where
 known, and clean up Stake Address specification.

---
 .../draft-cips/role-registration/cip-xxxx.md  | 38 ++++++++-----------
 1 file changed, 16 insertions(+), 22 deletions(-)

diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
index be3d97c8e1f..d4e6135a6ad 100644
--- a/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
@@ -95,7 +95,7 @@ Each dApp may have further validity requirements beyond those stated herein.
 At a high level, Role registration will collect the following data:
 
 1. A [role public key or non-empty list of role public keys](#subkey-1---role-specific-public-key-or-role-public-key-array);
-2. A [stake address for the network that this transaction is submitted to]();
+2. A [stake address for the network that this transaction is submitted to](#subkey-2---stake-public-key);
 3. An *Optional* [Shelley payment address]().
 4. A [nonce]() that identifies that most recent registration.
 5. The [role]() being registered.
@@ -110,15 +110,15 @@ Informally, all Registrations follow the same generalized Format (Non-Normative)
 ```cbor
 7222: {
   // Role Public Key or Role Public Key Array
-  1: #6.??? h'a6a3c0447aeb9cc54cf6422ba32b294e5e1c3ef6d782f2acff4a70694c4d1663' ; or
-     [#6.??? h'A71A8700248D4C91E01A2A2CB5F4F0E664F084EB761C6792AEDD28160C1E403C', 
-      #6.??? h'C606D983C5545800FAF20519D21988AA0A13271BA12BA9A8643FCFAD58697C97'] ; or
+  1: #6.32773(h'a6a3c0447aeb9cc54cf6422ba32b294e5e1c3ef6d782f2acff4a70694c4d1663') ; or
+     [#6.32773(h'A71A8700248D4C91E01A2A2CB5F4F0E664F084EB761C6792AEDD28160C1E403C'), 
+      #6.32773(h'C606D983C5545800FAF20519D21988AA0A13271BA12BA9A8643FCFAD58697C97')] ; or
      [
-      [#6.??? h'A71A8700248D4C91E01A2A2CB5F4F0E664F084EB761C6792AEDD28160C1E403C', 50], 
-      [#6.??? h'C606D983C5545800FAF20519D21988AA0A13271BA12BA9A8643FCFAD58697C97', 50]
+      [#6.32773(h'A71A8700248D4C91E01A2A2CB5F4F0E664F084EB761C6792AEDD28160C1E403C'), 50], 
+      [#6.32773(h'C606D983C5545800FAF20519D21988AA0A13271BA12BA9A8643FCFAD58697C97'), 50]
      ]
   // Stake Public Key
-  2: #6.??? h'ad4b948699193634a39dd56f779a2951a24779ad52aa7916f6912b8ec4702cee',
+  2: #6.32773(h'ad4b948699193634a39dd56f779a2951a24779ad52aa7916f6912b8ec4702cee'),
   // Payment Address
   3: #6.???h'00588e8e1d18cba576a4d35758069fe94e53f638b6faf7c07b8abd2bc5c5cdee47b60edc7772855324c85033c638364214cbfc6627889f81c4',
   // nonce
@@ -129,9 +129,9 @@ Informally, all Registrations follow the same generalized Format (Non-Normative)
   6: #6.37    h'a3c12b1c98af4ee8b54278e77906c0fc'; or  // UUID
      #6.32770 h'018d1d2acaf04486be189dbc5ae35e51',     // ULID
   // Expires - Optional
-  7: #6.1 0,
+  7: #6.1(0),
   // dApp Defined Metadata - Optional
-  100: <Any>
+  100+: <Any>
 }
 ```
 
@@ -333,31 +333,25 @@ Examples of acceptable `keyType`s for supporting tools:
 | `CIP36RoleSigningKey_ed25519` | CIPxx Role Signing Key |
 | `CIP36RoleVerificationKey_ed25519` | CIPxx Role Verification Key |
 
-For hardware implementations:
-| `keyType` | Description |
-| --------- | ----------- |
-| `CIP36RoleVerificationKey_ed25519` | Hardware CIPxx Role Verification Key |
-| `CIP36RoleHWSigningFile_ed25519` | Hardware CIPxx Role Signing File |
-
 ### SubKey 2 - Stake Public Key
 
 This is represented as a CBOR Byte-string, 32 bytes long.
 
-This is the actual ed25519 Stake Public key of the wallet, and NOT the stake key public hash.
-This is the primary key [
-  [h'A71A8700248D4C91E01A2A2CB5F4F0E664F084EB761C6792AEDD28160C1E403C', 25],
-  [h'C606D983C5545800FAF20519D21988AA0A13271BA12BA9A8643FCFAD58697C97', 75]
-]associating the users wallet with their role key.
+This is the actual [ED25519-BIP32] Stake Public key of the wallet, and NOT the stake key public hash.
+This is the primary key associating the users wallet with their role key.
 How the dApp uses this information is dApp specific.
-For example Project Catalyst uses this information to derive voting power for a voter role.
+For example Project Catalyst can use this information to derive voting power for a voter role.
 
 It is an ed25519 public key, and is represented as a byte-string 32 bytes in length.
  Example:
 
 ```cbor
-h'ad4b948699193634a39dd56f779a2951a24779ad52aa7916f6912b8ec4702cee'
+#6.32773(h'ad4b948699193634a39dd56f779a2951a24779ad52aa7916f6912b8ec4702cee')
 ```
 
+Note: There can only be a single Stake Public Key in the registration.
+Multiple Stake Public Keys can be associated with the same Role Key/s, however there needs to be one registration per stake address.
+
 ### SubKey 3 - Payment Address (OPTIONAL)
 
 This is represented as a CBOR Byte-string, Between 29 and 57 bytes long (inclusive).

From 7b6eda3415f26c250627b3efe20b2ca8dc875f37 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Fri, 26 Jan 2024 20:07:13 +0700
Subject: [PATCH 23/66] docs(cips): Fix nonce so its reliable without needing
 blockchain data

---
 .../catalyst-standards/draft-cips/role-registration/cip-xxxx.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
index d4e6135a6ad..9a0a6c61adf 100644
--- a/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
@@ -122,7 +122,7 @@ Informally, all Registrations follow the same generalized Format (Non-Normative)
   // Payment Address
   3: #6.???h'00588e8e1d18cba576a4d35758069fe94e53f638b6faf7c07b8abd2bc5c5cdee47b60edc7772855324c85033c638364214cbfc6627889f81c4',
   // nonce
-  4: 5479467,
+  4: #6.32770 h'018d45d8deb3a1b171f6b38577ecee20',     // ULID
   // Role
   5: 0,
   // dApp ID (UUID or ULID)

From d95dc251c4aa935af914dcc07f348b6f13fe73cd Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Fri, 8 Mar 2024 17:42:26 +0700
Subject: [PATCH 24/66] docs(cips): updates

---
 .../draft-cips/role-registration/cip-xxxx.md  | 53 +++++++++++++++++--
 1 file changed, 49 insertions(+), 4 deletions(-)

diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
index 9a0a6c61adf..b33f48b41ac 100644
--- a/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
@@ -12,13 +12,11 @@ Created: 2023-10-24
 License: CC-BY-4.0 / Apache 2.0
 ---
 
-<!-- markdownlint-disable MD025-->
-# Role Based Access Control Registration
-
 ## Abstract
 
 dApps such as Project Catalyst need robust, secure and extensible means for users to register under various roles
-and for the dApp to be able to validate actions against those roles.
+and for the dApp to be able to validate actions against those roles with its users.
+
 While these Role based registrations are required for future functionality of Project Catalyst, they are also
 intended to be generally useful to any dApp with User roles.
 
@@ -60,6 +58,52 @@ motivated to solve problems with Project Catalyst, it is also intended to be gen
 
 ## Specification
 
+In order to maintain a robust set of role registration capabilities Role registration involves:
+
+1. Creation of a root certificate for a user or set of users and associating it with an on-chain source of trust.
+2. Obtaining for each user of a dapp, or a set of users, their root
+3. Deriving role specific keys from the root certificate.
+4. Optionally registering for those roles on-chain.
+5. Signing and/or encrypting data with the root certificate or a derived key, or a certificate issued by a previously registered root certificate.
+
+Effectively we map the blockchain as PKI (Public Key Infrastructure) and define the methods a dapp can use to exploit this PKI.
+
+### Mapping the PKI to Cardano
+
+A PKI consists of:
+
+* A certificate authority (CA) that stores, issues and signs the digital certificates;
+  * Each dApp can control its own CA,  the user trusts the dApp as CA implicitly (or explicitly) by using the dApp.
+  * It is permissible for root certificates to be self signed, effectively each user becomes their own CA.
+  * However all Certificates are associated with blockchain addresses, typically the Stake address, but also potentially the drep key.
+* A registration authority (RA) which verifies the identity of entities requesting their digital certificates to be stored at the CA;
+  * Each dApp is responsible for identifying certificates relevant for its use that are stored on-chain and are their own RA.
+* A central directory—i.e., a secure location in which keys are stored and indexed;
+  * This is the blockchain itself.
+* A certificate management system managing things like the access to stored certificates or the delivery of the certificates to be issued;
+  * This is managed by each dApp in the manor required of the dApp.
+* A certificate policy stating the PKI's requirements concerning its procedures.
+  Its purpose is to allow outsiders to analyze the PKI's trustworthiness.
+  * This is also defined and managed by each dApp.
+
+### The role x.509 plays in this scheme
+
+We leverage the x.509 PKI primitives and take advantage of the significant existing code bases and infrastructure which already exists.
+
+We encode x.509 certificates using [CBOR Encoded X.509 Certificates][C509], Each certificate includes its on-chain anchor (public key).
+The on-chain anchors currently envisioned are:
+
+1. Stake Address
+2. dRep Key
+
+The transaction that is submitted on-chain which includes the certificate in its metadata MUST be witnessed by it's on-chain anchor.
+This is used to prove that the certificate and on-chain anchor are controlled by the same entity.
+It prevents replay attacks where people could try and associate a different on-chain anchor with a certificate.
+
+---
+
+Note: **The information below is to be reviewed in-light of the above**
+
 Role registration is achieved by using two metadata records attached to the same transaction.
 
 ### Metadata Labels
@@ -530,3 +574,4 @@ Code samples and reference material are licensed under [Apache 2.0]
 [CBOR]: https://www.rfc-editor.org/rfc/rfc8949.html
 [CBOR - Core Deterministic Encoding Requirements]: https://www.rfc-editor.org/rfc/rfc8949.html#section-4.2.1
 [CIP0003]: https://cips.cardano.org/cip/CIP-0003
+[C509]: https://datatracker.ietf.org/doc/html/draft-ietf-cose-cbor-encoded-cert-07

From 8e7e579642ec66d346f4c8fb4d90d42323b146db Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 13 Mar 2024 15:48:59 +0700
Subject: [PATCH 25/66] docs(docs): Add CDDL definition for POC x509 envelope
 metadata

---
 .../role-registration/x509-envelope.cddl      | 51 +++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 docs/src/catalyst-standards/draft-cips/role-registration/x509-envelope.cddl

diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/x509-envelope.cddl b/docs/src/catalyst-standards/draft-cips/role-registration/x509-envelope.cddl
new file mode 100644
index 00000000000..cc3f5789449
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/x509-envelope.cddl
@@ -0,0 +1,51 @@
+; An envelope for cardano metadata which holds the x509 metadata.
+; We do thsi so that the underlying metadata is not restircted to
+; cardano ledger implementation.
+
+; uses 
+x509_envelope = {
+	0: purpose, ; What purpose does this metadata serve.
+	1: required_signers_hash, ; A hash of the `required_signers` field from the transaction the metadata is posted with.
+	chunk_type: [ + x509_chunk ]
+	99: [ + validation_signature ] ; The signature/s of the x509 certificate metadata record.
+}
+
+; Chunk Types - Allows to identify how the chunk data is compressed to save on-chain space.
+; 2 : Chunk data is encoded raw
+; 3 : Data is compressed with Brotli and then chunked.
+; 4 : Data is compressed with ZSTD and then chunked.
+chunk_type = ( 2 4 )
+
+; An individual purpose or set or purposes
+purpose = ( individual_purpose [ * individual_purpose ] )
+
+; A V4 UUID encoded as per https://datatracker.ietf.org/doc/html/rfc4122#section-4.1.2
+individual_purpose = (bytes .size (16))
+
+; Transaction Required Signers Hash - Blake2b-224
+required_signers_hash = (bytes .size (28))
+
+; A single x509 chunk
+x509_chunk = (bytes .size (0..64))
+
+; A Validation Signature
+validation_signature = (bytes .size (0..64))
+
+; Signatures are created by creating the x509_envelope with key `99`, but without all expected signatures set to 0x00's.
+; Each signature is then computed over that binary data.
+; Each blank signature is then replaced with the real signature.
+
+; To validate the opposite occurs, the signatures are copied out of the envelope.
+; The signature fields are set to 0x00's
+; The resulting binary buffer is then checked against the signatures which were embedded.
+
+; Explanation:
+; The purpose of the Envelope is to ensure that metadata is not transportable between
+; transactions.
+;
+; Transactions contain a `required_signers` field.  
+; By including a hash of that field within the metatdata, we can validated the transaction it was intended for.
+; By signing the metadata envelope with the keys contained within the x509 chunks, we ensure that its not possible
+; to transpose key certs from one transaction to another.
+
+; This envelope is general in structure, and that structure ensures metadata can not be transposed or tampoered with outside of the inteheg 
\ No newline at end of file

From 153170e1abb1bd456e77824895df77e6bdeacc7e Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 13 Mar 2024 15:49:40 +0700
Subject: [PATCH 26/66] fix(vscode): update vscode extension recommendations

---
 .vscode/extensions.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.vscode/extensions.json b/.vscode/extensions.json
index f0db3264852..1b62d9eb882 100644
--- a/.vscode/extensions.json
+++ b/.vscode/extensions.json
@@ -15,6 +15,6 @@
         "rust-lang.rust-analyzer",
         "JScearcy.rust-doc-viewer",
         "serayuzgur.crates",
-        "panicbit.cargo",
+        "anweiss.cddl-languageserver",
     ]
 }
\ No newline at end of file

From c665fd751a00f46f804414fcc01f84e7856bc3f0 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 13 Mar 2024 21:11:28 +0700
Subject: [PATCH 27/66] docs(cips): rbac x509 envelope fix

---
 .../draft-cips/role-registration/x509-envelope.cddl         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/x509-envelope.cddl b/docs/src/catalyst-standards/draft-cips/role-registration/x509-envelope.cddl
index cc3f5789449..9ab31785bce 100644
--- a/docs/src/catalyst-standards/draft-cips/role-registration/x509-envelope.cddl
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/x509-envelope.cddl
@@ -14,7 +14,7 @@ x509_envelope = {
 ; 2 : Chunk data is encoded raw
 ; 3 : Data is compressed with Brotli and then chunked.
 ; 4 : Data is compressed with ZSTD and then chunked.
-chunk_type = ( 2 4 )
+chunk_type = ( 2..4 )
 
 ; An individual purpose or set or purposes
 purpose = ( individual_purpose [ * individual_purpose ] )
@@ -34,7 +34,7 @@ validation_signature = (bytes .size (0..64))
 ; Signatures are created by creating the x509_envelope with key `99`, but without all expected signatures set to 0x00's.
 ; Each signature is then computed over that binary data.
 ; Each blank signature is then replaced with the real signature.
-
+..
 ; To validate the opposite occurs, the signatures are copied out of the envelope.
 ; The signature fields are set to 0x00's
 ; The resulting binary buffer is then checked against the signatures which were embedded.
@@ -48,4 +48,4 @@ validation_signature = (bytes .size (0..64))
 ; By signing the metadata envelope with the keys contained within the x509 chunks, we ensure that its not possible
 ; to transpose key certs from one transaction to another.
 
-; This envelope is general in structure, and that structure ensures metadata can not be transposed or tampoered with outside of the inteheg 
\ No newline at end of file
+; This envelope is general in structure, and that structure ensures metadata can not be transposed or tampoered with outside of the inteheg 

From 0960b2fd7738fa18777620f80efabe270f294d59 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Fri, 15 Mar 2024 13:34:45 +0700
Subject: [PATCH 28/66] docs(cips): wip updates to high level docs

---
 .../draft-cips/role-registration/cip-xxxx.md  | 51 +++++++++++++++----
 1 file changed, 42 insertions(+), 9 deletions(-)

diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
index b33f48b41ac..c7ea4567977 100644
--- a/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
@@ -56,12 +56,29 @@ These are some of the key reasons, CIP-36 is insufficient for future Project Cat
 Registering for various roles and having role specific keys is generally useful for dApps, so while this CIP is
 motivated to solve problems with Project Catalyst, it is also intended to be generally applicable to other dApps.
 
+There are a number of interactions with a user in a dApp like Catalyst which require authentication.
+However forcing all authentication through a wallet has several primary disadvantages.
+
+* Wallets only are guaranteed to provide `signData` if they implement CIP30, and that only allows a single signature.
+* There are multiple keys controlled by a wallet and its useful to ensure that all keys reflected are valid.
+* Metadata in a transaction is inaccessible to plutus scripts.
+* Wallets could present raw data to be signed to the user, and that makes the UX poor because the user would have difficulty
+  knowing what they are signing.
+* Wallets could be extended to recognize certain metadata and provide better UX but that shifts dApp UX to every wallet.
+* Putting chain keys in metadata can be redundant if those keys are already in the transaction.
+* Some authentication needs to change with regularity, such as authentication tokens to a backend service,
+  and this would require potentially excessive wallet interactions.
+
+The proposal here is to register dApp specific keys and identity, but strongly associate it with on-chain identity,
+such as Stake Public Keys, Payment Keys and Drep Keys, such that off chain interactions can be fully authenticated,
+and only on-chain interaction requires interaction with a Wallet.
+
 ## Specification
 
 In order to maintain a robust set of role registration capabilities Role registration involves:
 
 1. Creation of a root certificate for a user or set of users and associating it with an on-chain source of trust.
-2. Obtaining for each user of a dapp, or a set of users, their root
+2. Obtaining for each user of a dapp, or a set of users, their root certificate.
 3. Deriving role specific keys from the root certificate.
 4. Optionally registering for those roles on-chain.
 5. Signing and/or encrypting data with the root certificate or a derived key, or a certificate issued by a previously registered root certificate.
@@ -73,22 +90,38 @@ Effectively we map the blockchain as PKI (Public Key Infrastructure) and define
 A PKI consists of:
 
 * A certificate authority (CA) that stores, issues and signs the digital certificates;
-  * Each dApp can control its own CA,  the user trusts the dApp as CA implicitly (or explicitly) by using the dApp.
-  * It is permissible for root certificates to be self signed, effectively each user becomes their own CA.
-  * However all Certificates are associated with blockchain addresses, typically the Stake address, but also potentially the drep key.
-* A registration authority (RA) which verifies the identity of entities requesting their digital certificates to be stored at the CA;
+  * Each dApp *MAY* control its own CA,  the user trusts the dApp as CA implicitly (or explicitly) by using the dApp.
+  * It is also permissible for root certificates to be self signed, effectively each user becomes their own CA.
+  * However all Certificates are associated with blockchain addresses, typically one or more Stake Public Key.
+    * A certificate could be associated with multiple Stake Addresses, Payment Addresses or DRep Public Keys, as required.
+  * A dApp may require that a well known public CA is used.  
+  The chain of trust can extend off chain to centralized CAs.
+  * DAOs or other organizations can also act as a CA for their members.
+  * This is intentionally left open so that the requirements of the dApp can be flexibly accommodated.
+* A registration authority (RA) which verifies the identity of entities requesting their digital certificates
+  to be stored at the CA;
   * Each dApp is responsible for identifying certificates relevant for its use that are stored on-chain and are their own RA.
+  * The dApp may choose to not do any identifying.
+  * The dApp can rely on decentralized identity to verify identity in a trustless way.
 * A central directory—i.e., a secure location in which keys are stored and indexed;
   * This is the blockchain itself.
-* A certificate management system managing things like the access to stored certificates or the delivery of the certificates to be issued;
-  * This is managed by each dApp in the manor required of the dApp.
+  * As mentioned above, the chain of trust can extend off-chain to traditional Web2 CA's.
+* A certificate management system managing things like the access to stored certificates or the delivery of the
+  certificates to be issued;
+  * This is managed by each dApp according to its requirements.
 * A certificate policy stating the PKI's requirements concerning its procedures.
   Its purpose is to allow outsiders to analyze the PKI's trustworthiness.
-  * This is also defined and managed by each dApp.
+  * This is also defined and managed by each dApp according to its requirements.
 
 ### The role x.509 plays in this scheme
 
-We leverage the x.509 PKI primitives and take advantage of the significant existing code bases and infrastructure which already exists.
+We leverage the x.509 PKI primitives.
+We intentionally take advantage of the significant existing code bases and infrastructure which already exists.
+
+#### Certificate formats
+
+x.509 certificates can be encoded in 
+
 
 We encode x.509 certificates using [CBOR Encoded X.509 Certificates][C509], Each certificate includes its on-chain anchor (public key).
 The on-chain anchors currently envisioned are:

From 322fbbc0043a61bdbb9fb921ccf2f987a4489c62 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Fri, 15 Mar 2024 13:35:18 +0700
Subject: [PATCH 29/66] docs(cips): Add overview of cardano transaction
 processign and data

---
 .../role-registration/cardano-transaction.d2  | 150 ++++++++++++++++++
 1 file changed, 150 insertions(+)
 create mode 100644 docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.d2

diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.d2 b/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.d2
new file mode 100644
index 00000000000..20357e6a4c7
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.d2
@@ -0,0 +1,150 @@
+vars: {
+  d2-config: {
+    layout-engine: tala
+
+    # Terminal theme code
+
+    theme-id: 300
+  }
+}
+
+direction: right
+grid-columns: 1
+
+title: |md
+  # Cardano Transactions 
+| {
+  shape: text
+  # near: top-left  
+  style: {
+    font-size: 30
+  }
+}
+
+processing: "Block to Individual Transaction Processing" {
+  direction: right
+
+  style: {
+    border-radius: 20
+  }
+
+  cardano block transactions: {
+    shape: sql_table
+    link: "https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L3-L6"
+    transaction bodies: "[ * transaction_body ]"
+    transaction witness sets: "[ *transaction_witness_set ]"
+    invalid transactions: "[* transaction_index ]"
+    auxiliary data set: "{ *transaction_index => auxiliary_data }"
+  }
+
+  individual_transaction: {
+    shape: sql_table
+    link: "https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L13-L18"
+    body: "transaction body"
+    witnesses: "transaction witness set"
+    valid: "bool"
+    auxiliary_data: "Option<auxiliary_data>"
+  }
+
+  collator: "collation logic: for i in 0..len(transaction_bodies)" {
+    shape: sql_table
+    style: {
+      stroke: PapayaWhip
+      font-color: cyan
+    }
+    1: "transaction_bodies[i]" {
+      shape: text
+      style: {
+        font: mono
+      }
+    }
+    2: "transaction_witness_sets[i]" {
+      shape: text
+      style: {
+        font: mono
+      }
+    }
+    3: "i not in invalid_transactions" {
+      shape: text
+      style: {
+        font: mono
+      }
+    }
+    4: "auxiliary_data_set[i] else None" {
+      shape: text
+      style: {
+        font: mono
+      }
+    }
+  }
+
+  cardano block transactions.transaction bodies -> collator.1
+  cardano block transactions.transaction witness sets -> collator.2
+  cardano block transactions.auxiliary data set -> collator.4
+  cardano block transactions.invalid transactions -> collator.3
+
+  collator.1 -> individual_transaction.body
+  collator.2 -> individual_transaction.witnesses
+  collator.3 -> individual_transaction.valid
+  collator.4 -> individual_transaction.auxiliary_data
+}
+
+transaction_data: "Transaction Data Details" {
+  shape: page
+
+  transaction_body: "transaction body" {
+    shape: sql_table
+    link: "https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L53-L71"
+    "0 = transaction inputs": "[ * [transaction hash, index] ]"
+    "1 = transaction outputs": "[ * transaction_output ]"
+    "2 = transaction fee": "coin (lovelace uint64)"
+    "? 3 = Time to live \[TTL\]": "uint64"
+    "? 4 = certificates": "[* certificate]"
+    "? 5 = reward withdrawals": "{ * reward_account => coin (lovelace uint64) }"
+    "? 6 = protocol parameter update": "[ proposed_protocol_parameter_updates, epoch ]"
+    "? 7 = auxiliary_data_hash": "32 byte hash"
+    "? 8 = validity interval start": "uint64"
+    "? 9 = mint": "{ * policy_id => { * asset_name => a } }"
+    "? 11 = script_data_hash": "32 byte hash"
+    "? 13 = collateral inputs": "[ * [transaction hash, index] ]"
+    "? 14 = required_signers": "[ * address key hash (blake2b-224) of signing public key ]"
+    "? 15 = network_id": "0 or 1"
+    "? 16 = collateral return": transaction_output (collateral return)
+    "? 17 = total collateral": "coin (lovelace uint64)"
+    "? 18 = reference inputs": set<transaction_input>
+  }
+
+  transaction_witness_set: "transaction witness set" {
+    shape: sql_table
+    link: "https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L295C1-L303"
+    "? 0": "[* vkeywitness ]"
+    "? 1": "[* native_script]"
+    "? 2": "[* bootstrap_witness]"
+    "? 3": "[* plutus_v1_script]"
+    "? 4": "[* plutus_data]"
+    "? 5": "[* redeemer]"
+    "? 6": "[* plutus_v2_script]"
+  }
+
+  vkeywitness: {
+    shape: sql_table
+    link: "https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L370"
+    "vkey": "ED25519-Bip32 Public Key [32 Bytes]"
+    "signature": "ED25519-Bip32 Signature of Transaction [64 bytes]"
+  }
+
+  transaction_witness_set."? 0" -> vkeywitness
+
+  auxiliary_data: "auxiliary data" {
+    shape: sql_table
+    link: "https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L359C1-L368"
+    "{ * uint => transaction_metadatum }": Optional
+    "[ * native_script ]": Optional
+    "[ * plutus_v1_script ]": Optional
+    "[ * plutus_v2_script ]": Optional
+  }
+}
+
+processing.individual_transaction.body -> transaction_data.transaction_body: "body"
+processing.individual_transaction.witnesses -> transaction_data.transaction_witness_set: "witnesses"
+processing.individual_transaction.auxiliary_data -> transaction_data.auxiliary_data: "auxiliary_data (optional)"

From 2d9d8a9e1320eb48136320aaf8c35ee61ac92cc3 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Fri, 15 Mar 2024 13:56:49 +0700
Subject: [PATCH 30/66] docs(cips): update cardano block to be complete for
 clarity

---
 .../draft-cips/role-registration/cardano-transaction.d2    | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.d2 b/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.d2
index 20357e6a4c7..cefe84a6fe1 100644
--- a/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.d2
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.d2
@@ -12,7 +12,7 @@ direction: right
 grid-columns: 1
 
 title: |md
-  # Cardano Transactions 
+  # Cardano Transactions - Babbage ERA
 | {
   shape: text
   # near: top-left  
@@ -28,16 +28,17 @@ processing: "Block to Individual Transaction Processing" {
     border-radius: 20
   }
 
-  cardano block transactions: {
+  cardano block transactions: "Cardano Block (Babbage ERA)" {
     shape: sql_table
     link: "https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L3-L6"
+    header: "[ header_body, body_signature ]"
     transaction bodies: "[ * transaction_body ]"
     transaction witness sets: "[ *transaction_witness_set ]"
     invalid transactions: "[* transaction_index ]"
     auxiliary data set: "{ *transaction_index => auxiliary_data }"
   }
 
-  individual_transaction: {
+  individual_transaction: "Cardano Transaction" {
     shape: sql_table
     link: "https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L13-L18"
     body: "transaction body"

From 7fd0c00febbe27c6ca22c6d64c1e125ab9ceebd7 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Fri, 15 Mar 2024 14:22:37 +0700
Subject: [PATCH 31/66] docs(cips): fix layout engine

---
 .../draft-cips/role-registration/cardano-transaction.d2        | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.d2 b/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.d2
index cefe84a6fe1..788ca10fab5 100644
--- a/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.d2
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.d2
@@ -1,9 +1,8 @@
 vars: {
   d2-config: {
-    layout-engine: tala
+    layout-engine: elk
 
     # Terminal theme code
-
     theme-id: 300
   }
 }

From e0cb03cce821fe17aca66e4ca0475ec21b78fde8 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 20 Mar 2024 11:05:06 +0700
Subject: [PATCH 32/66] docs(cips): wip cddl for envelope metadata

---
 .../draft-cips/role-registration/x509-envelope.cddl        | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/x509-envelope.cddl b/docs/src/catalyst-standards/draft-cips/role-registration/x509-envelope.cddl
index 9ab31785bce..6e1af83cb56 100644
--- a/docs/src/catalyst-standards/draft-cips/role-registration/x509-envelope.cddl
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/x509-envelope.cddl
@@ -14,7 +14,7 @@ x509_envelope = {
 ; 2 : Chunk data is encoded raw
 ; 3 : Data is compressed with Brotli and then chunked.
 ; 4 : Data is compressed with ZSTD and then chunked.
-chunk_type = ( 2..4 )
+chunk_type = (2..4)
 
 ; An individual purpose or set or purposes
 purpose = ( individual_purpose [ * individual_purpose ] )
@@ -34,7 +34,7 @@ validation_signature = (bytes .size (0..64))
 ; Signatures are created by creating the x509_envelope with key `99`, but without all expected signatures set to 0x00's.
 ; Each signature is then computed over that binary data.
 ; Each blank signature is then replaced with the real signature.
-..
+
 ; To validate the opposite occurs, the signatures are copied out of the envelope.
 ; The signature fields are set to 0x00's
 ; The resulting binary buffer is then checked against the signatures which were embedded.
@@ -48,4 +48,5 @@ validation_signature = (bytes .size (0..64))
 ; By signing the metadata envelope with the keys contained within the x509 chunks, we ensure that its not possible
 ; to transpose key certs from one transaction to another.
 
-; This envelope is general in structure, and that structure ensures metadata can not be transposed or tampoered with outside of the inteheg 
+; This envelope is general in structure, and that structure ensures metadata can not be transposed between transactions
+

From 3e35923889f7de8cb320b717cf3d7e7c51532d05 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Fri, 22 Mar 2024 21:07:57 +0700
Subject: [PATCH 33/66] docs(cips): Add cddl specs and diagrams for x509 rbac
 registration work

---
 .../role-registration/cardano-transaction.svg | 923 ++++++++++++++++++
 .../role-registration/certificate-chain.d2    | 110 +++
 .../role-registration/certificate-chain.svg   | 870 +++++++++++++++++
 .../role-registration/metadata-envelope.d2    | 138 +++
 .../role-registration/metadata-envelope.svg   | 875 +++++++++++++++++
 .../role-registration/x509-envelope.cddl      |  97 +-
 .../role-registration/x509-roles.cddl         | 123 +++
 .../role-registration/x509-roles.d2           |  44 +
 .../role-registration/x509-roles.svg          | 836 ++++++++++++++++
 9 files changed, 3982 insertions(+), 34 deletions(-)
 create mode 100644 docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.svg
 create mode 100644 docs/src/catalyst-standards/draft-cips/role-registration/certificate-chain.d2
 create mode 100644 docs/src/catalyst-standards/draft-cips/role-registration/certificate-chain.svg
 create mode 100644 docs/src/catalyst-standards/draft-cips/role-registration/metadata-envelope.d2
 create mode 100644 docs/src/catalyst-standards/draft-cips/role-registration/metadata-envelope.svg
 create mode 100644 docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.cddl
 create mode 100644 docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.d2
 create mode 100644 docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.svg

diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.svg b/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.svg
new file mode 100644
index 00000000000..3dcd2a8c4fb
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.svg
@@ -0,0 +1,923 @@
+<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" d2Version="0.6.3" preserveAspectRatio="xMinYMin meet" viewBox="0 0 1925 1619"><svg id="d2-svg" class="d2-713170117" width="1925" height="1619" viewBox="-101 -101 1925 1619"><rect x="-101.000000" y="-101.000000" width="1925.000000" height="1619.000000" rx="0.000000" class=" fill-N7" stroke-width="0" /><style type="text/css"><![CDATA[
+.d2-713170117 .text {
+	font-family: "d2-713170117-font-regular";
+}
+@font-face {
+	font-family: d2-713170117-font-regular;
+	src: url("data:application/font-woff;base64,d09GRgABAAAAABawAAoAAAAAIgQAAguFAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgXd/Vo2NtYXAAAAFUAAAA9QAAAXYKEwxKZ2x5ZgAAAkwAAA8lAAAVHPe08JRoZWFkAAARdAAAADYAAAA2G4Ue32hoZWEAABGsAAAAJAAAACQKhAYKaG10eAAAEdAAAADoAAABIIG+DmNsb2NhAAASuAAAAJIAAACSy/TG2m1heHAAABNMAAAAIAAAACAAYAD2bmFtZQAAE2wAAAMjAAAIFAbDVU1wb3N0AAAWkAAAAB0AAAAg/9EAMgADAgkBkAAFAAACigJYAAAASwKKAlgAAAFeADIBIwAAAgsFAwMEAwICBGAAAvcAAAADAAAAAAAAAABBREJPAEAAIP//Au7/BgAAA9gBESAAAZ8AAAAAAeYClAAAACAAA3iclNBJTpoBGMfh5ytQKKUttJTOlJYOdJ7ojCIOC+LGGHfGGJfqCYzxTHoANcFbuFJPYYyL1/jpgq3v/kl+/xeJjAQl2WQFbQ1ZVQ1N77z30SefffHXPx0jRnVN6ZsxZ96CRcvWrNuIIFWtIfV1SPX0TZu9VEtWL1QcqauoKSjKKcdJnMrLuR7HMYjd2IntOIyD2I+t2Iy9GKS9V79EL10xpu23H7rpvg9Drd9899OEcZN+uSYje94hr+CGoptKbrntjrL/Ov6ouOueqvtqHnjokceeeOqZuucaXnip6ZXX3nirlX7CGQAAAP//AQAA//9V1zdGAAAAeJxsWGtwG9d1vvcCxBIC+ICA5eJJALskFu/XYrEAAQIiCBAQSfABkBJJiZQoUSIlWYpNv6JYkdxIllzXddFGHmsc2VEazdTOWI1dz1jxeNKmfqhMI1t1nTp1bXncTIfxxE7SsEwbJ+ais7sgBDn5wdkdzN3z+M53vnMuQROYBgCx6DyQASVoA1sBDgCjsWu67TRNYRzDcRQh42iowabhB3wFwu0ReTQqD2U+yRw/dQpOnUTnN+7oObO4+Mbc/ffzf776MR+Gb30MEJABgCyoApRAA4AWY2iHg6YUCpmW0VI0hf3I+oZ1q61d3mb7jw/nPpxO/SoNv7SwwB2Nx4/yM6iycefKCgAAyMAMAKgLVYAGGAElxMaEOzpwnQLDxYeCkjHhKBtxUJRm82Xmtf4D8VAgMZS+c/Dk/MRgsXhgeXJudscyqtgGekKjbXLVSHbbDjc83hOOBzfW05neOAAAgkh1HZnQRWABoIl0ONhINMqEOwjM4aBIhQLXdXQw4ShHKBSwVPqToeEz5eRus8+YcadmmfCuVGDQ6qf3qccvHDl8oRSyRc1k332l0vGMk4z4wgAAJOYSQRXQLGAiZoLrFBRdj/vyhaefenxy6O677757CFWevfjU32b/7MSJh8TYZgCAH6IKUIn1we04g1O4HZ+BX+Hf++wzGEKVgbfyv8xvngVXUEWoAaNhNDNlAVDpd5RGFaCWfmcgg2kpGYbPlGVQM/fmL2ZfvwtV+Ktw++/4w3DyoX/Z9HsdVUCT9I0dnylDK6psXBVc1Wx+FVUEzBgNo+3oIJholNMyGkoTiXIUJqNkNNXRgWtmFk6qCbVcjatPHBhplskjJ7gTEbkMQxX+r8kcSeZIOLdxJzzkPeJ5nH8OTjzuOeLln6j78KEK0Eo+CMbhYDWMpm55xy/ychk2uuOXeblcsLfwcPhIBJY37oRPnQstRfhnARJrewBdBG1fqK5IIjocFUtAikWGw6VT+fypUvlkoXCynNgZPDw1dTg4pZ548tChJ8bHnzh06MmJ7f3HS1957LGvlI73g3ptVWJ9dA0spSjNLVq+MngsdfaOO/btKO/cMYcqXZOFxQX+c1joG8hzdRs2VAGtgGhkupaSNZp5s38pMZb9m7mn7z9WLJWKx1CFGs8Oz2r4n0Kc/wROp7f1RaTauKvr8FfoIvCJGdOcyF824nDQtB/dzm4hb4LoRAIasD13nydM7WH6CpaQdc7a62LnEokFyte53c/128PGWUdvV3RBzXp7un2JIOk0t7pa3JlgeNTn64pa7BGv1WVUOdt9faHIZBhAYAYAfo4qABOyolg7Tml+eg1+dA0NDgxsvCThF6muwxfgGjCCLgAIUigPFxFDw2gxUFxDCQJCh6McKzbjq73jf/ENjcfpHrTYyP0902NZTEaOd1Ap6vh8WL29b2xSY41RNl28w3V0F/9uj9mdIa3n2pIBVzdAoFRdh79HK0ALbBI6FEZpGByTfEmckCghKA10kdttMixTQvZR5559iT0DydFEzrqNsqXVdksYrbw6ZaHP3lW+L5VbnBnbT9qqZkKqgb+6Dr8L1wQM/rimbErK1m1Lyb4jqWDO4MYDFm+OLveTPR1d9jF1cnmstJwkiahWH5iMlRctOs5iFzALVNfhe5s5SJiJxmmW2QSLY+uOfrvrWGKec6ds8nIWk5mHDduS1ngnnXYMqB86Pnp3qtNYfmUjFje7cv28mQiUYzv3AyTG/89wDeiB9bYMBGLa64Ios4tQQaLvcCq9wM0egIj/XtPOASphslhHfwTl6Tgzru5dHh1bTp1YajEoi7txTVTXCR2DxVERp04AYBr9WJo/FMuxkRpOFIkLWqfZm8nkthPu9q0mc3ZxEX471VQc3KnE0uq5Yj8/K84KX9UGP4VrIAR6QbHOItbR8BCNMjhVGx4kLdWgVnNZ+JYMaGv9RjqkM/87fafDvtVAavV0eCKk62p5dkFDBMfCNNmytTs0NzmZPDbs7k16PMne6MAEE5hotbcb9UMfZdPWeIdc5TRb/S1yXdbDjrixpnQ7a40MuzQqk47o5Hp9wwH4Qpplk0mWTfMP9zpIo1yudeO0X8SmBAD8CVqpKcsmRwWFFfmpKZVkVDFczJe8we5EN1p5dcEemJ/lr0NXNuXo5i+BahXkAAAvopeQQ3xTgIEToG57Fa3UZ4JWmAk0hpfGZTd2ffvlmcd2oRW+E4LX+Js/P/xg7ZvqOvh3tALaJIw1jKZO42f9rlKrUo5hquYOdZxFBzfOazUQpuRyyRf6NVwDdtGXMCiEatyWDVZ/lrKYzDbsiaXbHCPeoe0lrz+aLXkD0SxcHaACIa8rspniEH+p9tjECq7VsKr5aMQqi8mokTpYorHbsKpx/r/hGmgDpj86K+ocgW2JxXR6MZE8mE4fTKaLxXRqZKTWr8nl0thyMrtYnlhamigvAlFzGPh7uFbr11vRiUx00ASubdQcIVL7qGduX2JPjOwn0f2i5KS77Kk30Ysxs/PcXaX7Up3GyctQcZvmCLrAwPc2/TSxnGi+Tn6O0cgadQGelVuG3JI4bLOj5syNujC8eWXK7BTFwWLxbxSh4pYybHJnDq7Vthkpm5qySUAbCi4L0a7WtVn7DXB1yh/dUpDLwyl+ReKRuboOT8M14BZ51DifxPH0hekkDae3I3OUy5b1BIN2xkRm3NOjvhGz0xC1+T2dQROV9blG1bSZM9h9VgNJbGmxs67EqI2IaPVuM2HBVS12zk9nnKJ/fXUd5tAxYdqKPKZYjmNEsanz+ZOR3sLwltzp03Z3S6e6XRdQzxRgS6rp4Yf7+TVfSClPYSrR1lB1Hb4FVwXe3dYTmpoUf1QslD1BR4IUcCGH1fOzMML/JJuiPXCaNw47gwAKPQj/Ca6CFgAYWcMuJXvlu5O7VYRKriK27B5/Dq7yn3YVKKrQBXW8UcgDAPQSXBX7qvG7BguUTNq/Mdk3z00UmlsxeXO7cmhsWKlplje3YfmRry0MKNuU8ub2LVm4yv+M7CfJfhIaGt6MsInKdnfnKP5zAEErAPB5uAoMADAczRA1VxyDEVRt18ew1m9+fbpPpW+RqzpUiR1ff3o632Jslbfo1Rn+4yNat07n1h759W/u6vDiuIe4S8RRXQ2IGJgaOcFxt8HRimbaLer2Zp3SFW1TvTa5X2VQyVW6LTvHrmoCubcV8j7UlPB1wZ/x/2MtkPaCDbZsrAWHfUJveKvr8A30CFBtVj1Sa8HGvv5s79Gje/ccPbonls3GYrmc+sqlbz3zzLcuXcmcevTRBx549NFTYqyjAMCr6KSoncLIZaNRThDo0b+6x9tnTJ/JwnfZZqJ941pW4nsXAPB19IiQG8OmUK3V6boICMLO4M69ZweSvc6sOeDclZo+2H/vsDFmeDm09y/vZbgBny3gZRcnkw+cG0XyPIDAWF2Hf48e+cMeotj6UnvLxeat6dPhgza3ZSTWM0hPD2dHyQTj7Ld4u2di5Tu2RXrGYnvUHBXt9G9jHXFb2ha1B6Jdlgjlmyz2DOrkLeVMrOQFSOh7+G/oJFAKrOcYYcoKZdeydhYKOFD40oocytXGVob/T6jZvXPn2svGgoHwEnzk+Si8wN+TeV7AxVBdh/+ITta2mFs5iKFr7TiF3ZLfnw8v2J2W4VhifDBlD1i8OEz/n4bwW7jpaO8+ddQeNftG+zODOq0ZMvnvq1s9U7ncfFjSxWB1Hf5QrL0TAEgqsE1Hsj/czG4tgrDJWuhszvcGtiUiqYWe3JfSkSGTXxvr9A0GUOcYXd4fmYQFp3d2XzGd2s4/l/3Tgw9ezNMWhjAx9x/o9uzf17s7ItbfK/Q3Oin2dwpxdtaOt8qwFxR0Mc2/Cr8RLzh18i//w7M780zhoXNPSjuNq7oOV9AjwAq8IC7iI0basM6IzMEldZQ13mNkNTEVVf53yTmO4jqpaLDElOfNTp0lbGNmNTaqh/UmXNmmWC446ncwo2rfWNjdF2qXGwrh0KBr76A9EWiTt3t7PYERH1yybKMCmVjAEab4a+mQK+LYahjwsjkJX2d1Hf5gE1+tpH8imtp6VaO3DSMx9nsTCVve2lzo9fdNMUWjX8d1CvtQ55iztD8yyaQX4rlj8Pup7U7f7Hxx47e0OUKYI18+6PCKwGYfXnzwYu0u2lddB98Dy8IdubGzv2qgKIOeotSUyUJRFhMlnA1Ud4BrYBlsBYCgo1FaQVINn/TrPEGIFEhPdRls3QPfCWrTTmgxm6wR37Z5IOxToi/4PqIBAwA8BBTCEyDgqK7D4+g7wAC6AeAcKdkXWrBVRmANji5heo/PFgraE0TANskN77IFvKYm0kCSBgNFXQsUktGozRm3mjxdgR2DdDrWk3H/a2MeLvA+bING4a7PsQzuWn0/nZZ09Gvw4+rLwu8Ea8fV8IOTHCfubmNQiT4QOEhIizEh8oN4NzUwkGJ64vGe5w/cPHPmwwX9npvLyzf3AAgc1TFws/YNLTJMqCauU0yL55nUwMDztdP6hQ/PnLkJIJirLkENel248xGCFGgYfO7Fe++9INsd2EABqV7W6hJ4u3ZG1E9GY73nnr+7EEB84PPL0hmyZsezWVPBOysGIYDI4BLZb2mbuM7j/5XoUVIMQyl7Ej6T06ww22xmhdlpuhArclNhSxBGYNDMTHHFWMAd8k8wIUYpV0aCzIQ/5A7UYoMtNb+spBK3bhHixYCVKihghytqMVBWo8vUZLLZTE0ml9GbjCu7wuEuZTx5QXITjCjlSiYkuRFCYcxiKJawEIrgd0t1LxxH18S6QQZugaok/5tLsoOfPynh0QMvwyW0IsxfLc3RHMExBEdgBEY/4ozPtx1UhpSLbfMxOg8vW+acfsMdR/R+55xlh8BNgTDviPPHKkxtipX+GEz8wynxj+IoTMtw1IxhbOfWyd0ESzykZ/XjwruB1Z8x2M5sPXM9fr7n6tWrV3vOx69fvw6bzgOxJ0jwA3gD/hg5QB4cAQqQB49LNQSn4Q2EAyUA3d1sN45hOEHAG3wZXnnn7Nl3Tj+TeSY/EpaHR24/y7Ecx9I024STwjF45bR0Kv9Mpn53AZfh6ub/uUoluCrsQ9UfokHAoZcEHdA09JreatXrrVY0aDHoOzv1BosYG/TAG/CQYEPL2nESXoGeVAoA8P8AAAD//wEAAP//eAxvDgAAAAABAAAAAguF8OeLcV8PPPUAAwPoAAAAANhdoKEAAAAA3WYvNv46/tsIbwPIAAAAAwACAAAAAAAAAAEAAAPY/u8AAAiY/jr+OghvAAEAAAAAAAAAAAAAAAAAAABIeJw0ir1KA1EYBed8KQQJio2sEuKShOD6k2uxKCoWIlYKwtd5hbQ+ipW9tVa+hHVsbCx8A1u9ICGpVnbR4jADZ+yeayZgOS27JNoxpd0SbZmoBaKdEfVJtA+i3RHtgdL2iXZItFW2LKOjGaUVuCaMbJugb0Ya0NWMXctxppzrC6fCWye49XHrNq03/Q2uJzpyMsu50DtteyPTC0u1K7GjxJUSAyXWlVhRYk2Jvb+vUGKTOafMCTX1zFAHFPqhrYArMFRgrMCGAr2GYxb1yJESfSV6/2OKQ/Va+y8AAAD//wEAAP//KHo5eQAAACwALABQAIYAtgDUAOoA9gEQASABUgF0AaQBxgHuAjICRAJ8ArAC3gMQA0QDZgPSA/QEAAQaBDYEaASKBLYE6gUeBT4FfgWkBcYF4gYcBkgGeAaeBrYG4AceB0IHdge2B9AIJghmCHwInAioCOAI7Aj4CRIJLAk+CVAJjAnICdgJ9gomCjIKSApeCmoKgAqOAAAAAQAAAEgAjAAMAGYABwABAAAAAAAAAAAAAAAAAAQAA3icnJTdThtXFIU/B9ttVDUXFYrIDTqXbZWM3QiiBK5MCYpVhFOP0x+pqjR4xj9iPDPyDFCqPkCv+xZ9i1z1OfoQVa+rs7wNNqoUgRCwzpy991lnr7UPsMm/bFCrPwT+av5guMZ2c8/wAx41nxre4Ljxt+H6SkyDuPGb4SZfNvqGP+J9/Q/DH7NT/9nwQ7bqR4Y/4Xl90/CnG45/DD9ih/cLXIOX/G64xhaF4Qds8pPhDR5jNWt1HtM23OAztg032QYGTKlImZIxxjFiyphz5iSUhCTMmTIiIcbRpUNKpa8ZkZBj/L9fI0Iq5kSqOKHCkRKSElEysYq/KivnrU4caTW3vQ4VEyJOlXFGRIYjZ0xORsKZ6lRUFOzRokXJUHwLKkoCSqakBOTMGdOixxHHDJgwpcRxpEqeWUjOiIpLIp3vLMJ3ZkhCRmmszsmIxdOJX6LsLsc4ehSKXa18vFbhKY7vlO255Yr9ikC/boXZ+rlLNhEX6meqrqTauZSCE+36czt8K1yxh7tXf9aZfLhHsf5XqnzKufSPpVQmJhnObdEhlINC9wTHgdZdQnXke7oMeEOPdwy07tCnT4cTBnR5rdwefRxf0+OEQ2V0hRd7R3LMCT/i+IauYnztxPqzUCzhFwpzdymOc91jRqGee+aB7prohndX2M9QvuaOUjlDzZGPdNIv05xFjM0VhRjO1MulN0rrX2yOmOkuXtubfT8NFzZ7yym+ItcMe7cuOHnlFow+pGpwyzOX+gmIiMk5VcSQnBktKq7E+y0R56Q4DtW9N5qSis51jj/nSi5JmIlBl0x15hT6G5lvQuM+XPO9s7ckVr5nenZ9q/uc4tSrG43eqXvLvdC6nKwo0DJV8xU3DcU1M+8nmqlV/qFyS71uOc/ok0j1VDe4/Q48J6DNDrvsM9E5Q+1c2BvR1jvR5hX76sEZiaJGcnViFXYJeMEuu7zixVrNDocc0GP/DhwXWT0OeH1rZ12nZRVndf4Um7b4Op5dr17eW6/P7+DLLzRRNy9jX9r4bl9YtRv/nxAx81zc1uqd3BOC/wAAAP//AQAA//8HW0wwAHicYmBmAIP/5xiMGLAAAAAAAP//AQAA//8vAQIDAAAA");
+}
+@font-face {
+	font-family: d2-713170117-font-semibold;
+	src: url("data:application/font-woff;base64,d09GRgABAAAAABaIAAoAAAAAIiQAAguFAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgXqrWeWNtYXAAAAFUAAAA9QAAAXYKEwxKZ2x5ZgAAAkwAAA7XAAAU4O8Hi31oZWFkAAARJAAAADYAAAA2FnoA72hoZWEAABFcAAAAJAAAACQKgQYIaG10eAAAEYAAAADjAAABIIYpDVhsb2NhAAASZAAAAJIAAACSyVrESm1heHAAABL4AAAAIAAAACAAYAD2bmFtZQAAExgAAANOAAAIcCYSZQ5wb3N0AAAWaAAAAB0AAAAg/9EAMgADAhoCWAAFAAACigJYAAAASwKKAlgAAAFeADIBJgAAAgsGAwMEAwICBGAAAvcAAAADAAAAAAAAAABBREJPAAAAIP//Au7/BgAAA9gBESAAAZ8AAAAAAesClAAAACAAA3iclNBJTpoBGMfh5ytQKKUttJTOlJYOdJ7ojCIOC+LGGHfGGJfqCYzxTHoANcFbuFJPYYyL1/jpgq3v/kl+/xeJjAQl2WQFbQ1ZVQ1N77z30SefffHXPx0jRnVN6ZsxZ96CRcvWrNuIIFWtIfV1SPX0TZu9VEtWL1QcqauoKSjKKcdJnMrLuR7HMYjd2IntOIyD2I+t2Iy9GKS9V79EL10xpu23H7rpvg9Drd9899OEcZN+uSYje94hr+CGoptKbrntjrL/Ov6ouOueqvtqHnjokceeeOqZuucaXnip6ZXX3nirlX7CGQAAAP//AQAA//9V1zdGAAAAeJyMWGtwG9d1vvcCxBIkRBECFiu8HwvsAgQIgLvYXRAkHnyBBASCD5CUBJEURcl6UBIlkaKV2JJr2a4tK1NEyaSOrLozseuxnSZ2Y3dGbaZVa9Oe1ulkkpEt140dyzOO3cRmJ7WnbJjpmEBndwE+3P7Ij8WSi7v3nPud7/vuuQB1YAwAlEPfAQqgBjvBLoADwGqdWg9L0yQmsIJAEgqBhlpsDP6+fOOtaFAZCimD4dfa7jtzBhbm0XfWT+05fuTI3en9+8tP/Px2eQZ+7zYAqFIGAIVRCaiBFgAdxtIURZMqlULH6kiaxH5BPE80W5uUO6wr71x55z72lyycHB6OzPPC6fJZVFpfePllAABQgEJ1Hi0wAVLMjWUMBlyvwnDppiIVLMNzEYoktbU/Crd7T8TDfr6/a2FgvtCbSKXGZwfyuewsKtn6O4MjO5Wawe6uCR98kGkJe8sUJ0RCAAAI2iqriEI3gAWAOhdFcRGeZxkDgVEU6VKpcL2BZXiBUKngvtFHh0aujCZm7AljnOIKodnRQK8l4T2myX/31MknRxjnHpO9fS579o88tkywDQAkrSOFSqBexENaBa5XkfRGzn/1xAvPfbuLPXzq1GEWlZ555i+en178+tfmpbwKAMBfoxJolGqDO3EWJ3EnXoBXy5+trEAHKs0+P/vabG0s+GdUAgopirZwXgRTfo4mUAlo5OesjsV0pALDC+cVn17+ycqDL0+jUvld6KuUz8HI0j9uxH0XlUCd/I4TL5yHzai0fkcMVZ3zCVQCdul7ncFAsDwv6FgtqY3wvEBiClJBkzaEawsPn2/EG5SN+oZzj5yswxRK7mTfqYhSgdWhUvlVe5fD0WWHqfUF6Ldnsrbr5fcgdd2WzdjL79TixFEJ6OQ4BEtRnJbVipMbDLi2cOGnPUpl4xn5hkrla99g7hWgZX0Bnv1GZEEofwSQVNsFdAPsBOZt1ZVIRMtVcIk1hiPjD2UyD41PiJ8Tg5OTg4OTk5rCk3NzTwwPPzE392Thnofn5y9dmp9/uFZXm4Srfgs7VSSJa1lGLu3PMgvd3Wf7p8ev7cmMoBK1LzcwHfwcDl5IiLSrzhFDJdAEiK0M15EKUrvJ6g96Tyf7O5566E+OTPX09/dMoZJ7PLNnUl/+TwgqAE62C9FWuS5UZRWuoxvAL62UFgwGeRKaDqLtpMb1BgNByCnDXd33h3rJYms01h4oOuJ0++FU+xzVYe9rCbZbw+b9sWz0hIYJDjl9Qcrn1tFNgd5wpNDWSmVNNp/b6CQaPcaRfm4fJ+ZgAgDVoxLAxBWRnBMnte/egr+9hQKzs+t35HWHKqvwdbgGjKKyCZdYEkFKC6OlJHEtKXoGzfACJ+nv1dTI1e9CmnH3OVt8x2KTBw7WK517MFub5UjeqxlODe1tptst+kETdfpY+QPeQhWtxvkdrMdpk+JlKqtIjZbBLmATkaFJjNSyOCbH2kID0VugkE4pGg4sKuxZz+TRzoNDbd1MNBI1sZpUBC3fHDW7rpwbu5A8OFHIjgqfGHTimn2VVXgTrn2FYZtQ1+zD0HMy2XuuK5Q2R3VeomNPJmZl8ZBrTBNfHBldjDuIPVpdMZspGrU5mw0g4K+swhW0DHSi0mScpIlpjq0hJHC1IP89Od8xw7V0WJSLB+uV5gGNEDYyxlBPTHPl68PnE1bj0CvrCc5MHRQ+IXaNDw6NybUQc/9XuAZ2izG26wNzGmqpK1hJJtDcO5/qOt7eUwzWld+sz3c4BDNNTrzyHsP4e8RVDJ9PdJzoc+u7BnTaAcIGw+1dSZmbZgBgEf1M3mdITuAiVYxIFy76mnaquzu31xRuNpjNiZkZeG2ijh083IBNaArcgfJZaU/wVmj4P3ANMCABchIiFBcRERAJxG0Cz+JkVY0uipYNvFppxRbB66oCc9Hif6uxKS6tMzpxI83vZ/WenT8qapqZsUizS9u4g2zdu/9A6t4sybS53QwT7si2tvR4zVTvLyzt/nhAqfHarKGdSl2vvz3vw+rGm/wmfg+lwhr0Wnx3eyo8FIS3IqEgy4RCkXIpbLfqMavb6RFxyQAA/wMtV12kRkrRSSVBaDOLSnuOGRpYdPscbXa0fPOgtfXoVPmn0BNn7Lby90GlAhIAgDfRG4gCfQAADKTBw6A6N0JoecP7BdH7aQzPnFPcfOCFH196YBAtl/s/erP8wTv7LonjK6vgd2gZ7JTZpmW1G9z9cZxdbFYrMWxng12TTaHe9Zu4FsIJpUqOo6iHa8ApxRE3A7EK21aCbdwzB+uV9kyQ79KSg8F89ryHCrYveuhgO1zpcQZDPoqpLS9e/n71VsMJrlVxqsbYipNoCfkNoOBKtyO4Dacq17+Ea3/AXrArPtfdPRdPiJ8JPpHg+Xi8qtL44ujIYny6mMkWRa3K/pJAarhW1elmdlUGErhui8FI6x/0Tt7TeVBwpGyKw7LBmJll9GLERF1ZGLuQsBpHb0B802IkL0jAlVqMOk6Qpt4gvMBqFVu8AH5NaU5TkiH4UnZFw4H3amaw/PSoiZQNwRZaL0B80w1kjC/AtWqnIq+i6mIywKYsTeL6HYZma4qAK3vDbMMRpbI1Wr4ja3x3ZRV+C64Br8Sfzf2HkvefbZ5I2BCuV73FHHHzzm6Pl7KHTY6kd2Y0MmrjTJzV4+70ulL+WQ1tzRptLiNuxhs0pODrGnUTaR1hJ6y2Jg0ZDSb3Awj0lVVYROeAQeYtR3KCwErNkr5K39+N96dzTTOXLvXtsDTo9azm8NBnE3WPPnrgswlMOY41yvn3Vlbhr+CKyLFt/NdW7fZ9kV1eR5tlcVqtcOQ0R6dgpPx+nHG44XAZH6CCAIpak+bYAQCrYIlqbySwir/5wVK+QeyF8Ib8mefhSsWdpaisu1LGZewAQHfgiqShre9tmYGs9tIYduOh8x31jZgS26lOnehSN9crMQ3WcerS4+31TfVKrKk+ClcqZNrt7ndVpHuarJTxT8g+mk6TH0vxmgCAb8MVYASA1dFbwmDEZpymp759UWgkGpVqvTp04VtPXezUGHcoGwyNEQhWpvR+vd6vn/r9fx0yBHDcTxwS59VUeGn9pq0cEIRtUKhUc3pbE47p1HRIo35tabwRb1SqdersmVfs+/5FpSyiupDHDj/5wtFPuvqdX6xXCodEDXgrq/Df0BXQWNWvzClcL2pX4lm1XTdAcHhp6bB42cNmc9huC1ssYc0Pn376ueeefvqHxdBcsXjc7z9eLM6FxJyzAMCfoIuST4pbK8fzgmjG2dJSKG2buDQNnxlQG3etfzQt88QJALyDrohZsFwCybZR6130KpVo4ixO7b+c5llP3JQKTHdNnk6eSBpjxFM9E4+dCTOdLdZUiJ3bH126rwfVzVa183N0Bfi+qh2SqxnTZoTaIejzwRMuwZoNR7qcI5npASbgSVg7fFPtkwsdkWgufo+G82StPrbV2WYaiwW8rU5zvzuwd4TL6JU7h5Ox0YDcA+ySzhkXgVpkvsCKu6lYfh3n5HQiDiT+yPNKqNSYmtjyr798fHh4/ZolZzGGTeXRZ/Pwavny/mc39H8bXQSOr6xByl3nxEls026/GDxBctaBMJdOcfYWq6CDY5/v0NNGoSgkj2o4Mmv2pWLtCa2OhLFDNxoaW/b19c1G5HwDlVX4vsQDLwDQpcJqgRT/9/S22eVBjbnTrE4FvQLnTcwl+xe6YmOWhFawert9CkvOVTgmFCHv9I7nkrFoe/kfuq+evPjkQIstjZsDx/aR3kNHktMRaZ0B6Xx0UdJ4AglOzok3KbAXVO5svPw2/EG0j96lPPfXz4wfSvc9cPlPp6TexVflrgX4AL+x+2zpWraUVcFvbkUGRdVCJWZDmJiNpls9LLNXmLiHtwe6+RnCZGYCHsbVURfs8PX5bXSvpjUf6RjerTRlmMieloODoRyhNOZSbfkgXDTxthYh6HP47eXbbIAMOLWGTk8oJuHqqazCt2u46mTvk1DUbVST37bxSNl+kwtb4kZ1KkRHs+1j1sQuEdEWZMmRo8eEA3ziRDK9AP82GiPpsVyijGqAuryHjqSm2O7HT97/ZwOyrpKVVXAHXBPPu8QWdV+1BwJ2R0uLJuByBcRLHBuqZMHH4JrIXYLmedrlIre8MmBs4yCqQ9bWoN3XOnozqevyeFwOOhHNnAZA7JmkWPDfEQ1YAOAEUIn3qsdcQ38JjMADgEAlFF/RXpOCwLYE+nOVwRew+Sk7Y0g5J6P5e+ytAZOSsfv9doff/26gN8qEze6AZXcH1TY2SnVGIp30r7auowW8BXdDSjy3CxyLt/z2rbEx2Ufvh7+pvCo+JzgnroG//OO+PgDBYCUPjeiuyD1CphAhMYO4nUinEwNRno++cvTuI4/cPeqYeW9+/r0ZAIG/kgdr1XdoiVtiNXG9alEaP5BIp1+pjnZI7wIIipXj0IbeEM9xhGgBWhYvvnH69HXFZHLdlaydN4+Dz6pjJN9ktdTp029cT6K7yS+flcc4qvP4azUVo3NSEiKILC7TfJP9UreO/ybZqXYzjFvdmeQJt7HOQZKOOqObuN4xxOfbLCGYhiEzk+eHY0my1T8S5li1Us1y4RF/K5ms5gbd1bic7A6bepP6fk6uoIgdrqrmQFJbg/GbSVz/f8LEhvk8Y5ZSsbTl+aEOuW4zsAf9k1Q3HavQfJr/9HuKo1/eEL8Lwwfho+hNce/V0QItEAJLCARGYPQ32dhR3enGZOO87liM3QMf9My2dhrPnTN2ts569oq8JMW+Al0FZulXF4Hk5IvFpAsnpYsUSEzHCuS+3YPjzSMHDH34EtGLD+9vHp8m0sTSbse9zfe+nruce+mll17KXc69/vrrcOdlWQ8u8CP4IfwYUaAfnAUq0A+uSfVzgSX4ISKBGgCPh/PgGIYTBPyw3ANvvfbYY68tvTj24qHesDLcu32swAkCR9NcHe4Sh8FbS/KoQy+OgdrZBPw9XKn9XpVZhCtlHMDK36Eu0IfeED1Au0Vndoqy2ykKdbltVrfbanNLuUEH/BCeF+fQcU7cBW9Bh6ge8L8AAAD//wEAAP//IJtn6AAAAQAAAAILhciIeLNfDzz1AAMD6AAAAADYXaCrAAAAANheETP+OP7PCG4D3QAAAAMAAgAAAAAAAAABAAAD2P7vAAAImP44/jgIbgABAAAAAAAAAAAAAAAAAAAASHicNIo7SgNRAEXPvUoQGRSMxTA2JpIwY0I+aOsHeQhPEYSnIO7A0sJ9uARxA3Y2ugAr92ApCDZiIxjJEIvLOVyO7zjjBTyY/Pqc5H3Gvia5IKkgTT99k/xO8i3J94x9SPIpyS26blN4nqG3iHql8jY9/VBphzUvUHpAVINdLxK1TJw7JnpEdKduY93fEPVAritW3Sfok8wf5HpjqXZRWhxZtCxyi5UZ+7NVFh012VOTYc1nSh2wqS8yBU4U6ClwqUBXgfWaF2R6ZGSxYdH+nxpEmDxN/Q8AAP//AQAA///Q+SbvAAAAACwALABQAIYAtADSAOgA9AEOAR4BUgF0AaABwgHqAiwCPgJ2AqYC0gMEAzgDWgPEA+YD8gQKBCYEWAR6BKYE2AUKBSoFZgWKBawFyAYABiwGWgaGBp4GyAcGByoHXgeeB7gICghKCGAIgAiMCMQI0AjcCPYJEAkiCTQJcAmsCboJ2AoIChQKKgpACkwKYgpwAAAAAQAAAEgAjgAMAGQABwABAAAAAAAAAAAAAAAAAAQAA3icnJRBbxtFHMV/a6c2FSIqCEWphKo5gtSukyip2uaCQxrVIrKDNwVx3MRrexV719pdJ4SPwUfgxhfgzKkfgQNHPgAHDpzRvJnEdUCQRpWat56ZN+///m/+wFqwSp1g5T7wBjwO2OCNxzVW+cvjOt1gxeOVt/bcYxD0PW7wOPjZ4ya/BL97/B7btR89vs967VeP32er9ofHH9RN3Xi8ynbjc48f8KhRefwhDxo/OBzAs4bnDALWG795XOPjxp8e11lrNjxeYa35icf3+Ki55XGDR819fsKwxQabbGB4cv31DEObATknJBgiLimpSJhSYuiQcUpOwUz/x1obYPiUMRUVM17QosWF/oXE12yhTk5p8RmPMVyQUjHG0CehJKHg3LMdkJNRYegSM7VazDoROXMKTknMQ8K3v6U1JpPKIwpy/WJ1p5yQM2Gge0bMmRBTsEXIBtvssEubffbosbvEecXo+J78g8+d67HHS76W/pJUys0S+5icStVnnGPY1Foo95+zy5SYMxLtGpLwneqxDDuEPGWHHZ7z9J20LXuTypcYQ6WuDbTbunCGIWd4576nqtb20Z57TaauurWIyu90t2cMaOm8Ua1jeWbEPFe/C1LtDu+k5ohY3TXsE2J45Vlvn8yKS2YkHDP2ni2SGMmnigv5tnB1QiqXM2XY1j1Xpa62K2ciOhxi6Ik/W2I+XGKwb+NmmjaVFlvTQtnyvYsenxOTKuMnTLSyeGmx7m3zlXDFC8wNd0pO1YUZlfpQiiuUzyNa9Djg8IaS//dooL+uvyfMrxPiqrPJsO+7TaTuRuYhhj19d4jkyDd0OOYVPV5zrO82ffq06XJMh5c626OP4Qt6dNnXiY6wWztQyrt8i+FLOtpjuRPvj+uYfX8zqS+l3eU1ZcpMnlvloZ8uyZ06bBh61quzpc6ckjLUTqP+ZZpWMSOfipkUTuXlVTYWL8slYqpabG8X6yNyTdZCr9OyGi79fLBpdZrcFKhu0dXwTpn572l9c34d6aahVBc+LW2ps7mOKTlzuSFXfRkJZ5REcq6Ur/bM92LINYsKvYyR1Fu32kyUROuLmyHWy3/7dSR9hfrjeG22rNOTa0eH4p675PwNAAD//wEAAP//2S9cXwAAeJxiYGYAg//nGIwYsAAAAAAA//8BAAD//y8BAgMAAAA=");
+}
+.appendix-icon {
+	filter: drop-shadow(0px 0px 32px rgba(31, 36, 58, 0.1));
+}
+.d2-713170117 .text-italic {
+	font-family: "d2-713170117-font-italic";
+}
+@font-face {
+	font-family: d2-713170117-font-italic;
+	src: url("data:application/font-woff;base64,d09GRgABAAAAABdQAAoAAAAAIywAARhRAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgW1SVeGNtYXAAAAFUAAAA9QAAAXYKEwxKZ2x5ZgAAAkwAAA+0AAAWJNO8DJRoZWFkAAASAAAAADYAAAA2G7Ur2mhoZWEAABI4AAAAJAAAACQLeAjsaG10eAAAElwAAAD2AAABIH2KB4Fsb2NhAAATVAAAAJIAAACS1JDPRG1heHAAABPoAAAAIAAAACAAYAD2bmFtZQAAFAgAAAMmAAAIMgntVzNwb3N0AAAXMAAAACAAAAAg/8YAMgADAeEBkAAFAAACigJY//EASwKKAlgARAFeADIBIwAAAgsFAwMEAwkCBCAAAHcAAAADAAAAAAAAAABBREJPAAEAIP//Au7/BgAAA9gBESAAAZMAAAAAAeYClAAAACAAA3iclNBJTpoBGMfh5ytQKKUttJTOlJYOdJ7ojCIOC+LGGHfGGJfqCYzxTHoANcFbuFJPYYyL1/jpgq3v/kl+/xeJjAQl2WQFbQ1ZVQ1N77z30SefffHXPx0jRnVN6ZsxZ96CRcvWrNuIIFWtIfV1SPX0TZu9VEtWL1QcqauoKSjKKcdJnMrLuR7HMYjd2IntOIyD2I+t2Iy9GKS9V79EL10xpu23H7rpvg9Drd9899OEcZN+uSYje94hr+CGoptKbrntjrL/Ov6ouOueqvtqHnjokceeeOqZuucaXnip6ZXX3nirlX7CGQAAAP//AQAA//9V1zdGAAAAeJx8eA1wI+V5//u+u9basixbWn1YOsmytNKuPlaytCtpLcmSLcufsuXP8wd3/rzjvsxx+A4MJPcB4f7DHfcvV8EQSigJFChJSjJljkynl1AyBRrMgZumQzppIHQCyZEczRA8Lk0yeNXZXdmWbzqdkXQ7J73Px+95fr/neQ2qgBsAdAI9BjBQA+qBHhgB4EknhvGCQJkxnmEoghAYkiTcD8DVB57Ec/t+7X3mj6wD7/3Ktwf+c+FF9NjmcXj/7H33ifsvHjo09cknoh/+2ycAAIBKbwMAf4qKoAboACAJnqFphlKpIORJiqGIj5Kvq3E1jlt58R14677BUf1vjsEvLS9Hl1oTR8RRVNxcXlsDAAMUAKgZFYEOWKVnnuQ5k9GgUhGESf6XwnguHovS1M4Ddf5v548Hcm7I9/SeGUrOze3rzu+/7dTciUL/XaiY72W72Gpck23tn2Xh3b1CkNu80T3IpaW4IUiUNlAQPQUcAFS5aDoWzSCeM5kJmqZcWmQ0mEw8FxfMKhV0DRyNh/edHWwdbYyTcTo53+l25VPeXDPlntXk7h0qPHZPr+D3NTPpW+9tS83GmvdwjqCEjZxTXMaGrMiIYnguvpXBlx96eOLpOyYnJ87kjhyMo+KFL93zvUMdex9fnD2mxCnZaEBFUCvXjHASPEERToI6D5fqxI/8n2k/5SGtRcXsTzs/71R+DzZQEWCyR4w6P3ReAnnb1hQqAo3yHQ95gqQwgqDOD2Ux2D/9+VdHzz0UREXxFdj1hXgcHnjw/a1z8FFUBFXKOcn70N3QUIeKm1fKPtErqAgs8vekmRckz2Q8LlAERmFSPxAYdX42YcJ7Xp89PzBYY9Xgw//Ipk24SludR0XxGxcvwgOby/AUuxR4VHwezjzKHmPFy2Xbh1GxjCBp5uNx2fq21aHH/bhKq+4eOF94LICr6tU9qCjOPBS5nYczm8vwuYf5JU58Wq5HW2kDzaGnQANolqteLrrJaNAihssgqSZK8aHjxEpocqUnfygamrwrF5vKuPJD0me/5i/ODBRXurtOjw88stKdazuwklhcSR1YSS7cvV3zoFwvQ2XNKYzcadurM6fyX9l7LJqdP7Q02HcIFfOTI0ci4h9g78hwggfbdhhUBHXAtGNHKtcuS9+bOXli/M7x46eEroNztw70LaBiz/j+EzrxI2gSb8CJsZ54i9JHmtIGFNFTwA+A2UUzgtzfsSjNMFLzx+Pbza9SGQ0ms1lh3ce5ZW/CPiG0jQY9g/5UbCaVWnDwlp6QJ2aPuAdboqnDmmQyEOC6Wt2cKWTtF7gxLuoNNfkc4T10iylo6xWS+6MAglkAUAwVASFlQwlOgsJeWHm1Dr5d98MVVMjlNl9W8mZKG/APcB0YJATM2zUy8wKPUQKlUjFcXBC2WfpyxyCbn+OZtA4nM4vt1Tg1raeH3ayRs7lzMUdEs3+i50szvNeZFq19npaOUMu/0y5//yzXnlb8OUob8PdoFRgllZSQoQiK5AmClyHZ1RmyFt1g0jrM0H65wJiQe29Qdh9z52JNYZ9rlAoZeI3XmUarry7YA/smJdcd/v5ZPpP2ez6mXQACT2kDXoHrwLYrux3ky6rzs+Fb2cJijG0zBUnaHp6MJ5LNcZPLWtAcnu26c6LFZQmbjV3Luc4eq44zeLaxQ0xFLjvY/d/gJfVYA10oltEb8tyMHtM8/+pm683wITmXH8J1YAWeSn9ypzpV2wqK8bLcSRn+avJYcGAmLGSbNFXiGzXNOb89YW6yj36thDC9j4rNaZYWu5fH2NAIZ+O17SMei443OqCntrHOFnFMAAgCAMCH0bvALPdRO6rsXEISRyww0V6bbagfSlv9+j3qPTqnr1p3QHNwAn4rUTWaH6+rFQg1FxjPiNMSZrDkhutwHThAqJIZgqBSUbu7T6XCdqH3YmSSctu6vZm81kLvbUmPBPpnInRGh5Hth8k7E9SoK2CK2Kgs39TyPm2PmV2DHUdpdnIid9ctnNSP2Pxh6Az4/4V2+Xqmw6mUwlMHAPBnaLWspTt9SMiCGotKaWKOy4VwA+4bYzOx6sxgG4732fpC3Wj1kzTVkm11uMVrkDU01g34Q+K3SiXJJvgTuoJo0A0AUIGevh1fv0Or2/OAlOYBQxCOy4UF9Mfp11aGZpetaFW0Q/i2+OvfnToNIGBLG+BPaBXoJbRiUUmLpb4tl/r2rOp04SyEOkxFQLVJ066zoNs2HyFqMD1EKRzf9otuwHVJiySfSormcqKqXZlWJr3YTuD0OJ2MVLVMe9JxHM8U0jjea+xjuyUMekx9gW54vd8dEbwsn23VNRkqcdh52sEZroPGyhhuhlny6BsL7UJZ9nAzyDva9R5cB/XAXskHRUSUka+Q/N3hOTY/xw3PswNz/uAoH+ekD83R/d13ToSUz47O5a7O3txyV2ePvGd9XuLh7+G6wm2iImItomTVIshdOqW+1K7CPBMhmeIc3UYiveOvK3VqDb3c4QiWCe44+jSEZaGif+NxbuXDy1os+6wSJAG5iRO7GQGdzibkmQ5VavKlpysFZe3pe+iWbUneLEC4W5CVupyB66Choi5mgt6qRy1uHwxajHsarO5BRxpen2XTNV3V7SlxDcDSF6UNeBauA+bmGXfziJMmnDLgnovMWsLmDtqf9rWGEmw/G8rbQiTvpCPx5kw0PKaJemmHN0RZGYc14wtkPe4mr8EadDTRelcbG+zySDG3lTbgNDq+relxQVImXlajCk2/2hHFYaK3dtCd3XNaczaB2Vxaa62uoUXTHqy31kF9ourBBzPiDb2+qUldJRD1ku3W0gb8FF6X9GDL9g7jyLKsv7jNhj57L9s9KA1C715Np6BzkDAuvktapDaF06I1T/EKB1MAwF/C66AOAIn5JlN5s4IP9A66cRWO69zknxfETXhd/JgaoNz9bmgRrcrZHgDQm/A6cN50ducJozDlHkBgx6jBBgghXr+n4f4BHUIQ11ob7uv7xbxW/l97/d3wuvihq8vl6nLBpoonK1RTfW53HyV+DmDpXQDgvyo4UCTDm8uuBJ4wU+U7B0GwP98/5K/WEnh9c/3E+OrBYbZap8YbXOQcRL86bmKMBp/x+H99dsoUMplY850AwNJrpRb4EbwOrAAQcs/I4r8LES1SqZu1Fr3ek7XoxwfpqmoM13n0fzYofmhJ9f2EIBI1aY6CH4ufOgsUNeiCus3PWgqswiF/aQP+M7oEdBJa5p2bxv+ydK5yvR5//0KM63H7+ucjTC5qZ0Pyp6b1YOaWvzrTmzyY2ffM6Z5018mLXbmp7pMXuzqnAJRih/ejc/IdQZC2q7jAYzxhrfv/CyfVE0Lqrgc0HfADTuPafK1DyvlzAOAb6JJ0jhIyWFk0mG1BIZyEunrh8lwLH2vOuhh2Kjw27R87Mw4NmtDo6QO3hNg2pyNM+27pis0tLPd1Sjb/u7QB30KXgPcm7lHCtvIRzJbCGxXy/SB7qIk35yNdU3sPaYb3Mxxvz9mZ8dmRqYF8LJU+pskGva7oQILvTPrSTf64zcy3j3SmZ4y4ro9L3xKR8JVIsobOAbW0bzspwSlAKXfKwwvS/UOlIuBAHyX+tgbO7R0Z14yLpX+iVXoCN3gNL0Xhk+JyJvMP9qzTFm1UehtIGo7OSTeEnTy2EyCdBEVsDSrVK9k5O2fKtvr72Paog212jsBA3W+jOr+lbz53QtMe9Dmj/gKfaWvQWWGw85VqzcT44B1puS/40gb8BF0C9YAFQDBUelEZzLtupNLQ2HF6OsXRbRTPWYbd8Fh8JBAcub0j1m2Iutq4qXatc6+zd0KYv9Y90ZL3CllXS635w9bF9gPP3dMZafYlc6f30u7pocyS1AfgGACoCp2T538GCU7BSWgRca89f8eoeE0LL6sP3p0z3/vmd0c6udlXfnQ7kO7pztIG/Dm6BBwgABJbHR2PC7FtjVUq3ISkYMmtpIwGE6ZkSDPyCPwgNNUa6GJsTdEpztcf6hEMXlvbot3T1upnezJN7g6vL8dwnf0ad39rJB/T4bYUIxT8zVmuY9KB1/laXcnxIDzUmOdaoqkYlxK/b2/1enif0TbQKpR3+4bSBnxzC2NS0eF4tDyGyS22x7dWva3otejhKNc4QsEU52lzN0S7DdHmDDfZXuccd/ZMCHMpYVhCHX5XwVcjYS06wk4J3jEPNT3UfqxDONC++Pw9nUpPmUsb4CI4LvFT0XCllD0mC2MzNXo0NpOVtZssrMSjX5ZmQBEcl+afxEiBqjhgqG1JEMjURNmttn3Ph/RtbqvJwrib+qXrfakk+1mFv0AM4EEHPAlUgJdxmCttwGfR3wCLtKcLGfxmwmMEUeHlEcyfTNAhr00w+eyjwZ4xJpVm8a1g3+LzyVjC4wvZzKEmpj8b6U0mc6Ef76Qg39k/gGpoARgAkkBTmvfqPijvt6X3S/8PvlT6O+k7QnAS7lr4lvoMx8nnsqUROIXekzhtLreVWSX/Lcb85UancDQfXDpeY9C+1PHc2MpbP5i1PCj+xzdChxdoye67pRFwo3yWievlRhMUmYHBpdtq9PWcZOIl64PQ+fWWw/M02fHs2Mq170t+q0tH4Sx6Q7qbmklpaPNE9Xe+TZz82nLtE9hM8AsxqMT+49JRSCu/I2Sd5bGI+o6/XK5+8TtPBDEU/OJ5pd7NpaNwAb0Bwttb4JYQCvKL5wmZ5/LLqLSctCbwxIWQX2fU7QnUurwGvEajrk+1hdRWr0tdXVejZqhGQ4OhwdzcqH6C9tvyhS6TkeIaPfrwDD+UCIbCgf2hSLwGr3aYrP1D3Y2WxnLc75SOQo0SDyHIJJBfMXo7NkooS78UBuFSlYOjojVWL1VTra2upSkL2WBoMDVb1GzLVpA+Eq+prW1IpZ4IspHA/hBX9t431N1obQwyPlt+qNtEUlyjmwzPRgutSjx/X1qAz6IfyT0AedgHr7SKhWeww188qeB3Fr4Av47eAloASEZgBLNgJgQzYSaYl5q7p/UHLWz1EeII7Y3CK/bpiNe5hN+mDTgWzdMASfu8rKt7pE2SFyhBefOE/CYo+U0JFEHyAkVnh+vGQiPavSk+eTbFJ4e1Y6FR7URHNHuuY/S+0H1rwuPC1atXrwqPC2traxB/XOFZGLwOr8GfIBr0giWgAr3gq3LcIXABXkNaUAOAxxPzGAnCaDbDa+Kt8Km3z559+8ILyW9mR8J4ZBhAEAYX4DvKb4WYIMQYJlZlDL9z5sw78KkLncMRPDyS/WZy+74E1uD1rb/pORYLB+B1eRmDoBcNgCvoiqQtZAWJ7yWbKLPBTqEBs8nibDRZmiWfMASvwSOSHTLmNIbhkzCUSAAA/gcAAP//AQAA///szZL3AAEAAAABGFEsmaSzXw889QABA+gAAAAA2F2gzAAAAADdZi83/r3+3QgdA8kAAgADAAIAAAAAAAAAAQAAA9j+7wAACED+vf28CB0D6ADC/9EAAAAAAAAAAAAAAEh4nBTOMS/DURiF8ee8XSSIJoZWl4vbf5uoILEQXQx0NYiNXawWgy/B5EOYLMZikRCWjk3cxmzp0Io0feVOz1lO8rNL6ryCpv5mHaI12LUjosZEJkTbJOqDaE9EuyDaFW1rEK1F1B9zmnJqSzStStADhVVoakChGi1bRDZL4IegPoFf1kuBYPMEK9G0io/yVycE3fhEB7StzI667NkLh7r3nrr+rMSaEjUlHyn5WIkFJVBiW4lzJVaUKDOkwtAHubrjTNn47X1F9lV4T3VmVPdPrbKswt917I+65VpfVJXYUmIjN3uBTt7/AAAA//8BAAD//9buSUgAAAAAAC4ALgBSAIoAvADeAPYBBAEgATABXgGEAbYB2gICAkICVgKOAsYC9AMsA2YDjgPWBAAEDAQmBEgEigS0BOIFHAVWBXQFsAXeBgoGKAZiBo4GvgbwBwgHMgduB5YHyggMCCYIfAjACNYI9AkACTgJRglUCXIJkAmkCbgKAApIClgKdgqoCrQKygrgCu4LBAsSAAAAAQAAAEgAjAAMAGYABwABAAAAAAAAAAAAAAAAAAQAA3icnJTbThtXFIY/B9tterqoUERu0L5MpWRMoxAl4cqUoIyKcOpxepCqSoM9PojxzMgzmJIn6HXfom+Rqz5Gn6LqdbV/L4MdRUEgBPx79jr8a61/bWCT/9igVr8L/N2cG66x3fzZ8B2+aB4Z3mC/+ZnhOg8b/xhuMGi8NdzkQaNr+BPe1f80/ClP6r8ZvstW/dDw5zyubxr+csPxr+GveMK7Ba7BM/4wXGOLwvAdNvnV8Ab3sJi1OvfYMdzga7YNN9kGekyoSJmQMcIxZMKIM2YklEQkzJgwJGGAI6RNSqWvGbGQY/TBrzERFTNiRRxT4UiJSIkpGVvEt/LKea2MQ51mdtemYkzMiTxOiclw5IzIyUg4VZyKioIXtGhR0hffgoqSgJIJKQE5M0a06HDIET3GTChxHCqSZxaRM6TinFj5nVn4zvRJyCiN1RkZA/F04pfIO+QIR4dCtquRj9YiPMTxo7w9t1y23xLo160wW8+7ZBMzVz9TdSXVzbkmONatz9vmB+GKF7hb9WedyfU9Guh/pcgnnGn+A00qE5MM57ZoE0lBkbuPY1/nkEgd+YmQHq/o8Iaezm26dGlzTI+Ql/Lt0MXxHR2OOZBHKLy4O5RijvkFx/eEsvGxE+vPYmIJv1OYuktxnKmOKYV67pkHqjVRhTefsN+hfE0dpXz62iNv6TS/THsWMzJVFGI4VS+X2iitfwNTxFS1+Nle3fttmNvuLbf4glw77NW64OQnt2B03VSD9zRzrp+AmAE5J7LokzOlRcWFeL8m5owUx4G690pbUtG+9PF5LqSShKkYhGSKM6PQ39h0Exn3/prunb0lA/l7pqeXVd0mi1Ovrmb0Rt1b3kXW5WRlAi2bar6ipr64Zqb9RDu1yj+Sb6nXLecRoeIudvtDr8AOz9llj7Gy9HUzv7zzr4S32FMHTklkNZSmfQ2PCdgl4Cm77PKcp+/1csnGGR+3xmc1f5sD9umwd201C9sO+7xci/bxzH+J7Y7qcTy6PD279TQf3EC132jfrt7NribnpzG3aFfbcUzM1HNxW6s1ufsE/wMAAP//AQAA//9yoVFAAAAAAwAA//UAAP/OADIAAAAAAAAAAAAAAAAAAAAAAAAAAA==");
+}]]></style><style type="text/css"><![CDATA[.shape {
+  shape-rendering: geometricPrecision;
+  stroke-linejoin: round;
+}
+.connection {
+  stroke-linecap: round;
+  stroke-linejoin: round;
+}
+.blend {
+  mix-blend-mode: multiply;
+  opacity: 0.5;
+}
+
+		.d2-713170117 .fill-N1{fill:#0A0F25;}
+		.d2-713170117 .fill-N2{fill:#676C7E;}
+		.d2-713170117 .fill-N3{fill:#9499AB;}
+		.d2-713170117 .fill-N4{fill:#CFD2DD;}
+		.d2-713170117 .fill-N5{fill:#DEE1EB;}
+		.d2-713170117 .fill-N6{fill:#EEF1F8;}
+		.d2-713170117 .fill-N7{fill:#FFFFFF;}
+		.d2-713170117 .fill-B1{fill:#0D32B2;}
+		.d2-713170117 .fill-B2{fill:#0D32B2;}
+		.d2-713170117 .fill-B3{fill:#E3E9FD;}
+		.d2-713170117 .fill-B4{fill:#E3E9FD;}
+		.d2-713170117 .fill-B5{fill:#EDF0FD;}
+		.d2-713170117 .fill-B6{fill:#F7F8FE;}
+		.d2-713170117 .fill-AA2{fill:#4A6FF3;}
+		.d2-713170117 .fill-AA4{fill:#EDF0FD;}
+		.d2-713170117 .fill-AA5{fill:#F7F8FE;}
+		.d2-713170117 .fill-AB4{fill:#EDF0FD;}
+		.d2-713170117 .fill-AB5{fill:#F7F8FE;}
+		.d2-713170117 .stroke-N1{stroke:#0A0F25;}
+		.d2-713170117 .stroke-N2{stroke:#676C7E;}
+		.d2-713170117 .stroke-N3{stroke:#9499AB;}
+		.d2-713170117 .stroke-N4{stroke:#CFD2DD;}
+		.d2-713170117 .stroke-N5{stroke:#DEE1EB;}
+		.d2-713170117 .stroke-N6{stroke:#EEF1F8;}
+		.d2-713170117 .stroke-N7{stroke:#FFFFFF;}
+		.d2-713170117 .stroke-B1{stroke:#0D32B2;}
+		.d2-713170117 .stroke-B2{stroke:#0D32B2;}
+		.d2-713170117 .stroke-B3{stroke:#E3E9FD;}
+		.d2-713170117 .stroke-B4{stroke:#E3E9FD;}
+		.d2-713170117 .stroke-B5{stroke:#EDF0FD;}
+		.d2-713170117 .stroke-B6{stroke:#F7F8FE;}
+		.d2-713170117 .stroke-AA2{stroke:#4A6FF3;}
+		.d2-713170117 .stroke-AA4{stroke:#EDF0FD;}
+		.d2-713170117 .stroke-AA5{stroke:#F7F8FE;}
+		.d2-713170117 .stroke-AB4{stroke:#EDF0FD;}
+		.d2-713170117 .stroke-AB5{stroke:#F7F8FE;}
+		.d2-713170117 .background-color-N1{background-color:#0A0F25;}
+		.d2-713170117 .background-color-N2{background-color:#676C7E;}
+		.d2-713170117 .background-color-N3{background-color:#9499AB;}
+		.d2-713170117 .background-color-N4{background-color:#CFD2DD;}
+		.d2-713170117 .background-color-N5{background-color:#DEE1EB;}
+		.d2-713170117 .background-color-N6{background-color:#EEF1F8;}
+		.d2-713170117 .background-color-N7{background-color:#FFFFFF;}
+		.d2-713170117 .background-color-B1{background-color:#0D32B2;}
+		.d2-713170117 .background-color-B2{background-color:#0D32B2;}
+		.d2-713170117 .background-color-B3{background-color:#E3E9FD;}
+		.d2-713170117 .background-color-B4{background-color:#E3E9FD;}
+		.d2-713170117 .background-color-B5{background-color:#EDF0FD;}
+		.d2-713170117 .background-color-B6{background-color:#F7F8FE;}
+		.d2-713170117 .background-color-AA2{background-color:#4A6FF3;}
+		.d2-713170117 .background-color-AA4{background-color:#EDF0FD;}
+		.d2-713170117 .background-color-AA5{background-color:#F7F8FE;}
+		.d2-713170117 .background-color-AB4{background-color:#EDF0FD;}
+		.d2-713170117 .background-color-AB5{background-color:#F7F8FE;}
+		.d2-713170117 .color-N1{color:#0A0F25;}
+		.d2-713170117 .color-N2{color:#676C7E;}
+		.d2-713170117 .color-N3{color:#9499AB;}
+		.d2-713170117 .color-N4{color:#CFD2DD;}
+		.d2-713170117 .color-N5{color:#DEE1EB;}
+		.d2-713170117 .color-N6{color:#EEF1F8;}
+		.d2-713170117 .color-N7{color:#FFFFFF;}
+		.d2-713170117 .color-B1{color:#0D32B2;}
+		.d2-713170117 .color-B2{color:#0D32B2;}
+		.d2-713170117 .color-B3{color:#E3E9FD;}
+		.d2-713170117 .color-B4{color:#E3E9FD;}
+		.d2-713170117 .color-B5{color:#EDF0FD;}
+		.d2-713170117 .color-B6{color:#F7F8FE;}
+		.d2-713170117 .color-AA2{color:#4A6FF3;}
+		.d2-713170117 .color-AA4{color:#EDF0FD;}
+		.d2-713170117 .color-AA5{color:#F7F8FE;}
+		.d2-713170117 .color-AB4{color:#EDF0FD;}
+		.d2-713170117 .color-AB5{color:#F7F8FE;}.appendix text.text{fill:#0A0F25}.md{--color-fg-default:#0A0F25;--color-fg-muted:#676C7E;--color-fg-subtle:#9499AB;--color-canvas-default:#FFFFFF;--color-canvas-subtle:#EEF1F8;--color-border-default:#0D32B2;--color-border-muted:#0D32B2;--color-neutral-muted:#EEF1F8;--color-accent-fg:#0D32B2;--color-accent-emphasis:#0D32B2;--color-attention-subtle:#676C7E;--color-danger-fg:red;}.sketch-overlay-B1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B2{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B3{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-AA4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-N2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-N3{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N4{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N7{fill:url(#streaks-bright);mix-blend-mode:darken}.light-code{display: block}.dark-code{display: none}]]></style><style type="text/css">.d2-713170117 .md em,
+.d2-713170117 .md dfn {
+  font-family: "d2-713170117-font-italic";
+}
+
+.d2-713170117 .md b,
+.d2-713170117 .md strong {
+  font-family: "d2-713170117-font-bold";
+}
+
+.d2-713170117 .md code,
+.d2-713170117 .md kbd,
+.d2-713170117 .md pre,
+.d2-713170117 .md samp {
+  font-family: "d2-713170117-font-mono";
+  font-size: 1em;
+}
+
+.d2-713170117 .md {
+  tab-size: 4;
+}
+
+/* variables are provided in d2renderers/d2svg/d2svg.go */
+
+.d2-713170117 .md {
+  -ms-text-size-adjust: 100%;
+  -webkit-text-size-adjust: 100%;
+  margin: 0;
+  color: var(--color-fg-default);
+  background-color: transparent; /* we don't want to define the background color */
+  font-family: "d2-713170117-font-regular";
+  font-size: 16px;
+  line-height: 1.5;
+  word-wrap: break-word;
+}
+
+.d2-713170117 .md details,
+.d2-713170117 .md figcaption,
+.d2-713170117 .md figure {
+  display: block;
+}
+
+.d2-713170117 .md summary {
+  display: list-item;
+}
+
+.d2-713170117 .md [hidden] {
+  display: none !important;
+}
+
+.d2-713170117 .md a {
+  background-color: transparent;
+  color: var(--color-accent-fg);
+  text-decoration: none;
+}
+
+.d2-713170117 .md a:active,
+.d2-713170117 .md a:hover {
+  outline-width: 0;
+}
+
+.d2-713170117 .md abbr[title] {
+  border-bottom: none;
+  text-decoration: underline dotted;
+}
+
+.d2-713170117 .md dfn {
+  font-style: italic;
+}
+
+.d2-713170117 .md h1 {
+  margin: 0.67em 0;
+  padding-bottom: 0.3em;
+  font-size: 2em;
+  border-bottom: 1px solid var(--color-border-muted);
+}
+
+.d2-713170117 .md mark {
+  background-color: var(--color-attention-subtle);
+  color: var(--color-text-primary);
+}
+
+.d2-713170117 .md small {
+  font-size: 90%;
+}
+
+.d2-713170117 .md sub,
+.d2-713170117 .md sup {
+  font-size: 75%;
+  line-height: 0;
+  position: relative;
+  vertical-align: baseline;
+}
+
+.d2-713170117 .md sub {
+  bottom: -0.25em;
+}
+
+.d2-713170117 .md sup {
+  top: -0.5em;
+}
+
+.d2-713170117 .md img {
+  border-style: none;
+  max-width: 100%;
+  box-sizing: content-box;
+  background-color: var(--color-canvas-default);
+}
+
+.d2-713170117 .md figure {
+  margin: 1em 40px;
+}
+
+.d2-713170117 .md hr {
+  box-sizing: content-box;
+  overflow: hidden;
+  background: transparent;
+  border-bottom: 1px solid var(--color-border-muted);
+  height: 0.25em;
+  padding: 0;
+  margin: 24px 0;
+  background-color: var(--color-border-default);
+  border: 0;
+}
+
+.d2-713170117 .md input {
+  font: inherit;
+  margin: 0;
+  overflow: visible;
+  font-family: inherit;
+  font-size: inherit;
+  line-height: inherit;
+}
+
+.d2-713170117 .md [type="button"],
+.d2-713170117 .md [type="reset"],
+.d2-713170117 .md [type="submit"] {
+  -webkit-appearance: button;
+}
+
+.d2-713170117 .md [type="button"]::-moz-focus-inner,
+.d2-713170117 .md [type="reset"]::-moz-focus-inner,
+.d2-713170117 .md [type="submit"]::-moz-focus-inner {
+  border-style: none;
+  padding: 0;
+}
+
+.d2-713170117 .md [type="button"]:-moz-focusring,
+.d2-713170117 .md [type="reset"]:-moz-focusring,
+.d2-713170117 .md [type="submit"]:-moz-focusring {
+  outline: 1px dotted ButtonText;
+}
+
+.d2-713170117 .md [type="checkbox"],
+.d2-713170117 .md [type="radio"] {
+  box-sizing: border-box;
+  padding: 0;
+}
+
+.d2-713170117 .md [type="number"]::-webkit-inner-spin-button,
+.d2-713170117 .md [type="number"]::-webkit-outer-spin-button {
+  height: auto;
+}
+
+.d2-713170117 .md [type="search"] {
+  -webkit-appearance: textfield;
+  outline-offset: -2px;
+}
+
+.d2-713170117 .md [type="search"]::-webkit-search-cancel-button,
+.d2-713170117 .md [type="search"]::-webkit-search-decoration {
+  -webkit-appearance: none;
+}
+
+.d2-713170117 .md ::-webkit-input-placeholder {
+  color: inherit;
+  opacity: 0.54;
+}
+
+.d2-713170117 .md ::-webkit-file-upload-button {
+  -webkit-appearance: button;
+  font: inherit;
+}
+
+.d2-713170117 .md a:hover {
+  text-decoration: underline;
+}
+
+.d2-713170117 .md hr::before {
+  display: table;
+  content: "";
+}
+
+.d2-713170117 .md hr::after {
+  display: table;
+  clear: both;
+  content: "";
+}
+
+.d2-713170117 .md table {
+  border-spacing: 0;
+  border-collapse: collapse;
+  display: block;
+  width: max-content;
+  max-width: 100%;
+  overflow: auto;
+}
+
+.d2-713170117 .md td,
+.d2-713170117 .md th {
+  padding: 0;
+}
+
+.d2-713170117 .md details summary {
+  cursor: pointer;
+}
+
+.d2-713170117 .md details:not([open]) > *:not(summary) {
+  display: none !important;
+}
+
+.d2-713170117 .md kbd {
+  display: inline-block;
+  padding: 3px 5px;
+  color: var(--color-fg-default);
+  vertical-align: middle;
+  background-color: var(--color-canvas-subtle);
+  border: solid 1px var(--color-neutral-muted);
+  border-bottom-color: var(--color-neutral-muted);
+  border-radius: 6px;
+  box-shadow: inset 0 -1px 0 var(--color-neutral-muted);
+}
+
+.d2-713170117 .md h1,
+.d2-713170117 .md h2,
+.d2-713170117 .md h3,
+.d2-713170117 .md h4,
+.d2-713170117 .md h5,
+.d2-713170117 .md h6 {
+  margin-top: 24px;
+  margin-bottom: 16px;
+  font-weight: 400;
+  line-height: 1.25;
+  font-family: "d2-713170117-font-semibold";
+}
+
+.d2-713170117 .md h2 {
+  padding-bottom: 0.3em;
+  font-size: 1.5em;
+  border-bottom: 1px solid var(--color-border-muted);
+}
+
+.d2-713170117 .md h3 {
+  font-size: 1.25em;
+}
+
+.d2-713170117 .md h4 {
+  font-size: 1em;
+}
+
+.d2-713170117 .md h5 {
+  font-size: 0.875em;
+}
+
+.d2-713170117 .md h6 {
+  font-size: 0.85em;
+  color: var(--color-fg-muted);
+}
+
+.d2-713170117 .md p {
+  margin-top: 0;
+  margin-bottom: 10px;
+}
+
+.d2-713170117 .md blockquote {
+  margin: 0;
+  padding: 0 1em;
+  color: var(--color-fg-muted);
+  border-left: 0.25em solid var(--color-border-default);
+}
+
+.d2-713170117 .md ul,
+.d2-713170117 .md ol {
+  margin-top: 0;
+  margin-bottom: 0;
+  padding-left: 2em;
+}
+
+.d2-713170117 .md ol ol,
+.d2-713170117 .md ul ol {
+  list-style-type: lower-roman;
+}
+
+.d2-713170117 .md ul ul ol,
+.d2-713170117 .md ul ol ol,
+.d2-713170117 .md ol ul ol,
+.d2-713170117 .md ol ol ol {
+  list-style-type: lower-alpha;
+}
+
+.d2-713170117 .md dd {
+  margin-left: 0;
+}
+
+.d2-713170117 .md pre {
+  margin-top: 0;
+  margin-bottom: 0;
+  word-wrap: normal;
+}
+
+.d2-713170117 .md ::placeholder {
+  color: var(--color-fg-subtle);
+  opacity: 1;
+}
+
+.d2-713170117 .md input::-webkit-outer-spin-button,
+.d2-713170117 .md input::-webkit-inner-spin-button {
+  margin: 0;
+  -webkit-appearance: none;
+  appearance: none;
+}
+
+.d2-713170117 .md::before {
+  display: table;
+  content: "";
+}
+
+.d2-713170117 .md::after {
+  display: table;
+  clear: both;
+  content: "";
+}
+
+.d2-713170117 .md > *:first-child {
+  margin-top: 0 !important;
+}
+
+.d2-713170117 .md > *:last-child {
+  margin-bottom: 0 !important;
+}
+
+.d2-713170117 .md a:not([href]) {
+  color: inherit;
+  text-decoration: none;
+}
+
+.d2-713170117 .md .absent {
+  color: var(--color-danger-fg);
+}
+
+.d2-713170117 .md .anchor {
+  float: left;
+  padding-right: 4px;
+  margin-left: -20px;
+  line-height: 1;
+}
+
+.d2-713170117 .md .anchor:focus {
+  outline: none;
+}
+
+.d2-713170117 .md p,
+.d2-713170117 .md blockquote,
+.d2-713170117 .md ul,
+.d2-713170117 .md ol,
+.d2-713170117 .md dl,
+.d2-713170117 .md table,
+.d2-713170117 .md pre,
+.d2-713170117 .md details {
+  margin-top: 0;
+  margin-bottom: 16px;
+}
+
+.d2-713170117 .md blockquote > :first-child {
+  margin-top: 0;
+}
+
+.d2-713170117 .md blockquote > :last-child {
+  margin-bottom: 0;
+}
+
+.d2-713170117 .md sup > a::before {
+  content: "[";
+}
+
+.d2-713170117 .md sup > a::after {
+  content: "]";
+}
+
+.d2-713170117 .md h1:hover .anchor,
+.d2-713170117 .md h2:hover .anchor,
+.d2-713170117 .md h3:hover .anchor,
+.d2-713170117 .md h4:hover .anchor,
+.d2-713170117 .md h5:hover .anchor,
+.d2-713170117 .md h6:hover .anchor {
+  text-decoration: none;
+}
+
+.d2-713170117 .md h1 tt,
+.d2-713170117 .md h1 code,
+.d2-713170117 .md h2 tt,
+.d2-713170117 .md h2 code,
+.d2-713170117 .md h3 tt,
+.d2-713170117 .md h3 code,
+.d2-713170117 .md h4 tt,
+.d2-713170117 .md h4 code,
+.d2-713170117 .md h5 tt,
+.d2-713170117 .md h5 code,
+.d2-713170117 .md h6 tt,
+.d2-713170117 .md h6 code {
+  padding: 0 0.2em;
+  font-size: inherit;
+}
+
+.d2-713170117 .md ul.no-list,
+.d2-713170117 .md ol.no-list {
+  padding: 0;
+  list-style-type: none;
+}
+
+.d2-713170117 .md ol[type="1"] {
+  list-style-type: decimal;
+}
+
+.d2-713170117 .md ol[type="a"] {
+  list-style-type: lower-alpha;
+}
+
+.d2-713170117 .md ol[type="i"] {
+  list-style-type: lower-roman;
+}
+
+.d2-713170117 .md div > ol:not([type]) {
+  list-style-type: decimal;
+}
+
+.d2-713170117 .md ul ul,
+.d2-713170117 .md ul ol,
+.d2-713170117 .md ol ol,
+.d2-713170117 .md ol ul {
+  margin-top: 0;
+  margin-bottom: 0;
+}
+
+.d2-713170117 .md li > p {
+  margin-top: 16px;
+}
+
+.d2-713170117 .md li + li {
+  margin-top: 0.25em;
+}
+
+.d2-713170117 .md dl {
+  padding: 0;
+}
+
+.d2-713170117 .md dl dt {
+  padding: 0;
+  margin-top: 16px;
+  font-size: 1em;
+  font-style: italic;
+  font-family: "d2-713170117-font-semibold";
+}
+
+.d2-713170117 .md dl dd {
+  padding: 0 16px;
+  margin-bottom: 16px;
+}
+
+.d2-713170117 .md table th {
+  font-family: "d2-713170117-font-semibold";
+}
+
+.d2-713170117 .md table th,
+.d2-713170117 .md table td {
+  padding: 6px 13px;
+  border: 1px solid var(--color-border-default);
+}
+
+.d2-713170117 .md table tr {
+  background-color: var(--color-canvas-default);
+  border-top: 1px solid var(--color-border-muted);
+}
+
+.d2-713170117 .md table tr:nth-child(2n) {
+  background-color: var(--color-canvas-subtle);
+}
+
+.d2-713170117 .md table img {
+  background-color: transparent;
+}
+
+.d2-713170117 .md img[align="right"] {
+  padding-left: 20px;
+}
+
+.d2-713170117 .md img[align="left"] {
+  padding-right: 20px;
+}
+
+.d2-713170117 .md span.frame {
+  display: block;
+  overflow: hidden;
+}
+
+.d2-713170117 .md span.frame > span {
+  display: block;
+  float: left;
+  width: auto;
+  padding: 7px;
+  margin: 13px 0 0;
+  overflow: hidden;
+  border: 1px solid var(--color-border-default);
+}
+
+.d2-713170117 .md span.frame span img {
+  display: block;
+  float: left;
+}
+
+.d2-713170117 .md span.frame span span {
+  display: block;
+  padding: 5px 0 0;
+  clear: both;
+  color: var(--color-fg-default);
+}
+
+.d2-713170117 .md span.align-center {
+  display: block;
+  overflow: hidden;
+  clear: both;
+}
+
+.d2-713170117 .md span.align-center > span {
+  display: block;
+  margin: 13px auto 0;
+  overflow: hidden;
+  text-align: center;
+}
+
+.d2-713170117 .md span.align-center span img {
+  margin: 0 auto;
+  text-align: center;
+}
+
+.d2-713170117 .md span.align-right {
+  display: block;
+  overflow: hidden;
+  clear: both;
+}
+
+.d2-713170117 .md span.align-right > span {
+  display: block;
+  margin: 13px 0 0;
+  overflow: hidden;
+  text-align: right;
+}
+
+.d2-713170117 .md span.align-right span img {
+  margin: 0;
+  text-align: right;
+}
+
+.d2-713170117 .md span.float-left {
+  display: block;
+  float: left;
+  margin-right: 13px;
+  overflow: hidden;
+}
+
+.d2-713170117 .md span.float-left span {
+  margin: 13px 0 0;
+}
+
+.d2-713170117 .md span.float-right {
+  display: block;
+  float: right;
+  margin-left: 13px;
+  overflow: hidden;
+}
+
+.d2-713170117 .md span.float-right > span {
+  display: block;
+  margin: 13px auto 0;
+  overflow: hidden;
+  text-align: right;
+}
+
+.d2-713170117 .md code,
+.d2-713170117 .md tt {
+  padding: 0.2em 0.4em;
+  margin: 0;
+  font-size: 85%;
+  background-color: var(--color-neutral-muted);
+  border-radius: 6px;
+}
+
+.d2-713170117 .md code br,
+.d2-713170117 .md tt br {
+  display: none;
+}
+
+.d2-713170117 .md del code {
+  text-decoration: inherit;
+}
+
+.d2-713170117 .md pre code {
+  font-size: 100%;
+}
+
+.d2-713170117 .md pre > code {
+  padding: 0;
+  margin: 0;
+  word-break: normal;
+  white-space: pre;
+  background: transparent;
+  border: 0;
+}
+
+.d2-713170117 .md .highlight {
+  margin-bottom: 16px;
+}
+
+.d2-713170117 .md .highlight pre {
+  margin-bottom: 0;
+  word-break: normal;
+}
+
+.d2-713170117 .md .highlight pre,
+.d2-713170117 .md pre {
+  padding: 16px;
+  overflow: auto;
+  font-size: 85%;
+  line-height: 1.45;
+  background-color: var(--color-canvas-subtle);
+  border-radius: 6px;
+}
+
+.d2-713170117 .md pre code,
+.d2-713170117 .md pre tt {
+  display: inline;
+  max-width: auto;
+  padding: 0;
+  margin: 0;
+  overflow: visible;
+  line-height: inherit;
+  word-wrap: normal;
+  background-color: transparent;
+  border: 0;
+}
+
+.d2-713170117 .md .csv-data td,
+.d2-713170117 .md .csv-data th {
+  padding: 5px;
+  overflow: hidden;
+  font-size: 12px;
+  line-height: 1;
+  text-align: left;
+  white-space: nowrap;
+}
+
+.d2-713170117 .md .csv-data .blob-num {
+  padding: 10px 8px 9px;
+  text-align: right;
+  background: var(--color-canvas-default);
+  border: 0;
+}
+
+.d2-713170117 .md .csv-data tr {
+  border-top: 0;
+}
+
+.d2-713170117 .md .csv-data th {
+  font-family: "d2-713170117-font-semibold";
+  background: var(--color-canvas-subtle);
+  border-top: 0;
+}
+
+.d2-713170117 .md .footnotes {
+  font-size: 12px;
+  color: var(--color-fg-muted);
+  border-top: 1px solid var(--color-border-default);
+}
+
+.d2-713170117 .md .footnotes ol {
+  padding-left: 16px;
+}
+
+.d2-713170117 .md .footnotes li {
+  position: relative;
+}
+
+.d2-713170117 .md .footnotes li:target::before {
+  position: absolute;
+  top: -8px;
+  right: -8px;
+  bottom: -8px;
+  left: -24px;
+  pointer-events: none;
+  content: "";
+  border: 2px solid var(--color-accent-emphasis);
+  border-radius: 6px;
+}
+
+.d2-713170117 .md .footnotes li:target {
+  color: var(--color-fg-default);
+}
+
+.d2-713170117 .md .task-list-item {
+  list-style-type: none;
+}
+
+.d2-713170117 .md .task-list-item label {
+  font-weight: 400;
+}
+
+.d2-713170117 .md .task-list-item.enabled label {
+  cursor: pointer;
+}
+
+.d2-713170117 .md .task-list-item + .task-list-item {
+  margin-top: 3px;
+}
+
+.d2-713170117 .md .task-list-item .handle {
+  display: none;
+}
+
+.d2-713170117 .md .task-list-item-checkbox {
+  margin: 0 0.2em 0.25em -1.6em;
+  vertical-align: middle;
+}
+
+.d2-713170117 .md .contains-task-list:dir(rtl) .task-list-item-checkbox {
+  margin: 0 -1.6em 0.25em 0.2em;
+}
+</style><g id="title"><g class="shape" ></g><g><foreignObject requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" x="0.000000" y="0.000000" width="1723" height="95"><div xmlns="http://www.w3.org/1999/xhtml" class="md" style="font-size:30px"><h1>Cardano Transactions - Babbage ERA</h1>
+</div></foreignObject></g></g><g id="processing"><g class="shape" ><rect x="0.000000" y="135.000000" width="1723.000000" height="316.000000" rx="20.000000" class=" stroke-B1 fill-B4" style="stroke-width:2;" /></g><text x="861.500000" y="168.000000" class="text fill-N1" style="text-anchor:middle;font-size:28px">Block to Individual Transaction Processing</text></g><g id="transaction_data"><g class="shape" ><path d="M 1 491 H 1702 C 1703 491 1704 491 1705 492 L 1722 508 C 1723 509 1723 510 1723 511 V 1417 C 1723 1417 1723 1417 1723 1417 H 0 C 0 1417 0 1417 0 1417 V 492 C 0 491 0 491 1 491 Z" class=" stroke-B1 fill-AB4" style="stroke-width:2;" /><path d="M 1722 1417 H 1 C 0 1417 -0 1417 -0 1416 V 492 C 0 491 0 491 1 491 H 1701 C 1702 491 1702 491 1702 492 V 509 C 1702 510 1703 511 1704 511 H 1722 C 1723 511 1723 511 1723 512 V 1416 C 1722 1417 1723 1417 1722 1417 Z" class=" stroke-B1 fill-AB4" style="stroke-width:2;" /></g><text x="861.500000" y="524.000000" class="text fill-N1" style="text-anchor:middle;font-size:28px">Transaction Data Details</text></g><a href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L3-L6" xlink:href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L3-L6"><g id="processing.cardano block transactions"><g class="shape" ><rect x="50.000000" y="185.000000" width="579.000000" height="216.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="50.000000" y="185.000000" width="579.000000" height="36.000000" class="class_header fill-N1" /><text x="60.000000" y="210.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">Cardano Block (Babbage ERA)</text><text x="60.000000" y="244.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">header</text><text x="281.000000" y="244.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ header_body, body_signature ]</text><text x="619.000000" y="244.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="629.000000" y1="257.000000" y2="257.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="280.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">transaction bodies</text><text x="281.000000" y="280.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ * transaction_body ]</text><text x="619.000000" y="280.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="629.000000" y1="293.000000" y2="293.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="316.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">transaction witness sets</text><text x="281.000000" y="316.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ *transaction_witness_set ]</text><text x="619.000000" y="316.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="629.000000" y1="329.000000" y2="329.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="352.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">invalid transactions</text><text x="281.000000" y="352.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[* transaction_index ]</text><text x="619.000000" y="352.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="629.000000" y1="365.000000" y2="365.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="388.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">auxiliary data set</text><text x="281.000000" y="388.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">{ *transaction_index =&gt; auxiliary_data }</text><text x="619.000000" y="388.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="629.000000" y1="401.000000" y2="401.000000" class=" stroke-N1" style="stroke-width:2" /></g></g></a><a href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L13-L18" xlink:href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L13-L18"><g id="processing.individual_transaction"><g class="shape" ><rect x="1309.000000" y="221.000000" width="364.000000" height="180.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="1309.000000" y="221.000000" width="364.000000" height="36.000000" class="class_header fill-N1" /><text x="1319.000000" y="246.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">Cardano Transaction</text><text x="1319.000000" y="280.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">body</text><text x="1457.000000" y="280.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">transaction body</text><text x="1663.000000" y="280.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1309.000000" x2="1673.000000" y1="293.000000" y2="293.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1319.000000" y="316.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">witnesses</text><text x="1457.000000" y="316.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">transaction witness set</text><text x="1663.000000" y="316.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1309.000000" x2="1673.000000" y1="329.000000" y2="329.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1319.000000" y="352.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">valid</text><text x="1457.000000" y="352.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">bool</text><text x="1663.000000" y="352.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1309.000000" x2="1673.000000" y1="365.000000" y2="365.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1319.000000" y="388.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">auxiliary_data</text><text x="1457.000000" y="388.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Option&lt;auxiliary_data&gt;</text><text x="1663.000000" y="388.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1309.000000" x2="1673.000000" y1="401.000000" y2="401.000000" class=" stroke-N1" style="stroke-width:2" /></g></g></a><g id="processing.collator"><g class="shape" ><rect x="699.000000" y="221.000000" width="540.000000" height="180.000000" fill="PapayaWhip" class="shape stroke-N1" style="stroke-width:2;" /><rect x="699.000000" y="221.000000" width="540.000000" height="36.000000" class="class_header fill-N1" /><text x="709.000000" y="246.750000" fill="cyan" class="text" style="text-anchor:start;font-size:24px">collation logic: for i in 0..len(transaction_bodies)</text><text x="709.000000" y="280.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">1</text><text x="739.000000" y="280.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">transaction_bodies[i]</text><text x="1229.000000" y="280.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="699.000000" x2="1239.000000" y1="293.000000" y2="293.000000" class=" stroke-N1" style="stroke-width:2" /><text x="709.000000" y="316.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">2</text><text x="739.000000" y="316.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">transaction_witness_sets[i]</text><text x="1229.000000" y="316.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="699.000000" x2="1239.000000" y1="329.000000" y2="329.000000" class=" stroke-N1" style="stroke-width:2" /><text x="709.000000" y="352.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">3</text><text x="739.000000" y="352.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">i not in invalid_transactions</text><text x="1229.000000" y="352.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="699.000000" x2="1239.000000" y1="365.000000" y2="365.000000" class=" stroke-N1" style="stroke-width:2" /><text x="709.000000" y="388.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">4</text><text x="739.000000" y="388.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">auxiliary_data_set[i] else None</text><text x="1229.000000" y="388.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="699.000000" x2="1239.000000" y1="401.000000" y2="401.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><a href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L53-L71" xlink:href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L53-L71"><g id="transaction_data.transaction_body"><g class="shape" ><rect x="50.000000" y="541.000000" width="787.000000" height="648.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="50.000000" y="541.000000" width="787.000000" height="36.000000" class="class_header fill-N1" /><text x="60.000000" y="566.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">transaction body</text><text x="60.000000" y="600.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">0 = transaction inputs</text><text x="349.000000" y="600.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ * [transaction hash, index] ]</text><text x="827.000000" y="600.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="837.000000" y1="613.000000" y2="613.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="636.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">1 = transaction outputs</text><text x="349.000000" y="636.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ * transaction_output ]</text><text x="827.000000" y="636.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="837.000000" y1="649.000000" y2="649.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="672.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">2 = transaction fee</text><text x="349.000000" y="672.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">coin (lovelace uint64)</text><text x="827.000000" y="672.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="837.000000" y1="685.000000" y2="685.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="708.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 3 = Time to live [TTL]</text><text x="349.000000" y="708.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">uint64</text><text x="827.000000" y="708.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="837.000000" y1="721.000000" y2="721.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="744.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 4 = certificates</text><text x="349.000000" y="744.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[* certificate]</text><text x="827.000000" y="744.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="837.000000" y1="757.000000" y2="757.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="780.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 5 = reward withdrawals</text><text x="349.000000" y="780.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">{ * reward_account =&gt; coin (lovelace uint64) }</text><text x="827.000000" y="780.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="837.000000" y1="793.000000" y2="793.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="816.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 6 = protocol parameter update</text><text x="349.000000" y="816.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ proposed_protocol_parameter_updates, epoch ]</text><text x="827.000000" y="816.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="837.000000" y1="829.000000" y2="829.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="852.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 7 = auxiliary_data_hash</text><text x="349.000000" y="852.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">32 byte hash</text><text x="827.000000" y="852.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="837.000000" y1="865.000000" y2="865.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="888.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 8 = validity interval start</text><text x="349.000000" y="888.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">uint64</text><text x="827.000000" y="888.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="837.000000" y1="901.000000" y2="901.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="924.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 9 = mint</text><text x="349.000000" y="924.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">{ * policy_id =&gt; { * asset_name =&gt; a } }</text><text x="827.000000" y="924.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="837.000000" y1="937.000000" y2="937.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="960.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 11 = script_data_hash</text><text x="349.000000" y="960.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">32 byte hash</text><text x="827.000000" y="960.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="837.000000" y1="973.000000" y2="973.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="996.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 13 = collateral inputs</text><text x="349.000000" y="996.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ * [transaction hash, index] ]</text><text x="827.000000" y="996.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="837.000000" y1="1009.000000" y2="1009.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="1032.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 14 = required_signers</text><text x="349.000000" y="1032.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ * address key hash (blake2b-224) of signing public key ]</text><text x="827.000000" y="1032.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="837.000000" y1="1045.000000" y2="1045.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="1068.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 15 = network_id</text><text x="349.000000" y="1068.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">0 or 1</text><text x="827.000000" y="1068.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="837.000000" y1="1081.000000" y2="1081.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="1104.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 16 = collateral return</text><text x="349.000000" y="1104.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">transaction_output (collateral return)</text><text x="827.000000" y="1104.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="837.000000" y1="1117.000000" y2="1117.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="1140.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 17 = total collateral</text><text x="349.000000" y="1140.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">coin (lovelace uint64)</text><text x="827.000000" y="1140.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="837.000000" y1="1153.000000" y2="1153.000000" class=" stroke-N1" style="stroke-width:2" /><text x="60.000000" y="1176.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 18 = reference inputs</text><text x="349.000000" y="1176.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">set&lt;transaction_input&gt;</text><text x="827.000000" y="1176.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="50.000000" x2="837.000000" y1="1189.000000" y2="1189.000000" class=" stroke-N1" style="stroke-width:2" /></g></g></a><a href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L295C1-L303" xlink:href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L295C1-L303"><g id="transaction_data.transaction_witness_set"><g class="shape" ><rect x="857.000000" y="721.000000" width="271.000000" height="288.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="857.000000" y="721.000000" width="271.000000" height="36.000000" class="class_header fill-N1" /><text x="867.000000" y="746.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">transaction witness set</text><text x="867.000000" y="780.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 0</text><text x="910.000000" y="780.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[* vkeywitness ]</text><text x="1118.000000" y="780.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="857.000000" x2="1128.000000" y1="793.000000" y2="793.000000" class=" stroke-N1" style="stroke-width:2" /><text x="867.000000" y="816.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 1</text><text x="910.000000" y="816.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[* native_script]</text><text x="1118.000000" y="816.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="857.000000" x2="1128.000000" y1="829.000000" y2="829.000000" class=" stroke-N1" style="stroke-width:2" /><text x="867.000000" y="852.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 2</text><text x="910.000000" y="852.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[* bootstrap_witness]</text><text x="1118.000000" y="852.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="857.000000" x2="1128.000000" y1="865.000000" y2="865.000000" class=" stroke-N1" style="stroke-width:2" /><text x="867.000000" y="888.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 3</text><text x="910.000000" y="888.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[* plutus_v1_script]</text><text x="1118.000000" y="888.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="857.000000" x2="1128.000000" y1="901.000000" y2="901.000000" class=" stroke-N1" style="stroke-width:2" /><text x="867.000000" y="924.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 4</text><text x="910.000000" y="924.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[* plutus_data]</text><text x="1118.000000" y="924.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="857.000000" x2="1128.000000" y1="937.000000" y2="937.000000" class=" stroke-N1" style="stroke-width:2" /><text x="867.000000" y="960.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 5</text><text x="910.000000" y="960.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[* redeemer]</text><text x="1118.000000" y="960.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="857.000000" x2="1128.000000" y1="973.000000" y2="973.000000" class=" stroke-N1" style="stroke-width:2" /><text x="867.000000" y="996.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 6</text><text x="910.000000" y="996.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[* plutus_v2_script]</text><text x="1118.000000" y="996.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="857.000000" x2="1128.000000" y1="1009.000000" y2="1009.000000" class=" stroke-N1" style="stroke-width:2" /></g></g></a><a href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L370" xlink:href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L370"><g id="transaction_data.vkeywitness"><g class="shape" ><rect x="893.000000" y="1259.000000" width="549.000000" height="108.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="893.000000" y="1259.000000" width="549.000000" height="36.000000" class="class_header fill-N1" /><text x="903.000000" y="1284.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">vkeywitness</text><text x="903.000000" y="1318.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">vkey</text><text x="1002.000000" y="1318.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">ED25519-Bip32 Public Key [32 Bytes]</text><text x="1432.000000" y="1318.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="893.000000" x2="1442.000000" y1="1331.000000" y2="1331.000000" class=" stroke-N1" style="stroke-width:2" /><text x="903.000000" y="1354.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">signature</text><text x="1002.000000" y="1354.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">ED25519-Bip32 Signature of Transaction [64 bytes]</text><text x="1432.000000" y="1354.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="893.000000" x2="1442.000000" y1="1367.000000" y2="1367.000000" class=" stroke-N1" style="stroke-width:2" /></g></g></a><a href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L359C1-L368" xlink:href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L359C1-L368"><g id="transaction_data.auxiliary_data"><g class="shape" ><rect x="1208.000000" y="775.000000" width="421.000000" height="180.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="1208.000000" y="775.000000" width="421.000000" height="36.000000" class="class_header fill-N1" /><text x="1218.000000" y="800.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">auxiliary data</text><text x="1218.000000" y="834.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">{ * uint =&gt; transaction_metadatum }</text><text x="1537.000000" y="834.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Optional</text><text x="1619.000000" y="834.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1208.000000" x2="1629.000000" y1="847.000000" y2="847.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1218.000000" y="870.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">[ * native_script ]</text><text x="1537.000000" y="870.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Optional</text><text x="1619.000000" y="870.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1208.000000" x2="1629.000000" y1="883.000000" y2="883.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1218.000000" y="906.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">[ * plutus_v1_script ]</text><text x="1537.000000" y="906.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Optional</text><text x="1619.000000" y="906.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1208.000000" x2="1629.000000" y1="919.000000" y2="919.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1218.000000" y="942.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">[ * plutus_v2_script ]</text><text x="1537.000000" y="942.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Optional</text><text x="1619.000000" y="942.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1208.000000" x2="1629.000000" y1="955.000000" y2="955.000000" class=" stroke-N1" style="stroke-width:2" /></g></g></a><g id="processing.(cardano block transactions -&gt; collator)[0]"><marker id="mk-3488378134" markerWidth="10.000000" markerHeight="12.000000" refX="7.000000" refY="6.000000" viewBox="0.000000 0.000000 10.000000 12.000000" orient="auto" markerUnits="userSpaceOnUse"> <polygon points="0.000000,0.000000 10.000000,6.000000 0.000000,12.000000" class="connection fill-B1" stroke-width="2" /> </marker><path d="M 631.000000 275.000000 L 695.000000 275.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-713170117)" /></g><g id="processing.(cardano block transactions -&gt; collator)[1]"><path d="M 631.000000 311.000000 L 695.000000 311.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-713170117)" /></g><g id="processing.(cardano block transactions -&gt; collator)[2]"><path d="M 631.000000 383.000000 L 695.000000 383.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-713170117)" /></g><g id="processing.(cardano block transactions -&gt; collator)[3]"><path d="M 631.000000 347.000000 L 695.000000 347.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-713170117)" /></g><g id="processing.(collator -&gt; individual_transaction)[0]"><path d="M 1241.000000 275.000000 L 1305.000000 275.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-713170117)" /></g><g id="processing.(collator -&gt; individual_transaction)[1]"><path d="M 1241.000000 311.000000 L 1305.000000 311.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-713170117)" /></g><g id="processing.(collator -&gt; individual_transaction)[2]"><path d="M 1241.000000 347.000000 L 1305.000000 347.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-713170117)" /></g><g id="processing.(collator -&gt; individual_transaction)[3]"><path d="M 1241.000000 383.000000 L 1305.000000 383.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-713170117)" /></g><g id="transaction_data.(transaction_witness_set -&gt; vkeywitness)[0]"><path d="M 1130.000000 775.000000 L 1158.000000 775.000000 S 1168.000000 775.000000 1168.000000 785.000000 L 1168.000000 1255.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-713170117)" /></g><g id="(processing.individual_transaction -&gt; transaction_data.transaction_body)[0]"><path d="M 1318.732069 401.935104 L 840.035862 655.129792" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-713170117)" /><text x="1079.000000" y="535.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">body</text></g><g id="(processing.individual_transaction -&gt; transaction_data.transaction_witness_set)[0]"><path d="M 1409.162071 402.486588 L 1125.175859 718.026823" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-713170117)" /><text x="1266.500000" y="567.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">witnesses</text></g><g id="(processing.individual_transaction -&gt; transaction_data.auxiliary_data)[0]"><path d="M 1479.240188 402.983053 L 1431.019623 771.033895" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-713170117)" /><text x="1455.500000" y="594.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">auxiliary_data (optional)</text></g><g transform="translate(613 169)" class="appendix-icon"><svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_3440_35088111)">
+<path d="M16 31.1109C24.3456 31.1109 31.1111 24.3454 31.1111 15.9998C31.1111 7.65415 24.3456 0.888672 16 0.888672C7.65436 0.888672 0.888885 7.65415 0.888885 15.9998C0.888885 24.3454 7.65436 31.1109 16 31.1109Z" fill="white" stroke="#DEE1EB"/>
+<path d="M14.3909 16.7965C14.7364 17.2584 15.1772 17.6406 15.6834 17.9171C16.1896 18.1938 16.7494 18.3582 17.3248 18.3993C17.9001 18.4405 18.4777 18.3575 19.0181 18.1559C19.5586 17.9543 20.0492 17.6389 20.4571 17.2309L22.8708 14.8173C23.6036 14.0586 24.0089 13.0425 23.9998 11.9877C23.9906 10.933 23.5676 9.92404 22.8217 9.17821C22.0759 8.43237 21.067 8.00931 20.0123 8.00015C18.9575 7.99098 17.9413 8.39644 17.1827 9.1292L15.7988 10.505" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M17.609 15.1874C17.2635 14.7255 16.8227 14.3433 16.3165 14.0667C15.8103 13.7902 15.2505 13.6257 14.6752 13.5845C14.0998 13.5433 13.5223 13.6263 12.9819 13.8279C12.4414 14.0295 11.9506 14.345 11.5428 14.753L9.1292 17.1666C8.39644 17.9252 7.99098 18.9414 8.00015 19.9962C8.00931 21.0509 8.43237 22.0598 9.17821 22.8056C9.92405 23.5515 10.933 23.9745 11.9877 23.9837C13.0425 23.9928 14.0586 23.5875 14.8173 22.8547L16.193 21.4788" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<defs>
+<clipPath id="clip0_3440_35088111">
+<rect width="32" height="32" fill="white"/>
+</clipPath>
+</defs>
+</svg>
+</g><g transform="translate(1657 205)" class="appendix-icon"><svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_3440_35088111)">
+<path d="M16 31.1109C24.3456 31.1109 31.1111 24.3454 31.1111 15.9998C31.1111 7.65415 24.3456 0.888672 16 0.888672C7.65436 0.888672 0.888885 7.65415 0.888885 15.9998C0.888885 24.3454 7.65436 31.1109 16 31.1109Z" fill="white" stroke="#DEE1EB"/>
+<path d="M14.3909 16.7965C14.7364 17.2584 15.1772 17.6406 15.6834 17.9171C16.1896 18.1938 16.7494 18.3582 17.3248 18.3993C17.9001 18.4405 18.4777 18.3575 19.0181 18.1559C19.5586 17.9543 20.0492 17.6389 20.4571 17.2309L22.8708 14.8173C23.6036 14.0586 24.0089 13.0425 23.9998 11.9877C23.9906 10.933 23.5676 9.92404 22.8217 9.17821C22.0759 8.43237 21.067 8.00931 20.0123 8.00015C18.9575 7.99098 17.9413 8.39644 17.1827 9.1292L15.7988 10.505" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M17.609 15.1874C17.2635 14.7255 16.8227 14.3433 16.3165 14.0667C15.8103 13.7902 15.2505 13.6257 14.6752 13.5845C14.0998 13.5433 13.5223 13.6263 12.9819 13.8279C12.4414 14.0295 11.9506 14.345 11.5428 14.753L9.1292 17.1666C8.39644 17.9252 7.99098 18.9414 8.00015 19.9962C8.00931 21.0509 8.43237 22.0598 9.17821 22.8056C9.92405 23.5515 10.933 23.9745 11.9877 23.9837C13.0425 23.9928 14.0586 23.5875 14.8173 22.8547L16.193 21.4788" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<defs>
+<clipPath id="clip0_3440_35088111">
+<rect width="32" height="32" fill="white"/>
+</clipPath>
+</defs>
+</svg>
+</g><g transform="translate(821 525)" class="appendix-icon"><svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_3440_35088111)">
+<path d="M16 31.1109C24.3456 31.1109 31.1111 24.3454 31.1111 15.9998C31.1111 7.65415 24.3456 0.888672 16 0.888672C7.65436 0.888672 0.888885 7.65415 0.888885 15.9998C0.888885 24.3454 7.65436 31.1109 16 31.1109Z" fill="white" stroke="#DEE1EB"/>
+<path d="M14.3909 16.7965C14.7364 17.2584 15.1772 17.6406 15.6834 17.9171C16.1896 18.1938 16.7494 18.3582 17.3248 18.3993C17.9001 18.4405 18.4777 18.3575 19.0181 18.1559C19.5586 17.9543 20.0492 17.6389 20.4571 17.2309L22.8708 14.8173C23.6036 14.0586 24.0089 13.0425 23.9998 11.9877C23.9906 10.933 23.5676 9.92404 22.8217 9.17821C22.0759 8.43237 21.067 8.00931 20.0123 8.00015C18.9575 7.99098 17.9413 8.39644 17.1827 9.1292L15.7988 10.505" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M17.609 15.1874C17.2635 14.7255 16.8227 14.3433 16.3165 14.0667C15.8103 13.7902 15.2505 13.6257 14.6752 13.5845C14.0998 13.5433 13.5223 13.6263 12.9819 13.8279C12.4414 14.0295 11.9506 14.345 11.5428 14.753L9.1292 17.1666C8.39644 17.9252 7.99098 18.9414 8.00015 19.9962C8.00931 21.0509 8.43237 22.0598 9.17821 22.8056C9.92405 23.5515 10.933 23.9745 11.9877 23.9837C13.0425 23.9928 14.0586 23.5875 14.8173 22.8547L16.193 21.4788" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<defs>
+<clipPath id="clip0_3440_35088111">
+<rect width="32" height="32" fill="white"/>
+</clipPath>
+</defs>
+</svg>
+</g><g transform="translate(1112 705)" class="appendix-icon"><svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_3440_35088111)">
+<path d="M16 31.1109C24.3456 31.1109 31.1111 24.3454 31.1111 15.9998C31.1111 7.65415 24.3456 0.888672 16 0.888672C7.65436 0.888672 0.888885 7.65415 0.888885 15.9998C0.888885 24.3454 7.65436 31.1109 16 31.1109Z" fill="white" stroke="#DEE1EB"/>
+<path d="M14.3909 16.7965C14.7364 17.2584 15.1772 17.6406 15.6834 17.9171C16.1896 18.1938 16.7494 18.3582 17.3248 18.3993C17.9001 18.4405 18.4777 18.3575 19.0181 18.1559C19.5586 17.9543 20.0492 17.6389 20.4571 17.2309L22.8708 14.8173C23.6036 14.0586 24.0089 13.0425 23.9998 11.9877C23.9906 10.933 23.5676 9.92404 22.8217 9.17821C22.0759 8.43237 21.067 8.00931 20.0123 8.00015C18.9575 7.99098 17.9413 8.39644 17.1827 9.1292L15.7988 10.505" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M17.609 15.1874C17.2635 14.7255 16.8227 14.3433 16.3165 14.0667C15.8103 13.7902 15.2505 13.6257 14.6752 13.5845C14.0998 13.5433 13.5223 13.6263 12.9819 13.8279C12.4414 14.0295 11.9506 14.345 11.5428 14.753L9.1292 17.1666C8.39644 17.9252 7.99098 18.9414 8.00015 19.9962C8.00931 21.0509 8.43237 22.0598 9.17821 22.8056C9.92405 23.5515 10.933 23.9745 11.9877 23.9837C13.0425 23.9928 14.0586 23.5875 14.8173 22.8547L16.193 21.4788" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<defs>
+<clipPath id="clip0_3440_35088111">
+<rect width="32" height="32" fill="white"/>
+</clipPath>
+</defs>
+</svg>
+</g><g transform="translate(1426 1243)" class="appendix-icon"><svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_3440_35088111)">
+<path d="M16 31.1109C24.3456 31.1109 31.1111 24.3454 31.1111 15.9998C31.1111 7.65415 24.3456 0.888672 16 0.888672C7.65436 0.888672 0.888885 7.65415 0.888885 15.9998C0.888885 24.3454 7.65436 31.1109 16 31.1109Z" fill="white" stroke="#DEE1EB"/>
+<path d="M14.3909 16.7965C14.7364 17.2584 15.1772 17.6406 15.6834 17.9171C16.1896 18.1938 16.7494 18.3582 17.3248 18.3993C17.9001 18.4405 18.4777 18.3575 19.0181 18.1559C19.5586 17.9543 20.0492 17.6389 20.4571 17.2309L22.8708 14.8173C23.6036 14.0586 24.0089 13.0425 23.9998 11.9877C23.9906 10.933 23.5676 9.92404 22.8217 9.17821C22.0759 8.43237 21.067 8.00931 20.0123 8.00015C18.9575 7.99098 17.9413 8.39644 17.1827 9.1292L15.7988 10.505" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M17.609 15.1874C17.2635 14.7255 16.8227 14.3433 16.3165 14.0667C15.8103 13.7902 15.2505 13.6257 14.6752 13.5845C14.0998 13.5433 13.5223 13.6263 12.9819 13.8279C12.4414 14.0295 11.9506 14.345 11.5428 14.753L9.1292 17.1666C8.39644 17.9252 7.99098 18.9414 8.00015 19.9962C8.00931 21.0509 8.43237 22.0598 9.17821 22.8056C9.92405 23.5515 10.933 23.9745 11.9877 23.9837C13.0425 23.9928 14.0586 23.5875 14.8173 22.8547L16.193 21.4788" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<defs>
+<clipPath id="clip0_3440_35088111">
+<rect width="32" height="32" fill="white"/>
+</clipPath>
+</defs>
+</svg>
+</g><g transform="translate(1613 759)" class="appendix-icon"><svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_3440_35088111)">
+<path d="M16 31.1109C24.3456 31.1109 31.1111 24.3454 31.1111 15.9998C31.1111 7.65415 24.3456 0.888672 16 0.888672C7.65436 0.888672 0.888885 7.65415 0.888885 15.9998C0.888885 24.3454 7.65436 31.1109 16 31.1109Z" fill="white" stroke="#DEE1EB"/>
+<path d="M14.3909 16.7965C14.7364 17.2584 15.1772 17.6406 15.6834 17.9171C16.1896 18.1938 16.7494 18.3582 17.3248 18.3993C17.9001 18.4405 18.4777 18.3575 19.0181 18.1559C19.5586 17.9543 20.0492 17.6389 20.4571 17.2309L22.8708 14.8173C23.6036 14.0586 24.0089 13.0425 23.9998 11.9877C23.9906 10.933 23.5676 9.92404 22.8217 9.17821C22.0759 8.43237 21.067 8.00931 20.0123 8.00015C18.9575 7.99098 17.9413 8.39644 17.1827 9.1292L15.7988 10.505" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M17.609 15.1874C17.2635 14.7255 16.8227 14.3433 16.3165 14.0667C15.8103 13.7902 15.2505 13.6257 14.6752 13.5845C14.0998 13.5433 13.5223 13.6263 12.9819 13.8279C12.4414 14.0295 11.9506 14.345 11.5428 14.753L9.1292 17.1666C8.39644 17.9252 7.99098 18.9414 8.00015 19.9962C8.00931 21.0509 8.43237 22.0598 9.17821 22.8056C9.92405 23.5515 10.933 23.9745 11.9877 23.9837C13.0425 23.9928 14.0586 23.5875 14.8173 22.8547L16.193 21.4788" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<defs>
+<clipPath id="clip0_3440_35088111">
+<rect width="32" height="32" fill="white"/>
+</clipPath>
+</defs>
+</svg>
+</g><mask id="d2-713170117" maskUnits="userSpaceOnUse" x="-101" y="-101" width="1925" height="1619">
+<rect x="-101" y="-101" width="1925" height="1619" fill="white"></rect>
+<rect x="0.000000" y="0.000000" width="950" height="95" fill="rgba(0,0,0,0.75)"></rect>
+<rect x="614.000000" y="140.000000" width="495" height="36" fill="rgba(0,0,0,0.75)"></rect>
+<rect x="718.500000" y="496.000000" width="286" height="36" fill="rgba(0,0,0,0.75)"></rect>
+<rect x="1062.000000" y="519.000000" width="34" height="21" fill="black"></rect>
+<rect x="1235.000000" y="551.000000" width="63" height="21" fill="black"></rect>
+<rect x="1374.000000" y="578.000000" width="163" height="21" fill="black"></rect>
+</mask></svg></svg>
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/certificate-chain.d2 b/docs/src/catalyst-standards/draft-cips/role-registration/certificate-chain.d2
new file mode 100644
index 00000000000..df7b931d270
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/certificate-chain.d2
@@ -0,0 +1,110 @@
+vars: {
+  d2-config: {
+    layout-engine: elk
+
+    # Terminal theme code
+    theme-id: 300
+  }
+}
+
+classes: {
+  NONE: {style.opacity: 0}
+  PRIVATE_KEY: {
+    shape: sql_table
+    style: {
+      border-radius: 15
+      stroke: wheat
+      fill: cornsilk
+      font-color: red
+    }
+  }
+  SIGN: {
+    style: {
+      stroke-dash: 3
+      stroke: blueviolet
+      animated: true
+    }
+  }
+}
+
+title: |md
+  # Chaining Certificates
+| {
+  # shape: text
+  near: top-center
+  # style: {
+  #  font-size: 8
+  # }
+}
+
+root-ca: "ROOT CERTIFICATE AUTHORITY (CA)" {
+  # shape: text
+
+  pad.class: NONE
+
+  key: "Root CA's Key Pair" {
+    class: PRIVATE_KEY
+    private: Secret
+    public: Shared
+  }
+
+  certificate: "Root Certificate (ROOT CA)" {
+    shape: sql_table
+    "Subject`s Name": "ROOT CA Name"
+    "Subject`s PublicKey": Public Key
+    "Issuer`s Name": "ROOT CA Name"
+    "Issuer`s Signature": Signature
+    "Subject Alt. Name": "URI:S:ada:stake1vpu...p0u"
+  }
+
+  key.public -> certificate."Subject`s PublicKey": Published
+  key.private -> certificate."Issuer`s Signature": Self Sign {class: SIGN}
+}
+
+intermediate-ca: "INTERMEDIATE CERTIFICATE AUTHORITY (CA)" {
+  key: "Intermediate CA's Key Pair" {
+    class: PRIVATE_KEY
+    private: Secret
+    public: Shared
+  }
+
+  certificate: "Intermediate Certificate (Intermediate CA)" {
+    shape: sql_table
+    "Subject`s Name": "Intermediate CA Name"
+    "Subject`s PublicKey": Public Key
+    "Issuer`s Name": "Root CA Name"
+    "Issuer`s Signature": Signature
+    "Subject Alt. Name": "URI:S:ada:stake1ngf...8dy"
+    "": "URI:S:ada:cc_cold16cj..80v"
+  }
+
+  key.public -> certificate."Subject`s PublicKey": Published
+}
+
+root-ca.key.private -> intermediate-ca.certificate."Issuer`s Signature": Sign {class: SIGN}
+root-ca.certificate."Subject`s Name" <- intermediate-ca.certificate."Issuer`s Name": References
+root-ca.certificate <- intermediate-ca.certificate: Verifies
+
+entity-cert: "End-Entity Certificate" {
+  key: "Entities Key Pair" {
+    class: PRIVATE_KEY
+    private: Secret
+    public: Shared
+  }
+
+  certificate: "Intermediate Certificate (Intermediate CA)" {
+    shape: sql_table
+    "Subject`s Name": "Entities Name"
+    "Subject`s PublicKey": Public Key
+    "Issuer`s Name": "Intermediate CA Name"
+    "Issuer`s Signature": Signature
+    "Subject Alt. Name": "URI:S:ada:stake1ngf...v2q"
+    "": "URI:S:ada:drep1ayt..80v"
+  }
+
+  key.public -> certificate."Subject`s PublicKey": Published
+}
+
+intermediate-ca.certificate <- entity-cert.certificate: Verifies
+intermediate-ca.key.private -> entity-cert.certificate."Issuer`s Signature": Sign {class: SIGN}
+intermediate-ca.certificate."Subject`s Name" <- entity-cert.certificate."Issuer`s Name": References
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/certificate-chain.svg b/docs/src/catalyst-standards/draft-cips/role-registration/certificate-chain.svg
new file mode 100644
index 00000000000..eb326806351
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/certificate-chain.svg
@@ -0,0 +1,870 @@
+<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" d2Version="0.6.3" preserveAspectRatio="xMinYMin meet" viewBox="0 0 1302 2542"><svg id="d2-svg" class="d2-1480995423" width="1302" height="2542" viewBox="-89 -160 1302 2542"><rect x="-89.000000" y="-160.000000" width="1302.000000" height="2542.000000" rx="0.000000" class=" fill-N7" stroke-width="0" /><style type="text/css"><![CDATA[
+.d2-1480995423 .text {
+	font-family: "d2-1480995423-font-regular";
+}
+@font-face {
+	font-family: d2-1480995423-font-regular;
+	src: url("data:application/font-woff;base64,d09GRgABAAAAABNoAAoAAAAAHTQAAguFAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgXd/Vo2NtYXAAAAFUAAAA2wAAAT4HPAjfZ2x5ZgAAAjAAAAwnAAAQyKvd3LBoZWFkAAAOWAAAADYAAAA2G4Ue32hoZWEAAA6QAAAAJAAAACQKhAX/aG10eAAADrQAAADSAAAA9G0QDA1sb2NhAAAPiAAAAHwAAAB8hCCIiG1heHAAABAEAAAAIAAAACAAVQD2bmFtZQAAECQAAAMjAAAIFAbDVU1wb3N0AAATSAAAAB0AAAAg/9EAMgADAgkBkAAFAAACigJYAAAASwKKAlgAAAFeADIBIwAAAgsFAwMEAwICBGAAAvcAAAADAAAAAAAAAABBREJPAEAAIP//Au7/BgAAA9gBESAAAZ8AAAAAAeYClAAAACAAA3icjM/LLqMBHMbh52s7nUPbOXZmnJU6laKKauxEIqSRiIXECjchcVliJ44XIbF1FZVY/MWXxtq7fha/F4msBEW5pIm6ipyiiqppNfMWNLW0rduwZUfHngOHjhw7dRZBT8+kuvGuN23r2LXf0ydvOp6UFZTkZeIlnqMb3biPu7iNm7iOq7iMh3iMizhPuz6+xJqmVS3LGubU05pFSzKycj7J++yLr74pKCr57oeffvntjxVtZX/981+ffgMGDRk2YlTFmHFVEyZNpT9rZnkFAAD//wEAAP//aRMzAwB4nGxXfXAb9Zl+f7+VtUksx1rL8kq2PndtrSRLlqzVam19xrYky5+SJRt/JHa+nDhOSBqcK5mASehhPo6jnK4TBq4XGHrlBpiBox8zpBn+o4RzjwBtr0NLIRmmN+NjjtLe+Tw3B61XnV19xGn5Q7OanXff9/c+7/M+zy7UwSwAFvBlIGA3NEIT6AF4yk512DmOJUVeFFmaEDlEkbPoY6mI0FBQFQqpuvs/679w6RKauYgvb98dXltaur5w/rz0zY1PpQB671PAQABgMy7CbqAAdCTPORwcq1YTOl7Hciz5jvW6tcmmVTXafn1r4dZs/PcJ9LXFRfF0b+9paQ4Xt8+urwMAIAiWtnAbvgJmgDrG4RCCoRAfaKFJh4Nl1Gp9c0sLHwiJtFqN8vlvjIyuFaIHTN7Wfnd8ng/sj/uGrV3cEc3EM6dOPpPvtoVMTN+9+fyFficT9AYAAMMcAA7iIuySz8lTfKBF36xmOT4QEoIOlp174Znnnn1qauTcuXPnRnDx5SvP/kvyb1dXH1bONgeAbuEi1CuY6e16Xs/q7fo5dJ/04RdfoG5cTL83+LvBWuwvFDxux1JK5Jdf4mL6Vlr6dTUOB6o55UnwFEvZqbkC6p6clN7HRelzpNs+iwTpnWo8vIqLMt5y/FxBBq+SJ4GLoCnf5xFP6liC1M8VCEQtvPv5/Fv34KJ0FQ19KZ1EUw//tFr7AVyUseYpXtfSQvOhkKiTTxAMiSxJsATHtrToqbnFixpao9LoNavHxncRquCquBpUESQuSv/EpBgmxaCF7bNo2XOq8ynpFTT5VOcpj/R0rT8vLoKuXIPmHQ5B7rGa+a7PB1UEmb3rd4MqlZxv8bHAqSAqbJ9Fzz7afSIovQxY4cQxfAUa/4wV8ujUXCCkjI5RyIFG85cGBy/lCxczmYuFyLT/5MzMSf+MZvLby8tPT0w8vbz87cmhgQv5+5588r78hQGocaJemUFzhRMKKViKqtHijeEz8UfuvvvIXYXpuxZwsX0qs7Qo/RFl+tKDYi2HDRdhL9A7csgz2Jnm3YETkVzyxYXnzp8Zy+fHzuAiO5Ecnaek3yC99BmaTezrC5b3wF3aQr/HV8CrdMyJCu+FoMPBcV34zq2Q+6ZpC5bRQNrUvZ0B9iDflzF3WxesMZewEIkssl7LUJc4YA+0zjti7aFFjeAJd3gjfsZp2utqcPf7A1mvtz1ktgc9VldrvVPr7esOTgUAgQkA/REXgZS7YgW7nqV+8zb65G08nE5vv14+63RpC3fhoqwlynQonirvaUj5q1ajgYFT8YIr1elJu3Lxk5rQ6jL6hvRAdr/DsT+LHpIuLa+GACnDIHARGgB4YgcfiZ//fHa5qU2najJRy1M/xUXpufCxcPhYGB2RuV8qAaCbuAiNALxA8HTlQZEn9G9dn53SWrUqimmcnL4uoW9da093dKTbr0lnJGVuwdIW+j7ahFZoB6AZmVpiUIGV5BSQ9RQrCxkXCImCIkBvxib+7h+pTqd72GxjjoZnc0mSYCZa2Dh74XBAM9SXm6KsPaytubfFdXq/9EHY5O5nrI82Rn2uDsCQL22hP+B10IGtPFmWZCleT5ZrlflcpjOpb2lBLmbIRpD9eWzPOg8eiRxMR7ORlHUfa0to7OYAXn9zxsw9ck/h3nhqaS53lLGVTHR5Jl2lLfQa2pTn99U6WpXRpn0non2n4v6U0a33mT0prjDAhFva7TlNdCWXX4kydEhn8E31FJbMzaLZLmPmK22hD6s9lDFTknMCXwVLFGqF/n//mchh0R23qQpJkjCNGvdFrb0WLuFIax6+kD0Xt7QW3tju6TW5UgOSifYVeqaPAlbO/29oEwxgvaMDeansNRMg7ApUiO47GU8sivPHEJZ+VDedZiNtZmv2HaRK9PITmthKNrcSXz3RYNw9dkBPhZotyDE8llVwsgCgBP5F2QdZQRSCFZxYRq9o9qH+/tQQ7dY2tZmSS0vou/G6seHp3WRCszA2IM0DAAHekg39Fm1CN8RgrMYiwbHjoiTl9WxZs1iGK8+gMnMicFvCdBWtYBzlmP+bPeuwNxkZnYELTHY3tze8vEjR/lyAYxqaOroXpqaiZ0bdsWhnZzQWSk/yvsm9dm2rYeSTZMLa26Kqd5qsXQ2q5mSnMO4m6xJawRocdVH1bc20RYx5R33o+wlBiEYFISE9FnMwrSqVzq3nuhRs8gDol3i9oopVjsruoPCTyucJdiwwNpj3+DsiHXj9zUW77/C8dAO5knFHh/Q8lEqQAoAf4texA3oBQA3hVQAolUq/KnHwA+V+pHz/fqjV3MDrNR/TyT7Gkfr8BPH+/u9em3tyP16XLAh+LN38r5MPVp4pbcGv8Lq8/zL2ivxUCPJylyu/d7eKJOt3tWh6BXx8+7KOQiiuUpVr4f9Bm2BXasmaIU/pji7J2jWfJAnbaGdPotEx7hkZynu6Qsm8xxdKoo006+v2uILV1kek5yuXKoZos4JhpcZODJMkwY7XQFSS3YFhZRf+G21CI7R9pf/VuIMaI0uJxFIkejyROB5NjI0l4uPjlT2OruRzK9HkUmHyxInJwhIoWsSjP6DNyh7fPp3CUAdH63U7tUg+qT3buXAkcrCHGWDweUWKEu32+Lv4hz0m56P35O+NW1qnXkDqO7RI1gsefVitUyeISvraUog8RezUC/SIyjziLovGPjve1f9+TTDefXXG5FREw2zu2h5D6tuKUeXOAtqsvNmVu6koXhloY8ZlprWa5kbrgBFtzHSF9mRUqkBcqrx7mkpb6CG0CW6FRzs9V7HcP3PcsuH+LLjAumzJTr/fzrcx/e7ZrHfc5DSGbF2dFn8bm/S6shrOJBrtXquRofc02AVXJGujgzqD20Sb9fUNdrGL63cq9Q2lLZTCZ+Q3CIXHrCCKvCJCNT5/Nh7LjO5JPfSQ3d1g0WibfZq5DGqI1z322IC06e3erYqT9UqukdIWeg9tyLy7YyeoikR/MpYpdPodEUbGhRnVHJ5HQemXyTjXiWal1lGnH5C8g+hf0cZf+vEbr00dqKfrVfX0ngMTr6AN6bftGZbNtKNmqVV+ruRTnmvbiaMo3pFiL57TmjXaXc27XaHG+h9PHa031qvqm/dM565SvtTP1Ko+XBfxtqP/lP7XmmHsGRtq2N70j3plPnlKW+g6fhzqq0gFK7TduQtfHDp9+tDB06cP9iSTPT2plObV57/z0kvfef7V/ktPPHH//U88cUnBKQuAruKLit7I9iWEQqIsdtlv/ZWnrzWxlkQfCLto7fbbyTJH2gHQW/hxuTdeiOPKenC1xZFFktc7Dz2SjsacSZPPuT8+e3zg66OtPcZr3Yf+/uu8mPbafB5haSp6/6NZrBoEDP7SFvqJ0o8TADFqsko84i+d+/aLAqqzZiy7BmO+fZFgfDGc+loiONLWpeuxeId92JLjCkeDUyjj9MwfGUvEh6RXkn9z/MErg5yZp9v488c6Oo8eiR0IKv7lKm2hdfw4WMEjqzRdqbrDupTO9GXGEzvft4nKgiib+2V0QWRFCxvy5/nCYZOz2Ryw8fOUjQ0LnogrWdeT8me7HHxW480F3H3dWpUxE+gedh0atkd8jSqtJ9bpG/eiE+Z9rK+/x+cIsNLbiW5X0NFkTHuEVBn/vtIW/AhW5O+lnZN/wMiyRgPLatg2M8ua21jZe5RY9BHmwA+AlkEtXwFBDr0GL+EfQB2AjuN4kjyqJWYILXrtxQMHXgQELvgINaJW+RtLFHi9a+OjRAIUXv81+rR0Tb5PC3a9Bn18URQV/8mh3fhjeU/osunTCh70B/F0Os6He3vD3zt2c23t1qLh4M2VlZsHAYGjlIOblWc4BVF5T/TN6lklno+n09+rRBsWb62t3QQMLAD6d4V7VgBeZIXyjyeVn55VfqzIkjpeZOeMuemmqQO0QD9sEAwT8n+jYFgz2taa1m70Xg5fvXr1avhy740bN1DdZcWT4UEcQ4NEA5AQRY1Q82N4AW1UvzfzebQh73jpJ3gYRPy6PAdqxxwMVqvBYLXiYbPRYLEYjGYApHj9P6ONij9XdVX5NLC1dDRQuw0N7YZ89MNddXGijvdg8/Z/DM8AKt2DY9BDNMi1dZxI7302/E0c+wfxRfgTAAAA//8BAAD//96PpoAAAAEAAAACC4VHXmFHXw889QADA+gAAAAA2F2goQAAAADdZi82/jr+2whvA8gAAAADAAIAAAAAAAAAAQAAA9j+7wAACJj+Ov46CG8AAQAAAAAAAAAAAAAAAAAAAD14nCzNr0oEURzF8e85GywLNtmwLAO7COOfHcOgiBhETAblV8TrA5h9A4tYtNt9mTUbNPgM6gVZ13TFwfBp5/D1PefMwBU979H6kuRlkt5JviNpieRDkl9IviX5gdbbJO+SvMKaBwx9w5l7oLdStKB1TWjG1Os0+mSqCSMt2HRFMOeI7/KqD4JC9PYJjwmPun10nwtCjwwVDFxxrGf6ncyGMifKTJTZUqbmh4N/p9qh1hd9NYQaVpUZe8Q1cwLK018XytUvAAAA//8BAAD//1tVNmEAAAAAACwALABQAIAAngC0AMgA4ADsAQYBOAFaAYoBrAHUAhgCKgJOAmoCiALAAvQDIgNUA4gDqgQWBDgERARQBGoEhgS4BNoFBgU6BW4FjgXOBfQGFgYyBmIGiAagBsoHCgdgB3YHggeSB54HqgfEB94IDggYCCQIOghWCGQAAQAAAD0AjAAMAGYABwABAAAAAAAAAAAAAAAAAAQAA3icnJTdThtXFIU/B9ttVDUXFYrIDTqXbZWM3QiiBK5MCYpVhFOP0x+pqjR4xj9iPDPyDFCqPkCv+xZ9i1z1OfoQVa+rs7wNNqoUgRCwzpy991lnr7UPsMm/bFCrPwT+av5guMZ2c8/wAx41nxre4Ljxt+H6SkyDuPGb4SZfNvqGP+J9/Q/DH7NT/9nwQ7bqR4Y/4Xl90/CnG45/DD9ih/cLXIOX/G64xhaF4Qds8pPhDR5jNWt1HtM23OAztg032QYGTKlImZIxxjFiyphz5iSUhCTMmTIiIcbRpUNKpa8ZkZBj/L9fI0Iq5kSqOKHCkRKSElEysYq/KivnrU4caTW3vQ4VEyJOlXFGRIYjZ0xORsKZ6lRUFOzRokXJUHwLKkoCSqakBOTMGdOixxHHDJgwpcRxpEqeWUjOiIpLIp3vLMJ3ZkhCRmmszsmIxdOJX6LsLsc4ehSKXa18vFbhKY7vlO255Yr9ikC/boXZ+rlLNhEX6meqrqTauZSCE+36czt8K1yxh7tXf9aZfLhHsf5XqnzKufSPpVQmJhnObdEhlINC9wTHgdZdQnXke7oMeEOPdwy07tCnT4cTBnR5rdwefRxf0+OEQ2V0hRd7R3LMCT/i+IauYnztxPqzUCzhFwpzdymOc91jRqGee+aB7prohndX2M9QvuaOUjlDzZGPdNIv05xFjM0VhRjO1MulN0rrX2yOmOkuXtubfT8NFzZ7yym+ItcMe7cuOHnlFow+pGpwyzOX+gmIiMk5VcSQnBktKq7E+y0R56Q4DtW9N5qSis51jj/nSi5JmIlBl0x15hT6G5lvQuM+XPO9s7ckVr5nenZ9q/uc4tSrG43eqXvLvdC6nKwo0DJV8xU3DcU1M+8nmqlV/qFyS71uOc/ok0j1VDe4/Q48J6DNDrvsM9E5Q+1c2BvR1jvR5hX76sEZiaJGcnViFXYJeMEuu7zixVrNDocc0GP/DhwXWT0OeH1rZ12nZRVndf4Um7b4Op5dr17eW6/P7+DLLzRRNy9jX9r4bl9YtRv/nxAx81zc1uqd3BOC/wAAAP//AQAA//8HW0wwAHicYmBmAIP/5xiMGLAAAAAAAP//AQAA//8vAQIDAAAA");
+}
+@font-face {
+	font-family: d2-1480995423-font-semibold;
+	src: url("data:application/font-woff;base64,d09GRgABAAAAABOAAAoAAAAAHWAAAguFAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgXqrWeWNtYXAAAAFUAAAA2wAAAT4HPAjfZ2x5ZgAAAjAAAAwPAAAQmKfqtR1oZWFkAAAOQAAAADYAAAA2FnoA72hoZWEAAA54AAAAJAAAACQKgQX9aG10eAAADpwAAADVAAAA9HCXCrpsb2NhAAAPdAAAAHwAAAB8gmqGwm1heHAAAA/wAAAAIAAAACAAVQD2bmFtZQAAEBAAAANOAAAIcCYSZQ5wb3N0AAATYAAAAB0AAAAg/9EAMgADAhoCWAAFAAACigJYAAAASwKKAlgAAAFeADIBJgAAAgsGAwMEAwICBGAAAvcAAAADAAAAAAAAAABBREJPAAAAIP//Au7/BgAAA9gBESAAAZ8AAAAAAesClAAAACAAA3icjM/LLqMBHMbh52s7nUPbOXZmnJU6laKKauxEIqSRiIXECjchcVliJ44XIbF1FZVY/MWXxtq7fha/F4msBEW5pIm6ipyiiqppNfMWNLW0rduwZUfHngOHjhw7dRZBT8+kuvGuN23r2LXf0ydvOp6UFZTkZeIlnqMb3biPu7iNm7iOq7iMh3iMizhPuz6+xJqmVS3LGubU05pFSzKycj7J++yLr74pKCr57oeffvntjxVtZX/981+ffgMGDRk2YlTFmHFVEyZNpT9rZnkFAAD//wEAAP//aRMzAwB4nIxXa3Ab13U+9y6IFUmI4gpYrPB+LLALvgAQC2D5Agi+CRCkSIKkRIgiGUqWZEomJT4kv5RWtupy5CnGaTNKrORH5c5YSZuqsX7I42md2pQ7tVuPO9bYTSPH+uGM28bsOM2EDeuOudvZXUAk2z/5sVhy595zzv3Od75zLpTBGADO4m8DAeVwAA4CDSBQHsov8DxLioIosgwh8ogix9B/SzfuNwV1oZAuGH678enFRZRbwN/ePjdw5uTJh9OTk9L1f/pQmkV/+iEAliUAHMYFKAcKwEgKPMfxrF5PGAUjy7Pkz5hbTLWjSrffsfHx2sdPCz8X0NTwcHQhLj4hnceF7aXXXgMAQNAob2IO3wA7QJmX42LReFyImBmS41ivXk+bzEIkLjJ6PTo6+sLhkbXR5KwraUlwsVxobrS+254MnDYMfefc2ZdHIp4Bq6t5PnP+9/zOdLARAEMOAKdwAfYpMQqUEDHTJj3LC5F4LMqxbO6vrv/g1T/uEE6cO3dCwIVXXvmzW9PLTz25oMaVA0D/hgtQqeJFe2iBZmkPnUPXpC82NpAbF+Zuzb0992jtQxWLnbVUDr0o/fLLL3Fh7o056Veldbi7ZFPJgkCxlIfKraDylRVpCxekrxC5vYS80sPSevh7XABCW59bUYAr2pnABTBo3wWjQBpZgqRzK8Qvr7y38fuvTeOC9FNUI0sXUHT1bx/5vo4L4FL3GM1mRojHRaMSQTQeF1mSYAmedWKayj2/UklX6CpNFReuni0jCV3sbM+5qI4gy3BBesvV4XZ3uFBqewnVudIZ53elB4j7rjOTdkkfl/wkcAGMmh9G4LiYck6CZ81mmspder9Lp6tc1F64IL30YuSiiOzbS+j8i9ElUfoMsMqJJXwDDoBtDyuU9Ol5LXtehRtoZPy5dPq58Qnld2JwampwcGrKkHt5fv768PD1+fmXc489v7Bw+fLCwvMlPjhV3ExFPqgWWZamhIhGiQ/SS52d5/umx18aSI/gAnc02z8d/E80eCkZUviq2WjBBagCZpcNBX+Woh4x69PuJ9r7Wr//3B+dPN7V19d1HBd84+mBKZP0KwQyoKlmsalB4z8nb6JtfAPq1JPyotmsGeH5IN5bDLTJbGYYLWR0sPOZUDebb2hqaa7PuxN884lU8zzX6uqpDTY7wrbJlkzT44ZI8LCnJsjV+Ix8VX13OJprbOAyVmeNz+JhKv2Wkb7Y0ZgSgxUA78MFIJUTsTEPzVI/fRN9+Saun5vb/kiLc1jexO24oOiHmhFKoExqrHH1T70e9Q+cT6x42vhAgl1sWzS0XT2LFqW1vhzL5vrQk9K3zl5tAyR/DYDtuAD7AQRiFw+Jd99/ZqraWq2jLAeOXfpHXJBeF081NZ0SUVrhvLIPfYULcABAiBECU9woCgT91jvP9lXZq3XVzqq+p/7uN+h7t/w9HNfjvyU99hs1ZyF5E91DW2ABFoDxKnQSVUhJXgWYplhFu/hIXIypmvNWauTadxAf8fV4amtOt0wdm9mn8wyQzkb7yaGAYTh1+Eg132w3DVq5J05Ln8btXN5hWdgv+D1O1V9a3sTleB0OglNBi2dJlhJoUvO1i8IkbTYjsTdFVBxbJlwZ/9SptpnDjZ2RpmiTVTCkonj97qjNu3Zh7FL7zEQuMyp+bjYquaiRN9FdtPV/qmOHJiXJNHedbe++0BHqtTUZA0zrQLrFIdAh75ghsTwyupxwMwOUMZ9J5y1U1ukEDHXyJtrA62BUVELDSTXMx4QSQmKs5OS/phZaZ2O1rXbd8sw+na3fIIYtEUuoq8Ww9tTwStJhOXxnOxmzcTPi58zB8cHDY1r9KLH/M9qCQ4qPvbVNesyl0AlBLXFk615IdZxp7soHy6R39w21ukUbz07ceRCJ1HUppxheSbY+3uMzdfQbqX7GicLNHe0aX20AKI8/0PodGxNj0SJGrJdW9fl4Z2f2iDVcbbbZkrOz6KWJMmHwRAU5YcjFjknnAYCAgMyj/0FbEIEkZFVEuFhUQUAhUGwHeIFmi0ri5XitaRUzTewSK2NRHLy88t9my/FYr9HioS18fFIw+Q/8OG+ojoxFq71U5X624cjksdTFDBtp9PkikXBrpqG2K2Djun9mb65L1OsMAacjdEBn7K5rHqohy8ar6qzxAU5PVpgo+lBzKnw4iN6MhoJCJBSKSoWwy2EiHT6PX8ElDYD+A68XFbBESqULqAVBpZd1rmzkcP+yr8bd6MLrd2ccDaeOS+8jfyLicko/BFmGJAC8i9/BHDQDAAkt8DyALMv35Qi8p35vLX6/CkWfGOP1R/1KVPoVT9LpC8Tdb/7gjcvfHMTrUt9n70qffnz0srJe3oTf4nWl1hUWqlJTJMYbCWG5ulxHkgcqXIZMCndv36UphCZ0es0PsQ9tgUf1o+iDkp09JyQfvdMz+3SudDDeQbGDwaHMip8LNi/7+WAz2ujyBEM1XKR07IT0w+KrhB/aKuJX9LEbP0Uqhh4BiDY63cE9+BVr4Gu09Tv0t4OJ+c7O+URS+U3Gk8l4PJEoVm9ieXRkOTGdT2fySg1rupPE5WirWL870RWZydDGXcKjnn8wMPVY24zoTjmJE5rw2CLr+C+jVm5taexS0mEZvYHoHelRNSKJNko+ymKiavpRIYgCRezSCPSkztbLqUJRk3IRFccelERi/eaoldWEwhnaziF6RyU0jC+hreLUpp2iqG4awNYMz9Km/eZqR4pBG0fCQsVJna6hSSr2qkPyJvoW2oKAyp+dnsppPXWPVjJOTJv09yMnfXFPpz/AucJWd3tgdjQ66oxZYw6/ry3gTdXNGXhHxuL0WmgbXWFgxZqOUR/Ta2RcjMNZZWCbgu2TgMAkb6I8vgBmjbcxNiaKgjo4mor0/e14X2+2avby5Z799gqTSTCcOPzFRNkLLxz7YoLUjZOVWvzd8ib6BdpQOLaH/1RRhj9R2BVwN9qXp8sJd9Zw6jiKSp8kIm4fGpbofi4ISKk11YbWZ3e1y9f/YnWoQpnv6IqhxVtoQ/ZlOC7jkyVa9W2Q4+o+627sRHGPCb1+3uSsokljOR8ylL+9Ol5JV+rKjeWZxTuuo/+g1+VxWcjvQp//2t3Hevs8v96Wc99QuBOQN9G/4DWoLPJeywVtUjiv5qc48psRnFhdPaE8rrDNFnY5w3Z72PCjmzdfffXmzR/lQ/P5/Jm6ujP5/HxIiTkDgN7Dz6r6orSqWDwuKuKWKayGep0Tl6fRK/3lloPbn01r+HoA0Ed4TYlCiCWxVm6lWcCk1yuiKNDc5JXeuOBPWFP10x1TT7Q/3m5pYb7fNfGHi+FIW60jFRLmJ5tWn+7CZXOAoV7eRJ+oZwsAIK+eLJGO+P+3mp1JABlsbbbyVDAgxgLJ+fa+pY6WMXuSEh2BzhrCnvXmTot5FPcExrPtLU3N0k86r5199uX+Wmcvbas/fZQNfONk+3RU7VU1RWztUAPxR6qyq0spUyqtSQwR35EYM1EsDRV5hJJzTb0NfiFyRJx4LO6q74zPMlZbpN4f8baWBVtreuqcfLehYSjaOnxIZ01HogO1M4OhLKOzZFONQ0G0bI07a8VgjbvOJX0o1LP1Hsrc5g+1qLi3y5vwEbyk3H+YXdm/5qqvd7lraw31Xm+98ig9Rl2L/hXzEAZAE6BX3oBgCK3BO/jHUAZg5HmBJM+YdRcJBq29fuHC64CgFu6jQ4hT7kxiTKBrv7w/Nqbx+hn07/Jbyncm5qEN6Od/0NMDCAblIWTBD5U6YTTIGBUJ5sNkb2+yvykeb7pz6uHVqw9PuWcfLCw8mAUEdfIQbBX38CqWSp3QJv2yur4/2dt7p7jare4FrEye6Bf4GtjUG5jIxrRHINWHZtWHFVnSKIjs0UOD49Ujx8w99CrTTQ9PVo9PM73M6iH3xeqL97JXsrdv376dvZK9d+8eOnAFlN4L8ziBBgkfkNCGDgKU+i78Ddoo3R/Ty2hDogHJf407oAe/o+SB2pUHF8e5XByHO3xOh8/ncPoAkNrTf4I2oHqPlmojv9fGV5kr6EoPs+Ls/mBf2QRR1lCH9dtfR0eVupSP4gS0Ej7Fv5EXGfznw3+CE9/L3ob/BQAA//8BAAD//9JootMAAAEAAAACC4UVitIdXw889QADA+gAAAAA2F2gqwAAAADYXhEz/jj+zwhuA90AAAADAAIAAAAAAAAAAQAAA9j+7wAACJj+OP44CG4AAQAAAAAAAAAAAAAAAAAAAD14nCzNvy5DYRzG8e/zkBJpYmBojqmk0qNNaVj9iZxIXkKa/EjcApvBdbBZxQ24ADdgMrgLk4VJ01d60uGzPU++fuaSd/AgT3zE0HeEC0ITwk+ECsJXhL8IPxJ+YegTwiPCbTa9TuEHRm7lsX7z2PNse5ekD0rv0dMfpfZZ8yJdD0hqcKCF/OklkpZJc2ck75Dcqfep/tyT9EpLN6y6T6VvmlMWXYtTi7ZF36LUCoczFzpmSz80VXGuip7FhjvcqkGC/DbtQr7+BwAA//8BAAD//3buK6IAAAAAAAAsACwAUAB+AJwAsgDGAN4A6gEEATgBWgGGAagB0AISAiQCSAJkAoICugLqAxYDSAN8A54ECAQqBDYEQgRaBHYEqATKBPYFKAVaBXoFtgXaBfwGGAZGBnIGiga0BvQHRgdcB2gHeAeEB5AHqgfEB/QH/ggKCCAIPghMAAEAAAA9AI4ADABkAAcAAQAAAAAAAAAAAAAAAAAEAAN4nJyUQW8bRRzFf2unNhUiKghFqYSqOYLUrpMoqdrmgkMa1SKygzcFcdzEa3sVe9faXSeEj8FH4MYX4MypH4EDRz4ABw6c0byZxHVAkEaVmreemTfv//5v/sBasEqdYOU+8AY8Dtjgjcc1VvnL4zrdYMXjlbf23GMQ9D1u8Dj42eMmvwS/e/we27UfPb7Peu1Xj99nq/aHxx/UTd14vMp243OPH/CoUXn8IQ8aPzgcwLOG5wwC1hu/eVzj48afHtdZazY8XmGt+YnH9/ioueVxg0fNfX7CsMUGm2xgeHL99QxDmwE5JyQYIi4pqUiYUmLokHFKTsFM/8daG2D4lDEVFTNe0KLFhf6FxNdsoU5OafEZjzFckFIxxtAnoSSh4NyzHZCTUWHoEjO1Wsw6ETlzCk5JzEPCt7+lNSaTyiMKcv1idaeckDNhoHtGzJkQU7BFyAbb7LBLm3326LG7xHnF6Pie/IPPneuxx0u+lv6SVMrNEvuYnErVZ5xj2NRaKPefs8uUmDMS7RqS8J3qsQw7hDxlhx2e8/SdtC17k8qXGEOlrg2027pwhiFneOe+p6rW9tGee02mrrq1iMrvdLdnDGjpvFGtY3lmxDxXvwtS7Q7vpOaIWN017BNieOVZb5/MiktmJBwz9p4tkhjJp4oL+bZwdUIqlzNl2NY9V6WutitnIjocYuiJP1tiPlxisG/jZpo2lRZb00LZ8r2LHp8TkyrjJ0y0snhpse5t85VwxQvMDXdKTtWFGZX6UIorlM8jWvQ44PCGkv/3aKC/rr8nzK8T4qqzybDvu02k7kbmIYY9fXeI5Mg3dDjmFT1ec6zvNn36tOlyTIeXOtujj+ELenTZ14mOsFs7UMq7fIvhSzraY7kT74/rmH1/M6kvpd3lNWXKTJ5b5aGfLsmdOmwYetars6XOnJIy1E6j/mWaVjEjn4qZFE7l5VU2Fi/LJWKqWmxvF+sjck3WQq/Tshou/XywaXWa3BSobtHV8E6Z+e9pfXN+HemmoVQXPi1tqbO5jik5c7khV30ZCWeURHKulK/2zPdiyDWLCr2MkdRbt9pMlETri5sh1st/+3UkfYX643httqzTk2tHh+Keu+T8DQAA//8BAAD//9kvXF8AAHicYmBmAIP/5xiMGLAAAAAAAP//AQAA//8vAQIDAAAA");
+}
+@keyframes dashdraw {
+	from {
+		stroke-dashoffset: 0;
+	}
+}
+
+.d2-1480995423 .text-bold {
+	font-family: "d2-1480995423-font-bold";
+}
+@font-face {
+	font-family: d2-1480995423-font-bold;
+	src: url("data:application/font-woff;base64,d09GRgABAAAAABNoAAoAAAAAHRQAAguFAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgXxHXrmNtYXAAAAFUAAAA2wAAAT4HPAjfZ2x5ZgAAAjAAAAwkAAAQkNWELmdoZWFkAAAOVAAAADYAAAA2G38e1GhoZWEAAA6MAAAAJAAAACQKfwX8aG10eAAADrAAAADUAAAA9HPxCYhsb2NhAAAPhAAAAHwAAAB8gfiGVG1heHAAABAAAAAAIAAAACAAVQD3bmFtZQAAECAAAAMoAAAIKgjwVkFwb3N0AAATSAAAAB0AAAAg/9EAMgADAioCvAAFAAACigJYAAAASwKKAlgAAAFeADIBKQAAAgsHAwMEAwICBGAAAvcAAAADAAAAAAAAAABBREJPACAAIP//Au7/BgAAA9gBESAAAZ8AAAAAAfAClAAAACAAA3icjM/LLqMBHMbh52s7nUPbOXZmnJU6laKKauxEIqSRiIXECjchcVliJ44XIbF1FZVY/MWXxtq7fha/F4msBEW5pIm6ipyiiqppNfMWNLW0rduwZUfHngOHjhw7dRZBT8+kuvGuN23r2LXf0ydvOp6UFZTkZeIlnqMb3biPu7iNm7iOq7iMh3iMizhPuz6+xJqmVS3LGubU05pFSzKycj7J++yLr74pKCr57oeffvntjxVtZX/981+ffgMGDRk2YlTFmHFVEyZNpT9rZnkFAAD//wEAAP//aRMzAwB4nIR3e2wb15X+uZePsWnqQZHDISm+R5whKYmSOByORFGiZJF6mRT1sB6OKcnWz/FLtuyfLa/UVG4KxE6xCdPsVqrjxG3TGjF2N0i6CIwusvWqiy1qeI16sQukWQOL1km6QdfbLBA10BZ5SMPFHVKy7P1j/xgOMbhzzj3f+b7v3AENDALgGbwCKtgNFVAFNIBg8Bh8As+zlCRIEsuoJB4ZqEFcJd94gw+oAwF10H3V9cz0NMpM4ZXNUwczMzN/nG5tlX/wtz+VX0LnfwqAC18C4C6ch91gADBSAs9xPKvVqoyCkeVZ6neVL1aUVZep9dYv771z73v+O37UH483zQmR0/JlnN+cv3YNAABBqLCOG/FVqAbQeDlOjESjQtjMUBzHerVa2mQWwlGJ0aLJ4RdGRl8aThzxDFgltq6vdqzXn7AMDOvT3z196tUhwTvFOMJTe4+crbHmDgGGDABO4zzoihULYbOZNmm1LC+Eo1ExwnEsm3n3yHeGBl8+VG9vHgmFRprtOJ98+ezZ7/Qs+HMDAwd8yv4yAOhTnIc9Cm60hxZolvbQGXRV/urBA1SB80vPff3K0vbahwomO9Zm0DX589/+FueXXlnahK11eHQrpkALomBgDawhs/zRyspHOP/VV5vzqFJe21oLH+I8qJS1hswyAa8U4xTOg774XDAKKiOroujMsvrn12//549eT+O8/N9oj7whLyLjkb/eyvs2zoNLecdoNjNCNCoZBQNLYJdYimJ5nnVims786ISuSqfWGXTHfvg8tVulFieHJiNq9S4K5+UH9nans92OvJvzn7qzg65rX3xxzTWYdX+6lYPgbizmYASOE0l9Kp41m2k688qbHWp1eZ7cNGU4L//dn0W+Gfvd5jxKfTu6FPsPAMAKJ76Br0LFE6xQOsiHSftYL+EGGpu4vG/f5Ynib9fAQFfXwIB++NWTs9/NZq+cPPnq8LPzMzNzczMz81DiRKOCmekxTrC0QQiToGzmw94L3d3zqaHexY54Euf5XDY90/AbNHxcCAJsxRjBeSgHZkcMipCeRIkWw3ySOpdMiCs3Lg6lY21tsTTO+yYGeicZ+atPPkGHmhobOYIVW1jHOnwVgkqVvGQ2FwPwfAg/LgTaZGaY4m6RqePZ8H52zB+qF2pHPXGu9USy+Wxwn7uD5+pbgvtbu2Nz+sbQ007O63A5qmrKG7obohORuuCktdpldzoNXsv+VDTXDAisANiI80CRSljRQ7OGezfRlzdx5dLS5lqRq32FdZzFeaJyjZcTDYJBkaTyR4sGnn1+JSZJ8W8/p7/yBpqSlw+l04fQafn6G1cAFb4AwALOQxmAoNrBN9XPbn9voIKpUJdbyjNXfoHz8r+IR6PRoyJqJNwufA6AaZyHCgBBVAlM6UVJUNGrt38QK7eVqcvtZa2v3X6I3rjiS3FcyndFzj1U+hMsrKNfoQ2wAgvAeAl1JAVCilcApQ0s8SkpHJVExV9+lhy8tIzZgKujRmyYjU0fXdSpXT27rD7jQNylH08MTFR4eAt92FEzd07+WLCz5xjjuK7WYWGUfJ2FdWzGq2AiqiJdZCnWINDUE4RlvRRtNqOUp8uh1p9fVjuS3vhEQ3x6gouO1QVMfr3HLeLVt9I2R/v/T49+LbHYnX6+/pdV5UoPagrraBVtgO1Jjywyo+iQWmRNnens/ZNkqMeeYt1iItFoCRljvjF924Xhkfk2JzPtSHd2ZOiKQ+7qIpf5wjrawKtgBPcWVkpgngh2G6UtAn6WO9M6HQk0W7XLizq1rRtb+CpjrYmNNuhf/NrQhXa7Jf1Xm11NNnbRZP1lVXlXT18KsLL3j9AGWEr47NQy5SGMJ3tXCYqkkavn3N6uU609kw1qLN/XdTeJ0SZu6rWbfJ03qm+fHx6aTyRmk0bf7qjgOWBzolhAbCjy1AKA5vFdcidclp7QD7Fiw1N799YMdrkildVlNn2188ABdPG0ploci+i1pzQaD+c8Lz8HoAJvoR5TaAMaoBX6FWQ4MUKAIGQSt0pgBJotGYiXV/pA6GXSalU7HMpYcgQvpyz5LDbV3GOsdltsgdiUWOf5SZbaHZmQHK4qb2Awdzi51O/geYeD5wPhDt4nWD366rb3bM11cb+6zO+qDleqq5K18axfP7vHa2rpr9FVmI1VrV3CUAjdDQb4gN8fCMrLNVamUqWyWO2OIjadpNkKR5V5Q20JwaDskjJ0LlP2feGhvmWH2+634NW3DlhrZyfle8gT9VsZ+R0oFEACgN/g9zAHLQBAQQxeACgUCv9UiMMHyvPW0vP8dk4nXt2eT5JAPJKiO19Wf/+HP771+tkEXpXnbt+Tf/0PPc+Q9YV1VIVXieaZHT5DyPGP6dZlw24Npa3S+/QH92F28z5ThdBpDVXMo3KgDfAoeYhPkK4/ViG1fe8k2u5uEjuNnv6mwX3LDrevkfw0oLUOV32t39u0VXaj/E7ptoUf2ijhV8qxE79Fndqd2QYQrSWc9Y/hV9SBwqn/e6aZE2eSyTOJxFwyOZeoD4XqQ/X1JQ23zY8MX2hbyHR0pomUi/7Ti81oA4zgBGAe7U6hJccztPGR/ZB9Ovr4p47Hp6PuuE2T5aJjtUGT/138l0029k/Pjy4mqq3ZP0c12+ZDPKIXbSjx3QAaUVLCbolLkASDaqdHoBNa615v0SjaidN9vG0S776StrgUo3C4mzYnUM0jlyjxBb2MNqDqsT4W1VtEuDrN0XadpcxaaW8zobXxcJNG86xaHQjLHwICurCOXkcbwCv8eTRLueIs3Q5GJqkT0ybte03HuL3ehMvjdIRszlb/idGWcddeW8TW0sK52wLH9ZwrZ61mjAazUaevaQmkxnjLhMnMW6zle9iWUNdkUVuGwjqaw/PkNEDmo8iKkiQoB79Hxgy5bDJteGZhgXXorTrGKOlPjt09rb106fydoE+rntXqi7HihXX0OVojPHtMA4aSHf/rUN+y023nzMuLe1Sufv3sJIrIH4gBmwP1ypUpXx0gojdUQGulmbtjdN78i5UOnVGn3m3Udb50Ha393pfh+Yzv93KlkltfaEebaI2w8xF+kvRYiHK8aPZU2KiqXT6/jvr7lZ49VTr1LsPu+EtvMc3Zn2vVZ5GmxmFD//6+t9vH9rDvy3vaR0vnJl9hHX2CvwV7Svwv9oQ2Ee4Xz+PF474Z7Tp68eJRcln9DOO3WvwWi1//5vXrN25cv/7mOd/U+HjO682Nj0/5yL67AdC/4a8rPkPGlhiNSsTkul9YiPR6Ty0soDMHdXbT5sZCEWMnAPoYfwvsZH07LsqudDZQVEPcUaB9Qxe7mwJeyTLYMJNMTImtuYglbv7m/szFE/UNTbwtGxbCB9vEM2eiKs0SqS9QWEf/pdTnB0BeLbVFQNX//qqhtiWKjFbBpGv2eBoanG1zqb4LXYmcM1Mp2dkYq7L2OYZnY9PI5/Dua2mKhoPyP3e+eGbhal+9a6Kq2jfe72ann947HQEys8i556FSFw+RbYd5NK2UeUsXS1Q9OZ84XsEeUYkjsUS9rzGSax0/GfaEOpqftvOBGkcwrvc1euN+2h7T12WFWL9Fbe8NR7PB6Wyox6y2DiTCgyH0jfpGX32Nj6+T3+f9dp/DYBQdwQZA0FZYh0/hbfK9w+zo/BVOEDhOEPQi7xdFPy+SOaOsRX/APDQCoCRoyR0QpNEMfIh/DBoAI88LFDXn0KxoHGjmzuXLdwBBLdxFHtREvpMkUaBr/3j3+PEir+fRw8Id8pwRPbQe/To/MgIIegsZ5McfEJ0wRagYBQPmXiKVSuSkcFi6eezBpUsPjnGH78+evD8DCBoLGVRZeodXWEt0Qpu0+VxzONycS6RSN7mZ+ydn7x/mlHcBgxcAfYZfgGrlq0tixeIlUMpFs8rFSixlFCR2zNw/Wp49SO83Haf3m7IHy/ZPM6PmY4z3WPnxW1NzUzdu3LgxNTd169YtZJ0DMn9hHMfRflUMKIgjM2zPe/gVWtv6ZuxcRmtyJaDC27gFRvB7pA+GHX3whUI+XyiEW4IsGyQXsRAy199Ha1D5mJ8qp35tjStQYdMZdQ5m2Z35xS7tKZWaD6A/yMboUxJ5txPHoV0VI/lVvMTofvL/XsPx7x/+G/gfAAAA//8BAAD//4mblmYAAQAAAAILheP3wvlfDzz1AAED6AAAAADYXaCEAAAAAN1mLzb+N/7ECG0D8QABAAMAAgAAAAAAAAABAAAD2P7vAAAImP43/jcIbQABAAAAAAAAAAAAAAAAAAAAPXicLI2xLkNhHEfP/yeRiCs+STUsHeqK6L0aG4l+w39pSPpPDEQ9AC9h8Ab2rmYWqxewmLyKgS6fVDqc7ZwcvXHJByiXucYM9UCoJlQReibsiNA9oTmhGaEXhroidEeoZU8tu5pxobb8aqP8aJOBMm5f1MocaJXartlRl77OcOtwYt3yqRq3Hr5yi2uEq/n3fdHYE27vbNsjWzplpHUqrVEpsa/EWImeEodKDKwlL5nYhMa+qWzKuU05VqKvhhvr4FBeF18o/gcAAP//AQAA///R/CjPAAAALAAsAFAAfACgALYAygDgAOwBBgE4AVoBhgGoAc4CDgIgAj4CWgJ4ArAC4gMOA0ADdAOaBAIEJAQwBDwEVARwBKIExATwBSAFVAV0BbAF1gX4BhQGRAZwBogGtAb0B0IHWAdkB3QHgAeMB6YHwAfwB/oIBggcCDoISAABAAAAPQCQAAwAYwAHAAEAAAAAAAAAAAAAAAAABAADeJyclM9uG1UUxn9ObNMKwQJFVbqJ7oJFkejYVEnVNiuH1IpFFAePC0JCSBPP+I8ynhl5Jg7hCVjzFrxFVzwEz4FYo/l87NgF0SaKknx37vnznXO+c4Ed/mabSvUh8Ec9MVxhr35ueIsH9RPD27TrW4arPKn9abhGWJsbrvN5rWf4I95WfzP8gP3qT4YfslttG/6YZ9Udw59sO/4y/Cn7vF3gCrzgV8MVdskMb7HDj4a3eYTFrFR5RNNwjc/YM1xnD+gzoSBmQsIIx5AJI66YEZHjEzFjwpCIEEeHFjGFviYEQo7Rf34N8CmYESjimAJHjE9MQM7YIv4ir5RzZRzqNLO7FgVjAi7kcUlAgiNlREpCxKXiFBRkvKJBg5yB+GYU5HjkTIjxSJkxokGXNqf0GTMhx9FWpJKZT8qQgmsC5XdmUXZmQERCbqyuSAjF04lfJO8Opzi6ZLJdj3y6EeFLHN/Ju+SWyvYrPP26NWabeZdsAubqZ6yuxLq51gTHui3ztvhWuOAV7l792WTy/h6F+l8o8gVXmn+oSSVikuDcLi18Kch3j3Ec6dzBV0e+p0OfE7q8oa9zix49WpzRp8Nr+Xbp4fiaLmccy6MjvLhrSzFn/IDjGzqyKWNH1p/FxCJ+JjN15+I4Ux1TMvW8ZO6p1kgV3n3C5Q6lG+rI5TPQHpWWTvNLtGcBI1NFJoZT9XKpjdz6F5oipqqlnO3tfbkNc9u95RbfkGqHS7UuOJWTWzB631S9dzRzrR+PgJCUC1kMSJnSoOBGvM8JuCLGcazunWhLClornzLPjVQSMRWDDonizMj0NzDd+MZ9sKF7Z29JKP+S6eWqqvtkcerV7YzeqHvLO9+6HK1NoGFTTdfUNBDXxLQfaafW+fvyzfW6pTzliJSY8F8vwDM8muxzwCFjZRjoZm6vQ1MvRJOXHKr6SyJZDaXnyCIc4PGcAw54yfN3+rhk4oyLW3FZz93imCO6HH5QFQv7Lke8Xn37/6y/i2lTtTierk4v7j3FJ3dQ6xfas9v3sqeJlZOYW7TbrTgjYFpycbvrNbnHeP8AAAD//wEAAP//9LdPUXicYmBmAIP/5xiMGLAAAAAAAP//AQAA//8vAQIDAAAA");
+}
+.d2-1480995423 .text-italic {
+	font-family: "d2-1480995423-font-italic";
+}
+@font-face {
+	font-family: d2-1480995423-font-italic;
+	src: url("data:application/font-woff;base64,d09GRgABAAAAABPUAAoAAAAAHjQAARhRAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgW1SVeGNtYXAAAAFUAAAA2wAAAT4HPAjfZ2x5ZgAAAjAAAAyIAAARqDOmcDloZWFkAAAOuAAAADYAAAA2G7Ur2mhoZWEAAA7wAAAAJAAAACQLeAjhaG10eAAADxQAAADbAAAA9GlfB2lsb2NhAAAP8AAAAHwAAAB8ikaOwm1heHAAABBsAAAAIAAAACAAVQD2bmFtZQAAEIwAAAMmAAAIMgntVzNwb3N0AAATtAAAACAAAAAg/8YAMgADAeEBkAAFAAACigJY//EASwKKAlgARAFeADIBIwAAAgsFAwMEAwkCBCAAAHcAAAADAAAAAAAAAABBREJPAAEAIP//Au7/BgAAA9gBESAAAZMAAAAAAeYClAAAACAAA3icjM/LLqMBHMbh52s7nUPbOXZmnJU6laKKauxEIqSRiIXECjchcVliJ44XIbF1FZVY/MWXxtq7fha/F4msBEW5pIm6ipyiiqppNfMWNLW0rduwZUfHngOHjhw7dRZBT8+kuvGuN23r2LXf0ydvOp6UFZTkZeIlnqMb3biPu7iNm7iOq7iMh3iMizhPuz6+xJqmVS3LGubU05pFSzKycj7J++yLr74pKCr57oeffvntjxVtZX/981+ffgMGDRk2YlTFmHFVEyZNpT9rZnkFAAD//wEAAP//aRMzAwB4nHxXa3Ab13U+9y6IFSkQJLB4EBBIEFhglwTxIHYBLAgQIECQ4Avg+2WJpEi9LFGyTclmbUeS7YgeVVZqFfEo6rjjRGmddpL4j2unnVHqOlMnnWHsMtPOOK1TO+40TuhUamqbw3GTTLjb2QUIgspMfmAHA+w995zvfN937oUqcAHgh/FNIKAa6kAPRgCechAELwi0meBZliZJgaUo0nUFrV/5c1Xm8C9avv4br13V98VvDf3P4iv45s459Mz800+LR66dPDlz757oQf92DwAAS+8AoB/jAlSDDoAieZZhWFqtRoinaJYmP4p9v0ZVo1JZefGf0YnDuTH9L8+gJ1dWQsvRjgfFMVzYWdnYAEDQIW1jH34J7ABVToYJh5KY50xmkmFopxYbDSYTz0UEs1qNnEOnI+2HL+eiYw0RKsLEjna7nIPxlkwz7ZrXZJ4Yzt98vE/wtDaziRNPdMbnw82HOLtPzhVoABxRcqVkBHjOZDSo1TTLc5FIOMTQNL32heeen7r9yPT01KXMg8cjuPDHTz7+nZOpyVtL82fkepESox4X4KCCIekgeZImHSS9hpZrxY88n2k/4RGjxYX0j7s/7654v7rifaL0tu+z2k87cSH9827x33djn9mNzRMOiidoykHQa8NR1BLNrw13ie8lcUG8h4w7KygqrhfXwDYuAFFcQ68Nr8mglnOdwQXQFP/jEU9SNEGS9NpwmkADs59/Zeyp53y4IL6Ben4nnkPHrn5QXvcGLoBFWUeZeUHJJBIRaJKgCbm/JEGvzXeYVNnvz68N5aqtGtXIP3oTJpVae2AQF8SvXbuGju2soAve5bYXxG+guRe8Z7zijVLsU7hQ6gBl5iMRJXo56vAtj0qtrekdWsvfbFOp62qyuCDOPRd8iEdzOyvo5ef5ZU68rfSzU9rGC/glqIdmhTUl0piMBi1muSSWe1okD7I/vOqfXs0Ongz5px/LhGeSzsFh+Tmg+bNLQ4XV3p6LE0NfXu3NdB5b7VhajR9bjS3+UZkzPqUnhkrO0ATFc7ukuTN3YfCLk2dC6aMnl3P9J3FhcHr0waD4a9Q3OtLBQzkOiwtQC6a9OHI79kX6ztz5hycenTh3Qeg5vnBiqH8RF7ITRx7WiR8hk3gXTY1nI4EiDzXSNhLxS+ABMDsZVlD0EQ4xLCuLJxIpi0etNhpMZrNJyfvjzEpLR+OU0Dnmc+c88fBcPL5o5y1ZvzvcGHTlAqH4KU0s1tbG9URdnMlvHRC4cS7U4m9qtbcfYgImn61PiB0JAYJ5ABzGBSDlamjBQdLEX6++WYveqf3eKs5nMjuvF/MckbaVfptKHVK6Lacky1n+qkZNJ86qVYPDQ9Wp3uhh41hu3HZFc+aUMWBBK+JzPmc2P3cWvSCevfGkHG8cAKcVHIEneMpkKjEIPR8fOVR1gFBZwta/nRS/hQvizfBDkfAjIXROkQMgmADATbgAdXLOBG8uLRZ4RHyJPzvqq66rJszehksT4v+GEKDCP7h6GXef6w1xRVJ6yErb6NdoCwxyN81lvpl5gSdogVarWS4iCGXHej2V8w4u8GxCp6KSS10HVPSsnhlxeY2czZUJ24OaI1PZJ+f4FkdCtPa7Ayl/4CeM0zMwz3UlipyxS9voU7wORtnB5S7TJE3xJMkr7d3HcjVJmkx32YSOMHTdyLMm7Jr0KduHXZlwU3urc4z2G3hNiyOB199cbGw7PC1vnfIMzPPJhMf9MeMEBG5pG72GtsC2r7o9FpUc+L2RE978UtjbafJRTGP7dKQj1hwxOa15zan5nkenAk5Lu9nYs5Lpzlp1nMENu9hhtqKWPez+MHgxPVHP5Asl9Ibd96PHNh99cyd6P3xYqeV7aAus4K7cT1GdQ12eJgSvWL9c4c+nz/iG5tqFdJOmSvxBdXPG09hhbmoce1HChL6VDi9olpd6V8a9/lHOxmu7Rt0WHW+0I/fBhlpb0D4FCNoA0PP4XTArmujClSokFeNvm+o6mK6vG05YPfpDNYd0jtYDumOa41Pomx1VY4MTtQcFsoZrm0iKszJmSHKhLbQFdvBXqlwQ1Gp6P/vUamIfeq8Ep2mXrbclOai1MJOBxGjbwFyQSeoIqusU9WgHPeZsMwVtdJpvCnzANIbNzlzqNOOdnso89gAn85E4ego52jz/wjhbs7Pt8XhRP3YA9B5eL82FPR6SynAIh+QyCfuNfHu9qnXcmwwfSOY6Vap+W7+/F6/fS9CBdNTuEt9GXkND7ZDHL35TkuSY8Fv8GmagAwDUEOsHAEmSnpVY+D/l93jx9969HH6F18szjZJnGkuS9hv5Rfyb2bdWh+dXrHhdbEToHfEXv7pwERB4pW34LV4HvYxiOFS0HaOhRIGH0uqL+csI6Qg1iWpMmi6dBZ/d+TJZTegRjqtU5X3xXbQl+628Z7F0cwkA9T4EKsFY6iJVzAQTC1YFZt2JiEqVzCdUqj5jv7dXxiZr6m/rRZsDrqDQ4uXTUV2ToRKfvW97+KMtaKjM4X745R1bx/370Fd2uB/8si7R+2gL6qCxUidFcykei4rif3dkwTu4wI0c9Q4teHxjfISTH5rTR3ofnfIXn6nulZ7uvsxKT3dWORt+LvHoU7RV1DxZkbEW04qbkdQ+/6q53qUm3FN+Rfoc00lhvf2vKv1rA7+esvtKwrefvo1QycCYX7odu/Xwikcre1YJsrHcp5X9SkEORxN2z/orvfr67Uqj2bj9OBMoW/VOHqH9Rl3syyW0BfUVfTGTzG4/Dqoacz6L8VC91ZWzJ9DmvDdR3XOgKy5uAJJ+J22jy2gL2Pvn+P1jXJ7ixSH+cnDe0m5OMZ5Ea9Tf4R3w+gdtfop3MMFIczLUPq4JtTD2Fj9tZe3WZGtb2u1qajFYffYmRu/s9Pp63HLOndI2msXnyl4fEWTH4hWXqvD6O6mQCnX0Hcy50ocuai53EDan1npQVx/QdPnqrLVI31F19WpSvKvXNzXVVAlknRw7Km2jT9Cm7BPmvZlfUhxVsvtXymrob+zz9ubkAdkyqekWdHYKRcR3KYtMUzQrWgdpvqjBOAD6L7T5+7P/Sl/OpVKrVDoX9ad5cQdtih/TQ7RrwIUsolVZK70lBdBHaBOsAKSCs2Kk+6JosbqmWWvR691pi34ix8inCZ1b/yc58WeWeP+/kmRHdYKj0cfiJ448TeecSLfzWSDvLfLOI22jH+HroAOHUvUfOIyuc31uz8BimMu6WgeOBtlMqNHrV56a6PHkA39xqS92PHn46xeziZ7z13oyM73nr/V0zwCSc0fP4KeU+4Egn7oiAk/wpLX2S4vna6aE+GNXNCn0Iadx7ryVkmv+HAD9AF+X19FCkigJjS2LkHSQNQcWbywE+HBz2sl6Z9rHZz3jlyaQQeMfu3jsAb+302FvZ1of6AkvLK70d8t18tI2uoevQx14AQSFJyWTINUG876bm2wc5K5Dqi/GOaaT5jnLiAudiYy2+UYfSoV7DSFnJzfTpXVMOvqmhKNv904FBluEtDNw0Pyz6FLXsZcf7w42t8YyFycZ1+xwcjkFQIBD2kb/ga+DHdrkqVHcNRIRwmXNKJ5sbMLyxtRugkaDiShmy7CKpX3on4m29bC2ptAM1zrgzwqGFlvnUqO7M+rxZpNNrlRLa4blugc0roFocDCsU9nirJD3NKe51LRdVdsadcYmfOhkwyAXCMXDXFz8bmO0xc23Gm1DUSFR5KxZ2oZrcE7uWVELRTiyJgtrMzW4NTaT1dtosnhBkpR319FPMQvtkELnQQ3tSoxn0LfhM3wbqgAoQeBJ8hlz3RDlQd9+cW7uReVO9SGqQRb5Dij/TWver/2wNLOlD6Rn0avS38n/kYKDdB1EP6y5xHFK3LQ0imbw+/J52FyC0KxW7trmLzQ4hNODvuVz1Qbtq6mXx1d/+Pfzlqvif37Nf2qRkeO+K43C3dJaNqJXQBWK/oR8y2er9XWcHOJV61Xk+Grg1FGGSv3l+Orb35U51ACgcOiQ7Jy8QAvFD08qH5JWPrRAkxQv0Ex6pHbcP6qdjPOxy3E+NqId949pp1Kh9FOpsaf9T28It4Q7d+7cEW4JGxsbSHVLOT/Af+MY+ipRByR0wntQnuGwgTZ378r2pfwxtKkYBII+PASv4dfkPlEVfXqCaqLNhkYaD5lNFkeDydIMSDmb/AhtyrWTe6cyxeOCZlpnqTHU2xw1j+Qf0WZ+UlPdoSaDbdi189PsNCDQ4Rj8E1En50Cxgvkrz3ZfwLFvBP8G/h8AAP//AQAA//8C7MDZAAEAAAABGFEvc4ybXw889QABA+gAAAAA2F2gzAAAAADdZi83/r3+3QgdA8kAAgADAAIAAAAAAAAAAQAAA9j+7wAACED+vf28CB0D6ADC/9EAAAAAAAAAAAAAAD14nCzOsSuEcRzH8ffnc5lQZLhzyy99PfeUUwYLucUgI1E2u1Imi83gL/Cv+AeOSclmUVcemQwkw5Gu++mR4TN+er19yiK3oHG+c4d17xL6IvRI+IRgRHiF8DXhY8Jn9Nwh3CX0w5TGHPqIHX2wp3v2PU/pFklXFG5S6plCbbqeQ54k8UbiPV9oQOKb5UYieZrkBqWbeVj/dUDSZR5pi55nWFOfDfXzjSqWVNFWlYeqWFXFAp80/3euuuklDxRsqsgPeqLlCV7/TNiuXWD2FwAA//8BAAD//1JQOgAAAAAALgAuAFIAhACmAL4A1ADuAPwBGAFGAWwBngHCAeoCKgI+AmYChAKkAtwDFANCA3oDtAPcBCQETgRaBGYEgASiBOQFDgU8BXYFsAXOBgoGOAZkBoIGsgbkBvwHJgdoB74H1AfgB/AH/ggMCCoISAh6CIQIkgioCMYI1AABAAAAPQCMAAwAZgAHAAEAAAAAAAAAAAAAAAAABAADeJyclNtOG1cUhj8H2216uqhQRG7QvkylZEyjECXhypSgjIpw6nF6kKpKgz0+iPHMyDOYkifodd+ib5GrPkafoup1tX8vgx1FQSAE/Hv2OvxrrX9tYJP/2KBWvwv83ZwbrrHd/NnwHb5oHhneYL/5meE6Dxv/GG4waLw13ORBo2v4E97V/zT8KU/qvxm+y1b90PDnPK5vGv5yw/Gv4a94wrsFrsEz/jBcY4vC8B02+dXwBvewmLU699gx3OBrtg032QZ6TKhImZAxwjFkwogzZiSURCTMmDAkYYAjpE1Kpa8ZsZBj9MGvMREVM2JFHFPhSIlIiSkZW8S38sp5rYxDnWZ216ZiTMyJPE6JyXDkjMjJSDhVnIqKghe0aFHSF9+CipKAkgkpATkzRrTocMgRPcZMKHEcKpJnFpEzpOKcWPmdWfjO9EnIKI3VGRkD8XTil8g75AhHh0K2q5GP1iI8xPGjvD23XLbfEujXrTBbz7tkEzNXP1N1JdXNuSY41q3P2+YH4YoXuFv1Z53J9T0a6H+lyCecaf4DTSoTkwzntmgTSUGRu49jX+eQSB35iZAer+jwhp7Obbp0aXNMj5CX8u3QxfEdHY45kEcovLg7lGKO+QXH94Sy8bET689iYgm/U5i6S3GcqY4phXrumQeqNVGFN5+w36F8TR2lfPraI2/pNL9MexYzMlUUYjhVL5faKK1/A1PEVLX42V7d+22Y2+4tt/iCXDvs1brg5Ce3YHTdVIP3NHOun4CYATknsuiTM6VFxYV4vybmjBTHgbr3SltS0b708XkupJKEqRiEZIozo9Df2HQTGff+mu6dvSUD+Xump5dV3SaLU6+uZvRG3VveRdblZGUCLZtqvqKmvrhmpv1EO7XKP5Jvqdct5xGh4i52+0OvwA7P2WWPsbL0dTO/vPOvhLfYUwdOSWQ1lKZ9DY8J2CXgKbvs8pyn7/VyycYZH7fGZzV/mwP26bB3bTUL2w77vFyL9vHMf4ntjupxPLo8Pbv1NB/cQLXfaN+u3s2uJuenMbdoV9txTMzUc3FbqzW5+wT/AwAA//8BAAD//3KhUUAAAAADAAD/9QAA/84AMgAAAAAAAAAAAAAAAAAAAAAAAAAA");
+}]]></style><style type="text/css"><![CDATA[.shape {
+  shape-rendering: geometricPrecision;
+  stroke-linejoin: round;
+}
+.connection {
+  stroke-linecap: round;
+  stroke-linejoin: round;
+}
+.blend {
+  mix-blend-mode: multiply;
+  opacity: 0.5;
+}
+
+		.d2-1480995423 .fill-N1{fill:#0A0F25;}
+		.d2-1480995423 .fill-N2{fill:#676C7E;}
+		.d2-1480995423 .fill-N3{fill:#9499AB;}
+		.d2-1480995423 .fill-N4{fill:#CFD2DD;}
+		.d2-1480995423 .fill-N5{fill:#DEE1EB;}
+		.d2-1480995423 .fill-N6{fill:#EEF1F8;}
+		.d2-1480995423 .fill-N7{fill:#FFFFFF;}
+		.d2-1480995423 .fill-B1{fill:#0D32B2;}
+		.d2-1480995423 .fill-B2{fill:#0D32B2;}
+		.d2-1480995423 .fill-B3{fill:#E3E9FD;}
+		.d2-1480995423 .fill-B4{fill:#E3E9FD;}
+		.d2-1480995423 .fill-B5{fill:#EDF0FD;}
+		.d2-1480995423 .fill-B6{fill:#F7F8FE;}
+		.d2-1480995423 .fill-AA2{fill:#4A6FF3;}
+		.d2-1480995423 .fill-AA4{fill:#EDF0FD;}
+		.d2-1480995423 .fill-AA5{fill:#F7F8FE;}
+		.d2-1480995423 .fill-AB4{fill:#EDF0FD;}
+		.d2-1480995423 .fill-AB5{fill:#F7F8FE;}
+		.d2-1480995423 .stroke-N1{stroke:#0A0F25;}
+		.d2-1480995423 .stroke-N2{stroke:#676C7E;}
+		.d2-1480995423 .stroke-N3{stroke:#9499AB;}
+		.d2-1480995423 .stroke-N4{stroke:#CFD2DD;}
+		.d2-1480995423 .stroke-N5{stroke:#DEE1EB;}
+		.d2-1480995423 .stroke-N6{stroke:#EEF1F8;}
+		.d2-1480995423 .stroke-N7{stroke:#FFFFFF;}
+		.d2-1480995423 .stroke-B1{stroke:#0D32B2;}
+		.d2-1480995423 .stroke-B2{stroke:#0D32B2;}
+		.d2-1480995423 .stroke-B3{stroke:#E3E9FD;}
+		.d2-1480995423 .stroke-B4{stroke:#E3E9FD;}
+		.d2-1480995423 .stroke-B5{stroke:#EDF0FD;}
+		.d2-1480995423 .stroke-B6{stroke:#F7F8FE;}
+		.d2-1480995423 .stroke-AA2{stroke:#4A6FF3;}
+		.d2-1480995423 .stroke-AA4{stroke:#EDF0FD;}
+		.d2-1480995423 .stroke-AA5{stroke:#F7F8FE;}
+		.d2-1480995423 .stroke-AB4{stroke:#EDF0FD;}
+		.d2-1480995423 .stroke-AB5{stroke:#F7F8FE;}
+		.d2-1480995423 .background-color-N1{background-color:#0A0F25;}
+		.d2-1480995423 .background-color-N2{background-color:#676C7E;}
+		.d2-1480995423 .background-color-N3{background-color:#9499AB;}
+		.d2-1480995423 .background-color-N4{background-color:#CFD2DD;}
+		.d2-1480995423 .background-color-N5{background-color:#DEE1EB;}
+		.d2-1480995423 .background-color-N6{background-color:#EEF1F8;}
+		.d2-1480995423 .background-color-N7{background-color:#FFFFFF;}
+		.d2-1480995423 .background-color-B1{background-color:#0D32B2;}
+		.d2-1480995423 .background-color-B2{background-color:#0D32B2;}
+		.d2-1480995423 .background-color-B3{background-color:#E3E9FD;}
+		.d2-1480995423 .background-color-B4{background-color:#E3E9FD;}
+		.d2-1480995423 .background-color-B5{background-color:#EDF0FD;}
+		.d2-1480995423 .background-color-B6{background-color:#F7F8FE;}
+		.d2-1480995423 .background-color-AA2{background-color:#4A6FF3;}
+		.d2-1480995423 .background-color-AA4{background-color:#EDF0FD;}
+		.d2-1480995423 .background-color-AA5{background-color:#F7F8FE;}
+		.d2-1480995423 .background-color-AB4{background-color:#EDF0FD;}
+		.d2-1480995423 .background-color-AB5{background-color:#F7F8FE;}
+		.d2-1480995423 .color-N1{color:#0A0F25;}
+		.d2-1480995423 .color-N2{color:#676C7E;}
+		.d2-1480995423 .color-N3{color:#9499AB;}
+		.d2-1480995423 .color-N4{color:#CFD2DD;}
+		.d2-1480995423 .color-N5{color:#DEE1EB;}
+		.d2-1480995423 .color-N6{color:#EEF1F8;}
+		.d2-1480995423 .color-N7{color:#FFFFFF;}
+		.d2-1480995423 .color-B1{color:#0D32B2;}
+		.d2-1480995423 .color-B2{color:#0D32B2;}
+		.d2-1480995423 .color-B3{color:#E3E9FD;}
+		.d2-1480995423 .color-B4{color:#E3E9FD;}
+		.d2-1480995423 .color-B5{color:#EDF0FD;}
+		.d2-1480995423 .color-B6{color:#F7F8FE;}
+		.d2-1480995423 .color-AA2{color:#4A6FF3;}
+		.d2-1480995423 .color-AA4{color:#EDF0FD;}
+		.d2-1480995423 .color-AA5{color:#F7F8FE;}
+		.d2-1480995423 .color-AB4{color:#EDF0FD;}
+		.d2-1480995423 .color-AB5{color:#F7F8FE;}.appendix text.text{fill:#0A0F25}.md{--color-fg-default:#0A0F25;--color-fg-muted:#676C7E;--color-fg-subtle:#9499AB;--color-canvas-default:#FFFFFF;--color-canvas-subtle:#EEF1F8;--color-border-default:#0D32B2;--color-border-muted:#0D32B2;--color-neutral-muted:#EEF1F8;--color-accent-fg:#0D32B2;--color-accent-emphasis:#0D32B2;--color-attention-subtle:#676C7E;--color-danger-fg:red;}.sketch-overlay-B1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B2{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B3{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-AA4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-N2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-N3{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N4{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N7{fill:url(#streaks-bright);mix-blend-mode:darken}.light-code{display: block}.dark-code{display: none}]]></style><style type="text/css">.d2-1480995423 .md em,
+.d2-1480995423 .md dfn {
+  font-family: "d2-1480995423-font-italic";
+}
+
+.d2-1480995423 .md b,
+.d2-1480995423 .md strong {
+  font-family: "d2-1480995423-font-bold";
+}
+
+.d2-1480995423 .md code,
+.d2-1480995423 .md kbd,
+.d2-1480995423 .md pre,
+.d2-1480995423 .md samp {
+  font-family: "d2-1480995423-font-mono";
+  font-size: 1em;
+}
+
+.d2-1480995423 .md {
+  tab-size: 4;
+}
+
+/* variables are provided in d2renderers/d2svg/d2svg.go */
+
+.d2-1480995423 .md {
+  -ms-text-size-adjust: 100%;
+  -webkit-text-size-adjust: 100%;
+  margin: 0;
+  color: var(--color-fg-default);
+  background-color: transparent; /* we don't want to define the background color */
+  font-family: "d2-1480995423-font-regular";
+  font-size: 16px;
+  line-height: 1.5;
+  word-wrap: break-word;
+}
+
+.d2-1480995423 .md details,
+.d2-1480995423 .md figcaption,
+.d2-1480995423 .md figure {
+  display: block;
+}
+
+.d2-1480995423 .md summary {
+  display: list-item;
+}
+
+.d2-1480995423 .md [hidden] {
+  display: none !important;
+}
+
+.d2-1480995423 .md a {
+  background-color: transparent;
+  color: var(--color-accent-fg);
+  text-decoration: none;
+}
+
+.d2-1480995423 .md a:active,
+.d2-1480995423 .md a:hover {
+  outline-width: 0;
+}
+
+.d2-1480995423 .md abbr[title] {
+  border-bottom: none;
+  text-decoration: underline dotted;
+}
+
+.d2-1480995423 .md dfn {
+  font-style: italic;
+}
+
+.d2-1480995423 .md h1 {
+  margin: 0.67em 0;
+  padding-bottom: 0.3em;
+  font-size: 2em;
+  border-bottom: 1px solid var(--color-border-muted);
+}
+
+.d2-1480995423 .md mark {
+  background-color: var(--color-attention-subtle);
+  color: var(--color-text-primary);
+}
+
+.d2-1480995423 .md small {
+  font-size: 90%;
+}
+
+.d2-1480995423 .md sub,
+.d2-1480995423 .md sup {
+  font-size: 75%;
+  line-height: 0;
+  position: relative;
+  vertical-align: baseline;
+}
+
+.d2-1480995423 .md sub {
+  bottom: -0.25em;
+}
+
+.d2-1480995423 .md sup {
+  top: -0.5em;
+}
+
+.d2-1480995423 .md img {
+  border-style: none;
+  max-width: 100%;
+  box-sizing: content-box;
+  background-color: var(--color-canvas-default);
+}
+
+.d2-1480995423 .md figure {
+  margin: 1em 40px;
+}
+
+.d2-1480995423 .md hr {
+  box-sizing: content-box;
+  overflow: hidden;
+  background: transparent;
+  border-bottom: 1px solid var(--color-border-muted);
+  height: 0.25em;
+  padding: 0;
+  margin: 24px 0;
+  background-color: var(--color-border-default);
+  border: 0;
+}
+
+.d2-1480995423 .md input {
+  font: inherit;
+  margin: 0;
+  overflow: visible;
+  font-family: inherit;
+  font-size: inherit;
+  line-height: inherit;
+}
+
+.d2-1480995423 .md [type="button"],
+.d2-1480995423 .md [type="reset"],
+.d2-1480995423 .md [type="submit"] {
+  -webkit-appearance: button;
+}
+
+.d2-1480995423 .md [type="button"]::-moz-focus-inner,
+.d2-1480995423 .md [type="reset"]::-moz-focus-inner,
+.d2-1480995423 .md [type="submit"]::-moz-focus-inner {
+  border-style: none;
+  padding: 0;
+}
+
+.d2-1480995423 .md [type="button"]:-moz-focusring,
+.d2-1480995423 .md [type="reset"]:-moz-focusring,
+.d2-1480995423 .md [type="submit"]:-moz-focusring {
+  outline: 1px dotted ButtonText;
+}
+
+.d2-1480995423 .md [type="checkbox"],
+.d2-1480995423 .md [type="radio"] {
+  box-sizing: border-box;
+  padding: 0;
+}
+
+.d2-1480995423 .md [type="number"]::-webkit-inner-spin-button,
+.d2-1480995423 .md [type="number"]::-webkit-outer-spin-button {
+  height: auto;
+}
+
+.d2-1480995423 .md [type="search"] {
+  -webkit-appearance: textfield;
+  outline-offset: -2px;
+}
+
+.d2-1480995423 .md [type="search"]::-webkit-search-cancel-button,
+.d2-1480995423 .md [type="search"]::-webkit-search-decoration {
+  -webkit-appearance: none;
+}
+
+.d2-1480995423 .md ::-webkit-input-placeholder {
+  color: inherit;
+  opacity: 0.54;
+}
+
+.d2-1480995423 .md ::-webkit-file-upload-button {
+  -webkit-appearance: button;
+  font: inherit;
+}
+
+.d2-1480995423 .md a:hover {
+  text-decoration: underline;
+}
+
+.d2-1480995423 .md hr::before {
+  display: table;
+  content: "";
+}
+
+.d2-1480995423 .md hr::after {
+  display: table;
+  clear: both;
+  content: "";
+}
+
+.d2-1480995423 .md table {
+  border-spacing: 0;
+  border-collapse: collapse;
+  display: block;
+  width: max-content;
+  max-width: 100%;
+  overflow: auto;
+}
+
+.d2-1480995423 .md td,
+.d2-1480995423 .md th {
+  padding: 0;
+}
+
+.d2-1480995423 .md details summary {
+  cursor: pointer;
+}
+
+.d2-1480995423 .md details:not([open]) > *:not(summary) {
+  display: none !important;
+}
+
+.d2-1480995423 .md kbd {
+  display: inline-block;
+  padding: 3px 5px;
+  color: var(--color-fg-default);
+  vertical-align: middle;
+  background-color: var(--color-canvas-subtle);
+  border: solid 1px var(--color-neutral-muted);
+  border-bottom-color: var(--color-neutral-muted);
+  border-radius: 6px;
+  box-shadow: inset 0 -1px 0 var(--color-neutral-muted);
+}
+
+.d2-1480995423 .md h1,
+.d2-1480995423 .md h2,
+.d2-1480995423 .md h3,
+.d2-1480995423 .md h4,
+.d2-1480995423 .md h5,
+.d2-1480995423 .md h6 {
+  margin-top: 24px;
+  margin-bottom: 16px;
+  font-weight: 400;
+  line-height: 1.25;
+  font-family: "d2-1480995423-font-semibold";
+}
+
+.d2-1480995423 .md h2 {
+  padding-bottom: 0.3em;
+  font-size: 1.5em;
+  border-bottom: 1px solid var(--color-border-muted);
+}
+
+.d2-1480995423 .md h3 {
+  font-size: 1.25em;
+}
+
+.d2-1480995423 .md h4 {
+  font-size: 1em;
+}
+
+.d2-1480995423 .md h5 {
+  font-size: 0.875em;
+}
+
+.d2-1480995423 .md h6 {
+  font-size: 0.85em;
+  color: var(--color-fg-muted);
+}
+
+.d2-1480995423 .md p {
+  margin-top: 0;
+  margin-bottom: 10px;
+}
+
+.d2-1480995423 .md blockquote {
+  margin: 0;
+  padding: 0 1em;
+  color: var(--color-fg-muted);
+  border-left: 0.25em solid var(--color-border-default);
+}
+
+.d2-1480995423 .md ul,
+.d2-1480995423 .md ol {
+  margin-top: 0;
+  margin-bottom: 0;
+  padding-left: 2em;
+}
+
+.d2-1480995423 .md ol ol,
+.d2-1480995423 .md ul ol {
+  list-style-type: lower-roman;
+}
+
+.d2-1480995423 .md ul ul ol,
+.d2-1480995423 .md ul ol ol,
+.d2-1480995423 .md ol ul ol,
+.d2-1480995423 .md ol ol ol {
+  list-style-type: lower-alpha;
+}
+
+.d2-1480995423 .md dd {
+  margin-left: 0;
+}
+
+.d2-1480995423 .md pre {
+  margin-top: 0;
+  margin-bottom: 0;
+  word-wrap: normal;
+}
+
+.d2-1480995423 .md ::placeholder {
+  color: var(--color-fg-subtle);
+  opacity: 1;
+}
+
+.d2-1480995423 .md input::-webkit-outer-spin-button,
+.d2-1480995423 .md input::-webkit-inner-spin-button {
+  margin: 0;
+  -webkit-appearance: none;
+  appearance: none;
+}
+
+.d2-1480995423 .md::before {
+  display: table;
+  content: "";
+}
+
+.d2-1480995423 .md::after {
+  display: table;
+  clear: both;
+  content: "";
+}
+
+.d2-1480995423 .md > *:first-child {
+  margin-top: 0 !important;
+}
+
+.d2-1480995423 .md > *:last-child {
+  margin-bottom: 0 !important;
+}
+
+.d2-1480995423 .md a:not([href]) {
+  color: inherit;
+  text-decoration: none;
+}
+
+.d2-1480995423 .md .absent {
+  color: var(--color-danger-fg);
+}
+
+.d2-1480995423 .md .anchor {
+  float: left;
+  padding-right: 4px;
+  margin-left: -20px;
+  line-height: 1;
+}
+
+.d2-1480995423 .md .anchor:focus {
+  outline: none;
+}
+
+.d2-1480995423 .md p,
+.d2-1480995423 .md blockquote,
+.d2-1480995423 .md ul,
+.d2-1480995423 .md ol,
+.d2-1480995423 .md dl,
+.d2-1480995423 .md table,
+.d2-1480995423 .md pre,
+.d2-1480995423 .md details {
+  margin-top: 0;
+  margin-bottom: 16px;
+}
+
+.d2-1480995423 .md blockquote > :first-child {
+  margin-top: 0;
+}
+
+.d2-1480995423 .md blockquote > :last-child {
+  margin-bottom: 0;
+}
+
+.d2-1480995423 .md sup > a::before {
+  content: "[";
+}
+
+.d2-1480995423 .md sup > a::after {
+  content: "]";
+}
+
+.d2-1480995423 .md h1:hover .anchor,
+.d2-1480995423 .md h2:hover .anchor,
+.d2-1480995423 .md h3:hover .anchor,
+.d2-1480995423 .md h4:hover .anchor,
+.d2-1480995423 .md h5:hover .anchor,
+.d2-1480995423 .md h6:hover .anchor {
+  text-decoration: none;
+}
+
+.d2-1480995423 .md h1 tt,
+.d2-1480995423 .md h1 code,
+.d2-1480995423 .md h2 tt,
+.d2-1480995423 .md h2 code,
+.d2-1480995423 .md h3 tt,
+.d2-1480995423 .md h3 code,
+.d2-1480995423 .md h4 tt,
+.d2-1480995423 .md h4 code,
+.d2-1480995423 .md h5 tt,
+.d2-1480995423 .md h5 code,
+.d2-1480995423 .md h6 tt,
+.d2-1480995423 .md h6 code {
+  padding: 0 0.2em;
+  font-size: inherit;
+}
+
+.d2-1480995423 .md ul.no-list,
+.d2-1480995423 .md ol.no-list {
+  padding: 0;
+  list-style-type: none;
+}
+
+.d2-1480995423 .md ol[type="1"] {
+  list-style-type: decimal;
+}
+
+.d2-1480995423 .md ol[type="a"] {
+  list-style-type: lower-alpha;
+}
+
+.d2-1480995423 .md ol[type="i"] {
+  list-style-type: lower-roman;
+}
+
+.d2-1480995423 .md div > ol:not([type]) {
+  list-style-type: decimal;
+}
+
+.d2-1480995423 .md ul ul,
+.d2-1480995423 .md ul ol,
+.d2-1480995423 .md ol ol,
+.d2-1480995423 .md ol ul {
+  margin-top: 0;
+  margin-bottom: 0;
+}
+
+.d2-1480995423 .md li > p {
+  margin-top: 16px;
+}
+
+.d2-1480995423 .md li + li {
+  margin-top: 0.25em;
+}
+
+.d2-1480995423 .md dl {
+  padding: 0;
+}
+
+.d2-1480995423 .md dl dt {
+  padding: 0;
+  margin-top: 16px;
+  font-size: 1em;
+  font-style: italic;
+  font-family: "d2-1480995423-font-semibold";
+}
+
+.d2-1480995423 .md dl dd {
+  padding: 0 16px;
+  margin-bottom: 16px;
+}
+
+.d2-1480995423 .md table th {
+  font-family: "d2-1480995423-font-semibold";
+}
+
+.d2-1480995423 .md table th,
+.d2-1480995423 .md table td {
+  padding: 6px 13px;
+  border: 1px solid var(--color-border-default);
+}
+
+.d2-1480995423 .md table tr {
+  background-color: var(--color-canvas-default);
+  border-top: 1px solid var(--color-border-muted);
+}
+
+.d2-1480995423 .md table tr:nth-child(2n) {
+  background-color: var(--color-canvas-subtle);
+}
+
+.d2-1480995423 .md table img {
+  background-color: transparent;
+}
+
+.d2-1480995423 .md img[align="right"] {
+  padding-left: 20px;
+}
+
+.d2-1480995423 .md img[align="left"] {
+  padding-right: 20px;
+}
+
+.d2-1480995423 .md span.frame {
+  display: block;
+  overflow: hidden;
+}
+
+.d2-1480995423 .md span.frame > span {
+  display: block;
+  float: left;
+  width: auto;
+  padding: 7px;
+  margin: 13px 0 0;
+  overflow: hidden;
+  border: 1px solid var(--color-border-default);
+}
+
+.d2-1480995423 .md span.frame span img {
+  display: block;
+  float: left;
+}
+
+.d2-1480995423 .md span.frame span span {
+  display: block;
+  padding: 5px 0 0;
+  clear: both;
+  color: var(--color-fg-default);
+}
+
+.d2-1480995423 .md span.align-center {
+  display: block;
+  overflow: hidden;
+  clear: both;
+}
+
+.d2-1480995423 .md span.align-center > span {
+  display: block;
+  margin: 13px auto 0;
+  overflow: hidden;
+  text-align: center;
+}
+
+.d2-1480995423 .md span.align-center span img {
+  margin: 0 auto;
+  text-align: center;
+}
+
+.d2-1480995423 .md span.align-right {
+  display: block;
+  overflow: hidden;
+  clear: both;
+}
+
+.d2-1480995423 .md span.align-right > span {
+  display: block;
+  margin: 13px 0 0;
+  overflow: hidden;
+  text-align: right;
+}
+
+.d2-1480995423 .md span.align-right span img {
+  margin: 0;
+  text-align: right;
+}
+
+.d2-1480995423 .md span.float-left {
+  display: block;
+  float: left;
+  margin-right: 13px;
+  overflow: hidden;
+}
+
+.d2-1480995423 .md span.float-left span {
+  margin: 13px 0 0;
+}
+
+.d2-1480995423 .md span.float-right {
+  display: block;
+  float: right;
+  margin-left: 13px;
+  overflow: hidden;
+}
+
+.d2-1480995423 .md span.float-right > span {
+  display: block;
+  margin: 13px auto 0;
+  overflow: hidden;
+  text-align: right;
+}
+
+.d2-1480995423 .md code,
+.d2-1480995423 .md tt {
+  padding: 0.2em 0.4em;
+  margin: 0;
+  font-size: 85%;
+  background-color: var(--color-neutral-muted);
+  border-radius: 6px;
+}
+
+.d2-1480995423 .md code br,
+.d2-1480995423 .md tt br {
+  display: none;
+}
+
+.d2-1480995423 .md del code {
+  text-decoration: inherit;
+}
+
+.d2-1480995423 .md pre code {
+  font-size: 100%;
+}
+
+.d2-1480995423 .md pre > code {
+  padding: 0;
+  margin: 0;
+  word-break: normal;
+  white-space: pre;
+  background: transparent;
+  border: 0;
+}
+
+.d2-1480995423 .md .highlight {
+  margin-bottom: 16px;
+}
+
+.d2-1480995423 .md .highlight pre {
+  margin-bottom: 0;
+  word-break: normal;
+}
+
+.d2-1480995423 .md .highlight pre,
+.d2-1480995423 .md pre {
+  padding: 16px;
+  overflow: auto;
+  font-size: 85%;
+  line-height: 1.45;
+  background-color: var(--color-canvas-subtle);
+  border-radius: 6px;
+}
+
+.d2-1480995423 .md pre code,
+.d2-1480995423 .md pre tt {
+  display: inline;
+  max-width: auto;
+  padding: 0;
+  margin: 0;
+  overflow: visible;
+  line-height: inherit;
+  word-wrap: normal;
+  background-color: transparent;
+  border: 0;
+}
+
+.d2-1480995423 .md .csv-data td,
+.d2-1480995423 .md .csv-data th {
+  padding: 5px;
+  overflow: hidden;
+  font-size: 12px;
+  line-height: 1;
+  text-align: left;
+  white-space: nowrap;
+}
+
+.d2-1480995423 .md .csv-data .blob-num {
+  padding: 10px 8px 9px;
+  text-align: right;
+  background: var(--color-canvas-default);
+  border: 0;
+}
+
+.d2-1480995423 .md .csv-data tr {
+  border-top: 0;
+}
+
+.d2-1480995423 .md .csv-data th {
+  font-family: "d2-1480995423-font-semibold";
+  background: var(--color-canvas-subtle);
+  border-top: 0;
+}
+
+.d2-1480995423 .md .footnotes {
+  font-size: 12px;
+  color: var(--color-fg-muted);
+  border-top: 1px solid var(--color-border-default);
+}
+
+.d2-1480995423 .md .footnotes ol {
+  padding-left: 16px;
+}
+
+.d2-1480995423 .md .footnotes li {
+  position: relative;
+}
+
+.d2-1480995423 .md .footnotes li:target::before {
+  position: absolute;
+  top: -8px;
+  right: -8px;
+  bottom: -8px;
+  left: -24px;
+  pointer-events: none;
+  content: "";
+  border: 2px solid var(--color-accent-emphasis);
+  border-radius: 6px;
+}
+
+.d2-1480995423 .md .footnotes li:target {
+  color: var(--color-fg-default);
+}
+
+.d2-1480995423 .md .task-list-item {
+  list-style-type: none;
+}
+
+.d2-1480995423 .md .task-list-item label {
+  font-weight: 400;
+}
+
+.d2-1480995423 .md .task-list-item.enabled label {
+  cursor: pointer;
+}
+
+.d2-1480995423 .md .task-list-item + .task-list-item {
+  margin-top: 3px;
+}
+
+.d2-1480995423 .md .task-list-item .handle {
+  display: none;
+}
+
+.d2-1480995423 .md .task-list-item-checkbox {
+  margin: 0 0.2em 0.25em -1.6em;
+  vertical-align: middle;
+}
+
+.d2-1480995423 .md .contains-task-list:dir(rtl) .task-list-item-checkbox {
+  margin: 0 -1.6em 0.25em 0.2em;
+}
+</style><g id="title"><g class="shape" ></g><g><foreignObject requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" x="418.000000" y="-59.000000" width="287" height="51"><div xmlns="http://www.w3.org/1999/xhtml" class="md"><h1>Chaining Certificates</h1>
+</div></foreignObject></g></g><g id="root-ca"><g class="shape" ><rect x="289.000000" y="12.000000" width="800.000000" height="595.000000" class=" stroke-B1 fill-B4" style="stroke-width:2;" /></g><text x="689.000000" y="45.000000" class="text fill-N1" style="text-anchor:middle;font-size:28px">ROOT CERTIFICATE AUTHORITY (CA)</text></g><g id="intermediate-ca"><g class="shape" ><rect x="281.000000" y="848.000000" width="831.000000" height="621.000000" class=" stroke-B1 fill-B4" style="stroke-width:2;" /></g><text x="696.500000" y="881.000000" class="text fill-N1" style="text-anchor:middle;font-size:28px">INTERMEDIATE CERTIFICATE AUTHORITY (CA)</text></g><g id="entity-cert"><g class="shape" ><rect x="12.000000" y="1660.000000" width="966.000000" height="621.000000" class=" stroke-B1 fill-B4" style="stroke-width:2;" /></g><text x="495.000000" y="1693.000000" class="text fill-N1" style="text-anchor:middle;font-size:28px">End-Entity Certificate</text></g><g id="root-ca.pad" style='opacity:0.000000' class="NONE"><g class="shape" ><rect x="339.000000" y="83.000000" width="71.000000" height="66.000000" class=" stroke-B1 fill-B5" style="stroke-width:2;" /></g><text x="374.500000" y="121.500000" class="text-bold fill-N1" style="text-anchor:middle;font-size:16px">pad</text></g><clipPath id="d2-1480995423-root-ca.key"><path d="M 635.000000 77.000000 L 635.000000 77.000000 S 635.000000 62.000000 650.000000 62.000000 L 838.000000 62.000000 L 838.000000 62.000000 S 853.000000 62.000000 853.000000 77.000000 L 853.000000 155.000000 L 853.000000 170.000000 L 635.000000 170.000000Z 635.000000 62.000000" fill="none" /> </clipPath><g id="root-ca.key" class="PRIVATE_KEY"><g class="shape" ><rect x="635.000000" y="62.000000" width="218.000000" height="108.000000" rx="15.000000" ry="15.000000" stroke="cornsilk" fill="wheat" class="shape" style="stroke-width:2;" /><rect x="635.000000" y="62.000000" width="218.000000" height="36.000000" fill="cornsilk" class="class_header" clip-path="url(#d2-1480995423-root-ca.key)" /><text x="645.000000" y="87.750000" fill="red" class="text" style="text-anchor:start;font-size:24px">Root CA&#39;s Key Pair</text><text x="645.000000" y="121.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">private</text><text x="724.000000" y="121.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Secret</text><text x="843.000000" y="121.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="635.000000" x2="853.000000" y1="134.000000" y2="134.000000" stroke="cornsilk" style="stroke-width:2" /><text x="645.000000" y="157.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">public</text><text x="724.000000" y="157.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Shared</text><text x="843.000000" y="157.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="650.000000" x2="838.000000" y1="170.000000" y2="170.000000" stroke="cornsilk" style="stroke-width:2" /></g></g><g id="root-ca.certificate"><g class="shape" ><rect x="490.000000" y="341.000000" width="439.000000" height="216.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="490.000000" y="341.000000" width="439.000000" height="36.000000" class="class_header fill-N1" /><text x="500.000000" y="366.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">Root Certificate (ROOT CA)</text><text x="500.000000" y="400.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s Name</text><text x="691.000000" y="400.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">ROOT CA Name</text><text x="919.000000" y="400.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="490.000000" x2="929.000000" y1="413.000000" y2="413.000000" class=" stroke-N1" style="stroke-width:2" /><text x="500.000000" y="436.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s PublicKey</text><text x="691.000000" y="436.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Public Key</text><text x="919.000000" y="436.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="490.000000" x2="929.000000" y1="449.000000" y2="449.000000" class=" stroke-N1" style="stroke-width:2" /><text x="500.000000" y="472.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Name</text><text x="691.000000" y="472.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">ROOT CA Name</text><text x="919.000000" y="472.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="490.000000" x2="929.000000" y1="485.000000" y2="485.000000" class=" stroke-N1" style="stroke-width:2" /><text x="500.000000" y="508.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Signature</text><text x="691.000000" y="508.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Signature</text><text x="919.000000" y="508.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="490.000000" x2="929.000000" y1="521.000000" y2="521.000000" class=" stroke-N1" style="stroke-width:2" /><text x="500.000000" y="544.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject Alt. Name</text><text x="691.000000" y="544.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">URI:S:ada:stake1vpu...p0u</text><text x="919.000000" y="544.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="490.000000" x2="929.000000" y1="557.000000" y2="557.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><clipPath id="d2-1480995423-intermediate-ca.key"><path d="M 691.000000 913.000000 L 691.000000 913.000000 S 691.000000 898.000000 706.000000 898.000000 L 983.000000 898.000000 L 983.000000 898.000000 S 998.000000 898.000000 998.000000 913.000000 L 998.000000 991.000000 L 998.000000 1006.000000 L 691.000000 1006.000000Z 691.000000 898.000000" fill="none" /> </clipPath><g id="intermediate-ca.key" class="PRIVATE_KEY"><g class="shape" ><rect x="691.000000" y="898.000000" width="307.000000" height="108.000000" rx="15.000000" ry="15.000000" stroke="cornsilk" fill="wheat" class="shape" style="stroke-width:2;" /><rect x="691.000000" y="898.000000" width="307.000000" height="36.000000" fill="cornsilk" class="class_header" clip-path="url(#d2-1480995423-intermediate-ca.key)" /><text x="701.000000" y="923.750000" fill="red" class="text" style="text-anchor:start;font-size:24px">Intermediate CA&#39;s Key Pair</text><text x="701.000000" y="957.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">private</text><text x="780.000000" y="957.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Secret</text><text x="988.000000" y="957.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="691.000000" x2="998.000000" y1="970.000000" y2="970.000000" stroke="cornsilk" style="stroke-width:2" /><text x="701.000000" y="993.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">public</text><text x="780.000000" y="993.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Shared</text><text x="988.000000" y="993.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="706.000000" x2="983.000000" y1="1006.000000" y2="1006.000000" stroke="cornsilk" style="stroke-width:2" /></g></g><g id="intermediate-ca.certificate"><g class="shape" ><rect x="414.000000" y="1167.000000" width="473.000000" height="252.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="414.000000" y="1167.000000" width="473.000000" height="36.000000" class="class_header fill-N1" /><text x="424.000000" y="1192.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">Intermediate Certificate (Intermediate CA)</text><text x="424.000000" y="1226.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s Name</text><text x="615.000000" y="1226.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Intermediate CA Name</text><text x="877.000000" y="1226.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="1239.000000" y2="1239.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="1262.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s PublicKey</text><text x="615.000000" y="1262.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Public Key</text><text x="877.000000" y="1262.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="1275.000000" y2="1275.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="1298.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Name</text><text x="615.000000" y="1298.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Root CA Name</text><text x="877.000000" y="1298.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="1311.000000" y2="1311.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="1334.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Signature</text><text x="615.000000" y="1334.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Signature</text><text x="877.000000" y="1334.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="1347.000000" y2="1347.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="1370.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject Alt. Name</text><text x="615.000000" y="1370.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">URI:S:ada:stake1ngf...8dy</text><text x="877.000000" y="1370.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="1383.000000" y2="1383.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="1406.000000" class="text fill-B2" style="text-anchor:start;font-size:20px" /><text x="615.000000" y="1406.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">URI:S:ada:cc_cold16cj..80v</text><text x="877.000000" y="1406.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="1419.000000" y2="1419.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><clipPath id="d2-1480995423-entity-cert.key"><path d="M 135.000000 1725.000000 L 135.000000 1725.000000 S 135.000000 1710.000000 150.000000 1710.000000 L 319.000000 1710.000000 L 319.000000 1710.000000 S 334.000000 1710.000000 334.000000 1725.000000 L 334.000000 1803.000000 L 334.000000 1818.000000 L 135.000000 1818.000000Z 135.000000 1710.000000" fill="none" /> </clipPath><g id="entity-cert.key" class="PRIVATE_KEY"><g class="shape" ><rect x="135.000000" y="1710.000000" width="199.000000" height="108.000000" rx="15.000000" ry="15.000000" stroke="cornsilk" fill="wheat" class="shape" style="stroke-width:2;" /><rect x="135.000000" y="1710.000000" width="199.000000" height="36.000000" fill="cornsilk" class="class_header" clip-path="url(#d2-1480995423-entity-cert.key)" /><text x="145.000000" y="1735.750000" fill="red" class="text" style="text-anchor:start;font-size:24px">Entities Key Pair</text><text x="145.000000" y="1769.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">private</text><text x="224.000000" y="1769.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Secret</text><text x="324.000000" y="1769.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="135.000000" x2="334.000000" y1="1782.000000" y2="1782.000000" stroke="cornsilk" style="stroke-width:2" /><text x="145.000000" y="1805.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">public</text><text x="224.000000" y="1805.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Shared</text><text x="324.000000" y="1805.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="150.000000" x2="319.000000" y1="1818.000000" y2="1818.000000" stroke="cornsilk" style="stroke-width:2" /></g></g><g id="entity-cert.certificate"><g class="shape" ><rect x="414.000000" y="1979.000000" width="473.000000" height="252.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="414.000000" y="1979.000000" width="473.000000" height="36.000000" class="class_header fill-N1" /><text x="424.000000" y="2004.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">Intermediate Certificate (Intermediate CA)</text><text x="424.000000" y="2038.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s Name</text><text x="615.000000" y="2038.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Entities Name</text><text x="877.000000" y="2038.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="2051.000000" y2="2051.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="2074.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s PublicKey</text><text x="615.000000" y="2074.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Public Key</text><text x="877.000000" y="2074.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="2087.000000" y2="2087.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="2110.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Name</text><text x="615.000000" y="2110.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Intermediate CA Name</text><text x="877.000000" y="2110.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="2123.000000" y2="2123.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="2146.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Signature</text><text x="615.000000" y="2146.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Signature</text><text x="877.000000" y="2146.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="2159.000000" y2="2159.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="2182.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject Alt. Name</text><text x="615.000000" y="2182.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">URI:S:ada:stake1ngf...v2q</text><text x="877.000000" y="2182.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="2195.000000" y2="2195.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="2218.000000" class="text fill-B2" style="text-anchor:start;font-size:20px" /><text x="615.000000" y="2218.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">URI:S:ada:drep1ayt..80v</text><text x="877.000000" y="2218.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="2231.000000" y2="2231.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><g id="root-ca.(key -&gt; certificate)[0]"><marker id="mk-3488378134" markerWidth="10.000000" markerHeight="12.000000" refX="7.000000" refY="6.000000" viewBox="0.000000 0.000000 10.000000 12.000000" orient="auto" markerUnits="userSpaceOnUse"> <polygon points="0.000000,0.000000 10.000000,6.000000 0.000000,12.000000" class="connection fill-B1" stroke-width="2" /> </marker><path d="M 633.500000 152.000000 L 460.500000 152.000000 S 450.500000 152.000000 450.500000 162.000000 L 450.500000 421.000000 S 450.500000 431.000000 460.500000 431.000000 L 486.500000 431.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1480995423)" /><text x="451.000000" y="225.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Published</text></g><g id="root-ca.(key -&gt; certificate)[1]" class="SIGN"><marker id="mk-354533580" markerWidth="10.000000" markerHeight="12.000000" refX="7.000000" refY="6.000000" viewBox="0.000000 0.000000 10.000000 12.000000" orient="auto" markerUnits="userSpaceOnUse"> <polygon points="0.000000,0.000000 10.000000,6.000000 0.000000,12.000000" fill="blueviolet" class="connection" stroke-width="2" /> </marker><path d="M 855.000000 116.000000 L 994.000000 116.000000 S 1004.000000 116.000000 1004.000000 126.000000 L 1004.000000 200.000000 S 1004.000000 210.000000 994.000000 210.000000 L 979.500000 210.000000 S 969.500000 210.000000 969.500000 220.000000 L 969.500000 493.000000 S 969.500000 503.000000 959.500000 503.000000 L 933.500000 503.000000" stroke="blueviolet" fill="none" class="connection animated-connection" style="stroke-width:2;stroke-dasharray:6.000000,5.919384;stroke-dashoffset:-119.193836;animation: dashdraw 2.959692s linear infinite;" marker-end="url(#mk-354533580)" mask="url(#d2-1480995423)" /><text x="970.000000" y="242.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Self Sign</text></g><g id="intermediate-ca.(key -&gt; certificate)[0]"><path d="M 690.000000 988.000000 L 374.000000 988.000000 S 364.000000 988.000000 364.000000 998.000000 L 364.000000 1247.000000 S 364.000000 1257.000000 374.000000 1257.000000 L 410.000000 1257.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1480995423)" /><text x="369.000000" y="994.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Published</text></g><g id="(root-ca.key -&gt; intermediate-ca.certificate)[0]" class="SIGN"><path d="M 855.000000 116.000000 L 994.000000 116.000000 S 1004.000000 116.000000 1004.000000 126.000000 L 1004.000000 200.000000 S 1004.000000 210.000000 1014.000000 210.000000 L 1028.500000 210.000000 S 1038.500000 210.000000 1038.500000 220.000000 L 1038.500000 692.000000 S 1038.500000 702.000000 1028.500000 702.000000 L 1028.500000 702.000000 S 1018.500000 702.000000 1018.500000 712.000000 L 1018.500000 793.000000 S 1018.500000 803.000000 1028.500000 803.000000 L 1028.500000 803.000000 S 1038.500000 803.000000 1038.500000 813.000000 L 1038.500000 1319.000000 S 1038.500000 1329.000000 1028.500000 1329.000000 L 890.500000 1329.000000" stroke="blueviolet" fill="none" class="connection animated-connection" style="stroke-width:2;stroke-dasharray:6.000000,5.919384;stroke-dashoffset:-119.193836;animation: dashdraw 2.959692s linear infinite;" marker-end="url(#mk-354533580)" mask="url(#d2-1480995423)" /><text x="1018.500000" y="711.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Sign</text></g><g id="(root-ca.certificate &lt;- intermediate-ca.certificate)[0]"><marker id="mk-2451250203" markerWidth="10.000000" markerHeight="12.000000" refX="3.000000" refY="6.000000" viewBox="0.000000 0.000000 10.000000 12.000000" orient="auto" markerUnits="userSpaceOnUse"> <polygon points="10.000000,0.000000 0.000000,6.000000 10.000000,12.000000" class="connection fill-B1" stroke-width="2" /> </marker><path d="M 933.000000 395.000000 L 1070.500000 395.000000 S 1080.500000 395.000000 1080.500000 405.000000 L 1080.500000 793.000000 S 1080.500000 803.000000 1070.500000 803.000000 L 1070.500000 803.000000 S 1060.500000 803.000000 1060.500000 813.000000 L 1060.500000 1283.000000 S 1060.500000 1293.000000 1050.500000 1293.000000 L 888.500000 1293.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-start="url(#mk-2451250203)" mask="url(#d2-1480995423)" /><text x="1060.500000" y="851.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">References</text></g><g id="(root-ca.certificate &lt;- intermediate-ca.certificate)[1]"><path d="M 680.250000 561.000000 L 680.250000 793.000000 S 680.250000 803.000000 670.250000 803.000000 L 660.500000 803.000000 S 650.500000 803.000000 650.500000 813.000000 L 650.500000 1165.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-start="url(#mk-2451250203)" mask="url(#d2-1480995423)" /><text x="650.500000" y="853.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Verifies</text></g><g id="entity-cert.(key -&gt; certificate)[0]"><path d="M 133.000000 1800.000000 L 105.000000 1800.000000 S 95.000000 1800.000000 95.000000 1810.000000 L 95.000000 2059.000000 S 95.000000 2069.000000 105.000000 2069.000000 L 410.000000 2069.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1480995423)" /><text x="100.000000" y="2075.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Published</text></g><g id="(intermediate-ca.certificate &lt;- entity-cert.certificate)[0]"><path d="M 650.500000 1423.000000 L 650.500000 1977.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-start="url(#mk-2451250203)" mask="url(#d2-1480995423)" /><text x="650.500000" y="1705.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Verifies</text></g><g id="(intermediate-ca.key -&gt; entity-cert.certificate)[0]" class="SIGN"><path d="M 1000.500000 952.000000 L 1039.500000 952.000000 S 1049.500000 952.000000 1049.500000 962.000000 L 1049.500000 1605.000000 S 1049.500000 1615.000000 1039.500000 1615.000000 L 937.000000 1615.000000 S 927.000000 1615.000000 927.000000 1625.000000 L 927.000000 2131.000000 S 927.000000 2141.000000 917.000000 2141.000000 L 891.000000 2141.000000" stroke="blueviolet" fill="none" class="connection animated-connection" style="stroke-width:2;stroke-dasharray:6.000000,5.919384;stroke-dashoffset:-119.193836;animation: dashdraw 2.959692s linear infinite;" marker-end="url(#mk-354533580)" mask="url(#d2-1480995423)" /><text x="1049.500000" y="1608.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Sign</text></g><g id="(intermediate-ca.certificate &lt;- entity-cert.certificate)[1]"><path d="M 410.000000 1221.000000 L 384.000000 1221.000000 S 374.000000 1221.000000 374.000000 1231.000000 L 374.000000 2095.000000 S 374.000000 2105.000000 384.000000 2105.000000 L 412.000000 2105.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-start="url(#mk-2451250203)" mask="url(#d2-1480995423)" /><text x="374.500000" y="1669.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">References</text></g><mask id="d2-1480995423" maskUnits="userSpaceOnUse" x="-89" y="-160" width="1302" height="2542">
+<rect x="-89" y="-160" width="1302" height="2542" fill="white"></rect>
+<rect x="418.000000" y="-59.000000" width="287" height="51" fill="rgba(0,0,0,0.75)"></rect>
+<rect x="480.000000" y="17.000000" width="418" height="36" fill="rgba(0,0,0,0.75)"></rect>
+<rect x="433.500000" y="853.000000" width="526" height="36" fill="rgba(0,0,0,0.75)"></rect>
+<rect x="371.000000" y="1665.000000" width="248" height="36" fill="rgba(0,0,0,0.75)"></rect>
+<rect x="361.500000" y="105.500000" width="26" height="21" fill="rgba(0,0,0,0.75)"></rect>
+<rect x="418.000000" y="209.000000" width="66" height="21" fill="black"></rect>
+<rect x="942.000000" y="226.000000" width="56" height="21" fill="black"></rect>
+<rect x="336.000000" y="978.000000" width="66" height="21" fill="black"></rect>
+<rect x="1004.000000" y="695.000000" width="29" height="21" fill="black"></rect>
+<rect x="1024.000000" y="835.000000" width="73" height="21" fill="black"></rect>
+<rect x="627.000000" y="837.000000" width="47" height="21" fill="black"></rect>
+<rect x="67.000000" y="2059.000000" width="66" height="21" fill="black"></rect>
+<rect x="627.000000" y="1689.000000" width="47" height="21" fill="black"></rect>
+<rect x="1035.000000" y="1592.000000" width="29" height="21" fill="black"></rect>
+<rect x="338.000000" y="1653.000000" width="73" height="21" fill="black"></rect>
+</mask></svg></svg>
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/metadata-envelope.d2 b/docs/src/catalyst-standards/draft-cips/role-registration/metadata-envelope.d2
new file mode 100644
index 00000000000..db91c8472c2
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/metadata-envelope.d2
@@ -0,0 +1,138 @@
+vars: {
+  d2-config: {
+    layout-engine: elk
+
+    # Terminal theme code
+    theme-id: 300
+  }
+}
+
+grid-columns: 1
+
+title: |md
+  # Secure Metadata Envelope
+| {
+  shape: text
+  # near: top-left  
+  style: {
+    font-size: 25
+  }
+}
+
+signing-procedure: |md
+  # Signing procedure
+|
+
+step_one: "" {
+  shape: rectangle
+  grid-columns: 1
+  grid-gap: 10
+
+  step-1-2: |md
+    ## Prepare transaction body
+
+    1. Finalize the `transaction inputs` of the transaction.
+    2. Generate a `blake2b_256()` hash of the finalized transaction inputs CBOR array.
+  |
+
+  transaction-body-unsigned: "transaction-body-unsigned (minimum)" {
+    shape: sql_table
+    "0 = transaction inputs": "[ * [transaction hash, index] ]"
+    "1 = transaction outputs": "[ * transaction_output ]"
+    "2 = transaction fee": "coin (lovelace uint64)"
+  }
+}
+
+step_three: "" {
+  shape: rectangle
+  grid-columns: 1
+  grid-gap: 10
+
+  step-3-4-5: |md
+    ## Prepare the `auxiliary data` ready to sign.
+
+    3. Prepare all Auxiliary Data.
+    4. Set `txn-input-hash` to the value computed in Step 2.
+    5. PRESET the `validation signature` to 0s.
+  |
+
+  metadata-ready-to-sign: {
+    shape: sql_table
+    "0 = purpose:": "128bit UUID V4 of the Metadata Purpose"
+    "1 = txn-input-hash:": "Blake2b-256 hash of the transaction inputs."
+    "10/11/12 = X509 chunks": "[ + x509_chunk ] - x509 Update Data."
+    "99 = validation signature": "0x00's"
+  }
+}
+
+step_six: "" {
+  shape: rectangle
+  grid-columns: 1
+  grid-gap: 10
+
+  step-6: |md
+    ## Sign the auxiliary data
+
+    6. Calculate the signature of the `metadata-ready-to-sign` using the Role 0 signing key.
+    7. Replace the 0x00s in the `validation signature` with the calculated signature.
+  |
+
+  metadata-signed: {
+    shape: sql_table
+    "0 = purpose:": "128bit UUID V4 of the Metadata Purpose"
+    "1 = txn-inputs-hash:": "Blake2b-256 hash of the transaction inputs."
+    "10/11/12 = X509 chunks": "[ + x509_chunk ] - x509 Update Data."
+    "99 = validation signature": "Signature calculated in step 6"
+  }
+}
+
+step_eight: "" {
+  shape: rectangle
+  grid-columns: 1
+  grid-gap: 10
+
+  step-8-9: |md
+    ## Finalize transaction ready to sign
+
+    8. Calculate and set the `auxiliary_data_hash` into the `transaction-body`.
+    9. Optionally set `required signers` to ensure necessary extra witnesses are present.
+  |
+
+  transaction-body-ready-to-signed: "transaction-body-ready-to-sign (minimum)" {
+    shape: sql_table
+    "0 = transaction inputs": "[ * [transaction hash, index] ]"
+    "1 = transaction outputs": "[ * transaction_output ]"
+    "2 = transaction fee": "coin (lovelace uint64)"
+    "7 = auxiliary_data_hash": "blake2b_256(auxiliary_data)"
+    "14 = required signers": "Optional list of extra witnesses required for transaction"
+  }
+}
+
+step_ten: "" {
+  shape: rectangle
+  grid-columns: 1
+  grid-gap: 10
+
+  step-10: |md
+    ## Sign the transaction
+
+    10. Sign the transaction with all necessary on-chain keys.
+  |
+
+  transaction-body-signed: "transaction-body-signed (minimum)" {
+    shape: sql_table
+    "0 = transaction inputs": "[ * [transaction hash, index] ]"
+    "1 = transaction outputs": "[ * transaction_output ]"
+    "2 = transaction fee": "coin (lovelace uint64)"
+    "7 = auxiliary_data_hash": "blake2b_256(auxiliary_data)"
+    "14 = required signers": "Optional list of extra witnesses required for transaction"
+  }
+
+  metadata-signed: {
+    shape: sql_table
+    "0 = purpose:": "128bit UUID V4 of the Metadata Purpose"
+    "1 = txn-inputs-hash:": "Hash of the transaction inputs"
+    "10/11/12 = X509 chunks": "[ + x509_chunk ] - x509 Update Data."
+    "99 = validation signatures": "Signature calculated in step 6"
+  }
+}
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/metadata-envelope.svg b/docs/src/catalyst-standards/draft-cips/role-registration/metadata-envelope.svg
new file mode 100644
index 00000000000..147b3b6e88f
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/metadata-envelope.svg
@@ -0,0 +1,875 @@
+<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" d2Version="0.6.3" preserveAspectRatio="xMinYMin meet" viewBox="0 0 926 2388"><svg id="d2-svg" class="d2-3387518810" width="926" height="2388" viewBox="-101 -101 926 2388"><rect x="-101.000000" y="-101.000000" width="926.000000" height="2388.000000" rx="0.000000" class=" fill-N7" stroke-width="0" /><style type="text/css"><![CDATA[
+.d2-3387518810 .text {
+	font-family: "d2-3387518810-font-regular";
+}
+@font-face {
+	font-family: d2-3387518810-font-regular;
+	src: url("data:application/font-woff;base64,d09GRgABAAAAABbEAAoAAAAAIfwAAguFAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgXd/Vo2NtYXAAAAFUAAAA7wAAAXIKiQuWZ2x5ZgAAAkQAAA8yAAAVCG7qNpxoZWFkAAAReAAAADYAAAA2G4Ue32hoZWEAABGwAAAAJAAAACQKhAYNaG10eAAAEdQAAAD0AAABLIdDDnpsb2NhAAASyAAAAJgAAACY1ULacG1heHAAABNgAAAAIAAAACAAYwD2bmFtZQAAE4AAAAMjAAAIFAbDVU1wb3N0AAAWpAAAAB0AAAAg/9EAMgADAgkBkAAFAAACigJYAAAASwKKAlgAAAFeADIBIwAAAgsFAwMEAwICBGAAAvcAAAADAAAAAAAAAABBREJPAEAAIP//Au7/BgAAA9gBESAAAZ8AAAAAAeYClAAAACAAA3iclNDJSlsBHMXh7zZpm7Rp2iZN5+G26TwbxzjHCVwExYUIIupGEN/Ax9KlA/ggLkTxLeQvXFR06dn/4OMgkZOgJJ+soSGVV5Gq++aHn3757Y+//mnqN2Ra26x5CxYtWbZi3WYEF833G83/rGlpmzF3rVm1ERFHUlU1L71SUlZUibMIhTiI/diL3diJkziOwziN7djKpLddYjwzDBszoc+AXq0rXYeGTl269WiadEdO3l333FdQ9MBDJY+UPfbEUxVVI0YNmvJMzXMvMv1rb7z1znsfpD76pO6zL75mj1z+6BwAAP//AQAA///bKzUIAHicdFh7dBvllb/fJ1myY/khS+ORZL3H1kjWy9ZoNLZkSbZelp+yJTt+xHbixInthKTEPNJASGgJj1JK1W04ZGmgdJtzgF1YCJyTlMPp0iUl6y6PLF0WSiE5bM8el1PY7dbr7hYaj/bMSHac0v4xZ+bY39zH7/7u794RlMEEAGbxKZBABdRAHRAAjNKibLLQNCXnGI6jSAlHI6V8An3E5xHq8UsDAWlr7NPY0RMn0PhxfGr9puDJ+fnXZ44c4b+18gnvQ29/AhgkANiA81ABSgCVnKFtNpqSySQqRkXRlPwN0+umOnOttMb8y6szVyciv42ir8zNcQfb2w/ykzi/fvPyMgCABCYBcCPOgxJ0QAmxMb76ekItkxPiTUZJGF+A9dsoSrnxMHkxvre91Rvqi97ce3x2pHdgYO/S6Mz09iWcN6eCrZkaaeVgonN7Mzoa9LW3rK9FY+F2AEDgL6zhBnwGDABlVpuN9QcCjK+elNtslFUmI9T19YwvwJEyGcpmv9bXfzLXMaV362LNkWnGtyPi7TV56N2K4dMH9p/OtpoDemvX7dns0Zjd6nf7AACLufhxHsoFTMRMCLWMojfjPnv6iccfGe275ZZbbunD+WfOPP73iW8eO3avGNskALqK81Ap1oewEAxBERZiEt3Bf/D556gV51Nvd/9X9+bZd0Xsr59Viie/+ALnU1dT/C8387XhM2D+S/kK6bIUyyhlMjS1/b7+wQfGEtN6jzbmi+1mDy9Snapvvm9aLKXMGAO6xq7bs8e+Q9T9XZL/zOIsxYJ9G3ELzGKUlNKinMyh1pER/jLO8/+JVOs3I5Z/YyN2eA7nBf4I5ydzAhlKdu7CeaE2jJJR1deTTCDAqQRr/gBHySWUhKbq6wnl5NxxBamQKgjFsb2D5RKp/xh3zC+VyHGe/xtr0mpNWtHM+s1o0XXA+Qj/LBp5xHnAxT8q1kfAYy8+AzV/wgCRaLQvIJbJKhIB9WdPdHefyOaOp9PHc6Gxlv3j4/tbxhUjjy0uPjo8/Oji4mMjPfGj2TsefviO7NE4bNa/UsRCvYXJFKW8Tt1Xeg9F7rvppt3bc2PbZ3C+cTQ9P8dfQ+muVDe3acOM81AN5NZuUFGSrWbeii+EhhJPzTxx5NBANjtwCOep4UT/tJL/FSL4T9FEtLPLDyLezYU19Ft8BtxixjQncpz122w07cE3MkLImySNWEAD1SZvd/qonUxX2tBqmjGFHexMKDRHuY09Hi5u8emmbeHGwJyCdQWb3KEWq11f7ahqjrX4Mm53Y8Bg8btMDl2lvdbd1eof9QECPQC6hvMgF7KiWAtBKX91CX18CfemUuvni7GOFdawB+cFjRKro2SUxZ4MiI8yGYrHD0RyjqTTlXIMRfYrAscW0df4uzI7bLYdGXQPf2LxWACQWAwJzkMVACPZwiXJz38+sVjXoJLW6ZWLo/+C8/wTwb3B4N4g2i1ysAYAreI8aAEYlYQhSy9yjERFlfRNLq959cWpiSqyRlpNKMbGX3p1aldVQ620WqfYiXIo/HS9y2Bw1T/Nv8qfO6dhjEZGc26De+gcWgUdNAKQVoF6nF+EXU6LRSCUlOCAFlpSbM7XwsPf/p7SaW/uNZite4ITQwm5xDpcT0Woo7M+RU/X0KjS1EaZ1e31joM7+PeC+uaY1XR/TYfX0QQYsoU19Ee8DKpS99OUnFIyhLzoq8j3It0FpUUOa49ZIo9lsSVj37k7tDPVkQklTZ2UOaqwGHx4+bVxA33f4dztkeT85NAeq7mgJ4s18xTW0PNoVajvX9YYQVLrOhc6ug5EWpLaZsJrcCXpXNwarG+0DCk6loaySx1WMqDSeEfbcvMGNWewCJh5C2vog40cipiJxmmW2QCLYzcd/WHHodAs1xwxS3MJuUTfr+3sMLUb6agtpbj3aOaWiFGXe2W9rV3vSMZ5PenNtY3tASzG/89oFTRguiEDoeksmwNBYhGhQmTX/kh0jpveizD/o7KxFBVqMJgybyBptJ0ZVoSXMkNLkWMLVdqKgSlCGVAbka13ICPiZARAUfxucf5SLMf6SzhRVkLU712xWLKHbK6ta9An5ufRDyNlA71jFfKoYmYgzk+Ls9JdMKPP0Cq0QhgGNlnE2rbcRKMMQZWGp5Uu1qBUc4nvusSpSlpitRXP/O/EzTZLndaq0tC+kVZ1Y9Uzc0qyZchHW6vqmlpnRkc7DvU3hzuczo5wIDXCeEeqLbU6Td/HiaipvV5aadebPFVSdcLJDjbLy6K1rMnf71BWNqhJIxd293vRuSjLdnSwbJR/IGyz6qRSVTNBe0RssgDofbxcUs0NjgrKL/JTmc1KqAHfQHfW1dIUasLLr81ZvLPT/JvIkYjYmvgnoVCAJAC8hM9jGwgzUgbpY7BpewUvg6I4bxgVI1dRtJzIDksu7/jhy5MP78DLvBHBRf7Kb/bfXXqnsAa/wMuCHggYizJUIsIzHke2ukIql1eW1yvaWbxv/ZRKiVBEKi36wr9Dq2ARfQnaIVTjhmzkm/dsQi4x9zvbojW2QVdfT9blCSSyLm8ggVZSlLfV5fBvpNjHP1m6bWCFVktYlXxsxSohl1CDm2CJxm7AqsT5/0arUAMNf3YObnIE1YTmo9H5UMe+aHRfR3RgIBoZHCz1a8dSdmipIzGfG1lYGMnNg6g5DPojWi316/XoRCbaaJJQbdUcIVJLxjmzO7SzzRq34iOi5EQbLZG38Ettevv9h7O3R4y60bNIdoPmCLrAoA82/JSxnGh+k/wco5Rs1QV0n9TQ11wUh04LLo9d3hSGt54b19tFcTAYPOsDSHZdGTa4M4NWS9tcMZuSshWB1qYdBrJWoa4xxbVoZdwT2JaWSn0RfrnII31hDd2DVqFZ5NHW2SuO3j+ZvMXB+45/hnKYE86WFgvTYI01T2Tcg3q7NmD2OI0tDVTC7cgoaD2ntbhNWiu5rcrCOkIZM+lXaZr1pIGorLJwHjpmF/1rCmsoiQ8Jm4TIY4rlOEYUm00+fzoYTvdvS95zj6W5yqioVXsVk2lUFSl74IE4v+purZBG5JWirb7CGnobrQi8u6EnlCUp/nggnXO22EJWARdrv2J2Gvn59xMR2okmeF2/vQWQ0IPon9DKl+fyK8+PTlWSldJKctvU8LNohf+sMU1R6Uak5nVCHgD4PFoR+2rre1ssUJLSfJZ8//6RdHm1XFpeW9E31F+hLJeW18i7B78+l6qoqZCW125LoBX+19a41Rq3Iu2WJx0qoxJNTUmKvwYIqgHQC2hF3AU4essuICev7wLV3//uRFelpkpaWV8Z2v7dJya6q3TV0iqNIsZ/ckDVrFY3qw787veH610E4SQPizgqCl4Rg4atnOC4G+CoxpO1BkVtubrCEaipvDi6p1JbKa1UbxsbuqD0Jt+RSbtwWcjdiH7N/48pbbWkzahqfbWl3y3YNwGgb6MV8duARcKihSyECcF/oP4CoHIXOhJ38d+Ii33kKqyh1/GDULnBEH+pXbdqwOe7Dh7ctfPgwZ1tiURbWzKpeO7JHzz99A+efC524qGH7rzzoYdOiHllANAFfFzUWWE8s4EAJ4h55q9udXXpoicT6D22nKxdv5Qo9kYjAPopflDAgWEjuCQL9KZgCEOAIey77kt1hO0Jvde+IzKxL35bv65N+3Lrru/cxnApt9nrYudHO+68P4Ol3YBAV1hD/4Af/HK/Uezmcn/dxcYX5mf9+8zNhsG2YC890Z/IWEOMPW5wNU225W7q9AeH2nYqOCpg9HSytnZz1ByweAONBj/lHh0I9qqlVblYW9YFWNAI9G/4OFQIHcIxwkQWKKJiLSwScKCIhWUpkip01Qz/70g5NTa2+rIurSVdJO9/IYBO87fGXhBw0RbW0D/i46WN53oOYugqC0HJr0v1b/rnLHZDf1touDdi8RpcBIr+n5L0GLiJQHi3ImAJ6N2ZeKxXrdIjpvvHimrneDI56ytqaEthDf1MrL0dAFll8g1Hki9vcdeXRlRmShvLu8PezpA/MhdMfiXq72vwqNqM7l4vNg7RuT3+UZS2u6Z3D0QjPfyziW/su/tMN21gyAbmyN4m557d4Sm/WH+XoAX4uKgFEcxZWAtRLZGfk9EDUf419L32tF0t/eqrz4x1M+l773+suP84CmtoGT8IJnBBu4iPGOmW1UdkDlFUUsnW7zlJSXjFifBFxwxHcUYq0JJlcrN6u9rgMzPTSjMVZF0hR6KsLdmS8diYjMI95Gvuaq2VatO+1l7Hrl5LyFsjrXWFnd5BN1owdFLeWJvX5qP4S9FWh99Wp0252GQRX3thDf1kA19VUStFNFWbVQ3cMLjE2G8LhczdpvJ02NM1zgzoPGrOKOxOxiF7do9/lInOtScPoR9Heuzu6dmB9T/Qej+p9391n80lApt4YP7uM93F/uoqrMGPYEn4Lt/a2XdpKUqroSgF1WCgKEMDJZz1FrbDJViCOgCSDgRomZXa8kpc7WxBWIY1VKPW3JT62xZV1I4M+gaT3905C8LuJfpCH2IaOAC0CDLhDgiG0PPwNH4RygBUNM3I5XtqJeOSWvT8U1NTTwECB3yIapAOJAAcyxCOlQ+j0aJGfh19UnhZ+DvJWggF+ug4x4l72RCqwB8JnCGLSy8p1pN8L5JKRZhge3vwhb1XTp68OqfZeWVp6cpOQGArDMGV0ju0yAgBfUItmxDPM5FU6oXSac3c1ZMnrwCCmcICUuKfCt+qpNC6SoaYeem2205Lprzr2FvE11RYgHdKZ0S9Y5SmW2998bQX895rZ4tnthV2oWF8ScwDMWgbquzgf/+kZN+1x4r/D6KzaAEvC7NGRXM0R3IMyZFyUk4/aG+frdlX0VoxXzPbRnejs4YZu0d70wGNxz5j2C7wSyjcv4r6aRImFMUWL0YuXgQlXhRHyVUMR01qh8bqRqdIlrxXw2qGhWctqzmpNZ+sO/lm+6nghQsXLgRPtb/55puo7FQxNissoMvYJfBH/ImIFRcH4hfnz3edP79wMXLxYuSiUHsr/ARdRu9iG/TAAZBBDzwicuJuHEbdkiqQQy+qgc1dHM6ilY3ffrJZtCLM98LPcC9w+LzgS7mFeBqTSaMxmXCvQasxGjVagxgXcqLLaFGwoWIthBU9h5yRiGi/cBiHoU1SJf6P5sjqx4PfwuG/5p6C/wcAAP//AQAA//8CU3/8AAAAAQAAAAILhePk2d9fDzz1AAMD6AAAAADYXaChAAAAAN1mLzb+Ov7bCG8DyAAAAAMAAgAAAAAAAAABAAAD2P7vAAAImP46/joIbwABAAAAAAAAAAAAAAAAAAAAS3icLIo/S/JRAIWfcxxeeJGkJSxEJSWyP96GH0VFQ0NTQXGX6Aau0dg3aGmrvbmmvkSzLS0NfYvqQohOhuJwOOfwPH7ggj64ScknJO9T+IrkCklfJF9T+J6kfyR/kvxI4W2Sd0leYM1Var7j3CWwqGhI4Q5RfbpeJ+iHrtrUNWTTTSIDjvRNZEwsHRDdIro+dePUvyTqmZoiVTc51gdlv1PVK3OTrRcaymwoc6pMW5klZeaVWVRma8Y6yqwy4pARYdZn2qGjX8oKRAVWFOgp0FCP/3piT5mWMsuTuM4tAyKM3yYfxjd/AAAA//8BAAD//9iyPBgAAAAsACwAUACGALYA1ADqAP4BMAFIAVQBhgG2AdgCAAJEAlYCegKWAsQC/AMwA14DkAPEA+YEUgR0BIAEmgS2BOgFCgU2BWoFngW+Bf4GJAZGBmIGnAbIBvgHDgc0B0wHdge0B9gIDAhMCGYIvAj8CRIJMgk+CU4JWglmCYAJmgmsCb4JzgnsChwKMAo8CkYKUgpoCnYKhAABAAAASwCMAAwAZgAHAAEAAAAAAAAAAAAAAAAABAADeJyclN1OG1cUhT8H221UNRcVisgNOpdtlYzdCKIErkwJilWEU4/TH6mqNHjGP2I8M/IMUKo+QK/7Fn2LXPU5+hBVr6uzvA02qhSBELDOnL33WWevtQ+wyb9sUKs/BP5q/mC4xnZzz/ADHjWfGt7guPG34fpKTIO48ZvhJl82+oY/4n39D8Mfs1P/2fBDtupHhj/heX3T8Kcbjn8MP2KH9wtcg5f8brjGFoXhB2zyk+ENHmM1a3Ue0zbc4DO2DTfZBgZMqUiZkjHGMWLKmHPmJJSEJMyZMiIhxtGlQ0qlrxmRkGP8v18jQirmRKo4ocKREpISUTKxir8qK+etThxpNbe9DhUTIk6VcUZEhiNnTE5GwpnqVFQU7NGiRclQfAsqSgJKpqQE5MwZ06LHEccMmDClxHGkSp5ZSM6Iiksine8swndmSEJGaazOyYjF04lfouwuxzh6FIpdrXy8VuEpju+U7bnliv2KQL9uhdn6uUs2ERfqZ6qupNq5lIIT7fpzO3wrXLGHu1d/1pl8uEex/leqfMq59I+lVCYmGc5t0SGUg0L3BMeB1l1CdeR7ugx4Q493DLTu0KdPhxMGdHmt3B59HF/T44RDZXSFF3tHcswJP+L4hq5ifO3E+rNQLOEXCnN3KY5z3WNGoZ575oHumuiGd1fYz1C+5o5SOUPNkY900i/TnEWMzRWFGM7Uy6U3SutfbI6Y6S5e25t9Pw0XNnvLKb4i1wx7ty44eeUWjD6kanDLM5f6CYiIyTlVxJCcGS0qrsT7LRHnpDgO1b03mpKKznWOP+dKLkmYiUGXTHXmFPobmW9C4z5c872ztyRWvmd6dn2r+5zi1Ksbjd6pe8u90LqcrCjQMlXzFTcNxTUz7yeaqVX+oXJLvW45z+iTSPVUN7j9DjwnoM0Ou+wz0TlD7VzYG9HWO9HmFfvqwRmJokZydWIVdgl4wS67vOLFWs0OhxzQY/8OHBdZPQ54fWtnXadlFWd1/hSbtvg6nl2vXt5br8/v4MsvNFE3L2Nf2vhuX1i1G/+fEDHzXNzW6p3cE4L/AAAA//8BAAD//wdbTDAAeJxiYGYAg//nGIwYsAAAAAAA//8BAAD//y8BAgMAAAA=");
+}
+@font-face {
+	font-family: d2-3387518810-font-semibold;
+	src: url("data:application/font-woff;base64,d09GRgABAAAAABa8AAoAAAAAIhQAAguFAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgXqrWeWNtYXAAAAFUAAAA7wAAAXIKiQuWZ2x5ZgAAAkQAAA8AAAAUxM1K38toZWFkAAARRAAAADYAAAA2FnoA72hoZWEAABF8AAAAJAAAACQKgQYLaG10eAAAEaAAAADzAAABLIvLDTFsb2NhAAASlAAAAJgAAACY0kjXZG1heHAAABMsAAAAIAAAACAAYwD2bmFtZQAAE0wAAANOAAAIcCYSZQ5wb3N0AAAWnAAAAB0AAAAg/9EAMgADAhoCWAAFAAACigJYAAAASwKKAlgAAAFeADIBJgAAAgsGAwMEAwICBGAAAvcAAAADAAAAAAAAAABBREJPAAAAIP//Au7/BgAAA9gBESAAAZ8AAAAAAesClAAAACAAA3iclNDJSlsBHMXh7zZpm7Rp2iZN5+G26TwbxzjHCVwExYUIIupGEN/Ax9KlA/ggLkTxLeQvXFR06dn/4OMgkZOgJJ+soSGVV5Gq++aHn3757Y+//mnqN2Ra26x5CxYtWbZi3WYEF833G83/rGlpmzF3rVm1ERFHUlU1L71SUlZUibMIhTiI/diL3diJkziOwziN7djKpLddYjwzDBszoc+AXq0rXYeGTl269WiadEdO3l333FdQ9MBDJY+UPfbEUxVVI0YNmvJMzXMvMv1rb7z1znsfpD76pO6zL75mj1z+6BwAAP//AQAA///bKzUIAHicjHhrdBtlev/zvpI1vsgXRRpNJFnXkTSSLUuyRqORL7r4Jluy7NiW7SSK7ThOcBIndi52CAsJEMifv0l3tWG7ZcHLh4VygO1uUxZ6Qtk2e8DktLTdw55w6XZhCT1bKAvu4XLqrrc9eNQzIyl22H7oh9HI1jvP5ff8nt/zvgNlMAqA0/i7IIMKqIUdQAKwKqvKwTIMTfAsz9OUjGeQihhFvxdW3gx75T6f3Ot/tfnuEydQZgF/d/N4/5FDh25O7d0rPPqLG8I0+sENAJwXALAf56ACVABqgmWcToZWKGRqVk0zNPEr6lmqzlgjrzauvbP8zt3sr1k0MTQUXAjx88JJnNs8/ZOfAADIIFO0owI90GJsbECrJTUKgpRuClrGBkJc0EnTqtKXzI3uoxF/Y6i343TfQqY7Go+PzfQNplMzOGfqbfcO18qVA50d4250f6DB7xKcHB/0AQCC5vw6duIVqAcoszmdXDAUYgNainA6aZtCQWq0bCDEUwoF2jPy0K7h5ZHotDmqizi5jG9mxNNdH3UdVg5+7/ixx4cD1n69uWUudfI+hynpbQbAUh5xnINyEQ8pC1KjoJlbMf/Fo889850O9uDx4wdZnHvqqT99dmrxG3ctSHFlANDHOAdVUm1IK8mSNGklM+iS8OnaGrLg3MyzM6/O3Fp7U8J9a60qg/5I+OSzz3Bu5uUZ4fNbuYbwCpj/t1yLqXI0x6oUCnTHnm8OjXxzd+KAmK5397HZmfpA3bkPrfPFdFlL/07rfQsn76ut+dZ+4V+sTYU4cHcpZpFRrIpWWVWZJVSxtCRs4JzwX4jYPI1sws1S3PB3OAeywvrMkkiCop1HcU6Mk1Wxaq2WYkMhXi1aC4ZCPE3IaBlDmzCpyjy4VEVWyqs0lacuHisjZHLuWM/xoFxGlOGc8Iq5w2LpMKP45mnUaE6mTI8J7yLnY6ZU0iy8I9ZHxOM0XoFaMNyGiEQyplAlCRg0PPZAMvnA2Lj4OT4wMTEwMDGhzDw+N/fo0NCjc3OPZ+54cGHh/PmFhQdLdTfhHChBs429CpomVWygUPo3kqc7O0/2To1d7k8O45xzT7pvyvsFGjgbFWlZtNGKc1AD1PYOUNMyWrXF+ve752O9bU888K1Dk129vV2TOGcfS/ZPaITPEeQBTbTw4SaQsHbm19EmXoFGKVOG12oLRhjGi/+ACFqKKoSMdnTe4+ums03h1hZP1hJhWg7GW+acbeaeBm+L0W/Y25oKH1UGvLusbq/TbVczNZ5ufzDT3ORM6U1uu85KVTl0w73cHk6MQQ+Ay3EOCDEjmrOStOqX19Bn17BnZmbz7UKcQ/l1HMM5UZOkiqhYlUaKNSR9VShQX//JyJK1nXFF6BPtJ5TtF4+hE8Jyb4amM73oLuGRYxfbAeW/AsD1OAfVAKxsG4dkr//8nok6fZ1cpavdd/YfcU54iZ8Nh2d5lJS4Vw2A63AOdACsWsZSxQd5Vqami3pGENU/vXKhT0nVypVkVc89V356YahaVyuvppSDaBhFHtE2G43N2keEnwl/uaJnTSZWvyLV1JdfR6+hDdCJqkbZRLrxEuQEIxWAVNGifUZsQ0l7XokPX/oeYgL2HmuD+3DrxL795XJrP2Fqrj806FIOxXftrmNa6jUDeuf8YeH9UL0za9QtVLMOq0nyl8yv4wq8CjvAJKLJ0AStYkmi4GsbxUVdRXwiLqvctygzpxwTs+37dzV3BsLBsJ5VxoN49eqIwbZ8avRsbP94JjXCf6RVi7Vy59fRVbTxte65XU9E6dR2HYt1n+rwJQxhtYtq60+2GlnSZxtVRhaHRxYjFqpfpc6mklmdKm0yAYbG/Dpaw6ugFhWggJNkmOHYEkI8V3LynxMLbdNcQ1u9fHF/udzQp+T9uoDO19WqXP7G0FLUqNv1wmaUMzj38x9RO8YGdo0W+kuM/Z/QBuz8mhpqSQ1h1ZZCl7GSBCBD90K840hLV9ZbJrxePthm4Q0MPf7Cu4FAY5eYxdBStO1oj13T0adW9VEm5G/piBX4bABAWfxGYcbSHM8FixjRNlLS6cnOzvRuvb9OazBEp6fR5fEyduBgJTGuzHD7hJPSPHTlGfTfaAMCEIW0hIiTC4oIiATitoBnSbqoNDYnUxhexUrLtomZuigeNkb8a711kkuodVZSx4T2shpH7fNZZV1gNFhnU1VV00279+6L35miA812eyDgb0s1NXS5DM7uX9W3NEY8cqXLZPTVytXdjS2DbqJsrKZRH+p3KohKjYrc2RL37/Kia0Gflw34fEEh5zcbNYTRbnWIuCQB0L/j1aJClkgpKrzUEKrkotycDuzqW7S7Lc1mvHp1v7FpdlL4OXJEAmaT8EPI5yEKAK/j69gJvQBAQB88CEXbGONVUBbmCsuzhJpmCDJ5Snb13udePn/vAF4Ven/zuvD+O3vOi+vz6/A7vAq1BbZJklMkwMsRdrGuQk4QtZVmZSqOuzevkiqExuWKgh9ZOdoAq+RH1AmxCrdlQty6J/eXy81Jb6hDRQ94B1NLDqe3ZdHBeFvQWpfV63M7A6X0IsIPi7cSTmijiFPRx3acREkYvAUUWuu0eG/Dqcj1r9DG/2HO7YjMdXbORaLiZzQUjYZCkUixSyOLI8OLkalsMpUVe7WgL1FcgTaKfboVXZGBFKneJjBS/gOuiTva9/OWuEl2sCAwhsAq/vOg3rl8evRs1KgbWUHklsRIWhBFayUfZRwvmb5FeJ5VybZpAbpLbkg4JUFwx82yyn3vlsRg9ckRPV0QBJNvM4PILTUoYHwWbRR3aYUsiipWAFifYmhSU62tM8YptLbbz1YeksubwkJxZu3Mr6NH0Aa4JP5szVZnYbbepomUCZMaxZuBQ/aQtdPhcpr9ekvMNT0SHDFxes7osLe7bPHGGSVjTOlMNh1pICuVNO/uGLFTCTVlpoymGiUd9sb2AgJNfh1l8SnQFnjL0RzPs9JGUVOk7+/GehPpmunz53uq6ys1GlZ5cNen42UPPbTv03FCPkZUFeLvzq+jf0VrIsdu47+qKLfviexyWZrrF6cqZJa0cnYSBYX3IgGLHQ0JZJ/TC0jsNclGYd5uG5sv/ejMYKW4RyMrB088i9by9pTTmbLnBbKAHQB+G61JPbT9uW0WtubuygNLbeVVhJyorYgf7aioK5cTSqLt+PmHW8pryuVETXkYreXphN3ea8tL9wSdF8iP6B6GSdAfSv5qANBbaK0w35ltbghqy0/NE985x1dRVfIKTYXv7CNPnGtX6qrlldqqIIK1SU2jRtOomfz9fxzQekiykTog2lXmQ1L++u0c4PnboFAo5jSmGpJQVzA+ZcWrZ8aqyCp5hboideIF855/UMizuMznMKOPvrT00rZe65eb+Yxk2waAnkJr0v6eU4sbJxlL2n77Bpr6+PMoGtkXEa5MiL3iyq+jf8bLUFXs8wL3SI3Y4xIfi0caLYKDZ84cFC+z32Dwm03++nq/8sdPPvnMM08++eOsby6bPdLYeCSbnfOJ/lMA6O/xOUlPxRHMhUK8KNqp3BlfwjR+fgo91Veh27H5m6kCn6wA6G28LEbBclFckJfSHkejUIhiz5LOvRcSIdYR0cc9Ux0T87GjMV0r9UTX+P8/4Q+0NxjjPnZub/jM3V24bKbYY7/Ay+D+eo/RXEnAtjyUDopfDBy18caUP9hhHU5O9QU8jqixzT3ZMnG6LRhOR+5Qco6U0c02WZv1o60eV5PV0Gv37B7mkhp57VCsdcRT2CvskM5i56BC7BCeFaeuSBM1Z+XUIg40efFZOZIr9TWs8PFXDw8NbV6uT9fr/Hph5OlBdEm4sPfpWzpxA58Dy9dykGJXW0ma2JLlLweO0pyxz88l4py5wcir0egX1RpGx2f52KySo1MGd7y1JapS06j1wEplVcOenp6ZYCFeT34dvSfxwAWAbAqi5Ej2hyfcrd0gUhraDRVxr4vnXNG5WO/pjtbR+qiKN7o63bL6tC1zmM+ikNU1lo61hluEn3VeOnbu8b4GU4I0eA7voV0HDsWmglKeHgD0S3xO0oIo5q2clayREc8p7KmI8Bb6UbiH2SE/9eJTYwcSPfde+JNJaY/jLnK3HtwQujWltu1utpVVFtoaWVpZUWolZiMUnQknmhxsYDc/fkfI7OkMTVN6Q8DjCNjayrxt7p5GE9OtbBoMtg3tlOuTgWB/w/4BX5qS69Lx5kEvWtSHTA28121pNAs3WA/tsaq07Q5fq4SrI7+O3irhqi5opISi+lY1Q7cNKCnab3P++oiuIu5jwqmWUWN0h4hoA65P0yOH+X2h6NFY4jT6q3ArzYymowIuAWpzHTgUn2Q7Hz52z/f7Cn0Vy6/D23BZPF9T27r7ktnjMVsaGpQem80jXuJaXz4FH8JlkbsUEwoxNhu97ZE+XTOHcBk2NnnN7qaRqzF1h8NhszDRcHIeQNxbSb7Qv2EGeAA0DgrxDggG0TJcx89DGYCaYViCOKKV3ymj0PJLp069BAga4E20EznFMz3PsWTDZ2+Ojhb08R702/wr4v8pzkoq0a//X08PIBjIDyIdvilyhSqUnJIqSd2IJhLRvnAoFH5h9ubFizdnLdPvLiy8Ow0IGvODsFF8hpG4IKJPahSL0vq+aCLxQnG1RXoWEGTzR5AJXxfPnpTYsiqWzF6fn39MNhHbtMVKZ+Qj8GlxjaRzrMo5P3/9sRi+Gfvq6cIaZX4adeG/lfJQszLlJ4Of/EA2+9WK+Jsf3Y8ewq+LM0bN8AxP8SzFUwRFMN9mW2fV81WxqgX14Va2H93vmGlq1506pWtvmnHsFrlFi/MTXwKD9NaDp7nCxRLSRdLSRfM0oWZ5es/OgbG64X3aHvIM1U0O7a0bm6IS1Jmdljvr7nwtfSF95cqVK+kL6ddeew3VXijEbYOD6APcLHJHesfDFTYK77z44u4XXzx4bfTatdFrYt1t8Dz6AH2InZCEk6CAJFyW+DCHI2hAZgcCUmgHQGmfDX+D1krvb5KLaE0gAeX/GndAD74u+lJtI53Z6TSbnU7cYTcZ7XajyS7FhSzoA7Qk2lBzVtKGriHLqHRGQ/k9OAJtMrv0G8NT+M+G/hhHvp++Av8DAAD//wEAAP//nT96ngABAAAAAguF7e+sSV8PPPUAAwPoAAAAANhdoKsAAAAA2F4RM/44/s8IbgPdAAAAAwACAAAAAAAAAAEAAAPY/u8AAAiY/jj+OAhuAAEAAAAAAAAAAAAAAAAAAABLeJwsjD9KM3EARN/M9xFEooKxWCIWiSQkJiRZtPUPsgg/RQn8FII30E7Qc1jaihews8kFrLyDpSDY2ClZybLF8GbgMX7knFfwIJ/5gugDUt8QXSdqRvQtqR+IqhP9QfQTqY+IHhPdoO0mdd8zdpL/eoMl/2fobYLe6HqHnn7oapd1L9DxgKAKe14kaIXw74TgEcGtwg2Ff0fQM4muWHOfTF9U/Umid5bnXVOaFh2LY4uGRWKxWrJfpmvRUo191RiWPNMhW/qmqoxTZfSUcamMtiZU9cLIYtMq/ptuca0KAfLpfEM++QMAAP//AQAA//9xuitrAAAAACwALABQAIYAtADSAOgA/AEsAUQBUAGEAbAB0gH6AjwCTgJyAo4CvAL0AyQDUAOCA7YD2ARCBGQEcASIBKQE1gT4BSQFVgWIBagF5AYIBioGRgZ+BqoG2AbsBxgHMAdaB5gHvAfwCDAISgicCNwI8gkSCR4JLgk6CUYJYAl6CYwJngmsCcoJ+goOChoKJAowCkYKVApiAAEAAABLAI4ADABkAAcAAQAAAAAAAAAAAAAAAAAEAAN4nJyUQW8bRRzFf2unNhUiKghFqYSqOYLUrpMoqdrmgkMa1SKygzcFcdzEa3sVe9faXSeEj8FH4MYX4MypH4EDRz4ABw6c0byZxHVAkEaVmreemTfv//5v/sBasEqdYOU+8AY8Dtjgjcc1VvnL4zrdYMXjlbf23GMQ9D1u8Dj42eMmvwS/e/we27UfPb7Peu1Xj99nq/aHxx/UTd14vMp243OPH/CoUXn8IQ8aPzgcwLOG5wwC1hu/eVzj48afHtdZazY8XmGt+YnH9/ioueVxg0fNfX7CsMUGm2xgeHL99QxDmwE5JyQYIi4pqUiYUmLokHFKTsFM/8daG2D4lDEVFTNe0KLFhf6FxNdsoU5OafEZjzFckFIxxtAnoSSh4NyzHZCTUWHoEjO1Wsw6ETlzCk5JzEPCt7+lNSaTyiMKcv1idaeckDNhoHtGzJkQU7BFyAbb7LBLm3326LG7xHnF6Pie/IPPneuxx0u+lv6SVMrNEvuYnErVZ5xj2NRaKPefs8uUmDMS7RqS8J3qsQw7hDxlhx2e8/SdtC17k8qXGEOlrg2027pwhiFneOe+p6rW9tGee02mrrq1iMrvdLdnDGjpvFGtY3lmxDxXvwtS7Q7vpOaIWN017BNieOVZb5/MiktmJBwz9p4tkhjJp4oL+bZwdUIqlzNl2NY9V6WutitnIjocYuiJP1tiPlxisG/jZpo2lRZb00LZ8r2LHp8TkyrjJ0y0snhpse5t85VwxQvMDXdKTtWFGZX6UIorlM8jWvQ44PCGkv/3aKC/rr8nzK8T4qqzybDvu02k7kbmIYY9fXeI5Mg3dDjmFT1ec6zvNn36tOlyTIeXOtujj+ELenTZ14mOsFs7UMq7fIvhSzraY7kT74/rmH1/M6kvpd3lNWXKTJ5b5aGfLsmdOmwYetars6XOnJIy1E6j/mWaVjEjn4qZFE7l5VU2Fi/LJWKqWmxvF+sjck3WQq/Tshou/XywaXWa3BSobtHV8E6Z+e9pfXN+HemmoVQXPi1tqbO5jik5c7khV30ZCWeURHKulK/2zPdiyDWLCr2MkdRbt9pMlETri5sh1st/+3UkfYX643httqzTk2tHh+Keu+T8DQAA//8BAAD//9kvXF8AAHicYmBmAIP/5xiMGLAAAAAAAP//AQAA//8vAQIDAAAA");
+}
+.d2-3387518810 .text-mono {
+	font-family: "d2-3387518810-font-mono";
+}
+@font-face {
+	font-family: d2-3387518810-font-mono;
+	src: url("data:application/font-woff;base64,d09GRgABAAAAABp4AAoAAAAAKugAAgm6AAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgld/X+GNtYXAAAAFUAAAA7wAAAXIKiQuWZ2x5ZgAAAkQAAA+KAAAVOCCHMrZoZWFkAAAR0AAAADYAAAA2GanOOmhoZWEAABIIAAAAJAAAACQGMwDSaG10eAAAEiwAAAC6AAABLK/IGrpsb2NhAAAS6AAAAJgAAACY1szcCm1heHAAABOAAAAAIAAAACAAfwJhbmFtZQAAE6AAAAa4AAAQztydAx9wb3N0AAAaWAAAACAAAAAg/7gAMwADAlgBkAAFAAACigJYAAAASwKKAlgAAAFeADIBIwAAAgsFCQMEAwICBCAAAvcCADgDAAAAAAAAAABBREJPAEAAIP//Au7/BgAAA9gBEWAAAZ8AAAAAAeYClAAAACAAA3iclNDJSlsBHMXh7zZpm7Rp2iZN5+G26TwbxzjHCVwExYUIIupGEN/Ax9KlA/ggLkTxLeQvXFR06dn/4OMgkZOgJJ+soSGVV5Gq++aHn3757Y+//mnqN2Ra26x5CxYtWbZi3WYEF833G83/rGlpmzF3rVm1ERFHUlU1L71SUlZUibMIhTiI/diL3diJkziOwziN7djKpLddYjwzDBszoc+AXq0rXYeGTl269WiadEdO3l333FdQ9MBDJY+UPfbEUxVVI0YNmvJMzXMvMv1rb7z1znsfpD76pO6zL75mj1z+6BwAAP//AQAA///bKzUIAHicjFgLcBv1mf/+/5W1cSw/ZHm9liPrtZZW1tP2arWSH3pbsvyIbdmKHcd27NixHZOH40BCIKQ8koMErid6OV4N0BI60OHgyPWG0Ha43gHHhLnA0dIy9AodoIybaXv0zmeY6zRe3exKfuRuOtPxrFZj7f/x/b7f9/t9/4UiCALgWnwBCCgGFVQCBcCpTWqLiWUZkhRYmhMExoDVQfSRmEUo5VX4brv77hcUTdHfRqe+hi+sHWw5MzfXv3z9+xMnTvzlMnoXMBgBsB9noRjUABqSY61WllEqCQ2nYViGvG5406A2lSsqjD//eOLjkeAXIXRkZkY4FAgcEkdxdm3x6lUAAAKmATCDs1ABWjBL++Kaq6upKiVJyTeG4Jp9vNfKMOr1L9M/iO0P+Fs7+88dPr57KNXbM74wNL5n1wLOGhMtTX3lipKd8am96JRP4J1rN1pj7TwAgkhuFdvxRagDKDJbrbzX5+Oaq2nSamXMSiVVVV3NNfsEWqlEewfu6ek5m2kd03m00YbQuNc7HnJ1GjzstGrgsVsWHks3GvkdpsjxdPpk1MpwrmYAwDAMgBtwFrZJeMhRSLtn1zc9/MyFi998eDB19MiRoymc/e7FJ1+KP3jq1FmQ9rYEgCtxFkrkvFDrf0voEfEfUYX4n6gHZxPvJr9IAoKzALhGxn3zWfVZ9NfiP6MycQVnE79MiP8OCPjcKqbwRTD8qXi5ZoFneE6tVKKB9D2p7vsykRGdpybkaR/jDkylGu57z7C/EDBXx9eaI8fTpx5mX+gQf2dwAYI+AFy8vmeJTZyaUZvUfUOocmhI/AJnxf9AmrVFxIv/Kse4FwD9ofA8z6kZ3kQxao7ae+kSeuLSpSQmEom1tSTIz3YC4AqchR3y3BqaEzTS7F6fT2BIgiFYRo8pdefsmFFhGJ/tLyIxYZloG7NiQlmEs+L1hQVUs7aIOo3DGd3doojw3brMsFF8VcpTY24V2/BFKJdm34KMlC4lm8+WWcIHObuWwuGlrvxn95493d179qjSjx9ceLS//9GFg4+nU9nTpx566NTprDTvLAA24Cyo8tW1PiPDqDeIO/tW6lB7++HOYwd2DQ5lDuBsfaazY9Qp3kCdkURSAJlHMwUelQG9tRo0DLFlpplrsbnW/thze5+67VDvwEDvIZxlBuI942rxM0SJv0W7Q+GIN49lLLeKtfgiuORoWUHmOe+1WlnWjW9mhVQENK3H0r5RU+cdzmbLtD/ebeDNE6aIU5gKBefrncadXCDB+HRjDRHWP6/inS0WV4ubsevKGkrt0cbmPper3ldn8joNtlqVrcIVafJmmgGBHQC7cRZIAFMh+wh/iBUf4q5EYu0Vea99uVWZU1QhM2pOna9Ln/xVqUSu8P7AUH2ItQUtA4FplXdpAj0mzsYH6usH4ugJcX5iyQsIHADYhbNQCsARnKa6muZ8PkHDETd+PLKg1lUqKusqDmTew1nxqZb9LS37W9C+tUVA4APAZpwFLQCnITi6MFDgCA1T0DeS9L15ZWystKZCUUapRkeuvDk2XapTK8pqS/ehQdT+fLWzrs5Z/bz4I/Hy5RpOr+dqLst5HcitYgKtgA5YALrAO8GNGbOSZOUsUGpGWoFt9gl8Gaaqqr9ydbuSF+9CWr/Hs9tstBwLz0zFSMI2o28YbJg/0RRRmYIOIeXcbhLMFspf4z60R/wgavBErea7t5majA0WwDCeW8U6fBWqwJRnAENKdUdy+TW3kl6SXBRmBhiCjKYJwjTs2DcfnEmGh8IpY8rKJFWMwYevvj5htv3F0cHjwY650f5pxrpiqJVy159bxTvQyp+hr6M9tye6TqVaR/QN+ojVn2n0DPld3XqLbVrVttSfXmqz1/G1ek/GLwx56rV8vU3Gry23iv64JY71BThWUpM8cAK/sRoq33traH/AmTAQinScJPSDus6IKWS0dzT0qM6e7DsWNOlHf7jmDxtcHakVQ61n0D8sWRHEc6u4Fq2AUlJOZFaSJquV2AxIqkXTZizBtokS5Cva2Zw6kUgcjRy4DWPxnm0HepxJk75+HF3u7ezuEmNtxwb6ltrvmiur3Z4e0lK+GnO+NucAcBT/FKqlSmd4gff6uOb1YqQ4ilGvPPjg5ExnXKPnjJGWa9fQpWBRw+6DumBZcbzVGRPH8x7amTNiH1qBRmiDngI6Eha811e4SfNyFFPQJLOVzVtAgQHEFtnTFCRm/RlkWzjerzHodVqGH+YaDG+fVtc0Z3iNo6qyim88NLEnenLEE4l43NFoILNP8O+lLBVm3cAnyXDQrSixGugmjUITdvA7HaqY2lvn7bYVF5fo1DqdN+ja6UGXQ14uFOK8IfHBNgtTo1BoGiir5C/jALgEXy2o6QZfJRuQuaoeTxcR1uHArnTa2+aIO/DV1481+GYmxZ8gpiPmdIovAkAuB6MA6Cl8DVtBMhcldDbmsV8AwEF8FVR5/+IQR2oYlqQW0gqknHj9o7HvHcNXRT2CH4k///LoGXlMl6ylV6Eij7Fask/ZSCUqPNo7+GKOdzgaKbNftXsX+iy29jO+sbq9rFwe2yLpH1qR2MupOVoOh96MSQ5pI7aWKIk1zfYkRXF2LpD2ak1VPfQOraUSLYfN9iHW1ZsSn0W7Mhar+C20y+6Q7uuYoRWo2rLGTZDFSYV1ZAMytDz4fxGT6wzr0Mqf44/hQ7HYoXD+M5HJJBKZTKGC25bS/Utt8bnBofn5oUGJ5jCe4+R55fqlN3dX4CNDU5qtOjQeJwnzbte+ueBMq7nPSCjujWTyMpR4B38vaLTffzR9PGjSjz2LlFt0SNo/h/64vk4RLzDy/BtqIXBq4iad+K6C0A+4JmSx6DQTZPQXGzrxzuVRg0PWCrPRt9aLlJtCgeAbAFiLVqByK9aF2iXV34iThHUxtsNTrdHW1wn7nWj5WGu8uCRZvC3UI/4KECRzq7gMrYDt//myDPlNrrzuyb7kKafVPhsLtlOR6MTk7Ix/vt5mTnuCzbGugWFT86TKZfDp610GjV5XWhUTWvssWp7W2XUGc4Xa7rOwUZvMxY7cKjbje6GmkGGe4QWBkwRH7gvz0nY+mWbOPVQS//3v+QTjr600pVTcaNtysOjixdivI3HV9jaVGhD05lbRH9CyxDnaXLBsaQp1QZW/Gk4Pcu32Dls6RiosI6qZSeQWP+6IOTxoQKzNOHyAgAPAFrQs+bXpJr9G8M7gYvmOUkWptnyx7220LP7OkmSYpAVVibX5Ot4GgPvRsqTWW7xe2DBvDUcwrGTdJLm0kG4hSxSKovJtbemWbZUKhbKYbOmZX/CrVAqVyoeWxWVzhGEi5hs38ndUK9Ze58bHuevyWmEATKNluT8Q2C39AUlv9gfh77+wp7e0rlxRpitNDb/4g9FMualCUa4v77/xm1s0jqoqZ9WB//pykXJT1Q56UZ63KefBLFqGWgnDAhUE4SYkyvB99Tr1drqEC1eW/2rwRJmhXFG6Q7Ww84NKX9+Pt0cIRaurHv1a/G9jF8OkTKh0baWxR9LRJADWoGX5vMAjE2+ikIlKol7xQ/SU+Pdo2IlOxJziuZjkIxIn1fg8lAANzLrL5ot0a+ULW/6PnAt33rlwyx133BLLZGLSpbVYtFqLRfXS099+/vlvP/1S9N5z5++66/y5e/+t3mBgGIOhXo55Sj7znJb1Vz4P+HyCJPRTr/6Vv9fQ/lwcfcBvoyvW3orn89wBgLfj8/KZgA/iglKwGyJC+nwcR6UOPtIbT7p6DR7HTGxysevssL5d95OmyeytvJBwGT1Ofi7Tduf9fVghnaUCuVWsxOel3vSmGmT4DSliN8SPpApVaEgfZezG0fbIyMLpo5PJVle/0Wmba2/b6+9tdSSdoXmVwPj07jAfSIQ6mj2++jov47J2elu6qhTFjqjTn3YClrpAbMKnoViqHIGTwpfoo+FNPJJwYKh7v0AEKio3V0TEKyg0Mj298lZtey3toUXvywJ6VLw1+jIg8OdW8XZ8er27Ewr9cmH3GhNlIjf1G+kzBy0NxqGwq8uxK2nzm50UOiB+otbxlvbp1thBlc/k07nqo85oV5VGh7jka6oyx0hHx1T+jNubW8XVMj8a8r3ROmD5BimIt3R85EZmUNg6bC3OJAI7E5GOI2Fn96S3dcTg1kbruWEBsxONuw+3TqFOm3tsqjcUSYh/Gz83O3l/hmXrOHqH98Sc1TW9r31M6usTALgKn4YyAC5ICBKZywjyM8WOpl5BzKJ3Q4ONNLHnkTNfiyW5zjMPPD4BhNzPafB50IMdhE1H2+yLtuaW2CR5NVGQ47xNuDsPBGwhsy3A7Q5MzAdsTMDkm6X7oyE+5upFyV5+j98dGlG5+pudYXeFQtvV3NTVMNnl6tMp1I42t2enC823JDxRv8fazIhvhZpcnFmjjTbyHYDlM5pqHVdNXj9lFDWbGRW2+lg1VVWGH+6IWXex2weTgZ2LLSNGd03Uwu0SMDveNHK4dcqfOBxxdk+i1yIJm2t8qnftf1idl9Z5b5+1OmU84w/MSShLtfWL3Cq6C56UzuZFN9W22eMxmz0elcdi9XisFg8g+JecAz0E35R8j2a3bCs/5CM6GMSK7UVGd6PR6R7/mVfX34qQ1WJhO1pHTkr9mLwWJjArZQPNglK6A4Iv0SSaxn8HRQCIZTmSRBVafBhr0eSnhw9/mu/lMsiBCXQAKyElj2nL3Yp1uR8CAUDzJqoNffJQUqrr93L96Jf4I8lPivJdMC1nkUaX50+enHfNTE7OvDzw+cMPfz5gz7x9+vTbmbzG3JHrRw/kx0mx8V4ZfapK+Zxr/969+13zJ0++XBhgl4cDgk9z8+gr/KZ0rqXV+XcanyLq/fcfI8Y8a9gjz7svN49OFJ7Jv/tQ73v/fUQ95sGi58az8jPTuUn0JX5LjgVxaBp1domvfouYvfFEfm9DcAQrsFPivsAKrEALHC3QJE2y/2A/+EzFc8WNxc9VPHPQfvsR/XcSbuG11wR34jv6pzfeTZH4PBCSS2o4gSEEhufkiyPli2LkixEY8vMzlWfmtf3DlZkxmq8+Q/PV8netT3tGi4ouiHPXAhdarly5cqXlQuDatWvS3jIwjwnslPhj4Rme4/O9BCp55ZXoK6/MvxF8443gG1L+4J8wgX6KrZCCW0DK4t/IeX0W+9FBohgroUuOVerZv46WJS7I7wrUqO0z5EWXYrLpI/gN7kGH8TVpPXQTX3VWq05nteIepq6Oka48dgXeSNhqeBOVQS8hRzCY/62wtvQbYgUaRZ5s+Tr2P+5//n8BAAD//wEAAP//pqKYWwAAAAEAAAACCbodK/ubXw889QADA+gAAAAA3B0N9wAAAADcHHNL/z/+OgMZBCQAAAADAAIAAAAAAAAAAQAAA9j+7wAAAlj/P/8/AxkAAQAAAAAAAAAAAAAAAAAAAEt4nEyPPUolUBhDD6eaZUw3MNOMiKLyEMVfBFHBhwdBxB8ULC3t3YBrcCv29la29vby4AoWH+EmuSQxVg2M38aVsW6cGPfGo7FgHBjnxq7x37gxro0N4+/Q/xmLxpFxZhwaE2PTuB1/Z/ypcWfsGSuDm/zAJ2PH2DL2jXnjl7FmzA1tdhfDs2z8MZaGf3tkzrq9GS8DP43pyHg1Hox343LsPh67p+OeR9eP7/cXAAAA//8BAAD//wkpNRkAAAAAACoAKgBOAIIAsgDQAOYA+gEqAUIBWAGGAbIB1gH+AkICVAJ4ApQCwgL+AzIDYgOWA8wD8ARaBH4EigSkBMIE9AUWBUIFdgWqBcoGCAYuBlAGbgakBtAG/gcUB0oHYgeMB8oH7ggkCGQIfgjQCRAJJglGCVIJZAlsCXgJlAmuCcAJ0gniCgAKMApEClAKWApoCoAKjgqcAAEAAABLAfgAKgBlAAYAAQAAAAAAAAAAAAAAAAADAAN4nJyWS2yT2RXHf865Ab94GVQNCFVXI4SmCIydScBNIOCQAcIgQklm2gpR1STGsUjsyHZg6GIWXVZddV11M120ErQKJWomgUIgpGoFqtRFNauuuqi66KqaRVfVd77jxHESOoOQyO8+zv+e173+gItyCyHiohFIgnGEJEnjDg7xjrGQ5JSxI8lF406SjBpvI8kPjbeTYtI4ymE+NY5xmF8axznCn40TnOA/xkkGI0eMd9IbqRjv4mDkV8a76YosG+9p8TPFwciXxntXdWLASkfKOMI3O74w7mBnx5fGwmVxxq5lTyfjctV4G0fkkfF2nsnfjaN0u18Yx+h2fzVO0NW5zXiH+M6c8U66o98LOQK7oz81jrA7+nPjDg5E7xsLyeiKsSMVNf1IJ6noP4y3kYpaLEH+Y1HjKIdiB4xj+Fi/cZyjsR8YJ8jEfmKcJB1bMN5BV+yfxjvJxZs6uzgcv2a8m1PxT4z3tPic4t245Sqyt0Vz36rm/gik4n8zjpCKN+c7eDf+X2NhX+KgseNAImPcyYHEJeNtHEiMG29nX+JT4yiZxM+MY7yXeG4c52jiX8YJupPfME6SSzY1d3Iq+WPjXWSSfzDezcXkv433tPiZomvHCeO9gY7MyjNZlFd4Ci1cooznMJ5JvDyWObzMyoIsyZw8llfyRObkuXwm9+Wx/B4fuSRL8kD+JE/w8rCF51t4RT6TB7IkD+VzWZCneJeVBXkpS/K5LMqizr4y+1n5o7zGc73jC24EZ8gjeaAqoS8Lcl/mZU6WAx2uk+GGLMtLeSZP5Xdqv6J6v8HLM5mV17Ios7rz2BY7n8pzjfGFLMucLMlv5UVzlusc4Ya8kNfyWB7KU1kMTg3Olpd4eaQzs2oTzmzu46EtTr6Plzl5IrOahSDLy8159feont6SX46qp2t1a8l321pJxxvz3lIV27FaSX6Np4sMWTJ4jtmoS0d5xqlykyKeEe5Rp0GRKep4hqgwRpUa0/p/QdfG8bzHBA0aTNPLcY5zV/+lKayqpdVyiuN8K/CHu5RpMIHnGkXqFKlxx9TOU6VCA88VCkwFvvh3GKHKDDXGKPr9pFvHeM5RZVzpKjWqqlpihkkK1OgiTYb3ydFHnkEGGKZvnULTPrQ+1mYfWg0zwAd8rL7WKauXfp32BFUaGmmFO3iyupYmS5YT9DFFgdsUddctinyiHgcKPaQ5QQ8ntC5f3bP1WShrnQp4Glqfca1dsO82niq33rrCZY01qFhg9xEVrV+4NkLDdoanVxjnuNp7jXRCM+ZVeUYrW6Osu9Nv5c1VChq/Z5A0noumGvTVqGY3+Duj/Rb4XaTyNfqzwT2mKTLKhOVzrR9HNIcN7mpO1zI+SVkrUNFODnIyo1kI425mbYQhLuMZVv3KOuXL6xSCSNr7LKt9lNbYJjY9d63+dyhQ1g65yaSurN23gp6b5zvKDXrxbdmpM6YVmqahNaqrVlprUOI4w5zncpsn/z9H4/o3rP1NZla7J4wu6JrglucZ0cqP+P14BnQ8xIhm5LsMMcpFhvmIUR3nucY18lxhlCE+UNthrul7MMwVBtViSDlcO6834Arfx/MhQ7on0C5afsKKBTdzWr2vq+9hL5eZYlpzHnie1liLGuHXr7Dnlqk2betqM0aZW7rTa/0qetcLlKwrptXDKc1lszfWbl3YEVMaS1DbtfUSVX1fa3pzA1XPPXs7gm4NfQpfiMZXqGr6rXqmvprDovq8flyy34Gyvo3hq9P8RhnRX4Ky/n6NqdeBbRBR8HvZPjO/YWZFa1XjJuWw12SFc9zT0ybtHnluamxqEX6ZUNcq1LVGgUc/UpVq85vEXosqJX2fpjVzY3qj7uko7AL9Ktlyb8FevZpm/Xbze2TD2cFbNWnvvtfYSqZ+iBsUmDSVir2Ungoz+vtZ09XwrmlsZN/oT7tSvfVLZUMVj+rb3l6T9tputku/Ztor47Lrqr2Z3Yo74866fpd3A67ffRvvMu0zlNzHeJfDu7/gXR7vTrqMy7sed8H1uow75XIu7zJKedfrcoFV5JJyv2qd0R2n3YfBijzccmV+y5UVPe+sy66d4LJKZ13O9bk+l3MXXI+uZtww3vW6sy7jBoJxswfV7wuq0+tOu3NuIFR3p12/63OXm73oBlzOnXH97n3VGGw5s9v1uMHAs2Yvbro39OCk63I97qTrdv1hppr9uKUfJ91pl3G9ek6/RpUJVJuduYVfPVaRUxp/sGfA9QQZae21jXUO+uGNNdqQb7XY0B1v1JnfrDPeaLHyPwAAAP//AQAA//+blbgHAAMAAAAAAAD/tQAyAAAAAQAAAAAAAAAAAAAAAAAAAAA=");
+}]]></style><style type="text/css"><![CDATA[.shape {
+  shape-rendering: geometricPrecision;
+  stroke-linejoin: round;
+}
+.connection {
+  stroke-linecap: round;
+  stroke-linejoin: round;
+}
+.blend {
+  mix-blend-mode: multiply;
+  opacity: 0.5;
+}
+
+		.d2-3387518810 .fill-N1{fill:#0A0F25;}
+		.d2-3387518810 .fill-N2{fill:#676C7E;}
+		.d2-3387518810 .fill-N3{fill:#9499AB;}
+		.d2-3387518810 .fill-N4{fill:#CFD2DD;}
+		.d2-3387518810 .fill-N5{fill:#DEE1EB;}
+		.d2-3387518810 .fill-N6{fill:#EEF1F8;}
+		.d2-3387518810 .fill-N7{fill:#FFFFFF;}
+		.d2-3387518810 .fill-B1{fill:#0D32B2;}
+		.d2-3387518810 .fill-B2{fill:#0D32B2;}
+		.d2-3387518810 .fill-B3{fill:#E3E9FD;}
+		.d2-3387518810 .fill-B4{fill:#E3E9FD;}
+		.d2-3387518810 .fill-B5{fill:#EDF0FD;}
+		.d2-3387518810 .fill-B6{fill:#F7F8FE;}
+		.d2-3387518810 .fill-AA2{fill:#4A6FF3;}
+		.d2-3387518810 .fill-AA4{fill:#EDF0FD;}
+		.d2-3387518810 .fill-AA5{fill:#F7F8FE;}
+		.d2-3387518810 .fill-AB4{fill:#EDF0FD;}
+		.d2-3387518810 .fill-AB5{fill:#F7F8FE;}
+		.d2-3387518810 .stroke-N1{stroke:#0A0F25;}
+		.d2-3387518810 .stroke-N2{stroke:#676C7E;}
+		.d2-3387518810 .stroke-N3{stroke:#9499AB;}
+		.d2-3387518810 .stroke-N4{stroke:#CFD2DD;}
+		.d2-3387518810 .stroke-N5{stroke:#DEE1EB;}
+		.d2-3387518810 .stroke-N6{stroke:#EEF1F8;}
+		.d2-3387518810 .stroke-N7{stroke:#FFFFFF;}
+		.d2-3387518810 .stroke-B1{stroke:#0D32B2;}
+		.d2-3387518810 .stroke-B2{stroke:#0D32B2;}
+		.d2-3387518810 .stroke-B3{stroke:#E3E9FD;}
+		.d2-3387518810 .stroke-B4{stroke:#E3E9FD;}
+		.d2-3387518810 .stroke-B5{stroke:#EDF0FD;}
+		.d2-3387518810 .stroke-B6{stroke:#F7F8FE;}
+		.d2-3387518810 .stroke-AA2{stroke:#4A6FF3;}
+		.d2-3387518810 .stroke-AA4{stroke:#EDF0FD;}
+		.d2-3387518810 .stroke-AA5{stroke:#F7F8FE;}
+		.d2-3387518810 .stroke-AB4{stroke:#EDF0FD;}
+		.d2-3387518810 .stroke-AB5{stroke:#F7F8FE;}
+		.d2-3387518810 .background-color-N1{background-color:#0A0F25;}
+		.d2-3387518810 .background-color-N2{background-color:#676C7E;}
+		.d2-3387518810 .background-color-N3{background-color:#9499AB;}
+		.d2-3387518810 .background-color-N4{background-color:#CFD2DD;}
+		.d2-3387518810 .background-color-N5{background-color:#DEE1EB;}
+		.d2-3387518810 .background-color-N6{background-color:#EEF1F8;}
+		.d2-3387518810 .background-color-N7{background-color:#FFFFFF;}
+		.d2-3387518810 .background-color-B1{background-color:#0D32B2;}
+		.d2-3387518810 .background-color-B2{background-color:#0D32B2;}
+		.d2-3387518810 .background-color-B3{background-color:#E3E9FD;}
+		.d2-3387518810 .background-color-B4{background-color:#E3E9FD;}
+		.d2-3387518810 .background-color-B5{background-color:#EDF0FD;}
+		.d2-3387518810 .background-color-B6{background-color:#F7F8FE;}
+		.d2-3387518810 .background-color-AA2{background-color:#4A6FF3;}
+		.d2-3387518810 .background-color-AA4{background-color:#EDF0FD;}
+		.d2-3387518810 .background-color-AA5{background-color:#F7F8FE;}
+		.d2-3387518810 .background-color-AB4{background-color:#EDF0FD;}
+		.d2-3387518810 .background-color-AB5{background-color:#F7F8FE;}
+		.d2-3387518810 .color-N1{color:#0A0F25;}
+		.d2-3387518810 .color-N2{color:#676C7E;}
+		.d2-3387518810 .color-N3{color:#9499AB;}
+		.d2-3387518810 .color-N4{color:#CFD2DD;}
+		.d2-3387518810 .color-N5{color:#DEE1EB;}
+		.d2-3387518810 .color-N6{color:#EEF1F8;}
+		.d2-3387518810 .color-N7{color:#FFFFFF;}
+		.d2-3387518810 .color-B1{color:#0D32B2;}
+		.d2-3387518810 .color-B2{color:#0D32B2;}
+		.d2-3387518810 .color-B3{color:#E3E9FD;}
+		.d2-3387518810 .color-B4{color:#E3E9FD;}
+		.d2-3387518810 .color-B5{color:#EDF0FD;}
+		.d2-3387518810 .color-B6{color:#F7F8FE;}
+		.d2-3387518810 .color-AA2{color:#4A6FF3;}
+		.d2-3387518810 .color-AA4{color:#EDF0FD;}
+		.d2-3387518810 .color-AA5{color:#F7F8FE;}
+		.d2-3387518810 .color-AB4{color:#EDF0FD;}
+		.d2-3387518810 .color-AB5{color:#F7F8FE;}.appendix text.text{fill:#0A0F25}.md{--color-fg-default:#0A0F25;--color-fg-muted:#676C7E;--color-fg-subtle:#9499AB;--color-canvas-default:#FFFFFF;--color-canvas-subtle:#EEF1F8;--color-border-default:#0D32B2;--color-border-muted:#0D32B2;--color-neutral-muted:#EEF1F8;--color-accent-fg:#0D32B2;--color-accent-emphasis:#0D32B2;--color-attention-subtle:#676C7E;--color-danger-fg:red;}.sketch-overlay-B1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B2{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B3{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-AA4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-N2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-N3{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N4{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N7{fill:url(#streaks-bright);mix-blend-mode:darken}.light-code{display: block}.dark-code{display: none}]]></style><style type="text/css">.d2-3387518810 .md em,
+.d2-3387518810 .md dfn {
+  font-family: "d2-3387518810-font-italic";
+}
+
+.d2-3387518810 .md b,
+.d2-3387518810 .md strong {
+  font-family: "d2-3387518810-font-bold";
+}
+
+.d2-3387518810 .md code,
+.d2-3387518810 .md kbd,
+.d2-3387518810 .md pre,
+.d2-3387518810 .md samp {
+  font-family: "d2-3387518810-font-mono";
+  font-size: 1em;
+}
+
+.d2-3387518810 .md {
+  tab-size: 4;
+}
+
+/* variables are provided in d2renderers/d2svg/d2svg.go */
+
+.d2-3387518810 .md {
+  -ms-text-size-adjust: 100%;
+  -webkit-text-size-adjust: 100%;
+  margin: 0;
+  color: var(--color-fg-default);
+  background-color: transparent; /* we don't want to define the background color */
+  font-family: "d2-3387518810-font-regular";
+  font-size: 16px;
+  line-height: 1.5;
+  word-wrap: break-word;
+}
+
+.d2-3387518810 .md details,
+.d2-3387518810 .md figcaption,
+.d2-3387518810 .md figure {
+  display: block;
+}
+
+.d2-3387518810 .md summary {
+  display: list-item;
+}
+
+.d2-3387518810 .md [hidden] {
+  display: none !important;
+}
+
+.d2-3387518810 .md a {
+  background-color: transparent;
+  color: var(--color-accent-fg);
+  text-decoration: none;
+}
+
+.d2-3387518810 .md a:active,
+.d2-3387518810 .md a:hover {
+  outline-width: 0;
+}
+
+.d2-3387518810 .md abbr[title] {
+  border-bottom: none;
+  text-decoration: underline dotted;
+}
+
+.d2-3387518810 .md dfn {
+  font-style: italic;
+}
+
+.d2-3387518810 .md h1 {
+  margin: 0.67em 0;
+  padding-bottom: 0.3em;
+  font-size: 2em;
+  border-bottom: 1px solid var(--color-border-muted);
+}
+
+.d2-3387518810 .md mark {
+  background-color: var(--color-attention-subtle);
+  color: var(--color-text-primary);
+}
+
+.d2-3387518810 .md small {
+  font-size: 90%;
+}
+
+.d2-3387518810 .md sub,
+.d2-3387518810 .md sup {
+  font-size: 75%;
+  line-height: 0;
+  position: relative;
+  vertical-align: baseline;
+}
+
+.d2-3387518810 .md sub {
+  bottom: -0.25em;
+}
+
+.d2-3387518810 .md sup {
+  top: -0.5em;
+}
+
+.d2-3387518810 .md img {
+  border-style: none;
+  max-width: 100%;
+  box-sizing: content-box;
+  background-color: var(--color-canvas-default);
+}
+
+.d2-3387518810 .md figure {
+  margin: 1em 40px;
+}
+
+.d2-3387518810 .md hr {
+  box-sizing: content-box;
+  overflow: hidden;
+  background: transparent;
+  border-bottom: 1px solid var(--color-border-muted);
+  height: 0.25em;
+  padding: 0;
+  margin: 24px 0;
+  background-color: var(--color-border-default);
+  border: 0;
+}
+
+.d2-3387518810 .md input {
+  font: inherit;
+  margin: 0;
+  overflow: visible;
+  font-family: inherit;
+  font-size: inherit;
+  line-height: inherit;
+}
+
+.d2-3387518810 .md [type="button"],
+.d2-3387518810 .md [type="reset"],
+.d2-3387518810 .md [type="submit"] {
+  -webkit-appearance: button;
+}
+
+.d2-3387518810 .md [type="button"]::-moz-focus-inner,
+.d2-3387518810 .md [type="reset"]::-moz-focus-inner,
+.d2-3387518810 .md [type="submit"]::-moz-focus-inner {
+  border-style: none;
+  padding: 0;
+}
+
+.d2-3387518810 .md [type="button"]:-moz-focusring,
+.d2-3387518810 .md [type="reset"]:-moz-focusring,
+.d2-3387518810 .md [type="submit"]:-moz-focusring {
+  outline: 1px dotted ButtonText;
+}
+
+.d2-3387518810 .md [type="checkbox"],
+.d2-3387518810 .md [type="radio"] {
+  box-sizing: border-box;
+  padding: 0;
+}
+
+.d2-3387518810 .md [type="number"]::-webkit-inner-spin-button,
+.d2-3387518810 .md [type="number"]::-webkit-outer-spin-button {
+  height: auto;
+}
+
+.d2-3387518810 .md [type="search"] {
+  -webkit-appearance: textfield;
+  outline-offset: -2px;
+}
+
+.d2-3387518810 .md [type="search"]::-webkit-search-cancel-button,
+.d2-3387518810 .md [type="search"]::-webkit-search-decoration {
+  -webkit-appearance: none;
+}
+
+.d2-3387518810 .md ::-webkit-input-placeholder {
+  color: inherit;
+  opacity: 0.54;
+}
+
+.d2-3387518810 .md ::-webkit-file-upload-button {
+  -webkit-appearance: button;
+  font: inherit;
+}
+
+.d2-3387518810 .md a:hover {
+  text-decoration: underline;
+}
+
+.d2-3387518810 .md hr::before {
+  display: table;
+  content: "";
+}
+
+.d2-3387518810 .md hr::after {
+  display: table;
+  clear: both;
+  content: "";
+}
+
+.d2-3387518810 .md table {
+  border-spacing: 0;
+  border-collapse: collapse;
+  display: block;
+  width: max-content;
+  max-width: 100%;
+  overflow: auto;
+}
+
+.d2-3387518810 .md td,
+.d2-3387518810 .md th {
+  padding: 0;
+}
+
+.d2-3387518810 .md details summary {
+  cursor: pointer;
+}
+
+.d2-3387518810 .md details:not([open]) > *:not(summary) {
+  display: none !important;
+}
+
+.d2-3387518810 .md kbd {
+  display: inline-block;
+  padding: 3px 5px;
+  color: var(--color-fg-default);
+  vertical-align: middle;
+  background-color: var(--color-canvas-subtle);
+  border: solid 1px var(--color-neutral-muted);
+  border-bottom-color: var(--color-neutral-muted);
+  border-radius: 6px;
+  box-shadow: inset 0 -1px 0 var(--color-neutral-muted);
+}
+
+.d2-3387518810 .md h1,
+.d2-3387518810 .md h2,
+.d2-3387518810 .md h3,
+.d2-3387518810 .md h4,
+.d2-3387518810 .md h5,
+.d2-3387518810 .md h6 {
+  margin-top: 24px;
+  margin-bottom: 16px;
+  font-weight: 400;
+  line-height: 1.25;
+  font-family: "d2-3387518810-font-semibold";
+}
+
+.d2-3387518810 .md h2 {
+  padding-bottom: 0.3em;
+  font-size: 1.5em;
+  border-bottom: 1px solid var(--color-border-muted);
+}
+
+.d2-3387518810 .md h3 {
+  font-size: 1.25em;
+}
+
+.d2-3387518810 .md h4 {
+  font-size: 1em;
+}
+
+.d2-3387518810 .md h5 {
+  font-size: 0.875em;
+}
+
+.d2-3387518810 .md h6 {
+  font-size: 0.85em;
+  color: var(--color-fg-muted);
+}
+
+.d2-3387518810 .md p {
+  margin-top: 0;
+  margin-bottom: 10px;
+}
+
+.d2-3387518810 .md blockquote {
+  margin: 0;
+  padding: 0 1em;
+  color: var(--color-fg-muted);
+  border-left: 0.25em solid var(--color-border-default);
+}
+
+.d2-3387518810 .md ul,
+.d2-3387518810 .md ol {
+  margin-top: 0;
+  margin-bottom: 0;
+  padding-left: 2em;
+}
+
+.d2-3387518810 .md ol ol,
+.d2-3387518810 .md ul ol {
+  list-style-type: lower-roman;
+}
+
+.d2-3387518810 .md ul ul ol,
+.d2-3387518810 .md ul ol ol,
+.d2-3387518810 .md ol ul ol,
+.d2-3387518810 .md ol ol ol {
+  list-style-type: lower-alpha;
+}
+
+.d2-3387518810 .md dd {
+  margin-left: 0;
+}
+
+.d2-3387518810 .md pre {
+  margin-top: 0;
+  margin-bottom: 0;
+  word-wrap: normal;
+}
+
+.d2-3387518810 .md ::placeholder {
+  color: var(--color-fg-subtle);
+  opacity: 1;
+}
+
+.d2-3387518810 .md input::-webkit-outer-spin-button,
+.d2-3387518810 .md input::-webkit-inner-spin-button {
+  margin: 0;
+  -webkit-appearance: none;
+  appearance: none;
+}
+
+.d2-3387518810 .md::before {
+  display: table;
+  content: "";
+}
+
+.d2-3387518810 .md::after {
+  display: table;
+  clear: both;
+  content: "";
+}
+
+.d2-3387518810 .md > *:first-child {
+  margin-top: 0 !important;
+}
+
+.d2-3387518810 .md > *:last-child {
+  margin-bottom: 0 !important;
+}
+
+.d2-3387518810 .md a:not([href]) {
+  color: inherit;
+  text-decoration: none;
+}
+
+.d2-3387518810 .md .absent {
+  color: var(--color-danger-fg);
+}
+
+.d2-3387518810 .md .anchor {
+  float: left;
+  padding-right: 4px;
+  margin-left: -20px;
+  line-height: 1;
+}
+
+.d2-3387518810 .md .anchor:focus {
+  outline: none;
+}
+
+.d2-3387518810 .md p,
+.d2-3387518810 .md blockquote,
+.d2-3387518810 .md ul,
+.d2-3387518810 .md ol,
+.d2-3387518810 .md dl,
+.d2-3387518810 .md table,
+.d2-3387518810 .md pre,
+.d2-3387518810 .md details {
+  margin-top: 0;
+  margin-bottom: 16px;
+}
+
+.d2-3387518810 .md blockquote > :first-child {
+  margin-top: 0;
+}
+
+.d2-3387518810 .md blockquote > :last-child {
+  margin-bottom: 0;
+}
+
+.d2-3387518810 .md sup > a::before {
+  content: "[";
+}
+
+.d2-3387518810 .md sup > a::after {
+  content: "]";
+}
+
+.d2-3387518810 .md h1:hover .anchor,
+.d2-3387518810 .md h2:hover .anchor,
+.d2-3387518810 .md h3:hover .anchor,
+.d2-3387518810 .md h4:hover .anchor,
+.d2-3387518810 .md h5:hover .anchor,
+.d2-3387518810 .md h6:hover .anchor {
+  text-decoration: none;
+}
+
+.d2-3387518810 .md h1 tt,
+.d2-3387518810 .md h1 code,
+.d2-3387518810 .md h2 tt,
+.d2-3387518810 .md h2 code,
+.d2-3387518810 .md h3 tt,
+.d2-3387518810 .md h3 code,
+.d2-3387518810 .md h4 tt,
+.d2-3387518810 .md h4 code,
+.d2-3387518810 .md h5 tt,
+.d2-3387518810 .md h5 code,
+.d2-3387518810 .md h6 tt,
+.d2-3387518810 .md h6 code {
+  padding: 0 0.2em;
+  font-size: inherit;
+}
+
+.d2-3387518810 .md ul.no-list,
+.d2-3387518810 .md ol.no-list {
+  padding: 0;
+  list-style-type: none;
+}
+
+.d2-3387518810 .md ol[type="1"] {
+  list-style-type: decimal;
+}
+
+.d2-3387518810 .md ol[type="a"] {
+  list-style-type: lower-alpha;
+}
+
+.d2-3387518810 .md ol[type="i"] {
+  list-style-type: lower-roman;
+}
+
+.d2-3387518810 .md div > ol:not([type]) {
+  list-style-type: decimal;
+}
+
+.d2-3387518810 .md ul ul,
+.d2-3387518810 .md ul ol,
+.d2-3387518810 .md ol ol,
+.d2-3387518810 .md ol ul {
+  margin-top: 0;
+  margin-bottom: 0;
+}
+
+.d2-3387518810 .md li > p {
+  margin-top: 16px;
+}
+
+.d2-3387518810 .md li + li {
+  margin-top: 0.25em;
+}
+
+.d2-3387518810 .md dl {
+  padding: 0;
+}
+
+.d2-3387518810 .md dl dt {
+  padding: 0;
+  margin-top: 16px;
+  font-size: 1em;
+  font-style: italic;
+  font-family: "d2-3387518810-font-semibold";
+}
+
+.d2-3387518810 .md dl dd {
+  padding: 0 16px;
+  margin-bottom: 16px;
+}
+
+.d2-3387518810 .md table th {
+  font-family: "d2-3387518810-font-semibold";
+}
+
+.d2-3387518810 .md table th,
+.d2-3387518810 .md table td {
+  padding: 6px 13px;
+  border: 1px solid var(--color-border-default);
+}
+
+.d2-3387518810 .md table tr {
+  background-color: var(--color-canvas-default);
+  border-top: 1px solid var(--color-border-muted);
+}
+
+.d2-3387518810 .md table tr:nth-child(2n) {
+  background-color: var(--color-canvas-subtle);
+}
+
+.d2-3387518810 .md table img {
+  background-color: transparent;
+}
+
+.d2-3387518810 .md img[align="right"] {
+  padding-left: 20px;
+}
+
+.d2-3387518810 .md img[align="left"] {
+  padding-right: 20px;
+}
+
+.d2-3387518810 .md span.frame {
+  display: block;
+  overflow: hidden;
+}
+
+.d2-3387518810 .md span.frame > span {
+  display: block;
+  float: left;
+  width: auto;
+  padding: 7px;
+  margin: 13px 0 0;
+  overflow: hidden;
+  border: 1px solid var(--color-border-default);
+}
+
+.d2-3387518810 .md span.frame span img {
+  display: block;
+  float: left;
+}
+
+.d2-3387518810 .md span.frame span span {
+  display: block;
+  padding: 5px 0 0;
+  clear: both;
+  color: var(--color-fg-default);
+}
+
+.d2-3387518810 .md span.align-center {
+  display: block;
+  overflow: hidden;
+  clear: both;
+}
+
+.d2-3387518810 .md span.align-center > span {
+  display: block;
+  margin: 13px auto 0;
+  overflow: hidden;
+  text-align: center;
+}
+
+.d2-3387518810 .md span.align-center span img {
+  margin: 0 auto;
+  text-align: center;
+}
+
+.d2-3387518810 .md span.align-right {
+  display: block;
+  overflow: hidden;
+  clear: both;
+}
+
+.d2-3387518810 .md span.align-right > span {
+  display: block;
+  margin: 13px 0 0;
+  overflow: hidden;
+  text-align: right;
+}
+
+.d2-3387518810 .md span.align-right span img {
+  margin: 0;
+  text-align: right;
+}
+
+.d2-3387518810 .md span.float-left {
+  display: block;
+  float: left;
+  margin-right: 13px;
+  overflow: hidden;
+}
+
+.d2-3387518810 .md span.float-left span {
+  margin: 13px 0 0;
+}
+
+.d2-3387518810 .md span.float-right {
+  display: block;
+  float: right;
+  margin-left: 13px;
+  overflow: hidden;
+}
+
+.d2-3387518810 .md span.float-right > span {
+  display: block;
+  margin: 13px auto 0;
+  overflow: hidden;
+  text-align: right;
+}
+
+.d2-3387518810 .md code,
+.d2-3387518810 .md tt {
+  padding: 0.2em 0.4em;
+  margin: 0;
+  font-size: 85%;
+  background-color: var(--color-neutral-muted);
+  border-radius: 6px;
+}
+
+.d2-3387518810 .md code br,
+.d2-3387518810 .md tt br {
+  display: none;
+}
+
+.d2-3387518810 .md del code {
+  text-decoration: inherit;
+}
+
+.d2-3387518810 .md pre code {
+  font-size: 100%;
+}
+
+.d2-3387518810 .md pre > code {
+  padding: 0;
+  margin: 0;
+  word-break: normal;
+  white-space: pre;
+  background: transparent;
+  border: 0;
+}
+
+.d2-3387518810 .md .highlight {
+  margin-bottom: 16px;
+}
+
+.d2-3387518810 .md .highlight pre {
+  margin-bottom: 0;
+  word-break: normal;
+}
+
+.d2-3387518810 .md .highlight pre,
+.d2-3387518810 .md pre {
+  padding: 16px;
+  overflow: auto;
+  font-size: 85%;
+  line-height: 1.45;
+  background-color: var(--color-canvas-subtle);
+  border-radius: 6px;
+}
+
+.d2-3387518810 .md pre code,
+.d2-3387518810 .md pre tt {
+  display: inline;
+  max-width: auto;
+  padding: 0;
+  margin: 0;
+  overflow: visible;
+  line-height: inherit;
+  word-wrap: normal;
+  background-color: transparent;
+  border: 0;
+}
+
+.d2-3387518810 .md .csv-data td,
+.d2-3387518810 .md .csv-data th {
+  padding: 5px;
+  overflow: hidden;
+  font-size: 12px;
+  line-height: 1;
+  text-align: left;
+  white-space: nowrap;
+}
+
+.d2-3387518810 .md .csv-data .blob-num {
+  padding: 10px 8px 9px;
+  text-align: right;
+  background: var(--color-canvas-default);
+  border: 0;
+}
+
+.d2-3387518810 .md .csv-data tr {
+  border-top: 0;
+}
+
+.d2-3387518810 .md .csv-data th {
+  font-family: "d2-3387518810-font-semibold";
+  background: var(--color-canvas-subtle);
+  border-top: 0;
+}
+
+.d2-3387518810 .md .footnotes {
+  font-size: 12px;
+  color: var(--color-fg-muted);
+  border-top: 1px solid var(--color-border-default);
+}
+
+.d2-3387518810 .md .footnotes ol {
+  padding-left: 16px;
+}
+
+.d2-3387518810 .md .footnotes li {
+  position: relative;
+}
+
+.d2-3387518810 .md .footnotes li:target::before {
+  position: absolute;
+  top: -8px;
+  right: -8px;
+  bottom: -8px;
+  left: -24px;
+  pointer-events: none;
+  content: "";
+  border: 2px solid var(--color-accent-emphasis);
+  border-radius: 6px;
+}
+
+.d2-3387518810 .md .footnotes li:target {
+  color: var(--color-fg-default);
+}
+
+.d2-3387518810 .md .task-list-item {
+  list-style-type: none;
+}
+
+.d2-3387518810 .md .task-list-item label {
+  font-weight: 400;
+}
+
+.d2-3387518810 .md .task-list-item.enabled label {
+  cursor: pointer;
+}
+
+.d2-3387518810 .md .task-list-item + .task-list-item {
+  margin-top: 3px;
+}
+
+.d2-3387518810 .md .task-list-item .handle {
+  display: none;
+}
+
+.d2-3387518810 .md .task-list-item-checkbox {
+  margin: 0 0.2em 0.25em -1.6em;
+  vertical-align: middle;
+}
+
+.d2-3387518810 .md .contains-task-list:dir(rtl) .task-list-item-checkbox {
+  margin: 0 -1.6em 0.25em 0.2em;
+}
+</style><g id="title"><g class="shape" ></g><g><foreignObject requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" x="0.000000" y="0.000000" width="724" height="79"><div xmlns="http://www.w3.org/1999/xhtml" class="md" style="font-size:25px"><h1>Secure Metadata Envelope</h1>
+</div></foreignObject></g></g><g id="signing-procedure"><g class="shape" ></g><g><foreignObject requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" x="0.000000" y="119.000000" width="724" height="51"><div xmlns="http://www.w3.org/1999/xhtml" class="md"><h1>Signing procedure</h1>
+</div></foreignObject></g></g><g id="step_one"><g class="shape" ><rect x="0.000000" y="210.000000" width="724.000000" height="281.000000" class=" stroke-B1 fill-B4" style="stroke-width:2;" /></g></g><g id="step_three"><g class="shape" ><rect x="0.000000" y="531.000000" width="724.000000" height="350.000000" class=" stroke-B1 fill-B4" style="stroke-width:2;" /></g></g><g id="step_six"><g class="shape" ><rect x="0.000000" y="921.000000" width="724.000000" height="317.000000" class=" stroke-B1 fill-B4" style="stroke-width:2;" /></g></g><g id="step_eight"><g class="shape" ><rect x="0.000000" y="1278.000000" width="724.000000" height="353.000000" class=" stroke-B1 fill-B4" style="stroke-width:2;" /></g></g><g id="step_ten"><g class="shape" ><rect x="0.000000" y="1671.000000" width="724.000000" height="515.000000" class=" stroke-B1 fill-B4" style="stroke-width:2;" /></g></g><g id="step_one.step-1-2"><g class="shape" ></g><g><foreignObject requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" x="10.000000" y="220.000000" width="573" height="107"><div xmlns="http://www.w3.org/1999/xhtml" class="md"><h2>Prepare transaction body</h2>
+<ol>
+<li>Finalize the <code>transaction inputs</code> of the transaction.</li>
+<li>Generate a <code>blake2b_256()</code> hash of the finalized transaction inputs CBOR array.</li>
+</ol>
+</div></foreignObject></g></g><g id="step_one.transaction-body-unsigned"><g class="shape" ><rect x="10.000000" y="337.000000" width="573.000000" height="144.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="10.000000" y="337.000000" width="573.000000" height="36.000000" class="class_header fill-N1" /><text x="20.000000" y="362.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">transaction-body-unsigned (minimum)</text><text x="20.000000" y="396.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">0 = transaction inputs</text><text x="232.000000" y="396.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ * [transaction hash, index] ]</text><text x="573.000000" y="396.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="583.000000" y1="409.000000" y2="409.000000" class=" stroke-N1" style="stroke-width:2" /><text x="20.000000" y="432.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">1 = transaction outputs</text><text x="232.000000" y="432.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ * transaction_output ]</text><text x="573.000000" y="432.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="583.000000" y1="445.000000" y2="445.000000" class=" stroke-N1" style="stroke-width:2" /><text x="20.000000" y="468.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">2 = transaction fee</text><text x="232.000000" y="468.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">coin (lovelace uint64)</text><text x="573.000000" y="468.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="583.000000" y1="481.000000" y2="481.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><g id="step_three.step-3-4-5"><g class="shape" ></g><g><foreignObject requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" x="10.000000" y="541.000000" width="615" height="140"><div xmlns="http://www.w3.org/1999/xhtml" class="md"><h2>Prepare the <code>auxiliary data</code> ready to sign.</h2>
+<ol start="3">
+<li>Prepare all Auxiliary Data.</li>
+<li>Set <code>txn-input-hash</code> to the value computed in Step 2.</li>
+<li>PRESET the <code>validation signature</code> to 0s.</li>
+</ol>
+</div></foreignObject></g></g><g id="step_three.metadata-ready-to-sign"><g class="shape" ><rect x="10.000000" y="691.000000" width="615.000000" height="180.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="10.000000" y="691.000000" width="615.000000" height="36.000000" class="class_header fill-N1" /><text x="20.000000" y="716.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">metadata-ready-to-sign</text><text x="20.000000" y="750.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">0 = purpose:</text><text x="245.000000" y="750.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">128bit UUID V4 of the Metadata Purpose</text><text x="615.000000" y="750.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="625.000000" y1="763.000000" y2="763.000000" class=" stroke-N1" style="stroke-width:2" /><text x="20.000000" y="786.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">1 = txn-input-hash:</text><text x="245.000000" y="786.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Blake2b-256 hash of the transaction inputs.</text><text x="615.000000" y="786.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="625.000000" y1="799.000000" y2="799.000000" class=" stroke-N1" style="stroke-width:2" /><text x="20.000000" y="822.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">10/11/12 = X509 chunks</text><text x="245.000000" y="822.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + x509_chunk ] - x509 Update Data.</text><text x="615.000000" y="822.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="625.000000" y1="835.000000" y2="835.000000" class=" stroke-N1" style="stroke-width:2" /><text x="20.000000" y="858.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">99 = validation signature</text><text x="245.000000" y="858.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">0x00&#39;s</text><text x="615.000000" y="858.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="625.000000" y1="871.000000" y2="871.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><g id="step_six.step-6"><g class="shape" ></g><g><foreignObject requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" x="10.000000" y="931.000000" width="615" height="107"><div xmlns="http://www.w3.org/1999/xhtml" class="md"><h2>Sign the auxiliary data</h2>
+<ol start="6">
+<li>Calculate the signature of the <code>metadata-ready-to-sign</code> using the Role 0 signing key.</li>
+<li>Replace the 0x00s in the <code>validation signature</code> with the calculated signature.</li>
+</ol>
+</div></foreignObject></g></g><g id="step_six.metadata-signed"><g class="shape" ><rect x="10.000000" y="1048.000000" width="615.000000" height="180.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="10.000000" y="1048.000000" width="615.000000" height="36.000000" class="class_header fill-N1" /><text x="20.000000" y="1073.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">metadata-signed</text><text x="20.000000" y="1107.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">0 = purpose:</text><text x="245.000000" y="1107.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">128bit UUID V4 of the Metadata Purpose</text><text x="615.000000" y="1107.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="625.000000" y1="1120.000000" y2="1120.000000" class=" stroke-N1" style="stroke-width:2" /><text x="20.000000" y="1143.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">1 = txn-inputs-hash:</text><text x="245.000000" y="1143.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Blake2b-256 hash of the transaction inputs.</text><text x="615.000000" y="1143.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="625.000000" y1="1156.000000" y2="1156.000000" class=" stroke-N1" style="stroke-width:2" /><text x="20.000000" y="1179.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">10/11/12 = X509 chunks</text><text x="245.000000" y="1179.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + x509_chunk ] - x509 Update Data.</text><text x="615.000000" y="1179.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="625.000000" y1="1192.000000" y2="1192.000000" class=" stroke-N1" style="stroke-width:2" /><text x="20.000000" y="1215.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">99 = validation signature</text><text x="245.000000" y="1215.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Signature calculated in step 6</text><text x="615.000000" y="1215.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="625.000000" y1="1228.000000" y2="1228.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><g id="step_eight.step-8-9"><g class="shape" ></g><g><foreignObject requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" x="10.000000" y="1288.000000" width="704" height="107"><div xmlns="http://www.w3.org/1999/xhtml" class="md"><h2>Finalize transaction ready to sign</h2>
+<ol start="8">
+<li>Calculate and set the <code>auxiliary_data_hash</code> into the <code>transaction-body</code>.</li>
+<li>Optionally set <code>required signers</code> to ensure necessary extra witnesses are present.</li>
+</ol>
+</div></foreignObject></g></g><g id="step_eight.transaction-body-ready-to-signed"><g class="shape" ><rect x="10.000000" y="1405.000000" width="704.000000" height="216.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="10.000000" y="1405.000000" width="704.000000" height="36.000000" class="class_header fill-N1" /><text x="20.000000" y="1430.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">transaction-body-ready-to-sign (minimum)</text><text x="20.000000" y="1464.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">0 = transaction inputs</text><text x="237.000000" y="1464.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ * [transaction hash, index] ]</text><text x="704.000000" y="1464.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="714.000000" y1="1477.000000" y2="1477.000000" class=" stroke-N1" style="stroke-width:2" /><text x="20.000000" y="1500.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">1 = transaction outputs</text><text x="237.000000" y="1500.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ * transaction_output ]</text><text x="704.000000" y="1500.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="714.000000" y1="1513.000000" y2="1513.000000" class=" stroke-N1" style="stroke-width:2" /><text x="20.000000" y="1536.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">2 = transaction fee</text><text x="237.000000" y="1536.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">coin (lovelace uint64)</text><text x="704.000000" y="1536.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="714.000000" y1="1549.000000" y2="1549.000000" class=" stroke-N1" style="stroke-width:2" /><text x="20.000000" y="1572.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">7 = auxiliary_data_hash</text><text x="237.000000" y="1572.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">blake2b_256(auxiliary_data)</text><text x="704.000000" y="1572.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="714.000000" y1="1585.000000" y2="1585.000000" class=" stroke-N1" style="stroke-width:2" /><text x="20.000000" y="1608.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">14 = required signers</text><text x="237.000000" y="1608.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Optional list of extra witnesses required for transaction</text><text x="704.000000" y="1608.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="714.000000" y1="1621.000000" y2="1621.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><g id="step_ten.step-10"><g class="shape" ></g><g><foreignObject requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" x="10.000000" y="1681.000000" width="704" height="79"><div xmlns="http://www.w3.org/1999/xhtml" class="md"><h2>Sign the transaction</h2>
+<ol start="10">
+<li>Sign the transaction with all necessary on-chain keys.</li>
+</ol>
+</div></foreignObject></g></g><g id="step_ten.transaction-body-signed"><g class="shape" ><rect x="10.000000" y="1770.000000" width="704.000000" height="216.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="10.000000" y="1770.000000" width="704.000000" height="36.000000" class="class_header fill-N1" /><text x="20.000000" y="1795.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">transaction-body-signed (minimum)</text><text x="20.000000" y="1829.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">0 = transaction inputs</text><text x="237.000000" y="1829.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ * [transaction hash, index] ]</text><text x="704.000000" y="1829.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="714.000000" y1="1842.000000" y2="1842.000000" class=" stroke-N1" style="stroke-width:2" /><text x="20.000000" y="1865.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">1 = transaction outputs</text><text x="237.000000" y="1865.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ * transaction_output ]</text><text x="704.000000" y="1865.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="714.000000" y1="1878.000000" y2="1878.000000" class=" stroke-N1" style="stroke-width:2" /><text x="20.000000" y="1901.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">2 = transaction fee</text><text x="237.000000" y="1901.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">coin (lovelace uint64)</text><text x="704.000000" y="1901.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="714.000000" y1="1914.000000" y2="1914.000000" class=" stroke-N1" style="stroke-width:2" /><text x="20.000000" y="1937.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">7 = auxiliary_data_hash</text><text x="237.000000" y="1937.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">blake2b_256(auxiliary_data)</text><text x="704.000000" y="1937.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="714.000000" y1="1950.000000" y2="1950.000000" class=" stroke-N1" style="stroke-width:2" /><text x="20.000000" y="1973.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">14 = required signers</text><text x="237.000000" y="1973.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Optional list of extra witnesses required for transaction</text><text x="704.000000" y="1973.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="714.000000" y1="1986.000000" y2="1986.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><g id="step_ten.metadata-signed"><g class="shape" ><rect x="10.000000" y="1996.000000" width="704.000000" height="180.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="10.000000" y="1996.000000" width="704.000000" height="36.000000" class="class_header fill-N1" /><text x="20.000000" y="2021.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">metadata-signed</text><text x="20.000000" y="2055.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">0 = purpose:</text><text x="253.000000" y="2055.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">128bit UUID V4 of the Metadata Purpose</text><text x="704.000000" y="2055.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="714.000000" y1="2068.000000" y2="2068.000000" class=" stroke-N1" style="stroke-width:2" /><text x="20.000000" y="2091.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">1 = txn-inputs-hash:</text><text x="253.000000" y="2091.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Hash of the transaction inputs</text><text x="704.000000" y="2091.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="714.000000" y1="2104.000000" y2="2104.000000" class=" stroke-N1" style="stroke-width:2" /><text x="20.000000" y="2127.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">10/11/12 = X509 chunks</text><text x="253.000000" y="2127.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + x509_chunk ] - x509 Update Data.</text><text x="704.000000" y="2127.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="714.000000" y1="2140.000000" y2="2140.000000" class=" stroke-N1" style="stroke-width:2" /><text x="20.000000" y="2163.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">99 = validation signatures</text><text x="253.000000" y="2163.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Signature calculated in step 6</text><text x="704.000000" y="2163.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="10.000000" x2="714.000000" y1="2176.000000" y2="2176.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><mask id="d2-3387518810" maskUnits="userSpaceOnUse" x="-101" y="-101" width="926" height="2388">
+<rect x="-101" y="-101" width="926" height="2388" fill="white"></rect>
+<rect x="0.000000" y="0.000000" width="572" height="79" fill="rgba(0,0,0,0.75)"></rect>
+<rect x="0.000000" y="119.000000" width="253" height="51" fill="rgba(0,0,0,0.75)"></rect>
+<rect x="10.000000" y="220.000000" width="573" height="107" fill="rgba(0,0,0,0.75)"></rect>
+<rect x="10.000000" y="541.000000" width="461" height="140" fill="rgba(0,0,0,0.75)"></rect>
+<rect x="10.000000" y="931.000000" width="615" height="107" fill="rgba(0,0,0,0.75)"></rect>
+<rect x="10.000000" y="1288.000000" width="598" height="107" fill="rgba(0,0,0,0.75)"></rect>
+<rect x="10.000000" y="1681.000000" width="388" height="79" fill="rgba(0,0,0,0.75)"></rect>
+</mask></svg></svg>
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/x509-envelope.cddl b/docs/src/catalyst-standards/draft-cips/role-registration/x509-envelope.cddl
index 6e1af83cb56..c9233d8ca71 100644
--- a/docs/src/catalyst-standards/draft-cips/role-registration/x509-envelope.cddl
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/x509-envelope.cddl
@@ -1,52 +1,81 @@
 ; An envelope for cardano metadata which holds the x509 metadata.
-; We do thsi so that the underlying metadata is not restircted to
-; cardano ledger implementation.
+; The purpose of the Envelope is to ensure that metadata is not transportable between
+; transactions.
+; It ensures that it can be unambiguously validated that the auxiliary data attached to a transaction 
+; was intended for that transaction.
+; By including the transactions input hash, the metadata is locked to the transaction as that set of
+; transaction inputs are guaranteed to be unique under the UTXO model.
+; It can not be moved to another transaction without being reconstructed as the transaction inputs would
+; have changed.
+
+; This envelope is general in structure, it can be used to secure any auxiliary data, provided the 
+; Role 0 signing key is defined.  As dApps control metadata, this ensures the data can eb authenticated
+; independently by the dApp as belonging to a particular user.
+; Once a Role 0 signing key is defined for a dApp purpose, then it is not necessary to redefine the 
+; x509 data if the envelope is only being used to secure the auxiliary data to a transaction itself.
 
-; uses 
-x509_envelope = {
+; The x509 envelope must be valid cardano metadata.
+x509_envelope = $x509_envelope .within transaction_metadatum
+
+; Strcuture of the x509 envelope itself.
+$x509_envelope /= {
 	0: purpose, ; What purpose does this metadata serve.
-	1: required_signers_hash, ; A hash of the `required_signers` field from the transaction the metadata is posted with.
-	chunk_type: [ + x509_chunk ]
-	99: [ + validation_signature ] ; The signature/s of the x509 certificate metadata record.
+	1: tx_inputs_hash, ; A hash of the `transaction inputs` field from the transaction the metadata is posted with.
+	? chunk_type => [ + x509_chunk ] ; Chunked x509 role registration data.
+	99: validation_signature ; The signature of the x509 envelope plus all other auxiliary data.
 }
 
+; x509 Role Registration data is chunked and optionally (preferably) compressed.
+; This enables the x509 registration data to have a strucutre not supported by the
+; underlying limitions of the on-chain metadatum implementation.
+; As the x509 registration data may be large, compression is used to minimize on-chain space consumed.
+; Best practice would be to compress the data with both brotli and zstd, and only store the 
+; smallest data set. `raw` storage would only be used if compression did not yield any benefits.
+; However an application could choose to implement no compression or only one of either brotli/zstd.
+
 ; Chunk Types - Allows to identify how the chunk data is compressed to save on-chain space.
-; 2 : Chunk data is encoded raw
-; 3 : Data is compressed with Brotli and then chunked.
-; 4 : Data is compressed with ZSTD and then chunked.
-chunk_type = (2..4)
+chunk_types = (
+	raw: 10 ; Data is just chunked, not compressed (raw)
+	brotli: 11 ; Data is compressed with BROTLI and then chunked.
+	zstd: 12 ; Data is compressed with ZSTD and then chunked.
+	reserved_3: 13 ; Reserved
+	reserved_4: 14 ; Reserved
+	reserved_5: 15 ; Reserved
+	reserved_6: 16 ; Reserved
+	reserved_7: 17 ; Reserved
+)
+
+chunk_type = &chunk_types ; All valid chunk encodings, only one of these can be used at a time.
 
 ; An individual purpose or set or purposes
-purpose = ( individual_purpose [ * individual_purpose ] )
+purpose = uuid-v4
 
 ; A V4 UUID encoded as per https://datatracker.ietf.org/doc/html/rfc4122#section-4.1.2
-individual_purpose = (bytes .size (16))
+uuid-v4 = bytes .size 16
 
-; Transaction Required Signers Hash - Blake2b-224
-required_signers_hash = (bytes .size (28))
+; Hash of the transaction inputs this registration is attached to.
+tx_inputs_hash = bytes .size 28
 
 ; A single x509 chunk
-x509_chunk = (bytes .size (0..64))
+; All chunks but the last must be 64 bytes in length (not enforced by the CDDL)
+x509_min_chunk_size = 1 ; Can't have an empty chunk
+x509_max_chunk_size = 64 ; Can't have a chunk bigger than 64 bytes
+x509_chunk = bytes .size (x509_min_chunk_size .. x509_max_chunk_size); 
 
-; A Validation Signature
-validation_signature = (bytes .size (0..64))
-
-; Signatures are created by creating the x509_envelope with key `99`, but without all expected signatures set to 0x00's.
-; Each signature is then computed over that binary data.
-; Each blank signature is then replaced with the real signature.
+; A list of x509 chunks
+x509_chunks = [ + x509_full_chunk ]
 
-; To validate the opposite occurs, the signatures are copied out of the envelope.
-; The signature fields are set to 0x00's
-; The resulting binary buffer is then checked against the signatures which were embedded.
+; A Validation Signature
+validation_signature = (bytes .size (1..64))
 
-; Explanation:
-; The purpose of the Envelope is to ensure that metadata is not transportable between
-; transactions.
-;
-; Transactions contain a `required_signers` field.  
-; By including a hash of that field within the metatdata, we can validated the transaction it was intended for.
-; By signing the metadata envelope with the keys contained within the x509 chunks, we ensure that its not possible
-; to transpose key certs from one transaction to another.
+; This envelope can only be used if the current registration or a prior registration is valid
+; AND they have defined for the purpose a Role 0 signing key.
+; The `validation_signature` uses the Role 0 signing key .
 
-; This envelope is general in structure, and that structure ensures metadata can not be transposed between transactions
 
+; Definition of general cardano metadata, constrains what we can implement here:
+transaction_metadatum = { * transaction_metadatum => transaction_metadatum }
+	/ [ * transaction_metadatum ]
+	/ int
+	/ bytes .size (0..64)
+	/ text .size (0..64)
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.cddl b/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.cddl
new file mode 100644
index 00000000000..2db58f07e8b
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.cddl
@@ -0,0 +1,123 @@
+; An envelope for cardano metadata which holds the x509 metadata.
+; We do thsi so that the underlying metadata is not restircted to
+; cardano ledger implementation.
+
+; uses 
+x509_roles = $x509_roles .within role-structure
+
+role-structure = [ role-version, role-body ]
+
+role-version = uint ; Version is an integer.
+role-body = { + uint => any } ; General role body is a Map of integers to anything.
+
+; Version 0 of the role registration format.
+$x509_roles /= x509-roles-v0
+
+x509-roles-v0 = [ 0, x509-roles-v0-body ]
+
+x509-roles-v0-body = {
+	? x509-certs => [ + x509_der_cert ],
+	? c509-certs => [ + c509_cert ],
+	? pub-keys => [ + simple-public-key-type ],
+	? revocation-list => [ + revocation-set ],
+	? attached-did => dids,
+	? attached-vc => vcs,
+	? role-set => role-data-set,
+	? purpose-key-set => purpose-data-set,
+}
+
+; x509 Certificates
+x509-certs = 10 ; Unorderd bag of X509 DER Encoded certificates
+x509_der_cert = bytes ; A DER Encoded X.509 Certificate (binary)
+
+; c509 Certificates
+c509-certs = 20 ; Unorderd bag of C509 CBOR Encoded certificates
+c509_cert = bytes .cbor any; A CBOR Encoded C.509 Certificate (binary)
+
+; Simple Public Keys
+; These are just signing keys of the specified type, and are not true certs
+; They are used for role keys or other uses where simple keys are sufficient
+simple-public-keys = 30 ; Simple Public Keys
+
+simple-public-key-type = $simple-public-key-types
+$simple-public-key-types /= ed25519-public-key
+ed25519-public-key = #6.32773(bstr .size 32) ; Simple public keys must be tagged to identify their type.
+
+; x509/c509/simple key Revocation Lists
+; Keys can only be revoked by the owner of the key or any issuer CA in the chain.
+; Revocation becomes active AFTER certs in the same transaction are processed.
+revocation-list = 40 ; Revocation List
+revocation-entry = bytes .size 16; A blake2b-128 hash of the certificate/public key to be revoked
+revocation-set = [ + revocation-entry ]
+
+; Digitial ID and Verifiable Credentials attached to this registration.
+
+attached-did = 50 ; DID/s attached to the certificates/on-chain identity
+attached-vc = 51 ; Verifiable Credentials attached to the certificates/on-chain identity
+
+dids = [ + bytes ] ; One or multiple DIDs
+vcs = [ + bytes ] ; One or multiple Verifiable Credentials
+
+; Role Registrations
+
+role-set = 100
+
+role-data-set = [ + role-data ]
+
+role-data = {
+	0: role-number,
+	? 1: role-signing-key,
+	? 2: role-encryption-key,
+	? 3: payment-key,
+	* role-extended-data-keys => role-extended-data,
+}
+
+; Role 0 is the ONLY manditory role.
+; It defines the Validation certificate to be used to sign all registration metadata for this purpose for this identity.
+validation-role = 0
+; role-signing-key must reference a certificate, and NOT a simple key.
+; role-encryption-key must not be defined.
+; There is no other data defined for this role.
+
+; Roles 1+ are purpose specific and not defined in this document.
+role-number = uint
+role-signing-key = key-reference
+role-encryption-key = key-reference
+
+role-extended-data-keys = (10..99)
+
+role-extended-data = any
+key-reference = key-local-ref / key-hash
+
+; Offset reference to a key defined in this registration.
+; More efficient than a key hash.
+key-local-ref = [ x509-certs
+	/ c509-certs
+	/ pub-keys, key-offset ]
+
+; Offset of the key in the specified set.  0 = first entry.
+key-offset = uint
+
+; Reference to a key defined in an earlier registration
+key-hash = bytes .size 16
+
+; Reference to a transaction input/output as the payment key to use for a role
+; Payment key (n) >= 0 = Use Transaction Input Key offset (n) as the payment key
+; Payment key (n) < 0 = Use Transaction Output Key offstet -(n+1) as the payment key
+; IFF a transaction output payment key is defined the payment address must also be in
+; the required_signers of the transaction to ensure the payment address is owned and controlled
+; by the entity posting the registration.
+; If the referenced payment key does not exist in the transaction, or is not witnessed the entire
+; registration is to be considered invalid.
+payment-key = int
+
+; purpose specific data - Undefined here except for the key space
+; Individual purposes can define these keys however they require.
+
+purpose-key-set = (first-purpose-key .. last-purpose-key)
+
+first-purpose-key = 200
+last-purpose-key = 299
+purpose-data-set = any
+
+; Note: any individual error in the role registration invalidates the entire registration.
\ No newline at end of file
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.d2 b/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.d2
new file mode 100644
index 00000000000..c0242d8a7a2
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.d2
@@ -0,0 +1,44 @@
+vars: {
+  d2-config: {
+    layout-engine: elk
+
+    # Terminal theme code
+    theme-id: 300
+  }
+}
+
+classes: {
+  NONE: {style.opacity: 0}
+  RBAC_TABLE: {
+    shape: sql_table
+    style: {
+      border-radius: 15
+    }
+  }
+}
+
+title: |md
+  # x509 RBAC Metadata
+|
+
+rbac: "x509 Role based Access Control" {
+  class: RBAC_TABLE
+  ? 10=x509 certs: "[ + DER Certs ]"
+  ? 20=c509 certs: "[ + CBOR Certs ]"
+  ? 30=public keys: "[ + Public Keys ]"
+  ? 40=revocation set: "[ + Revoked Cert hash]"
+  ? 50=DiD: "DiD???"
+  ? 51=Verifiable Credentials: "[ + VC??? ]"
+  "? 100=Role Data Set": "[ + Role Data ]"
+}
+
+role_data: "Role Data" {
+  class: RBAC_TABLE
+  0=role number: "uint"
+  ? 1=role-signing-key: "Key Reference"
+  ? 2=role-encryption-key: "Key Reference"
+  ? 3=payment-key: "OnChain Payment Key Reference"
+  ? 10-99=Role Specific Data: "Variable per Role"
+}
+
+rbac."? 100=Role Data Set" -> role_data
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.svg b/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.svg
new file mode 100644
index 00000000000..e343da84d2f
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.svg
@@ -0,0 +1,836 @@
+<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" d2Version="0.6.3" preserveAspectRatio="xMinYMin meet" viewBox="0 0 1271 776"><svg id="d2-svg" class="d2-3019508570" width="1271" height="776" viewBox="-89 -89 1271 776"><rect x="-89.000000" y="-89.000000" width="1271.000000" height="776.000000" rx="0.000000" class=" fill-N7" stroke-width="0" /><style type="text/css"><![CDATA[
+.d2-3019508570 .text {
+	font-family: "d2-3019508570-font-regular";
+}
+@font-face {
+	font-family: d2-3019508570-font-regular;
+	src: url("data:application/font-woff;base64,d09GRgABAAAAABLMAAoAAAAAHBwAAguFAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgXd/Vo2NtYXAAAAFUAAAA0QAAASgGygeUZ2x5ZgAAAigAAAvAAAAP+GFO4ehoZWFkAAAN6AAAADYAAAA2G4Ue32hoZWEAAA4gAAAAJAAAACQKhAX3aG10eAAADkQAAAC4AAAA1GLdCpFsb2NhAAAO/AAAAGwAAABsb3hzuG1heHAAAA9oAAAAIAAAACAATQD2bmFtZQAAD4gAAAMjAAAIFAbDVU1wb3N0AAASrAAAAB0AAAAg/9EAMgADAgkBkAAFAAACigJYAAAASwKKAlgAAAFeADIBIwAAAgsFAwMEAwICBGAAAvcAAAADAAAAAAAAAABBREJPAEAAIP//Au7/BgAAA9gBESAAAZ8AAAAAAeYClAAAACAAA3icjM67LrMBHIDx3/u1/VB1PlO81LFVajAYRAwmEUJiEYNRLGIQbslhFofFJXAHdouk+1/SNGbP/BseJDISFGSTIspSWXmpkoqqNes2bNq2Y9e+Q0eOnThz4cpNBL+21rRbDbvnoGlPnbt0HRGfCnIRUY/vqMdXvMVrvMRzPMVjfMR7PMR93MVt4+ivJVbULJkxa868BYvKVlX8k5GV81+LVm3y2hV0qFrWqUu3Hr369BswaMiwEaPGFI2bMCk1ZVqJHwAAAP//AQAA//+bijVBAAAAeJx0V2lwG+d5/r4PIFcSwGMJLBYAce0uicVJkFjsLi4CIgiQIAUQJECIIiVCFyVSkqVKlGWXtkqlY/kY13XRRh5rUsVVGs807sSNU89I9XjSSS07ZRvZjt00R9N60v5gPbHbNCzbxk246OwChCil+bGzGMzuezzv8z7Pt6AFzAKAeHQNqMBu0AG6AAEAh1N4L8WyDCZyosiQKpGFODYL/1GqQjgWUguCeiD1SWrlyhV4YBVd23ooenVx8Z3Ko49Kv7v+sRSE730MEFABgKyoCnYDHAAdxrFOJ8u0tqp0nI5hGezb9nfsXY5OdYfjHz6qfDSb+GkS/sbCgng2EjkrzaHq1vm1NQAAUIE5AFAPqgIcmAEj18YFDQZC34oRyq2VUXFBgQ85GQbf/jF3Z/hEZCAQ25c8P756dHo8nz+xXK7M719GVcdIdKDQodZMpPfu98CVaDDSv7WZTA1GAAAQhGqbqBvdAFYAWminkw8JAhc0kJjTydCtrYTeYOCCgki2tsJi8bf35a6W4ocsfnPKk5jnggcTgXF7H3tMO3X9zOnrxQGHYKGHHikWV1IuOuQPAgCQ0ksIVcEuGROlE0LfyrDNul++/tIXXyjvu3jx4sV9qPrKjS/+Wfp3Ll9+UqltDgD4EaoCjTIfgiI4giEoYg4+Jv3ws8/gAKqOvDf676Pbz6IkqgKtkgXnIIfpGBVGzJVUEK+8+2/zb19AVek2HPtf6TQsP/md7Xd+C1Xl3jmc0xkMJCcIoo7DGTwkiAymYlQsYzAQ+NzCqpbUqrWE9vKJiV0qdeiyeDmkVmGoKv0xnaHpDA0rW+fhKd8Z7wvSV+H0C94zPulFpX8Z3xPoBuh4AGFlkGxQUGCgFaBhrnhldPRKsbSaza6WYjP9pw8cON1/QDv9hVOnXpyaevHUqS9Mjw2vFB97/vnHiivDoImvRsFIv4MpDIPfo8ab4+cSTz300LH9pZn9FVTtKWcXF6RfwuzQyKjYjOFAVdAOyJ1s0zGqnWHeHV6KTab/pPLSo+fyxWL+HKoyU+ncPC79CySkT+Bscu9QCCiz8NQ24U/RDeBXOmZFhUN8yOlk2T50P8PkvknShmQ0YGfmEW+QOcwNZa0D9op90M1XYrEFxm8b6xOHqaB53jnYIyxoeV+01x/rp12WdnebJ9UfLPj9PYKVCvnsbrPG1ekfGgiVgwAqAKlQFbQBwKl2zFf14Yezp7q6deouC36q/B1UlV6KnohGT0Thsa3z9ZnBr8MNYAY9AJC0PDIxpJSLsUrxBM7Ii80GBZFXluStwanf+0Pc6/KMWx308ejsZBpT0VMGJsGsHA1qx4Ymy7g9zDj0EYP77EHpe1GLJ0Xbn+6IB9y9AIFibRP+Aq0BHXDUEWMwBucIrJ6rzpM6TWQFgG56zKHCUkVEFVyHj8UOj8QLsYx9L+NIailrEK29dcDKPnWh9Egiszg3eZx21CxkfS59tU34NbgBLL9u17dXvWvvUnzoTKI/Y/IQAasvw5aG6aihh5rUxpcni8txmhR0xkA5XFq06kUrJXMoUNuEP9zuoY6ZEpzluW2wRL6Z6OcHz8WOip6EQ11KYypLzrQ3bo/Y2KRzRPvkSuFiwmYuvbkVjljcmWHJQgZK4ZnjACn1/y3cAEZgv68DmaxUU6hUlAIVJIdOJ5IL4vwJiKS/aJkZYWLdVnvh21CdjHBT2sHlwuRy4vJSm2l3/hCBC3obdI7nCwpONgBgEn237gsML/KhBk4MTcgahB9JpTJjpKezq9uSXlyEX0605MdndmNJbSU/LM0rGu6vOeCncAMMgEGQb7KId+64KUE5gmmIOs3WZ9CYuSp4Txp0jR2knfVn/nv2vJPqMtE6IxucHtD3tL2ygJP9k0GWbuvqHaiUy/FzOc9g3OuNDwoj01xgup3qNBv3/TidtEcMao3LYu9rU+vTXn7Cg7UkO3l7KOfGNd160iYO+nMB+PUkz8fjPJ+Unhl00ma1Wuch2D4FmyIA8PtoraE22xyVFVPhJ14sqph8MD9a9PX3xnrR2lsLVODovHQXutMJZ690E9RqIAMAeB3dQk4ge0Qr4C6DZux1tNbUcJ2s4SxGFKdU7x/88htzzx9Ea5INgjvSP/3k9Oca79Q2wQ/QGuioY4xzeJPGr/S5i+271Rim2WXQRnh0cuuaDocwoVbXc6GfwQ1AKblkYZCncV83WPNeTGMqR84bTnY4J3z7xoq+PiFd9AWENFwfYQIDPndou8V90s3GbRsruNHAqpFjJ1ZpTMVMNMFSgt2HVYPz/wE3QAfo/n/9o8kR2BFbTCYXY/GTyeTJeDKfTyYmJhr7Gl8uTi7H04ul6aWl6dIiUDSHg7+AG419vVedwkQnSxK6nZojV0oVvJVjscNhephGjyqSk+yhEu+i18MW19MXio8kbObyy7D1Ac2RMajAjYb717M0FKcOgCnrtpKdWn2HfdgE1w/0CXuyanUwIa3V37fUNuETcAN4lPnu9BLFSh5wkrqRfBCqMG5H2tvfT3HddMozW/BPWFwmwdHntfV3M2m/u6BlLaKJ8ttNNLmnjeLdsYKDDOmMHgtpJTRtlNjHplxKfmNtE2bQOdkZFX4xvChyigg0efbJxGA2tyfzxBOUp82m7dQHtHNZ2JZoeeaZYWnDP7BbncA0Sqx9tU34HlyX+XAfV/GGRP44ny15+50xWsaFzmmPzsOQ9P10gvXCWcmcc/UDKO8G/Gu4/que9ubXyoc0pEatIfccmvoqXJc+7ckyTLYH6iUzgKAdAPgaXAcmADiR5cjGiyKHkUzjnIph7X/0+dkhjbFNrTFoYvs//9LsaJu5Xd1m1Kakj8/oPHq9R3fmZ/91weAjCC95QelJWwso9XTvnI8o3ldaO5rrtGo7d+l3u4UOzZ3ycY1Jo9bo98xM3sYDmQ9a1UOoJebvgf8q/ac9S1NZB2zb2ujP+WWe+mqb8B30LNBsTyDUoOlO7n925OzZI4fPnj0cTqfD4UxG++rNL33lK1+6+WrqynPPPf74c89dUWotAABvo1VFX2Rb4gVBlEWs8AcP+4bMyatp+D1+F9m59a10nXs9AMC30bNybxyfQI11YJuLIosfR7iOPDUSH3SlLQHXwcTsyeFLOXPY9MbAkd+/xIkjfkfAxy+W448/XUDqUQCBubYJ/xI9+6t8ZvjmYfBeiu0T/6e5kw6PdSIcHWdnc+kCHeNcw1Zf71y49NDeUHQyfFgrMoKtby/vjDiSDoEKCD3WEOMv56PjenVbKRUu+gCSdxD+PVoFu2UGipzsRPLYdTzFQxkHhlhaU0O11tzOSf8M8UMzMxtvmLMm0kdKodcEeF16OPWajIuptgn/Cq02nP5eD0rpOopgsHsS9ZPcAuWy5sKxqfEEFbD6CJj8H5zss4qzwuAxrUAJFn9hODWu11kgN/oNbbv3QCZzNFg/27pqm/CbyuxdAOjqu6Lsuq6ZVRAVvdopipdiMceofVd2sG/oAJc39+lFm+xptklX8XiozCUXIplz8BuJMZd//mh+6+esJURaQr950uk7fmzwUCj9zOLnbozW8ztrm3AF/SkwgV4ARGdC9cB42lUktoORNzGj1+8Y6KdiZMBRFnMHHQFfdwttommTiWG+FcjGBcHhiti7vT2B/eNsMhxNeT5kuq0MY+1mZFzd4EewA5rl70iR5wj3+o+SSfn/Sm0J4uhtgClKTchnw8rrly5dVx0KbKFAnav22hL4oPGMwm0Otz/88J9fDyAp8MuX6/3ISf5O4bNdVgGGr18cplwEo1yMyGA6TmTmTJMzXeVDJE8+aeSNU/JvE2+8anJc7bp6N3Itevv27dvRa5G7d+/Clmv1GmiwBN9HPvl7TeQZnuMVoSR+cOvW0K1bS3cSd+4k7sj+T4Nvwvfhd5EThMAZ0ApC4IVtrwAvw3W5f9n/i0W4LmtX7W/QOBDRLTkuvgNvo91uNNrtaNxqMtpsRpNVqQF64fvwlBxDx1MEDV+F3kQCAPB/AAAA//8BAAD//60FZBIAAQAAAAILhRsmjktfDzz1AAMD6AAAAADYXaChAAAAAN1mLzb+Ov7bCG8DyAAAAAMAAgAAAAAAAAABAAAD2P7vAAAImP46/joIbwABAAAAAAAAAAAAAAAAAAAANXicHIo/LwRxGAbnebYVohFEzsZdxPlz22yIiEpUJJK385NofRq9XuVLqE+t8DF4m8t2K7vFZKYYv/LIElxT+Z7iK1q/ULxB8Q3FPxS/0fqc4kuKtzh2BepoPSe0ZOETGv2x0IyJOs5cE6y41S9BT1TXhKeEJ+MbeiL0zp6Cbdfc6Zs1fbI+OjlV8qBkpmRXyaaSHSVH+uBQF8zV8KyGfSVTJQcDrAjov4b+BwAA//8BAAD//5DgKbMAAAAsACwAUACGALYA1ADqAQQBNgFmAYgBsAH0AhACSAJ8AqoC3AMQAzIDngPAA8wD5gQCBDQEVgSCBLYE1gUWBTwFXgV6BaYF1gX8BhQGPgZ8BqAG1AcUB0wHWAdqB3wHrAfAB8wH2AfuB/wAAQAAADUAjAAMAGYABwABAAAAAAAAAAAAAAAAAAQAA3icnJTdThtXFIU/B9ttVDUXFYrIDTqXbZWM3QiiBK5MCYpVhFOP0x+pqjR4xj9iPDPyDFCqPkCv+xZ9i1z1OfoQVa+rs7wNNqoUgRCwzpy991lnr7UPsMm/bFCrPwT+av5guMZ2c8/wAx41nxre4Ljxt+H6SkyDuPGb4SZfNvqGP+J9/Q/DH7NT/9nwQ7bqR4Y/4Xl90/CnG45/DD9ih/cLXIOX/G64xhaF4Qds8pPhDR5jNWt1HtM23OAztg032QYGTKlImZIxxjFiyphz5iSUhCTMmTIiIcbRpUNKpa8ZkZBj/L9fI0Iq5kSqOKHCkRKSElEysYq/KivnrU4caTW3vQ4VEyJOlXFGRIYjZ0xORsKZ6lRUFOzRokXJUHwLKkoCSqakBOTMGdOixxHHDJgwpcRxpEqeWUjOiIpLIp3vLMJ3ZkhCRmmszsmIxdOJX6LsLsc4ehSKXa18vFbhKY7vlO255Yr9ikC/boXZ+rlLNhEX6meqrqTauZSCE+36czt8K1yxh7tXf9aZfLhHsf5XqnzKufSPpVQmJhnObdEhlINC9wTHgdZdQnXke7oMeEOPdwy07tCnT4cTBnR5rdwefRxf0+OEQ2V0hRd7R3LMCT/i+IauYnztxPqzUCzhFwpzdymOc91jRqGee+aB7prohndX2M9QvuaOUjlDzZGPdNIv05xFjM0VhRjO1MulN0rrX2yOmOkuXtubfT8NFzZ7yym+ItcMe7cuOHnlFow+pGpwyzOX+gmIiMk5VcSQnBktKq7E+y0R56Q4DtW9N5qSis51jj/nSi5JmIlBl0x15hT6G5lvQuM+XPO9s7ckVr5nenZ9q/uc4tSrG43eqXvLvdC6nKwo0DJV8xU3DcU1M+8nmqlV/qFyS71uOc/ok0j1VDe4/Q48J6DNDrvsM9E5Q+1c2BvR1jvR5hX76sEZiaJGcnViFXYJeMEuu7zixVrNDocc0GP/DhwXWT0OeH1rZ12nZRVndf4Um7b4Op5dr17eW6/P7+DLLzRRNy9jX9r4bl9YtRv/nxAx81zc1uqd3BOC/wAAAP//AQAA//8HW0wwAHicYmBmAIP/5xiMGLAAAAAAAP//AQAA//8vAQIDAAAA");
+}
+@font-face {
+	font-family: d2-3019508570-font-semibold;
+	src: url("data:application/font-woff;base64,d09GRgABAAAAABLcAAoAAAAAHFAAAguFAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgXqrWeWNtYXAAAAFUAAAA0QAAASgGygeUZ2x5ZgAAAigAAAueAAAP0Hr8LEhoZWFkAAANyAAAADYAAAA2FnoA72hoZWEAAA4AAAAAJAAAACQKgQX1aG10eAAADiQAAAC6AAAA1GYRCahsb2NhAAAO4AAAAGwAAABsbgpyRG1heHAAAA9MAAAAIAAAACAATQD2bmFtZQAAD2wAAANOAAAIcCYSZQ5wb3N0AAASvAAAAB0AAAAg/9EAMgADAhoCWAAFAAACigJYAAAASwKKAlgAAAFeADIBJgAAAgsGAwMEAwICBGAAAvcAAAADAAAAAAAAAABBREJPAAAAIP//Au7/BgAAA9gBESAAAZ8AAAAAAesClAAAACAAA3icjM67LrMBHIDx3/u1/VB1PlO81LFVajAYRAwmEUJiEYNRLGIQbslhFofFJXAHdouk+1/SNGbP/BseJDISFGSTIspSWXmpkoqqNes2bNq2Y9e+Q0eOnThz4cpNBL+21rRbDbvnoGlPnbt0HRGfCnIRUY/vqMdXvMVrvMRzPMVjfMR7PMR93MVt4+ivJVbULJkxa868BYvKVlX8k5GV81+LVm3y2hV0qFrWqUu3Hr369BswaMiwEaPGFI2bMCk1ZVqJHwAAAP//AQAA//+bijVBAAAAeJyMV31sG/d5fn8/UjxLoiXR5JHm98eRd6RIkdQdj0dKJkV9izT1TckWTcm25PhDtmRbsuI1sbs6KTI1wDi3KNzEy4AlC+J267ImAdwVm7FG9h/pVrRIWq9ruzRAu6BYNGwJplXFEB2Hu6O+/Nf+OJ5E3L0fz/s8z/sj1EABAOfx10EFtdAIh4AE4HRunY9jGIoQOEGgTCqBQTqigH4v3v0gEVZHIupw9N3WZy5fRuOL+Otbl46eP3PmVzNTU+KdH78vnkJ//j4ArogAOIrLUAs6AD3BMTTNUBqNSs/pKYYifm66Z2qyN6gP2tcfrz5+hvtXDpVGRmKLcWFBvILLW0tvvQUAoILxahwdWICSauNYo5E0aAhSvmkoFcfG+RhNUbrtP8bf77mQigbj/Z1LA4vjPelMZmJ2YCifm8VlR/+R8GijWjvY1TkZQF9im6N+keaFWAQAELRWNjCN74INoMZD03wsHudYo4mgacqj0ZAGI8fGBZNGg46PvTA8ujqWPuVMm1M0Px6ZHQv12NL+c9qhb1y6+PIo6z5qcSbnc1f+0OfIhlsBsNxHBpfhgISH3AVp0FDMTs1/c+ebb3ytk5u7dGmOw+XXXvuLezPLX/iDRbmucQD0W1yGenk2pJvkSIp0k+PoRfGT9XXkwuXZe7Pvzm4/iydxGbRyFh2n5wg9pSLI8Wuqf7/1g/UvvTWDy+LPUKAiXkWxlX/YeecOLoNTfkdvNJq4eFzQczpKF4vHBYpQUSqGcmBSN/78tXqyTl1vqLv65Ys1hErNX+y9FFOriBpcFr/v7HS5Op0os7WEgs5szvGS+AtEv+TIZZ3iYwkDCd8lfBcawboPYXmQjIKER8IZjU48l80+NzEpfU4OlkqDg6WSdvzl+fk7IyN35udfHn/q+cXFmzcXF5/fxtYh92zYwxANRZE6jlXg/VF2qavrSv/MxO2j2VFcpo/nB2bCn6LB62lp9NUYbbgMDWDayzI9paJ0u8z6sGeho7/9lef++Mx0d39/9zQueyeyR0sG8b8QVACVkkKiBWRM6coG2sJ3ISh3yghGoxKEYcJ4P7FIg9FoMiklo0Ndz0Z6qGJLoi0ZKrpSTHIuk5yn2529zeGkPWqdasslLmjZ8LA7EKYDXj3TEOqJxsZbW+icxRHwmt2mep95tJ8/zgOgyucA2IbLcBCAU+2Zq+q9Hz5barI0qXXmxhPX/wmXxe8KZxOJswLKbi0BhkhlAz1Em2CWFGfySGMS5FIJRi6c1FGSlhk2LvCyLr6fGX3xG4hhvb3u5sC5ttKJkwfU7qOEo9V2ZsivHckMH2tikjbDoIVeOCd+GLfRRbt58SDncztk7LOVDVyL1+AQOCS0GIqgdBxJKLn2UEPSPBL6Mqq6E8sqZ85XOnvk5HBrF5uIJSycNhPDa/fHrJ7Vq4XrHScnx3NjwsdGvTSLQGUD3UebT7BuF/5tWRu7L3b0XO2M9FkTer+p/Wi2zc6REU9Bm1oeHVtOuUxHdfpiLls06/IOB2AIVjbQOl4DvaQcBSc5MMNz2wgJ/HaS/ykttp/im9tt6uWTB9TWAa0QNbPmSHebdvULI9fSdvPw21tp3kqfFD42HZoYHC4ovJRq/2e0CYelHPs1Q7iN26WrOFk6yNqzmOk8n+wuhmvE9w4MtbsEK0NNvv0Llg12S12MXEu3X+j1GjoH9LoBkwNFk50dCl+tAKiIf6T4P8ULfKyKEeUhJb/RTXd15Y9Zok1GqzV96hS6PVnDDc7VEZPacf6EeEX2an+FQf+LNoGFNORlRGg+JiEgEYjfBZ4jqapCPTSjGGt10qo9JqCvis7DSP9ttE3zfXqzmzQz8SnO4Gv8TlHbxBZiTR5d/UGq5djUiczTOYpt9XpZNtqea2nu9lvpnp/bksFUSK31O+yRRrW+J5gcChA1Ew1BS/worSHqDDrycDITHQ6jB7FImGMjkZhYjjrtBsLudfskXLIA6D/wWtVZtkkpOaMsCF12We3Ms8MDy96Aq9WJ1+6ftLecnRZ/iHwp1ukQvwWVCqQB4D38CNPAAgABHDwP1dgY47UdrxYkr2YIMntVdf+L3/zezS8O4jWx/9fviR8+Pn5Ter6yAb/Da9CosE3H6Xa4+70Ut9xUqyaIxjqnNpfBPVv3SR1Ck2qNkkd1AG2CW84jmYA0hX2dEDv37MkDamc2HO/UUYPhodw1Hx1OLvuYcBKtd7vDkQDNbreXEr9VvW3jhDarOFVz7MVJsoShHaDQepcrvA+nKtc/R5v/j/1wKDXf1TWfSkuf6Xg6HY+nUlWVppbHRpdTM8VsrihpVfGXNK5Fm1Wd7lZXZaCJ1O8xGLn/QX/pqSMnBVfGoZpTDMbKruG/jlno1aXC9bTdPHYXkbsWU+3/OtqsbnclQ9VhlOYtOYYiDQeNTfaMCa0fi3J1Z9TqloT4U0V/hysb6KtoE/zybHf3Ba3si31+ZXJg0qD5gD3jjbu7fH7aGbW4OvynxmJjDt7C233eI35PJjirZew5s8NjJq1knZYSAp1jXlOf3uQ02R0NWioR7pgCBIbKBiriq2BUOMVTvCBw8gHDUKXW7yb6+/INp27e7D1oqzMYOO3c8CeTNS+8cOKTSUI9QdQr9fdUNtBv0Lo0/33c1FWt8JfS5P2uVtvyTK3KldeenUYx8Zcp1uVFIyI5QIcBSTqQYyj7ylTdVwKn+u5frQzVSecOsm7o8j20XvHmaDrnrYiknLsBAP0ErYMZgNMze14kTFT13EkQDa987YZQb6pX1xpqI9e/+sqNI1rzQXWdsT6GYH3aEDQYgobp3//3aWOIJIOm01JcbSUu12PZOxNB2FeaRjNvcDSQhL6WiWhr312ZqCfr1bX62tzlt53H/1GjLuKaiM+JPv7M1U95+t2fbVXGT0uc9Fc20L/gVaivcl2ZMWmQeC7PvXrkNCKYW1mZky5n1GqNOh1Rmy2q/farr77xxquvfrsYmS8WzweD54vF+YhUcw4A/QDfkD1FWkN8PC5IxpUrr0T6HJM3Z9BrA7XmQ1u/nlHm5gZAP8WrUhUcn8aKxLb3vEGjkQyPI+mpW31xzpeyZEIznaWFjgsd5jbTK92Tf3Q5yh5ptmci3PxUYuWZblwzW+Xyj/EqBJ7kMsVvi3g3w/ZB/tPBCx7BnovGOt2j2ZkBNuRL29sD08nSUnsskU89peV9OXuAa3G3WgptIX+L29rvDR0b5bMGdeNIR9tYSNmXh+Sz8g2olZgocNLmkcav5928XsKBIr98T43UWksDJ/7286+MjGzdtuVt5qhFHHt9CL0o3pp6fUeP7+Mb4HqiB7l2vZukiF1r+mzwAsXbB6J8X4Z3NtsFPSp8etDAmIWi0HFWy1M5ayDTlkzr9BRqO323rr75eG/vbEyp11fZQD+ReeAH0CuakYev38kaF2Sf2muGf8JHbSlzbSbCJHLJgj19SLD7u5qxLU+NnRNOxNMXOvqW0N8m2iimkE+LuNnRR1pD5457/KfPZKa5rq9cfPZPB5T8Eg9v478EM/gABDqtemI+DSoTsYedf6YxBkKOIO1kjRl3KTH0lLMlZFGzzmDQ6QoGfxbqSbBRqzdkO9xOtxbG6COx2BHmNyGPJyRdEq7N8AE6jGhQAQg8Rzb/5weFgvR9sXIeOfAjIGSHJqUDYPHRwsJLqlLHlqdj+0x9Hj6pPiNzm9PRCwuPXurAv+r4/HWlH0ryEPwiWOVfMwLFKxdHyBdJyRclUISeE6jjhwcnmkZPGHvJFVMPOTLVNDFj6jOtHHY93fT0w/yt/Jtvvvlm/lb+4cOHqPGWUoMH5tBHuFX6LSbwFM/xilk+fuedY++8M/eg8OBB4YG08z3wHfQR+jdMQwyugAZicHt7T8Dfo3Wpf2nnZ5fRukgCqvwd7oRe/EiKq9uDt5OmnU6axp1eh93rtTu8cg3IhT5C16QYet5NetAD5JJQhP8DAAD//wEAAP//4p5ejQAAAAEAAAACC4WuKBmDXw889QADA+gAAAAA2F2gqwAAAADYXhEz/jj+zwhuA90AAAADAAIAAAAAAAAAAQAAA9j+7wAACJj+OP44CG4AAQAAAAAAAAAAAAAAAAAAADV4nCzKwSoFcRzF8e85NEmiZDGxGpppBg0TW5Im9WOj/my8gaWF95EX8AA8gJV3sLTyAHTnNtNdnD7n1PELd3yC22Hme5Iv6PxE8jZp2j8kv9L5iuRbkgsq58O/lznyCaEvGp9yoD8anbHjFWq3hDLOvUpog1i6IXxMuJy+oWdCb+R6ZMuH9PplTd+sj1rUFtcWhUVusbmw1Ae1LtlXz4N6Kos9i90xyggY3sc+BwAA//8BAAD//+iKHwsAAAAAACwALABQAIYAtADSAOgBAgE2AWIBhAGsAe4CCgJCAnICngLQAwQDJgOQA7IDvgPWA/IEJARGBHIEpATEBQAFJAVGBWIFjgW8BegGAAYqBmgGjAbABwAHOAdEB1YHaAeYB6wHuAfEB9oH6AABAAAANQCOAAwAZAAHAAEAAAAAAAAAAAAAAAAABAADeJyclEFvG0UcxX9rpzYVIioIRamEqjmC1K6TKKna5oJDGtUisoM3BXHcxGt7FXvX2l0nhI/BR+DGF+DMqR+BA0c+AAcOnNG8mcR1QJBGlZq3npk37//+b/7AWrBKnWDlPvAGPA7Y4I3HNVb5y+M63WDF45W39txjEPQ9bvA4+NnjJr8Ev3v8Htu1Hz2+z3rtV4/fZ6v2h8cf1E3deLzKduNzjx/wqFF5/CEPGj84HMCzhucMAtYbv3lc4+PGnx7XWWs2PF5hrfmJx/f4qLnlcYNHzX1+wrDFBptsYHhy/fUMQ5sBOSckGCIuKalImFJi6JBxSk7BTP/HWhtg+JQxFRUzXtCixYX+hcTXbKFOTmnxGY8xXJBSMcbQJ6EkoeDcsx2Qk1Fh6BIztVrMOhE5cwpOScxDwre/pTUmk8ojCnL9YnWnnJAzYaB7RsyZEFOwRcgG2+ywS5t99uixu8R5xej4nvyDz53rscdLvpb+klTKzRL7mJxK1WecY9jUWij3n7PLlJgzEu0akvCd6rEMO4Q8ZYcdnvP0nbQte5PKlxhDpa4NtNu6cIYhZ3jnvqeq1vbRnntNpq66tYjK73S3Zwxo6bxRrWN5ZsQ8V78LUu0O76TmiFjdNewTYnjlWW+fzIpLZiQcM/aeLZIYyaeKC/m2cHVCKpczZdjWPVelrrYrZyI6HGLoiT9bYj5cYrBv42aaNpUWW9NC2fK9ix6fE5Mq4ydMtLJ4abHubfOVcMULzA13Sk7VhRmV+lCKK5TPI1r0OODwhpL/92igv66/J8yvE+Kqs8mw77tNpO5G5iGGPX13iOTIN3Q45hU9XnOs7zZ9+rTpckyHlzrbo4/hC3p02deJjrBbO1DKu3yL4Us62mO5E++P65h9fzOpL6Xd5TVlykyeW+Whny7JnTpsGHrWq7OlzpySMtROo/5lmlYxI5+KmRRO5eVVNhYvyyViqlpsbxfrI3JN1kKv07IaLv18sGl1mtwUqG7R1fBOmfnvaX1zfh3ppqFUFz4tbamzuY4pOXO5IVd9GQlnlERyrpSv9sz3Ysg1iwq9jJHUW7faTJRE64ubIdbLf/t1JH2F+uN4bbas05NrR4finrvk/A0AAP//AQAA///ZL1xfAAB4nGJgZgCD/+cYjBiwAAAAAAD//wEAAP//LwECAwAAAA==");
+}]]></style><style type="text/css"><![CDATA[.shape {
+  shape-rendering: geometricPrecision;
+  stroke-linejoin: round;
+}
+.connection {
+  stroke-linecap: round;
+  stroke-linejoin: round;
+}
+.blend {
+  mix-blend-mode: multiply;
+  opacity: 0.5;
+}
+
+		.d2-3019508570 .fill-N1{fill:#0A0F25;}
+		.d2-3019508570 .fill-N2{fill:#676C7E;}
+		.d2-3019508570 .fill-N3{fill:#9499AB;}
+		.d2-3019508570 .fill-N4{fill:#CFD2DD;}
+		.d2-3019508570 .fill-N5{fill:#DEE1EB;}
+		.d2-3019508570 .fill-N6{fill:#EEF1F8;}
+		.d2-3019508570 .fill-N7{fill:#FFFFFF;}
+		.d2-3019508570 .fill-B1{fill:#0D32B2;}
+		.d2-3019508570 .fill-B2{fill:#0D32B2;}
+		.d2-3019508570 .fill-B3{fill:#E3E9FD;}
+		.d2-3019508570 .fill-B4{fill:#E3E9FD;}
+		.d2-3019508570 .fill-B5{fill:#EDF0FD;}
+		.d2-3019508570 .fill-B6{fill:#F7F8FE;}
+		.d2-3019508570 .fill-AA2{fill:#4A6FF3;}
+		.d2-3019508570 .fill-AA4{fill:#EDF0FD;}
+		.d2-3019508570 .fill-AA5{fill:#F7F8FE;}
+		.d2-3019508570 .fill-AB4{fill:#EDF0FD;}
+		.d2-3019508570 .fill-AB5{fill:#F7F8FE;}
+		.d2-3019508570 .stroke-N1{stroke:#0A0F25;}
+		.d2-3019508570 .stroke-N2{stroke:#676C7E;}
+		.d2-3019508570 .stroke-N3{stroke:#9499AB;}
+		.d2-3019508570 .stroke-N4{stroke:#CFD2DD;}
+		.d2-3019508570 .stroke-N5{stroke:#DEE1EB;}
+		.d2-3019508570 .stroke-N6{stroke:#EEF1F8;}
+		.d2-3019508570 .stroke-N7{stroke:#FFFFFF;}
+		.d2-3019508570 .stroke-B1{stroke:#0D32B2;}
+		.d2-3019508570 .stroke-B2{stroke:#0D32B2;}
+		.d2-3019508570 .stroke-B3{stroke:#E3E9FD;}
+		.d2-3019508570 .stroke-B4{stroke:#E3E9FD;}
+		.d2-3019508570 .stroke-B5{stroke:#EDF0FD;}
+		.d2-3019508570 .stroke-B6{stroke:#F7F8FE;}
+		.d2-3019508570 .stroke-AA2{stroke:#4A6FF3;}
+		.d2-3019508570 .stroke-AA4{stroke:#EDF0FD;}
+		.d2-3019508570 .stroke-AA5{stroke:#F7F8FE;}
+		.d2-3019508570 .stroke-AB4{stroke:#EDF0FD;}
+		.d2-3019508570 .stroke-AB5{stroke:#F7F8FE;}
+		.d2-3019508570 .background-color-N1{background-color:#0A0F25;}
+		.d2-3019508570 .background-color-N2{background-color:#676C7E;}
+		.d2-3019508570 .background-color-N3{background-color:#9499AB;}
+		.d2-3019508570 .background-color-N4{background-color:#CFD2DD;}
+		.d2-3019508570 .background-color-N5{background-color:#DEE1EB;}
+		.d2-3019508570 .background-color-N6{background-color:#EEF1F8;}
+		.d2-3019508570 .background-color-N7{background-color:#FFFFFF;}
+		.d2-3019508570 .background-color-B1{background-color:#0D32B2;}
+		.d2-3019508570 .background-color-B2{background-color:#0D32B2;}
+		.d2-3019508570 .background-color-B3{background-color:#E3E9FD;}
+		.d2-3019508570 .background-color-B4{background-color:#E3E9FD;}
+		.d2-3019508570 .background-color-B5{background-color:#EDF0FD;}
+		.d2-3019508570 .background-color-B6{background-color:#F7F8FE;}
+		.d2-3019508570 .background-color-AA2{background-color:#4A6FF3;}
+		.d2-3019508570 .background-color-AA4{background-color:#EDF0FD;}
+		.d2-3019508570 .background-color-AA5{background-color:#F7F8FE;}
+		.d2-3019508570 .background-color-AB4{background-color:#EDF0FD;}
+		.d2-3019508570 .background-color-AB5{background-color:#F7F8FE;}
+		.d2-3019508570 .color-N1{color:#0A0F25;}
+		.d2-3019508570 .color-N2{color:#676C7E;}
+		.d2-3019508570 .color-N3{color:#9499AB;}
+		.d2-3019508570 .color-N4{color:#CFD2DD;}
+		.d2-3019508570 .color-N5{color:#DEE1EB;}
+		.d2-3019508570 .color-N6{color:#EEF1F8;}
+		.d2-3019508570 .color-N7{color:#FFFFFF;}
+		.d2-3019508570 .color-B1{color:#0D32B2;}
+		.d2-3019508570 .color-B2{color:#0D32B2;}
+		.d2-3019508570 .color-B3{color:#E3E9FD;}
+		.d2-3019508570 .color-B4{color:#E3E9FD;}
+		.d2-3019508570 .color-B5{color:#EDF0FD;}
+		.d2-3019508570 .color-B6{color:#F7F8FE;}
+		.d2-3019508570 .color-AA2{color:#4A6FF3;}
+		.d2-3019508570 .color-AA4{color:#EDF0FD;}
+		.d2-3019508570 .color-AA5{color:#F7F8FE;}
+		.d2-3019508570 .color-AB4{color:#EDF0FD;}
+		.d2-3019508570 .color-AB5{color:#F7F8FE;}.appendix text.text{fill:#0A0F25}.md{--color-fg-default:#0A0F25;--color-fg-muted:#676C7E;--color-fg-subtle:#9499AB;--color-canvas-default:#FFFFFF;--color-canvas-subtle:#EEF1F8;--color-border-default:#0D32B2;--color-border-muted:#0D32B2;--color-neutral-muted:#EEF1F8;--color-accent-fg:#0D32B2;--color-accent-emphasis:#0D32B2;--color-attention-subtle:#676C7E;--color-danger-fg:red;}.sketch-overlay-B1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B2{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B3{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-AA4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-N2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-N3{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N4{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N7{fill:url(#streaks-bright);mix-blend-mode:darken}.light-code{display: block}.dark-code{display: none}]]></style><style type="text/css">.d2-3019508570 .md em,
+.d2-3019508570 .md dfn {
+  font-family: "d2-3019508570-font-italic";
+}
+
+.d2-3019508570 .md b,
+.d2-3019508570 .md strong {
+  font-family: "d2-3019508570-font-bold";
+}
+
+.d2-3019508570 .md code,
+.d2-3019508570 .md kbd,
+.d2-3019508570 .md pre,
+.d2-3019508570 .md samp {
+  font-family: "d2-3019508570-font-mono";
+  font-size: 1em;
+}
+
+.d2-3019508570 .md {
+  tab-size: 4;
+}
+
+/* variables are provided in d2renderers/d2svg/d2svg.go */
+
+.d2-3019508570 .md {
+  -ms-text-size-adjust: 100%;
+  -webkit-text-size-adjust: 100%;
+  margin: 0;
+  color: var(--color-fg-default);
+  background-color: transparent; /* we don't want to define the background color */
+  font-family: "d2-3019508570-font-regular";
+  font-size: 16px;
+  line-height: 1.5;
+  word-wrap: break-word;
+}
+
+.d2-3019508570 .md details,
+.d2-3019508570 .md figcaption,
+.d2-3019508570 .md figure {
+  display: block;
+}
+
+.d2-3019508570 .md summary {
+  display: list-item;
+}
+
+.d2-3019508570 .md [hidden] {
+  display: none !important;
+}
+
+.d2-3019508570 .md a {
+  background-color: transparent;
+  color: var(--color-accent-fg);
+  text-decoration: none;
+}
+
+.d2-3019508570 .md a:active,
+.d2-3019508570 .md a:hover {
+  outline-width: 0;
+}
+
+.d2-3019508570 .md abbr[title] {
+  border-bottom: none;
+  text-decoration: underline dotted;
+}
+
+.d2-3019508570 .md dfn {
+  font-style: italic;
+}
+
+.d2-3019508570 .md h1 {
+  margin: 0.67em 0;
+  padding-bottom: 0.3em;
+  font-size: 2em;
+  border-bottom: 1px solid var(--color-border-muted);
+}
+
+.d2-3019508570 .md mark {
+  background-color: var(--color-attention-subtle);
+  color: var(--color-text-primary);
+}
+
+.d2-3019508570 .md small {
+  font-size: 90%;
+}
+
+.d2-3019508570 .md sub,
+.d2-3019508570 .md sup {
+  font-size: 75%;
+  line-height: 0;
+  position: relative;
+  vertical-align: baseline;
+}
+
+.d2-3019508570 .md sub {
+  bottom: -0.25em;
+}
+
+.d2-3019508570 .md sup {
+  top: -0.5em;
+}
+
+.d2-3019508570 .md img {
+  border-style: none;
+  max-width: 100%;
+  box-sizing: content-box;
+  background-color: var(--color-canvas-default);
+}
+
+.d2-3019508570 .md figure {
+  margin: 1em 40px;
+}
+
+.d2-3019508570 .md hr {
+  box-sizing: content-box;
+  overflow: hidden;
+  background: transparent;
+  border-bottom: 1px solid var(--color-border-muted);
+  height: 0.25em;
+  padding: 0;
+  margin: 24px 0;
+  background-color: var(--color-border-default);
+  border: 0;
+}
+
+.d2-3019508570 .md input {
+  font: inherit;
+  margin: 0;
+  overflow: visible;
+  font-family: inherit;
+  font-size: inherit;
+  line-height: inherit;
+}
+
+.d2-3019508570 .md [type="button"],
+.d2-3019508570 .md [type="reset"],
+.d2-3019508570 .md [type="submit"] {
+  -webkit-appearance: button;
+}
+
+.d2-3019508570 .md [type="button"]::-moz-focus-inner,
+.d2-3019508570 .md [type="reset"]::-moz-focus-inner,
+.d2-3019508570 .md [type="submit"]::-moz-focus-inner {
+  border-style: none;
+  padding: 0;
+}
+
+.d2-3019508570 .md [type="button"]:-moz-focusring,
+.d2-3019508570 .md [type="reset"]:-moz-focusring,
+.d2-3019508570 .md [type="submit"]:-moz-focusring {
+  outline: 1px dotted ButtonText;
+}
+
+.d2-3019508570 .md [type="checkbox"],
+.d2-3019508570 .md [type="radio"] {
+  box-sizing: border-box;
+  padding: 0;
+}
+
+.d2-3019508570 .md [type="number"]::-webkit-inner-spin-button,
+.d2-3019508570 .md [type="number"]::-webkit-outer-spin-button {
+  height: auto;
+}
+
+.d2-3019508570 .md [type="search"] {
+  -webkit-appearance: textfield;
+  outline-offset: -2px;
+}
+
+.d2-3019508570 .md [type="search"]::-webkit-search-cancel-button,
+.d2-3019508570 .md [type="search"]::-webkit-search-decoration {
+  -webkit-appearance: none;
+}
+
+.d2-3019508570 .md ::-webkit-input-placeholder {
+  color: inherit;
+  opacity: 0.54;
+}
+
+.d2-3019508570 .md ::-webkit-file-upload-button {
+  -webkit-appearance: button;
+  font: inherit;
+}
+
+.d2-3019508570 .md a:hover {
+  text-decoration: underline;
+}
+
+.d2-3019508570 .md hr::before {
+  display: table;
+  content: "";
+}
+
+.d2-3019508570 .md hr::after {
+  display: table;
+  clear: both;
+  content: "";
+}
+
+.d2-3019508570 .md table {
+  border-spacing: 0;
+  border-collapse: collapse;
+  display: block;
+  width: max-content;
+  max-width: 100%;
+  overflow: auto;
+}
+
+.d2-3019508570 .md td,
+.d2-3019508570 .md th {
+  padding: 0;
+}
+
+.d2-3019508570 .md details summary {
+  cursor: pointer;
+}
+
+.d2-3019508570 .md details:not([open]) > *:not(summary) {
+  display: none !important;
+}
+
+.d2-3019508570 .md kbd {
+  display: inline-block;
+  padding: 3px 5px;
+  color: var(--color-fg-default);
+  vertical-align: middle;
+  background-color: var(--color-canvas-subtle);
+  border: solid 1px var(--color-neutral-muted);
+  border-bottom-color: var(--color-neutral-muted);
+  border-radius: 6px;
+  box-shadow: inset 0 -1px 0 var(--color-neutral-muted);
+}
+
+.d2-3019508570 .md h1,
+.d2-3019508570 .md h2,
+.d2-3019508570 .md h3,
+.d2-3019508570 .md h4,
+.d2-3019508570 .md h5,
+.d2-3019508570 .md h6 {
+  margin-top: 24px;
+  margin-bottom: 16px;
+  font-weight: 400;
+  line-height: 1.25;
+  font-family: "d2-3019508570-font-semibold";
+}
+
+.d2-3019508570 .md h2 {
+  padding-bottom: 0.3em;
+  font-size: 1.5em;
+  border-bottom: 1px solid var(--color-border-muted);
+}
+
+.d2-3019508570 .md h3 {
+  font-size: 1.25em;
+}
+
+.d2-3019508570 .md h4 {
+  font-size: 1em;
+}
+
+.d2-3019508570 .md h5 {
+  font-size: 0.875em;
+}
+
+.d2-3019508570 .md h6 {
+  font-size: 0.85em;
+  color: var(--color-fg-muted);
+}
+
+.d2-3019508570 .md p {
+  margin-top: 0;
+  margin-bottom: 10px;
+}
+
+.d2-3019508570 .md blockquote {
+  margin: 0;
+  padding: 0 1em;
+  color: var(--color-fg-muted);
+  border-left: 0.25em solid var(--color-border-default);
+}
+
+.d2-3019508570 .md ul,
+.d2-3019508570 .md ol {
+  margin-top: 0;
+  margin-bottom: 0;
+  padding-left: 2em;
+}
+
+.d2-3019508570 .md ol ol,
+.d2-3019508570 .md ul ol {
+  list-style-type: lower-roman;
+}
+
+.d2-3019508570 .md ul ul ol,
+.d2-3019508570 .md ul ol ol,
+.d2-3019508570 .md ol ul ol,
+.d2-3019508570 .md ol ol ol {
+  list-style-type: lower-alpha;
+}
+
+.d2-3019508570 .md dd {
+  margin-left: 0;
+}
+
+.d2-3019508570 .md pre {
+  margin-top: 0;
+  margin-bottom: 0;
+  word-wrap: normal;
+}
+
+.d2-3019508570 .md ::placeholder {
+  color: var(--color-fg-subtle);
+  opacity: 1;
+}
+
+.d2-3019508570 .md input::-webkit-outer-spin-button,
+.d2-3019508570 .md input::-webkit-inner-spin-button {
+  margin: 0;
+  -webkit-appearance: none;
+  appearance: none;
+}
+
+.d2-3019508570 .md::before {
+  display: table;
+  content: "";
+}
+
+.d2-3019508570 .md::after {
+  display: table;
+  clear: both;
+  content: "";
+}
+
+.d2-3019508570 .md > *:first-child {
+  margin-top: 0 !important;
+}
+
+.d2-3019508570 .md > *:last-child {
+  margin-bottom: 0 !important;
+}
+
+.d2-3019508570 .md a:not([href]) {
+  color: inherit;
+  text-decoration: none;
+}
+
+.d2-3019508570 .md .absent {
+  color: var(--color-danger-fg);
+}
+
+.d2-3019508570 .md .anchor {
+  float: left;
+  padding-right: 4px;
+  margin-left: -20px;
+  line-height: 1;
+}
+
+.d2-3019508570 .md .anchor:focus {
+  outline: none;
+}
+
+.d2-3019508570 .md p,
+.d2-3019508570 .md blockquote,
+.d2-3019508570 .md ul,
+.d2-3019508570 .md ol,
+.d2-3019508570 .md dl,
+.d2-3019508570 .md table,
+.d2-3019508570 .md pre,
+.d2-3019508570 .md details {
+  margin-top: 0;
+  margin-bottom: 16px;
+}
+
+.d2-3019508570 .md blockquote > :first-child {
+  margin-top: 0;
+}
+
+.d2-3019508570 .md blockquote > :last-child {
+  margin-bottom: 0;
+}
+
+.d2-3019508570 .md sup > a::before {
+  content: "[";
+}
+
+.d2-3019508570 .md sup > a::after {
+  content: "]";
+}
+
+.d2-3019508570 .md h1:hover .anchor,
+.d2-3019508570 .md h2:hover .anchor,
+.d2-3019508570 .md h3:hover .anchor,
+.d2-3019508570 .md h4:hover .anchor,
+.d2-3019508570 .md h5:hover .anchor,
+.d2-3019508570 .md h6:hover .anchor {
+  text-decoration: none;
+}
+
+.d2-3019508570 .md h1 tt,
+.d2-3019508570 .md h1 code,
+.d2-3019508570 .md h2 tt,
+.d2-3019508570 .md h2 code,
+.d2-3019508570 .md h3 tt,
+.d2-3019508570 .md h3 code,
+.d2-3019508570 .md h4 tt,
+.d2-3019508570 .md h4 code,
+.d2-3019508570 .md h5 tt,
+.d2-3019508570 .md h5 code,
+.d2-3019508570 .md h6 tt,
+.d2-3019508570 .md h6 code {
+  padding: 0 0.2em;
+  font-size: inherit;
+}
+
+.d2-3019508570 .md ul.no-list,
+.d2-3019508570 .md ol.no-list {
+  padding: 0;
+  list-style-type: none;
+}
+
+.d2-3019508570 .md ol[type="1"] {
+  list-style-type: decimal;
+}
+
+.d2-3019508570 .md ol[type="a"] {
+  list-style-type: lower-alpha;
+}
+
+.d2-3019508570 .md ol[type="i"] {
+  list-style-type: lower-roman;
+}
+
+.d2-3019508570 .md div > ol:not([type]) {
+  list-style-type: decimal;
+}
+
+.d2-3019508570 .md ul ul,
+.d2-3019508570 .md ul ol,
+.d2-3019508570 .md ol ol,
+.d2-3019508570 .md ol ul {
+  margin-top: 0;
+  margin-bottom: 0;
+}
+
+.d2-3019508570 .md li > p {
+  margin-top: 16px;
+}
+
+.d2-3019508570 .md li + li {
+  margin-top: 0.25em;
+}
+
+.d2-3019508570 .md dl {
+  padding: 0;
+}
+
+.d2-3019508570 .md dl dt {
+  padding: 0;
+  margin-top: 16px;
+  font-size: 1em;
+  font-style: italic;
+  font-family: "d2-3019508570-font-semibold";
+}
+
+.d2-3019508570 .md dl dd {
+  padding: 0 16px;
+  margin-bottom: 16px;
+}
+
+.d2-3019508570 .md table th {
+  font-family: "d2-3019508570-font-semibold";
+}
+
+.d2-3019508570 .md table th,
+.d2-3019508570 .md table td {
+  padding: 6px 13px;
+  border: 1px solid var(--color-border-default);
+}
+
+.d2-3019508570 .md table tr {
+  background-color: var(--color-canvas-default);
+  border-top: 1px solid var(--color-border-muted);
+}
+
+.d2-3019508570 .md table tr:nth-child(2n) {
+  background-color: var(--color-canvas-subtle);
+}
+
+.d2-3019508570 .md table img {
+  background-color: transparent;
+}
+
+.d2-3019508570 .md img[align="right"] {
+  padding-left: 20px;
+}
+
+.d2-3019508570 .md img[align="left"] {
+  padding-right: 20px;
+}
+
+.d2-3019508570 .md span.frame {
+  display: block;
+  overflow: hidden;
+}
+
+.d2-3019508570 .md span.frame > span {
+  display: block;
+  float: left;
+  width: auto;
+  padding: 7px;
+  margin: 13px 0 0;
+  overflow: hidden;
+  border: 1px solid var(--color-border-default);
+}
+
+.d2-3019508570 .md span.frame span img {
+  display: block;
+  float: left;
+}
+
+.d2-3019508570 .md span.frame span span {
+  display: block;
+  padding: 5px 0 0;
+  clear: both;
+  color: var(--color-fg-default);
+}
+
+.d2-3019508570 .md span.align-center {
+  display: block;
+  overflow: hidden;
+  clear: both;
+}
+
+.d2-3019508570 .md span.align-center > span {
+  display: block;
+  margin: 13px auto 0;
+  overflow: hidden;
+  text-align: center;
+}
+
+.d2-3019508570 .md span.align-center span img {
+  margin: 0 auto;
+  text-align: center;
+}
+
+.d2-3019508570 .md span.align-right {
+  display: block;
+  overflow: hidden;
+  clear: both;
+}
+
+.d2-3019508570 .md span.align-right > span {
+  display: block;
+  margin: 13px 0 0;
+  overflow: hidden;
+  text-align: right;
+}
+
+.d2-3019508570 .md span.align-right span img {
+  margin: 0;
+  text-align: right;
+}
+
+.d2-3019508570 .md span.float-left {
+  display: block;
+  float: left;
+  margin-right: 13px;
+  overflow: hidden;
+}
+
+.d2-3019508570 .md span.float-left span {
+  margin: 13px 0 0;
+}
+
+.d2-3019508570 .md span.float-right {
+  display: block;
+  float: right;
+  margin-left: 13px;
+  overflow: hidden;
+}
+
+.d2-3019508570 .md span.float-right > span {
+  display: block;
+  margin: 13px auto 0;
+  overflow: hidden;
+  text-align: right;
+}
+
+.d2-3019508570 .md code,
+.d2-3019508570 .md tt {
+  padding: 0.2em 0.4em;
+  margin: 0;
+  font-size: 85%;
+  background-color: var(--color-neutral-muted);
+  border-radius: 6px;
+}
+
+.d2-3019508570 .md code br,
+.d2-3019508570 .md tt br {
+  display: none;
+}
+
+.d2-3019508570 .md del code {
+  text-decoration: inherit;
+}
+
+.d2-3019508570 .md pre code {
+  font-size: 100%;
+}
+
+.d2-3019508570 .md pre > code {
+  padding: 0;
+  margin: 0;
+  word-break: normal;
+  white-space: pre;
+  background: transparent;
+  border: 0;
+}
+
+.d2-3019508570 .md .highlight {
+  margin-bottom: 16px;
+}
+
+.d2-3019508570 .md .highlight pre {
+  margin-bottom: 0;
+  word-break: normal;
+}
+
+.d2-3019508570 .md .highlight pre,
+.d2-3019508570 .md pre {
+  padding: 16px;
+  overflow: auto;
+  font-size: 85%;
+  line-height: 1.45;
+  background-color: var(--color-canvas-subtle);
+  border-radius: 6px;
+}
+
+.d2-3019508570 .md pre code,
+.d2-3019508570 .md pre tt {
+  display: inline;
+  max-width: auto;
+  padding: 0;
+  margin: 0;
+  overflow: visible;
+  line-height: inherit;
+  word-wrap: normal;
+  background-color: transparent;
+  border: 0;
+}
+
+.d2-3019508570 .md .csv-data td,
+.d2-3019508570 .md .csv-data th {
+  padding: 5px;
+  overflow: hidden;
+  font-size: 12px;
+  line-height: 1;
+  text-align: left;
+  white-space: nowrap;
+}
+
+.d2-3019508570 .md .csv-data .blob-num {
+  padding: 10px 8px 9px;
+  text-align: right;
+  background: var(--color-canvas-default);
+  border: 0;
+}
+
+.d2-3019508570 .md .csv-data tr {
+  border-top: 0;
+}
+
+.d2-3019508570 .md .csv-data th {
+  font-family: "d2-3019508570-font-semibold";
+  background: var(--color-canvas-subtle);
+  border-top: 0;
+}
+
+.d2-3019508570 .md .footnotes {
+  font-size: 12px;
+  color: var(--color-fg-muted);
+  border-top: 1px solid var(--color-border-default);
+}
+
+.d2-3019508570 .md .footnotes ol {
+  padding-left: 16px;
+}
+
+.d2-3019508570 .md .footnotes li {
+  position: relative;
+}
+
+.d2-3019508570 .md .footnotes li:target::before {
+  position: absolute;
+  top: -8px;
+  right: -8px;
+  bottom: -8px;
+  left: -24px;
+  pointer-events: none;
+  content: "";
+  border: 2px solid var(--color-accent-emphasis);
+  border-radius: 6px;
+}
+
+.d2-3019508570 .md .footnotes li:target {
+  color: var(--color-fg-default);
+}
+
+.d2-3019508570 .md .task-list-item {
+  list-style-type: none;
+}
+
+.d2-3019508570 .md .task-list-item label {
+  font-weight: 400;
+}
+
+.d2-3019508570 .md .task-list-item.enabled label {
+  cursor: pointer;
+}
+
+.d2-3019508570 .md .task-list-item + .task-list-item {
+  margin-top: 3px;
+}
+
+.d2-3019508570 .md .task-list-item .handle {
+  display: none;
+}
+
+.d2-3019508570 .md .task-list-item-checkbox {
+  margin: 0 0.2em 0.25em -1.6em;
+  vertical-align: middle;
+}
+
+.d2-3019508570 .md .contains-task-list:dir(rtl) .task-list-item-checkbox {
+  margin: 0 -1.6em 0.25em 0.2em;
+}
+</style><g id="title"><g class="shape" ></g><g><foreignObject requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" x="12.000000" y="130.000000" width="283" height="51"><div xmlns="http://www.w3.org/1999/xhtml" class="md"><h1>x509 RBAC Metadata</h1>
+</div></foreignObject></g></g><clipPath id="d2-3019508570-rbac"><path d="M 315.000000 27.000000 L 315.000000 27.000000 S 315.000000 12.000000 330.000000 12.000000 L 755.000000 12.000000 L 755.000000 12.000000 S 770.000000 12.000000 770.000000 27.000000 L 770.000000 285.000000 L 770.000000 300.000000 L 315.000000 300.000000Z 315.000000 12.000000" fill="none" /> </clipPath><g id="rbac" class="RBAC_TABLE"><g class="shape" ><rect x="315.000000" y="12.000000" width="455.000000" height="288.000000" rx="15.000000" ry="15.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="315.000000" y="12.000000" width="455.000000" height="36.000000" class="class_header fill-N1" clip-path="url(#d2-3019508570-rbac)" /><text x="325.000000" y="37.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">x509 Role based Access Control</text><text x="325.000000" y="71.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 10=x509 certs</text><text x="566.000000" y="71.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + DER Certs ]</text><text x="760.000000" y="71.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="315.000000" x2="770.000000" y1="84.000000" y2="84.000000" class=" stroke-N1" style="stroke-width:2" /><text x="325.000000" y="107.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 20=c509 certs</text><text x="566.000000" y="107.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + CBOR Certs ]</text><text x="760.000000" y="107.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="315.000000" x2="770.000000" y1="120.000000" y2="120.000000" class=" stroke-N1" style="stroke-width:2" /><text x="325.000000" y="143.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 30=public keys</text><text x="566.000000" y="143.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + Public Keys ]</text><text x="760.000000" y="143.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="315.000000" x2="770.000000" y1="156.000000" y2="156.000000" class=" stroke-N1" style="stroke-width:2" /><text x="325.000000" y="179.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 40=revocation set</text><text x="566.000000" y="179.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + Revoked Cert hash]</text><text x="760.000000" y="179.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="315.000000" x2="770.000000" y1="192.000000" y2="192.000000" class=" stroke-N1" style="stroke-width:2" /><text x="325.000000" y="215.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 50=DiD</text><text x="566.000000" y="215.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">DiD???</text><text x="760.000000" y="215.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="315.000000" x2="770.000000" y1="228.000000" y2="228.000000" class=" stroke-N1" style="stroke-width:2" /><text x="325.000000" y="251.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 51=Verifiable Credentials</text><text x="566.000000" y="251.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + VC??? ]</text><text x="760.000000" y="251.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="315.000000" x2="770.000000" y1="264.000000" y2="264.000000" class=" stroke-N1" style="stroke-width:2" /><text x="325.000000" y="287.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 100=Role Data Set</text><text x="566.000000" y="287.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + Role Data ]</text><text x="760.000000" y="287.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="330.000000" x2="755.000000" y1="300.000000" y2="300.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><clipPath id="d2-3019508570-role_data"><path d="M 539.000000 385.000000 L 539.000000 385.000000 S 539.000000 370.000000 554.000000 370.000000 L 1066.000000 370.000000 L 1066.000000 370.000000 S 1081.000000 370.000000 1081.000000 385.000000 L 1081.000000 571.000000 L 1081.000000 586.000000 L 539.000000 586.000000Z 539.000000 370.000000" fill="none" /> </clipPath><g id="role_data" class="RBAC_TABLE"><g class="shape" ><rect x="539.000000" y="370.000000" width="542.000000" height="216.000000" rx="15.000000" ry="15.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="539.000000" y="370.000000" width="542.000000" height="36.000000" class="class_header fill-N1" clip-path="url(#d2-3019508570-role_data)" /><text x="549.000000" y="395.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">Role Data</text><text x="549.000000" y="429.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">0=role number</text><text x="787.000000" y="429.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">uint</text><text x="1071.000000" y="429.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="539.000000" x2="1081.000000" y1="442.000000" y2="442.000000" class=" stroke-N1" style="stroke-width:2" /><text x="549.000000" y="465.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 1=role-signing-key</text><text x="787.000000" y="465.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Key Reference</text><text x="1071.000000" y="465.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="539.000000" x2="1081.000000" y1="478.000000" y2="478.000000" class=" stroke-N1" style="stroke-width:2" /><text x="549.000000" y="501.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 2=role-encryption-key</text><text x="787.000000" y="501.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Key Reference</text><text x="1071.000000" y="501.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="539.000000" x2="1081.000000" y1="514.000000" y2="514.000000" class=" stroke-N1" style="stroke-width:2" /><text x="549.000000" y="537.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 3=payment-key</text><text x="787.000000" y="537.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">OnChain Payment Key Reference</text><text x="1071.000000" y="537.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="539.000000" x2="1081.000000" y1="550.000000" y2="550.000000" class=" stroke-N1" style="stroke-width:2" /><text x="549.000000" y="573.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 10-99=Role Specific Data</text><text x="787.000000" y="573.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Variable per Role</text><text x="1071.000000" y="573.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="554.000000" x2="1066.000000" y1="586.000000" y2="586.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><g id="(rbac -&gt; role_data)[0]"><marker id="mk-3488378134" markerWidth="10.000000" markerHeight="12.000000" refX="7.000000" refY="6.000000" viewBox="0.000000 0.000000 10.000000 12.000000" orient="auto" markerUnits="userSpaceOnUse"> <polygon points="0.000000,0.000000 10.000000,6.000000 0.000000,12.000000" class="connection fill-B1" stroke-width="2" /> </marker><path d="M 772.000000 282.000000 L 800.000000 282.000000 S 810.000000 282.000000 810.000000 292.000000 L 810.000000 366.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-3019508570)" /></g><mask id="d2-3019508570" maskUnits="userSpaceOnUse" x="-89" y="-89" width="1271" height="776">
+<rect x="-89" y="-89" width="1271" height="776" fill="white"></rect>
+<rect x="12.000000" y="130.000000" width="283" height="51" fill="rgba(0,0,0,0.75)"></rect>
+</mask></svg></svg>

From 4f5e8dbc370db14b6726b8396448c15a835b8c0c Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Mon, 25 Mar 2024 21:06:36 +0700
Subject: [PATCH 34/66] docs(cips): Add full transaction/metadata relationship
 diagram

---
 .config/dictionaries/project.dic              |  10 +-
 .../role-registration/cardano-transaction.svg |   2 +-
 .../role-registration/certificate-chain.svg   |   2 +-
 .../role-registration/metadata-envelope.svg   |   2 +-
 .../role-registration/x509-roles-complete.d2  | 198 ++++
 .../role-registration/x509-roles-complete.svg | 926 ++++++++++++++++++
 .../role-registration/x509-roles.svg          |   2 +-
 7 files changed, 1134 insertions(+), 8 deletions(-)
 create mode 100644 docs/src/catalyst-standards/draft-cips/role-registration/x509-roles-complete.d2
 create mode 100644 docs/src/catalyst-standards/draft-cips/role-registration/x509-roles-complete.svg

diff --git a/.config/dictionaries/project.dic b/.config/dictionaries/project.dic
index 7cca967e2a1..05b0d8456a6 100644
--- a/.config/dictionaries/project.dic
+++ b/.config/dictionaries/project.dic
@@ -28,6 +28,7 @@ coti
 cryptoxide
 Cunego
 Cupertino
+dalek
 dbsync
 delegators
 DIND
@@ -65,12 +66,14 @@ Joaquín
 jorm
 jormungandr
 Jörmungandr
+Keyhash
 lcov
 Leshiy
 lintfix
 localizable
 loguru
 mdlint
+metadatum
 mgrybyk
 mithril
 mitigations
@@ -114,6 +117,7 @@ rxdart
 saibatizoku
 schemathesis
 Schemathesis
+Scripthash
 seckey
 sendfile
 slotno
@@ -134,6 +138,8 @@ TXNZD
 unmanaged
 UTXO
 vitss
+vkey
+vkeywitness
 voteplan
 voteplans
 wallclock
@@ -145,7 +151,3 @@ xctest
 xctestrun
 xcworkspace
 yoroi
-dalek
-Keyhash
-Scripthash
-vkey
\ No newline at end of file
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.svg b/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.svg
index 3dcd2a8c4fb..fc7b8eafa75 100644
--- a/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.svg
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.svg
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" d2Version="0.6.3" preserveAspectRatio="xMinYMin meet" viewBox="0 0 1925 1619"><svg id="d2-svg" class="d2-713170117" width="1925" height="1619" viewBox="-101 -101 1925 1619"><rect x="-101.000000" y="-101.000000" width="1925.000000" height="1619.000000" rx="0.000000" class=" fill-N7" stroke-width="0" /><style type="text/css"><![CDATA[
+<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" d2Version="v0.6.3-HEAD" preserveAspectRatio="xMinYMin meet" viewBox="0 0 1925 1619"><svg id="d2-svg" class="d2-713170117" width="1925" height="1619" viewBox="-101 -101 1925 1619"><rect x="-101.000000" y="-101.000000" width="1925.000000" height="1619.000000" rx="0.000000" class=" fill-N7" stroke-width="0" /><style type="text/css"><![CDATA[
 .d2-713170117 .text {
 	font-family: "d2-713170117-font-regular";
 }
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/certificate-chain.svg b/docs/src/catalyst-standards/draft-cips/role-registration/certificate-chain.svg
index eb326806351..fc5e0caef52 100644
--- a/docs/src/catalyst-standards/draft-cips/role-registration/certificate-chain.svg
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/certificate-chain.svg
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" d2Version="0.6.3" preserveAspectRatio="xMinYMin meet" viewBox="0 0 1302 2542"><svg id="d2-svg" class="d2-1480995423" width="1302" height="2542" viewBox="-89 -160 1302 2542"><rect x="-89.000000" y="-160.000000" width="1302.000000" height="2542.000000" rx="0.000000" class=" fill-N7" stroke-width="0" /><style type="text/css"><![CDATA[
+<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" d2Version="v0.6.3-HEAD" preserveAspectRatio="xMinYMin meet" viewBox="0 0 1302 2542"><svg id="d2-svg" class="d2-1480995423" width="1302" height="2542" viewBox="-89 -160 1302 2542"><rect x="-89.000000" y="-160.000000" width="1302.000000" height="2542.000000" rx="0.000000" class=" fill-N7" stroke-width="0" /><style type="text/css"><![CDATA[
 .d2-1480995423 .text {
 	font-family: "d2-1480995423-font-regular";
 }
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/metadata-envelope.svg b/docs/src/catalyst-standards/draft-cips/role-registration/metadata-envelope.svg
index 147b3b6e88f..333e7b53c60 100644
--- a/docs/src/catalyst-standards/draft-cips/role-registration/metadata-envelope.svg
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/metadata-envelope.svg
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" d2Version="0.6.3" preserveAspectRatio="xMinYMin meet" viewBox="0 0 926 2388"><svg id="d2-svg" class="d2-3387518810" width="926" height="2388" viewBox="-101 -101 926 2388"><rect x="-101.000000" y="-101.000000" width="926.000000" height="2388.000000" rx="0.000000" class=" fill-N7" stroke-width="0" /><style type="text/css"><![CDATA[
+<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" d2Version="v0.6.3-HEAD" preserveAspectRatio="xMinYMin meet" viewBox="0 0 926 2388"><svg id="d2-svg" class="d2-3387518810" width="926" height="2388" viewBox="-101 -101 926 2388"><rect x="-101.000000" y="-101.000000" width="926.000000" height="2388.000000" rx="0.000000" class=" fill-N7" stroke-width="0" /><style type="text/css"><![CDATA[
 .d2-3387518810 .text {
 	font-family: "d2-3387518810-font-regular";
 }
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles-complete.d2 b/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles-complete.d2
new file mode 100644
index 00000000000..678a6a131f5
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles-complete.d2
@@ -0,0 +1,198 @@
+vars: {
+  d2-config: {
+    layout-engine: elk
+
+    # Terminal theme code
+    theme-id: 300
+  }
+}
+
+classes: {
+  NONE: {style.opacity: 0}
+  RBAC_TABLE: {
+    shape: sql_table
+    style: {
+      border-radius: 15
+    }
+  }
+  PRIVATE_KEY: {
+    shape: sql_table
+    style: {
+      border-radius: 15
+      stroke: wheat
+      fill: cornsilk
+      font-color: red
+    }
+  }
+  SIGN: {
+    style: {
+      stroke-dash: 3
+      stroke: blueviolet
+      animated: true
+    }
+  }
+}
+
+title: |md
+  # x509 Transaction - Complete
+| {
+  shape: text
+  near: top-center
+  style: {
+    font-size: 30
+  }
+  width: 800
+}
+
+individual_transaction: "Cardano Transaction" {
+  shape: sql_table
+  link: "https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L13-L18"
+  body: "transaction body"
+  auxiliary_data: "Option<auxiliary_data>"
+  witnesses: "transaction witness set"
+}
+
+transaction_body: "transaction body" {
+  shape: sql_table
+  link: "https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L53-L71"
+  "0 = transaction inputs": "[ * [transaction hash, index] ]"
+  "1 = transaction outputs": "[ * transaction_output ]"
+  "2 = transaction fee": "coin (lovelace uint64)"
+  "? 3 = Time to live \[TTL\]": "uint64"
+  "? 4 = certificates": "[* certificate]"
+  "? 5 = reward withdrawals": "{ * reward_account => coin (lovelace uint64) }"
+  "? 6 = protocol parameter update": "[ proposed_protocol_parameter_updates, epoch ]"
+  "? 7 = auxiliary_data_hash": "32 byte hash"
+  "? 8 = validity interval start": "uint64"
+  "? 9 = mint": "{ * policy_id => { * asset_name => a } }"
+  "? 11 = script_data_hash": "32 byte hash"
+  "? 13 = collateral inputs": "[ * [transaction hash, index] ]"
+  "? 14 = required_signers": "[ * address key hash (blake2b-224) of signing public key ]"
+  "? 15 = network_id": "0 or 1"
+  "? 16 = collateral return": transaction_output (collateral return)
+  "? 17 = total collateral": "coin (lovelace uint64)"
+  "? 18 = reference inputs": set<transaction_input>
+}
+
+individual_transaction.body -> transaction_body: "body"
+individual_transaction.auxiliary_data -> auxiliary.data: "auxiliary_data\n(optional)"
+
+auxiliary: "" {
+  data: "auxiliary data" {
+    shape: sql_table
+    link: "https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L359C1-L368"
+    metadata: "{ * uint => transaction_metadatum } : Optional"
+    native_script: "[ * native_script ] : Optional"
+    plutus_v1: "[ * plutus_v1_script ] : Optional"
+    plutus_v2: "[ * plutus_v2_script ] : Optional"
+  }
+
+  509_envelope: "x509 envelope metadata (Key 509)" {
+    shape: sql_table
+    0: "purpose : 128bit UUID V4 of the Metadata Purpose"
+    1: "txn-inputs-hash : Hash of the transaction inputs"
+    "10/11/12": "X509 chunks: [ + x509_chunk ] - x509 Update Data."
+    99: "validation signature : Signature calculated in step 6"
+  }
+
+  data.metadata -> 509_envelope: 509
+
+  rbac: "x509 Role based Access Control" {
+    class: RBAC_TABLE
+    "? 10=x509 certs": "[ + DER Certs ]"
+    "? 20=c509 certs": "[ + CBOR Certs ]"
+    "? 30=public keys": "[ + Public Keys ]"
+    ? 40=revocation set: "[ + Revoked Cert hash]"
+    ? 50=DiD: "DiD???"
+    ? 51=Verifiable Credentials: "[ + VC??? ]"
+    "? 100=Role Data Set": "[ + Role Data ]"
+  }
+
+  509_envelope."10/11/12" -> rbac
+
+  role_data: "Role Data" {
+    class: RBAC_TABLE
+    "0=role number": "uint"
+    "? 1=role-signing-key": "Key Reference"
+    "? 2=role-encryption-key": "Key Reference"
+    "? 3=payment-key": "OnChain Payment Key Reference"
+    "? 10-99=Role Specific Data": "Variable per Role"
+  }
+
+  rbac."? 100=Role Data Set" -> role_data
+
+  role_0: "Role 0 - Metadata Validation Role" {
+    class: RBAC_TABLE
+    "0=role number": "0"
+    "1=role-signing-key": "Key Reference"
+  }
+
+  role_data -> role_0: Required
+
+  # role_data."? 1=role-signing-key" -> rbac."? 10=x509 certs"
+  # role_data."? 1=role-signing-key" -> rbac."? 20=c509 certs"
+  # role_data."? 1=role-signing-key" -> rbac."? 30=public keys"
+
+  # role_data."? 2=role-encryption-key" -> rbac."? 10=x509 certs"
+  # role_data."? 2=role-encryption-key" -> rbac."? 20=c509 certs"
+  # role_data."? 2=role-encryption-key" -> rbac."? 30=public keys"
+}
+
+transaction_body."? 7 = auxiliary_data_hash" -> auxiliary.data: blake2b_256()
+auxiliary.509_envelope.1 <- transaction_body."0 = transaction inputs": blake2b_256()
+auxiliary.role_data."? 3=payment-key" -> transaction_body."0 = transaction inputs"
+auxiliary.role_data."? 3=payment-key" -> transaction_body."1 = transaction outputs"
+
+root-ca: "ROOT CERTIFICATE AUTHORITY (CA)" {
+  # shape: text
+
+  # pad.class: NONE
+
+  key: "Root CA's Key Pair" {
+    class: PRIVATE_KEY
+    private: Secret
+    public: Shared
+  }
+
+  certificate: "Root Certificate (ROOT CA)" {
+    shape: sql_table
+    "Subject`s Name": "ROOT CA Name"
+    "Subject`s PublicKey": Public Key
+    "Issuer`s Name": "ROOT CA Name"
+    "Issuer`s Signature": Signature
+    "Subject Alt Name": "URI:S:ada:stake1vpu...p0u"
+  }
+
+  key.public -> certificate."Subject`s PublicKey": Published
+  key.private -> certificate."Issuer`s Signature": Self Sign {class: SIGN}
+}
+
+auxiliary.rbac."? 10=x509 certs" -> root-ca.certificate: contains
+auxiliary.rbac."? 20=c509 certs" -> root-ca.certificate: contains
+auxiliary.role_0."1=role-signing-key" -> root-ca.certificate
+auxiliary.509_envelope.99 <- root-ca.key.private: Sign {class: SIGN}
+transaction_body."? 14 = required_signers" <- root-ca.certificate."Subject Alt Name": "transaction must\nbe witnessed by"
+
+# ----
+transaction_witness: "" {
+  set: "transaction witness set" {
+    shape: sql_table
+    link: "https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L295C1-L303"
+    "? 0": "[* vkeywitness ]"
+    "? 1": "[* native_script]"
+    "? 2": "[* bootstrap_witness]"
+    "? 3": "[* plutus_v1_script]"
+    "? 4": "[* plutus_data]"
+    "? 5": "[* redeemer]"
+    "? 6": "[* plutus_v2_script]"
+  }
+
+  vkeywitness: {
+    shape: sql_table
+    link: "https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L370"
+    "vkey": "ED25519-Bip32 Public Key [32 Bytes]"
+    "signature": "ED25519-Bip32 Signature of Transaction [64 bytes]"
+  }
+  set."? 0" -> vkeywitness
+}
+individual_transaction.witnesses -> transaction_witness.set: "witnesses"
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles-complete.svg b/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles-complete.svg
new file mode 100644
index 00000000000..df21c7d1ce1
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles-complete.svg
@@ -0,0 +1,926 @@
+<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" d2Version="v0.6.3-HEAD" preserveAspectRatio="xMinYMin meet" viewBox="0 0 2696 3908"><svg id="d2-svg" class="d2-1992443321" width="2696" height="3908" viewBox="-89 -204 2696 3908"><rect x="-89.000000" y="-204.000000" width="2696.000000" height="3908.000000" rx="0.000000" class=" fill-N7" stroke-width="0" /><style type="text/css"><![CDATA[
+.d2-1992443321 .text {
+	font-family: "d2-1992443321-font-regular";
+}
+@font-face {
+	font-family: d2-1992443321-font-regular;
+	src: url("data:application/font-woff;base64,d09GRgABAAAAABiIAAoAAAAAJLAAAguFAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgXd/Vo2NtYXAAAAFUAAABBQAAAaIM+w6JZ2x5ZgAAAlwAABCxAAAXVGBZ4LFoZWFkAAATEAAAADYAAAA2G4Ue32hoZWEAABNIAAAAJAAAACQKhAYWaG10eAAAE2wAAAELAAABUJWXD49sb2NhAAAUeAAAAKoAAACqB7UBhG1heHAAABUkAAAAIAAAACAAbAD2bmFtZQAAFUQAAAMjAAAIFAbDVU1wb3N0AAAYaAAAAB0AAAAg/9EAMgADAgkBkAAFAAACigJYAAAASwKKAlgAAAFeADIBIwAAAgsFAwMEAwICBGAAAvcAAAADAAAAAAAAAABBREJPAEAAIP//Au7/BgAAA9gBESAAAZ8AAAAAAeYClAAAACAAA3icnNBJbtIBFMfxzx9wRkEcGJxQFGfFWZBBHBBEjXFhNMaoxzDGa3gUd9p22d6CVbvqEfqa0qYp2779J3m/LxJpCbIyyR+0VGVUVNVcdtU1191w0y23NbW0dXT1DIy899FnX3z1zXc//fI7gi17ZcY2dti+obEPPm3bH5s2JuqKys46J6cgq4SUvCNysRYLMR9z8T/+xUosxyRW428sxeJ0wW4vMdLV98zQa0/0tLzScMdd99z3wEOPPNbU9sbYWx0paRl77LXPfgccdEjW4Y0v5R1VcMxxJ5z03AtPvVNUUlZxymlnpvuqzrug5qJL6tNes7VfGrAOAAD//wEAAP//6bA6bQAAAHicbFh7dBvVmb/3StZYsfyQpfHoaUkztkbv12g0elmKbUlWHD8lO37Edl5O7CQkTcyrgZDQJiQsS1ltGw5ZGmi6zR5CD1kInJM0h9OlSyDrLoGUx1IoJIft7nE5Bdqt190tFI96ZiS/oH/ojI5853v8vt/3+75rUAFGAEAsOgUkQA5qQT3AAWCUFmWzhaYpjGM4jiIkHA2V2Aj8kC9AuCEoDYWk/rZP2g4dPQqHj6BTi7dFj09NvTpx9938d+Y+5gPwjY8BAhIAkBEVgBwoAVBhDG210pRMJlExKoqmsNdMr5rqzXXSWvOvbk3cGkn8Pgm/MTnJ7YtE9vGjqLB4YHYWAAAkYBQA1IQKQAl0gBJiYwINDbhahuHiQ0ZJmECIDVopSrn0ZfRq+86I3xvbmDzQeWTbQGd3986ZwYnxTTOoYM5E/b210qqe1PpNDngoGoj4FheSbS0RAAAEweIC0qMzwAhABWm1ssFQiAk0EJjVSpEyGa5uaGACIY6QyWAu962NXcfz8TGDW9fmSIwzgc0Jb6fJQ29X9J/eu+d0zm8OGcjWu3K5Q202MugOAACQmEsQFUClgImYCa6WUfRy3OdOP/nEo4Mbb7/99ts3osLTZ57459TfHj78gBjbKADwFiqAKrE+uAVncAq34KPwHv79zz+HflTIvNHxu47ls++I2K+cVYonv/gCFTK3Mvyvls6hwJJNoeqMklJalKN56B8Y4G+gAv8ZVC0egCz/2tJ5cAEVhNoK50fzQqHKdpKoABSl3xnIYCpKguGjeQlUTrz+2fgrB1GBvww3fMHvgYMP/GIpxuuoACrKvvHRPDShwuJlIYWyzftQQagFo2RUDQ0EEwpxKiHCYIijMAkloamGBlw5OnlEQSikClxxeGdPpUQaPMwdDkolGCrw/0imSTJNwonFA3C3a6/zUf4ZOPCoc6+Lf2zZhxsVgKrkg2CsVlbAYMnyps86pBKsd9PvOqRSwd7kg4G9QZhfPACfOOmfDvJPAyRyZic6A2q/whqRnHQgJJaWFMkDu3JHOzqO5vJHstkj+diQb8/w8B7fsGLg8d27H+vvf2z37scHNrQfyt3zyCP35A61g2XOVIk1Uq9iP0UpV+j+Yuf+xInbbtu+KT+0aQIVmgazU5P8lzDbmunglm2YUQHUAGJ1B6koyWozr7dPx/pST008eff+7lyuez8qUP2prnEl/2uI85/AkeT61mCpNo7iAvw9OgPcYsY0J/YFG7RaadqD1naNkDdBNCIBDViXvssZoLYwrVmj3zRharGzE7HYJOVu3ODh2i0B3bi1pSk0qWBd0WZ3zEfaDDX2akebL9DrdjeFjJagy2TXVdnq3K3+4GAAQGAAAH6JCgATsqJYC04pf30NfnQNdWYyi5dKsQ4VF5AHFQRdE6ujZJSlPg6JX2Uy2N6+N5G3p52ujL0vsUcROrwbfou/r3ez1bq5Fx7jj+4+HAJQLIYEFUA1AIxkFR8lb701srter5LWG5S7B3+BCvyT0Z3R6M4o3C72Ri0AcB4VgBYARiVhiPKLHCNRUWVNxLDal54fG6kmaqU1uGJo+IWXxrZW6+ukNTrFFpiHLecbXEajq+E8/xJ/8aKGaWxkNBeF3IpFAOBNVBB8MOwa2/grr44M1pnqpEqydmDoVR5+90pTprk503SF38+LnAgWF+BFOA90oAkAghRoywXFkmG0WEBcSQnB0YEQx4ri93JL/999X+m0OTqNZnJHdKQvhUnI/gYqQR3aFlBsaO0bVJrClFkdabDv28y/GzU42kjTydq4194MEMgVF+Cf0SxQAXOJNRRGKRkcK/kq9UqpVQRlh3Zyg1mCteWQpde2ZXtsSybeG0ub1lPmpMJiDKDZl4eN9ImD+bsS6anRvh2kuWggSvX2FBfgs3Be4MZf1/AlCa9fPx1v3ZvwpbUO3Gt0pel8OxltaLL0KeIzfbmZOEmEVBrvYDg/ZVRzRouAmbe4AN9fyqGEmWicZpklsDh22dGfNu+PbeMcCbM0n8Ikhi7t+rgp0kgnrRnFA4d6b0806vIvLoYjBnu6nTcQ3nx4aAdAYvz/DueBBpjWZCA0rGV5AEksIlSQaN2TSE5y4zsh4n9SMZShYnqjqfc1KE1GmH5Fy0xv30zi8HS1Vt49hitD6kZo7ezuFXFqBAAm0TuleU+xHBss40SRuDgvtra1pTcQjrp6vSE1NQV/lKjo7hySY0nFRHc7Py7OZnfRDD+F88APWkD3MotY66qHaJTBqfKwJulSDco1lwRW5FFV1iHSWjrzfyMHrJZ6LanS0IEBv7qp+ulJJeHrC9BkdX2zf2JwML6/y9ESdzrjLaHMAOMdqLHU6TQbP0olTZEGaZXNYPJUS9UpJ9vjwCqSdawp2GVXVunVRCPX4u7ywotJlo3HWTbJP9hiJXVSqcqB0x4RmxwA8Jdotqy4SxwVJo/IT2UuJ6G6A90dOZevOdaMZl+etHi3jfPXoT2VsDbzZ0GxCNIAgBfQJWQFAt4y0HcYAFAsFt8r0uB58ff+0u/3gmWfc2h2eYaqhBlKY3iuX3Jj84+ujD6yGc3yjRBc5W/+ds/95XeKC+A9NCv0v4C9KG1lgjztsedq5FIMq6psUERYtGvxlEoJYUIqLflCf4DzwCL6EjRDqNKaLLHlZy6FScxdznCy1trj2rgh5/KEUjmXN5SCcxnK63fZg0upb+TPlh9LGML5MoZlH6sxTGESqmcZRNHYGgzLvfA/cB7UAv1fna3L3IG1salkcioW35VM7oonu7uTiZ6ech/HZ3J9M/HUVH5genogPwVELWLgn+F8uY9XohMZaqUJXLVai4RILb3Oie2xLWGynUR3i1KUbLIkXkcvhA22kwdzdyUadYPnoGyNFgl6wcD3l/xUsJxofrkpOEYpWa0X8ITUuNFREo31FlTZdmNZMF6/MGywiaJhNHoWu6FsRTGWuDMB58tbZSmbsuKVgNZm7UaiTqGuNbVr4dywJ7QuK5UGEvxsiUeG4gI8BueBQ+TR6nkujvOvTPPSMH8zOEHZzSmnz2dh9GSbY6TX3WOwaUNmj7PRp6dSbnuvgjZwWovbpCWJddUW1h7rNRNBlcZhIIx4VbWF89BtNtG/prgA02i/sJ2IPKZYjmNEEVrm8yc9LdmudeljxyyO6kZFndqrGM3C6kTFgw+28/Nuv1yawKpEWxuLC/ANOCfwbk1PKMsS/VF3Nu/0WWOkgAvZpdg2DoP8L1MJ2glHeF2XzQeg0IPw3+Dc12f9i88OjlURVdIqYt1Y/zNwjv+0KUtR2Sao5nVCHgCgS3BO7KvV762yQEnKM1/yg5MD2coaTFpZJ9/Y1yVXVkora7GOnm9PZuS1cmll3boUnON/Q7aTZDsJtau+6WAFlWpuTlP8lwCCGgDgc3BO3C84etUOgBEr+0XND7430lqlqZZWNVTFNn3vyZGOal2NtFqjaOM/3qtyqNUO1d4//PFggwvHncRBEUdF0StioF/NCY5bA0cNGq0zKuoq1XJ7qLbq6uCOKm2VtEq9bqjvstKbflMmbUUVMXcT/A3/v6YsacmaYfXivK/LLfSGq7gAX0UPgaqlqgfLLbi6rz/fum/f1i379m0Jp1LhcDqtuHD2h+fP//DshbajDz98770PP3xUjLUXAHgZHRG1UxjFbCjECcLd+907XK265PEUfJetJOoWr6VKfG8CAL6CHhJyY9gEKrc6vSwCguAzuG3riUy8xZYyeG2bEyO72u/s0oW1V/xb//5Ohsu4zV4XOzUYv/dkL5J2AAh0xQX4L+ihr/cQxS5fAlZcLN1eP+3aZXYYe8LRTnqkK9VLxhhbu9HVPBrO37Y+GO0Lb1FwVKjRs561RsxJc8jiDTUZg5R7sDvaqZZW59vCORdAQt/D/0BHgFxgPccI01cou4q1sFDAgcKnZ6VQqtDVMPx/QuXY0ND8FV1WS7gIPvhcCJ7m72h7TsBFW1yA/4qOlLeblRzE0FUWnMJW5Pe3XZMWm7ErHOvvTFi8RhcOk/+vJDxGbiTUsl0RsoQM7t72tk61ygCZjp8qapzD6fS2QEkXfcUF+HOx9jYAICnDlhxJvr6xrSyIsMKUbazsaPGujwUTk9H0N5LBjXqPKtzo7vSixj46vyM4CLM21/j27mRiA/9M6m923X+mgzYyhJ65e2ezc8f2lrGgWH+X0N/oiNjfCcRZWAteI8EuyujuJP8y/H4ka1NLv/nS00MdTPaBk4+Xdh17cQHOooeACbhARMRHjHTVmiMyBy+po2T1vU9SFlNR5b+IT3AU10iFfDkmv81gUxsDZmZcaaairCtmT1WE075ej5XpVbj7Ao5Wf51Umw34O+1bOy0xb620ztXi9Pa44bRxPeVtC3utAYq/lvTbg9Z6bcbFpkv42ooL8GdL+KpK+ieiqVquamjNMBJjvzMWM3eYKrMtntZhplvnUXONwp7U2GfL7QgOMsnJSHo//Glig809vq178U+0IUgYgt/cZXWJwKYenLr/TPnu3lpcAD8BM6BqbWffp6UorYaiFJTeSFFGPSWc9RY3gWtgBtQDQNChEC0jqVWvtKudPohkSEM1ac3NmR/7VEkbNBr0pqB7/TZhnyr5gh8gGkQBgLuBTHgCBKzFBXgI/RhoQTMAnDUh+UoL1kgIbJWjs5jG6Tb7fZYY4TUPcl2bzV6XvoLUkqRWS1HXvNl4KGS2RUx6Z5N3UyedDEfbHG+tzqMPPgvOo+dBBQAqmmYwbEedZFhSB599amzsKQCBHXwAa6EOSADgWAa3z32QTJZ09tvw4+IV4XeCteAK+OERjhN3uz4oRx8KHCVKCzUh8od4N5HJJJhoJBJ9bufN48dvTWq23JyZubkFQGAt9oGb5XdokYFCtXG1bEQ8zyQymefKpzWTt44fvwkgmChOQyV6RbhDE4JUKBl84oU77zwtGfMuIm+pnqbiNHizfEbUV0ZpuuOO5097Ee/98lzpDFm241yqueCdFYMQQGbwUjOsaJ94DcD/OxaVUwxDyaMxt95mkBnMZoPMYNOfDndzwwGjDwahz8AMc91hr8PvGWD8jFwqD/qYAY/f4S3HBqvLftmSiqzcPsQLBVuqsIAdLivHQJl0dn2F3mzWV+jtOlc8Im8KBJrkkfjpkhtfUC6VM/6SGyEUxiCGYgwIoQh+1xW3wn50TawbZOA6WBXn/3hWsuvLx0t4ROE5OI1mhfmsojmaIziG4AiMwOiHbJFttbvkfvlU7bYw3QHPGSdsHu1tezUe24Rxk8BdgVBvi/PJJEx1ii19GEz84JT4oTgKUzEcNartG6ofHCNY4gENq+kXvmtZzXGt+Xj98euRU9HLly9fjp6KXL9+HVacKtcKTMMbyCX0J8dSLMOKyxb+3qVLrZcuTV9NXL2auCr0Fgl+Bm/Ad5AV5MBeIAM58Gj5/WPwBsKBHIDmZrYZxzCcIOANPg8vvH3ixNvHzred7+gJSAM9a89yLMexNM1W4KRwDF44VjrVcb5NvBuB+1EL7JBUAwzkYS1YvheBc3Bu6X+OuRycE3at4s9RJ+DQJSEH5ao+1phMGo3JhDqNWk1jo0ZrBACKd65/gnPle9LSXBP//WNuaK5WyjXVTZpc/P3KioSkgnEh4+J/dQ4LsUMnvAF3C75VrAUn4QXoTCTEuIoHUQsIS6rFv9EcUfNE9Duo5R+4p8BfAAAA//8BAAD//2/i98AAAAAAAQAAAAILhXqDGllfDzz1AAMD6AAAAADYXaChAAAAAN1mLzb+Ov7bCG8DyAAAAAMAAgAAAAAAAAABAAAD2P7vAAAImP46/joIbwABAAAAAAAAAAAAAAAAAAAAVHicTI8vS7NhGMV/51p44WU4LDJlzLGN4fyz2zAUFYOISUG5i3gJq2a/gUUs2s2a/BLmWSwGDWajeoPMLT2yB4Ph8DtwzgnHrjiiD1ajYHu4bdC1E9xKuN5xu8T1D7dtXG+4PeN2gds1XVvBbQ23KeatTMXOObQCmCjpNcs0pGttovp0bIGgTzpqUtWQJasRGbDDd/aiDyIZsbBJtAbRqnk/5ptjom6pKFK2Grt6omiPlHXPxNgrsajEvhJNJWaUmFRiWonl36ytxBwjthgRxtQdLUYcaJW2vigqEBVoKdBTYFaBes4e/3XDuhINJep/ZVXOGBAhe8g/JOqQnf4AAAD//wEAAP//rU9JgwAAAAAsACwAUACGALYA1ADqAP4BFgEiATwBTAF+AaAB0AHyAhoCXgJwApQCsALeAvwDNANoA5YDyAP8BB4EigSsBLgExATeBPoFLAVOBXoFrgXiBgIGQgZoBooGpgbgBwwHPAdiB3oHpAfiCAYIOgh6CJQI6gkqCUAJYAlsCaQJtAnACcwJ5goAChIKJApgCpwKrArKCvoLDgsaCzALRgtQC1wLcguOC5wLqgAAAAEAAABUAIwADABmAAcAAQAAAAAAAAAAAAAAAAAEAAN4nJyU3U4bVxSFPwfbbVQ1FxWKyA06l22VjN0IogSuTAmKVYRTj9Mfqao0eMY/Yjwz8gxQqj5Ar/sWfYtc9Tn6EFWvq7O8DTaqFIEQsM6cvfdZZ6+1D7DJv2xQqz8E/mr+YLjGdnPP8AMeNZ8a3uC48bfh+kpMg7jxm+EmXzb6hj/iff0Pwx+zU//Z8EO26keGP+F5fdPwpxuOfww/Yof3C1yDl/xuuMYWheEHbPKT4Q0eYzVrdR7TNtzgM7YNN9kGBkypSJmSMcYxYsqYc+YklIQkzJkyIiHG0aVDSqWvGZGQY/y/XyNCKuZEqjihwpESkhJRMrGKvyor561OHGk1t70OFRMiTpVxRkSGI2dMTkbCmepUVBTs0aJFyVB8CypKAkqmpATkzBnToscRxwyYMKXEcaRKnllIzoiKSyKd7yzCd2ZIQkZprM7JiMXTiV+i7C7HOHoUil2tfLxW4SmO75TtueWK/YpAv26F2fq5SzYRF+pnqq6k2rmUghPt+nM7fCtcsYe7V3/WmXy4R7H+V6p8yrn0j6VUJiYZzm3RIZSDQvcEx4HWXUJ15Hu6DHhDj3cMtO7Qp0+HEwZ0ea3cHn0cX9PjhENldIUXe0dyzAk/4viGrmJ87cT6s1As4RcKc3cpjnPdY0ahnnvmge6a6IZ3V9jPUL7mjlI5Q82Rj3TSL9OcRYzNFYUYztTLpTdK619sjpjpLl7bm30/DRc2e8spviLXDHu3Ljh55RaMPqRqcMszl/oJiIjJOVXEkJwZLSquxPstEeekOA7VvTeakorOdY4/50ouSZiJQZdMdeYU+huZb0LjPlzzvbO3JFa+Z3p2fav7nOLUqxuN3ql7y73QupysKNAyVfMVNw3FNTPvJ5qpVf6hcku9bjnP6JNI9VQ3uP0OPCegzQ677DPROUPtXNgb0dY70eYV++rBGYmiRnJ1YhV2CXjBLru84sVazQ6HHNBj/w4cF1k9Dnh9a2ddp2UVZ3X+FJu2+DqeXa9e3luvz+/gyy80UTcvY1/a+G5fWLUb/58QMfNc3NbqndwTgv8AAAD//wEAAP//B1tMMAB4nGJgZgCD/+cYjBiwAAAAAAD//wEAAP//LwECAwAAAA==");
+}
+@font-face {
+	font-family: d2-1992443321-font-semibold;
+	src: url("data:application/font-woff;base64,d09GRgABAAAAABhsAAoAAAAAJNQAAguFAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgXqrWeWNtYXAAAAFUAAABBQAAAaIM+w6JZ2x5ZgAAAlwAABBrAAAXHLkuqKFoZWFkAAASyAAAADYAAAA2FnoA72hoZWEAABMAAAAAJAAAACQKgQYUaG10eAAAEyQAAAEJAAABUJrDDilsb2NhAAAUMAAAAKoAAACqBLr+nG1heHAAABTcAAAAIAAAACAAbAD2bmFtZQAAFPwAAANOAAAIcCYSZQ5wb3N0AAAYTAAAAB0AAAAg/9EAMgADAhoCWAAFAAACigJYAAAASwKKAlgAAAFeADIBJgAAAgsGAwMEAwICBGAAAvcAAAADAAAAAAAAAABBREJPAAAAIP//Au7/BgAAA9gBESAAAZ8AAAAAAesClAAAACAAA3icnNBJbtIBFMfxzx9wRkEcGJxQFGfFWZBBHBBEjXFhNMaoxzDGa3gUd9p22d6CVbvqEfqa0qYp2779J3m/LxJpCbIyyR+0VGVUVNVcdtU1191w0y23NbW0dXT1DIy899FnX3z1zXc//fI7gi17ZcY2dti+obEPPm3bH5s2JuqKys46J6cgq4SUvCNysRYLMR9z8T/+xUosxyRW428sxeJ0wW4vMdLV98zQa0/0tLzScMdd99z3wEOPPNbU9sbYWx0paRl77LXPfgccdEjW4Y0v5R1VcMxxJ5z03AtPvVNUUlZxymlnpvuqzrug5qJL6tNes7VfGrAOAAD//wEAAP//6bA6bQAAAHicjFh7dBtVer/3StZYtvxQpNFE78dIM5IlS7JGo5EfevglW4osP2Q7ieM4ifN2Eifxg/BIKIEUTDjVhu2WDYGes1AOYR+kPHpC2TYUQtpCy2FPeJQuLOEcFroL7mHh4K53e+JRz8xIsU37R/8Yjzy6c7/X7/f7vitQAYYBQFn0AyADSlAHNgAcAEZtV7sYmiYxjuE4kpBxNFRjw/AP/IV3on55ICD3B19ruvPoUZifRj9YObzpwJ49Nya2buUf+cV1fif80XUAUJEHAAVRASiBGgANxtAURZMKhUzDaEiaxH5JXCTqzbXyGvPi+wvv38n8ioHjAwPh6Qh3hD+GCiszzz8PAAAykC/towYGQAq+MSGdDtcqMFy8KUgZE4qwYYok1eUP+etdB2NBb6SnfaZ3Ot8VTyZHJntz2cwkKlh62vyDdXJVX0f7qAfeE2oIunmK5cIBAAAETcUlRKELwARAhYOi2HAkwoR0BEZRpEOhwLU6JhThCIUCbhm6v39wYSi+0xrXxyg2H5gc8nWZ4u79qtwPDx96dDBk32SwNk9ljv2Jy5L2NwGAxDiSqAAqhXyIUeBaBUnf8vmvH3nm6e+3M7sPH97NoMKTT/7VxYnZO26fFv3KAwB/gwqgWqwNbscZnMTteB6e5b9cXIQ2VJi8OPna5K21N8S8r65V5+FD/BdffYUKky9P8r8rr0Nd5T2FijNqUm1X5+egcm6OX0YF/o8QW5mBDv5GeT34Z1QAMml9fk4oUmmfUVQAKuk5o2EwDSnD8Pyc7IvTby7e8/wEKvAfQE+RPw7D8/9wy8cPUAFUlGzj+TlYjwor7wkhlPZ8BBWAVfxeo9MRTCTCaQQPw5EIR2IyUkaTFoSr8/fNVeNV8mpt1fEzhyowmZw91H04LJdhFajAv2ptt9narTC5MgO91nTGcp7/EFLnLZm0lX+/bCeGCkAj2SEYimKFPMhoUqfD1fkTb3XK5dVHpRsq8OceCt3GQdPKDDz2UHiG4z8FSMTMDLoA6oBxHWpEcNJSdR0CduDgyL3p9L0jo8Lf0b7x8b6+8XFV/tGpqUcGBh6Zmno0v/e+6elTp6an7yvjxSLmVbsG9QqSxNVMSILM2+mZjo5jPRMj5zalB1GB2pLtnfB/DftOxAU4l/ZoQQVQC4i1zNGQMlK9ypaPu44kelofv/fP9mzv7Onp3I4KzpH0pnEt/zsIigCON3PRRqkuVHEJrqALwCtGSnM6nbQJTfvRerLgWp2OICSX4YaOuwJd5FhjtKXZN2aL0c27k81TVKu1u8HfbA4at7ZkogdVIX+/3eOnPE4NXevrCobzTY1UxmDxOPV2otqlH+xht7CCDwYAUCUqAEyIiGTtOKn+4Ar86gryTU6uvCf5OVBcQglUELRMrIiaUWtFXyPiR4UC9m46Fpuzt9HuGHm07aiq7cwheJRf6MmTZL4H3s4/fOhMG4DFmwAgEyqAGgAY2Rocyt54667xekO9XK2v23biX1GBf4nbF43u42Ba5EQNAKgeFYAeAEYjY4jSixwj05AlHcSwmp9fOt2rIurkKry6+65LPz89UKOvk9cQqhwchLGHdU1mc5PuYf4V/m8uGBiLhTFcEGITfIJ/RAVQBwDDrtsbf/XayZ5aU7283lLbc8c/fgsfu+jqpqhu10V+77ciHgLFJfg6XAZ6QUkJhwBVTiwXRovFw9Wk4BsdinCsqHevJgfP/hDSIWe3vcGzv2V8245KuX0TZmky7cm5VQPJ/s31dLNJ22egjuznP46YqDGzfrqGcdktor10cQkp0VWwAViEStAkRqoZHJNsraGHoOWQSyVlVdtmZdaMa3xf247+po5QNBw1MKpkGF29PGR0LBwfPpHYMZrPDHGf6zRCnT3FJXgZLn+HeasQLMu1rvNQout4eyBljGrcROumdIuZwQOOYVVsdnBoNmYjNqk1Y5n0mF6dtVgAAt7iElxEV4FGUCApT+LGNMuUM8SxZSP/NT7dupNtaDXJZ3dUyo29Ki6oD+kDnS2qhTsG5uJmff8LK3HWSO3gPic2jPT1D0vcFHz/N7gMNgo21usGZteVXZcxonxAY9d0sv1Ac+eYv4J/ozLXauOMNDn6woehkLdTiGJgLt56sNupbe/VqHsJCww2tyckLhgBgGPobamvkyzHhks5Ih242Bu2d3RkNxuC9TqjMb5zJzw3WsH07a7CRlV5dht/TOzB7iIN/xsugxCIg6yYEYoNCxkQAMSuJp7ByZJKOShaapilSsvWCKGmJDwOWvhvqWU7m9Lo7biejmxltK6658ZU9aHhcL1DXV1DNm7eui15W4YMNTmdoVCwNdPY0Ok2Ul2/NDV7Yz65ym0xB+rkmi5vc86DVYzUeg2RTZQCq9Kq8Y3NyWC/H14JB/xMKBAI84Wg1azFzE67S8hLGgD4n+hqSV3LoBQ6jEgIdXpWbs2G+ntnnR5bkxVdvbzD3LhvO/8WdMVCVgv/Y1AsgjgA4A10DVGgHwCAgQFwHwDFYvGdYgi8KT4fLD0/A0o2EUJXb/VKTuiVNIanj8su3/3My6fu7kNX+Z5P3+A/fn/LKWF9cQn8Hl0VuC6gUJSxEjBejjGz9Uo5htVVWVWZJOpauYyrIRyVKyQ7skq4DOyiHUEfhOqsixC7dU/vqJRb0/5Iu5rs8+cycy7K3zzrov3NcLHT7g94qFA57Bj/49KtnD+4XMpfycba/AlSkbuVQLjYYfOvy1+JAzfh8v+jd26ITXV0TMXiwt94JB6PRGKxEntjs0ODs7GJsXRmTOCwpDtxpITLJf6ueldCJoFr1giPGH+fe3xv2w7OlrTIdkvCYwxdRc+GDdTCzPCJuFk/dAHiq9IjakQcLpZtVLCcuPUtInCMWrZGI+DtcmOKEoXCk7TKqrZ9WBaJq08MGUhJKCyBlTzEV1VCyvEJuFyaGKUoSuomJdiQoUlcW6OrNycJuLg5yFTtkcsbo3ypD24sLsGH4TJwi/hZ7deU1K/XaSVhQbhW8U5ojzNi73C5KWvQYEu4dw6FhyysgTW7nG1uR9I7qaLNGb3FoceNeJWK5DztQ04ipSGshNlSqyKj/sRWAIG2uATH0HGgk3DLkizHMeLQqi3B9/cjPals7c5Tp7prTFVaLaPa3f/laMX992/7chSTj2DVkv9dxSX4a7goYGwd/tUlGf5IQJfb1mSanVDKbFnVvu0wzH8UC9mccIDHeyk/gALXxD2kHr6mXb700/lclTA74lW5oxfhYtGZoaiMs8jjUu4AQO/BRZFDa99bs8NqL79w71xrZTUmx+qUyYPtyvpKOabCWg+ferC5srZSjtVWRuFikUw5nT2OonhPkUUe/5zspukU+ZlorxYA+C5clGYGeo0ZjFi1U/v4909y1US1XKlVBk48/PjJNpW+Rl6lqw5DsLhd69Vqvdrtf/h2l86H415il7CvqhgR4zesxQDHrUuFQjGltdTimEZJB1TK1+ZHqvFquVKjzBx9wbrlXxTyMVQRcFnh59/YekhHj/2blWJ+l8ABd3EJ/jtaANUl/kqYwrUCd0WclY5NOgh2z8/vFi5r0GgMWi1Bkymo+tkTTzz99BNP/GwsMDU2dsDrPTA2NhUQfM4AAN9EJ0WdFFouG4lwgkhnCvOBlGX01AR8slep37Dy6YSEEzsA8D20IHjBsHEkyUZ5ptEqFIK4Mzi19XQqwrhihqRvon38SOJgQt9CPN45+sDRYKitwZwMMFNbo/N3dqKKyRJ3foEWgOe73CHZsjCtWigfRr/uO+jgzJlguN0+mJ7oDflccXOrZ3vz+ExrOJqN7VWxrozZwzTamwzDLT53o93Y4/RtHmTTWnndQKJlyCfNBhvE895JoBSQzzFClxXKr2HtrEbIA4mfuSiHcpWhluF/c/PBgYGVc6asSR808ENP5eBZ/vTWp27x/zo6CWzfiUH0XWPHSWxVbr/pO0iy5t4gm0qy1gYzp4HDX9doaT03xiX2qVgyY/QkW5rjag0JW3ZdqKpu2NLdPRmW/PUVl+BHIg7cAECHAisbkv3vU/Tq9AdVxjajMul3c6w7PpXomWlvGTbF1ZzZ3eGRmbKO/H5uDEbs7pFsoiXazL/ScfbQyUd7Gywp3Ojbv4V079qTmAiLcfrE8+RJkeNxxNlZO14rw55RODMx/l3402g3vUF+/MUnR3aluu8+/RfbxZnGU8KuCXhA5Fb3WTPNrCmrLLLainSykoSKyIYwPhlNNbqY0GZudG/E6uuI7CQMxpDPFXK0VvhbPd1eC92lasyFWwc2yg3pUHhTw46+QJaQ67PJppwfzhoilgbO77F5rfx1xkf67GpdmyvQIubVVVyC75bzqpG0T8yi5lY1I+saj+jt99igKaZXJgN0NNM8bI5vEDLagExZcmg/ty0SP5hIzcC/jbaQ9HA2zqNyQh3uXXuS25mOBw/d9VivxKtEcQm8B86B6vIULKXlrNXns9oaGlQ+h8MnXMLaQDEDPgPnBOwSdCRCOxzkmld69U0sRBXI3Oi3ehqHLic07S6Xw0bHo+kjQJiZJFvwPxANWgCAo0ABpBwIGnMO/QTogQsAjorLvsO9WhmBrTH0lwqdx2fxUtaQLmkfj+b2Wht9BnnI6vVabV7vB76uaChodPpMG1uppuEhqi0cbqN/vTaOHFwA19BzoAIADU0zGHZAJ79NRsCFl44ffwlA0ADegRshBWQAcCyDN3z1zvCwpLN3wd8WXxWeE6wdV8Ff/Wl3N4Cgr5iDenRDwCYhQYwQkUNcj6dS8d5oJBJ9Yd+NM2du7LPt/HB6+sOdAAJvMQeWS+/QIvaEauNaxay4vjeeSr1QWm0T3wUQjBUPQAu6JpyLCUEi1Aw+du3IkfOy8cSKI1E+vx8AX5bWiLrKqKkjR66dT6AbiZtPSWtspX285ZoL1lnRCSHJDC7RYJUd4pSP/zbRpnSGQk5lWyJCOPUVNpK0VeidxPnW/kiuyRSAKRgwhnKRgZYE2egdDLKMUq5k2OCgt5FMlHyDzpJdVlKPVT6K5wVWqrCQO1xR8oGk1hqLrDpx/v8w0zIQyYWMoiumplykv1Wq207Yif5JrJuGkam+yH3xI9m+mxeE74LwHng/ekPozRqaozmCYwiOwAiM/h7Tsk9zpDpRPa3Z38Jsgve4Jhvb9MeP69saJ12bBdySwtyBzgKj+CsWR7LSxWDihZPiRXIkpmE4csvGvpH6wW26bnye6MIHttaPTBApYn6j7bb6217Pns5eunTpUvZ09vXXX4d1p6U6OcBu+AlqErjJsSTLsNKA9f6LL25+8cXdV4avXBm+IvDKAZ6Dn8DPEAWGwDGgAEPgXOn9efgJIoESAJeLdeEYhhME/ITvhFdee+CB1+afHX52V1dQHuxav5ZjOY6labYCdwjL4JV5adWuZ4clHk+hGOyTOQEG8nADAOVzD/h7uFj+7TA9Cxd5HMDi36F20I2uCTGo13DYSlFWK0WhdqfF7HSaLU4AoHimegUugvp1vUz6OcdhpGt1VXi1nZizdL1dWTEqq2j0IsXKzfCQOE84oA1+AucE+xrWjjvgFWgbFs/hsLgFxUCrzCl+R3ME+snAn6PYY9lL4H8AAAD//wEAAP//EJPzrgAAAQAAAAILhY5drtNfDzz1AAMD6AAAAADYXaCrAAAAANheETP+OP7PCG4D3QAAAAMAAgAAAAAAAAABAAAD2P7vAAAImP44/jgIbgABAAAAAAAAAAAAAAAAAAAAVHicVI89SmNhGIWfc2bIDENGwVhcIoKJJCQm5Adt/UEuwqcogU8huAPtLFyHdrbiBuxsdAFWFu7AUhBs1MaQK17SWDw8L7znFMeX7HMP7mRjHxC9Qd8nRJeJGhN9QVSZ+P3TB9HPRJ8TfUXfW0QPiK5Qd5Wyzxg4yUae57/es5F/0/UyQQ80vUJLnzS1ypz/0nCHoAJr+pM9+h9B04RfOwT3CK7l+ZB3Tgm6JtERs26T6pWiX0j0xFR+i4bFtkXFIrGYmbg9oWlRU4l1lejmvqOhEnvaZElvFJWyq5SWUg6VUlfKQu4hRd3Qs1i0qP6gxrEKBMhu8w2iCtnwCwAA//8BAAD//1W4NWEAAAAAAAAsACwAUACGALQA0gDoAPwBFAEgAToBSgF+AaABzAHuAhYCWAJqAo4CqgLYAvYDLgNeA4oDvAPwBBIEfASeBKoEtgTOBOoFHAU+BWoFnAXOBe4GKgZOBnAGjAbEBvAHHgdKB2IHjAfKB+4IIghiCHwIzgkOCSQJRAlQCYgJmAmkCbAJygnkCfYKCApECoAKjgqsCtwK8Ar8CxILKAsyCz4LVAtyC4ALjgAAAAEAAABUAI4ADABkAAcAAQAAAAAAAAAAAAAAAAAEAAN4nJyUQW8bRRzFf2unNhUiKghFqYSqOYLUrpMoqdrmgkMa1SKygzcFcdzEa3sVe9faXSeEj8FH4MYX4MypH4EDRz4ABw6c0byZxHVAkEaVmreemTfv//5v/sBasEqdYOU+8AY8Dtjgjcc1VvnL4zrdYMXjlbf23GMQ9D1u8Dj42eMmvwS/e/we27UfPb7Peu1Xj99nq/aHxx/UTd14vMp243OPH/CoUXn8IQ8aPzgcwLOG5wwC1hu/eVzj48afHtdZazY8XmGt+YnH9/ioueVxg0fNfX7CsMUGm2xgeHL99QxDmwE5JyQYIi4pqUiYUmLokHFKTsFM/8daG2D4lDEVFTNe0KLFhf6FxNdsoU5OafEZjzFckFIxxtAnoSSh4NyzHZCTUWHoEjO1Wsw6ETlzCk5JzEPCt7+lNSaTyiMKcv1idaeckDNhoHtGzJkQU7BFyAbb7LBLm3326LG7xHnF6Pie/IPPneuxx0u+lv6SVMrNEvuYnErVZ5xj2NRaKPefs8uUmDMS7RqS8J3qsQw7hDxlhx2e8/SdtC17k8qXGEOlrg2027pwhiFneOe+p6rW9tGee02mrrq1iMrvdLdnDGjpvFGtY3lmxDxXvwtS7Q7vpOaIWN017BNieOVZb5/MiktmJBwz9p4tkhjJp4oL+bZwdUIqlzNl2NY9V6WutitnIjocYuiJP1tiPlxisG/jZpo2lRZb00LZ8r2LHp8TkyrjJ0y0snhpse5t85VwxQvMDXdKTtWFGZX6UIorlM8jWvQ44PCGkv/3aKC/rr8nzK8T4qqzybDvu02k7kbmIYY9fXeI5Mg3dDjmFT1ec6zvNn36tOlyTIeXOtujj+ELenTZ14mOsFs7UMq7fIvhSzraY7kT74/rmH1/M6kvpd3lNWXKTJ5b5aGfLsmdOmwYetars6XOnJIy1E6j/mWaVjEjn4qZFE7l5VU2Fi/LJWKqWmxvF+sjck3WQq/Tshou/XywaXWa3BSobtHV8E6Z+e9pfXN+HemmoVQXPi1tqbO5jik5c7khV30ZCWeURHKulK/2zPdiyDWLCr2MkdRbt9pMlETri5sh1st/+3UkfYX643httqzTk2tHh+Keu+T8DQAA//8BAAD//9kvXF8AAHicYmBmAIP/5xiMGLAAAAAAAP//AQAA//8vAQIDAAAA");
+}
+@keyframes dashdraw {
+	from {
+		stroke-dashoffset: 0;
+	}
+}
+
+.appendix-icon {
+	filter: drop-shadow(0px 0px 32px rgba(31, 36, 58, 0.1));
+}
+.d2-1992443321 .text-italic {
+	font-family: "d2-1992443321-font-italic";
+}
+@font-face {
+	font-family: d2-1992443321-font-italic;
+	src: url("data:application/font-woff;base64,d09GRgABAAAAABlMAAoAAAAAJfQAARhRAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgW1SVeGNtYXAAAAFUAAABBQAAAaIM+w6JZ2x5ZgAAAlwAABFaAAAYeG30xypoZWFkAAATuAAAADYAAAA2G7Ur2mhoZWEAABPwAAAAJAAAACQLeAj4aG10eAAAFBQAAAEhAAABUJCaCUlsb2NhAAAVOAAAAKoAAACqE1EM9m1heHAAABXkAAAAIAAAACAAbAD2bmFtZQAAFgQAAAMmAAAIMgntVzNwb3N0AAAZLAAAACAAAAAg/8YAMgADAeEBkAAFAAACigJY//EASwKKAlgARAFeADIBIwAAAgsFAwMEAwkCBCAAAHcAAAADAAAAAAAAAABBREJPAAEAIP//Au7/BgAAA9gBESAAAZMAAAAAAeYClAAAACAAA3icnNBJbtIBFMfxzx9wRkEcGJxQFGfFWZBBHBBEjXFhNMaoxzDGa3gUd9p22d6CVbvqEfqa0qYp2779J3m/LxJpCbIyyR+0VGVUVNVcdtU1191w0y23NbW0dXT1DIy899FnX3z1zXc//fI7gi17ZcY2dti+obEPPm3bH5s2JuqKys46J6cgq4SUvCNysRYLMR9z8T/+xUosxyRW428sxeJ0wW4vMdLV98zQa0/0tLzScMdd99z3wEOPPNbU9sbYWx0paRl77LXPfgccdEjW4Y0v5R1VcMxxJ5z03AtPvVNUUlZxymlnpvuqzrug5qJL6tNes7VfGrAOAAD//wEAAP//6bA6bQAAAHicfFgLdBvVmb73jqyxZVm2PJLGUiTL0kgzkizJ1oyk0cOSLctP2fL7RWI7zjtOTOIEDKF5kJIeEtIlq3IoCyxtWGBpgbZkA7unaVN6FmgxgbTbPXSXlseeAg0lWRbI8dLHiUd7Zka25eyePceS52jm3vv/3/2+7//vgBLgAADtQw8CDJSBSlAN9ABwhA3DOJ6nSIxjGArHeYYgcMc9cPGeRxXpjb93Pf5nr1XR+dVnev5z5jn04PIcPD51993CplM7doxfuyZ44L9dAwAAlH8DAPhrlANlQAsAgXMMTTOUUgkhR1AMhX8Ye0WlUCkUJk54E27f2DtY/YdZeNf8fHBPJLpLGES55fnLlwHAAAUAqkM5oAUm8ZojONag1ymVOG6Q/lMYx4ZDQZpau6BOPL95rj7tgFxH55G+2PT0xvbMpr0Hp/dlu29HuUynt81bqlCnIt1TXnhHJ+9jl6+297IJMW4Iovkl5EOPASsAJXaaDgWTiGMNJE7TlF2D9DqDgWPDPKlUQnvP7nDjxqO9kcGaMBGmY5tbHfZM3JWuoxxT6vShvuyDd3byHncdk9h+qCk+FarbwFp9IjZSTmEJG6IoI4rh2PBKBl+57/7Rs/vHxkaPpHdtC6PcybvufHFHy8hDW6Zm5TjFOapQDpRLe4bbcA6ncBtOnYB7KoQPPV9oPuMgrUG51K9bv2wter6s6Hms8LTvi4rPm1Au9VGr8O8rc8+uzM1hNoLDKMKGUSf6ItAVyZ7oaxbeTqKccA3ql+dhRFiUx4AllAOYPIY60XdC3MTVWMdRDqjlexzkcILCcJw60ZfCYPfEl98cPHafD+WEi7DthjAHt9777so4+ADKgZJCHOKAO6CuAuWWz6/kdBHlgFG6T5AcL0UaDvMUjlGYyDcco05MRQ2KjlemTvT0lpnUiv5/9iYMCqWmNINywrdPnYJbl+fhQe+e+geEp+DkA95Zr3CmMPdOlCvsEEFy4bA0++qsfQ95FEqNqr3nRPbBeoWyUtWBcsLkfYFbOTi5PA+fvJ/bwwpnpf1uyi+hafQYqAJ1EqsKpDLodRrEsEkk7rlMLmjdt+AfW+jI7Aj6x25Ph8aT9kyf+N2t/psjPbmF9rbDwz3fWGhPN21diG5ZiG9diM3cscopn7RnumJOURixJosLkwczXx2ZDaY279jT27UD5TJjA7sCwp9g50B/lAOr8zAoByqAYW0ecbvWzfTi5IF9w7cNzx3k27ZNb+/pmkG5juFN+7TCh9AgXIWjQx3hBpmn6vwSFNBjwAMAaacZXtJPKEgzjCiucHhVXEqlXmcgSVnVH6fnXVHLKN806HP2euKhyXh8xsoZO/zOkCXg6G0IxneqY7H6erYt4mANflM3zw6xQZe/1m1t3EA3GHzmTj62KQggmAIAhVAO4GI2FG/DKezphZcq4BsVP11A2XR6+QU5zv78krTfhsIOSbsthiTKXbxUwtrte5WKTF9PWUt7ZKN+sHfIfI96dqe+wQjnhft89o7s5F74gLD3zF3ifEMAoJSEI+AwjjAYCgyC98f7N5SUYgpjyPSPI8IzKCc8GLo1HNofhHOSXADMvwsAssu8pgiMIwuDeQ4jqIKP4rjjxtxIBFeXYlp75aGhTxdGmvCqUoxwao/DEdj0A4PXVBMwPCe8JJz/oZEzmXjji1KewwCgWpQDlSIexXND7Ovc3gFfWWUZRnprjgwL/xWEAOZ+4minnZ2Oi8J8XuIHk1+Cf4LXgU5kCrnKZZLjOYziKaWSYcM8v+qWL7T0ejPTHJPQKojkluZSBTVRTfc7vHrW7EiHrAH1ptGOuyY5ly0hmLqcDS3+ht/Qdk/3FNuckPlozS/Bz9Ei0IvVSmQQhVMEh+OcRJ11CpJqwlUmocV0zWeyjAE5RnzS8iFHOlTb6LYPUn4dp3bZEmjxpRlL/cYxcekWT/cUl0x4nB/TdgCBM78Ez8PrwLwuuzWGFtz/7f7t3uyWkLfJ4CNoS+NYOBqrCxvspqx651TbbaMNdmMjqW+bT7d2mLSszglWsENMUS5r2P3/4MWqsSo6myug1+e8GT2mbvNLy5Gb4UNSLj+F14EJOIvXkxRtU65WMoyTyo6Y4Udjs76eyUY+VasuEV4tq0t7LFGy1jL4SB5h1W4qNK3es6V9fsjrH2DNnKZ5wGnUcnordJbXVJgD1lEAQT0A8H70FiAlvTWjYoXjUtGpH20uT1VV9iVMnuoNqg1am7tUu1W9bRR+N1oymBmuKOdxFVs/nBQmRMxg3gGvw+vACvzFDsLzSiW1nn1KJbYOvecCY5TD3O5KZjRGeqQhMVDfPRmgk1qMaN5J3BalBu31hoCZSnG1De/SlhBp723ZTXvHRtO338KKfMQ274S2es+/0HZ3x0RjPC77hBUA+DZaLNScNR7iUuEJBcU0MeuZbGOVwj3kTYZKk71NCkWXucvfjhavJaiGVMTqEC5Br66mosfjF76bz4tzgr+g84gG/QAAJRjoAgDk8/mv5RnwR+n3Qfn39rUYPkWLq/WUEOspg+PWM9kZ9OeJlxf6puZNaFGwQPiG8PtPDx4GEHjzS+AvaBFUiyiGgrKl6XUFCtyaUh7OHoVQiylxqDKom7VGtHf5G3gZVg1RXKFYXRddhddFLxfXlFMnCwAo1yFQDMaWZlxBD9OxQEnDhDMRViiS2YRC0anv8raL2HQYuurb4ZVuR4B3eblURFurK8Zn7WoNf3gd1BTHcDP84oruIf869KUVbgZ/VZfwHXgdVAJLsU5kc5FbMln8b/VPezPTbP9mb8+0xzfIhVnxS717U/tto375u6V1vq21Mz3f1toh9cFf5jn4Obwuax4viliDKMnNcGKdf6lONysx56hfkj5LNxGo2vr3xf51Gb3QYvUVhG/dfRbCgoHRf3DaVvLhJI+W1izhRWO5SSvrlQJttlrknPAXe/Xps8VGc/nsnXTDqlUvZyFcb9TyvhyB10FV0b6QOL2yH+UKS6/PqN9QZXL0WhPwypQ3UdZW2hwXLgOYv5FfgkfhdcDc3CPc3CKIHYLcIDwZmDI2ki20J+GO+KPebq8/Y/YTnI0OhOuSwcYhddBFW11+ysRYTUl3fcrpqHXpTD5rLV1tb/L62pxizE35JTiB5la9PsyLjsVJLlXk9RdaggoY7SzvdaQ2HFYfjWJmu8ZUrq1qUDf7Kk0VsDpacu+9SeFqdXVtraqExyvFuSP5JfgZvCL6BLnWTxQURxTs/rlVNXRZOr3tvWKBdI2oW3mtlYBh4S3CKNIUTgimDMXJGowDAH8Hr/zvvuKezl6HQqlQaB3EX2eFZXhF+JjqoRzdDmgUTPLYDgDQa/AKsN00du0Ko7BCf4HNUr1VEEJF5Yaq4z1ahKBCY6q6u+u9zRrpV0vlHfCK8IG9zW5vs8PaoisTVFFdDkcXJXwJYP4tAOC/yjhQBFPUb+DkWi/j/e2mPk+pBldU1lWODi9u6/eWalWKKjsxDdFHcwZGr3Pr5/77i4MGv8HgJW8Te6SX8w3wQ3gFmADAJc5IRWEdIhqkVNVpjNXVzpSxeriXFrsurbP6r3qFD4zxrl/heLQswVLwY+EzW5aieu1Qu/xFQ9Yra8iTX4K/QKeBVkSLXDsJ/h9N+yLb6fR0z4TYDoe7e3OASQctXr/0rY5sS97yd0c6Y9uSGx8/3JFoO3CqLT3efuBUW+s4gGLs8Dg6Jp2zeLE7DfMcxuGmiq/PHFCN8vHb71G3wPdZtX355RYx5y8BgK+i0+I4ik9iBdNgVg0Ft+Gq0pkz0w1cqC5lZ7zjjUMTnqEjw1Cn9g8e3nqL39tkszbS7lvaQtMz812t4px/zC/B19Fp4LpJexS/6nw4s+Lwell8P07tqOXITKBtfGSHun8Tw3KWtIUZnhoY78mE4olZdcrnsgd7olxrzJ2o9YTNJNc80JqY1Cu0XWziloCIryiSy+gYUInnFRvF23go5k45OV48vymVOOzpooRPyuD0yMCweljI/4xWVuMKnUt3LggfFeaTyZ9YUjZzsEbmNhA9HB0TT1hreawmQNhwCl8pVMqLqWkLa0hFPF3e5qDVW2cbgPUVnwS1HmPX5vQ+dbPPbQt6slyyqUprgr7Wi6Xq0eHe/QmJF1x+CV5Dp0El8ALA64pXUerIdW8MxKKxtujhOEs3URxr7HfA2fBAvW/g1pZQuy5ob2LHmzW2EVvnKL/5UvtoQ8bFp+wN5eQHkS3NW5+8szVQ546lD4/Qjom+5B6RB2AWAFSCjkn1P4l4G2/DNQg/ZMnsHxQuaeAZ1bY70uSh174/0MpOXfz5rQAADNjyS/C36DSwgnoQXWF0OMyHVj1W3uFaJAZLrCSl1xkwOUOakUrg+/7xSH0bY64NjrPubn8Hr3OZm7ZYnE0Rj7cjWetocbnTDNvarXZ0RwKZkFZhjjN81lOXYlvGrIoKd8QeG/bBHTUZtiEYD7Fx4UeWiMvJufXmnghf6Pmr8kvwtRWMCdmHw8FCGSZW1B5eaQFXoteg+4NszQAF46yzyVEVbNcF65LsWHOFbdjWMcpPx/l+EXX4fRlftYi1YG20ifAOOamJvubZFn5r85an7myVOUXml8ApMCfqU/ZweSs7DEbGbKhxqs0Gk9diMHpFHf0uPwlyYE6sf6IieapogK68IYojQy1lMZk3PuWvbnKYDEbGUds9L/V50jqL8D3EgBhogQeAEsQkHKbzS/AJ9Cwwiv07n1TcLHgMx4tW+QbmiUVpv8vMG9yWQV/HEBNPeBUrwb7OZWKhqNPtN5P+WqY7FeiMxdL+X66lACA4Dp8FX6CzoAQAQnRo/DhZ2UN44LOPTE4+Ir0TeR+qoBFgAIi3KfU7Fe8X+uL8u/mvwXP5fxLv4bwNd5TD11VHWFaaN5UfgOPoHVHzZIF2pFJ6l0Z+pcbG78749syV6TTnWp4cWnj9x1PGe4X/+LZ/5wwtzvtWfgBcLYxlwtUSEXnZhqBvz96y6kpWnOKc6V5o+1bDzs000fLE0MKlH4nrluZ3wyn0qnj2JwmxqHN46feewQ88Ml/+MDbpuyH45Nh/md8Nafk5XPJhDguo9v/tfOlz33vYhyHfjadkPtTld8MZ9CpoXO0SV4ySl/44Dpd8QPrTy5QU2wgOP+n3aPXaDfXldpdOUaZWVcab/CqTy64qrShTMVSNrkpXRdbVqB6mPeZMts2gp9gaZ3XjJNcX9fkb6zf5A+EyRanVYOrua68x1hTifjO/G6rleHBeEon0F6JXY6P4QmkQw8DtykJwVLDM5KLKSjWl5TRlJKp0VYY6o8rbsBKkm1CUlZdXxeMP+7yB+k1+trB6V197janGx7jNmb52A0GxNQ6icSqYjcjx/DA/A59AP5c4ADnYBc9HhOzj2M4bj8r4HYVPw2+h14EGAILhGZ7kSZwncRJnztW1T1RvM3pLd+G7aFcQnrdMBFy2PYq9mnrrFnICILHfl3x3g9hpcjzFyx8Olz44JX0onsIJjqfoVH/FkH9AMxLnYkfjXKxfM+Qf1Iy2BFPHWgbv9t99mX+Iv3DhwgX+If7y5ctQ8ZAcXyPYBS8hj6h3PkSFuBCn5/SU/v0fPN/0/Lldr0VfeSX6mqjXRvAKvAR/hWgwBPYAJRgC35TG+8FJeAlpQBkATmfIqcdxPUnCS8J2+NgbR4++cfLp2HdSA42KQL+01kn4pvwsH+L5EMOESvSNbx458iZ87GRrf0DROJD6Tkz2h09QDH4LqwQ4GAZvg9WzGLgMr6y8b7VuyW6FV6RGD4JO1APOo/NiHkSRQRwiailSZ6FQD2kw2moMxjoApTPmL+AVUV/42ula6lUDJKU1qnRVZptqf3a/Jv0bVVlUiQfqkWP5vY4xMQfoh5fgLjEGImTTN8JHoT8alePTohj4GVYp3WN48ptfaz2IYk8F/gH8DwAAAP//AQAA//8NiB66AAAAAQAAAAEYUU6floFfDzz1AAED6AAAAADYXaDMAAAAAN1mLzf+vf7dCB0DyQACAAMAAgAAAAAAAAABAAAD2P7vAAAIQP69/bwIHQPoAML/0QAAAAAAAAAAAAAAVHicLI8/S5tRHEbP8wuFQlua0iFpltv25k2gKRpwUczioBkVFTedFcHJxUFw8BPo5IdwcnGMugj+W7IIAW9wcjBIhkQk5MobHB7O9MA5tk2RS9AwXlkdbyWmbAGvPl73eNvCM8DbOF63eDvD2ybedqhZCW8VvN74qiGrts68XlhUJ7Z0w5L9omx5nE5ILEdZbRIVqNhPZF9wPOPoxH21cLzyP+Nw9g1nGcqWi730rxWcDuJAs9Qsy6QaTNsFczqOTTXiuQL/FCgoxJ5C7CvwXQEUmFBgQ4E/CmTpkqMb2yl1xBpd9pS6P8aWPDNKYlNFPqsY7/SX30ritZbjqQ7Z1QN5BaofG0tpn3ga+UN91BCoAj/eAQAA//8BAAD///C2WSUAAAAAAAAuAC4AUgCKALwA3gD2AQwBJgE0AVABYAGOAbQB5gIKAjICcgKGAq4CzAL6AxoDUgOKA7gD8AQqBFIEmgTEBNAE3AT2BRgFWgWEBbIF7AYmBkQGgAauBtoG+AcyB14HjgfAB9gIAgg+CGYImgjcCPYJTAmQCaYJxAnQCggKGAomCjQKUgpwCoQKmArgCygLOAtWC4gLnAuoC74L1AveC+wMAgwgDC4MPAAAAAEAAABUAIwADABmAAcAAQAAAAAAAAAAAAAAAAAEAAN4nJyU204bVxSGPwfbbXq6qFBEbtC+TKVkTKMQJeHKlKCMinDqcXqQqkqDPT6I8czIM5iSJ+h136Jvkas+Rp+i6nW1fy+DHUVBIAT8e/Y6/Gutf21gk//YoFa/C/zdnBuusd382fAdvmgeGd5gv/mZ4ToPG/8YbjBovDXc5EGja/gT3tX/NPwpT+q/Gb7LVv3Q8Oc8rm8a/nLD8a/hr3jCuwWuwTP+MFxji8LwHTb51fAG97CYtTr32DHc4Gu2DTfZBnpMqEiZkDHCMWTCiDNmJJREJMyYMCRhgCOkTUqlrxmxkGP0wa8xERUzYkUcU+FIiUiJKRlbxLfyynmtjEOdZnbXpmJMzIk8TonJcOSMyMlIOFWcioqCF7RoUdIX34KKkoCSCSkBOTNGtOhwyBE9xkwocRwqkmcWkTOk4pxY+Z1Z+M70ScgojdUZGQPxdOKXyDvkCEeHQrarkY/WIjzE8aO8Pbdctt8S6NetMFvPu2QTM1c/U3Ul1c25JjjWrc/b5gfhihe4W/Vnncn1PRrof6XIJ5xp/gNNKhOTDOe2aBNJQZG7j2Nf55BIHfmJkB6v6PCGns5tunRpc0yPkJfy7dDF8R0djjmQRyi8uDuUYo75Bcf3hLLxsRPrz2JiCb9TmLpLcZypjimFeu6ZB6o1UYU3n7DfoXxNHaV8+tojb+k0v0x7FjMyVRRiOFUvl9oorX8DU8RUtfjZXt37bZjb7i23+IJcO+zVuuDkJ7dgdN1Ug/c0c66fgJgBOSey6JMzpUXFhXi/JuaMFMeBuvdKW1LRvvTxeS6kkoSpGIRkijOj0N/YdBMZ9/6a7p29JQP5e6anl1XdJotTr65m9EbdW95F1uVkZQItm2q+oqa+uGam/UQ7tco/km+p1y3nEaHiLnb7Q6/ADs/ZZY+xsvR1M7+886+Et9hTB05JZDWUpn0NjwnYJeApu+zynKfv9XLJxhkft8ZnNX+bA/bpsHdtNQvbDvu8XIv28cx/ie2O6nE8ujw9u/U0H9xAtd9o367eza4m56cxt2hX23FMzNRzcVurNbn7BP8DAAD//wEAAP//cqFRQAAAAAMAAP/1AAD/zgAyAAAAAAAAAAAAAAAAAAAAAAAAAAA=");
+}]]></style><style type="text/css"><![CDATA[.shape {
+  shape-rendering: geometricPrecision;
+  stroke-linejoin: round;
+}
+.connection {
+  stroke-linecap: round;
+  stroke-linejoin: round;
+}
+.blend {
+  mix-blend-mode: multiply;
+  opacity: 0.5;
+}
+
+		.d2-1992443321 .fill-N1{fill:#0A0F25;}
+		.d2-1992443321 .fill-N2{fill:#676C7E;}
+		.d2-1992443321 .fill-N3{fill:#9499AB;}
+		.d2-1992443321 .fill-N4{fill:#CFD2DD;}
+		.d2-1992443321 .fill-N5{fill:#DEE1EB;}
+		.d2-1992443321 .fill-N6{fill:#EEF1F8;}
+		.d2-1992443321 .fill-N7{fill:#FFFFFF;}
+		.d2-1992443321 .fill-B1{fill:#0D32B2;}
+		.d2-1992443321 .fill-B2{fill:#0D32B2;}
+		.d2-1992443321 .fill-B3{fill:#E3E9FD;}
+		.d2-1992443321 .fill-B4{fill:#E3E9FD;}
+		.d2-1992443321 .fill-B5{fill:#EDF0FD;}
+		.d2-1992443321 .fill-B6{fill:#F7F8FE;}
+		.d2-1992443321 .fill-AA2{fill:#4A6FF3;}
+		.d2-1992443321 .fill-AA4{fill:#EDF0FD;}
+		.d2-1992443321 .fill-AA5{fill:#F7F8FE;}
+		.d2-1992443321 .fill-AB4{fill:#EDF0FD;}
+		.d2-1992443321 .fill-AB5{fill:#F7F8FE;}
+		.d2-1992443321 .stroke-N1{stroke:#0A0F25;}
+		.d2-1992443321 .stroke-N2{stroke:#676C7E;}
+		.d2-1992443321 .stroke-N3{stroke:#9499AB;}
+		.d2-1992443321 .stroke-N4{stroke:#CFD2DD;}
+		.d2-1992443321 .stroke-N5{stroke:#DEE1EB;}
+		.d2-1992443321 .stroke-N6{stroke:#EEF1F8;}
+		.d2-1992443321 .stroke-N7{stroke:#FFFFFF;}
+		.d2-1992443321 .stroke-B1{stroke:#0D32B2;}
+		.d2-1992443321 .stroke-B2{stroke:#0D32B2;}
+		.d2-1992443321 .stroke-B3{stroke:#E3E9FD;}
+		.d2-1992443321 .stroke-B4{stroke:#E3E9FD;}
+		.d2-1992443321 .stroke-B5{stroke:#EDF0FD;}
+		.d2-1992443321 .stroke-B6{stroke:#F7F8FE;}
+		.d2-1992443321 .stroke-AA2{stroke:#4A6FF3;}
+		.d2-1992443321 .stroke-AA4{stroke:#EDF0FD;}
+		.d2-1992443321 .stroke-AA5{stroke:#F7F8FE;}
+		.d2-1992443321 .stroke-AB4{stroke:#EDF0FD;}
+		.d2-1992443321 .stroke-AB5{stroke:#F7F8FE;}
+		.d2-1992443321 .background-color-N1{background-color:#0A0F25;}
+		.d2-1992443321 .background-color-N2{background-color:#676C7E;}
+		.d2-1992443321 .background-color-N3{background-color:#9499AB;}
+		.d2-1992443321 .background-color-N4{background-color:#CFD2DD;}
+		.d2-1992443321 .background-color-N5{background-color:#DEE1EB;}
+		.d2-1992443321 .background-color-N6{background-color:#EEF1F8;}
+		.d2-1992443321 .background-color-N7{background-color:#FFFFFF;}
+		.d2-1992443321 .background-color-B1{background-color:#0D32B2;}
+		.d2-1992443321 .background-color-B2{background-color:#0D32B2;}
+		.d2-1992443321 .background-color-B3{background-color:#E3E9FD;}
+		.d2-1992443321 .background-color-B4{background-color:#E3E9FD;}
+		.d2-1992443321 .background-color-B5{background-color:#EDF0FD;}
+		.d2-1992443321 .background-color-B6{background-color:#F7F8FE;}
+		.d2-1992443321 .background-color-AA2{background-color:#4A6FF3;}
+		.d2-1992443321 .background-color-AA4{background-color:#EDF0FD;}
+		.d2-1992443321 .background-color-AA5{background-color:#F7F8FE;}
+		.d2-1992443321 .background-color-AB4{background-color:#EDF0FD;}
+		.d2-1992443321 .background-color-AB5{background-color:#F7F8FE;}
+		.d2-1992443321 .color-N1{color:#0A0F25;}
+		.d2-1992443321 .color-N2{color:#676C7E;}
+		.d2-1992443321 .color-N3{color:#9499AB;}
+		.d2-1992443321 .color-N4{color:#CFD2DD;}
+		.d2-1992443321 .color-N5{color:#DEE1EB;}
+		.d2-1992443321 .color-N6{color:#EEF1F8;}
+		.d2-1992443321 .color-N7{color:#FFFFFF;}
+		.d2-1992443321 .color-B1{color:#0D32B2;}
+		.d2-1992443321 .color-B2{color:#0D32B2;}
+		.d2-1992443321 .color-B3{color:#E3E9FD;}
+		.d2-1992443321 .color-B4{color:#E3E9FD;}
+		.d2-1992443321 .color-B5{color:#EDF0FD;}
+		.d2-1992443321 .color-B6{color:#F7F8FE;}
+		.d2-1992443321 .color-AA2{color:#4A6FF3;}
+		.d2-1992443321 .color-AA4{color:#EDF0FD;}
+		.d2-1992443321 .color-AA5{color:#F7F8FE;}
+		.d2-1992443321 .color-AB4{color:#EDF0FD;}
+		.d2-1992443321 .color-AB5{color:#F7F8FE;}.appendix text.text{fill:#0A0F25}.md{--color-fg-default:#0A0F25;--color-fg-muted:#676C7E;--color-fg-subtle:#9499AB;--color-canvas-default:#FFFFFF;--color-canvas-subtle:#EEF1F8;--color-border-default:#0D32B2;--color-border-muted:#0D32B2;--color-neutral-muted:#EEF1F8;--color-accent-fg:#0D32B2;--color-accent-emphasis:#0D32B2;--color-attention-subtle:#676C7E;--color-danger-fg:red;}.sketch-overlay-B1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B2{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B3{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-AA4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-N2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-N3{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N4{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N7{fill:url(#streaks-bright);mix-blend-mode:darken}.light-code{display: block}.dark-code{display: none}]]></style><style type="text/css">.d2-1992443321 .md em,
+.d2-1992443321 .md dfn {
+  font-family: "d2-1992443321-font-italic";
+}
+
+.d2-1992443321 .md b,
+.d2-1992443321 .md strong {
+  font-family: "d2-1992443321-font-bold";
+}
+
+.d2-1992443321 .md code,
+.d2-1992443321 .md kbd,
+.d2-1992443321 .md pre,
+.d2-1992443321 .md samp {
+  font-family: "d2-1992443321-font-mono";
+  font-size: 1em;
+}
+
+.d2-1992443321 .md {
+  tab-size: 4;
+}
+
+/* variables are provided in d2renderers/d2svg/d2svg.go */
+
+.d2-1992443321 .md {
+  -ms-text-size-adjust: 100%;
+  -webkit-text-size-adjust: 100%;
+  margin: 0;
+  color: var(--color-fg-default);
+  background-color: transparent; /* we don't want to define the background color */
+  font-family: "d2-1992443321-font-regular";
+  font-size: 16px;
+  line-height: 1.5;
+  word-wrap: break-word;
+}
+
+.d2-1992443321 .md details,
+.d2-1992443321 .md figcaption,
+.d2-1992443321 .md figure {
+  display: block;
+}
+
+.d2-1992443321 .md summary {
+  display: list-item;
+}
+
+.d2-1992443321 .md [hidden] {
+  display: none !important;
+}
+
+.d2-1992443321 .md a {
+  background-color: transparent;
+  color: var(--color-accent-fg);
+  text-decoration: none;
+}
+
+.d2-1992443321 .md a:active,
+.d2-1992443321 .md a:hover {
+  outline-width: 0;
+}
+
+.d2-1992443321 .md abbr[title] {
+  border-bottom: none;
+  text-decoration: underline dotted;
+}
+
+.d2-1992443321 .md dfn {
+  font-style: italic;
+}
+
+.d2-1992443321 .md h1 {
+  margin: 0.67em 0;
+  padding-bottom: 0.3em;
+  font-size: 2em;
+  border-bottom: 1px solid var(--color-border-muted);
+}
+
+.d2-1992443321 .md mark {
+  background-color: var(--color-attention-subtle);
+  color: var(--color-text-primary);
+}
+
+.d2-1992443321 .md small {
+  font-size: 90%;
+}
+
+.d2-1992443321 .md sub,
+.d2-1992443321 .md sup {
+  font-size: 75%;
+  line-height: 0;
+  position: relative;
+  vertical-align: baseline;
+}
+
+.d2-1992443321 .md sub {
+  bottom: -0.25em;
+}
+
+.d2-1992443321 .md sup {
+  top: -0.5em;
+}
+
+.d2-1992443321 .md img {
+  border-style: none;
+  max-width: 100%;
+  box-sizing: content-box;
+  background-color: var(--color-canvas-default);
+}
+
+.d2-1992443321 .md figure {
+  margin: 1em 40px;
+}
+
+.d2-1992443321 .md hr {
+  box-sizing: content-box;
+  overflow: hidden;
+  background: transparent;
+  border-bottom: 1px solid var(--color-border-muted);
+  height: 0.25em;
+  padding: 0;
+  margin: 24px 0;
+  background-color: var(--color-border-default);
+  border: 0;
+}
+
+.d2-1992443321 .md input {
+  font: inherit;
+  margin: 0;
+  overflow: visible;
+  font-family: inherit;
+  font-size: inherit;
+  line-height: inherit;
+}
+
+.d2-1992443321 .md [type="button"],
+.d2-1992443321 .md [type="reset"],
+.d2-1992443321 .md [type="submit"] {
+  -webkit-appearance: button;
+}
+
+.d2-1992443321 .md [type="button"]::-moz-focus-inner,
+.d2-1992443321 .md [type="reset"]::-moz-focus-inner,
+.d2-1992443321 .md [type="submit"]::-moz-focus-inner {
+  border-style: none;
+  padding: 0;
+}
+
+.d2-1992443321 .md [type="button"]:-moz-focusring,
+.d2-1992443321 .md [type="reset"]:-moz-focusring,
+.d2-1992443321 .md [type="submit"]:-moz-focusring {
+  outline: 1px dotted ButtonText;
+}
+
+.d2-1992443321 .md [type="checkbox"],
+.d2-1992443321 .md [type="radio"] {
+  box-sizing: border-box;
+  padding: 0;
+}
+
+.d2-1992443321 .md [type="number"]::-webkit-inner-spin-button,
+.d2-1992443321 .md [type="number"]::-webkit-outer-spin-button {
+  height: auto;
+}
+
+.d2-1992443321 .md [type="search"] {
+  -webkit-appearance: textfield;
+  outline-offset: -2px;
+}
+
+.d2-1992443321 .md [type="search"]::-webkit-search-cancel-button,
+.d2-1992443321 .md [type="search"]::-webkit-search-decoration {
+  -webkit-appearance: none;
+}
+
+.d2-1992443321 .md ::-webkit-input-placeholder {
+  color: inherit;
+  opacity: 0.54;
+}
+
+.d2-1992443321 .md ::-webkit-file-upload-button {
+  -webkit-appearance: button;
+  font: inherit;
+}
+
+.d2-1992443321 .md a:hover {
+  text-decoration: underline;
+}
+
+.d2-1992443321 .md hr::before {
+  display: table;
+  content: "";
+}
+
+.d2-1992443321 .md hr::after {
+  display: table;
+  clear: both;
+  content: "";
+}
+
+.d2-1992443321 .md table {
+  border-spacing: 0;
+  border-collapse: collapse;
+  display: block;
+  width: max-content;
+  max-width: 100%;
+  overflow: auto;
+}
+
+.d2-1992443321 .md td,
+.d2-1992443321 .md th {
+  padding: 0;
+}
+
+.d2-1992443321 .md details summary {
+  cursor: pointer;
+}
+
+.d2-1992443321 .md details:not([open]) > *:not(summary) {
+  display: none !important;
+}
+
+.d2-1992443321 .md kbd {
+  display: inline-block;
+  padding: 3px 5px;
+  color: var(--color-fg-default);
+  vertical-align: middle;
+  background-color: var(--color-canvas-subtle);
+  border: solid 1px var(--color-neutral-muted);
+  border-bottom-color: var(--color-neutral-muted);
+  border-radius: 6px;
+  box-shadow: inset 0 -1px 0 var(--color-neutral-muted);
+}
+
+.d2-1992443321 .md h1,
+.d2-1992443321 .md h2,
+.d2-1992443321 .md h3,
+.d2-1992443321 .md h4,
+.d2-1992443321 .md h5,
+.d2-1992443321 .md h6 {
+  margin-top: 24px;
+  margin-bottom: 16px;
+  font-weight: 400;
+  line-height: 1.25;
+  font-family: "d2-1992443321-font-semibold";
+}
+
+.d2-1992443321 .md h2 {
+  padding-bottom: 0.3em;
+  font-size: 1.5em;
+  border-bottom: 1px solid var(--color-border-muted);
+}
+
+.d2-1992443321 .md h3 {
+  font-size: 1.25em;
+}
+
+.d2-1992443321 .md h4 {
+  font-size: 1em;
+}
+
+.d2-1992443321 .md h5 {
+  font-size: 0.875em;
+}
+
+.d2-1992443321 .md h6 {
+  font-size: 0.85em;
+  color: var(--color-fg-muted);
+}
+
+.d2-1992443321 .md p {
+  margin-top: 0;
+  margin-bottom: 10px;
+}
+
+.d2-1992443321 .md blockquote {
+  margin: 0;
+  padding: 0 1em;
+  color: var(--color-fg-muted);
+  border-left: 0.25em solid var(--color-border-default);
+}
+
+.d2-1992443321 .md ul,
+.d2-1992443321 .md ol {
+  margin-top: 0;
+  margin-bottom: 0;
+  padding-left: 2em;
+}
+
+.d2-1992443321 .md ol ol,
+.d2-1992443321 .md ul ol {
+  list-style-type: lower-roman;
+}
+
+.d2-1992443321 .md ul ul ol,
+.d2-1992443321 .md ul ol ol,
+.d2-1992443321 .md ol ul ol,
+.d2-1992443321 .md ol ol ol {
+  list-style-type: lower-alpha;
+}
+
+.d2-1992443321 .md dd {
+  margin-left: 0;
+}
+
+.d2-1992443321 .md pre {
+  margin-top: 0;
+  margin-bottom: 0;
+  word-wrap: normal;
+}
+
+.d2-1992443321 .md ::placeholder {
+  color: var(--color-fg-subtle);
+  opacity: 1;
+}
+
+.d2-1992443321 .md input::-webkit-outer-spin-button,
+.d2-1992443321 .md input::-webkit-inner-spin-button {
+  margin: 0;
+  -webkit-appearance: none;
+  appearance: none;
+}
+
+.d2-1992443321 .md::before {
+  display: table;
+  content: "";
+}
+
+.d2-1992443321 .md::after {
+  display: table;
+  clear: both;
+  content: "";
+}
+
+.d2-1992443321 .md > *:first-child {
+  margin-top: 0 !important;
+}
+
+.d2-1992443321 .md > *:last-child {
+  margin-bottom: 0 !important;
+}
+
+.d2-1992443321 .md a:not([href]) {
+  color: inherit;
+  text-decoration: none;
+}
+
+.d2-1992443321 .md .absent {
+  color: var(--color-danger-fg);
+}
+
+.d2-1992443321 .md .anchor {
+  float: left;
+  padding-right: 4px;
+  margin-left: -20px;
+  line-height: 1;
+}
+
+.d2-1992443321 .md .anchor:focus {
+  outline: none;
+}
+
+.d2-1992443321 .md p,
+.d2-1992443321 .md blockquote,
+.d2-1992443321 .md ul,
+.d2-1992443321 .md ol,
+.d2-1992443321 .md dl,
+.d2-1992443321 .md table,
+.d2-1992443321 .md pre,
+.d2-1992443321 .md details {
+  margin-top: 0;
+  margin-bottom: 16px;
+}
+
+.d2-1992443321 .md blockquote > :first-child {
+  margin-top: 0;
+}
+
+.d2-1992443321 .md blockquote > :last-child {
+  margin-bottom: 0;
+}
+
+.d2-1992443321 .md sup > a::before {
+  content: "[";
+}
+
+.d2-1992443321 .md sup > a::after {
+  content: "]";
+}
+
+.d2-1992443321 .md h1:hover .anchor,
+.d2-1992443321 .md h2:hover .anchor,
+.d2-1992443321 .md h3:hover .anchor,
+.d2-1992443321 .md h4:hover .anchor,
+.d2-1992443321 .md h5:hover .anchor,
+.d2-1992443321 .md h6:hover .anchor {
+  text-decoration: none;
+}
+
+.d2-1992443321 .md h1 tt,
+.d2-1992443321 .md h1 code,
+.d2-1992443321 .md h2 tt,
+.d2-1992443321 .md h2 code,
+.d2-1992443321 .md h3 tt,
+.d2-1992443321 .md h3 code,
+.d2-1992443321 .md h4 tt,
+.d2-1992443321 .md h4 code,
+.d2-1992443321 .md h5 tt,
+.d2-1992443321 .md h5 code,
+.d2-1992443321 .md h6 tt,
+.d2-1992443321 .md h6 code {
+  padding: 0 0.2em;
+  font-size: inherit;
+}
+
+.d2-1992443321 .md ul.no-list,
+.d2-1992443321 .md ol.no-list {
+  padding: 0;
+  list-style-type: none;
+}
+
+.d2-1992443321 .md ol[type="1"] {
+  list-style-type: decimal;
+}
+
+.d2-1992443321 .md ol[type="a"] {
+  list-style-type: lower-alpha;
+}
+
+.d2-1992443321 .md ol[type="i"] {
+  list-style-type: lower-roman;
+}
+
+.d2-1992443321 .md div > ol:not([type]) {
+  list-style-type: decimal;
+}
+
+.d2-1992443321 .md ul ul,
+.d2-1992443321 .md ul ol,
+.d2-1992443321 .md ol ol,
+.d2-1992443321 .md ol ul {
+  margin-top: 0;
+  margin-bottom: 0;
+}
+
+.d2-1992443321 .md li > p {
+  margin-top: 16px;
+}
+
+.d2-1992443321 .md li + li {
+  margin-top: 0.25em;
+}
+
+.d2-1992443321 .md dl {
+  padding: 0;
+}
+
+.d2-1992443321 .md dl dt {
+  padding: 0;
+  margin-top: 16px;
+  font-size: 1em;
+  font-style: italic;
+  font-family: "d2-1992443321-font-semibold";
+}
+
+.d2-1992443321 .md dl dd {
+  padding: 0 16px;
+  margin-bottom: 16px;
+}
+
+.d2-1992443321 .md table th {
+  font-family: "d2-1992443321-font-semibold";
+}
+
+.d2-1992443321 .md table th,
+.d2-1992443321 .md table td {
+  padding: 6px 13px;
+  border: 1px solid var(--color-border-default);
+}
+
+.d2-1992443321 .md table tr {
+  background-color: var(--color-canvas-default);
+  border-top: 1px solid var(--color-border-muted);
+}
+
+.d2-1992443321 .md table tr:nth-child(2n) {
+  background-color: var(--color-canvas-subtle);
+}
+
+.d2-1992443321 .md table img {
+  background-color: transparent;
+}
+
+.d2-1992443321 .md img[align="right"] {
+  padding-left: 20px;
+}
+
+.d2-1992443321 .md img[align="left"] {
+  padding-right: 20px;
+}
+
+.d2-1992443321 .md span.frame {
+  display: block;
+  overflow: hidden;
+}
+
+.d2-1992443321 .md span.frame > span {
+  display: block;
+  float: left;
+  width: auto;
+  padding: 7px;
+  margin: 13px 0 0;
+  overflow: hidden;
+  border: 1px solid var(--color-border-default);
+}
+
+.d2-1992443321 .md span.frame span img {
+  display: block;
+  float: left;
+}
+
+.d2-1992443321 .md span.frame span span {
+  display: block;
+  padding: 5px 0 0;
+  clear: both;
+  color: var(--color-fg-default);
+}
+
+.d2-1992443321 .md span.align-center {
+  display: block;
+  overflow: hidden;
+  clear: both;
+}
+
+.d2-1992443321 .md span.align-center > span {
+  display: block;
+  margin: 13px auto 0;
+  overflow: hidden;
+  text-align: center;
+}
+
+.d2-1992443321 .md span.align-center span img {
+  margin: 0 auto;
+  text-align: center;
+}
+
+.d2-1992443321 .md span.align-right {
+  display: block;
+  overflow: hidden;
+  clear: both;
+}
+
+.d2-1992443321 .md span.align-right > span {
+  display: block;
+  margin: 13px 0 0;
+  overflow: hidden;
+  text-align: right;
+}
+
+.d2-1992443321 .md span.align-right span img {
+  margin: 0;
+  text-align: right;
+}
+
+.d2-1992443321 .md span.float-left {
+  display: block;
+  float: left;
+  margin-right: 13px;
+  overflow: hidden;
+}
+
+.d2-1992443321 .md span.float-left span {
+  margin: 13px 0 0;
+}
+
+.d2-1992443321 .md span.float-right {
+  display: block;
+  float: right;
+  margin-left: 13px;
+  overflow: hidden;
+}
+
+.d2-1992443321 .md span.float-right > span {
+  display: block;
+  margin: 13px auto 0;
+  overflow: hidden;
+  text-align: right;
+}
+
+.d2-1992443321 .md code,
+.d2-1992443321 .md tt {
+  padding: 0.2em 0.4em;
+  margin: 0;
+  font-size: 85%;
+  background-color: var(--color-neutral-muted);
+  border-radius: 6px;
+}
+
+.d2-1992443321 .md code br,
+.d2-1992443321 .md tt br {
+  display: none;
+}
+
+.d2-1992443321 .md del code {
+  text-decoration: inherit;
+}
+
+.d2-1992443321 .md pre code {
+  font-size: 100%;
+}
+
+.d2-1992443321 .md pre > code {
+  padding: 0;
+  margin: 0;
+  word-break: normal;
+  white-space: pre;
+  background: transparent;
+  border: 0;
+}
+
+.d2-1992443321 .md .highlight {
+  margin-bottom: 16px;
+}
+
+.d2-1992443321 .md .highlight pre {
+  margin-bottom: 0;
+  word-break: normal;
+}
+
+.d2-1992443321 .md .highlight pre,
+.d2-1992443321 .md pre {
+  padding: 16px;
+  overflow: auto;
+  font-size: 85%;
+  line-height: 1.45;
+  background-color: var(--color-canvas-subtle);
+  border-radius: 6px;
+}
+
+.d2-1992443321 .md pre code,
+.d2-1992443321 .md pre tt {
+  display: inline;
+  max-width: auto;
+  padding: 0;
+  margin: 0;
+  overflow: visible;
+  line-height: inherit;
+  word-wrap: normal;
+  background-color: transparent;
+  border: 0;
+}
+
+.d2-1992443321 .md .csv-data td,
+.d2-1992443321 .md .csv-data th {
+  padding: 5px;
+  overflow: hidden;
+  font-size: 12px;
+  line-height: 1;
+  text-align: left;
+  white-space: nowrap;
+}
+
+.d2-1992443321 .md .csv-data .blob-num {
+  padding: 10px 8px 9px;
+  text-align: right;
+  background: var(--color-canvas-default);
+  border: 0;
+}
+
+.d2-1992443321 .md .csv-data tr {
+  border-top: 0;
+}
+
+.d2-1992443321 .md .csv-data th {
+  font-family: "d2-1992443321-font-semibold";
+  background: var(--color-canvas-subtle);
+  border-top: 0;
+}
+
+.d2-1992443321 .md .footnotes {
+  font-size: 12px;
+  color: var(--color-fg-muted);
+  border-top: 1px solid var(--color-border-default);
+}
+
+.d2-1992443321 .md .footnotes ol {
+  padding-left: 16px;
+}
+
+.d2-1992443321 .md .footnotes li {
+  position: relative;
+}
+
+.d2-1992443321 .md .footnotes li:target::before {
+  position: absolute;
+  top: -8px;
+  right: -8px;
+  bottom: -8px;
+  left: -24px;
+  pointer-events: none;
+  content: "";
+  border: 2px solid var(--color-accent-emphasis);
+  border-radius: 6px;
+}
+
+.d2-1992443321 .md .footnotes li:target {
+  color: var(--color-fg-default);
+}
+
+.d2-1992443321 .md .task-list-item {
+  list-style-type: none;
+}
+
+.d2-1992443321 .md .task-list-item label {
+  font-weight: 400;
+}
+
+.d2-1992443321 .md .task-list-item.enabled label {
+  cursor: pointer;
+}
+
+.d2-1992443321 .md .task-list-item + .task-list-item {
+  margin-top: 3px;
+}
+
+.d2-1992443321 .md .task-list-item .handle {
+  display: none;
+}
+
+.d2-1992443321 .md .task-list-item-checkbox {
+  margin: 0 0.2em 0.25em -1.6em;
+  vertical-align: middle;
+}
+
+.d2-1992443321 .md .contains-task-list:dir(rtl) .task-list-item-checkbox {
+  margin: 0 -1.6em 0.25em 0.2em;
+}
+</style><g id="title"><g class="shape" ></g><g><foreignObject requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" x="816.000000" y="-103.000000" width="800" height="95"><div xmlns="http://www.w3.org/1999/xhtml" class="md" style="font-size:30px"><h1>x509 Transaction - Complete</h1>
+</div></foreignObject></g></g><a href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L13-L18" xlink:href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L13-L18"><g id="individual_transaction"><g class="shape" ><rect x="100.000000" y="12.000000" width="364.000000" height="144.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="100.000000" y="12.000000" width="364.000000" height="36.000000" class="class_header fill-N1" /><text x="110.000000" y="37.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">Cardano Transaction</text><text x="110.000000" y="71.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">body</text><text x="248.000000" y="71.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">transaction body</text><text x="454.000000" y="71.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="100.000000" x2="464.000000" y1="84.000000" y2="84.000000" class=" stroke-N1" style="stroke-width:2" /><text x="110.000000" y="107.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">auxiliary_data</text><text x="248.000000" y="107.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Option&lt;auxiliary_data&gt;</text><text x="454.000000" y="107.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="100.000000" x2="464.000000" y1="120.000000" y2="120.000000" class=" stroke-N1" style="stroke-width:2" /><text x="110.000000" y="143.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">witnesses</text><text x="248.000000" y="143.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">transaction witness set</text><text x="454.000000" y="143.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="100.000000" x2="464.000000" y1="156.000000" y2="156.000000" class=" stroke-N1" style="stroke-width:2" /></g></g></a><a href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L53-L71" xlink:href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L53-L71"><g id="transaction_body"><g class="shape" ><rect x="1633.000000" y="2118.000000" width="787.000000" height="648.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="1633.000000" y="2118.000000" width="787.000000" height="36.000000" class="class_header fill-N1" /><text x="1643.000000" y="2143.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">transaction body</text><text x="1643.000000" y="2177.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">0 = transaction inputs</text><text x="1932.000000" y="2177.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ * [transaction hash, index] ]</text><text x="2410.000000" y="2177.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1633.000000" x2="2420.000000" y1="2190.000000" y2="2190.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1643.000000" y="2213.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">1 = transaction outputs</text><text x="1932.000000" y="2213.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ * transaction_output ]</text><text x="2410.000000" y="2213.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1633.000000" x2="2420.000000" y1="2226.000000" y2="2226.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1643.000000" y="2249.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">2 = transaction fee</text><text x="1932.000000" y="2249.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">coin (lovelace uint64)</text><text x="2410.000000" y="2249.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1633.000000" x2="2420.000000" y1="2262.000000" y2="2262.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1643.000000" y="2285.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 3 = Time to live [TTL]</text><text x="1932.000000" y="2285.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">uint64</text><text x="2410.000000" y="2285.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1633.000000" x2="2420.000000" y1="2298.000000" y2="2298.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1643.000000" y="2321.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 4 = certificates</text><text x="1932.000000" y="2321.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[* certificate]</text><text x="2410.000000" y="2321.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1633.000000" x2="2420.000000" y1="2334.000000" y2="2334.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1643.000000" y="2357.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 5 = reward withdrawals</text><text x="1932.000000" y="2357.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">{ * reward_account =&gt; coin (lovelace uint64) }</text><text x="2410.000000" y="2357.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1633.000000" x2="2420.000000" y1="2370.000000" y2="2370.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1643.000000" y="2393.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 6 = protocol parameter update</text><text x="1932.000000" y="2393.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ proposed_protocol_parameter_updates, epoch ]</text><text x="2410.000000" y="2393.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1633.000000" x2="2420.000000" y1="2406.000000" y2="2406.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1643.000000" y="2429.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 7 = auxiliary_data_hash</text><text x="1932.000000" y="2429.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">32 byte hash</text><text x="2410.000000" y="2429.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1633.000000" x2="2420.000000" y1="2442.000000" y2="2442.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1643.000000" y="2465.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 8 = validity interval start</text><text x="1932.000000" y="2465.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">uint64</text><text x="2410.000000" y="2465.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1633.000000" x2="2420.000000" y1="2478.000000" y2="2478.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1643.000000" y="2501.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 9 = mint</text><text x="1932.000000" y="2501.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">{ * policy_id =&gt; { * asset_name =&gt; a } }</text><text x="2410.000000" y="2501.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1633.000000" x2="2420.000000" y1="2514.000000" y2="2514.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1643.000000" y="2537.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 11 = script_data_hash</text><text x="1932.000000" y="2537.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">32 byte hash</text><text x="2410.000000" y="2537.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1633.000000" x2="2420.000000" y1="2550.000000" y2="2550.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1643.000000" y="2573.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 13 = collateral inputs</text><text x="1932.000000" y="2573.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ * [transaction hash, index] ]</text><text x="2410.000000" y="2573.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1633.000000" x2="2420.000000" y1="2586.000000" y2="2586.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1643.000000" y="2609.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 14 = required_signers</text><text x="1932.000000" y="2609.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ * address key hash (blake2b-224) of signing public key ]</text><text x="2410.000000" y="2609.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1633.000000" x2="2420.000000" y1="2622.000000" y2="2622.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1643.000000" y="2645.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 15 = network_id</text><text x="1932.000000" y="2645.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">0 or 1</text><text x="2410.000000" y="2645.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1633.000000" x2="2420.000000" y1="2658.000000" y2="2658.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1643.000000" y="2681.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 16 = collateral return</text><text x="1932.000000" y="2681.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">transaction_output (collateral return)</text><text x="2410.000000" y="2681.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1633.000000" x2="2420.000000" y1="2694.000000" y2="2694.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1643.000000" y="2717.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 17 = total collateral</text><text x="1932.000000" y="2717.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">coin (lovelace uint64)</text><text x="2410.000000" y="2717.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1633.000000" x2="2420.000000" y1="2730.000000" y2="2730.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1643.000000" y="2753.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 18 = reference inputs</text><text x="1932.000000" y="2753.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">set&lt;transaction_input&gt;</text><text x="2410.000000" y="2753.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1633.000000" x2="2420.000000" y1="2766.000000" y2="2766.000000" class=" stroke-N1" style="stroke-width:2" /></g></g></a><g id="auxiliary"><g class="shape" ><rect x="12.000000" y="348.000000" width="1272.000000" height="1534.000000" class=" stroke-B1 fill-B4" style="stroke-width:2;" /></g></g><g id="root-ca"><g class="shape" ><rect x="417.000000" y="3008.000000" width="788.000000" height="595.000000" class=" stroke-B1 fill-B4" style="stroke-width:2;" /></g><text x="811.000000" y="3041.000000" class="text fill-N1" style="text-anchor:middle;font-size:28px">ROOT CERTIFICATE AUTHORITY (CA)</text></g><g id="transaction_witness"><g class="shape" ><rect x="1304.000000" y="348.000000" width="686.000000" height="566.000000" class=" stroke-B1 fill-B4" style="stroke-width:2;" /></g></g><a href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L359C1-L368" xlink:href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L359C1-L368"><g id="auxiliary.data"><g class="shape" ><rect x="323.000000" y="398.000000" width="544.000000" height="180.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="323.000000" y="398.000000" width="544.000000" height="36.000000" class="class_header fill-N1" /><text x="333.000000" y="423.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">auxiliary data</text><text x="333.000000" y="457.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">metadata</text><text x="462.000000" y="457.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">{ * uint =&gt; transaction_metadatum } : Optional</text><text x="857.000000" y="457.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="323.000000" x2="867.000000" y1="470.000000" y2="470.000000" class=" stroke-N1" style="stroke-width:2" /><text x="333.000000" y="493.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">native_script</text><text x="462.000000" y="493.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ * native_script ] : Optional</text><text x="857.000000" y="493.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="323.000000" x2="867.000000" y1="506.000000" y2="506.000000" class=" stroke-N1" style="stroke-width:2" /><text x="333.000000" y="529.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">plutus_v1</text><text x="462.000000" y="529.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ * plutus_v1_script ] : Optional</text><text x="857.000000" y="529.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="323.000000" x2="867.000000" y1="542.000000" y2="542.000000" class=" stroke-N1" style="stroke-width:2" /><text x="333.000000" y="565.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">plutus_v2</text><text x="462.000000" y="565.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ * plutus_v2_script ] : Optional</text><text x="857.000000" y="565.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="323.000000" x2="867.000000" y1="578.000000" y2="578.000000" class=" stroke-N1" style="stroke-width:2" /></g></g></a><g id="auxiliary.509_envelope"><g class="shape" ><rect x="632.000000" y="739.000000" width="550.000000" height="180.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="632.000000" y="739.000000" width="550.000000" height="36.000000" class="class_header fill-N1" /><text x="642.000000" y="764.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">x509 envelope metadata (Key 509)</text><text x="642.000000" y="798.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">0</text><text x="735.000000" y="798.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">purpose : 128bit UUID V4 of the Metadata Purpose</text><text x="1172.000000" y="798.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="632.000000" x2="1182.000000" y1="811.000000" y2="811.000000" class=" stroke-N1" style="stroke-width:2" /><text x="642.000000" y="834.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">1</text><text x="735.000000" y="834.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">txn-inputs-hash : Hash of the transaction inputs</text><text x="1172.000000" y="834.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="632.000000" x2="1182.000000" y1="847.000000" y2="847.000000" class=" stroke-N1" style="stroke-width:2" /><text x="642.000000" y="870.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">10/11/12</text><text x="735.000000" y="870.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">X509 chunks: [ + x509_chunk ] - x509 Update Data.</text><text x="1172.000000" y="870.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="632.000000" x2="1182.000000" y1="883.000000" y2="883.000000" class=" stroke-N1" style="stroke-width:2" /><text x="642.000000" y="906.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">99</text><text x="735.000000" y="906.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">validation signature : Signature calculated in step 6</text><text x="1172.000000" y="906.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="632.000000" x2="1182.000000" y1="919.000000" y2="919.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><clipPath id="d2-1992443321-auxiliary.rbac"><path d="M 114.000000 1004.000000 L 114.000000 1004.000000 S 114.000000 989.000000 129.000000 989.000000 L 554.000000 989.000000 L 554.000000 989.000000 S 569.000000 989.000000 569.000000 1004.000000 L 569.000000 1262.000000 L 569.000000 1277.000000 L 114.000000 1277.000000Z 114.000000 989.000000" fill="none" /> </clipPath><g id="auxiliary.rbac" class="RBAC_TABLE"><g class="shape" ><rect x="114.000000" y="989.000000" width="455.000000" height="288.000000" rx="15.000000" ry="15.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="114.000000" y="989.000000" width="455.000000" height="36.000000" class="class_header fill-N1" clip-path="url(#d2-1992443321-auxiliary.rbac)" /><text x="124.000000" y="1014.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">x509 Role based Access Control</text><text x="124.000000" y="1048.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 10=x509 certs</text><text x="365.000000" y="1048.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + DER Certs ]</text><text x="559.000000" y="1048.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="114.000000" x2="569.000000" y1="1061.000000" y2="1061.000000" class=" stroke-N1" style="stroke-width:2" /><text x="124.000000" y="1084.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 20=c509 certs</text><text x="365.000000" y="1084.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + CBOR Certs ]</text><text x="559.000000" y="1084.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="114.000000" x2="569.000000" y1="1097.000000" y2="1097.000000" class=" stroke-N1" style="stroke-width:2" /><text x="124.000000" y="1120.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 30=public keys</text><text x="365.000000" y="1120.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + Public Keys ]</text><text x="559.000000" y="1120.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="114.000000" x2="569.000000" y1="1133.000000" y2="1133.000000" class=" stroke-N1" style="stroke-width:2" /><text x="124.000000" y="1156.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 40=revocation set</text><text x="365.000000" y="1156.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + Revoked Cert hash]</text><text x="559.000000" y="1156.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="114.000000" x2="569.000000" y1="1169.000000" y2="1169.000000" class=" stroke-N1" style="stroke-width:2" /><text x="124.000000" y="1192.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 50=DiD</text><text x="365.000000" y="1192.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">DiD???</text><text x="559.000000" y="1192.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="114.000000" x2="569.000000" y1="1205.000000" y2="1205.000000" class=" stroke-N1" style="stroke-width:2" /><text x="124.000000" y="1228.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 51=Verifiable Credentials</text><text x="365.000000" y="1228.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + VC??? ]</text><text x="559.000000" y="1228.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="114.000000" x2="569.000000" y1="1241.000000" y2="1241.000000" class=" stroke-N1" style="stroke-width:2" /><text x="124.000000" y="1264.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 100=Role Data Set</text><text x="365.000000" y="1264.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + Role Data ]</text><text x="559.000000" y="1264.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="129.000000" x2="554.000000" y1="1277.000000" y2="1277.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><clipPath id="d2-1992443321-auxiliary.role_data"><path d="M 650.000000 1362.000000 L 650.000000 1362.000000 S 650.000000 1347.000000 665.000000 1347.000000 L 1177.000000 1347.000000 L 1177.000000 1347.000000 S 1192.000000 1347.000000 1192.000000 1362.000000 L 1192.000000 1548.000000 L 1192.000000 1563.000000 L 650.000000 1563.000000Z 650.000000 1347.000000" fill="none" /> </clipPath><g id="auxiliary.role_data" class="RBAC_TABLE"><g class="shape" ><rect x="650.000000" y="1347.000000" width="542.000000" height="216.000000" rx="15.000000" ry="15.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="650.000000" y="1347.000000" width="542.000000" height="36.000000" class="class_header fill-N1" clip-path="url(#d2-1992443321-auxiliary.role_data)" /><text x="660.000000" y="1372.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">Role Data</text><text x="660.000000" y="1406.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">0=role number</text><text x="898.000000" y="1406.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">uint</text><text x="1182.000000" y="1406.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="650.000000" x2="1192.000000" y1="1419.000000" y2="1419.000000" class=" stroke-N1" style="stroke-width:2" /><text x="660.000000" y="1442.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 1=role-signing-key</text><text x="898.000000" y="1442.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Key Reference</text><text x="1182.000000" y="1442.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="650.000000" x2="1192.000000" y1="1455.000000" y2="1455.000000" class=" stroke-N1" style="stroke-width:2" /><text x="660.000000" y="1478.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 2=role-encryption-key</text><text x="898.000000" y="1478.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Key Reference</text><text x="1182.000000" y="1478.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="650.000000" x2="1192.000000" y1="1491.000000" y2="1491.000000" class=" stroke-N1" style="stroke-width:2" /><text x="660.000000" y="1514.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 3=payment-key</text><text x="898.000000" y="1514.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">OnChain Payment Key Reference</text><text x="1182.000000" y="1514.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="650.000000" x2="1192.000000" y1="1527.000000" y2="1527.000000" class=" stroke-N1" style="stroke-width:2" /><text x="660.000000" y="1550.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 10-99=Role Specific Data</text><text x="898.000000" y="1550.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Variable per Role</text><text x="1182.000000" y="1550.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="665.000000" x2="1177.000000" y1="1563.000000" y2="1563.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><clipPath id="d2-1992443321-auxiliary.role_0"><path d="M 734.000000 1739.000000 L 734.000000 1739.000000 S 734.000000 1724.000000 749.000000 1724.000000 L 1092.000000 1724.000000 L 1092.000000 1724.000000 S 1107.000000 1724.000000 1107.000000 1739.000000 L 1107.000000 1817.000000 L 1107.000000 1832.000000 L 734.000000 1832.000000Z 734.000000 1724.000000" fill="none" /> </clipPath><g id="auxiliary.role_0" class="RBAC_TABLE"><g class="shape" ><rect x="734.000000" y="1724.000000" width="373.000000" height="108.000000" rx="15.000000" ry="15.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="734.000000" y="1724.000000" width="373.000000" height="36.000000" class="class_header fill-N1" clip-path="url(#d2-1992443321-auxiliary.role_0)" /><text x="744.000000" y="1749.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">Role 0 - Metadata Validation Role</text><text x="744.000000" y="1783.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">0=role number</text><text x="919.000000" y="1783.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">0</text><text x="1097.000000" y="1783.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="734.000000" x2="1107.000000" y1="1796.000000" y2="1796.000000" class=" stroke-N1" style="stroke-width:2" /><text x="744.000000" y="1819.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">1=role-signing-key</text><text x="919.000000" y="1819.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Key Reference</text><text x="1097.000000" y="1819.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="749.000000" x2="1092.000000" y1="1832.000000" y2="1832.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><clipPath id="d2-1992443321-root-ca.key"><path d="M 788.000000 3073.000000 L 788.000000 3073.000000 S 788.000000 3058.000000 803.000000 3058.000000 L 991.000000 3058.000000 L 991.000000 3058.000000 S 1006.000000 3058.000000 1006.000000 3073.000000 L 1006.000000 3151.000000 L 1006.000000 3166.000000 L 788.000000 3166.000000Z 788.000000 3058.000000" fill="none" /> </clipPath><g id="root-ca.key" class="PRIVATE_KEY"><g class="shape" ><rect x="788.000000" y="3058.000000" width="218.000000" height="108.000000" rx="15.000000" ry="15.000000" stroke="cornsilk" fill="wheat" class="shape" style="stroke-width:2;" /><rect x="788.000000" y="3058.000000" width="218.000000" height="36.000000" fill="cornsilk" class="class_header" clip-path="url(#d2-1992443321-root-ca.key)" /><text x="798.000000" y="3083.750000" fill="red" class="text" style="text-anchor:start;font-size:24px">Root CA&#39;s Key Pair</text><text x="798.000000" y="3117.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">private</text><text x="877.000000" y="3117.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Secret</text><text x="996.000000" y="3117.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="788.000000" x2="1006.000000" y1="3130.000000" y2="3130.000000" stroke="cornsilk" style="stroke-width:2" /><text x="798.000000" y="3153.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">public</text><text x="877.000000" y="3153.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Shared</text><text x="996.000000" y="3153.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="803.000000" x2="991.000000" y1="3166.000000" y2="3166.000000" stroke="cornsilk" style="stroke-width:2" /></g></g><g id="root-ca.certificate"><g class="shape" ><rect x="540.000000" y="3337.000000" width="439.000000" height="216.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="540.000000" y="3337.000000" width="439.000000" height="36.000000" class="class_header fill-N1" /><text x="550.000000" y="3362.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">Root Certificate (ROOT CA)</text><text x="550.000000" y="3396.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s Name</text><text x="741.000000" y="3396.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">ROOT CA Name</text><text x="969.000000" y="3396.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="540.000000" x2="979.000000" y1="3409.000000" y2="3409.000000" class=" stroke-N1" style="stroke-width:2" /><text x="550.000000" y="3432.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s PublicKey</text><text x="741.000000" y="3432.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Public Key</text><text x="969.000000" y="3432.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="540.000000" x2="979.000000" y1="3445.000000" y2="3445.000000" class=" stroke-N1" style="stroke-width:2" /><text x="550.000000" y="3468.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Name</text><text x="741.000000" y="3468.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">ROOT CA Name</text><text x="969.000000" y="3468.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="540.000000" x2="979.000000" y1="3481.000000" y2="3481.000000" class=" stroke-N1" style="stroke-width:2" /><text x="550.000000" y="3504.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Signature</text><text x="741.000000" y="3504.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Signature</text><text x="969.000000" y="3504.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="540.000000" x2="979.000000" y1="3517.000000" y2="3517.000000" class=" stroke-N1" style="stroke-width:2" /><text x="550.000000" y="3540.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject Alt Name</text><text x="741.000000" y="3540.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">URI:S:ada:stake1vpu...p0u</text><text x="969.000000" y="3540.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="540.000000" x2="979.000000" y1="3553.000000" y2="3553.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><a href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L295C1-L303" xlink:href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L295C1-L303"><g id="transaction_witness.set"><g class="shape" ><rect x="1354.000000" y="398.000000" width="271.000000" height="288.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="1354.000000" y="398.000000" width="271.000000" height="36.000000" class="class_header fill-N1" /><text x="1364.000000" y="423.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">transaction witness set</text><text x="1364.000000" y="457.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 0</text><text x="1407.000000" y="457.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[* vkeywitness ]</text><text x="1615.000000" y="457.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1354.000000" x2="1625.000000" y1="470.000000" y2="470.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1364.000000" y="493.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 1</text><text x="1407.000000" y="493.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[* native_script]</text><text x="1615.000000" y="493.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1354.000000" x2="1625.000000" y1="506.000000" y2="506.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1364.000000" y="529.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 2</text><text x="1407.000000" y="529.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[* bootstrap_witness]</text><text x="1615.000000" y="529.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1354.000000" x2="1625.000000" y1="542.000000" y2="542.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1364.000000" y="565.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 3</text><text x="1407.000000" y="565.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[* plutus_v1_script]</text><text x="1615.000000" y="565.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1354.000000" x2="1625.000000" y1="578.000000" y2="578.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1364.000000" y="601.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 4</text><text x="1407.000000" y="601.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[* plutus_data]</text><text x="1615.000000" y="601.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1354.000000" x2="1625.000000" y1="614.000000" y2="614.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1364.000000" y="637.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 5</text><text x="1407.000000" y="637.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[* redeemer]</text><text x="1615.000000" y="637.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1354.000000" x2="1625.000000" y1="650.000000" y2="650.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1364.000000" y="673.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 6</text><text x="1407.000000" y="673.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[* plutus_v2_script]</text><text x="1615.000000" y="673.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1354.000000" x2="1625.000000" y1="686.000000" y2="686.000000" class=" stroke-N1" style="stroke-width:2" /></g></g></a><a href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L370" xlink:href="https://github.com/IntersectMBO/cardano-ledger/blob/6d860294304749a767d99db92fab42f7c18d9af4/eras/babbage/impl/cddl-files/babbage.cddl#L370"><g id="transaction_witness.vkeywitness"><g class="shape" ><rect x="1390.000000" y="756.000000" width="549.000000" height="108.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="1390.000000" y="756.000000" width="549.000000" height="36.000000" class="class_header fill-N1" /><text x="1400.000000" y="781.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">vkeywitness</text><text x="1400.000000" y="815.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">vkey</text><text x="1499.000000" y="815.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">ED25519-Bip32 Public Key [32 Bytes]</text><text x="1929.000000" y="815.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1390.000000" x2="1939.000000" y1="828.000000" y2="828.000000" class=" stroke-N1" style="stroke-width:2" /><text x="1400.000000" y="851.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">signature</text><text x="1499.000000" y="851.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">ED25519-Bip32 Signature of Transaction [64 bytes]</text><text x="1929.000000" y="851.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="1390.000000" x2="1939.000000" y1="864.000000" y2="864.000000" class=" stroke-N1" style="stroke-width:2" /></g></g></a><g id="(individual_transaction -&gt; transaction_body)[0]"><marker id="mk-3488378134" markerWidth="10.000000" markerHeight="12.000000" refX="7.000000" refY="6.000000" viewBox="0.000000 0.000000 10.000000 12.000000" orient="auto" markerUnits="userSpaceOnUse"> <polygon points="0.000000,0.000000 10.000000,6.000000 0.000000,12.000000" class="connection fill-B1" stroke-width="2" /> </marker><path d="M 466.500000 66.000000 L 2016.500000 66.000000 S 2026.500000 66.000000 2026.500000 76.000000 L 2026.500000 2114.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1992443321)" /><text x="2027.000000" y="317.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">body</text></g><g id="(individual_transaction -&gt; auxiliary.data)[0]"><path d="M 466.333008 102.000000 L 494.333008 102.000000 S 504.333008 102.000000 504.333008 112.000000 L 504.333008 394.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1992443321)" /><text x="504.000000" y="228.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px"><tspan x="504.000000" dy="0.000000">auxiliary_data</tspan><tspan x="504.000000" dy="18.500000">(optional)</tspan></text></g><g id="auxiliary.(data -&gt; 509_envelope)[0]"><path d="M 869.000000 452.000000 L 897.000000 452.000000 S 907.000000 452.000000 907.000000 462.000000 L 907.000000 735.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1992443321)" /><text x="907.000000" y="581.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">509</text></g><g id="auxiliary.(509_envelope -&gt; rbac)[0]"><path d="M 630.500000 865.000000 L 351.500000 865.000000 S 341.500000 865.000000 341.500000 875.000000 L 341.500000 985.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1992443321)" /></g><g id="auxiliary.(rbac -&gt; role_data)[0]"><path d="M 571.000000 1259.000000 L 911.000000 1259.000000 S 921.000000 1259.000000 921.000000 1269.000000 L 921.000000 1343.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1992443321)" /></g><g id="auxiliary.(role_data -&gt; role_0)[0]"><path d="M 921.000000 1565.000000 L 921.000000 1720.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1992443321)" /><text x="921.000000" y="1649.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Required</text></g><g id="(transaction_body -&gt; auxiliary.data)[0]"><path d="M 2422.000000 2424.000000 L 2450.000000 2424.000000 S 2460.000000 2424.000000 2460.000000 2414.000000 L 2460.000000 313.000000 S 2460.000000 303.000000 2450.000000 303.000000 L 695.666016 303.000000 S 685.666016 303.000000 685.666016 313.000000 L 685.666016 394.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1992443321)" /><text x="2460.500000" y="454.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">blake2b_256()</text></g><g id="(auxiliary.509_envelope &lt;- transaction_body)[0]"><marker id="mk-2451250203" markerWidth="10.000000" markerHeight="12.000000" refX="3.000000" refY="6.000000" viewBox="0.000000 0.000000 10.000000 12.000000" orient="auto" markerUnits="userSpaceOnUse"> <polygon points="10.000000,0.000000 0.000000,6.000000 10.000000,12.000000" class="connection fill-B1" stroke-width="2" /> </marker><path d="M 1186.000000 829.000000 L 1212.000000 829.000000 S 1222.000000 829.000000 1222.000000 839.000000 L 1222.000000 2162.000000 S 1222.000000 2172.000000 1232.000000 2172.000000 L 1631.000000 2172.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-start="url(#mk-2451250203)" mask="url(#d2-1992443321)" /><text x="1222.500000" y="1692.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">blake2b_256()</text></g><g id="(auxiliary.role_data -&gt; transaction_body)[0]"><path d="M 1194.000000 1509.000000 L 1223.000000 1509.000000 S 1233.000000 1509.000000 1233.000000 1519.000000 L 1233.000000 1917.000000 S 1233.000000 1927.000000 1243.000000 1927.000000 L 1304.500000 1927.000000 S 1314.500000 1927.000000 1314.500000 1937.000000 L 1314.500000 2068.000000 S 1314.500000 2078.000000 1304.500000 2078.000000 L 1237.000000 2078.000000 S 1227.000000 2078.000000 1227.000000 2088.000000 L 1227.000000 2162.000000 S 1227.000000 2172.000000 1237.000000 2172.000000 L 1629.000000 2172.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1992443321)" /></g><g id="(auxiliary.role_data -&gt; transaction_body)[1]"><path d="M 1194.000000 1509.000000 L 1223.000000 1509.000000 S 1233.000000 1509.000000 1233.000000 1519.000000 L 1233.000000 1917.000000 S 1233.000000 1927.000000 1243.000000 1927.000000 L 1304.500000 1927.000000 S 1314.500000 1927.000000 1314.500000 1937.000000 L 1314.500000 2198.000000 S 1314.500000 2208.000000 1324.500000 2208.000000 L 1629.500000 2208.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1992443321)" /></g><g id="root-ca.(key -&gt; certificate)[0]"><path d="M 786.750000 3148.000000 L 510.750000 3148.000000 S 500.750000 3148.000000 500.750000 3158.000000 L 500.750000 3417.000000 S 500.750000 3427.000000 510.750000 3427.000000 L 536.750000 3427.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1992443321)" /><text x="501.000000" y="3169.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Published</text></g><g id="root-ca.(key -&gt; certificate)[1]" class="SIGN"><marker id="mk-354533580" markerWidth="10.000000" markerHeight="12.000000" refX="7.000000" refY="6.000000" viewBox="0.000000 0.000000 10.000000 12.000000" orient="auto" markerUnits="userSpaceOnUse"> <polygon points="0.000000,0.000000 10.000000,6.000000 0.000000,12.000000" fill="blueviolet" class="connection" stroke-width="2" /> </marker><path d="M 1008.375000 3112.000000 L 1116.375000 3112.000000 S 1126.375000 3112.000000 1126.375000 3122.000000 L 1126.375000 3489.000000 S 1126.375000 3499.000000 1116.375000 3499.000000 L 983.375000 3499.000000" stroke="blueviolet" fill="none" class="connection animated-connection" style="stroke-width:2;stroke-dasharray:6.000000,5.919384;stroke-dashoffset:-119.193836;animation: dashdraw 2.959692s linear infinite;" marker-end="url(#mk-354533580)" mask="url(#d2-1992443321)" /><text x="1126.000000" y="3325.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Self Sign</text></g><g id="(auxiliary.rbac -&gt; root-ca.certificate)[0]"><path d="M 112.000000 1043.000000 L 72.000000 1043.000000 S 62.000000 1043.000000 62.000000 1053.000000 L 62.000000 2953.000000 S 62.000000 2963.000000 72.000000 2963.000000 L 589.750000 2963.000000 S 599.750000 2963.000000 599.750000 2973.000000 L 599.750000 3333.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1992443321)" /><text x="62.500000" y="2438.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">contains</text></g><g id="(auxiliary.rbac -&gt; root-ca.certificate)[1]"><path d="M 571.000000 1079.000000 L 599.000000 1079.000000 S 609.000000 1079.000000 609.000000 1089.000000 L 609.000000 1917.000000 S 609.000000 1927.000000 619.000000 1927.000000 L 737.375000 1927.000000 S 747.375000 1927.000000 747.375000 1937.000000 L 747.375000 3333.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1992443321)" /><text x="747.500000" y="2124.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">contains</text></g><g id="(auxiliary.role_0 -&gt; root-ca.certificate)[0]"><path d="M 1109.750000 1814.000000 L 1174.750000 1814.000000 S 1184.750000 1814.000000 1184.750000 1824.000000 L 1184.750000 2903.000000 S 1184.750000 2913.000000 1174.750000 2913.000000 L 1056.375000 2913.000000 S 1046.375000 2913.000000 1046.375000 2923.000000 L 1046.375000 3287.000000 S 1046.375000 3297.000000 1036.375000 3297.000000 L 880.000000 3297.000000 S 870.000000 3297.000000 870.000000 3307.000000 L 870.000000 3333.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1992443321)" /></g><g id="(auxiliary.509_envelope &lt;- root-ca.key)[0]" class="SIGN"><marker id="mk-1051939797" markerWidth="10.000000" markerHeight="12.000000" refX="3.000000" refY="6.000000" viewBox="0.000000 0.000000 10.000000 12.000000" orient="auto" markerUnits="userSpaceOnUse"> <polygon points="10.000000,0.000000 0.000000,6.000000 10.000000,12.000000" fill="blueviolet" class="connection" stroke-width="2" /> </marker><path d="M 628.000000 901.000000 L 83.000000 901.000000 S 73.000000 901.000000 73.000000 911.000000 L 73.000000 1917.000000 S 73.000000 1927.000000 83.000000 1927.000000 L 444.062012 1927.000000 S 454.062012 1927.000000 454.062012 1937.000000 L 454.062012 2903.000000 S 454.062012 2913.000000 464.062012 2913.000000 L 613.625000 2913.000000 S 623.625000 2913.000000 623.625000 2923.000000 L 623.625000 3102.000000 S 623.625000 3112.000000 633.625000 3112.000000 L 786.625000 3112.000000" stroke="blueviolet" fill="none" class="connection animated-connection" style="stroke-width:2;stroke-dasharray:6.000000,5.919384;stroke-dashoffset:119.193836;animation: dashdraw 2.959692s linear infinite;" marker-start="url(#mk-1051939797)" mask="url(#d2-1992443321)" /><text x="230.500000" y="1933.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Sign</text></g><g id="(transaction_body &lt;- root-ca.certificate)[0]"><path d="M 2424.000000 2604.000000 L 2460.000000 2604.000000 S 2470.000000 2604.000000 2470.000000 2614.000000 L 2470.000000 3525.000000 S 2470.000000 3535.000000 2460.000000 3535.000000 L 981.375000 3535.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-start="url(#mk-2451250203)" mask="url(#d2-1992443321)" /><text x="2215.500000" y="3533.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px"><tspan x="2215.500000" dy="0.000000">transaction must</tspan><tspan x="2215.500000" dy="18.500000">be witnessed by</tspan></text></g><g id="transaction_witness.(set -&gt; vkeywitness)[0]"><path d="M 1627.000000 452.000000 L 1655.000000 452.000000 S 1665.000000 452.000000 1665.000000 462.000000 L 1665.000000 752.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1992443321)" /></g><g id="(individual_transaction -&gt; transaction_witness.set)[0]"><path d="M 466.500000 138.000000 L 1479.500000 138.000000 S 1489.500000 138.000000 1489.500000 148.000000 L 1489.500000 394.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1992443321)" /><text x="1107.500000" y="144.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">witnesses</text></g><g transform="translate(448 -4)" class="appendix-icon"><svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_3440_35088111)">
+<path d="M16 31.1109C24.3456 31.1109 31.1111 24.3454 31.1111 15.9998C31.1111 7.65415 24.3456 0.888672 16 0.888672C7.65436 0.888672 0.888885 7.65415 0.888885 15.9998C0.888885 24.3454 7.65436 31.1109 16 31.1109Z" fill="white" stroke="#DEE1EB"/>
+<path d="M14.3909 16.7965C14.7364 17.2584 15.1772 17.6406 15.6834 17.9171C16.1896 18.1938 16.7494 18.3582 17.3248 18.3993C17.9001 18.4405 18.4777 18.3575 19.0181 18.1559C19.5586 17.9543 20.0492 17.6389 20.4571 17.2309L22.8708 14.8173C23.6036 14.0586 24.0089 13.0425 23.9998 11.9877C23.9906 10.933 23.5676 9.92404 22.8217 9.17821C22.0759 8.43237 21.067 8.00931 20.0123 8.00015C18.9575 7.99098 17.9413 8.39644 17.1827 9.1292L15.7988 10.505" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M17.609 15.1874C17.2635 14.7255 16.8227 14.3433 16.3165 14.0667C15.8103 13.7902 15.2505 13.6257 14.6752 13.5845C14.0998 13.5433 13.5223 13.6263 12.9819 13.8279C12.4414 14.0295 11.9506 14.345 11.5428 14.753L9.1292 17.1666C8.39644 17.9252 7.99098 18.9414 8.00015 19.9962C8.00931 21.0509 8.43237 22.0598 9.17821 22.8056C9.92405 23.5515 10.933 23.9745 11.9877 23.9837C13.0425 23.9928 14.0586 23.5875 14.8173 22.8547L16.193 21.4788" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<defs>
+<clipPath id="clip0_3440_35088111">
+<rect width="32" height="32" fill="white"/>
+</clipPath>
+</defs>
+</svg>
+</g><g transform="translate(2404 2102)" class="appendix-icon"><svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_3440_35088111)">
+<path d="M16 31.1109C24.3456 31.1109 31.1111 24.3454 31.1111 15.9998C31.1111 7.65415 24.3456 0.888672 16 0.888672C7.65436 0.888672 0.888885 7.65415 0.888885 15.9998C0.888885 24.3454 7.65436 31.1109 16 31.1109Z" fill="white" stroke="#DEE1EB"/>
+<path d="M14.3909 16.7965C14.7364 17.2584 15.1772 17.6406 15.6834 17.9171C16.1896 18.1938 16.7494 18.3582 17.3248 18.3993C17.9001 18.4405 18.4777 18.3575 19.0181 18.1559C19.5586 17.9543 20.0492 17.6389 20.4571 17.2309L22.8708 14.8173C23.6036 14.0586 24.0089 13.0425 23.9998 11.9877C23.9906 10.933 23.5676 9.92404 22.8217 9.17821C22.0759 8.43237 21.067 8.00931 20.0123 8.00015C18.9575 7.99098 17.9413 8.39644 17.1827 9.1292L15.7988 10.505" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M17.609 15.1874C17.2635 14.7255 16.8227 14.3433 16.3165 14.0667C15.8103 13.7902 15.2505 13.6257 14.6752 13.5845C14.0998 13.5433 13.5223 13.6263 12.9819 13.8279C12.4414 14.0295 11.9506 14.345 11.5428 14.753L9.1292 17.1666C8.39644 17.9252 7.99098 18.9414 8.00015 19.9962C8.00931 21.0509 8.43237 22.0598 9.17821 22.8056C9.92405 23.5515 10.933 23.9745 11.9877 23.9837C13.0425 23.9928 14.0586 23.5875 14.8173 22.8547L16.193 21.4788" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<defs>
+<clipPath id="clip0_3440_35088111">
+<rect width="32" height="32" fill="white"/>
+</clipPath>
+</defs>
+</svg>
+</g><g transform="translate(851 382)" class="appendix-icon"><svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_3440_35088111)">
+<path d="M16 31.1109C24.3456 31.1109 31.1111 24.3454 31.1111 15.9998C31.1111 7.65415 24.3456 0.888672 16 0.888672C7.65436 0.888672 0.888885 7.65415 0.888885 15.9998C0.888885 24.3454 7.65436 31.1109 16 31.1109Z" fill="white" stroke="#DEE1EB"/>
+<path d="M14.3909 16.7965C14.7364 17.2584 15.1772 17.6406 15.6834 17.9171C16.1896 18.1938 16.7494 18.3582 17.3248 18.3993C17.9001 18.4405 18.4777 18.3575 19.0181 18.1559C19.5586 17.9543 20.0492 17.6389 20.4571 17.2309L22.8708 14.8173C23.6036 14.0586 24.0089 13.0425 23.9998 11.9877C23.9906 10.933 23.5676 9.92404 22.8217 9.17821C22.0759 8.43237 21.067 8.00931 20.0123 8.00015C18.9575 7.99098 17.9413 8.39644 17.1827 9.1292L15.7988 10.505" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M17.609 15.1874C17.2635 14.7255 16.8227 14.3433 16.3165 14.0667C15.8103 13.7902 15.2505 13.6257 14.6752 13.5845C14.0998 13.5433 13.5223 13.6263 12.9819 13.8279C12.4414 14.0295 11.9506 14.345 11.5428 14.753L9.1292 17.1666C8.39644 17.9252 7.99098 18.9414 8.00015 19.9962C8.00931 21.0509 8.43237 22.0598 9.17821 22.8056C9.92405 23.5515 10.933 23.9745 11.9877 23.9837C13.0425 23.9928 14.0586 23.5875 14.8173 22.8547L16.193 21.4788" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<defs>
+<clipPath id="clip0_3440_35088111">
+<rect width="32" height="32" fill="white"/>
+</clipPath>
+</defs>
+</svg>
+</g><g transform="translate(1609 382)" class="appendix-icon"><svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_3440_35088111)">
+<path d="M16 31.1109C24.3456 31.1109 31.1111 24.3454 31.1111 15.9998C31.1111 7.65415 24.3456 0.888672 16 0.888672C7.65436 0.888672 0.888885 7.65415 0.888885 15.9998C0.888885 24.3454 7.65436 31.1109 16 31.1109Z" fill="white" stroke="#DEE1EB"/>
+<path d="M14.3909 16.7965C14.7364 17.2584 15.1772 17.6406 15.6834 17.9171C16.1896 18.1938 16.7494 18.3582 17.3248 18.3993C17.9001 18.4405 18.4777 18.3575 19.0181 18.1559C19.5586 17.9543 20.0492 17.6389 20.4571 17.2309L22.8708 14.8173C23.6036 14.0586 24.0089 13.0425 23.9998 11.9877C23.9906 10.933 23.5676 9.92404 22.8217 9.17821C22.0759 8.43237 21.067 8.00931 20.0123 8.00015C18.9575 7.99098 17.9413 8.39644 17.1827 9.1292L15.7988 10.505" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M17.609 15.1874C17.2635 14.7255 16.8227 14.3433 16.3165 14.0667C15.8103 13.7902 15.2505 13.6257 14.6752 13.5845C14.0998 13.5433 13.5223 13.6263 12.9819 13.8279C12.4414 14.0295 11.9506 14.345 11.5428 14.753L9.1292 17.1666C8.39644 17.9252 7.99098 18.9414 8.00015 19.9962C8.00931 21.0509 8.43237 22.0598 9.17821 22.8056C9.92405 23.5515 10.933 23.9745 11.9877 23.9837C13.0425 23.9928 14.0586 23.5875 14.8173 22.8547L16.193 21.4788" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<defs>
+<clipPath id="clip0_3440_35088111">
+<rect width="32" height="32" fill="white"/>
+</clipPath>
+</defs>
+</svg>
+</g><g transform="translate(1923 740)" class="appendix-icon"><svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_3440_35088111)">
+<path d="M16 31.1109C24.3456 31.1109 31.1111 24.3454 31.1111 15.9998C31.1111 7.65415 24.3456 0.888672 16 0.888672C7.65436 0.888672 0.888885 7.65415 0.888885 15.9998C0.888885 24.3454 7.65436 31.1109 16 31.1109Z" fill="white" stroke="#DEE1EB"/>
+<path d="M14.3909 16.7965C14.7364 17.2584 15.1772 17.6406 15.6834 17.9171C16.1896 18.1938 16.7494 18.3582 17.3248 18.3993C17.9001 18.4405 18.4777 18.3575 19.0181 18.1559C19.5586 17.9543 20.0492 17.6389 20.4571 17.2309L22.8708 14.8173C23.6036 14.0586 24.0089 13.0425 23.9998 11.9877C23.9906 10.933 23.5676 9.92404 22.8217 9.17821C22.0759 8.43237 21.067 8.00931 20.0123 8.00015C18.9575 7.99098 17.9413 8.39644 17.1827 9.1292L15.7988 10.505" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M17.609 15.1874C17.2635 14.7255 16.8227 14.3433 16.3165 14.0667C15.8103 13.7902 15.2505 13.6257 14.6752 13.5845C14.0998 13.5433 13.5223 13.6263 12.9819 13.8279C12.4414 14.0295 11.9506 14.345 11.5428 14.753L9.1292 17.1666C8.39644 17.9252 7.99098 18.9414 8.00015 19.9962C8.00931 21.0509 8.43237 22.0598 9.17821 22.8056C9.92405 23.5515 10.933 23.9745 11.9877 23.9837C13.0425 23.9928 14.0586 23.5875 14.8173 22.8547L16.193 21.4788" stroke="#2E3346" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<defs>
+<clipPath id="clip0_3440_35088111">
+<rect width="32" height="32" fill="white"/>
+</clipPath>
+</defs>
+</svg>
+</g><mask id="d2-1992443321" maskUnits="userSpaceOnUse" x="-89" y="-204" width="2696" height="3908">
+<rect x="-89" y="-204" width="2696" height="3908" fill="white"></rect>
+<rect x="816.000000" y="-103.000000" width="736" height="95" fill="rgba(0,0,0,0.75)"></rect>
+<rect x="602.000000" y="3013.000000" width="418" height="36" fill="rgba(0,0,0,0.75)"></rect>
+<rect x="2010.000000" y="301.000000" width="34" height="21" fill="black"></rect>
+<rect x="456.000000" y="212.000000" width="96" height="37" fill="black"></rect>
+<rect x="895.000000" y="565.000000" width="24" height="21" fill="black"></rect>
+<rect x="891.000000" y="1633.000000" width="60" height="21" fill="black"></rect>
+<rect x="2414.000000" y="438.000000" width="93" height="21" fill="black"></rect>
+<rect x="1176.000000" y="1676.000000" width="93" height="21" fill="black"></rect>
+<rect x="468.000000" y="3153.000000" width="66" height="21" fill="black"></rect>
+<rect x="1098.000000" y="3309.000000" width="56" height="21" fill="black"></rect>
+<rect x="34.000000" y="2422.000000" width="57" height="21" fill="black"></rect>
+<rect x="719.000000" y="2108.000000" width="57" height="21" fill="black"></rect>
+<rect x="216.000000" y="1917.000000" width="29" height="21" fill="black"></rect>
+<rect x="2159.000000" y="3517.000000" width="113" height="37" fill="black"></rect>
+<rect x="1076.000000" y="128.000000" width="63" height="21" fill="black"></rect>
+</mask></svg></svg>
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.svg b/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.svg
index e343da84d2f..587bbf3cf80 100644
--- a/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.svg
+++ b/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.svg
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" d2Version="0.6.3" preserveAspectRatio="xMinYMin meet" viewBox="0 0 1271 776"><svg id="d2-svg" class="d2-3019508570" width="1271" height="776" viewBox="-89 -89 1271 776"><rect x="-89.000000" y="-89.000000" width="1271.000000" height="776.000000" rx="0.000000" class=" fill-N7" stroke-width="0" /><style type="text/css"><![CDATA[
+<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" d2Version="v0.6.3-HEAD" preserveAspectRatio="xMinYMin meet" viewBox="0 0 1271 776"><svg id="d2-svg" class="d2-3019508570" width="1271" height="776" viewBox="-89 -89 1271 776"><rect x="-89.000000" y="-89.000000" width="1271.000000" height="776.000000" rx="0.000000" class=" fill-N7" stroke-width="0" /><style type="text/css"><![CDATA[
 .d2-3019508570 .text {
 	font-family: "d2-3019508570-font-regular";
 }

From c18d9950b36d23de0f1d3e125620dc57aed86c51 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Tue, 26 Mar 2024 20:57:35 +0700
Subject: [PATCH 35/66] refactor(cips): reorganize documentation ready for
 drafting descriptive prose about the formats and uses

---
 .../draft-cips/ed25519-cbor-tags/cip-xxxx.md  | 174 ------------------
 .../cardano-transaction.d2                    |   0
 .../cardano-transaction.svg                   |   0
 .../certificate-chain.d2                      |   0
 .../certificate-chain.svg                     |   0
 .../metadata-envelope.d2                      |   0
 .../metadata-envelope.svg                     |   0
 .../x509-roles-complete.d2                    |   0
 .../x509-roles-complete.svg                   |   0
 .../x509-roles.d2                             |   0
 .../x509-roles.svg                            |   0
 .../.meta.yml                                 |   0
 .../cip-xxxx.md                               |   0
 .../x509-envelope.cddl                        |   0
 .../.meta.yml                                 |   0
 .../cip-xxxx.md                               |   0
 .../.meta.yml                                 |   0
 .../cip-xxxx.md                               |   0
 .../x509-roles.cddl                           |   0
 19 files changed, 174 deletions(-)
 delete mode 100644 docs/src/catalyst-standards/draft-cips/ed25519-cbor-tags/cip-xxxx.md
 rename docs/src/catalyst-standards/draft-cips/{role-registration => images}/cardano-transaction.d2 (100%)
 rename docs/src/catalyst-standards/draft-cips/{role-registration => images}/cardano-transaction.svg (100%)
 rename docs/src/catalyst-standards/draft-cips/{role-registration => images}/certificate-chain.d2 (100%)
 rename docs/src/catalyst-standards/draft-cips/{role-registration => images}/certificate-chain.svg (100%)
 rename docs/src/catalyst-standards/draft-cips/{role-registration => images}/metadata-envelope.d2 (100%)
 rename docs/src/catalyst-standards/draft-cips/{role-registration => images}/metadata-envelope.svg (100%)
 rename docs/src/catalyst-standards/draft-cips/{role-registration => images}/x509-roles-complete.d2 (100%)
 rename docs/src/catalyst-standards/draft-cips/{role-registration => images}/x509-roles-complete.svg (100%)
 rename docs/src/catalyst-standards/draft-cips/{role-registration => images}/x509-roles.d2 (100%)
 rename docs/src/catalyst-standards/draft-cips/{role-registration => images}/x509-roles.svg (100%)
 rename docs/src/catalyst-standards/draft-cips/{rbac-cip30-extension => x509-envelope-metadata}/.meta.yml (100%)
 rename docs/src/catalyst-standards/draft-cips/{rbac-cip30-extension => x509-envelope-metadata}/cip-xxxx.md (100%)
 rename docs/src/catalyst-standards/draft-cips/{role-registration => x509-envelope-metadata}/x509-envelope.cddl (100%)
 rename docs/src/catalyst-standards/draft-cips/{catalyst-vote-signing-cip30-extension => x509-rbac-signing-with-cip30}/.meta.yml (100%)
 rename docs/src/catalyst-standards/draft-cips/{catalyst-vote-signing-cip30-extension => x509-rbac-signing-with-cip30}/cip-xxxx.md (100%)
 rename docs/src/catalyst-standards/draft-cips/{role-registration => x509-role-registration-metadata}/.meta.yml (100%)
 rename docs/src/catalyst-standards/draft-cips/{role-registration => x509-role-registration-metadata}/cip-xxxx.md (100%)
 rename docs/src/catalyst-standards/draft-cips/{role-registration => x509-role-registration-metadata}/x509-roles.cddl (100%)

diff --git a/docs/src/catalyst-standards/draft-cips/ed25519-cbor-tags/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/ed25519-cbor-tags/cip-xxxx.md
deleted file mode 100644
index 3be607106ec..00000000000
--- a/docs/src/catalyst-standards/draft-cips/ed25519-cbor-tags/cip-xxxx.md
+++ /dev/null
@@ -1,174 +0,0 @@
----
-CIP: /?
-Title: CBOR Tag definition for CIP-0003 ED25519-BIP32 Keys
-Category: MetaData
-Status: Proposed
-Authors:
-    - Steven Johnson<steven.johnson@iohk.io>
-Implementors: []
-Discussions:
-    - https://github.com/cardano-foundation/cips/pulls/?
-Created: 2024-1-19
-License: CC-BY-4.0
---- 
-
-<!-- cspell: words secp -->
-
-<!-- markdownlint-disable MD025-->
-# [CBOR] Tag definition for [CIP-0003] [ED25519-BIP32] Keys
-
-## Abstract
-
-[CIP-0003] defines [ED25519-BIP32] Keys, Key derivation and a signature scheme.
-
-These elements are commonly found in [CBOR] data structures within metadata on Cardano.
-[CBOR] allows the definition of Tags to unambiguously define data structures encoded in [CBOR].
-IANA maintains the registry of these Tags as the [IANA CBOR Tag Registry].
-This CIP simply defines Tags to be registered with IANA and standardizes encoding of these data structures when the Tags are used.
-
-While use of these tags would be recommended, they would not be mandatory.
-
-## Motivation: why is this CIP necessary?
-
-Tags are a useful addition to [CBOR] encoding which allows encoded data to be unambiguously identified.
-Judicious use of tags in [CDDL] Specs and [CBOR] encoding can ease forward compatibility.
-The Tag on an encoded field can be used to identify what is contained in a particular field.
-
-For example, without this Tag definition, a metadata CIP which uses [ED25519-BIP32] public keys:
-
-1. Is likely to just encode public keys as a byte string of 32 bytes; and
-2. Needs to redundantly define how the keys are encoded in the byte string.
-3. Different metadata may encode these keys differently which can lead to confusion and potential error.
-
-However, [BIP32] defines secp256k1 keys and derivation, which are also 32 bytes long.  
-There is no standard compliant way for a metadata CIP currently to clearly define which particular key is being encoded.
-While bespoke schemes could be utilized, it is generally better to utilize pre-existing industry standards.
-Bespoke schemes are also likely to vary from Metadata CIP to metadata CIP causing a lack of uniformity and greater chance of error.
-Using the Tags system built into [CBOR] allows for uniformity of specification and encoding.
-Not using Tags makes Metadata CIPs either more complex or limits their flexibility and constrains forward compatibility.
-
-Bitcoin defines CBOR Tags at: [BCR-2020-006]
-
-## Specification
-
-| Type | [CBOR] Tag | IANA Registered |
-| -- | -- | -- |
-| [ED25519-BIP32 Private Key](#ed25519-bip32-private-key) | 32771 | :heavy_multiplication_x: |
-| [ED25519-BIP32 Extended Private Key](#ed25519-bip32-extended-private-key) | 32772 | :heavy_multiplication_x: |
-| [ED25519-BIP32 Public Key](#ed25519-bip32-public-key) | 32773 | :heavy_multiplication_x: |
-| [ED25519-BIP32 Derivation Path](#ed25519-bip32-derivation-path) | 32774 | :heavy_multiplication_x: |
-| [ED25519-BIP32 Private Key](#ed25519-bip32-signature) | 32775 | :heavy_multiplication_x: |
-
-### ED25519-BIP32 Private Key
-
-This key is defined in [ED25519-BIP32].
-
-This is encoded as a byte string of size 32 bytes.
-
-#### CDDL
-
-```cddl
-ed25519_private_key = #6.32771(bstr .size 32)
-```
-
-Data for the key inside the byte string is encoded in [network byte order].
-
-### ED25519-BIP32 Extended Private Key
-
-This key is defined in [ED25519-BIP32].
-
-This is encoded as a byte string of size 64 bytes.
-
-#### CDDL
-
-```cddl
-ed25519_extended_private_key = #6.32772(bstr .size 64)
-```
-
-Data for the key inside the byte string is encoded in [network byte order].
-
-### ED25519-BIP32 Public Key
-
-This key is defined in [ED25519-BIP32].
-
-This is encoded as a byte string of size 32 bytes.
-
-#### CDDL
-
-```cddl
-ed25519_public_key = #6.32773(bstr .size 32)
-```
-
-Data for the key inside the byte string is encoded in [network byte order].
-
-### ED25519-BIP32 Derivation Path
-
-[ED25519-BIP32] defines that the derivation path is composed of 32 bit integers.
-Where the most significant bit defines if the derivation is hardened or not.
-
-This is encoded as a CBOR Array, where each element is the component of the path.
-There can be as many elements to the path as required.
-Each element must be no larger than a 32 bit integer.
-
-For example the path `m / 1852' / 1815' / 0' / 23 / 45` would be encoded as:
-
-```cbor
-[0x8000073c, 0x80000717, 0x80000000, 0x17, 0x2d]
-```
-
-#### CDDL
-
-```cddl
-ed25519_derivation_path = #6.32774([* path_element])
-path_element = uint .le 0xffffffff
-```
-
-### ED25519-BIP32 Signature
-
-[ED25519-BIP32] defines how signatures can be generated from private keys.
-These signatures are defined to be 64 bytes long.
-
-Signatures are encoded as a byte string of size 64 bytes.
-
-#### CDDL
-
-```cddl
-ed25519_bip32_signature = #6.32775(bstr .size 64)
-```
-
-Data for the signature inside the byte string is encoded in [network byte order].
-
-## Rationale: how does this CIP achieve its goals?
-
-By defining concrete CBOR tags,  it is possible for metadata to unambiguously mark the kind of data encoded.
-This is conformant with the intent of Tags in [CBOR], and aligns with prior use in [BCR-2020-006].
-An official published spec is required to register these Tags with IANA and so this document also serves that purpose.
-
-## Path to Active
-
-### Acceptance Criteria
-
-* At least 1 Metadata CIP uses at least 1 of the tags defined in this CIP.
-* IANA register the Tags as defined.
-
-### Implementation Plan
-
-* Some of these Tags will be used by Project Catalyst in their new metadata CIPs.
-* Project Catalyst will also make the application to IANA to register the Tags when appropriate.
-
-## Copyright
-
-This CIP is licensed under [CC-BY-4.0]
-
-Code samples and reference material are licensed under [Apache 2.0]
-
-[CC-BY-4.0]: https://creativecommons.org/licenses/by/4.0/legalcode
-[Apache 2.0]: https://www.apache.org/licenses/LICENSE-2.0.html
-[CBOR]: https://www.rfc-editor.org/rfc/rfc8949.html
-[CDDL]: https://www.rfc-editor.org/rfc/rfc8610
-[CIP-0003]: https://cips.cardano.org/cip/CIP-0003
-[BIP32]: https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
-[BCR-2020-006]: https://github.com/BlockchainCommons/Research/blob/master/papers/bcr-2020-006-urtypes.md
-[IANA CBOR Tag Registry]: https://www.iana.org/assignments/cbor-tags/cbor-tags.xhtml
-[network byte order]: https://datatracker.ietf.org/doc/html/rfc1700
-[ED25519-BIP32]: https://github.com/input-output-hk/adrestia/raw/bdf00e4e7791d610d273d227be877bc6dd0dbcfb/user-guide/static/Ed25519_BIP.pdf
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.d2 b/docs/src/catalyst-standards/draft-cips/images/cardano-transaction.d2
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.d2
rename to docs/src/catalyst-standards/draft-cips/images/cardano-transaction.d2
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.svg b/docs/src/catalyst-standards/draft-cips/images/cardano-transaction.svg
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/role-registration/cardano-transaction.svg
rename to docs/src/catalyst-standards/draft-cips/images/cardano-transaction.svg
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/certificate-chain.d2 b/docs/src/catalyst-standards/draft-cips/images/certificate-chain.d2
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/role-registration/certificate-chain.d2
rename to docs/src/catalyst-standards/draft-cips/images/certificate-chain.d2
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/certificate-chain.svg b/docs/src/catalyst-standards/draft-cips/images/certificate-chain.svg
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/role-registration/certificate-chain.svg
rename to docs/src/catalyst-standards/draft-cips/images/certificate-chain.svg
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/metadata-envelope.d2 b/docs/src/catalyst-standards/draft-cips/images/metadata-envelope.d2
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/role-registration/metadata-envelope.d2
rename to docs/src/catalyst-standards/draft-cips/images/metadata-envelope.d2
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/metadata-envelope.svg b/docs/src/catalyst-standards/draft-cips/images/metadata-envelope.svg
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/role-registration/metadata-envelope.svg
rename to docs/src/catalyst-standards/draft-cips/images/metadata-envelope.svg
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles-complete.d2 b/docs/src/catalyst-standards/draft-cips/images/x509-roles-complete.d2
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/role-registration/x509-roles-complete.d2
rename to docs/src/catalyst-standards/draft-cips/images/x509-roles-complete.d2
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles-complete.svg b/docs/src/catalyst-standards/draft-cips/images/x509-roles-complete.svg
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/role-registration/x509-roles-complete.svg
rename to docs/src/catalyst-standards/draft-cips/images/x509-roles-complete.svg
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.d2 b/docs/src/catalyst-standards/draft-cips/images/x509-roles.d2
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.d2
rename to docs/src/catalyst-standards/draft-cips/images/x509-roles.d2
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.svg b/docs/src/catalyst-standards/draft-cips/images/x509-roles.svg
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.svg
rename to docs/src/catalyst-standards/draft-cips/images/x509-roles.svg
diff --git a/docs/src/catalyst-standards/draft-cips/rbac-cip30-extension/.meta.yml b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/.meta.yml
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/rbac-cip30-extension/.meta.yml
rename to docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/.meta.yml
diff --git a/docs/src/catalyst-standards/draft-cips/rbac-cip30-extension/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-xxxx.md
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/rbac-cip30-extension/cip-xxxx.md
rename to docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-xxxx.md
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/x509-envelope.cddl b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/role-registration/x509-envelope.cddl
rename to docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
diff --git a/docs/src/catalyst-standards/draft-cips/catalyst-vote-signing-cip30-extension/.meta.yml b/docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/.meta.yml
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/catalyst-vote-signing-cip30-extension/.meta.yml
rename to docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/.meta.yml
diff --git a/docs/src/catalyst-standards/draft-cips/catalyst-vote-signing-cip30-extension/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/cip-xxxx.md
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/catalyst-vote-signing-cip30-extension/cip-xxxx.md
rename to docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/cip-xxxx.md
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/.meta.yml b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/.meta.yml
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/role-registration/.meta.yml
rename to docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/.meta.yml
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-xxxx.md
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/role-registration/cip-xxxx.md
rename to docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-xxxx.md
diff --git a/docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.cddl b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/role-registration/x509-roles.cddl
rename to docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl

From 8ff8ea8048dd35a04ed37da27ac575a05c26a8e2 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Tue, 26 Mar 2024 21:00:54 +0700
Subject: [PATCH 36/66] docs(cips): add cip draft for catalyst roles using the
 x509-rbac standard

---
 .../.meta.yml                                 |  1 +
 .../cip-xxxx.md                               | 69 +++++++++++++++++++
 2 files changed, 70 insertions(+)
 create mode 100644 docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/.meta.yml
 create mode 100644 docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/cip-xxxx.md

diff --git a/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/.meta.yml b/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/.meta.yml
new file mode 100644
index 00000000000..4c831482e11
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/.meta.yml
@@ -0,0 +1 @@
+icon: material/account-check
diff --git a/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/cip-xxxx.md
new file mode 100644
index 00000000000..569f48955e3
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/cip-xxxx.md
@@ -0,0 +1,69 @@
+---
+CIP: /?
+Title: Role based Access Control Registration
+Category: MetaData
+Status: Proposed
+Authors:
+    - Steven Johnson<steven.johnson@iohk.io>
+Implementors: []
+Discussions:
+    - https://github.com/cardano-foundation/cips/pulls/?
+Created: 2023-10-24
+License: CC-BY-4.0
+---
+
+<!-- Existing categories:
+
+- Meta     | For meta-CIPs which typically serves another category or group of categories.
+- Wallets  | For standardization across wallets (hardware, full-node or light).
+- Tokens   | About tokens (fungible or non-fungible) and minting policies in general.
+- Metadata | For proposals around metadata (on-chain or off-chain).
+- Tools    | A broad category for ecosystem tools not falling into any other category.
+- Plutus   | Changes or additions to Plutus
+- Ledger   | For proposals regarding the Cardano ledger (including Reward Sharing Schemes)
+- Catalyst | For proposals affecting Project Catalyst / the Jörmungandr project
+
+-->
+
+<!-- markdownlint-disable MD025-->
+# Role Based Access Control Registration
+
+## Abstract
+<!-- A short (\~200 word) description of the proposed solution and the technical issue being addressed. -->
+
+## Motivation: why is this CIP necessary?
+<!-- A clear explanation that introduces the reason for a proposal, its use cases and stakeholders. 
+If the CIP changes an established design then it must outline design issues that motivate a rework. 
+For complex proposals, authors must write a Cardano Problem Statement (CPS) as defined in CIP-9999 
+and link to it as the `Motivation`. -->
+
+## Specification
+<!-- The technical specification should describe the proposed improvement in sufficient technical detail. 
+In particular, it should provide enough information that an implementation can be performed solely on the 
+basis of the design in the CIP. 
+This is necessary to facilitate multiple, interoperable implementations. 
+This must include how the CIP should be versioned. 
+If a proposal defines structure of on-chain data it must include a CDDL schema in it's specification.-->
+
+## Rationale: how does this CIP achieve its goals?
+<!-- The rationale fleshes out the specification by describing what motivated the design and what 
+led to particular design decisions. 
+It should describe alternate designs considered and related work. 
+The rationale should provide evidence of consensus within the community and discuss significant 
+objections or concerns raised during the discussion.
+
+It must also explain how the proposal affects the backward compatibility of existing solutions when applicable. 
+If the proposal responds to a CPS, the 'Rationale' section should explain how it addresses the CPS, 
+and answer any questions that the CPS poses for potential solutions.
+-->
+
+## Path to Active
+
+### Acceptance Criteria
+<!-- Describes what are the acceptance criteria whereby a proposal becomes 'Active' -->
+
+### Implementation Plan
+<!-- A plan to meet those criteria. Or `N/A` if not applicable. -->
+
+## Copyright
+<!-- The CIP must be explicitly licensed under acceptable copyright terms. -->

From 2a53640bf9b2b55deb7bc8f7b3bbf1142df572af Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 27 Mar 2024 20:13:30 +0700
Subject: [PATCH 37/66] docs(cips): Add c509 cddl with restrictions and
 enhancements for plutus usage

---
 .../c509-cert-plutus-restricted.cddl          | 84 +++++++++++++++++++
 1 file changed, 84 insertions(+)
 create mode 100644 docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl

diff --git a/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl b/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl
new file mode 100644
index 00000000000..3252c52d46c
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl
@@ -0,0 +1,84 @@
+; This c509 Certificate format is based upon:
+; https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/
+; And is restricted/customized to better enable compatibility with Plutus scripts
+; that would consume them, without loosing necessary features of x509
+; Not all x509 features are supported and some fields have different semantics to improve
+; certificate size and processibility by Plutus Scripts.
+
+C509CertificatePlutusRestrictedSubset = [ TBSCertificate, issuerSignatureValue: ed25519Signature, ]
+
+; The elements of the following group are used in a CBOR Sequence:
+TBSCertificate = (
+	c509CertificateType: &c509CertificateTypeValues, ; Always 0
+	certificateSerialNumber: CertificateSerialNumber, ; Can be ignored/set to 0 or used as intended.
+	issuer: Name, ; This could be an on-chain reference to the issuer cert, what would be the best way?  Transaction hash/cert hash?
+	validityNotBefore: Time, ; c509 uses UTC, we can use slot# to simplify
+	validityNotAfter: Time, ; c509 uses UTC, we can use slot# to simplify
+	subject: Name, ; Reference to on-chain keys related to this certificate
+	subjectPublicKeyAlgorithm: AlgorithmIdentifier, ; Must be 12 = Ed25519
+	subjectPublicKey: subjectPublicKey, ; Ed25519 public key
+	extensions: Extensions, ; No extensions aer currently supported must be set to []
+	issuerSignatureAlgorithm: AlgorithmIdentifier, ; Must be 12 = Ed25519
+)
+
+; 0 = Native CBOR Certificate type
+; 1 = reencoded-der-cert -  Not supported in this restricted version of the format.
+c509CertificateTypeValues = ( native-cbor: 0,
+	; reencoded-der: 1 ; Not supported in this restricted encoding format
+)
+
+CertificateSerialNumber = biguint
+
+Name = [ * RelativeDistinguishedName ]
+	/ text
+	/ bytes
+
+RelativeDistinguishedName = Attribute / [ 2* Attribute ]
+
+Attribute = (
+	( attributeType: int, attributeValue: text )
+	// ( attributeType: oid, attributeValue: bytes )
+	// ( attributeType: pen, attributeValue: bytes )
+	// CardanoPublicKey
+)
+
+subjectPublicKey = bytes .size (32..32); Ed25519 public key stored in bytes, adjust size of this if other key types are supported.  
+
+; This is a completely custom Attribute for the RelativeDistringuishedName which is only for use with Plutus scripts.
+; attributeType = The type of cardano key we associate with this certificate.
+; proof = Does the transaction require proof that the key is owned by the transaction signer?
+; attributeValue = The cardano public key hash of the attribute type
+
+CardanoPublicKey = ( attributeType: &cardanoKeyTypes proof: bool, attributeValue: bytes .size (28..28) )
+
+cardanoKeyTypes = (
+	paymentKeyHash: 0,
+	stakeKeyHash: 1,
+	drepVerificationKeyHash: 2,
+	ccColdVerificationKeyHash: 3,
+	ccHotVerificationKeyHash: 4,
+)
+
+; Plutus will need to convert the Unix epoch timestamp to the nearest slot number
+; validityNotBefore rounds up to the next Slot after that time.
+; validityNotAfter rounds down to the next Slot before that time.
+Time = ( ~time / null )
+
+ed25519Signature = bstr .size 64; Ed25519 signature must be tagged to identify their type.
+
+
+; Currently ONLY AlgorithmIdentifier int(12) - Ed25519 is supported.
+; oid and [ algorithm: oid, parameters: bytes ] are not supported by Plutus.
+AlgorithmIdentifier = (int
+	/ ~oid
+	/ [ algorithm: ~oid, parameters: bytes ])
+
+; Extensions are not currently supported by plutus and should be set to []
+; Any extensions present in the certificate will be ignored by plutus scripts.
+Extensions = [ * Extension ] / int
+
+Extension = (
+	( extensionID: int, extensionValue: any )
+	// ( extensionID: ~oid, ? critical: true, extensionValue: bytes )
+	// ( extensionID: pen, ? critical: true, extensionValue: bytes )
+)

From e0d07e41486e5d73802a40055b59c5f33a959a02 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Fri, 29 Mar 2024 14:21:10 +0700
Subject: [PATCH 38/66] docs(cips): Metadata envelope specification draft
 complete

---
 .config/dictionaries/project.dic              |   1 +
 .../x509-envelope-metadata/cip-xxxx.md        | 234 ++++-
 .../images/metadata-envelope-process.d2}      |   0
 .../images/metadata-envelope-process.svg}     |   0
 .../images/metadata-envelope-structure.d2     |  29 +
 .../images/metadata-envelope-structure.svg    | 843 ++++++++++++++++++
 .../x509-envelope-metadata/x509-envelope.cddl |   9 +
 7 files changed, 1079 insertions(+), 37 deletions(-)
 rename docs/src/catalyst-standards/draft-cips/{images/metadata-envelope.d2 => x509-envelope-metadata/images/metadata-envelope-process.d2} (100%)
 rename docs/src/catalyst-standards/draft-cips/{images/metadata-envelope.svg => x509-envelope-metadata/images/metadata-envelope-process.svg} (100%)
 create mode 100644 docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/images/metadata-envelope-structure.d2
 create mode 100644 docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/images/metadata-envelope-structure.svg

diff --git a/.config/dictionaries/project.dic b/.config/dictionaries/project.dic
index f237d4233cb..dfdda497a84 100644
--- a/.config/dictionaries/project.dic
+++ b/.config/dictionaries/project.dic
@@ -107,6 +107,7 @@ pubspec
 pytest
 rapidoc
 redoc
+Replayability
 reqwest
 ripgrep
 rustc
diff --git a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-xxxx.md
index 569f48955e3..54dac6ddffc 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-xxxx.md
+++ b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-xxxx.md
@@ -1,6 +1,6 @@
 ---
 CIP: /?
-Title: Role based Access Control Registration
+Title: x509 Replayability Protection Envelope
 Category: MetaData
 Status: Proposed
 Authors:
@@ -12,50 +12,185 @@ Created: 2023-10-24
 License: CC-BY-4.0
 ---
 
-<!-- Existing categories:
+## Abstract
 
-- Meta     | For meta-CIPs which typically serves another category or group of categories.
-- Wallets  | For standardization across wallets (hardware, full-node or light).
-- Tokens   | About tokens (fungible or non-fungible) and minting policies in general.
-- Metadata | For proposals around metadata (on-chain or off-chain).
-- Tools    | A broad category for ecosystem tools not falling into any other category.
-- Plutus   | Changes or additions to Plutus
-- Ledger   | For proposals regarding the Cardano ledger (including Reward Sharing Schemes)
-- Catalyst | For proposals affecting Project Catalyst / the Jörmungandr project
+x509 Certificate metadata and related metadata within an x509 Registration/Update transaction must be
+protected against replayability.  
 
--->
+## Motivation: why is this CIP necessary?
 
-<!-- markdownlint-disable MD025-->
-# Role Based Access Control Registration
+x509 certificate registration necessarily references data within the transaction body that it is attached to.
+Preventing replayability of the verbatim Auxiliary data attached to a transaction prevents the relationships
+between those references being altered and closes a potential attack vector where an unrelated registration update
+is attached to a different transaction.
 
-## Abstract
-<!-- A short (\~200 word) description of the proposed solution and the technical issue being addressed. -->
-
-## Motivation: why is this CIP necessary?
-<!-- A clear explanation that introduces the reason for a proposal, its use cases and stakeholders. 
-If the CIP changes an established design then it must outline design issues that motivate a rework. 
-For complex proposals, authors must write a Cardano Problem Statement (CPS) as defined in CIP-9999 
-and link to it as the `Motivation`. -->
+Rather than define an explicit issue with potential replayability of Metadata, we simply seek to prevent it
+to close off a whole category of potential attacks.
 
 ## Specification
-<!-- The technical specification should describe the proposed improvement in sufficient technical detail. 
-In particular, it should provide enough information that an implementation can be performed solely on the 
-basis of the design in the CIP. 
-This is necessary to facilitate multiple, interoperable implementations. 
-This must include how the CIP should be versioned. 
-If a proposal defines structure of on-chain data it must include a CDDL schema in it's specification.-->
+
+The [x509 Metadata Envelope CDDL] defines the technical specification of the Metadata Envelope.
+The following description provides more information and context to that formal specification.
+Where this description and that specification are in disagreement, the specification prevails.
+
+The metadata envelope has the following basic structure:
+
+![x509 Secure Metadata Envelope structure](images/metadata-envelope-structure.svg)
+
+The purpose of this data is to lock a particular set of Auxiliary data verifiably to its original transaction.
+It can not be permitted to take teh Auxiliary data to another transaction and just attach it without it being detectable.
+
+Currently, this detection can NOT be done on-chain by ledger rules, and this metadata is designed to be processed
+by off-chain processors of this information.
+
+### Detailed description of the fields in the metadata and their purpose
+
+The metadata is encoded as a CBOR map, and follows the [specification for the encoding of all Cardano metadata].
+
+#### Key: 0 = Purpose
+
+Purpose is defined by the consuming dApp.
+It allows dApps to have their own privately named and managed namespace for certificates.
+The x509 specifications presented here do not define how certificates must be created.
+Nor the purpose they are used for, that is within control of the dApp.
+These specifications define a universal framework to implement such systems from.
+
+For each set of "Purposes" that a dapp has for role based access or off-chain identity to on-chain identity management
+the dApp will define a V4 UUID.
+There is no central repository of these, though a dApp may publish the ID it uses and what its used for.
+The reason UUID V4 is chosen here is if properly chosen, they can be self assigned without fear of collision
+with another dApp and eliminate the need for a central registry to manage them.
+
+A dApp can define multiple purposes to segment RBAC functions by class.
+For example, Project Catalyst defines the following two Purposes:
+
+| UUID-V4 | Purpose |
+| --- | --- |
+| ca7a1457-ef9f-4c7f-9c74-7f8c4a4cfa6c | Project Catalyst User Role Registrations |
+| ca7ad312-a19b-4412-ad53-2a36fb14e2e5 | Project Catalyst Admin Role Registrations |
+  
+The reason in this case for having two purposes for the same application is to allow the rules
+governing registration to be easier managed between the groups.
+It also allows Admins to have a distinct identity when they are just users of the system.
+dApps are free top have as many "purposes" defined as suits their goals.
+
+#### Key 1: txn-inputs-hash
+
+This is a hash of the transaction inputs field from the transaction this auxiliary data was original attached to.
+This hash anchors the auxiliary data to a particular transaction, if the auxiliary data is moved to a new transaction
+it is impossible for the txn-inputs-hash to remain the same, as UTXO's can only be spent once.
+
+This is a key to preventing replayability of the metadata, but is not enough by itself as it needs to be able to be
+made immutable, such that any change to this field can be detected.
+
+#### Key 2: previous_transaction_id
+
+This is a 32 byte hash of the previous transaction in a chain of registration updates made by the same user.
+The only registration which may not have it for a single user is their first.
+Once their first registration is made, they may only update it.
+Any subsequent update for that user that is not properly chained to the previous transaction will be ignored as invalid.
+
+The user is identified by their Role 0 key, which must be defined in the first registration.
+The Role 0 key also includes a reference to an on-chain key, such as a stake key hash.
+This is important to establish the verifiability of the link between the registrations and the transaction itself.
+
+#### Keys 10, 11 or 12 - x509 Chunked Data
+
+Except for the first registration, the chunked data is optional.
+For example, if this metadata is simply being used to lock auxiliary data to a transaction there does not need to be
+any actual role or certificate updates.
+
+The data required to register certificates or roles could be large.
+The [specification for the encoding of all Cardano metadata] also introduces difficulties in encoding x509 certificates.
+
+The contents of the x509 RABC Registration data stored in this key is documented separately.
+Its exact contents are not important for this specification except to note, that it will always define at least:
+
+* 1 Role 0 signing key MUST always be defined.
+  * And that key MUST be associated with a on-chain key such as a stake address hash.
+* The RBAC Data will have references to the transaction it is attached to,
+  and it can not be fully interpreted independent of the transaction.
+
+To save space and overcome the metadata encoding limitations, x509 RBAC data is preferable encoded as described:
+
+1. The x509 Role Registration Data is prepared and encoded with [dCBOR].
+   This is the raw encoded registration data.
+2. The raw encoded registration data is then compressed with [Brotli].
+   This is the Brotli compressed registration data.
+3. The raw encoded registration data is then compressed with [ZSTD].
+   This is the ZSTD compressed registration data.
+4. Which ever data is smallest, Raw, Brotli compressed or ZStd compressed is then cut into 64 byte chunks.
+   All chunks must contain 64 bytes except for the last which can contain the residual.
+5. These chunks are then encoded in an array of 64 byte long byte strings.
+   The appropriate key is used to identify the compression used.
+    * 10 = Raw, no compression
+    * 11 = Brotli Compressed
+    * 12 = ZSTD Compressed
+
+Due to the potential size of x509 certificates compression is mandatory where it will reduce the space of the encoded data.
+dApps can, if they choose, only support either Brotli or ZSTD and not trial compress the data.
+However they must never store data compressed if the compressed size is larger than the raw size.
+This can happen if the data is small and not very compressible, due to overhead in the codec data stream.
+
+The specification reserves keys 13-17 for future compression schemes.
+Even though there are multiple keys defined, ONLY 1 may be used at a time.  
+There is only a single list of x509 chunks and the key is used to define the compression used only.
+
+ie, it is invalid to use key 10 and 12 at the same time in the same envelope.
+
+#### Key 99 - Validation Signature
+
+Key 99 contains the signature which can be verified with the signing key recorded against role 0.
+
+It is a signature over the [entire auxiliary data] that will be attached to the transaction.
+This includes not only the transactions metadata, but all attached scripts.
+
+As the auxiliary data key 99 is part of the auxiliary data, we end up with a catch-22.
+We can't sign the data because we do not know what data will be stored in the signature field.
+To mitigate this problem, the size of the signature will be known in advanced, based on the signature algorithm.
+When the unsigned auxiliary data is prepared, the appropriate storage for the signature is pre-allocated
+in the metadata, and is set to 0x00's.
+
+The signature is calculated over this unsigned data, and the pre-allocated signature storage is replaced with the signature itself.
+
+This ensures that there is no alteration to the auxiliary data in form or structure.
+Validating the signature then is as simple as:
+
+1. removing the signature data from the auxiliary data;
+2. setting the storage for the signature back to 0, and;
+3. validating the signature on the reconstructed unsigned auxiliary data.
+
+### Validating the Auxiliary Data is attached to the correct transaction
+
+The Transaction will have 3 pieces of information that must be validated to ensure the attached metadata
+is carried with the correct transaction.
+
+1. The UTXO Inputs when hashed MUST == [Key 1 - Transaction Inputs Hash](#key-1-txn-inputs-hash)
+2. The [auxiliary data hash] must equal the hash of the actual auxiliary data.
+   1. This is likely always true as it would be validated by the ledger rules.
+3. The [vkeywitness] set MUST include a signature over the transaction with the key associated with Role 0.
+   1. Note: Role 0 may have multiple associated keys, in which case there must be a witness for all of them.
+   2. A missing witness means it is not possible to validate the auxiliary data truly was built for this transaction.
 
 ## Rationale: how does this CIP achieve its goals?
-<!-- The rationale fleshes out the specification by describing what motivated the design and what 
-led to particular design decisions. 
-It should describe alternate designs considered and related work. 
-The rationale should provide evidence of consensus within the community and discuss significant 
-objections or concerns raised during the discussion.
 
-It must also explain how the proposal affects the backward compatibility of existing solutions when applicable. 
-If the proposal responds to a CPS, the 'Rationale' section should explain how it addresses the CPS, 
-and answer any questions that the CPS poses for potential solutions.
--->
+This specification creates a signed set of interlocking data between a transaction and its auxiliary data.
+The interlock is constructed to avoid any catch-22 in setting up a transaction and to minimize complexity.
+
+By signing off-chain data with an off-chain key, we simplify the process of signing auxiliary data,
+this allows us to sign all the data in a way suitable to the needs of the method and not limited to any on-chain restrictions.
+
+The off-chain key is explicitly associated with an on-chain key, such that signing with the on-chain key over
+the registration transaction provides proof that they two keys are related and can be used interchangeably,
+
+Once constructed in the way documented, the auxiliary data may not be posted in a different transaction without it being detected.
+
+It is not currently possible to detect this on-chain, as plutus does not have the necessary functionality to allow it
+to inspect auxiliary data, except under very limited circumstances.
+However, the purpose of this envelope is to ensure that off-chain construction of off
+chain certificates and dApp role registration is secure.
+
+This specification meets that criteria.
 
 ## Path to Active
 
@@ -65,5 +200,30 @@ and answer any questions that the CPS poses for potential solutions.
 ### Implementation Plan
 <!-- A plan to meet those criteria. Or `N/A` if not applicable. -->
 
+## References
+
+* [Cardano Metadata CDDL Specification][specification for the encoding of all Cardano metadata]
+* [Cardano Auxiliary Data CDDL Specification][entire auxiliary data]
+* [Cardano Transaction Auxiliary Data Hash Specification][auxiliary data hash]
+* [Cardano vKeyWitness Specification][vkeywitness]
+* [Deterministic CBOR Encoding][dCBOR]
+* [Brotli Data Compression][Brotli]
+* [ZSTD Data Compression][ZSTD]
+
 ## Copyright
-<!-- The CIP must be explicitly licensed under acceptable copyright terms. -->
+
+This CIP is licensed under [CC-BY-4.0]
+
+Code samples and reference material are licensed under [Apache 2.0]
+
+<!-- References -->
+[CC-BY-4.0]: https://creativecommons.org/licenses/by/4.0/legalcode
+[Apache 2.0]: https://www.apache.org/licenses/LICENSE-2.0.html
+[x509 Metadata Envelope CDDL]: ./x509_envelope.cddl
+[specification for the encoding of all Cardano metadata]: https://github.com/IntersectMBO/cardano-ledger/blob/ab8d57cf43be912a336e872b68d1a2526c93dc6a/eras/conway/impl/cddl-files/conway.cddl#L511-L531
+[dCBOR]: https://datatracker.ietf.org/doc/draft-mcnally-deterministic-cbor/
+[Brotli]: https://github.com/google/brotli
+[ZSTD]: https://github.com/facebook/zstd
+[entire auxiliary data]: https://github.com/IntersectMBO/cardano-ledger/blob/ab8d57cf43be912a336e872b68d1a2526c93dc6a/eras/conway/impl/cddl-files/conway.cddl#L521-L531
+[auxiliary data hash]: https://github.com/IntersectMBO/cardano-ledger/blob/ab8d57cf43be912a336e872b68d1a2526c93dc6a/eras/conway/impl/cddl-files/conway.cddl#L60
+[vkeywitness]: https://github.com/IntersectMBO/cardano-ledger/blob/ab8d57cf43be912a336e872b68d1a2526c93dc6a/eras/conway/impl/cddl-files/conway.cddl#L436
diff --git a/docs/src/catalyst-standards/draft-cips/images/metadata-envelope.d2 b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/images/metadata-envelope-process.d2
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/images/metadata-envelope.d2
rename to docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/images/metadata-envelope-process.d2
diff --git a/docs/src/catalyst-standards/draft-cips/images/metadata-envelope.svg b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/images/metadata-envelope-process.svg
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/images/metadata-envelope.svg
rename to docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/images/metadata-envelope-process.svg
diff --git a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/images/metadata-envelope-structure.d2 b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/images/metadata-envelope-structure.d2
new file mode 100644
index 00000000000..e5f9e574d2e
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/images/metadata-envelope-structure.d2
@@ -0,0 +1,29 @@
+vars: {
+  d2-config: {
+    layout-engine: elk
+
+    # Terminal theme code
+    theme-id: 300
+  }
+}
+
+grid-columns: 1
+
+title: |md
+  # Label = `509`
+| {
+  shape: text
+  # near: top-left  
+  style: {
+    font-size: 25
+  }
+}
+
+metadata-signed: {
+  shape: sql_table
+  "0 : purpose": "128bit UUID V4 of the Metadata Purpose"
+  "1 : txn-inputs-hash": "Hash of the transaction inputs"
+  "?2 : previous_transaction_id": Hash of the immediately proceeding registration in a series of updates (optional)
+  "10/11/12 = X509 chunks": "[ + x509_chunk ] - x509 Update Data (Preferably compressed)."
+  "99 = validation signature": "Signature over the entire Auxiliary data attached to the transaction."
+}
diff --git a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/images/metadata-envelope-structure.svg b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/images/metadata-envelope-structure.svg
new file mode 100644
index 00000000000..3e0b734efd5
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/images/metadata-envelope-structure.svg
@@ -0,0 +1,843 @@
+<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" d2Version="v0.6.3-HEAD" preserveAspectRatio="xMinYMin meet" viewBox="0 0 1156 548"><svg id="d2-svg" class="d2-4067985905" width="1156" height="548" viewBox="-101 -101 1156 548"><rect x="-101.000000" y="-101.000000" width="1156.000000" height="548.000000" rx="0.000000" class=" fill-N7" stroke-width="0" /><style type="text/css"><![CDATA[
+.d2-4067985905 .text {
+	font-family: "d2-4067985905-font-regular";
+}
+@font-face {
+	font-family: d2-4067985905-font-regular;
+	src: url("data:application/font-woff;base64,d09GRgABAAAAABOIAAoAAAAAHRAAAguFAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgXd/Vo2NtYXAAAAFUAAABBQAAAXwI/wqzZ2x5ZgAAAlwAAAweAAAQbFFNYoloZWFkAAAOfAAAADYAAAA2G4Ue32hoZWEAAA60AAAAJAAAACQKhAX+aG10eAAADtgAAADPAAAA8GjzC0Vsb2NhAAAPqAAAAHoAAAB6idCFqG1heHAAABAkAAAAIAAAACAAVAD2bmFtZQAAEEQAAAMjAAAIFAbDVU1wb3N0AAATaAAAAB0AAAAg/9EAMgADAgkBkAAFAAACigJYAAAASwKKAlgAAAFeADIBIwAAAgsFAwMEAwICBGAAAvcAAAADAAAAAAAAAABBREJPAEAAIP//Au7/BgAAA9gBESAAAZ8AAAAAAeYClAAAACAAA3icnNBJS5QBHAbw39u8NTVNy7QvU01Ny7TMVNNMG0UEHQoKAlEEEfUoXgYPoh/J5agiIoifwJN69gMILidB+AvvQebsc//B8zxI5CQoSpMOvqlIlVVUvfRaXcNbTW1ffPXdDz/98sc///Xo02/AoCHDRnVMmIog07UT/U7L5y79299M93bpEWPGTUbEtpK8AnEkjYPYj93Yi8PYibVYjZVYjqVYjIWYj83YiPXYirmYjZmYznacPolW1rWt7pUPqp565rkXatkTH71xRk7qrHPyzrug4KKi95oaPrnksiuuKrnmuhtuuuW2O+66576yBx56pOKxJxwDAAD//wEAAP//FYpGjQAAAHicZFdrcBvXdT73AsSKAkByCSwWAPHcpbB4EiQWuwvisTBJgKIokqBA0RQpitSDEinLUi3KsusxLbk1/RjXadFGnrqt7SqNZ2p34kaKZ6R4PBmnVuyytRrVbuqkteVJ/7CaJJ00LNOmjbno7AKkKOcHZjGLe8859zvf+T5caIBJACzgS6CDRmiGVqAAeNJP7vJzHEtIvCSxtE7iEElMos+UCkJ7knpR1Hf1/rT3sYsX0YEL+NLGg+nl+fn3Zx59VPnK6h0lgb5/BzDoALAbV6ARSAALwXOBAMcaDDoLb2E5lvjQ+7631deib/b96+czn0/KP8+j35qbk053d59WpnBl46GVFQAADFMAOIkrsEONw5N8wkZZDSzHJ0QhGWDZqddeevWVF8f3njt37txeXHnj5Vf+uvB7S0tPAwDS9iZwBYzaTtJP8iRL+smpMdS1f79yC1eU/0CWjYeQoHy4uR7exBW1dnX91JhaSO09uokr0FCPQ02NIS+ubFzfDVt5nsAVcGu/W2w2mhdFyaJmS4oSS+hYHcfabBQ5NXfBRJv0Jsq0dHxkh06fXJKWknodgSvKXzBFhikyaGbjIXQyeiryovINtP/FyKmo8sdbOBi1s1jrOGhAsCS5BcU7g2fkZx588Oj9YxP3z+BK+/jA/JzyBRro6d8taXWGq+vo5/hliAE0MAFOstlqewMc14GFpCjyCRtNBAIsY6CsNhtNezBlNRhQS/GRSIKd5XsG3F3eGW8uJMxkMnNszLOnQ+rzJ5yHArl2cc4kRNO7YplOJuhqCpnDvZ2JUizWLrr9yag35DQGW2I9XcnxBCCYqK7jDlxRudbABAICyZNWrRZR+2owoL6+U/JYqBiJ9odG5QdM4tJJ9DvKE6WDgcDBEnpKuXhySQSkEUSHK2AG4HXbcNd9/PHkydY2i77VRZ4c/0dcUV5NH0+nj6fRUa2fzQBoDVfAAcBbdDxd3yjxOgtb5ylBNL/7relJM92sb6JMEwfeenf6sLmtRd/kNM2iMZR73RZ1u6O215V3latX7bzHw9uvan1KVtfRVbQGTmgHoJmAkBSlpAYpwWkAUySrJuASoiQYVJzfy+37gz8jI8HwoNvHHEtPjhYIHbPPxsrsY0cSpj09o+OkN8X6rN220OmDyidpV7iX8T7bnI2HdgGGcnUd/RqvgAV8ta6yBEvyFFHLZdUSqfRgDARls6EQs8enI3rL2F8Kzh7NzPZnS5mi9z7Wlzf53Qm88t4BN/fM2bFH5OL81Ogxxld10TWOd1TX0TfRGrjqPbuHLeox+IQo0QYDar1vIdtzSu4sOsJU3B0tcmN9TNrW7h81ZRdHy4tZhhYt9vh4amzebZXcfhWzeHUd/cvmGWqYacE5gd8ESxK2Ev3q4JnMESks+/RjBULnGnLcl/V2e7h8oN/09GOlc7LHOfbORqrbFSr2KS46PpaaOAZYq//v0RrYwXvPCSirgfDbNqvX+TWoEN3zgJyfkw4dR1j5dsNEP5tpc3tLHyJ9vpvfZ8otlkYX5aUFs6NxeJoiRasHBQaHSxpOHgCUxz+o6SgrSEKyjhPLUBRPseTh3t7iHjrc0trmKszPo6/LDcODE41E3jQz3KccAgAdxKo+9DO0Bl2Qg+EtFgmBbQ8tKE+xmgoYWIar9aDec91mzymrzVKXByZQW/Pfkw8F/K0OxmLnEvu7rO3mN+ZIunM0wTHm1l1dM+Pj2TND4Vw2EsnmxP79fHx/k7/Fad/740Le223TG4Mub4dZby1EhJEw0ZBvEbzJoRBpbLPSHikXG4qjq3lByGYFIa88lwswTr3eEqa4Dg2bMgD6IV6pK9gmR1WV1PhJlss6djgxvLsc7dyV2YVX3pvzx48cUm6iUEEO7FIuQ7UKRQB4C1/DAUgBgAG6l2Ar9ipeAVNNo3kLT1hYjqDK+3S3Dn797anfP4hXFA+CG8rtnzzwZH1PdR1+hFdUPVAx1mSoToQ3OkLlpkY9QRh32EzdAj6xcclCIiTr9bVc+BdoDfxaLlU71G7ccxpi61kuEDrfUCSVbw6MRPfuKUc7xEI5GhcLaLWfjXdFQ8nNI+5VLtcfm1ihtTpW9RzbsSoQOnZkCywt2D1Y1Tn/n2gNmqHtHs7fqwuU1YaaM/P5/HwmeyKfP5HNDw/n5ZGR+rxmF8uji9nC/Nj+hYX9Y/OgaQ6Pfo3W6vN6tzqNiQGOpizbNUet1F+KzBzNzKaYPgY/qklOvt0v/wN+K+UKPnu2/IjscY6/hgxf0hwVgxm0Vnf+Wpa64tQAcAyE3HSLydrs7XOg1QMd4s4BvT4hKyu1/a7qOnoKrUFY6+92v9Ps7ktuVzO7j5IzbMhXiHR2+vk2pjc8WYqNuIIO0dcR8XS2sYVYqGTiXJLDH/M6GHqn2S+EMiUfnbTYwy7aTRnNfqmD6w1q+e3VdVTEZ4Cu84sVJInXRGCLZz8dyQ0M7Sw+9ZQ/bPaYWqxx09QAMssNzz3Xp6zFuhr1MmHUYu2trqPvo1WVD/dwlaxL5I+HB8YinYEMo+LCDJmOHEJJ5YcFmYugScU5FOwEpM4G+lu0+pt++c43x6eNtFFvpHdO7/sGWlV+1j7AsgPtyKo4AUETALqCVjW/lLhtfknQd/2y6c+/OtljtJv1Rpsxc/9XX53cbXY26c12U69y55QlbLWGLad+8cuztihFReiz2plM1bhWT9v2/kjSPaU14akWt6llh7UxJDYbb4wfMzqMeqN158TodTJe/Mig78ENmVg7+nflv7wDjH/Ah8wba51DMZWn0eo6eh8/D8bNDiTrNN3O/f89fPr04dnTp2dThUIqVSya3rz8tddf/9rlN3svvvDC44+/8MJFrdYSALqOL2j6otqSIIqSKmKlP3o42uPMLxfQJ8IOumXjg0KNe+0A6Hv4efVsvCDj+jhwW4Oiih9PBQ8/05/NBQuuePCgPHmi7/yQM+V4u+vwH57npf6YLx4V5sezjz9bwvrdgNU5QP+ML0CjygKJV91Ahd4i+AWk1sJSCyt6pDc5m3jl3xA5PTGx9rZzwEFHaSV5RUQvKQ/3XlFrc1TX0d/gC3W3vTsXWoUWP8USd2XiJ0Nz/qB7KJXZNyj74+4ohfL/Q9IdbmlSzB01iX7RFSv19Q5aLS7E7/6OqSlyoFg8kgDNx0LVdbSCnwcvRKFby6Up0DYL05CgapOnE+82xaarD6pmWf+XnZFYycOKnWV+7IgraHUnfPwh0semhWgmVGhIFTtLHQG+ZIqNJsI9XS16x0CiazB0eNCfiTfrW6K5SHwkhhbc97Hx3lQ8kGCVD/JdoWSg1dEfFYq1e0awuo6+q3ElCGCpzZamDZYthERJ07ftIno+k/Ht9u4YyHX0HOCHnR1WyaN6oGc0WD6WHOfzc93FM+g78p5g7NCR4Y1fca4k7Ur+9olA9NjR3HSy8Nz8ky/X7xA91XX4Niyqd5XtTH3CwbIOO8ua2DY3y7rbWNUDtbXoU8ypyoZOgkF9AoZAdR09hv8KHLALQArIui+xrklHE9tiXybskZivq9OfoeO+cWnooC8ebWtgHAzjcLDsB/GBrCj6gt3etkh7/P5BLp9K94Y/3qoDEITgU9SMnOp9SRJ4KrT6aT5fm+vfRXeqb6vvacFPmdBnFyRJ89tR1Ig/U/WHrv2ZobX+0p/I/f0yn+7uTl85fnt5+fM5++ztxcXbs4AgUB2F2/U9nMYQtRuU1TCprefl/v4r9dX2uc+Xl28DgpnqAiLx94DQ3IlS/w/PvHX+/Eu66fgGjtfw9lYX4KP6Gm2eedL78MPfeimOlfgXr9XW7KweRvvwB9o5EI92ImNW+eVl3Ykv/rTGGRWEf9Jm3KsqIyvUPjyhfShW+7ASS1h4iZ1yjE60jk/TAv20XbDvU787BPuyw7fcunyz+1L6+vXr19OXum/evIkaLtXyM7CAbuGoyglJYAVe0MyD+tG1az3Xri3ckG/ckG+ofGDgu+gW+gEOQBpOgQHS8CKo75/EObRbZwYCMqgZtjwVXkOrm3fcchmtqhpf/Ts8CBK+puYit3HE7vXa7V4vHnQ77B6P3eHW6kIRdAudVGNYBD/FoDdRRJa1+NWzOAcpnVn7jZPoplfSX8G5P5H+Ev4fAAD//wEAAP//NKt8EQAAAAEAAAACC4X11VoXXw889QADA+gAAAAA2F2goQAAAADdZi82/jr+2whvA8gAAAADAAIAAAAAAAAAAQAAA9j+7wAACJj+Ov46CG8AAQAAAAAAAAAAAAAAAAAAADx4nBzKr0oEYRSG8ec9EwRZFIsoyDi4y+L4Z78imgwGk0E4RfyErWbvwGLTqzB5E+Y1G7wDqx6QYUyzzIQfLy889sItC7CKwu7J9kzWClnfZPsi2ynZNjmwJ26sABPrajmxGteCmR2S9MtME0q1HFuF03CpH5wOL85xG+NWDq3rDtcrO3K2rOJKn4z0ztqwwZGCawUTBRsKthXUCvb556KnN6Y6o9YfIyVciakScyV2NWdVwVjBXs9KHmlw6D76D93DEgAA//8BAAD//wJTMH0AAAAALAAsAFAAbgCGAJIAogDUAPYBOgFeAXoBqAHgAhQCQgJ0AqgCygM2A1gDZAN+A5oDzAPuBBoETgRuBK4E1AT2BRIFPgVuBZQFrAXWBfoGLgaEBsQG2gbmBx4HKgc2B1AHagd8B44HngfOB+IH7gf4CAQIGggoCDYAAAABAAAAPACMAAwAZgAHAAEAAAAAAAAAAAAAAAAABAADeJyclN1OG1cUhT8H221UNRcVisgNOpdtlYzdCKIErkwJilWEU4/TH6mqNHjGP2I8M/IMUKo+QK/7Fn2LXPU5+hBVr6uzvA02qhSBELDOnL33WWevtQ+wyb9sUKs/BP5q/mC4xnZzz/ADHjWfGt7guPG34fpKTIO48ZvhJl82+oY/4n39D8Mfs1P/2fBDtupHhj/heX3T8Kcbjn8MP2KH9wtcg5f8brjGFoXhB2zyk+ENHmM1a3Ue0zbc4DO2DTfZBgZMqUiZkjHGMWLKmHPmJJSEJMyZMiIhxtGlQ0qlrxmRkGP8v18jQirmRKo4ocKREpISUTKxir8qK+etThxpNbe9DhUTIk6VcUZEhiNnTE5GwpnqVFQU7NGiRclQfAsqSgJKpqQE5MwZ06LHEccMmDClxHGkSp5ZSM6Iiksine8swndmSEJGaazOyYjF04lfouwuxzh6FIpdrXy8VuEpju+U7bnliv2KQL9uhdn6uUs2ERfqZ6qupNq5lIIT7fpzO3wrXLGHu1d/1pl8uEex/leqfMq59I+lVCYmGc5t0SGUg0L3BMeB1l1CdeR7ugx4Q493DLTu0KdPhxMGdHmt3B59HF/T44RDZXSFF3tHcswJP+L4hq5ifO3E+rNQLOEXCnN3KY5z3WNGoZ575oHumuiGd1fYz1C+5o5SOUPNkY900i/TnEWMzRWFGM7Uy6U3SutfbI6Y6S5e25t9Pw0XNnvLKb4i1wx7ty44eeUWjD6kanDLM5f6CYiIyTlVxJCcGS0qrsT7LRHnpDgO1b03mpKKznWOP+dKLkmYiUGXTHXmFPobmW9C4z5c872ztyRWvmd6dn2r+5zi1Ksbjd6pe8u90LqcrCjQMlXzFTcNxTUz7yeaqVX+oXJLvW45z+iTSPVUN7j9DjwnoM0Ou+wz0TlD7VzYG9HWO9HmFfvqwRmJokZydWIVdgl4wS67vOLFWs0OhxzQY/8OHBdZPQ54fWtnXadlFWd1/hSbtvg6nl2vXt5br8/v4MsvNFE3L2Nf2vhuX1i1G/+fEDHzXNzW6p3cE4L/AAAA//8BAAD//wdbTDAAeJxiYGYAg//nGIwYsAAAAAAA//8BAAD//y8BAgMAAAA=");
+}
+@font-face {
+	font-family: d2-4067985905-font-semibold;
+	src: url("data:application/font-woff;base64,d09GRgABAAAAABOgAAoAAAAAHUQAAguFAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgXqrWeWNtYXAAAAFUAAABBQAAAXwI/wqzZ2x5ZgAAAlwAAAwJAAAQRMt6ZlFoZWFkAAAOaAAAADYAAAA2FnoA72hoZWEAAA6gAAAAJAAAACQKgQX8aG10eAAADsQAAADQAAAA8GyOCjFsb2NhAAAPlAAAAHoAAAB6iHqEWG1heHAAABAQAAAAIAAAACAAVAD2bmFtZQAAEDAAAANOAAAIcCYSZQ5wb3N0AAATgAAAAB0AAAAg/9EAMgADAhoCWAAFAAACigJYAAAASwKKAlgAAAFeADIBJgAAAgsGAwMEAwICBGAAAvcAAAADAAAAAAAAAABBREJPAAAAIP//Au7/BgAAA9gBESAAAZ8AAAAAAesClAAAACAAA3icnNBJS5QBHAbw39u8NTVNy7QvU01Ny7TMVNNMG0UEHQoKAlEEEfUoXgYPoh/J5agiIoifwJN69gMILidB+AvvQebsc//B8zxI5CQoSpMOvqlIlVVUvfRaXcNbTW1ffPXdDz/98sc///Xo02/AoCHDRnVMmIog07UT/U7L5y79299M93bpEWPGTUbEtpK8AnEkjYPYj93Yi8PYibVYjZVYjqVYjIWYj83YiPXYirmYjZmYznacPolW1rWt7pUPqp565rkXatkTH71xRk7qrHPyzrug4KKi95oaPrnksiuuKrnmuhtuuuW2O+66576yBx56pOKxJxwDAAD//wEAAP//FYpGjQAAAHicXFdrcBvXdT73AsSKJPgAgcUKAPFcYJckQADcxe6CD4DgUyQEUhRJUSJEkZQo03pYT1JWYkmZ0URNFf9ApTTjehR3JnY9dpKmaiJ3lCatOg6lad02k44cq2mcRJ5J6qYxO514yoZpR1xk7u5SovTjasXFvfec+53v+85eqIBJAFzAXwYTVEIdNAANINqCtojI8yyliIrCMiaFRzZqEv1OvfF+Om5OJMzx5PfbXjp1Ck2cxF/eeGHnkcOHH85OT6uv/Mt9dR599T4ALqsAOIlLUAk2ADsl8hzHsxaLyS7aWZ6lfsK8zdR7a8013tUHVx+8JP5MRDNjY6mTsnJCPY1LG2e//W0AAAwTADiHS7CN7CPaRMFJOywsLwqylOJYduIvX/naW1/qERdeeGFBxKU33vizt2eXPvuZkwCAtLX9uATV2kpb0CbaWFvQNrGMKpeX1XVcUv8PURtnUUh9uDkf/gGXwKTPn1gmiejv0Y9xCSqMfeiJZVSPSxsfHILHcV7BJfBrv9udTkaUZcVOoqVkWWEpE2viWR+mbROfX66mq8zVjqozV45XUCazdHzghZTZRFXgkvquvycQ6PGj3MZZFPUP532vqh8i7lVfftivPtjEwodLYAWHgQUBw8KytE0UdDh+OHy2t/f0jtk913YO78Ylbl9haDb+GzRyPpvQc+XKa2gD34AoQEWI4xWnU4eS5+NYSsmyKDgZiuPYkIV2OJ0Mo4dADb0XEv1ssTXd0R4rBjJ8+0Ku/RjX6R9oibd7k57pjnz6qFWI7wo2x7nmsJ2vjfUnUxNtrVze7WsOu4JMdcS1e4e0TyI5jJXXcDcuEa5VhDhOsok2h5aHrP3XYkFDO09nloNdfFOGPdV1ytp15Tg6pV7dMcGyEzvQZ9Trx690ASo/AsCNuAQ1AKJpC+6m935wYabeXW+2uer2n/9nXFK/oyym04sKGtbqWQOA63EJXACi3SQyxkJFNNlZg6cUVfO9m5eHrEyd2UpXD1y4+b3LYzWuOnMNYx1Fu1HmurPN621zXlf/Tv2rG27R5xPdNzS+Jspr6C5aBxewAEyIk1KyosFJ8Rq4tI0l+/OCrEgWgvG7ud0v/wnihfBAsKX5+Y6Z/XPbzMGdlK+t8fBok3Ust2tvPd/e6BhxcyeeV38uN3JFr+tkjRgJ+rR4w+U1XIlXoAF8BE2epVibSFN6LIcWiDAjRNFOJ1IGc6aq/Usmfz4ys9g1t6utV0in0m7RmkvhldvjntDVM5Pnu+emJvLjysdOO6lVc3kN3Ubr4DFq9SxFREFWGIsFOfuOd/ef6UkMetL2JqZz53CHV6QToUlrZmn3+FImwOy02Yv54aLLVvD5AEO0vIZW8QrYiWp0nLSNeUncREiRNoP878zJznmppbPRvDS3zewZsipJl+BK9HVYr352bDnrde26tZGVPNyc8jHTsGdk16TuHST3f0XrsJ3E2JK9k3ZQQedm6iaR4GNBnv6TuZ4j7X3FeIX63rbRzoDi4dmpWx8KQrSPnGJsOdt5dCDs6Bmy24YYH0q293TrmvIAoCL+oe6drKRIKQMjNkTTIs3aDvT2Fva6k/VOjyc7P4+uTVWIIwtV1JR1QtqvngYAEzSVefT/aB0EyEJBQ4STUgQBQiDpCfAizRqqD3G8RiDRqLTJqDR5ZzfsMcSTv9Y6DkiDdleQdvHytOiI1H2raK0XJlP1IVt1Ddu6d3p/7sU8K7SFw4KQ7My3tvQ1ebj+nzS2RzMxs7XJ503Ume390fbRZqpiT23ULe/kLFSVw0Zvb88ld8XRnVQiLgqJREotJf1eB+UNByMEl2EA9F94xXCrTVISV9QEYRteMvsLwq6hpXBzoM2PV27PeVsXD6g/QJGM4PepX4dyGbIA8B6+hzlIAwAF7fB5MPbGGK+AVfdkUREpO8tT9PAZ0+3Pfe27lz43glfUHb94T/35g32XyPzyGvwWr0CdzjbNcgwCfDcjLtVXmimqrspvzedw/8Zt2obQlNmixzFtQ+sQ1OIQnyBVeOok1OPn8Nw2s384LvfY2JH4aH45wsXblyJ8vB2t9gXjiWZO2DxeRv268djECa0bOBkxtuJELGH0MVBotTcQfwong+uP0DrUPaPUp0yAkAE1ZI719h7LZMm/WTmbleVMxlBpZml891JmtjicLxKt6v6SxZVo3dDpk+wMBjK0fYvBaOcfaZp5rmtOCeR8pgXdYDzCCv6LlJu7enbyfNbrGr+B6CcWY5z/PFo3OrwewXAY/fDuPM/SjhpnvTfHoNW9SbHqsNncmlY/0PW3vbyGrqN1aNJq+6SncXpPe8qvGB+mHZb3hcNhOdgbaeL8SXegu2l+PDXuk9ySNxLuagrlooesvDfv8oVctIeusrJKc894mBm0M37G66u1sul49zQgcJTXUBGfAafOKYmVFEUkgqcdBrV+u2fHYKF2/tKlgZrGKodDtC7s+mSq4gtf2P/JFGXeQ1Xr+feX19Av0Sqp/1PctBlW+FNS+aZAW+PSbKUpULAuHkAp9acZIRBGYyo9xMUBER1oe+i9cEtL+86fnxutIt8cdNXoqbfRajmc57h8uKzSWuxaAPQjtKr3Qn7LQop50gtrX/vSRaWaqTZXOioT56+/drHL6qoxVzmrUwhWDziiDkfUceB3/3PQGaPpKHOQ7Gsty1o+7q01UZSnUrNYjjl8tTRlr+QT1srvn9tTTVebK+2V+VO3/Pv+yWIu4opExI8+/jSwgw3tCH66UZ44SDjZVF5D/4avQrXBdb3GtIPwXKs7G9Kc0Ylg4dy5BTL8SY8n6fclGxuT1m++/vpbb73++jeLiWPF4pFo9EixeCxBcs4DoH/EFzVPIW1IkmWFGFe+dC4x6Ju6NIveGKp0NWz8YlavWxAAfYCvkixEKYt1iW32eYfFQgxPpLnpy4OyGMm4c7HZnpkT3Ue7XR3Ma31Tf3gqKXS1eHMJ8dh0+txLfbjiEGBoAEC/whehkrBBEYn7kxLYpaBkJ7mw9JW3zchsddeK6q8efXFsbONaY6HRlXSr42+OopfVy9NvPtbEfXwRAs9oQsvQHqRZ6ok9fDpylJW8Q0lpMCf5W7yKHU3+psbBu5Si0r1oldi8pznX0Z612VnUcfBGVXXLvoGBQynQ+lazUYtGaAb5sfNs6Vi0w0KsQetQ8hMbcpoMiWqVQih7KD3YGhGFvcrUc7I/1ivPM26PEIsIoc6KeGfzQNTH91tbR1OdY9vN7mEhtbNlbiRRYMyuQq5tNI6W3LKvRYk3B6J+9b4YY2NBm7MrkujQvgMi5TX0I40vTQB2XVsaSeyPkZEVzc+2muYfScnGjKsyl+DT+fZJb7ZB8Tb1tuDGAjv+vLJfzh7tHjyL/jrdwfKThayKW3yDtCf2/L5Q08HDuQNi7xePX/jKkM6T7vIafADXyD2E2cLWl/2xmD/Q0mKNhUIxMki/0+ai/8A8tACgKbCQp8H5a/gb4IIIgMJlTc+wrdbEUFv2/lOLsznmi3J+wZkLzqRHn/O3xtxmwR+N+gPR6I9j/Wkh6QnHGrd3cm2T41xXKtXF//JxHoCgBd5H2xFH7kKKJNIt//3+5KSu6wvoP8vvkveMFKSt6Gd/MDAACEbKo8iFHxL/YXQKMFplmfvZwcHsUFqW07cWH1658nAxMP/hyZMfzgOCaHkU1o01vMYNUg3aYVnS5g9lBwdvGbMD2lpAUCwfQT58DyitG9HkY7d478SJV00z3Ruh7s07zhH4xJij6Vi0cSdO3Hu1Gz/sfvSmPsdankd9+O+1c9hFk/XXo7/+qmnx0Q2CNUu8FL8MHu1Gp7CSPkRKGzSrDVZhKbuosPu2j+yp373fOUCfY/rpsen6PbPMIHNue+DF+hfvFi4Xbt68ebNwuXD37l1Ud1mPHYIF9BFuI3xQJFYSJb1pPHjnnb3vvLNwZ/LOnck7hAsh+Bb6CP075qADToMFOuAakPfHcAaNmMJAQSdqANjsofC3aHXz7jq8hFZVGlD5b3APDOB7JJZtCz/8HOf3cxzuCfu84bDXF9byQgH0EVome9ilIB1Cd1BgUvuWRuV9OAOdprD2G68w+Btjf4wzXynchN8DAAD//wEAAP//4Ip5igAAAAABAAAAAguFxtlyjV8PPPUAAwPoAAAAANhdoKsAAAAA2F4RM/44/s8IbgPdAAAAAwACAAAAAAAAAAEAAAPY/u8AAAiY/jj+OAhuAAEAAAAAAAAAAAAAAAAAAAA8eJwczMEqRHEcxfHvOTRJg8LiRhZDd7rXaCi2KP1TP1LqbzF5A3YWnsPS1ht4AB7AyjtYWtnIhtzp3sWn06nT8RNXvIHHzb/vyH4ka42sH7I/yT4le8DQD1y6aP68wYJn2fU+oXdqHzDSL7UOWfcclceEehx5ntASMXNOeI9w2W1D94SeKXTDqndI+qKvDxbbtKgsziwGFssWhUVtUWqF484rlU7Y1jd9JS6UGClxrcRQk+5jy2KzU3KrHgHNS9uhmUwBAAD//wEAAP//DewkEwAAACwALABQAG4AhgCSAKIA1gD4AToBXgF6AagB4AIQAjwCbgKiAsQDLgNQA1wDdAOQA8ID5AQQBEIEYgSeBMIE5AUABSwFWgWGBZ4FyAXsBiAGcgayBsgG1AcMBxgHJAc+B1gHagd8B4oHugfOB9oH5AfwCAYIFAgiAAAAAQAAADwAjgAMAGQABwABAAAAAAAAAAAAAAAAAAQAA3icnJRBbxtFHMV/a6c2FSIqCEWphKo5gtSukyip2uaCQxrVIrKDNwVx3MRrexV719pdJ4SPwUfgxhfgzKkfgQNHPgAHDpzRvJnEdUCQRpWat56ZN+///m/+wFqwSp1g5T7wBjwO2OCNxzVW+cvjOt1gxeOVt/bcYxD0PW7wOPjZ4ya/BL97/B7btR89vs967VeP32er9ofHH9RN3Xi8ynbjc48f8KhRefwhDxo/OBzAs4bnDALWG795XOPjxp8e11lrNjxeYa35icf3+Ki55XGDR819fsKwxQabbGB4cv31DEObATknJBgiLimpSJhSYuiQcUpOwUz/x1obYPiUMRUVM17QosWF/oXE12yhTk5p8RmPMVyQUjHG0CehJKHg3LMdkJNRYegSM7VazDoROXMKTknMQ8K3v6U1JpPKIwpy/WJ1p5yQM2Gge0bMmRBTsEXIBtvssEubffbosbvEecXo+J78g8+d67HHS76W/pJUys0S+5icStVnnGPY1Foo95+zy5SYMxLtGpLwneqxDDuEPGWHHZ7z9J20LXuTypcYQ6WuDbTbunCGIWd4576nqtb20Z57TaauurWIyu90t2cMaOm8Ua1jeWbEPFe/C1LtDu+k5ohY3TXsE2J45Vlvn8yKS2YkHDP2ni2SGMmnigv5tnB1QiqXM2XY1j1Xpa62K2ciOhxi6Ik/W2I+XGKwb+NmmjaVFlvTQtnyvYsenxOTKuMnTLSyeGmx7m3zlXDFC8wNd0pO1YUZlfpQiiuUzyNa9Djg8IaS//dooL+uvyfMrxPiqrPJsO+7TaTuRuYhhj19d4jkyDd0OOYVPV5zrO82ffq06XJMh5c626OP4Qt6dNnXiY6wWztQyrt8i+FLOtpjuRPvj+uYfX8zqS+l3eU1ZcpMnlvloZ8uyZ06bBh61quzpc6ckjLUTqP+ZZpWMSOfipkUTuXlVTYWL8slYqpabG8X6yNyTdZCr9OyGi79fLBpdZrcFKhu0dXwTpn572l9c34d6aahVBc+LW2ps7mOKTlzuSFXfRkJZ5REcq6Ur/bM92LINYsKvYyR1Fu32kyUROuLmyHWy3/7dSR9hfrjeG22rNOTa0eH4p675PwNAAD//wEAAP//2S9cXwAAeJxiYGYAg//nGIwYsAAAAAAA//8BAAD//y8BAgMAAAA=");
+}
+.d2-4067985905 .text-mono {
+	font-family: "d2-4067985905-font-mono";
+}
+@font-face {
+	font-family: d2-4067985905-font-mono;
+	src: url("data:application/font-woff;base64,d09GRgABAAAAABdMAAoAAAAAJhAAAgm6AAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgld/X+GNtYXAAAAFUAAABBQAAAXwI/wqzZ2x5ZgAAAlwAAAyDAAAQsBeMRIxoZWFkAAAO4AAAADYAAAA2GanOOmhoZWEAAA8YAAAAJAAAACQGMwDDaG10eAAADzwAAACaAAAA8IygFbpsb2NhAAAP2AAAAHoAAAB6jDyH+G1heHAAABBUAAAAIAAAACAAcAJhbmFtZQAAEHQAAAa4AAAQztydAx9wb3N0AAAXLAAAACAAAAAg/7gAMwADAlgBkAAFAAACigJYAAAASwKKAlgAAAFeADIBIwAAAgsFCQMEAwICBCAAAvcCADgDAAAAAAAAAABBREJPAEAAIP//Au7/BgAAA9gBEWAAAZ8AAAAAAeYClAAAACAAA3icnNBJS5QBHAbw39u8NTVNy7QvU01Ny7TMVNNMG0UEHQoKAlEEEfUoXgYPoh/J5agiIoifwJN69gMILidB+AvvQebsc//B8zxI5CQoSpMOvqlIlVVUvfRaXcNbTW1ffPXdDz/98sc///Xo02/AoCHDRnVMmIog07UT/U7L5y79299M93bpEWPGTUbEtpK8AnEkjYPYj93Yi8PYibVYjZVYjqVYjIWYj83YiPXYirmYjZmYznacPolW1rWt7pUPqp565rkXatkTH71xRk7qrHPyzrug4KKi95oaPrnksiuuKrnmuhtuuuW2O+66576yBx56pOKxJxwDAAD//wEAAP//FYpGjQAAAHicZFd9bBvneX/e9yieZVEfJ/J4okTx68jjtyjxeHckRVHih0RJlqxPWrIiybIlS5RiJ7KdxnUSe57nJI3TdUrhrVnm9GMOUG9FghgF4nRF0SEJDAVzt7bpAhRLtrQN1KDbUkxTghWzjsMdKUvK/jgdoXvf93mf3/N7fr/3hQpIAuBGfB0IqAQd1AMNwFN2ymV3u1mSlNwML0msFVNJ9IG8hlBfRCN+6fLl72na0v+ePv5H+Pr2qfjVpaXhjU9+MHv+/J9uoH8EDDYAHMVrUAkUgJ7k3RznZrVaQs/rWTdLfmJ9x0rZazV1tl9+OPvhZPLTTvTowoJ0OhY7LU/hte3V9XUAAAwTANiL1+CAsg5P8WEjbdCybj4sChGOZSf++vqNv3phrO/Mo4+e6cNrf3Pj5deyzz/11NMAgGAIAFfiNahSZ1J2iqdYyk4NjaP68XH5U7wm/yfSb68iQf4HdfwxAPSH8niBp1jBTrMUTx+7eRO9dPNmDhM9PdvbOVDHPgOAm/EaVJTXpp8ZRd14bftO+XsvAK7Da9CkftczvKRXokdEUWJJgiXcrAXTVO/itE1jnVkcriAx4ZpNTHOY0FbgNfmTlRXUsL2Kem0TefNlWUb4sjk/YZPfVDBZBMBWvAa6UqX4sFEBRcuyFLWDy+LdvtMdHY/0nls+MjaeX8Zrznxv91RAvo96Uz05qbTHTHELm/ANCAJUODi3ZDSWpnNudwsWIqLIh40MyXGsQ0sbjEaGsWAlDmrrfSIQds1Hs4esgmPWngpIxzuTBWfAdpiP9bCiedqbckcLOiEQdwXjLazPXOOt9qVbw0PBoFNstkcCVk+jzlMXTLVF8mGlTsUttU60ug9OoHjKoO5FVH9qtSjYdTI27ux0e5Kukdi8LnJ2Fr0oL2ZHnM6RLHpJLsyejQACPwAO4jWoBuAJXm80MrwoSnqeuP+zyRXKXK+pb65bzv8Ur8nfjJ+Mx0/G0YntVUAgAmAHXgMTAK8neKY8UeIJPVvmLUmK79yZnq5uqNPU0LqpyTvvTM9XmylNTWP1CTSGOm4ZA83NAeMt+cfy7dsNvMXCN9xW+TtS3MIE2gQzuAEYJTuFAi2YdWhJt4owTbFKBHdYlIQaTBuMnwcPBXM3LiJTNBQ66rC5znUtHM+QhGfB4h3zFs63pXT2pF/qCxy0Sw4XHW1oOf2Q/H7aGkpzjssH7G02rwswzBS3sBmvgwHspeqypMJlki/FNKgBFao4tCRtNKIudoQlyPQoQdgn/CcKyYVc13hXn62PY3M61iri9bdmHZ5nzow9nuxemhqeZ7lNa6PCoeHiFm5Cm9Bcrt0+1qi04cOixGi1aGrgyz39T/W1T1q8lhQXzbeGxqPBQxaXZ16XODs8ejbhaxYaLaF8VBoPOU2C06Pilyhuof/dk8dOAN6tdGgJOEl4EA3VHnus82Qs0GMlNKNZkrCMmXtT9k6br9s7oHv6wtC5pN0y9cPtaJc12N23aW0MjUUn5pU42eIWbkSboAUrAHJoSTvHEbsJ0QYtad/NJZmYrUJixeFw3/menjOp5S9hLP/xgeWBQM5ucc6g24O9h/rlTOLcyNDZjotLNY0HR8dNtNjgKPXdEgBO41+AUeleVpCEiMiHdxqN5mmW2nz++bmF3qzewttS8Xv30M1khffoKXOypjLbHsjIM8o6BPQWbVhEm9AKCRgoo6NgIUTE8ktZl6fZsj44OLcKEl9mALHDANpg1JeFY2cM8qw8Pqy3WswmVpjgvdZ3L1EN4byg9xvqDULr6dmH0hcmQ6lUqCWdjuVPSNFjtKvOYR75KNeVbNFUcVamTa/Rd/mFw35dhoo0Rw55KiurzJTZHEkGD4fQ7c4I39nJRzrl5xMutkGj0XtpLggIZgBwFV4vK9sDvirSqXKVmhmtILiJ2JHR0UjCn/Xj9bfOecWFOfnniO3OBALyqwBQLMIUAPomvoc5iAKAFmKtJexXAHASr4OupNs84kk96ybplVEN0s6+9cH098/hddmC4MfyLz87c1Wd06/q5DrUlTCmWEERKD6sUuEbg2OvFgW/v5V2RHVHj6BfZ7b/WWg1dtTUqnPjALgFbSrs5SmeUdNhdnNSU3qQWzxNYn3Yl6Np3sfHRiMmu2GAaTK56tFGl8M37g4O9smvoCN5Fyd/Gx3x+ZX3DmZoEwx7YuyDLEtquMkHkKGNsS8ipvYZNqNNqFUca08n75cKhRiBrtOZzOmu0t+efL6nJ58vd3Di7Ojw2UR2aWy8UBgfU2gOM0VeXVftX2Z3d2U+sgyt36tDM1mScBwNnlhKLrQ7hmyE5koqX5Khnp/g7ydtvmfPjD6etFumX0HafTr0dQBsQptQvxeDck+R1NezJMGtZppCRr3J2SydDKCNc+3Zyqpc5YHOAfk3gCBX3MI1aBM8/88LVSj2OeGOD4q5pwKcbzGT7KBT6dm5xYVowelxjIaS4Uz/yIQ9PKcLWkWLM2jVW8zVhozUPuQyCYzZZ7Y66iif6HKnPSpHuotb2IGvQEMZeYEVJIlXhEBp1rLkXMuNss99tSr7+98LPWy0sd7ep+OnEhvJihs3Mr9NZXUHEzoKEAwWt9Af0IbCBcZRtlJlCaqslp9PjI7xHb5uz2iG1LgmdQtzqEX+sDvjD6ERuTHvFwEBD4BdaEPxUfs+H0Xwk7HV2qZqTbWpdnXoXbQh/4crx7I5FzLIjaX+6gLADNpQvVRy7/FSktn10q4ffO+hwermWk2Nubpv4tW/m8rX2us0tZba4fu/e1jvNxgChuX/+myVbqGNfmZVXbetGMJutAGNSl7l8kjSvt3V4D9xmqmDTBXfVV/7m7HzNdZaTXWTbuXw+/Xi0M8OpghNe9CJfiv/t62fZfvsqHp7s3UgCIRaewpfgypggN1xmRJJ9zJf2vN/FFh58smVh5944uFMPp9RHpPLZTK5XLrXvvWdW7e+863X0leeu3bx4rXnrvyT02plWavVqeZxHADX40uq/qhnTFGUFKE7/uafRQetHd/NoveFA0zd9t1sCc9uAHwQX1PPkUISlzvF/aCJSFHkebrv1F8MZnPBQWvIv5CZW+1/esLSYf5529zaY4LUE7SFAsJSPvHks0NYkwOsnESwHV+CSoUlEq9sQSmLXrALSNkLS1/5FBGootZRl5LvoM7J+fnNu40djUyIkSOvS+gb8mPp1wFBtLiFD+JLOycMqXxmK29Rb6ft5K6GIEv+lMtrG+8K9vuP5DxRR4BGy/JHlFlwdcy3Z07pRLtoDjrTgXS/QW9GfO5Huhr/ZHf38bDqdYo/6/E1sIAPpF2F2vU51aLpUmcSu0UzEuU2LrlaS+9yzNPp8MT4o7HZQszDxuziIjOc7hQywUGUGxQeirZ0TuqCw+FAV0udxtQfbuv3zvUHh8wayp9oCR0OokK8J5SOhrgwK9/tbAvyDr0p3Sp0A1bP0zqVR14AfanvVM3Q76Ijqbq3K641+IXuDHfEfXAsFzu8Gp+0tTSkXfwRCbtn2iYfaT8e7XkkFTg0h36U6vEEZ44Pbv+P2xxhzJEvL3KB+RMd05HsV5bmns27Fa78S3ELXYSXlftLxT6uOkIhhyMU0oVcXCjEuULFYmksJrAbfABoEbTKGzCcLm6hf8N/CyZwAUhckvgC42oIhtyz9ibZ1MY7JYlLNbU5puNjS04hbKlotvj9Fovf/4m/iw+1Wb1Ra1OQbcnnvO1trXH3ls/Jer2s06f4dB75MYGWsVZxSkCQKD6GzcUfAgHACHY6gT76ai4HCH5aHEb/ij9QNKmidMJh1Ioy6HbhwoVCcGFubuH1kY9feOHjEV/+3UuX3s2X+ueJ4jD6Smke41bJqVSCNmi/Gzx57NjJYOHChdfLE3zqdEDwq2IBfY7fAVJxrNId8FeIfu+9F4np0DYOqeueKBbQ+fKY0l2ROvHee4h+MYTl0P1X1DHzxTn0Gb6r5oJ4NI96++U3v00s3n9p925L4mtAKGdOPS+xhMQKvPrwpPrQrPqwEkt+fLX+asE0PFGfn2YE41VGMKq/TaLpqglVXJeX7sWux+/cuXMnfj127949JX4eCpjAAYUPLoEVeKHkKajqjTfSb7xReDv59tvJt5UawN9jAv0CcxCHh0GpxJ+rZ6hXcBSdIiqxFtrVfJQz1dfQhnLntasZo8SvUQTdzKjij+B3eAA9gu8p8dA+/pk5zmzmODzANjezylOqTbn2Cj56wU7n0WvIn0yWvpVjK9+QW2JQ6uX413D0L6O3/g8AAP//AQAA//+mT5TyAAABAAAAAgm6DcSxi18PPPUAAwPoAAAAANwdDfcAAAAA3BxzS/8//joDGQQkAAAAAwACAAAAAAAAAAEAAAPY/u8AAAJY/z//PwMZAAEAAAAAAAAAAAAAAAAAAAA8eJw0j0EqBQAQhr++k9hZWElJekkhUsLi5UtJKEq5gAM4gDM4kL2VrVPo1bzF3zTfTP/MbxwYGBvGjXFp3BsfxpnxbBwN3zJ2jWvjzrgyFsax8TL7K35rvBrnxv6wxdRP49Q4MS6MHePQ2B7+MLNNY2+8V/d/Rm/Gcvy+jXfj13g0nibDcvQ1v/yt+38AAAD//wEAAP//u9wq0wAAAAAAKgAqAE4AbACEAJoAqgDYAPwBQAFkAYABrgHqAh4CTgKCArgC3ANGA2oDdgOQA64D4AQCBC4EYgSCBMAE5gUIBSYFUgWABbYFzgX4BhwGUgakBuQG+gcGBz4HRgdSB24HiAeaB6wHvAfsCAAIDAgUCCQIPAhKCFgAAAABAAAAPAH4ACoAZQAGAAEAAAAAAAAAAAAAAAAAAwADeJyclktsk9kVx3/OuQG/eBlUDQhVVyOEpgiMnUnATSDgkAHCIEJJZtoKUdUkxrFI7Mh2YOhiFl1WXXVddTNdtBK0CiVqJoFCIKRqBarURTWrrrqouuiqmkVX1Xe+48RxEjqDkMjvPs7/nte9/oCLcgsh4qIRSIJxhCRJ4w4O8Y6xkOSUsSPJReNOkowabyPJD423k2LSOMphPjWOcZhfGsc5wp+NE5zgP8ZJBiNHjHfSG6kY7+Jg5FfGu+mKLBvvafEzxcHIl8Z7V3ViwEpHyjjCNzu+MO5gZ8eXxsJlccauZU8n43LVeBtH5JHxdp7J342jdLtfGMfodn81TtDVuc14h/jOnPFOuqPfCzkCu6M/NY6wO/pz4w4ORO8bC8noirEjFTX9SCep6D+Mt5GKWixB/mNR4yiHYgeMY/hYv3Gco7EfGCfIxH5inCQdWzDeQVfsn8Y7ycWbOrs4HL9mvJtT8U+M97T4nOLduOUqsrdFc9+q5v4IpOJ/M46QijfnO3g3/l9jYV/ioLHjQCJj3MmBxCXjbRxIjBtvZ1/iU+MomcTPjGO8l3huHOdo4l/GCbqT3zBOkks2NXdyKvlj411kkn8w3s3F5L+N97T4maJrxwnjvYGOzMozWZRXeAotXKKM5zCeSbw8ljm8zMqCLMmcPJZX8kTm5Ll8JvflsfweH7kkS/JA/iRP8PKwhedbeEU+kweyJA/lc1mQp3iXlQV5KUvyuSzKos6+MvtZ+aO8xnO94wtuBGfII3mgKqEvC3Jf5mVOlgMdrpPhhizLS3kmT+V3ar+ier/ByzOZldeyKLO689gWO5/Kc43xhSzLnCzJb+VFc5brHOGGvJDX8lgeylNZDE4NzpaXeHmkM7NqE85s7uOhLU6+j5c5eSKzmoUgy8vNefX3qJ7ekl+OqqdrdWvJd9taSccb895SFduxWkl+jaeLDFkyeI7ZqEtHecapcpMinhHuUadBkSnqeIaoMEaVGtP6f0HXxvG8xwQNGkzTy3GOc1f/pSmsqqXVcorjfCvwh7uUaTCB5xpF6hSpccfUzlOlQgPPFQpMBb74dxihygw1xij6/aRbx3jOUWVc6So1qqpaYoZJCtToIk2G98nRR55BBhimb51C0z60PtZmH1oNM8AHfKy+1imrl36d9gRVGhpphTt4srqWJkuWE/QxRYHbFHXXLYp8oh4HCj2kOUEPJ7QuX92z9Vkoa50KeBpan3GtXbDvNp4qt966wmWNNahYYPcRFa1fuDZCw3aGp1cY57jae410QjPmVXlGK1ujrLvTb+XNVQoav2eQNJ6Lphr01ahmN/g7o/0W+F2k8jX6s8E9pikyyoTlc60fRzSHDe5qTtcyPklZK1DRTg5yMqNZCONuZm2EIS7jGVb9yjrly+sUgkja+yyrfZTW2CY2PXet/ncoUNYOucmkrqzdt4Kem+c7yg168W3ZqTOmFZqmoTWqq1Zaa1DiOMOc53KbJ/8/R+P6N6z9TWZWuyeMLuia4JbnGdHKj/j9eAZ0PMSIZuS7DDHKRYb5iFEd57nGNfJcYZQhPlDbYa7pezDMFQbVYkg5XDuvN+AK38fzIUO6J9AuWn7CigU3c1q9r6vvYS+XmWJacx54ntZYixrh16+w55apNm3rajNGmVu602v9KnrXC5SsK6bVwynNZbM31m5d2BFTGktQ27X1ElV9X2t6cwNVzz17O4JuDX0KX4jGV6hq+q16pr6aw6L6vH5cst+Bsr6N4avT/EYZ0V+Csv5+janXgW0QUfB72T4zv2FmRWtV4yblsNdkhXPc09Mm7R55bmpsahF+mVDXKtS1RoFHP1KVavObxF6LKiV9n6Y1c2N6o+7pKOwC/SrZcm/BXr2aZv1283tkw9nBWzVp777X2EqmfogbFJg0lYq9lJ4KM/r7WdPV8K5pbGTf6E+7Ur31S2VDFY/q295ek/babrZLv2baK+Oy66q9md2KO+POun6XdwOu330b7zLtM5Tcx3iXw7u/4F0e7066jMu7HnfB9bqMO+VyLu8ySnnX63KBVeSScr9qndEdp92HwYo83HJlfsuVFT3vrMuuneCySmddzvW5PpdzF1yPrmbcMN71urMu4waCcbMH1e8LqtPrTrtzbiBUd6ddv+tzl5u96AZczp1x/e591RhsObPb9bjBwLNmL266N/TgpOtyPe6k63b9Yaaa/bilHyfdaZdxvXpOv0aVCVSbnbmFXz1WkVMaf7BnwPUEGWnttY11DvrhjTXakG+12NAdb9SZ36wz3mix8j8AAAD//wEAAP//m5W4BwADAAAAAAAA/7UAMgAAAAEAAAAAAAAAAAAAAAAAAAAA");
+}]]></style><style type="text/css"><![CDATA[.shape {
+  shape-rendering: geometricPrecision;
+  stroke-linejoin: round;
+}
+.connection {
+  stroke-linecap: round;
+  stroke-linejoin: round;
+}
+.blend {
+  mix-blend-mode: multiply;
+  opacity: 0.5;
+}
+
+		.d2-4067985905 .fill-N1{fill:#0A0F25;}
+		.d2-4067985905 .fill-N2{fill:#676C7E;}
+		.d2-4067985905 .fill-N3{fill:#9499AB;}
+		.d2-4067985905 .fill-N4{fill:#CFD2DD;}
+		.d2-4067985905 .fill-N5{fill:#DEE1EB;}
+		.d2-4067985905 .fill-N6{fill:#EEF1F8;}
+		.d2-4067985905 .fill-N7{fill:#FFFFFF;}
+		.d2-4067985905 .fill-B1{fill:#0D32B2;}
+		.d2-4067985905 .fill-B2{fill:#0D32B2;}
+		.d2-4067985905 .fill-B3{fill:#E3E9FD;}
+		.d2-4067985905 .fill-B4{fill:#E3E9FD;}
+		.d2-4067985905 .fill-B5{fill:#EDF0FD;}
+		.d2-4067985905 .fill-B6{fill:#F7F8FE;}
+		.d2-4067985905 .fill-AA2{fill:#4A6FF3;}
+		.d2-4067985905 .fill-AA4{fill:#EDF0FD;}
+		.d2-4067985905 .fill-AA5{fill:#F7F8FE;}
+		.d2-4067985905 .fill-AB4{fill:#EDF0FD;}
+		.d2-4067985905 .fill-AB5{fill:#F7F8FE;}
+		.d2-4067985905 .stroke-N1{stroke:#0A0F25;}
+		.d2-4067985905 .stroke-N2{stroke:#676C7E;}
+		.d2-4067985905 .stroke-N3{stroke:#9499AB;}
+		.d2-4067985905 .stroke-N4{stroke:#CFD2DD;}
+		.d2-4067985905 .stroke-N5{stroke:#DEE1EB;}
+		.d2-4067985905 .stroke-N6{stroke:#EEF1F8;}
+		.d2-4067985905 .stroke-N7{stroke:#FFFFFF;}
+		.d2-4067985905 .stroke-B1{stroke:#0D32B2;}
+		.d2-4067985905 .stroke-B2{stroke:#0D32B2;}
+		.d2-4067985905 .stroke-B3{stroke:#E3E9FD;}
+		.d2-4067985905 .stroke-B4{stroke:#E3E9FD;}
+		.d2-4067985905 .stroke-B5{stroke:#EDF0FD;}
+		.d2-4067985905 .stroke-B6{stroke:#F7F8FE;}
+		.d2-4067985905 .stroke-AA2{stroke:#4A6FF3;}
+		.d2-4067985905 .stroke-AA4{stroke:#EDF0FD;}
+		.d2-4067985905 .stroke-AA5{stroke:#F7F8FE;}
+		.d2-4067985905 .stroke-AB4{stroke:#EDF0FD;}
+		.d2-4067985905 .stroke-AB5{stroke:#F7F8FE;}
+		.d2-4067985905 .background-color-N1{background-color:#0A0F25;}
+		.d2-4067985905 .background-color-N2{background-color:#676C7E;}
+		.d2-4067985905 .background-color-N3{background-color:#9499AB;}
+		.d2-4067985905 .background-color-N4{background-color:#CFD2DD;}
+		.d2-4067985905 .background-color-N5{background-color:#DEE1EB;}
+		.d2-4067985905 .background-color-N6{background-color:#EEF1F8;}
+		.d2-4067985905 .background-color-N7{background-color:#FFFFFF;}
+		.d2-4067985905 .background-color-B1{background-color:#0D32B2;}
+		.d2-4067985905 .background-color-B2{background-color:#0D32B2;}
+		.d2-4067985905 .background-color-B3{background-color:#E3E9FD;}
+		.d2-4067985905 .background-color-B4{background-color:#E3E9FD;}
+		.d2-4067985905 .background-color-B5{background-color:#EDF0FD;}
+		.d2-4067985905 .background-color-B6{background-color:#F7F8FE;}
+		.d2-4067985905 .background-color-AA2{background-color:#4A6FF3;}
+		.d2-4067985905 .background-color-AA4{background-color:#EDF0FD;}
+		.d2-4067985905 .background-color-AA5{background-color:#F7F8FE;}
+		.d2-4067985905 .background-color-AB4{background-color:#EDF0FD;}
+		.d2-4067985905 .background-color-AB5{background-color:#F7F8FE;}
+		.d2-4067985905 .color-N1{color:#0A0F25;}
+		.d2-4067985905 .color-N2{color:#676C7E;}
+		.d2-4067985905 .color-N3{color:#9499AB;}
+		.d2-4067985905 .color-N4{color:#CFD2DD;}
+		.d2-4067985905 .color-N5{color:#DEE1EB;}
+		.d2-4067985905 .color-N6{color:#EEF1F8;}
+		.d2-4067985905 .color-N7{color:#FFFFFF;}
+		.d2-4067985905 .color-B1{color:#0D32B2;}
+		.d2-4067985905 .color-B2{color:#0D32B2;}
+		.d2-4067985905 .color-B3{color:#E3E9FD;}
+		.d2-4067985905 .color-B4{color:#E3E9FD;}
+		.d2-4067985905 .color-B5{color:#EDF0FD;}
+		.d2-4067985905 .color-B6{color:#F7F8FE;}
+		.d2-4067985905 .color-AA2{color:#4A6FF3;}
+		.d2-4067985905 .color-AA4{color:#EDF0FD;}
+		.d2-4067985905 .color-AA5{color:#F7F8FE;}
+		.d2-4067985905 .color-AB4{color:#EDF0FD;}
+		.d2-4067985905 .color-AB5{color:#F7F8FE;}.appendix text.text{fill:#0A0F25}.md{--color-fg-default:#0A0F25;--color-fg-muted:#676C7E;--color-fg-subtle:#9499AB;--color-canvas-default:#FFFFFF;--color-canvas-subtle:#EEF1F8;--color-border-default:#0D32B2;--color-border-muted:#0D32B2;--color-neutral-muted:#EEF1F8;--color-accent-fg:#0D32B2;--color-accent-emphasis:#0D32B2;--color-attention-subtle:#676C7E;--color-danger-fg:red;}.sketch-overlay-B1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B2{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B3{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-AA4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-N2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-N3{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N4{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N7{fill:url(#streaks-bright);mix-blend-mode:darken}.light-code{display: block}.dark-code{display: none}]]></style><style type="text/css">.d2-4067985905 .md em,
+.d2-4067985905 .md dfn {
+  font-family: "d2-4067985905-font-italic";
+}
+
+.d2-4067985905 .md b,
+.d2-4067985905 .md strong {
+  font-family: "d2-4067985905-font-bold";
+}
+
+.d2-4067985905 .md code,
+.d2-4067985905 .md kbd,
+.d2-4067985905 .md pre,
+.d2-4067985905 .md samp {
+  font-family: "d2-4067985905-font-mono";
+  font-size: 1em;
+}
+
+.d2-4067985905 .md {
+  tab-size: 4;
+}
+
+/* variables are provided in d2renderers/d2svg/d2svg.go */
+
+.d2-4067985905 .md {
+  -ms-text-size-adjust: 100%;
+  -webkit-text-size-adjust: 100%;
+  margin: 0;
+  color: var(--color-fg-default);
+  background-color: transparent; /* we don't want to define the background color */
+  font-family: "d2-4067985905-font-regular";
+  font-size: 16px;
+  line-height: 1.5;
+  word-wrap: break-word;
+}
+
+.d2-4067985905 .md details,
+.d2-4067985905 .md figcaption,
+.d2-4067985905 .md figure {
+  display: block;
+}
+
+.d2-4067985905 .md summary {
+  display: list-item;
+}
+
+.d2-4067985905 .md [hidden] {
+  display: none !important;
+}
+
+.d2-4067985905 .md a {
+  background-color: transparent;
+  color: var(--color-accent-fg);
+  text-decoration: none;
+}
+
+.d2-4067985905 .md a:active,
+.d2-4067985905 .md a:hover {
+  outline-width: 0;
+}
+
+.d2-4067985905 .md abbr[title] {
+  border-bottom: none;
+  text-decoration: underline dotted;
+}
+
+.d2-4067985905 .md dfn {
+  font-style: italic;
+}
+
+.d2-4067985905 .md h1 {
+  margin: 0.67em 0;
+  padding-bottom: 0.3em;
+  font-size: 2em;
+  border-bottom: 1px solid var(--color-border-muted);
+}
+
+.d2-4067985905 .md mark {
+  background-color: var(--color-attention-subtle);
+  color: var(--color-text-primary);
+}
+
+.d2-4067985905 .md small {
+  font-size: 90%;
+}
+
+.d2-4067985905 .md sub,
+.d2-4067985905 .md sup {
+  font-size: 75%;
+  line-height: 0;
+  position: relative;
+  vertical-align: baseline;
+}
+
+.d2-4067985905 .md sub {
+  bottom: -0.25em;
+}
+
+.d2-4067985905 .md sup {
+  top: -0.5em;
+}
+
+.d2-4067985905 .md img {
+  border-style: none;
+  max-width: 100%;
+  box-sizing: content-box;
+  background-color: var(--color-canvas-default);
+}
+
+.d2-4067985905 .md figure {
+  margin: 1em 40px;
+}
+
+.d2-4067985905 .md hr {
+  box-sizing: content-box;
+  overflow: hidden;
+  background: transparent;
+  border-bottom: 1px solid var(--color-border-muted);
+  height: 0.25em;
+  padding: 0;
+  margin: 24px 0;
+  background-color: var(--color-border-default);
+  border: 0;
+}
+
+.d2-4067985905 .md input {
+  font: inherit;
+  margin: 0;
+  overflow: visible;
+  font-family: inherit;
+  font-size: inherit;
+  line-height: inherit;
+}
+
+.d2-4067985905 .md [type="button"],
+.d2-4067985905 .md [type="reset"],
+.d2-4067985905 .md [type="submit"] {
+  -webkit-appearance: button;
+}
+
+.d2-4067985905 .md [type="button"]::-moz-focus-inner,
+.d2-4067985905 .md [type="reset"]::-moz-focus-inner,
+.d2-4067985905 .md [type="submit"]::-moz-focus-inner {
+  border-style: none;
+  padding: 0;
+}
+
+.d2-4067985905 .md [type="button"]:-moz-focusring,
+.d2-4067985905 .md [type="reset"]:-moz-focusring,
+.d2-4067985905 .md [type="submit"]:-moz-focusring {
+  outline: 1px dotted ButtonText;
+}
+
+.d2-4067985905 .md [type="checkbox"],
+.d2-4067985905 .md [type="radio"] {
+  box-sizing: border-box;
+  padding: 0;
+}
+
+.d2-4067985905 .md [type="number"]::-webkit-inner-spin-button,
+.d2-4067985905 .md [type="number"]::-webkit-outer-spin-button {
+  height: auto;
+}
+
+.d2-4067985905 .md [type="search"] {
+  -webkit-appearance: textfield;
+  outline-offset: -2px;
+}
+
+.d2-4067985905 .md [type="search"]::-webkit-search-cancel-button,
+.d2-4067985905 .md [type="search"]::-webkit-search-decoration {
+  -webkit-appearance: none;
+}
+
+.d2-4067985905 .md ::-webkit-input-placeholder {
+  color: inherit;
+  opacity: 0.54;
+}
+
+.d2-4067985905 .md ::-webkit-file-upload-button {
+  -webkit-appearance: button;
+  font: inherit;
+}
+
+.d2-4067985905 .md a:hover {
+  text-decoration: underline;
+}
+
+.d2-4067985905 .md hr::before {
+  display: table;
+  content: "";
+}
+
+.d2-4067985905 .md hr::after {
+  display: table;
+  clear: both;
+  content: "";
+}
+
+.d2-4067985905 .md table {
+  border-spacing: 0;
+  border-collapse: collapse;
+  display: block;
+  width: max-content;
+  max-width: 100%;
+  overflow: auto;
+}
+
+.d2-4067985905 .md td,
+.d2-4067985905 .md th {
+  padding: 0;
+}
+
+.d2-4067985905 .md details summary {
+  cursor: pointer;
+}
+
+.d2-4067985905 .md details:not([open]) > *:not(summary) {
+  display: none !important;
+}
+
+.d2-4067985905 .md kbd {
+  display: inline-block;
+  padding: 3px 5px;
+  color: var(--color-fg-default);
+  vertical-align: middle;
+  background-color: var(--color-canvas-subtle);
+  border: solid 1px var(--color-neutral-muted);
+  border-bottom-color: var(--color-neutral-muted);
+  border-radius: 6px;
+  box-shadow: inset 0 -1px 0 var(--color-neutral-muted);
+}
+
+.d2-4067985905 .md h1,
+.d2-4067985905 .md h2,
+.d2-4067985905 .md h3,
+.d2-4067985905 .md h4,
+.d2-4067985905 .md h5,
+.d2-4067985905 .md h6 {
+  margin-top: 24px;
+  margin-bottom: 16px;
+  font-weight: 400;
+  line-height: 1.25;
+  font-family: "d2-4067985905-font-semibold";
+}
+
+.d2-4067985905 .md h2 {
+  padding-bottom: 0.3em;
+  font-size: 1.5em;
+  border-bottom: 1px solid var(--color-border-muted);
+}
+
+.d2-4067985905 .md h3 {
+  font-size: 1.25em;
+}
+
+.d2-4067985905 .md h4 {
+  font-size: 1em;
+}
+
+.d2-4067985905 .md h5 {
+  font-size: 0.875em;
+}
+
+.d2-4067985905 .md h6 {
+  font-size: 0.85em;
+  color: var(--color-fg-muted);
+}
+
+.d2-4067985905 .md p {
+  margin-top: 0;
+  margin-bottom: 10px;
+}
+
+.d2-4067985905 .md blockquote {
+  margin: 0;
+  padding: 0 1em;
+  color: var(--color-fg-muted);
+  border-left: 0.25em solid var(--color-border-default);
+}
+
+.d2-4067985905 .md ul,
+.d2-4067985905 .md ol {
+  margin-top: 0;
+  margin-bottom: 0;
+  padding-left: 2em;
+}
+
+.d2-4067985905 .md ol ol,
+.d2-4067985905 .md ul ol {
+  list-style-type: lower-roman;
+}
+
+.d2-4067985905 .md ul ul ol,
+.d2-4067985905 .md ul ol ol,
+.d2-4067985905 .md ol ul ol,
+.d2-4067985905 .md ol ol ol {
+  list-style-type: lower-alpha;
+}
+
+.d2-4067985905 .md dd {
+  margin-left: 0;
+}
+
+.d2-4067985905 .md pre {
+  margin-top: 0;
+  margin-bottom: 0;
+  word-wrap: normal;
+}
+
+.d2-4067985905 .md ::placeholder {
+  color: var(--color-fg-subtle);
+  opacity: 1;
+}
+
+.d2-4067985905 .md input::-webkit-outer-spin-button,
+.d2-4067985905 .md input::-webkit-inner-spin-button {
+  margin: 0;
+  -webkit-appearance: none;
+  appearance: none;
+}
+
+.d2-4067985905 .md::before {
+  display: table;
+  content: "";
+}
+
+.d2-4067985905 .md::after {
+  display: table;
+  clear: both;
+  content: "";
+}
+
+.d2-4067985905 .md > *:first-child {
+  margin-top: 0 !important;
+}
+
+.d2-4067985905 .md > *:last-child {
+  margin-bottom: 0 !important;
+}
+
+.d2-4067985905 .md a:not([href]) {
+  color: inherit;
+  text-decoration: none;
+}
+
+.d2-4067985905 .md .absent {
+  color: var(--color-danger-fg);
+}
+
+.d2-4067985905 .md .anchor {
+  float: left;
+  padding-right: 4px;
+  margin-left: -20px;
+  line-height: 1;
+}
+
+.d2-4067985905 .md .anchor:focus {
+  outline: none;
+}
+
+.d2-4067985905 .md p,
+.d2-4067985905 .md blockquote,
+.d2-4067985905 .md ul,
+.d2-4067985905 .md ol,
+.d2-4067985905 .md dl,
+.d2-4067985905 .md table,
+.d2-4067985905 .md pre,
+.d2-4067985905 .md details {
+  margin-top: 0;
+  margin-bottom: 16px;
+}
+
+.d2-4067985905 .md blockquote > :first-child {
+  margin-top: 0;
+}
+
+.d2-4067985905 .md blockquote > :last-child {
+  margin-bottom: 0;
+}
+
+.d2-4067985905 .md sup > a::before {
+  content: "[";
+}
+
+.d2-4067985905 .md sup > a::after {
+  content: "]";
+}
+
+.d2-4067985905 .md h1:hover .anchor,
+.d2-4067985905 .md h2:hover .anchor,
+.d2-4067985905 .md h3:hover .anchor,
+.d2-4067985905 .md h4:hover .anchor,
+.d2-4067985905 .md h5:hover .anchor,
+.d2-4067985905 .md h6:hover .anchor {
+  text-decoration: none;
+}
+
+.d2-4067985905 .md h1 tt,
+.d2-4067985905 .md h1 code,
+.d2-4067985905 .md h2 tt,
+.d2-4067985905 .md h2 code,
+.d2-4067985905 .md h3 tt,
+.d2-4067985905 .md h3 code,
+.d2-4067985905 .md h4 tt,
+.d2-4067985905 .md h4 code,
+.d2-4067985905 .md h5 tt,
+.d2-4067985905 .md h5 code,
+.d2-4067985905 .md h6 tt,
+.d2-4067985905 .md h6 code {
+  padding: 0 0.2em;
+  font-size: inherit;
+}
+
+.d2-4067985905 .md ul.no-list,
+.d2-4067985905 .md ol.no-list {
+  padding: 0;
+  list-style-type: none;
+}
+
+.d2-4067985905 .md ol[type="1"] {
+  list-style-type: decimal;
+}
+
+.d2-4067985905 .md ol[type="a"] {
+  list-style-type: lower-alpha;
+}
+
+.d2-4067985905 .md ol[type="i"] {
+  list-style-type: lower-roman;
+}
+
+.d2-4067985905 .md div > ol:not([type]) {
+  list-style-type: decimal;
+}
+
+.d2-4067985905 .md ul ul,
+.d2-4067985905 .md ul ol,
+.d2-4067985905 .md ol ol,
+.d2-4067985905 .md ol ul {
+  margin-top: 0;
+  margin-bottom: 0;
+}
+
+.d2-4067985905 .md li > p {
+  margin-top: 16px;
+}
+
+.d2-4067985905 .md li + li {
+  margin-top: 0.25em;
+}
+
+.d2-4067985905 .md dl {
+  padding: 0;
+}
+
+.d2-4067985905 .md dl dt {
+  padding: 0;
+  margin-top: 16px;
+  font-size: 1em;
+  font-style: italic;
+  font-family: "d2-4067985905-font-semibold";
+}
+
+.d2-4067985905 .md dl dd {
+  padding: 0 16px;
+  margin-bottom: 16px;
+}
+
+.d2-4067985905 .md table th {
+  font-family: "d2-4067985905-font-semibold";
+}
+
+.d2-4067985905 .md table th,
+.d2-4067985905 .md table td {
+  padding: 6px 13px;
+  border: 1px solid var(--color-border-default);
+}
+
+.d2-4067985905 .md table tr {
+  background-color: var(--color-canvas-default);
+  border-top: 1px solid var(--color-border-muted);
+}
+
+.d2-4067985905 .md table tr:nth-child(2n) {
+  background-color: var(--color-canvas-subtle);
+}
+
+.d2-4067985905 .md table img {
+  background-color: transparent;
+}
+
+.d2-4067985905 .md img[align="right"] {
+  padding-left: 20px;
+}
+
+.d2-4067985905 .md img[align="left"] {
+  padding-right: 20px;
+}
+
+.d2-4067985905 .md span.frame {
+  display: block;
+  overflow: hidden;
+}
+
+.d2-4067985905 .md span.frame > span {
+  display: block;
+  float: left;
+  width: auto;
+  padding: 7px;
+  margin: 13px 0 0;
+  overflow: hidden;
+  border: 1px solid var(--color-border-default);
+}
+
+.d2-4067985905 .md span.frame span img {
+  display: block;
+  float: left;
+}
+
+.d2-4067985905 .md span.frame span span {
+  display: block;
+  padding: 5px 0 0;
+  clear: both;
+  color: var(--color-fg-default);
+}
+
+.d2-4067985905 .md span.align-center {
+  display: block;
+  overflow: hidden;
+  clear: both;
+}
+
+.d2-4067985905 .md span.align-center > span {
+  display: block;
+  margin: 13px auto 0;
+  overflow: hidden;
+  text-align: center;
+}
+
+.d2-4067985905 .md span.align-center span img {
+  margin: 0 auto;
+  text-align: center;
+}
+
+.d2-4067985905 .md span.align-right {
+  display: block;
+  overflow: hidden;
+  clear: both;
+}
+
+.d2-4067985905 .md span.align-right > span {
+  display: block;
+  margin: 13px 0 0;
+  overflow: hidden;
+  text-align: right;
+}
+
+.d2-4067985905 .md span.align-right span img {
+  margin: 0;
+  text-align: right;
+}
+
+.d2-4067985905 .md span.float-left {
+  display: block;
+  float: left;
+  margin-right: 13px;
+  overflow: hidden;
+}
+
+.d2-4067985905 .md span.float-left span {
+  margin: 13px 0 0;
+}
+
+.d2-4067985905 .md span.float-right {
+  display: block;
+  float: right;
+  margin-left: 13px;
+  overflow: hidden;
+}
+
+.d2-4067985905 .md span.float-right > span {
+  display: block;
+  margin: 13px auto 0;
+  overflow: hidden;
+  text-align: right;
+}
+
+.d2-4067985905 .md code,
+.d2-4067985905 .md tt {
+  padding: 0.2em 0.4em;
+  margin: 0;
+  font-size: 85%;
+  background-color: var(--color-neutral-muted);
+  border-radius: 6px;
+}
+
+.d2-4067985905 .md code br,
+.d2-4067985905 .md tt br {
+  display: none;
+}
+
+.d2-4067985905 .md del code {
+  text-decoration: inherit;
+}
+
+.d2-4067985905 .md pre code {
+  font-size: 100%;
+}
+
+.d2-4067985905 .md pre > code {
+  padding: 0;
+  margin: 0;
+  word-break: normal;
+  white-space: pre;
+  background: transparent;
+  border: 0;
+}
+
+.d2-4067985905 .md .highlight {
+  margin-bottom: 16px;
+}
+
+.d2-4067985905 .md .highlight pre {
+  margin-bottom: 0;
+  word-break: normal;
+}
+
+.d2-4067985905 .md .highlight pre,
+.d2-4067985905 .md pre {
+  padding: 16px;
+  overflow: auto;
+  font-size: 85%;
+  line-height: 1.45;
+  background-color: var(--color-canvas-subtle);
+  border-radius: 6px;
+}
+
+.d2-4067985905 .md pre code,
+.d2-4067985905 .md pre tt {
+  display: inline;
+  max-width: auto;
+  padding: 0;
+  margin: 0;
+  overflow: visible;
+  line-height: inherit;
+  word-wrap: normal;
+  background-color: transparent;
+  border: 0;
+}
+
+.d2-4067985905 .md .csv-data td,
+.d2-4067985905 .md .csv-data th {
+  padding: 5px;
+  overflow: hidden;
+  font-size: 12px;
+  line-height: 1;
+  text-align: left;
+  white-space: nowrap;
+}
+
+.d2-4067985905 .md .csv-data .blob-num {
+  padding: 10px 8px 9px;
+  text-align: right;
+  background: var(--color-canvas-default);
+  border: 0;
+}
+
+.d2-4067985905 .md .csv-data tr {
+  border-top: 0;
+}
+
+.d2-4067985905 .md .csv-data th {
+  font-family: "d2-4067985905-font-semibold";
+  background: var(--color-canvas-subtle);
+  border-top: 0;
+}
+
+.d2-4067985905 .md .footnotes {
+  font-size: 12px;
+  color: var(--color-fg-muted);
+  border-top: 1px solid var(--color-border-default);
+}
+
+.d2-4067985905 .md .footnotes ol {
+  padding-left: 16px;
+}
+
+.d2-4067985905 .md .footnotes li {
+  position: relative;
+}
+
+.d2-4067985905 .md .footnotes li:target::before {
+  position: absolute;
+  top: -8px;
+  right: -8px;
+  bottom: -8px;
+  left: -24px;
+  pointer-events: none;
+  content: "";
+  border: 2px solid var(--color-accent-emphasis);
+  border-radius: 6px;
+}
+
+.d2-4067985905 .md .footnotes li:target {
+  color: var(--color-fg-default);
+}
+
+.d2-4067985905 .md .task-list-item {
+  list-style-type: none;
+}
+
+.d2-4067985905 .md .task-list-item label {
+  font-weight: 400;
+}
+
+.d2-4067985905 .md .task-list-item.enabled label {
+  cursor: pointer;
+}
+
+.d2-4067985905 .md .task-list-item + .task-list-item {
+  margin-top: 3px;
+}
+
+.d2-4067985905 .md .task-list-item .handle {
+  display: none;
+}
+
+.d2-4067985905 .md .task-list-item-checkbox {
+  margin: 0 0.2em 0.25em -1.6em;
+  vertical-align: middle;
+}
+
+.d2-4067985905 .md .contains-task-list:dir(rtl) .task-list-item-checkbox {
+  margin: 0 -1.6em 0.25em 0.2em;
+}
+</style><g id="title"><g class="shape" ></g><g><foreignObject requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" x="0.000000" y="0.000000" width="954" height="90"><div xmlns="http://www.w3.org/1999/xhtml" class="md" style="font-size:25px"><h1>Label = <code>509</code></h1>
+</div></foreignObject></g></g><g id="metadata-signed"><g class="shape" ><rect x="0.000000" y="130.000000" width="954.000000" height="216.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="0.000000" y="130.000000" width="954.000000" height="36.000000" class="class_header fill-N1" /><text x="10.000000" y="155.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">metadata-signed</text><text x="10.000000" y="189.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">0 : purpose</text><text x="265.000000" y="189.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">128bit UUID V4 of the Metadata Purpose</text><text x="944.000000" y="189.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="0.000000" x2="954.000000" y1="202.000000" y2="202.000000" class=" stroke-N1" style="stroke-width:2" /><text x="10.000000" y="225.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">1 : txn-inputs-hash</text><text x="265.000000" y="225.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Hash of the transaction inputs</text><text x="944.000000" y="225.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="0.000000" x2="954.000000" y1="238.000000" y2="238.000000" class=" stroke-N1" style="stroke-width:2" /><text x="10.000000" y="261.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">?2 : previous_transaction_id</text><text x="265.000000" y="261.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Hash of the immediately proceeding registration in a series of updates (optional)</text><text x="944.000000" y="261.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="0.000000" x2="954.000000" y1="274.000000" y2="274.000000" class=" stroke-N1" style="stroke-width:2" /><text x="10.000000" y="297.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">10/11/12 = X509 chunks</text><text x="265.000000" y="297.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + x509_chunk ] - x509 Update Data (Preferably compressed).</text><text x="944.000000" y="297.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="0.000000" x2="954.000000" y1="310.000000" y2="310.000000" class=" stroke-N1" style="stroke-width:2" /><text x="10.000000" y="333.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">99 = validation signature</text><text x="265.000000" y="333.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Signature over the entire Auxiliary data attached to the transaction.</text><text x="944.000000" y="333.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="0.000000" x2="954.000000" y1="346.000000" y2="346.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><mask id="d2-4067985905" maskUnits="userSpaceOnUse" x="-101" y="-101" width="1156" height="548">
+<rect x="-101" y="-101" width="1156" height="548" fill="white"></rect>
+<rect x="0.000000" y="0.000000" width="281" height="90" fill="rgba(0,0,0,0.75)"></rect>
+</mask></svg></svg>
diff --git a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
index c9233d8ca71..ba5aa75bea9 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
+++ b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
@@ -21,10 +21,19 @@ x509_envelope = $x509_envelope .within transaction_metadatum
 $x509_envelope /= {
 	0: purpose, ; What purpose does this metadata serve.
 	1: tx_inputs_hash, ; A hash of the `transaction inputs` field from the transaction the metadata is posted with.
+	?2: previous_transaction_id ; Previous transaction ID in the chain of registration updates for this user.
 	? chunk_type => [ + x509_chunk ] ; Chunked x509 role registration data.
 	99: validation_signature ; The signature of the x509 envelope plus all other auxiliary data.
 }
 
+; hash of the previous transaction in the registration chain.
+; There can only be one registration for a user for a purpose that does not have a previous transaction id.
+; This would be the first.
+; Once that is posted, all updates must properly maintian the chain.
+; Dangling registrations for the same purpose are ignored.
+previous_transaction_id = $hash32
+$hash32 /= bytes .size 32
+
 ; x509 Role Registration data is chunked and optionally (preferably) compressed.
 ; This enables the x509 registration data to have a strucutre not supported by the
 ; underlying limitions of the on-chain metadatum implementation.

From 4cc75779deae26b91dc6fdb1ce60206ce9a6acdc Mon Sep 17 00:00:00 2001
From: Steven Johnson <stevenj@users.noreply.github.com>
Date: Tue, 2 Apr 2024 21:36:24 +0700
Subject: [PATCH 39/66] Update
 docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl

Co-authored-by: bkioshn <35752733+bkioshn@users.noreply.github.com>
---
 .../c509-cert-plutus-restricted.cddl                            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl b/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl
index 3252c52d46c..c8743fc0537 100644
--- a/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl
+++ b/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl
@@ -17,7 +17,7 @@ TBSCertificate = (
 	subject: Name, ; Reference to on-chain keys related to this certificate
 	subjectPublicKeyAlgorithm: AlgorithmIdentifier, ; Must be 12 = Ed25519
 	subjectPublicKey: subjectPublicKey, ; Ed25519 public key
-	extensions: Extensions, ; No extensions aer currently supported must be set to []
+	extensions: Extensions, ; No extensions are currently supported must be set to []
 	issuerSignatureAlgorithm: AlgorithmIdentifier, ; Must be 12 = Ed25519
 )
 

From 7c67290281021ce46d61e83087ee939dfeef30cb Mon Sep 17 00:00:00 2001
From: Steven Johnson <stevenj@users.noreply.github.com>
Date: Tue, 2 Apr 2024 21:37:18 +0700
Subject: [PATCH 40/66] Update
 docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl

Co-authored-by: bkioshn <35752733+bkioshn@users.noreply.github.com>
---
 .../c509-cert-plutus-restricted.cddl                            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl b/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl
index c8743fc0537..295f75565ef 100644
--- a/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl
+++ b/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl
@@ -45,7 +45,7 @@ Attribute = (
 subjectPublicKey = bytes .size (32..32); Ed25519 public key stored in bytes, adjust size of this if other key types are supported.  
 
 ; This is a completely custom Attribute for the RelativeDistringuishedName which is only for use with Plutus scripts.
-; attributeType = The type of cardano key we associate with this certificate.
+; attributeType = The type of Cardano key we associate with this certificate.
 ; proof = Does the transaction require proof that the key is owned by the transaction signer?
 ; attributeValue = The cardano public key hash of the attribute type
 

From e0d8346e1987064e839f2804b176f3716f57bb76 Mon Sep 17 00:00:00 2001
From: Steven Johnson <stevenj@users.noreply.github.com>
Date: Tue, 2 Apr 2024 21:37:32 +0700
Subject: [PATCH 41/66] Update
 docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl

Co-authored-by: bkioshn <35752733+bkioshn@users.noreply.github.com>
---
 .../draft-cips/x509-role-registration-metadata/x509-roles.cddl  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl
index 2db58f07e8b..34e2f57813c 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl
+++ b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl
@@ -72,7 +72,7 @@ role-data = {
 	* role-extended-data-keys => role-extended-data,
 }
 
-; Role 0 is the ONLY manditory role.
+; Role 0 is the ONLY mandatory role.
 ; It defines the Validation certificate to be used to sign all registration metadata for this purpose for this identity.
 validation-role = 0
 ; role-signing-key must reference a certificate, and NOT a simple key.

From c17ceffa885fd507ec1bc8a64a53d7c35988cc9d Mon Sep 17 00:00:00 2001
From: Steven Johnson <stevenj@users.noreply.github.com>
Date: Tue, 2 Apr 2024 21:39:09 +0700
Subject: [PATCH 42/66] Update
 docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl

Co-authored-by: bkioshn <35752733+bkioshn@users.noreply.github.com>
---
 .../x509-role-registration-metadata/x509-roles.cddl         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl
index 34e2f57813c..e0013a2004e 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl
+++ b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl
@@ -1,6 +1,6 @@
-; An envelope for cardano metadata which holds the x509 metadata.
-; We do thsi so that the underlying metadata is not restircted to
-; cardano ledger implementation.
+; An envelope for Cardano metadata which holds the x509 metadata.
+; We do this so that the underlying metadata is not restircted to
+; Cardano ledger implementation.
 
 ; uses 
 x509_roles = $x509_roles .within role-structure

From 46a383947b68015f6e3e46e85da2576e490d45ee Mon Sep 17 00:00:00 2001
From: Steven Johnson <stevenj@users.noreply.github.com>
Date: Tue, 2 Apr 2024 21:39:22 +0700
Subject: [PATCH 43/66] Update
 docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl

Co-authored-by: bkioshn <35752733+bkioshn@users.noreply.github.com>
---
 .../draft-cips/x509-envelope-metadata/x509-envelope.cddl        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
index ba5aa75bea9..fb793972bca 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
+++ b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
@@ -82,7 +82,7 @@ validation_signature = (bytes .size (1..64))
 ; The `validation_signature` uses the Role 0 signing key .
 
 
-; Definition of general cardano metadata, constrains what we can implement here:
+; Definition of general Cardano metadata, constrains what we can implement here:
 transaction_metadatum = { * transaction_metadatum => transaction_metadatum }
 	/ [ * transaction_metadatum ]
 	/ int

From d067e40e9e8811092e73e6de7dcc48fd8b16c7bb Mon Sep 17 00:00:00 2001
From: Steven Johnson <stevenj@users.noreply.github.com>
Date: Tue, 2 Apr 2024 21:39:43 +0700
Subject: [PATCH 44/66] Update
 docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl

Co-authored-by: bkioshn <35752733+bkioshn@users.noreply.github.com>
---
 .../draft-cips/x509-envelope-metadata/x509-envelope.cddl        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
index fb793972bca..d6a66e9caef 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
+++ b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
@@ -9,7 +9,7 @@
 ; have changed.
 
 ; This envelope is general in structure, it can be used to secure any auxiliary data, provided the 
-; Role 0 signing key is defined.  As dApps control metadata, this ensures the data can eb authenticated
+; Role 0 signing key is defined.  As dApps control metadata, this ensures the data can be authenticated
 ; independently by the dApp as belonging to a particular user.
 ; Once a Role 0 signing key is defined for a dApp purpose, then it is not necessary to redefine the 
 ; x509 data if the envelope is only being used to secure the auxiliary data to a transaction itself.

From b4a87c1afcb5f5bda3e7c5e52b865c513537adea Mon Sep 17 00:00:00 2001
From: Steven Johnson <stevenj@users.noreply.github.com>
Date: Tue, 2 Apr 2024 21:39:55 +0700
Subject: [PATCH 45/66] Update
 docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl

Co-authored-by: bkioshn <35752733+bkioshn@users.noreply.github.com>
---
 .../draft-cips/x509-envelope-metadata/x509-envelope.cddl        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
index d6a66e9caef..ff6b0abc292 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
+++ b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
@@ -1,4 +1,4 @@
-; An envelope for cardano metadata which holds the x509 metadata.
+; An envelope for Cardano metadata which holds the x509 metadata.
 ; The purpose of the Envelope is to ensure that metadata is not transportable between
 ; transactions.
 ; It ensures that it can be unambiguously validated that the auxiliary data attached to a transaction 

From 8e586778e65c661dc9642a8111efac15e5fc908a Mon Sep 17 00:00:00 2001
From: Steven Johnson <stevenj@users.noreply.github.com>
Date: Tue, 2 Apr 2024 21:40:21 +0700
Subject: [PATCH 46/66] Update
 docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl

Co-authored-by: bkioshn <35752733+bkioshn@users.noreply.github.com>
---
 .../c509-cert-plutus-restricted.cddl                            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl b/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl
index 295f75565ef..d2ceb0a7bde 100644
--- a/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl
+++ b/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl
@@ -47,7 +47,7 @@ subjectPublicKey = bytes .size (32..32); Ed25519 public key stored in bytes, adj
 ; This is a completely custom Attribute for the RelativeDistringuishedName which is only for use with Plutus scripts.
 ; attributeType = The type of Cardano key we associate with this certificate.
 ; proof = Does the transaction require proof that the key is owned by the transaction signer?
-; attributeValue = The cardano public key hash of the attribute type
+; attributeValue = The Cardano public key hash of the attribute type
 
 CardanoPublicKey = ( attributeType: &cardanoKeyTypes proof: bool, attributeValue: bytes .size (28..28) )
 

From 89eb0a218250e81ea9e50869275331f792b63e14 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 3 Apr 2024 11:20:08 +0700
Subject: [PATCH 47/66] docs(cips): Fix time and algorithm comments

---
 .../c509-cert-plutus-restricted.cddl                      | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl b/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl
index d2ceb0a7bde..e4fe93fdb16 100644
--- a/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl
+++ b/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl
@@ -12,13 +12,13 @@ TBSCertificate = (
 	c509CertificateType: &c509CertificateTypeValues, ; Always 0
 	certificateSerialNumber: CertificateSerialNumber, ; Can be ignored/set to 0 or used as intended.
 	issuer: Name, ; This could be an on-chain reference to the issuer cert, what would be the best way?  Transaction hash/cert hash?
-	validityNotBefore: Time, ; c509 uses UTC, we can use slot# to simplify
-	validityNotAfter: Time, ; c509 uses UTC, we can use slot# to simplify
+	validityNotBefore: Time, ; c509 uses UTC
+	validityNotAfter: Time, ; c509 uses UTC
 	subject: Name, ; Reference to on-chain keys related to this certificate
-	subjectPublicKeyAlgorithm: AlgorithmIdentifier, ; Must be 12 = Ed25519
+	subjectPublicKeyAlgorithm: AlgorithmIdentifier, ; Must be int(12) = Ed25519
 	subjectPublicKey: subjectPublicKey, ; Ed25519 public key
 	extensions: Extensions, ; No extensions are currently supported must be set to []
-	issuerSignatureAlgorithm: AlgorithmIdentifier, ; Must be 12 = Ed25519
+	issuerSignatureAlgorithm: AlgorithmIdentifier, ; Must be int(12) = Ed25519
 )
 
 ; 0 = Native CBOR Certificate type

From 172ffbfba2f773da5c58ead947ecef9e3cd7dc14 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 3 Apr 2024 13:16:44 +0700
Subject: [PATCH 48/66] build(frontend): Relax flutter/dart version
 requirements to last minor release

---
 .../example/pubspec.yaml                      |  4 +-
 .../catalyst_voices_assets/pubspec.yaml       |  4 +-
 .../catalyst_voices_blocs/pubspec.yaml        | 44 +++++++++----------
 .../catalyst_voices_localization/pubspec.yaml |  2 +-
 .../catalyst_voices_repositories/pubspec.yaml |  6 +--
 .../catalyst_voices_services/pubspec.yaml     |  4 +-
 .../catalyst_voices_shared/pubspec.yaml       | 13 +++---
 .../catalyst_voices_view_models/pubspec.yaml  |  6 +--
 catalyst_voices/pubspec.yaml                  | 10 ++---
 .../catalyst_analysis/example/pubspec.yaml    |  2 +-
 .../catalyst_analysis/pubspec.yaml            |  2 +-
 melos.yaml                                    | 10 ++---
 pubspec.yaml                                  |  2 +-
 13 files changed, 54 insertions(+), 55 deletions(-)

diff --git a/catalyst_voices/packages/catalyst_voices_assets/example/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_assets/example/pubspec.yaml
index 40336f3b7ab..7288ed22e5f 100644
--- a/catalyst_voices/packages/catalyst_voices_assets/example/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_assets/example/pubspec.yaml
@@ -5,7 +5,7 @@ publish_to: none
 
 environment:
   sdk: ">=3.2.6 <4.0.0"
-  flutter: 3.19.5
+  flutter: 3.19.0
 
 dependencies:
   catalyst_voices_assets:
@@ -14,4 +14,4 @@ dependencies:
     sdk: flutter
 
 flutter:
-  uses-material-design: true
\ No newline at end of file
+  uses-material-design: true
diff --git a/catalyst_voices/packages/catalyst_voices_assets/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_assets/pubspec.yaml
index 1f15832aa5f..14a62462651 100644
--- a/catalyst_voices/packages/catalyst_voices_assets/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_assets/pubspec.yaml
@@ -5,7 +5,7 @@ publish_to: none
 
 environment:
   sdk: ">=3.2.6 <4.0.0"
-  flutter: 3.19.5
+  flutter: 3.19.0
 
 dependencies:
   flutter:
@@ -43,4 +43,4 @@ flutter_gen:
     outputs:
       class_name: VoicesColors
     inputs:
-      - assets/colors/colors.xml
\ No newline at end of file
+      - assets/colors/colors.xml
diff --git a/catalyst_voices/packages/catalyst_voices_blocs/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_blocs/pubspec.yaml
index 1a2d0d64f27..4a2086af4e0 100644
--- a/catalyst_voices/packages/catalyst_voices_blocs/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_blocs/pubspec.yaml
@@ -5,30 +5,30 @@ publish_to: none
 
 environment:
   sdk: ">=3.2.6 <4.0.0"
-  flutter: 3.19.5
+  flutter: 3.19.0
 
 dependencies:
-    bloc: ^8.1.2
-    bloc_concurrency: ^0.2.2
-    catalyst_voices_models:
-      path: ../catalyst_voices_models
-    catalyst_voices_repositories:
-     path: ../catalyst_voices_repositories
-    catalyst_voices_services:
-     path: ../catalyst_voices_services
-    catalyst_voices_view_models:
-     path: ../catalyst_voices_view_models
-    collection: ^1.17.1
-    equatable: ^2.0.5
-    flutter:
-      sdk: flutter
-    formz: ^0.7.0
-    get_it: ^7.6.7
-    meta: ^1.10.0
-    result_type: ^0.2.0
+  bloc: ^8.1.2
+  bloc_concurrency: ^0.2.2
+  catalyst_voices_models:
+    path: ../catalyst_voices_models
+  catalyst_voices_repositories:
+    path: ../catalyst_voices_repositories
+  catalyst_voices_services:
+    path: ../catalyst_voices_services
+  catalyst_voices_view_models:
+    path: ../catalyst_voices_view_models
+  collection: ^1.17.1
+  equatable: ^2.0.5
+  flutter:
+    sdk: flutter
+  formz: ^0.7.0
+  get_it: ^7.6.7
+  meta: ^1.10.0
+  result_type: ^0.2.0
 
 dev_dependencies:
-   bloc_test: ^9.1.4
-   catalyst_analysis:
+  bloc_test: ^9.1.4
+  catalyst_analysis:
     path: ../../../catalyst_voices_packages/catalyst_analysis
-   test: ^1.24.9
+  test: ^1.24.9
diff --git a/catalyst_voices/packages/catalyst_voices_localization/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_localization/pubspec.yaml
index ec80ae6fb2f..f84bee54adc 100644
--- a/catalyst_voices/packages/catalyst_voices_localization/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_localization/pubspec.yaml
@@ -5,7 +5,7 @@ publish_to: none
 
 environment:
   sdk: ">=3.2.6 <4.0.0"
-  flutter: 3.19.5
+  flutter: 3.19.0
 
 dependencies:
   flutter:
diff --git a/catalyst_voices/packages/catalyst_voices_repositories/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_repositories/pubspec.yaml
index 2e9dc961f66..85e08957999 100644
--- a/catalyst_voices/packages/catalyst_voices_repositories/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_repositories/pubspec.yaml
@@ -5,7 +5,7 @@ publish_to: none
 
 environment:
   sdk: ">=3.2.6 <4.0.0"
-  flutter: 3.19.5
+  flutter: 3.19.0
 
 dependencies:
   catalyst_voices_models:
@@ -18,6 +18,6 @@ dependencies:
   rxdart: ^0.27.7
 
 dev_dependencies:
-   catalyst_analysis:
+  catalyst_analysis:
     path: ../../../catalyst_voices_packages/catalyst_analysis
-   test: ^1.24.9
+  test: ^1.24.9
diff --git a/catalyst_voices/packages/catalyst_voices_services/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_services/pubspec.yaml
index 3594867114b..2c0fdb4df4f 100644
--- a/catalyst_voices/packages/catalyst_voices_services/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_services/pubspec.yaml
@@ -5,7 +5,7 @@ publish_to: none
 
 environment:
   sdk: ">=3.2.6 <4.0.0"
-  flutter: 3.19.5
+  flutter: 3.19.0
 
 dependencies:
   chopper: ^7.2.0
@@ -22,4 +22,4 @@ dev_dependencies:
   chopper_generator: ^7.2.0
   json_serializable: ^6.7.1
   swagger_dart_code_generator: ^2.15.2
-  test: ^1.24.9
\ No newline at end of file
+  test: ^1.24.9
diff --git a/catalyst_voices/packages/catalyst_voices_shared/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_shared/pubspec.yaml
index e9e7014efbf..056d53e8fc5 100644
--- a/catalyst_voices/packages/catalyst_voices_shared/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_shared/pubspec.yaml
@@ -4,8 +4,8 @@ version: 0.1.0+1
 publish_to: none
 
 environment:
-  sdk: '>=3.3.3 <4.0.0'
-  flutter: 3.19.5
+  sdk: ">=3.3.0 <4.0.0"
+  flutter: 3.19.0
 
 dependencies:
   flutter:
@@ -13,9 +13,8 @@ dependencies:
   web: ^0.5.0
 
 dev_dependencies:
-   catalyst_analysis:
+  catalyst_analysis:
     path: ../../../catalyst_voices_packages/catalyst_analysis
-   flutter_test:
-      sdk: flutter
-   test: ^1.24.9
-
+  flutter_test:
+    sdk: flutter
+  test: ^1.24.9
diff --git a/catalyst_voices/packages/catalyst_voices_view_models/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_view_models/pubspec.yaml
index c5cbffb382b..247d5605d0f 100644
--- a/catalyst_voices/packages/catalyst_voices_view_models/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_view_models/pubspec.yaml
@@ -5,7 +5,7 @@ publish_to: none
 
 environment:
   sdk: ">=3.2.6 <4.0.0"
-  flutter: 3.19.5
+  flutter: 3.19.0
 
 dependencies:
   equatable: ^2.0.5
@@ -14,6 +14,6 @@ dependencies:
   formz: ^0.7.0
 
 dev_dependencies:
-   catalyst_analysis:
+  catalyst_analysis:
     path: ../../../catalyst_voices_packages/catalyst_analysis
-   test: ^1.24.9
\ No newline at end of file
+  test: ^1.24.9
diff --git a/catalyst_voices/pubspec.yaml b/catalyst_voices/pubspec.yaml
index 130a51b8721..15320d1965f 100644
--- a/catalyst_voices/pubspec.yaml
+++ b/catalyst_voices/pubspec.yaml
@@ -4,8 +4,8 @@ version: 0.1.0+1
 publish_to: none
 
 environment:
-  sdk: '>=3.3.3 <4.0.0'
-  flutter: 3.19.5
+  sdk: ">=3.3.0 <4.0.0"
+  flutter: 3.19.0
 
 dependencies:
   animated_text_kit: ^4.2.2
@@ -44,9 +44,9 @@ dev_dependencies:
   build_verify: ^3.1.0
   catalyst_analysis:
     git:
-        url: https://github.com/input-output-hk/catalyst-voices.git
-        path: catalyst_voices_packages/catalyst_analysis
-        ref: 3431f7b
+      url: https://github.com/input-output-hk/catalyst-voices.git
+      path: catalyst_voices_packages/catalyst_analysis
+      ref: 3431f7b
   flutter_test:
     sdk: flutter
   go_router_builder: ^2.4.1
diff --git a/catalyst_voices_packages/catalyst_analysis/example/pubspec.yaml b/catalyst_voices_packages/catalyst_analysis/example/pubspec.yaml
index 3b5ad986b44..ee9b9ad454c 100644
--- a/catalyst_voices_packages/catalyst_analysis/example/pubspec.yaml
+++ b/catalyst_voices_packages/catalyst_analysis/example/pubspec.yaml
@@ -4,7 +4,7 @@ description: A project that showcases how to enable the recommended lints for Ca
 publish_to: none
 
 environment:
-  sdk: '>=3.3.3 <4.0.0'
+  sdk: '>=3.3.0 <4.0.0'
 
 dev_dependencies:
   catalyst_analysis:
diff --git a/catalyst_voices_packages/catalyst_analysis/pubspec.yaml b/catalyst_voices_packages/catalyst_analysis/pubspec.yaml
index a68dd8d09f8..603c1876aa2 100644
--- a/catalyst_voices_packages/catalyst_analysis/pubspec.yaml
+++ b/catalyst_voices_packages/catalyst_analysis/pubspec.yaml
@@ -3,4 +3,4 @@ version: 1.0.0
 description: Lint rules for Dart and Flutter used internally at Catalyst.
 
 environment:
-  sdk: '>=3.3.3 <4.0.0'
+  sdk: '>=3.3.0 <4.0.0'
diff --git a/melos.yaml b/melos.yaml
index eff14ec4b09..dbcba7de824 100644
--- a/melos.yaml
+++ b/melos.yaml
@@ -12,8 +12,8 @@ command:
     workspaceChangelog: true
   bootstrap:
     environment:
-      sdk: '>=3.3.0 <4.0.0'
-      flutter: 3.19.5
+      sdk: ">=3.3.0 <4.0.0"
+      flutter: 3.19.0
     dependencies:
       bloc_concurrency: ^0.2.2
       bloc: ^8.1.2
@@ -33,8 +33,8 @@ scripts:
     description: Run all static analysis checks.
 
   format:
-      run: melos exec dart format . --fix
-      description: Run `dart format` for all packages.
+    run: melos exec dart format . --fix
+    description: Run `dart format` for all packages.
 
   format-check:
     run: melos exec dart format . --set-exit-if-changed
@@ -76,4 +76,4 @@ scripts:
     run: flutter pub get
     exec:
       concurrency: 6
-    description: Install all dependencies
\ No newline at end of file
+    description: Install all dependencies
diff --git a/pubspec.yaml b/pubspec.yaml
index 1decd7e9e98..a6af3c302dd 100644
--- a/pubspec.yaml
+++ b/pubspec.yaml
@@ -1,7 +1,7 @@
 name: catalyst_voices_workspace
 
 environment:
-  sdk: '>=3.3.3 <4.0.0'
+  sdk: '>=3.3.0 <4.0.0'
 
 dev_dependencies:
   melos: ^5.2.2

From 863a6a0330fe33f0207c00a07c59778be4c5f535 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Fri, 5 Apr 2024 14:12:43 +0700
Subject: [PATCH 49/66] docs(cips): wip

---
 .../x509-rbac-signing-with-cip30/cip-xxxx.md           | 10 +++++++++-
 .../x509-role-registration-metadata/cip-xxxx.md        |  5 +++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/cip-xxxx.md
index 066f2e22723..3526b370cda 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/cip-xxxx.md
+++ b/docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/cip-xxxx.md
@@ -65,5 +65,13 @@ and answer any questions that the CPS poses for potential solutions.
 ### Implementation Plan
 <!-- A plan to meet those criteria. Or `N/A` if not applicable. -->
 
+## References
+
 ## Copyright
-<!-- The CIP must be explicitly licensed under acceptable copyright terms. -->
+
+This CIP is licensed under [CC-BY-4.0]
+
+Code samples and reference material are licensed under [Apache 2.0]
+
+[CC-BY-4.0]: https://creativecommons.org/licenses/by/4.0/legalcode
+[Apache 2.0]: https://www.apache.org/licenses/LICENSE-2.0.html
diff --git a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-xxxx.md
index c7ea4567977..d0976c4f8e9 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-xxxx.md
+++ b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-xxxx.md
@@ -120,8 +120,7 @@ We intentionally take advantage of the significant existing code bases and infra
 
 #### Certificate formats
 
-x.509 certificates can be encoded in 
-
+x.509 certificates can be encoded in
 
 We encode x.509 certificates using [CBOR Encoded X.509 Certificates][C509], Each certificate includes its on-chain anchor (public key).
 The on-chain anchors currently envisioned are:
@@ -596,6 +595,8 @@ and answer any questions that the CPS poses for potential solutions.
 ### Implementation Plan
 <!-- A plan to meet those criteria. Or `N/A` if not applicable. -->
 
+## References
+
 ## Copyright
 
 This CIP is licensed under [CC-BY-4.0]

From 974d832667f4a305a272658f3a42f915fce5cf3c Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 10 Apr 2024 10:20:13 +0700
Subject: [PATCH 50/66] fix(cips): rename draft x509 envelope CIP so its easier
 to identify

---
 .../x509-envelope-metadata/cip-509A.md        | 229 ++++++++++++++++++
 1 file changed, 229 insertions(+)
 create mode 100644 docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-509A.md

diff --git a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-509A.md b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-509A.md
new file mode 100644
index 00000000000..54dac6ddffc
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-509A.md
@@ -0,0 +1,229 @@
+---
+CIP: /?
+Title: x509 Replayability Protection Envelope
+Category: MetaData
+Status: Proposed
+Authors:
+    - Steven Johnson<steven.johnson@iohk.io>
+Implementors: []
+Discussions:
+    - https://github.com/cardano-foundation/cips/pulls/?
+Created: 2023-10-24
+License: CC-BY-4.0
+---
+
+## Abstract
+
+x509 Certificate metadata and related metadata within an x509 Registration/Update transaction must be
+protected against replayability.  
+
+## Motivation: why is this CIP necessary?
+
+x509 certificate registration necessarily references data within the transaction body that it is attached to.
+Preventing replayability of the verbatim Auxiliary data attached to a transaction prevents the relationships
+between those references being altered and closes a potential attack vector where an unrelated registration update
+is attached to a different transaction.
+
+Rather than define an explicit issue with potential replayability of Metadata, we simply seek to prevent it
+to close off a whole category of potential attacks.
+
+## Specification
+
+The [x509 Metadata Envelope CDDL] defines the technical specification of the Metadata Envelope.
+The following description provides more information and context to that formal specification.
+Where this description and that specification are in disagreement, the specification prevails.
+
+The metadata envelope has the following basic structure:
+
+![x509 Secure Metadata Envelope structure](images/metadata-envelope-structure.svg)
+
+The purpose of this data is to lock a particular set of Auxiliary data verifiably to its original transaction.
+It can not be permitted to take teh Auxiliary data to another transaction and just attach it without it being detectable.
+
+Currently, this detection can NOT be done on-chain by ledger rules, and this metadata is designed to be processed
+by off-chain processors of this information.
+
+### Detailed description of the fields in the metadata and their purpose
+
+The metadata is encoded as a CBOR map, and follows the [specification for the encoding of all Cardano metadata].
+
+#### Key: 0 = Purpose
+
+Purpose is defined by the consuming dApp.
+It allows dApps to have their own privately named and managed namespace for certificates.
+The x509 specifications presented here do not define how certificates must be created.
+Nor the purpose they are used for, that is within control of the dApp.
+These specifications define a universal framework to implement such systems from.
+
+For each set of "Purposes" that a dapp has for role based access or off-chain identity to on-chain identity management
+the dApp will define a V4 UUID.
+There is no central repository of these, though a dApp may publish the ID it uses and what its used for.
+The reason UUID V4 is chosen here is if properly chosen, they can be self assigned without fear of collision
+with another dApp and eliminate the need for a central registry to manage them.
+
+A dApp can define multiple purposes to segment RBAC functions by class.
+For example, Project Catalyst defines the following two Purposes:
+
+| UUID-V4 | Purpose |
+| --- | --- |
+| ca7a1457-ef9f-4c7f-9c74-7f8c4a4cfa6c | Project Catalyst User Role Registrations |
+| ca7ad312-a19b-4412-ad53-2a36fb14e2e5 | Project Catalyst Admin Role Registrations |
+  
+The reason in this case for having two purposes for the same application is to allow the rules
+governing registration to be easier managed between the groups.
+It also allows Admins to have a distinct identity when they are just users of the system.
+dApps are free top have as many "purposes" defined as suits their goals.
+
+#### Key 1: txn-inputs-hash
+
+This is a hash of the transaction inputs field from the transaction this auxiliary data was original attached to.
+This hash anchors the auxiliary data to a particular transaction, if the auxiliary data is moved to a new transaction
+it is impossible for the txn-inputs-hash to remain the same, as UTXO's can only be spent once.
+
+This is a key to preventing replayability of the metadata, but is not enough by itself as it needs to be able to be
+made immutable, such that any change to this field can be detected.
+
+#### Key 2: previous_transaction_id
+
+This is a 32 byte hash of the previous transaction in a chain of registration updates made by the same user.
+The only registration which may not have it for a single user is their first.
+Once their first registration is made, they may only update it.
+Any subsequent update for that user that is not properly chained to the previous transaction will be ignored as invalid.
+
+The user is identified by their Role 0 key, which must be defined in the first registration.
+The Role 0 key also includes a reference to an on-chain key, such as a stake key hash.
+This is important to establish the verifiability of the link between the registrations and the transaction itself.
+
+#### Keys 10, 11 or 12 - x509 Chunked Data
+
+Except for the first registration, the chunked data is optional.
+For example, if this metadata is simply being used to lock auxiliary data to a transaction there does not need to be
+any actual role or certificate updates.
+
+The data required to register certificates or roles could be large.
+The [specification for the encoding of all Cardano metadata] also introduces difficulties in encoding x509 certificates.
+
+The contents of the x509 RABC Registration data stored in this key is documented separately.
+Its exact contents are not important for this specification except to note, that it will always define at least:
+
+* 1 Role 0 signing key MUST always be defined.
+  * And that key MUST be associated with a on-chain key such as a stake address hash.
+* The RBAC Data will have references to the transaction it is attached to,
+  and it can not be fully interpreted independent of the transaction.
+
+To save space and overcome the metadata encoding limitations, x509 RBAC data is preferable encoded as described:
+
+1. The x509 Role Registration Data is prepared and encoded with [dCBOR].
+   This is the raw encoded registration data.
+2. The raw encoded registration data is then compressed with [Brotli].
+   This is the Brotli compressed registration data.
+3. The raw encoded registration data is then compressed with [ZSTD].
+   This is the ZSTD compressed registration data.
+4. Which ever data is smallest, Raw, Brotli compressed or ZStd compressed is then cut into 64 byte chunks.
+   All chunks must contain 64 bytes except for the last which can contain the residual.
+5. These chunks are then encoded in an array of 64 byte long byte strings.
+   The appropriate key is used to identify the compression used.
+    * 10 = Raw, no compression
+    * 11 = Brotli Compressed
+    * 12 = ZSTD Compressed
+
+Due to the potential size of x509 certificates compression is mandatory where it will reduce the space of the encoded data.
+dApps can, if they choose, only support either Brotli or ZSTD and not trial compress the data.
+However they must never store data compressed if the compressed size is larger than the raw size.
+This can happen if the data is small and not very compressible, due to overhead in the codec data stream.
+
+The specification reserves keys 13-17 for future compression schemes.
+Even though there are multiple keys defined, ONLY 1 may be used at a time.  
+There is only a single list of x509 chunks and the key is used to define the compression used only.
+
+ie, it is invalid to use key 10 and 12 at the same time in the same envelope.
+
+#### Key 99 - Validation Signature
+
+Key 99 contains the signature which can be verified with the signing key recorded against role 0.
+
+It is a signature over the [entire auxiliary data] that will be attached to the transaction.
+This includes not only the transactions metadata, but all attached scripts.
+
+As the auxiliary data key 99 is part of the auxiliary data, we end up with a catch-22.
+We can't sign the data because we do not know what data will be stored in the signature field.
+To mitigate this problem, the size of the signature will be known in advanced, based on the signature algorithm.
+When the unsigned auxiliary data is prepared, the appropriate storage for the signature is pre-allocated
+in the metadata, and is set to 0x00's.
+
+The signature is calculated over this unsigned data, and the pre-allocated signature storage is replaced with the signature itself.
+
+This ensures that there is no alteration to the auxiliary data in form or structure.
+Validating the signature then is as simple as:
+
+1. removing the signature data from the auxiliary data;
+2. setting the storage for the signature back to 0, and;
+3. validating the signature on the reconstructed unsigned auxiliary data.
+
+### Validating the Auxiliary Data is attached to the correct transaction
+
+The Transaction will have 3 pieces of information that must be validated to ensure the attached metadata
+is carried with the correct transaction.
+
+1. The UTXO Inputs when hashed MUST == [Key 1 - Transaction Inputs Hash](#key-1-txn-inputs-hash)
+2. The [auxiliary data hash] must equal the hash of the actual auxiliary data.
+   1. This is likely always true as it would be validated by the ledger rules.
+3. The [vkeywitness] set MUST include a signature over the transaction with the key associated with Role 0.
+   1. Note: Role 0 may have multiple associated keys, in which case there must be a witness for all of them.
+   2. A missing witness means it is not possible to validate the auxiliary data truly was built for this transaction.
+
+## Rationale: how does this CIP achieve its goals?
+
+This specification creates a signed set of interlocking data between a transaction and its auxiliary data.
+The interlock is constructed to avoid any catch-22 in setting up a transaction and to minimize complexity.
+
+By signing off-chain data with an off-chain key, we simplify the process of signing auxiliary data,
+this allows us to sign all the data in a way suitable to the needs of the method and not limited to any on-chain restrictions.
+
+The off-chain key is explicitly associated with an on-chain key, such that signing with the on-chain key over
+the registration transaction provides proof that they two keys are related and can be used interchangeably,
+
+Once constructed in the way documented, the auxiliary data may not be posted in a different transaction without it being detected.
+
+It is not currently possible to detect this on-chain, as plutus does not have the necessary functionality to allow it
+to inspect auxiliary data, except under very limited circumstances.
+However, the purpose of this envelope is to ensure that off-chain construction of off
+chain certificates and dApp role registration is secure.
+
+This specification meets that criteria.
+
+## Path to Active
+
+### Acceptance Criteria
+<!-- Describes what are the acceptance criteria whereby a proposal becomes 'Active' -->
+
+### Implementation Plan
+<!-- A plan to meet those criteria. Or `N/A` if not applicable. -->
+
+## References
+
+* [Cardano Metadata CDDL Specification][specification for the encoding of all Cardano metadata]
+* [Cardano Auxiliary Data CDDL Specification][entire auxiliary data]
+* [Cardano Transaction Auxiliary Data Hash Specification][auxiliary data hash]
+* [Cardano vKeyWitness Specification][vkeywitness]
+* [Deterministic CBOR Encoding][dCBOR]
+* [Brotli Data Compression][Brotli]
+* [ZSTD Data Compression][ZSTD]
+
+## Copyright
+
+This CIP is licensed under [CC-BY-4.0]
+
+Code samples and reference material are licensed under [Apache 2.0]
+
+<!-- References -->
+[CC-BY-4.0]: https://creativecommons.org/licenses/by/4.0/legalcode
+[Apache 2.0]: https://www.apache.org/licenses/LICENSE-2.0.html
+[x509 Metadata Envelope CDDL]: ./x509_envelope.cddl
+[specification for the encoding of all Cardano metadata]: https://github.com/IntersectMBO/cardano-ledger/blob/ab8d57cf43be912a336e872b68d1a2526c93dc6a/eras/conway/impl/cddl-files/conway.cddl#L511-L531
+[dCBOR]: https://datatracker.ietf.org/doc/draft-mcnally-deterministic-cbor/
+[Brotli]: https://github.com/google/brotli
+[ZSTD]: https://github.com/facebook/zstd
+[entire auxiliary data]: https://github.com/IntersectMBO/cardano-ledger/blob/ab8d57cf43be912a336e872b68d1a2526c93dc6a/eras/conway/impl/cddl-files/conway.cddl#L521-L531
+[auxiliary data hash]: https://github.com/IntersectMBO/cardano-ledger/blob/ab8d57cf43be912a336e872b68d1a2526c93dc6a/eras/conway/impl/cddl-files/conway.cddl#L60
+[vkeywitness]: https://github.com/IntersectMBO/cardano-ledger/blob/ab8d57cf43be912a336e872b68d1a2526c93dc6a/eras/conway/impl/cddl-files/conway.cddl#L436

From 65b398691f789a9440ea531958a87f120a40be01 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 10 Apr 2024 10:20:39 +0700
Subject: [PATCH 51/66] docs(cips): WIP updates to x509 roles

---
 .../draft-cips/images/x509-roles.d2           |  44 --
 .../x509-envelope-metadata/cip-xxxx.md        | 229 -------
 .../cip-xxxx.md                               | 481 ++++-----------
 .../images/x509-roles.d2                      |  49 ++
 .../images/x509-roles.svg                     | 562 +++++++++---------
 .../x509-roles.cddl                           |  22 +-
 6 files changed, 443 insertions(+), 944 deletions(-)
 delete mode 100644 docs/src/catalyst-standards/draft-cips/images/x509-roles.d2
 delete mode 100644 docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-xxxx.md
 create mode 100644 docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/images/x509-roles.d2
 rename docs/src/catalyst-standards/draft-cips/{ => x509-role-registration-metadata}/images/x509-roles.svg (50%)

diff --git a/docs/src/catalyst-standards/draft-cips/images/x509-roles.d2 b/docs/src/catalyst-standards/draft-cips/images/x509-roles.d2
deleted file mode 100644
index c0242d8a7a2..00000000000
--- a/docs/src/catalyst-standards/draft-cips/images/x509-roles.d2
+++ /dev/null
@@ -1,44 +0,0 @@
-vars: {
-  d2-config: {
-    layout-engine: elk
-
-    # Terminal theme code
-    theme-id: 300
-  }
-}
-
-classes: {
-  NONE: {style.opacity: 0}
-  RBAC_TABLE: {
-    shape: sql_table
-    style: {
-      border-radius: 15
-    }
-  }
-}
-
-title: |md
-  # x509 RBAC Metadata
-|
-
-rbac: "x509 Role based Access Control" {
-  class: RBAC_TABLE
-  ? 10=x509 certs: "[ + DER Certs ]"
-  ? 20=c509 certs: "[ + CBOR Certs ]"
-  ? 30=public keys: "[ + Public Keys ]"
-  ? 40=revocation set: "[ + Revoked Cert hash]"
-  ? 50=DiD: "DiD???"
-  ? 51=Verifiable Credentials: "[ + VC??? ]"
-  "? 100=Role Data Set": "[ + Role Data ]"
-}
-
-role_data: "Role Data" {
-  class: RBAC_TABLE
-  0=role number: "uint"
-  ? 1=role-signing-key: "Key Reference"
-  ? 2=role-encryption-key: "Key Reference"
-  ? 3=payment-key: "OnChain Payment Key Reference"
-  ? 10-99=Role Specific Data: "Variable per Role"
-}
-
-rbac."? 100=Role Data Set" -> role_data
diff --git a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-xxxx.md
deleted file mode 100644
index 54dac6ddffc..00000000000
--- a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-xxxx.md
+++ /dev/null
@@ -1,229 +0,0 @@
----
-CIP: /?
-Title: x509 Replayability Protection Envelope
-Category: MetaData
-Status: Proposed
-Authors:
-    - Steven Johnson<steven.johnson@iohk.io>
-Implementors: []
-Discussions:
-    - https://github.com/cardano-foundation/cips/pulls/?
-Created: 2023-10-24
-License: CC-BY-4.0
----
-
-## Abstract
-
-x509 Certificate metadata and related metadata within an x509 Registration/Update transaction must be
-protected against replayability.  
-
-## Motivation: why is this CIP necessary?
-
-x509 certificate registration necessarily references data within the transaction body that it is attached to.
-Preventing replayability of the verbatim Auxiliary data attached to a transaction prevents the relationships
-between those references being altered and closes a potential attack vector where an unrelated registration update
-is attached to a different transaction.
-
-Rather than define an explicit issue with potential replayability of Metadata, we simply seek to prevent it
-to close off a whole category of potential attacks.
-
-## Specification
-
-The [x509 Metadata Envelope CDDL] defines the technical specification of the Metadata Envelope.
-The following description provides more information and context to that formal specification.
-Where this description and that specification are in disagreement, the specification prevails.
-
-The metadata envelope has the following basic structure:
-
-![x509 Secure Metadata Envelope structure](images/metadata-envelope-structure.svg)
-
-The purpose of this data is to lock a particular set of Auxiliary data verifiably to its original transaction.
-It can not be permitted to take teh Auxiliary data to another transaction and just attach it without it being detectable.
-
-Currently, this detection can NOT be done on-chain by ledger rules, and this metadata is designed to be processed
-by off-chain processors of this information.
-
-### Detailed description of the fields in the metadata and their purpose
-
-The metadata is encoded as a CBOR map, and follows the [specification for the encoding of all Cardano metadata].
-
-#### Key: 0 = Purpose
-
-Purpose is defined by the consuming dApp.
-It allows dApps to have their own privately named and managed namespace for certificates.
-The x509 specifications presented here do not define how certificates must be created.
-Nor the purpose they are used for, that is within control of the dApp.
-These specifications define a universal framework to implement such systems from.
-
-For each set of "Purposes" that a dapp has for role based access or off-chain identity to on-chain identity management
-the dApp will define a V4 UUID.
-There is no central repository of these, though a dApp may publish the ID it uses and what its used for.
-The reason UUID V4 is chosen here is if properly chosen, they can be self assigned without fear of collision
-with another dApp and eliminate the need for a central registry to manage them.
-
-A dApp can define multiple purposes to segment RBAC functions by class.
-For example, Project Catalyst defines the following two Purposes:
-
-| UUID-V4 | Purpose |
-| --- | --- |
-| ca7a1457-ef9f-4c7f-9c74-7f8c4a4cfa6c | Project Catalyst User Role Registrations |
-| ca7ad312-a19b-4412-ad53-2a36fb14e2e5 | Project Catalyst Admin Role Registrations |
-  
-The reason in this case for having two purposes for the same application is to allow the rules
-governing registration to be easier managed between the groups.
-It also allows Admins to have a distinct identity when they are just users of the system.
-dApps are free top have as many "purposes" defined as suits their goals.
-
-#### Key 1: txn-inputs-hash
-
-This is a hash of the transaction inputs field from the transaction this auxiliary data was original attached to.
-This hash anchors the auxiliary data to a particular transaction, if the auxiliary data is moved to a new transaction
-it is impossible for the txn-inputs-hash to remain the same, as UTXO's can only be spent once.
-
-This is a key to preventing replayability of the metadata, but is not enough by itself as it needs to be able to be
-made immutable, such that any change to this field can be detected.
-
-#### Key 2: previous_transaction_id
-
-This is a 32 byte hash of the previous transaction in a chain of registration updates made by the same user.
-The only registration which may not have it for a single user is their first.
-Once their first registration is made, they may only update it.
-Any subsequent update for that user that is not properly chained to the previous transaction will be ignored as invalid.
-
-The user is identified by their Role 0 key, which must be defined in the first registration.
-The Role 0 key also includes a reference to an on-chain key, such as a stake key hash.
-This is important to establish the verifiability of the link between the registrations and the transaction itself.
-
-#### Keys 10, 11 or 12 - x509 Chunked Data
-
-Except for the first registration, the chunked data is optional.
-For example, if this metadata is simply being used to lock auxiliary data to a transaction there does not need to be
-any actual role or certificate updates.
-
-The data required to register certificates or roles could be large.
-The [specification for the encoding of all Cardano metadata] also introduces difficulties in encoding x509 certificates.
-
-The contents of the x509 RABC Registration data stored in this key is documented separately.
-Its exact contents are not important for this specification except to note, that it will always define at least:
-
-* 1 Role 0 signing key MUST always be defined.
-  * And that key MUST be associated with a on-chain key such as a stake address hash.
-* The RBAC Data will have references to the transaction it is attached to,
-  and it can not be fully interpreted independent of the transaction.
-
-To save space and overcome the metadata encoding limitations, x509 RBAC data is preferable encoded as described:
-
-1. The x509 Role Registration Data is prepared and encoded with [dCBOR].
-   This is the raw encoded registration data.
-2. The raw encoded registration data is then compressed with [Brotli].
-   This is the Brotli compressed registration data.
-3. The raw encoded registration data is then compressed with [ZSTD].
-   This is the ZSTD compressed registration data.
-4. Which ever data is smallest, Raw, Brotli compressed or ZStd compressed is then cut into 64 byte chunks.
-   All chunks must contain 64 bytes except for the last which can contain the residual.
-5. These chunks are then encoded in an array of 64 byte long byte strings.
-   The appropriate key is used to identify the compression used.
-    * 10 = Raw, no compression
-    * 11 = Brotli Compressed
-    * 12 = ZSTD Compressed
-
-Due to the potential size of x509 certificates compression is mandatory where it will reduce the space of the encoded data.
-dApps can, if they choose, only support either Brotli or ZSTD and not trial compress the data.
-However they must never store data compressed if the compressed size is larger than the raw size.
-This can happen if the data is small and not very compressible, due to overhead in the codec data stream.
-
-The specification reserves keys 13-17 for future compression schemes.
-Even though there are multiple keys defined, ONLY 1 may be used at a time.  
-There is only a single list of x509 chunks and the key is used to define the compression used only.
-
-ie, it is invalid to use key 10 and 12 at the same time in the same envelope.
-
-#### Key 99 - Validation Signature
-
-Key 99 contains the signature which can be verified with the signing key recorded against role 0.
-
-It is a signature over the [entire auxiliary data] that will be attached to the transaction.
-This includes not only the transactions metadata, but all attached scripts.
-
-As the auxiliary data key 99 is part of the auxiliary data, we end up with a catch-22.
-We can't sign the data because we do not know what data will be stored in the signature field.
-To mitigate this problem, the size of the signature will be known in advanced, based on the signature algorithm.
-When the unsigned auxiliary data is prepared, the appropriate storage for the signature is pre-allocated
-in the metadata, and is set to 0x00's.
-
-The signature is calculated over this unsigned data, and the pre-allocated signature storage is replaced with the signature itself.
-
-This ensures that there is no alteration to the auxiliary data in form or structure.
-Validating the signature then is as simple as:
-
-1. removing the signature data from the auxiliary data;
-2. setting the storage for the signature back to 0, and;
-3. validating the signature on the reconstructed unsigned auxiliary data.
-
-### Validating the Auxiliary Data is attached to the correct transaction
-
-The Transaction will have 3 pieces of information that must be validated to ensure the attached metadata
-is carried with the correct transaction.
-
-1. The UTXO Inputs when hashed MUST == [Key 1 - Transaction Inputs Hash](#key-1-txn-inputs-hash)
-2. The [auxiliary data hash] must equal the hash of the actual auxiliary data.
-   1. This is likely always true as it would be validated by the ledger rules.
-3. The [vkeywitness] set MUST include a signature over the transaction with the key associated with Role 0.
-   1. Note: Role 0 may have multiple associated keys, in which case there must be a witness for all of them.
-   2. A missing witness means it is not possible to validate the auxiliary data truly was built for this transaction.
-
-## Rationale: how does this CIP achieve its goals?
-
-This specification creates a signed set of interlocking data between a transaction and its auxiliary data.
-The interlock is constructed to avoid any catch-22 in setting up a transaction and to minimize complexity.
-
-By signing off-chain data with an off-chain key, we simplify the process of signing auxiliary data,
-this allows us to sign all the data in a way suitable to the needs of the method and not limited to any on-chain restrictions.
-
-The off-chain key is explicitly associated with an on-chain key, such that signing with the on-chain key over
-the registration transaction provides proof that they two keys are related and can be used interchangeably,
-
-Once constructed in the way documented, the auxiliary data may not be posted in a different transaction without it being detected.
-
-It is not currently possible to detect this on-chain, as plutus does not have the necessary functionality to allow it
-to inspect auxiliary data, except under very limited circumstances.
-However, the purpose of this envelope is to ensure that off-chain construction of off
-chain certificates and dApp role registration is secure.
-
-This specification meets that criteria.
-
-## Path to Active
-
-### Acceptance Criteria
-<!-- Describes what are the acceptance criteria whereby a proposal becomes 'Active' -->
-
-### Implementation Plan
-<!-- A plan to meet those criteria. Or `N/A` if not applicable. -->
-
-## References
-
-* [Cardano Metadata CDDL Specification][specification for the encoding of all Cardano metadata]
-* [Cardano Auxiliary Data CDDL Specification][entire auxiliary data]
-* [Cardano Transaction Auxiliary Data Hash Specification][auxiliary data hash]
-* [Cardano vKeyWitness Specification][vkeywitness]
-* [Deterministic CBOR Encoding][dCBOR]
-* [Brotli Data Compression][Brotli]
-* [ZSTD Data Compression][ZSTD]
-
-## Copyright
-
-This CIP is licensed under [CC-BY-4.0]
-
-Code samples and reference material are licensed under [Apache 2.0]
-
-<!-- References -->
-[CC-BY-4.0]: https://creativecommons.org/licenses/by/4.0/legalcode
-[Apache 2.0]: https://www.apache.org/licenses/LICENSE-2.0.html
-[x509 Metadata Envelope CDDL]: ./x509_envelope.cddl
-[specification for the encoding of all Cardano metadata]: https://github.com/IntersectMBO/cardano-ledger/blob/ab8d57cf43be912a336e872b68d1a2526c93dc6a/eras/conway/impl/cddl-files/conway.cddl#L511-L531
-[dCBOR]: https://datatracker.ietf.org/doc/draft-mcnally-deterministic-cbor/
-[Brotli]: https://github.com/google/brotli
-[ZSTD]: https://github.com/facebook/zstd
-[entire auxiliary data]: https://github.com/IntersectMBO/cardano-ledger/blob/ab8d57cf43be912a336e872b68d1a2526c93dc6a/eras/conway/impl/cddl-files/conway.cddl#L521-L531
-[auxiliary data hash]: https://github.com/IntersectMBO/cardano-ledger/blob/ab8d57cf43be912a336e872b68d1a2526c93dc6a/eras/conway/impl/cddl-files/conway.cddl#L60
-[vkeywitness]: https://github.com/IntersectMBO/cardano-ledger/blob/ab8d57cf43be912a336e872b68d1a2526c93dc6a/eras/conway/impl/cddl-files/conway.cddl#L436
diff --git a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-xxxx.md
index d0976c4f8e9..868b488bddc 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-xxxx.md
+++ b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-xxxx.md
@@ -61,6 +61,8 @@ However forcing all authentication through a wallet has several primary disadvan
 
 * Wallets only are guaranteed to provide `signData` if they implement CIP30, and that only allows a single signature.
 * There are multiple keys controlled by a wallet and its useful to ensure that all keys reflected are valid.
+* Its equally important to ensure that registrations prove custody/ownership of certain on-chain identities,
+  such as registered stake address or drep registration.
 * Metadata in a transaction is inaccessible to plutus scripts.
 * Wallets could present raw data to be signed to the user, and that makes the UX poor because the user would have difficulty
   knowing what they are signing.
@@ -68,6 +70,7 @@ However forcing all authentication through a wallet has several primary disadvan
 * Putting chain keys in metadata can be redundant if those keys are already in the transaction.
 * Some authentication needs to change with regularity, such as authentication tokens to a backend service,
   and this would require potentially excessive wallet interactions.
+  This would lower UX quality and could impact participation.
 
 The proposal here is to register dApp specific keys and identity, but strongly associate it with on-chain identity,
 such as Stake Public Keys, Payment Keys and Drep Keys, such that off chain interactions can be fully authenticated,
@@ -75,13 +78,21 @@ and only on-chain interaction requires interaction with a Wallet.
 
 ## Specification
 
+Role registration is encapsulated inside a [x509 Envelope](../x509-envelope-metadata/cip-xxxx.md) metadata record.
+This enables the data to both be compressed, saving on-chain space and also to have more expressivity and
+less restrictions vs raw on-chain metadata.
+
+This specification covers the general use of the x509 registration format and is not specific to any dApp.
+dApps can utilize any subset of the features defined herein, and dApps define their own roles.
+
 In order to maintain a robust set of role registration capabilities Role registration involves:
 
 1. Creation of a root certificate for a user or set of users and associating it with an on-chain source of trust.
 2. Obtaining for each user of a dapp, or a set of users, their root certificate.
 3. Deriving role specific keys from the root certificate.
 4. Optionally registering for those roles on-chain.
-5. Signing and/or encrypting data with the root certificate or a derived key, or a certificate issued by a previously registered root certificate.
+5. Signing and/or encrypting data with the root certificate or a derived key, or a certificate issued by a previously
+   registered root certificate.
 
 Effectively we map the blockchain as PKI (Public Key Infrastructure) and define the methods a dapp can use to exploit this PKI.
 
@@ -120,37 +131,18 @@ We intentionally take advantage of the significant existing code bases and infra
 
 #### Certificate formats
 
-x.509 certificates can be encoded in
-
-We encode x.509 certificates using [CBOR Encoded X.509 Certificates][C509], Each certificate includes its on-chain anchor (public key).
-The on-chain anchors currently envisioned are:
-
-1. Stake Address
-2. dRep Key
-
-The transaction that is submitted on-chain which includes the certificate in its metadata MUST be witnessed by it's on-chain anchor.
-This is used to prove that the certificate and on-chain anchor are controlled by the same entity.
-It prevents replay attacks where people could try and associate a different on-chain anchor with a certificate.
+x.509 certificates can be encoded in:
 
----
-
-Note: **The information below is to be reviewed in-light of the above**
-
-Role registration is achieved by using two metadata records attached to the same transaction.
+* Binary DER format
+* [CBOR Encoded X.509 Certificates][C509].
 
-### Metadata Labels
+### Metadata Structure
 
-| Metadata Label | Description |
-| ---   | --- |
-| `7222` | The RBAC Metadata Label |
-| `7223` | The RBAC Metadata witness set Label |
+The formal definition of the x509 certificate payload is [here](./x509-roles.cddl).
 
-Both pieces of metadata must be present in the same transaction for the registration to be valid.
+The format can be visualized as:
 
-`7222` AND `7223` define this Metadata as being Role Registration Metadata.
-These Metadata key should not be used for another purpose.
-
-Note: **7222 is RBAC when decoded using the telephone ITU E.161 standard**
+![x509 Registration Format](./images/x509-roles.svg)
 
 ### Metadata Encoding
 
@@ -170,391 +162,136 @@ Each dApp may have further validity requirements beyond those stated herein.
 
 At a high level, Role registration will collect the following data:
 
-1. A [role public key or non-empty list of role public keys](#subkey-1---role-specific-public-key-or-role-public-key-array);
-2. A [stake address for the network that this transaction is submitted to](#subkey-2---stake-public-key);
-3. An *Optional* [Shelley payment address]().
-4. A [nonce]() that identifies that most recent registration.
-5. The [role]() being registered.
-6. A [dApp ID]() which defines the dApp the registration belongs to.
-6. An *Optional* [expiry timestamp]().
-7. Optional dApp defined [extended registration metadata]().
-
-The formal specification for the `7222` Metadata is [CIPxxxx Metadata CDDL][].
-
-Informally, all Registrations follow the same generalized Format (Non-Normative):
-
-```cbor
-7222: {
-  // Role Public Key or Role Public Key Array
-  1: #6.32773(h'a6a3c0447aeb9cc54cf6422ba32b294e5e1c3ef6d782f2acff4a70694c4d1663') ; or
-     [#6.32773(h'A71A8700248D4C91E01A2A2CB5F4F0E664F084EB761C6792AEDD28160C1E403C'), 
-      #6.32773(h'C606D983C5545800FAF20519D21988AA0A13271BA12BA9A8643FCFAD58697C97')] ; or
-     [
-      [#6.32773(h'A71A8700248D4C91E01A2A2CB5F4F0E664F084EB761C6792AEDD28160C1E403C'), 50], 
-      [#6.32773(h'C606D983C5545800FAF20519D21988AA0A13271BA12BA9A8643FCFAD58697C97'), 50]
-     ]
-  // Stake Public Key
-  2: #6.32773(h'ad4b948699193634a39dd56f779a2951a24779ad52aa7916f6912b8ec4702cee'),
-  // Payment Address
-  3: #6.???h'00588e8e1d18cba576a4d35758069fe94e53f638b6faf7c07b8abd2bc5c5cdee47b60edc7772855324c85033c638364214cbfc6627889f81c4',
-  // nonce
-  4: #6.32770 h'018d45d8deb3a1b171f6b38577ecee20',     // ULID
-  // Role
-  5: 0,
-  // dApp ID (UUID or ULID)
-  6: #6.37    h'a3c12b1c98af4ee8b54278e77906c0fc'; or  // UUID
-     #6.32770 h'018d1d2acaf04486be189dbc5ae35e51',     // ULID
-  // Expires - Optional
-  7: #6.1(0),
-  // dApp Defined Metadata - Optional
-  100+: <Any>
-}
-```
-
-Keys between `8` and `99` are reserved for any future extensions to this specification.
-They must not be defined by any dApp for private use.
-These keys, if defined, will be defined by a CIP which extends this base specification.
-
-Keys above `100` are reserved for dApp specific use, and may be defined either formally by a CIP or informally by any dApp.
-General parsers of this data should accept, but not otherwise interpret keys `100`+ unless they specifically understand
-the requirements of the identified dApp.
-
-### Subkey 1 - Role Specific Public Key OR Role Public Key Array
-
-Subkey 1 is either:
-
-* A Single [Role Specific Public Key](#subkey-1---role-key---single-role-specific-public-key); OR
-* A [Optionally Weighted List of Role Specific Public Keys](#subkey-1---role-key---list-of-role-keys).
-
-#### SubKey 1 - Role Key - Single Role Specific Public Key
-
-The Role Key is an [Ed25519-BIP32][CIP0003] public key.
-
-This is represented as a CBOR Byte-string, 32 bytes long.
-It is tagged with `#6.???` to unambiguously identify the key type.
-This is to allow the specification to evolve in a forward compatible manor if new key types are introduced.
-
-Any and All authoritative actions performed under the registered Role MUST be signed with an owned Role Key.
-How the dApp signs the data and what format that data or signature takes is not defined in this CIP.
-
-The Witness data informs if the Role key is being used by reference, and is not owned by the registration,
-or is owned and controlled by the registration.
-This distinction is important in cases where a Role is being delegated to another registration.
-The definition of the `purpose` will declare if it is valid for a particular Role to delegate or not and is
-outside the scope of this specification.
-
-Role keys MUST be derived using the following specific key derivation path.
-This is to allow Key recovery across compatible wallets.
-An implementation will be non-conforming to this specification if it does not use the defined Key derivation path.
-
-It is valid for multiple Stake addresses to register with the same Role key, but they MUST prove ownership of the key
-otherwise it will be identified as a delegation.
-The dApp defines the limits of this relationship, and that can differ on a role by role basis.
-
-Role keys MUST, as far as practically possible, be unique to a dApp to ensure they are not improperly used across dApps.
-The aim is for a Role key to unambiguously declare the intention of the user to act with their role.
-See [Key Derivation](#key-derivation) for details on how the Role key MUST be derived from the master key of the wallet.
-
-Other than the fact that a registration unambiguously associates one or more Stake addresses to a Role Specific Public Key,
-this CIP does not define how that is validated for any particular dApp or Role.
-A later section of this CIP will demonstrate possible validation scenarios that a dApp can adopt.
-
-Example:
-
-```cbor
-h'a6a3c0447aeb9cc54cf6422ba32b294e5e1c3ef6d782f2acff4a70694c4d1663'
-```
-
-##### Key Derivation
-
-It is REQUIRED that path based key derivation be used to generate the Role Specific Public Key.
-If a wallet is incapable of using path based key derivation as defined by this specification it is
-not capable of conforming to the requirements of this specification.
-
-Key derivation is used to avoid linking Role access keys directly with Cardano spending keys.
-It also provides a mechanism to unambiguously identify the role being asserted when data is signed.
-
-The Role Specific key derivation path must start with a specific segment:
-
-Path based key derivation is limited to 31 bits, per path component.
-The [dApp ID] is 128 bits.  
-It is required that the Role key be, as far as practically possible, unique amongst dApps.
-This is to prevent a Role from one dApp being misused by another, either intentionally or inadvertently.
-
-However key derivation is limited to 31 bits, accordingly, the [dApp ID] will be hashed with Blake2B and a
-31 bit digest will be produced.
-The aim is to as far as practical cause dApps to have distinct Role keys under normal circumstances.
-
-`m / 7222' / 1815' / account' / chain' / hash(dApp ID) / role`
-
-* `7222'` : The registration metadata field key from this CIP.
-* `1815'` : The year Ada Lovelace was born - Identifies this key as being for Cardano.
-* `account'` : The voters account
-* `chain'` : The chain on which the voter is registering.
-* `hash(dapp ID)` : The [hashed](#hashdapp-id) [dApp ID]
-* `role` :  The role being registered for.
-
-Note: It is specifically required that the Role Key NOT CHANGE for the same dApp UUID/Purpose for any compliant Wallet.
-This is because its possible to make both single and array role registrations, and its critical the key be the same in these.
-It also critical that the Role keys be freely transferable and recoverable across wallets.
-The necessity of this will be expanded on when the witness is discussed below.
-
-##### hash(dapp ID)
-
-The [dApp ID] will be reduced to 31 bits by using Blake2B with a 32 bit digest over the [dApp ID].
-
-To ensure the hardening bit is not set, the high bit of the resultant hash will be forced to 0.
+1. An [optional list](#x509-certificate-lists) of DER format x509 certificates.
+2. An [optional list](#x509-certificate-lists) of [CBOR Encoded X.509 Certificates][C509]
+3. An [optional list](#simple-public-keys) list of tagged simple public keys.
+4. An [optional certificate revocation](#certificate-revocation-list) set.
+5. An optional set of role registration data.
 
-```text
-  hash(dapp ID) == blake2b_32(dapp ID) & 0x7FFFFFFF
-```
+### x509 Certificate Lists
 
-While 31 bits is small, and could be subject to a collision attack, the intention here is not to prevent
-deliberately contrived collisions but to disambiguate dApps under normal circumstances.
-As the [dApp ID] is not controllable, a malicious dApp could simply use the same dApp ID as another.
-Therefore it is not possible to protect against a collision and the [dApp ID] is not a security mechanism
-in any event.
+There can be two lists of certificates.
+They are functionally identical and differ only in the format of the certificate itself.
 
-#### SubKey 1 - Role Key - List of Role Keys
+DER Format certificates are used when the only certificate source is a legacy off-chain certificate.
+These are not preferred because they can be transcoded into c509 format, and are usually larger than their c509 equivalent.
+However, it is recognized that legacy support for x509 DER format certificates is important, and they are supported.
 
-Catalyst has the need to associate role registrations as a list, and optionally to have those registrations weighted.
-For example, this will be used to:
+Preferably all certificates will either be uniquely encoded as c509 encoded certificates,
+or will be transcoded from a DER format x509 certificate into it's c509 equivalent.
 
-* Define Voter Delegation to representatives.
-* Define Co-Proposers for Catalyst proposals.
+The certificate lists are unsorted, and are simply a method of publishing a new certificate on-chain.
 
-It is generally useful to be able to associate multiple role public keys together.
+The only feature about the certificate that impacts the role registration is that certificates
+may embed references to on-chain keys.
 
-How these role registration lists are used and validated by any dApp are outside the scope of this CIP.
-The [individual role keys](#subkey-1---role-key---single-role-specific-public-key) within a Role Key list are defined
-according to this specification above.
+In the case where a certificate does embed a reference to an on-chain key,
+the key SHOULD be present in the witness set of the transaction.
+Individual dApps can strengthen this requirement to MUST.
 
-There are two possible General formats of a role registration list is:
+By including the Signature in the transaction, we are able to make a verifiable link between the
+off-chain certificate and the on-chain identity.
+This can not be forged.
 
-* [Simple Role Key List](#simple-role-key-list)
-* [Weighted Role Key List](#weighted-role-key-list)
+### Simple Public Keys
 
-A simple list is equivalent to a weighted role key list.
-If a Weighted list is expected in a registration, and a simple list is found in a registration,
-then it is interpreted as a weighted role key list where each entry is equally weighted.
-This can be used to decrease the size of the registration metadata by eliding the weights when
-they are all the same.
+Rather than require full certificates, dApps can use simple public keys.
+The simple public key list is for that purpose.
+The list acts as an array,  the index in the array is the offset of the key.
 
-However, the converse is not true.
-If a Role expects a simple role key list, and a weighted role key list is found in the registration then
-the format is invalid.  
-This is because it is not possible to determine the expected behavior of the unused weights.
+CBOR allows for array elements to be skipped or marked as undefined.
 
-* [\<Role Public Key\>](#subkey-1---role-key---single-role-specific-public-key) : is the role specific public key defined above.
-  * This key can belong to the registering user themselves; or
-  * Can belong to another user,  either from the same or a different role registration.
-  * Must be for the same [dApp UUID][dApp-UUID].  (Cross dApp Registrations is not defined or supported by this CIP).
-* <Weight> : is a 4-byte unsigned integer (CBOR major type 0, The weight may range from 0 to 2^32-1).
-  * The dApp defines what the weight means.
-  * Other than validating it is in-range no further validation is done at the base registration level.
-  * For example:
-    * Project Catalyst uses the weight to apportion Voting Power in a delegation registration.
-    * Another dApp may use the weight to define the relative contribution each Role Key plays in a grouped registration.
-    * The dApp is responsible for defining what the Weight means for a particular role.
-    * If all weights are equal and convey no further meaning they can be elided to reduce the
-      size of the registration metadata.
-    * A dApp can specify if it is NOT valid to elide the Weight from a weighted role public key list.
+The actual set of simple public keys registered is the union set of all simple public keys registered on-chain.
+This allows simple public keys to be securely rotated or removed from a registration.
 
-Each dApp defines what is meant by a Role Key List.
-They define if the List is weighted or not and how it is to be interpreted, in reference to the Role itself.
+CBOR allows elements of an array to be skipped or marked as absent using [CBOR Undefined/Absent Tags].
 
-##### Simple Role Key List
+An element in the array marked "undefined" (`0xf7`) is used to indicate that no change to that array position is to be made.
+An element in the array marked "absent" (`0xd8 0x1f 0xf7`) is used to indicate that any key at this position is revoked.
 
-```cbor
-  [ <Role Public Key 1>, <Role Public Key 2>, ... ]
-```
+Using these two element we can define the array as the union of all arrays and keys can be freely altered or removed.
 
-example:
+Examples:
 
-```cbor
-[ 
-    h'A71A8700248D4C91E01A2A2CB5F4F0E664F084EB761C6792AEDD28160C1E403C', 
-    h'C606D983C5545800FAF20519D21988AA0A13271BA12BA9A8643FCFAD58697C97'
-]
+```txt
+[Key 1, Key 2, Key 3] +
+[undefined, absent, undefined]
 ```
 
-##### Weighted Role Key List
+would result in:
 
-```cbor
-  [
-    [ <Role Public Key 1>, <Weight 1> ],
-    [ <Role Public Key 2>, <Weight 2> ],
-    ...
-  ]
+```txt
+[Key 1, undefined, Key 3]
 ```
 
-example:
+If this was followed with:
 
-```cbor
-[
-  [h'A71A8700248D4C91E01A2A2CB5F4F0E664F084EB761C6792AEDD28160C1E403C', 25],
-  [h'C606D983C5545800FAF20519D21988AA0A13271BA12BA9A8643FCFAD58697C97', 75]
-]
+```txt
+[undefined, undefined, undefined, undefined, Key 5]
 ```
 
-#### Tooling
-
-Supporting tooling should clearly define and differentiate this as a unique key type, describing such keys as "CIP-xx role keys".
-When utilizing Bech32 encoding the appropriate `role_sk` and `role_vk` prefixes should be used as described in [CIP-05](https://github.com/cardano-foundation/CIPs/tree/master/CIP-0005)
-
-Examples of acceptable `keyType`s for supporting tools:
-
-| `keyType` | Description |
-| --------- | ----------- |
-| `CIP36RoleSigningKey_ed25519` | CIPxx Role Signing Key |
-| `CIP36RoleVerificationKey_ed25519` | CIPxx Role Verification Key |
+we would then have the resultant set of keys:
 
-### SubKey 2 - Stake Public Key
-
-This is represented as a CBOR Byte-string, 32 bytes long.
-
-This is the actual [ED25519-BIP32] Stake Public key of the wallet, and NOT the stake key public hash.
-This is the primary key associating the users wallet with their role key.
-How the dApp uses this information is dApp specific.
-For example Project Catalyst can use this information to derive voting power for a voter role.
-
-It is an ed25519 public key, and is represented as a byte-string 32 bytes in length.
- Example:
-
-```cbor
-#6.32773(h'ad4b948699193634a39dd56f779a2951a24779ad52aa7916f6912b8ec4702cee')
+```txt
+[Key 1, undefined, Key 3, undefined, Key 5]
 ```
 
-Note: There can only be a single Stake Public Key in the registration.
-Multiple Stake Public Keys can be associated with the same Role Key/s, however there needs to be one registration per stake address.
-
-### SubKey 3 - Payment Address (OPTIONAL)
+The latest key set is what is currently active for the role.
 
-This is represented as a CBOR Byte-string, Between 29 and 57 bytes long (inclusive).
+These keys are usable to sign data for a role, but are not a replacement for certificates, and some roles may not allow their use.
 
-If Present, this is a Shelley payment address as defined by [CIP-0019].
-If must be discriminated for the same network this transaction is submitted to.
-Its purpose is to enable a role registration to receive rewards.
-How or what rewards can be earned are outside the scope of this CIP.
+### Certificate Revocation List
 
-For CIP-15 compatibility ONLY,  in a CIP-15 format registration, a Stake Reward Address may also be present in Subkey 3.
+The certificate revocation list is used by an `issuer` of a certificate to revoke any certificate they have issued.
+The certificate is considered revoked as soon as it appears in the revocation list.
+If a self signed certificate is to be rolled, a registration will revoke the previously self signed certificate and
+simultaneously register a new certificate.
 
-This Subkey is optional, because not all roles will need or offer the ability to be earn rewards for the role.
-In these cases, the payment address is redundant.
-The dApp defines if this field is required or not for a particular role, and that is outside the scope of this CIP.
+This ensures that the roles registered always have a valid certificate and allows registration to be dynamically updated.
 
-### SubKey 4 - Nonce
+The revocation list is simply a list of blake2b-128 hashes of the certificate/s to be revoked.
+Note, as stated above the only party that can revoke a certificate is the issuer, so the metadata must be posted by the issuer using
+their own role 0 key.
 
-The `nonce` is an unsigned integer (of CBOR major type 0).
+Any certificate that is revoked which was used to issue other certificates results in ALL certificates issued by the
+revoked certificate also being revoked.
 
-It SHOULD be monotonically rising across all transactions with the same staking key.
-A simple way to ensure the `nonce` is monotonically increasing, without reference to the previous `nonce` is to use the the current slot number, at the time the transaction is created.
+### Role definitions
 
-The `nonce` is specific to the dAPP UUID and Purpose.
-The greatest `nonce` for any particular `dApp UUID` + `purpose` is the latest registration transaction, regardless of the order they are seen on the blockchain itself.
+Roles are defined in a list.
+A user can register for any available role, and they can enrol in more than one role in a single registration transaction.
 
-For example, given the following transactions for the same Stake Address:
+The validity of the registration is as per the rules for roles defined by the dApp itself.
 
-| Slot No | Purpose | UUID | Nonce |
-| ---     | ---     | ---  | ---   |
-| 6128480 | 0       | h'ca7a195772774f8884dd5990f4c2ef95' | 6128420 |
-| 6128500 | 0       | h'ca7a195772774f8884dd5990f4c2ef95' | 6128400 |
-| 6128520 | 0       | h'ca7a195772774f8884dd5990f4c2ef95' | 6128380 |
+Role registration data is further divided into:
 
-The transaction in the earlier slot# 6128480 would be the latest of these 3 registrations, because it has the highest `nonce`.
- This can occur because it is possible for transactions in a small window of time to be added to a block in a different sequence to the one they were posted in.
+1. [A Role number](#role-number)
+2. An Optional reference to the roles signing key
+3. An Optional reference to the roles encryption key
+4. An optional reference to the on-chain payment key to use for the role.
+5. And an optional dApp defined set of role specific data.
 
-The `nonce` when used correctly, therefore unambiguously defines the chronological order of the transactions.
+#### Role Number
 
-In the event that a `nonce` is exactly the same in two or more registrations for the same dApp UUID/Purpose,  then the chronological order they appear in the blockchain determines which of the ambiguous `nonce` are the latest, for example:
+All roles, except for Role 0, are defined by the dApp.
 
-| Slot No | Purpose | UUID | Nonce |
-| ---     | ---     | ---  | ---   |
-| 6128480 | 0       | h'ca7a195772774f8884dd5990f4c2ef95' | 6128420 |
-| 6128500 | 0       | h'ca7a195772774f8884dd5990f4c2ef95' | 6128420 |
-| 6128520 | 0       | h'ca7a195772774f8884dd5990f4c2ef95' | 6128420 |
+Role 0 is the primary role and is used to sign the metadata.
+All compliant implementations of this specification use Role 0 in this way.
 
-The registration in Slot No 6128520 is the latest registration, because the `nonce` is unable to unambiguously define the chronological order the transactions were posted.
+#### Reference to a role signing key
 
-The dApp defines for every purpose what a `later` vs `older` registration means.
-It is common that a later `nonce` obsoletes an earlier registration for the same purpose.
+Each role can optionally be used to sign data.
+If the role is intended to sign data, the key it uses to sign must be declared in this field.
+This is a reference to either a registered certificate for the identity posting the registration,
+or one of the defined simple public keys.
 
-The full definition of registration validity and priority with respect to chronology of the transactions is outside the scope of this CIP and must be defined by every dApp which implements this specification.
+A dApp can define is roles allow the use of certificates, or simple public keys, or both.
 
-### SubKey 5 - Purpose
+Role 0 MUST have a signing key, and it must be a certificate.
 
-The `purpose` is an unsigned integer (of CBOR major type 0).
-
-Purpose defines the PURPOSE the registration transaction is for.
-The dApp can define any number of purposes, and their definition is outside the scope of this specification.
-
-The combination of a [dApp UUID][dApp-UUID] and Purpose defines a specific role registration for a dApp.7
-
-For example,  in Project Catalyst Purpose 0 defines a Voter registration.
-
-This specification is not limited to this definition for Purpose 0, and any other dApp may assign a different Purpose to Purpose 0, within its unique [dApp UUID][dApp-UUID].
-
-### SubKey 6 - dApp UUID
-
-This is represented as a CBOR Byte-string, 16 bytes long.
-
-Each dApp that uses this specification MUST define a [Random V4 UUID](https://www.rfc-editor.org/rfc/rfc4122).
-Other UUID version types are invalid.
-Nil or MAX UUID V4 are also invalid and must not be used.
-The Random UUID must be properly generated using a good quality RNG.
-
-Briefly, the Display Format of a Valid V4 UUID is:
-
-```uuid
-xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx
-```
-
-y has the bit pattern [10xxxxxx].
-
-All `x` Bytes/Bits are randomly determined.
-
-However, in the registration transaction it is always represented in its compact format of 128 bits (16 bytes).
-
-It is recommended that dApps register their self allocated UUID in the following table.
-
-UUID Registration:
-| `UUID` | dApp Assigned | CIP Defining Roles |
-| --------- | ----------- | --- |
-| `ca7a1957-7277-4f88-84dd-5990f4c2ef95` | Project Catalyst UUID | CIP-62 |
-
-However as the chance of a collision if a Random UUID is highly unlikely (103 Trillion Properly generated v4 UUID's have a 1 in 1 billion chance of collision.) this is not a requirement.
-
-It is in the dApp implementors self interest to generate a good quality UUID to allow them to correctly distinguish their registrations vs those of another application.
-
-### SubKey 7 - Expires (Optional)
-
-The Expiry is represented by an unsigned integer (of CBOR major type 0) a maximum of 64 bits in size.
-
-If the Expires sub key is not present, it defaults to 0.
-The Expires subkey set to 0 = DO NOT EXPIRE.
-
-Any other value defines the time, as an integer number of seconds since 1/1/1970 UTC.
-Otherwise known as Unix Epoch time.
-When the Unix Epoch time exceeds the Expires time, the registration should be considered obsolete or invalid.
-
-For example an expires time of 1688169600 will be considered expired only after Saturday, July 1, 2023 0:00:00 UTC.
-
-This allows dApps and Role registrations to be bounded by the creator of the registration ONLY.
-
-Individual dApps will specify how exceeding Unix Epoch time effects the registration.
-The dApp may define that expiry is not available, in which case this field will have no effect.
-However, if it is supported by the dApp, it must be interpreted as defined here.
-
-The dApp is also free to apply other "expiry" conditions to old registrations, and they are outside the scope of this specification.
-For example,  a dApp may reject or ignore all registrations that were placed on chain more than 6 months before they are used, regardless of the setting of `expires`.
-
-### SubKey 8-99 - Reserved
-
-These subkeys are reserved and may not be used by a dApp that conforms to this specification.
-If these keys are defined at a later date, they will de defined ina CIP which either updates or obsoletes this specification.
-
-Any dApp which uses Subkeys 8-99 violates this CIP and is non-conformant.
-However, a wallet should not reject the creation of a registration that violates this rule, to allow for future upgrades or amendments to the specification without necessitating tooling changes to support them.
+A reference to a key/certificate can be a cert in the same registration, or any previous registration.
+If the certificate is revoked, the role is unusable for signing unless and until a new signing certificate
+is registered for the role.
 
 ### SubKey 100+ - dApp Defined Extended Metadata
 
@@ -576,24 +313,12 @@ This is because definition of this metadata is intentionally fluid to allow the
 ### High level overview of the Role Registration witness data
 
 ## Rationale: how does this CIP achieve its goals?
-<!-- The rationale fleshes out the specification by describing what motivated the design and what led to 
-particular design decisions.
-It should describe alternate designs considered and related work. 
-The rationale should provide evidence of consensus within the community and discuss significant objections 
-or concerns raised during the discussion.
-
-It must also explain how the proposal affects the backward compatibility of existing solutions when applicable. 
-If the proposal responds to a CPS, the 'Rationale' section should explain how it addresses the CPS, 
-and answer any questions that the CPS poses for potential solutions.
--->
 
 ## Path to Active
 
 ### Acceptance Criteria
-<!-- Describes what are the acceptance criteria whereby a proposal becomes 'Active' -->
 
 ### Implementation Plan
-<!-- A plan to meet those criteria. Or `N/A` if not applicable. -->
 
 ## References
 
@@ -607,5 +332,5 @@ Code samples and reference material are licensed under [Apache 2.0]
 [Apache 2.0]: https://www.apache.org/licenses/LICENSE-2.0.html
 [CBOR]: https://www.rfc-editor.org/rfc/rfc8949.html
 [CBOR - Core Deterministic Encoding Requirements]: https://www.rfc-editor.org/rfc/rfc8949.html#section-4.2.1
-[CIP0003]: https://cips.cardano.org/cip/CIP-0003
 [C509]: https://datatracker.ietf.org/doc/html/draft-ietf-cose-cbor-encoded-cert-07
+[CBOR Undefined/Absent Tags]: https://github.com/svaarala/cbor-specs/blob/master/cbor-absent-tag.rst
diff --git a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/images/x509-roles.d2 b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/images/x509-roles.d2
new file mode 100644
index 00000000000..dd844049df0
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/images/x509-roles.d2
@@ -0,0 +1,49 @@
+vars: {
+  d2-config: {
+    layout-engine: elk
+
+    # Terminal theme code
+    theme-id: 300
+  }
+}
+
+classes: {
+  NONE: {style.opacity: 0}
+  RBAC_TABLE: {
+    shape: sql_table
+    style: {
+      border-radius: 15
+    }
+  }
+}
+
+title: |md
+  # x509 RBAC Metadata
+| {
+  shape: text
+  near: top-center
+  style: {
+    font-size: 25
+  }
+}
+
+a_block: "" {
+  rbac: "x509 Role based Access Control" {
+    class: RBAC_TABLE
+    ? 10=x509 certs: "[ + DER Certs ]"
+    ? 20=c509 certs: "[ + CBOR Certs ]"
+    ? 30=public keys: "[ + Public Keys ]"
+    ? 40=revocation set: "[ + Revoked Cert hash]"
+    "? 100=Role Data Set": "[ + Role Data ]"
+  }
+
+  role_data: "Role Data" {
+    class: RBAC_TABLE
+    0=role number: "uint"
+    ? 1=role-signing-key: "Key Reference"
+    ? 2=role-encryption-key: "Key Reference"
+    ? 3=payment-key: "OnChain Payment Key Reference"
+    ? 10-99=Role Specific Data: "Variable per Role"
+  }
+  rbac."? 100=Role Data Set" -> role_data
+}
diff --git a/docs/src/catalyst-standards/draft-cips/images/x509-roles.svg b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/images/x509-roles.svg
similarity index 50%
rename from docs/src/catalyst-standards/draft-cips/images/x509-roles.svg
rename to docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/images/x509-roles.svg
index 587bbf3cf80..c2da010a551 100644
--- a/docs/src/catalyst-standards/draft-cips/images/x509-roles.svg
+++ b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/images/x509-roles.svg
@@ -1,13 +1,13 @@
-<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" d2Version="v0.6.3-HEAD" preserveAspectRatio="xMinYMin meet" viewBox="0 0 1271 776"><svg id="d2-svg" class="d2-3019508570" width="1271" height="776" viewBox="-89 -89 1271 776"><rect x="-89.000000" y="-89.000000" width="1271.000000" height="776.000000" rx="0.000000" class=" fill-N7" stroke-width="0" /><style type="text/css"><![CDATA[
-.d2-3019508570 .text {
-	font-family: "d2-3019508570-font-regular";
+<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" d2Version="v0.6.3-HEAD" preserveAspectRatio="xMinYMin meet" viewBox="0 0 1012 903"><svg id="d2-svg" class="d2-399215133" width="1012" height="903" viewBox="-89 -188 1012 903"><rect x="-89.000000" y="-188.000000" width="1012.000000" height="903.000000" rx="0.000000" class=" fill-N7" stroke-width="0" /><style type="text/css"><![CDATA[
+.d2-399215133 .text {
+	font-family: "d2-399215133-font-regular";
 }
 @font-face {
-	font-family: d2-3019508570-font-regular;
+	font-family: d2-399215133-font-regular;
 	src: url("data:application/font-woff;base64,d09GRgABAAAAABLMAAoAAAAAHBwAAguFAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgXd/Vo2NtYXAAAAFUAAAA0QAAASgGygeUZ2x5ZgAAAigAAAvAAAAP+GFO4ehoZWFkAAAN6AAAADYAAAA2G4Ue32hoZWEAAA4gAAAAJAAAACQKhAX3aG10eAAADkQAAAC4AAAA1GLdCpFsb2NhAAAO/AAAAGwAAABsb3hzuG1heHAAAA9oAAAAIAAAACAATQD2bmFtZQAAD4gAAAMjAAAIFAbDVU1wb3N0AAASrAAAAB0AAAAg/9EAMgADAgkBkAAFAAACigJYAAAASwKKAlgAAAFeADIBIwAAAgsFAwMEAwICBGAAAvcAAAADAAAAAAAAAABBREJPAEAAIP//Au7/BgAAA9gBESAAAZ8AAAAAAeYClAAAACAAA3icjM67LrMBHIDx3/u1/VB1PlO81LFVajAYRAwmEUJiEYNRLGIQbslhFofFJXAHdouk+1/SNGbP/BseJDISFGSTIspSWXmpkoqqNes2bNq2Y9e+Q0eOnThz4cpNBL+21rRbDbvnoGlPnbt0HRGfCnIRUY/vqMdXvMVrvMRzPMVjfMR7PMR93MVt4+ivJVbULJkxa868BYvKVlX8k5GV81+LVm3y2hV0qFrWqUu3Hr369BswaMiwEaPGFI2bMCk1ZVqJHwAAAP//AQAA//+bijVBAAAAeJx0V2lwG+d5/r4PIFcSwGMJLBYAce0uicVJkFjsLi4CIgiQIAUQJECIIiVCFyVSkqVKlGWXtkqlY/kY13XRRh5rUsVVGs807sSNU89I9XjSSS07ZRvZjt00R9N60v5gPbHbNCzbxk246OwChCil+bGzGMzuezzv8z7Pt6AFzAKAeHQNqMBu0AG6AAEAh1N4L8WyDCZyosiQKpGFODYL/1GqQjgWUguCeiD1SWrlyhV4YBVd23ooenVx8Z3Ko49Kv7v+sRSE730MEFABgKyoCnYDHAAdxrFOJ8u0tqp0nI5hGezb9nfsXY5OdYfjHz6qfDSb+GkS/sbCgng2EjkrzaHq1vm1NQAAUIE5AFAPqgIcmAEj18YFDQZC34oRyq2VUXFBgQ85GQbf/jF3Z/hEZCAQ25c8P756dHo8nz+xXK7M719GVcdIdKDQodZMpPfu98CVaDDSv7WZTA1GAAAQhGqbqBvdAFYAWminkw8JAhc0kJjTydCtrYTeYOCCgki2tsJi8bf35a6W4ocsfnPKk5jnggcTgXF7H3tMO3X9zOnrxQGHYKGHHikWV1IuOuQPAgCQ0ksIVcEuGROlE0LfyrDNul++/tIXXyjvu3jx4sV9qPrKjS/+Wfp3Ll9+UqltDgD4EaoCjTIfgiI4giEoYg4+Jv3ws8/gAKqOvDf676Pbz6IkqgKtkgXnIIfpGBVGzJVUEK+8+2/zb19AVek2HPtf6TQsP/md7Xd+C1Xl3jmc0xkMJCcIoo7DGTwkiAymYlQsYzAQ+NzCqpbUqrWE9vKJiV0qdeiyeDmkVmGoKv0xnaHpDA0rW+fhKd8Z7wvSV+H0C94zPulFpX8Z3xPoBuh4AGFlkGxQUGCgFaBhrnhldPRKsbSaza6WYjP9pw8cON1/QDv9hVOnXpyaevHUqS9Mjw2vFB97/vnHiivDoImvRsFIv4MpDIPfo8ab4+cSTz300LH9pZn9FVTtKWcXF6RfwuzQyKjYjOFAVdAOyJ1s0zGqnWHeHV6KTab/pPLSo+fyxWL+HKoyU+ncPC79CySkT+Bscu9QCCiz8NQ24U/RDeBXOmZFhUN8yOlk2T50P8PkvknShmQ0YGfmEW+QOcwNZa0D9op90M1XYrEFxm8b6xOHqaB53jnYIyxoeV+01x/rp12WdnebJ9UfLPj9PYKVCvnsbrPG1ekfGgiVgwAqAKlQFbQBwKl2zFf14Yezp7q6deouC36q/B1UlV6KnohGT0Thsa3z9ZnBr8MNYAY9AJC0PDIxpJSLsUrxBM7Ii80GBZFXluStwanf+0Pc6/KMWx308ejsZBpT0VMGJsGsHA1qx4Ymy7g9zDj0EYP77EHpe1GLJ0Xbn+6IB9y9AIFibRP+Aq0BHXDUEWMwBucIrJ6rzpM6TWQFgG56zKHCUkVEFVyHj8UOj8QLsYx9L+NIailrEK29dcDKPnWh9Egiszg3eZx21CxkfS59tU34NbgBLL9u17dXvWvvUnzoTKI/Y/IQAasvw5aG6aihh5rUxpcni8txmhR0xkA5XFq06kUrJXMoUNuEP9zuoY6ZEpzluW2wRL6Z6OcHz8WOip6EQ11KYypLzrQ3bo/Y2KRzRPvkSuFiwmYuvbkVjljcmWHJQgZK4ZnjACn1/y3cAEZgv68DmaxUU6hUlAIVJIdOJ5IL4vwJiKS/aJkZYWLdVnvh21CdjHBT2sHlwuRy4vJSm2l3/hCBC3obdI7nCwpONgBgEn237gsML/KhBk4MTcgahB9JpTJjpKezq9uSXlyEX0605MdndmNJbSU/LM0rGu6vOeCncAMMgEGQb7KId+64KUE5gmmIOs3WZ9CYuSp4Txp0jR2knfVn/nv2vJPqMtE6IxucHtD3tL2ygJP9k0GWbuvqHaiUy/FzOc9g3OuNDwoj01xgup3qNBv3/TidtEcMao3LYu9rU+vTXn7Cg7UkO3l7KOfGNd160iYO+nMB+PUkz8fjPJ+Unhl00ma1Wuch2D4FmyIA8PtoraE22xyVFVPhJ14sqph8MD9a9PX3xnrR2lsLVODovHQXutMJZ690E9RqIAMAeB3dQk4ge0Qr4C6DZux1tNbUcJ2s4SxGFKdU7x/88htzzx9Ea5INgjvSP/3k9Oca79Q2wQ/QGuioY4xzeJPGr/S5i+271Rim2WXQRnh0cuuaDocwoVbXc6GfwQ1AKblkYZCncV83WPNeTGMqR84bTnY4J3z7xoq+PiFd9AWENFwfYQIDPndou8V90s3GbRsruNHAqpFjJ1ZpTMVMNMFSgt2HVYPz/wE3QAfo/n/9o8kR2BFbTCYXY/GTyeTJeDKfTyYmJhr7Gl8uTi7H04ul6aWl6dIiUDSHg7+AG419vVedwkQnSxK6nZojV0oVvJVjscNhephGjyqSk+yhEu+i18MW19MXio8kbObyy7D1Ac2RMajAjYb717M0FKcOgCnrtpKdWn2HfdgE1w/0CXuyanUwIa3V37fUNuETcAN4lPnu9BLFSh5wkrqRfBCqMG5H2tvfT3HddMozW/BPWFwmwdHntfV3M2m/u6BlLaKJ8ttNNLmnjeLdsYKDDOmMHgtpJTRtlNjHplxKfmNtE2bQOdkZFX4xvChyigg0efbJxGA2tyfzxBOUp82m7dQHtHNZ2JZoeeaZYWnDP7BbncA0Sqx9tU34HlyX+XAfV/GGRP44ny15+50xWsaFzmmPzsOQ9P10gvXCWcmcc/UDKO8G/Gu4/que9ubXyoc0pEatIfccmvoqXJc+7ckyTLYH6iUzgKAdAPgaXAcmADiR5cjGiyKHkUzjnIph7X/0+dkhjbFNrTFoYvs//9LsaJu5Xd1m1Kakj8/oPHq9R3fmZ/91weAjCC95QelJWwso9XTvnI8o3ldaO5rrtGo7d+l3u4UOzZ3ycY1Jo9bo98xM3sYDmQ9a1UOoJebvgf8q/ac9S1NZB2zb2ujP+WWe+mqb8B30LNBsTyDUoOlO7n925OzZI4fPnj0cTqfD4UxG++rNL33lK1+6+WrqynPPPf74c89dUWotAABvo1VFX2Rb4gVBlEWs8AcP+4bMyatp+D1+F9m59a10nXs9AMC30bNybxyfQI11YJuLIosfR7iOPDUSH3SlLQHXwcTsyeFLOXPY9MbAkd+/xIkjfkfAxy+W448/XUDqUQCBubYJ/xI9+6t8ZvjmYfBeiu0T/6e5kw6PdSIcHWdnc+kCHeNcw1Zf71y49NDeUHQyfFgrMoKtby/vjDiSDoEKCD3WEOMv56PjenVbKRUu+gCSdxD+PVoFu2UGipzsRPLYdTzFQxkHhlhaU0O11tzOSf8M8UMzMxtvmLMm0kdKodcEeF16OPWajIuptgn/Cq02nP5eD0rpOopgsHsS9ZPcAuWy5sKxqfEEFbD6CJj8H5zss4qzwuAxrUAJFn9hODWu11kgN/oNbbv3QCZzNFg/27pqm/CbyuxdAOjqu6Lsuq6ZVRAVvdopipdiMceofVd2sG/oAJc39+lFm+xptklX8XiozCUXIplz8BuJMZd//mh+6+esJURaQr950uk7fmzwUCj9zOLnbozW8ztrm3AF/SkwgV4ARGdC9cB42lUktoORNzGj1+8Y6KdiZMBRFnMHHQFfdwttommTiWG+FcjGBcHhiti7vT2B/eNsMhxNeT5kuq0MY+1mZFzd4EewA5rl70iR5wj3+o+SSfn/Sm0J4uhtgClKTchnw8rrly5dVx0KbKFAnav22hL4oPGMwm0Otz/88J9fDyAp8MuX6/3ISf5O4bNdVgGGr18cplwEo1yMyGA6TmTmTJMzXeVDJE8+aeSNU/JvE2+8anJc7bp6N3Itevv27dvRa5G7d+/Clmv1GmiwBN9HPvl7TeQZnuMVoSR+cOvW0K1bS3cSd+4k7sj+T4Nvwvfhd5EThMAZ0ApC4IVtrwAvw3W5f9n/i0W4LmtX7W/QOBDRLTkuvgNvo91uNNrtaNxqMtpsRpNVqQF64fvwlBxDx1MEDV+F3kQCAPB/AAAA//8BAAD//60FZBIAAQAAAAILhRsmjktfDzz1AAMD6AAAAADYXaChAAAAAN1mLzb+Ov7bCG8DyAAAAAMAAgAAAAAAAAABAAAD2P7vAAAImP46/joIbwABAAAAAAAAAAAAAAAAAAAANXicHIo/LwRxGAbnebYVohFEzsZdxPlz22yIiEpUJJK385NofRq9XuVLqE+t8DF4m8t2K7vFZKYYv/LIElxT+Z7iK1q/ULxB8Q3FPxS/0fqc4kuKtzh2BepoPSe0ZOETGv2x0IyJOs5cE6y41S9BT1TXhKeEJ+MbeiL0zp6Cbdfc6Zs1fbI+OjlV8qBkpmRXyaaSHSVH+uBQF8zV8KyGfSVTJQcDrAjov4b+BwAA//8BAAD//5DgKbMAAAAsACwAUACGALYA1ADqAQQBNgFmAYgBsAH0AhACSAJ8AqoC3AMQAzIDngPAA8wD5gQCBDQEVgSCBLYE1gUWBTwFXgV6BaYF1gX8BhQGPgZ8BqAG1AcUB0wHWAdqB3wHrAfAB8wH2AfuB/wAAQAAADUAjAAMAGYABwABAAAAAAAAAAAAAAAAAAQAA3icnJTdThtXFIU/B9ttVDUXFYrIDTqXbZWM3QiiBK5MCYpVhFOP0x+pqjR4xj9iPDPyDFCqPkCv+xZ9i1z1OfoQVa+rs7wNNqoUgRCwzpy991lnr7UPsMm/bFCrPwT+av5guMZ2c8/wAx41nxre4Ljxt+H6SkyDuPGb4SZfNvqGP+J9/Q/DH7NT/9nwQ7bqR4Y/4Xl90/CnG45/DD9ih/cLXIOX/G64xhaF4Qds8pPhDR5jNWt1HtM23OAztg032QYGTKlImZIxxjFiyphz5iSUhCTMmTIiIcbRpUNKpa8ZkZBj/L9fI0Iq5kSqOKHCkRKSElEysYq/KivnrU4caTW3vQ4VEyJOlXFGRIYjZ0xORsKZ6lRUFOzRokXJUHwLKkoCSqakBOTMGdOixxHHDJgwpcRxpEqeWUjOiIpLIp3vLMJ3ZkhCRmmszsmIxdOJX6LsLsc4ehSKXa18vFbhKY7vlO255Yr9ikC/boXZ+rlLNhEX6meqrqTauZSCE+36czt8K1yxh7tXf9aZfLhHsf5XqnzKufSPpVQmJhnObdEhlINC9wTHgdZdQnXke7oMeEOPdwy07tCnT4cTBnR5rdwefRxf0+OEQ2V0hRd7R3LMCT/i+IauYnztxPqzUCzhFwpzdymOc91jRqGee+aB7prohndX2M9QvuaOUjlDzZGPdNIv05xFjM0VhRjO1MulN0rrX2yOmOkuXtubfT8NFzZ7yym+ItcMe7cuOHnlFow+pGpwyzOX+gmIiMk5VcSQnBktKq7E+y0R56Q4DtW9N5qSis51jj/nSi5JmIlBl0x15hT6G5lvQuM+XPO9s7ckVr5nenZ9q/uc4tSrG43eqXvLvdC6nKwo0DJV8xU3DcU1M+8nmqlV/qFyS71uOc/ok0j1VDe4/Q48J6DNDrvsM9E5Q+1c2BvR1jvR5hX76sEZiaJGcnViFXYJeMEuu7zixVrNDocc0GP/DhwXWT0OeH1rZ12nZRVndf4Um7b4Op5dr17eW6/P7+DLLzRRNy9jX9r4bl9YtRv/nxAx81zc1uqd3BOC/wAAAP//AQAA//8HW0wwAHicYmBmAIP/5xiMGLAAAAAAAP//AQAA//8vAQIDAAAA");
 }
 @font-face {
-	font-family: d2-3019508570-font-semibold;
+	font-family: d2-399215133-font-semibold;
 	src: url("data:application/font-woff;base64,d09GRgABAAAAABLcAAoAAAAAHFAAAguFAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgXqrWeWNtYXAAAAFUAAAA0QAAASgGygeUZ2x5ZgAAAigAAAueAAAP0Hr8LEhoZWFkAAANyAAAADYAAAA2FnoA72hoZWEAAA4AAAAAJAAAACQKgQX1aG10eAAADiQAAAC6AAAA1GYRCahsb2NhAAAO4AAAAGwAAABsbgpyRG1heHAAAA9MAAAAIAAAACAATQD2bmFtZQAAD2wAAANOAAAIcCYSZQ5wb3N0AAASvAAAAB0AAAAg/9EAMgADAhoCWAAFAAACigJYAAAASwKKAlgAAAFeADIBJgAAAgsGAwMEAwICBGAAAvcAAAADAAAAAAAAAABBREJPAAAAIP//Au7/BgAAA9gBESAAAZ8AAAAAAesClAAAACAAA3icjM67LrMBHIDx3/u1/VB1PlO81LFVajAYRAwmEUJiEYNRLGIQbslhFofFJXAHdouk+1/SNGbP/BseJDISFGSTIspSWXmpkoqqNes2bNq2Y9e+Q0eOnThz4cpNBL+21rRbDbvnoGlPnbt0HRGfCnIRUY/vqMdXvMVrvMRzPMVjfMR7PMR93MVt4+ivJVbULJkxa868BYvKVlX8k5GV81+LVm3y2hV0qFrWqUu3Hr369BswaMiwEaPGFI2bMCk1ZVqJHwAAAP//AQAA//+bijVBAAAAeJyMV31sG/d5fn8/UjxLoiXR5JHm98eRd6RIkdQdj0dKJkV9izT1TckWTcm25PhDtmRbsuI1sbs6KTI1wDi3KNzEy4AlC+J267ImAdwVm7FG9h/pVrRIWq9ruzRAu6BYNGwJplXFEB2Hu6O+/Nf+OJ5E3L0fz/s8z/sj1EABAOfx10EFtdAIh4AE4HRunY9jGIoQOEGgTCqBQTqigH4v3v0gEVZHIupw9N3WZy5fRuOL+Otbl46eP3PmVzNTU+KdH78vnkJ//j4ArogAOIrLUAs6AD3BMTTNUBqNSs/pKYYifm66Z2qyN6gP2tcfrz5+hvtXDpVGRmKLcWFBvILLW0tvvQUAoILxahwdWICSauNYo5E0aAhSvmkoFcfG+RhNUbrtP8bf77mQigbj/Z1LA4vjPelMZmJ2YCifm8VlR/+R8GijWjvY1TkZQF9im6N+keaFWAQAELRWNjCN74INoMZD03wsHudYo4mgacqj0ZAGI8fGBZNGg46PvTA8ujqWPuVMm1M0Px6ZHQv12NL+c9qhb1y6+PIo6z5qcSbnc1f+0OfIhlsBsNxHBpfhgISH3AVp0FDMTs1/c+ebb3ytk5u7dGmOw+XXXvuLezPLX/iDRbmucQD0W1yGenk2pJvkSIp0k+PoRfGT9XXkwuXZe7Pvzm4/iydxGbRyFh2n5wg9pSLI8Wuqf7/1g/UvvTWDy+LPUKAiXkWxlX/YeecOLoNTfkdvNJq4eFzQczpKF4vHBYpQUSqGcmBSN/78tXqyTl1vqLv65Ys1hErNX+y9FFOriBpcFr/v7HS5Op0os7WEgs5szvGS+AtEv+TIZZ3iYwkDCd8lfBcawboPYXmQjIKER8IZjU48l80+NzEpfU4OlkqDg6WSdvzl+fk7IyN35udfHn/q+cXFmzcXF5/fxtYh92zYwxANRZE6jlXg/VF2qavrSv/MxO2j2VFcpo/nB2bCn6LB62lp9NUYbbgMDWDayzI9paJ0u8z6sGeho7/9lef++Mx0d39/9zQueyeyR0sG8b8QVACVkkKiBWRM6coG2sJ3ISh3yghGoxKEYcJ4P7FIg9FoMiklo0Ndz0Z6qGJLoi0ZKrpSTHIuk5yn2529zeGkPWqdasslLmjZ8LA7EKYDXj3TEOqJxsZbW+icxRHwmt2mep95tJ8/zgOgyucA2IbLcBCAU+2Zq+q9Hz5barI0qXXmxhPX/wmXxe8KZxOJswLKbi0BhkhlAz1Em2CWFGfySGMS5FIJRi6c1FGSlhk2LvCyLr6fGX3xG4hhvb3u5sC5ttKJkwfU7qOEo9V2ZsivHckMH2tikjbDoIVeOCd+GLfRRbt58SDncztk7LOVDVyL1+AQOCS0GIqgdBxJKLn2UEPSPBL6Mqq6E8sqZ85XOnvk5HBrF5uIJSycNhPDa/fHrJ7Vq4XrHScnx3NjwsdGvTSLQGUD3UebT7BuF/5tWRu7L3b0XO2M9FkTer+p/Wi2zc6REU9Bm1oeHVtOuUxHdfpiLls06/IOB2AIVjbQOl4DvaQcBSc5MMNz2wgJ/HaS/ykttp/im9tt6uWTB9TWAa0QNbPmSHebdvULI9fSdvPw21tp3kqfFD42HZoYHC4ovJRq/2e0CYelHPs1Q7iN26WrOFk6yNqzmOk8n+wuhmvE9w4MtbsEK0NNvv0Llg12S12MXEu3X+j1GjoH9LoBkwNFk50dCl+tAKiIf6T4P8ULfKyKEeUhJb/RTXd15Y9Zok1GqzV96hS6PVnDDc7VEZPacf6EeEX2an+FQf+LNoGFNORlRGg+JiEgEYjfBZ4jqapCPTSjGGt10qo9JqCvis7DSP9ttE3zfXqzmzQz8SnO4Gv8TlHbxBZiTR5d/UGq5djUiczTOYpt9XpZNtqea2nu9lvpnp/bksFUSK31O+yRRrW+J5gcChA1Ew1BS/worSHqDDrycDITHQ6jB7FImGMjkZhYjjrtBsLudfskXLIA6D/wWtVZtkkpOaMsCF12We3Ms8MDy96Aq9WJ1+6ftLecnRZ/iHwp1ukQvwWVCqQB4D38CNPAAgABHDwP1dgY47UdrxYkr2YIMntVdf+L3/zezS8O4jWx/9fviR8+Pn5Ter6yAb/Da9CosE3H6Xa4+70Ut9xUqyaIxjqnNpfBPVv3SR1Ck2qNkkd1AG2CW84jmYA0hX2dEDv37MkDamc2HO/UUYPhodw1Hx1OLvuYcBKtd7vDkQDNbreXEr9VvW3jhDarOFVz7MVJsoShHaDQepcrvA+nKtc/R5v/j/1wKDXf1TWfSkuf6Xg6HY+nUlWVppbHRpdTM8VsrihpVfGXNK5Fm1Wd7lZXZaCJ1O8xGLn/QX/pqSMnBVfGoZpTDMbKruG/jlno1aXC9bTdPHYXkbsWU+3/OtqsbnclQ9VhlOYtOYYiDQeNTfaMCa0fi3J1Z9TqloT4U0V/hysb6KtoE/zybHf3Ba3si31+ZXJg0qD5gD3jjbu7fH7aGbW4OvynxmJjDt7C233eI35PJjirZew5s8NjJq1knZYSAp1jXlOf3uQ02R0NWioR7pgCBIbKBiriq2BUOMVTvCBw8gHDUKXW7yb6+/INp27e7D1oqzMYOO3c8CeTNS+8cOKTSUI9QdQr9fdUNtBv0Lo0/33c1FWt8JfS5P2uVtvyTK3KldeenUYx8Zcp1uVFIyI5QIcBSTqQYyj7ylTdVwKn+u5frQzVSecOsm7o8j20XvHmaDrnrYiknLsBAP0ErYMZgNMze14kTFT13EkQDa987YZQb6pX1xpqI9e/+sqNI1rzQXWdsT6GYH3aEDQYgobp3//3aWOIJIOm01JcbSUu12PZOxNB2FeaRjNvcDSQhL6WiWhr312ZqCfr1bX62tzlt53H/1GjLuKaiM+JPv7M1U95+t2fbVXGT0uc9Fc20L/gVaivcl2ZMWmQeC7PvXrkNCKYW1mZky5n1GqNOh1Rmy2q/farr77xxquvfrsYmS8WzweD54vF+YhUcw4A/QDfkD1FWkN8PC5IxpUrr0T6HJM3Z9BrA7XmQ1u/nlHm5gZAP8WrUhUcn8aKxLb3vEGjkQyPI+mpW31xzpeyZEIznaWFjgsd5jbTK92Tf3Q5yh5ptmci3PxUYuWZblwzW+Xyj/EqBJ7kMsVvi3g3w/ZB/tPBCx7BnovGOt2j2ZkBNuRL29sD08nSUnsskU89peV9OXuAa3G3WgptIX+L29rvDR0b5bMGdeNIR9tYSNmXh+Sz8g2olZgocNLmkcav5928XsKBIr98T43UWksDJ/7286+MjGzdtuVt5qhFHHt9CL0o3pp6fUeP7+Mb4HqiB7l2vZukiF1r+mzwAsXbB6J8X4Z3NtsFPSp8etDAmIWi0HFWy1M5ayDTlkzr9BRqO323rr75eG/vbEyp11fZQD+ReeAH0CuakYev38kaF2Sf2muGf8JHbSlzbSbCJHLJgj19SLD7u5qxLU+NnRNOxNMXOvqW0N8m2iimkE+LuNnRR1pD5457/KfPZKa5rq9cfPZPB5T8Eg9v478EM/gABDqtemI+DSoTsYedf6YxBkKOIO1kjRl3KTH0lLMlZFGzzmDQ6QoGfxbqSbBRqzdkO9xOtxbG6COx2BHmNyGPJyRdEq7N8AE6jGhQAQg8Rzb/5weFgvR9sXIeOfAjIGSHJqUDYPHRwsJLqlLHlqdj+0x9Hj6pPiNzm9PRCwuPXurAv+r4/HWlH0ryEPwiWOVfMwLFKxdHyBdJyRclUISeE6jjhwcnmkZPGHvJFVMPOTLVNDFj6jOtHHY93fT0w/yt/Jtvvvlm/lb+4cOHqPGWUoMH5tBHuFX6LSbwFM/xilk+fuedY++8M/eg8OBB4YG08z3wHfQR+jdMQwyugAZicHt7T8Dfo3Wpf2nnZ5fRukgCqvwd7oRe/EiKq9uDt5OmnU6axp1eh93rtTu8cg3IhT5C16QYet5NetAD5JJQhP8DAAD//wEAAP//4p5ejQAAAAEAAAACC4WuKBmDXw889QADA+gAAAAA2F2gqwAAAADYXhEz/jj+zwhuA90AAAADAAIAAAAAAAAAAQAAA9j+7wAACJj+OP44CG4AAQAAAAAAAAAAAAAAAAAAADV4nCzKwSoFcRzF8e85NEmiZDGxGpppBg0TW5Im9WOj/my8gaWF95EX8AA8gJV3sLTyAHTnNtNdnD7n1PELd3yC22Hme5Iv6PxE8jZp2j8kv9L5iuRbkgsq58O/lznyCaEvGp9yoD8anbHjFWq3hDLOvUpog1i6IXxMuJy+oWdCb+R6ZMuH9PplTd+sj1rUFtcWhUVusbmw1Ae1LtlXz4N6Kos9i90xyggY3sc+BwAA//8BAAD//+iKHwsAAAAAACwALABQAIYAtADSAOgBAgE2AWIBhAGsAe4CCgJCAnICngLQAwQDJgOQA7IDvgPWA/IEJARGBHIEpATEBQAFJAVGBWIFjgW8BegGAAYqBmgGjAbABwAHOAdEB1YHaAeYB6wHuAfEB9oH6AABAAAANQCOAAwAZAAHAAEAAAAAAAAAAAAAAAAABAADeJyclEFvG0UcxX9rpzYVIioIRamEqjmC1K6TKKna5oJDGtUisoM3BXHcxGt7FXvX2l0nhI/BR+DGF+DMqR+BA0c+AAcOnNG8mcR1QJBGlZq3npk37//+b/7AWrBKnWDlPvAGPA7Y4I3HNVb5y+M63WDF45W39txjEPQ9bvA4+NnjJr8Ev3v8Htu1Hz2+z3rtV4/fZ6v2h8cf1E3deLzKduNzjx/wqFF5/CEPGj84HMCzhucMAtYbv3lc4+PGnx7XWWs2PF5hrfmJx/f4qLnlcYNHzX1+wrDFBptsYHhy/fUMQ5sBOSckGCIuKalImFJi6JBxSk7BTP/HWhtg+JQxFRUzXtCixYX+hcTXbKFOTmnxGY8xXJBSMcbQJ6EkoeDcsx2Qk1Fh6BIztVrMOhE5cwpOScxDwre/pTUmk8ojCnL9YnWnnJAzYaB7RsyZEFOwRcgG2+ywS5t99uixu8R5xej4nvyDz53rscdLvpb+klTKzRL7mJxK1WecY9jUWij3n7PLlJgzEu0akvCd6rEMO4Q8ZYcdnvP0nbQte5PKlxhDpa4NtNu6cIYhZ3jnvqeq1vbRnntNpq66tYjK73S3Zwxo6bxRrWN5ZsQ8V78LUu0O76TmiFjdNewTYnjlWW+fzIpLZiQcM/aeLZIYyaeKC/m2cHVCKpczZdjWPVelrrYrZyI6HGLoiT9bYj5cYrBv42aaNpUWW9NC2fK9ix6fE5Mq4ydMtLJ4abHubfOVcMULzA13Sk7VhRmV+lCKK5TPI1r0OODwhpL/92igv66/J8yvE+Kqs8mw77tNpO5G5iGGPX13iOTIN3Q45hU9XnOs7zZ9+rTpckyHlzrbo4/hC3p02deJjrBbO1DKu3yL4Us62mO5E++P65h9fzOpL6Xd5TVlykyeW+Whny7JnTpsGHrWq7OlzpySMtROo/5lmlYxI5+KmRRO5eVVNhYvyyViqlpsbxfrI3JN1kKv07IaLv18sGl1mtwUqG7R1fBOmfnvaX1zfh3ppqFUFz4tbamzuY4pOXO5IVd9GQlnlERyrpSv9sz3Ysg1iwq9jJHUW7faTJRE64ubIdbLf/t1JH2F+uN4bbas05NrR4finrvk/A0AAP//AQAA///ZL1xfAAB4nGJgZgCD/+cYjBiwAAAAAAD//wEAAP//LwECAwAAAA==");
 }]]></style><style type="text/css"><![CDATA[.shape {
   shape-rendering: geometricPrecision;
@@ -22,191 +22,191 @@
   opacity: 0.5;
 }
 
-		.d2-3019508570 .fill-N1{fill:#0A0F25;}
-		.d2-3019508570 .fill-N2{fill:#676C7E;}
-		.d2-3019508570 .fill-N3{fill:#9499AB;}
-		.d2-3019508570 .fill-N4{fill:#CFD2DD;}
-		.d2-3019508570 .fill-N5{fill:#DEE1EB;}
-		.d2-3019508570 .fill-N6{fill:#EEF1F8;}
-		.d2-3019508570 .fill-N7{fill:#FFFFFF;}
-		.d2-3019508570 .fill-B1{fill:#0D32B2;}
-		.d2-3019508570 .fill-B2{fill:#0D32B2;}
-		.d2-3019508570 .fill-B3{fill:#E3E9FD;}
-		.d2-3019508570 .fill-B4{fill:#E3E9FD;}
-		.d2-3019508570 .fill-B5{fill:#EDF0FD;}
-		.d2-3019508570 .fill-B6{fill:#F7F8FE;}
-		.d2-3019508570 .fill-AA2{fill:#4A6FF3;}
-		.d2-3019508570 .fill-AA4{fill:#EDF0FD;}
-		.d2-3019508570 .fill-AA5{fill:#F7F8FE;}
-		.d2-3019508570 .fill-AB4{fill:#EDF0FD;}
-		.d2-3019508570 .fill-AB5{fill:#F7F8FE;}
-		.d2-3019508570 .stroke-N1{stroke:#0A0F25;}
-		.d2-3019508570 .stroke-N2{stroke:#676C7E;}
-		.d2-3019508570 .stroke-N3{stroke:#9499AB;}
-		.d2-3019508570 .stroke-N4{stroke:#CFD2DD;}
-		.d2-3019508570 .stroke-N5{stroke:#DEE1EB;}
-		.d2-3019508570 .stroke-N6{stroke:#EEF1F8;}
-		.d2-3019508570 .stroke-N7{stroke:#FFFFFF;}
-		.d2-3019508570 .stroke-B1{stroke:#0D32B2;}
-		.d2-3019508570 .stroke-B2{stroke:#0D32B2;}
-		.d2-3019508570 .stroke-B3{stroke:#E3E9FD;}
-		.d2-3019508570 .stroke-B4{stroke:#E3E9FD;}
-		.d2-3019508570 .stroke-B5{stroke:#EDF0FD;}
-		.d2-3019508570 .stroke-B6{stroke:#F7F8FE;}
-		.d2-3019508570 .stroke-AA2{stroke:#4A6FF3;}
-		.d2-3019508570 .stroke-AA4{stroke:#EDF0FD;}
-		.d2-3019508570 .stroke-AA5{stroke:#F7F8FE;}
-		.d2-3019508570 .stroke-AB4{stroke:#EDF0FD;}
-		.d2-3019508570 .stroke-AB5{stroke:#F7F8FE;}
-		.d2-3019508570 .background-color-N1{background-color:#0A0F25;}
-		.d2-3019508570 .background-color-N2{background-color:#676C7E;}
-		.d2-3019508570 .background-color-N3{background-color:#9499AB;}
-		.d2-3019508570 .background-color-N4{background-color:#CFD2DD;}
-		.d2-3019508570 .background-color-N5{background-color:#DEE1EB;}
-		.d2-3019508570 .background-color-N6{background-color:#EEF1F8;}
-		.d2-3019508570 .background-color-N7{background-color:#FFFFFF;}
-		.d2-3019508570 .background-color-B1{background-color:#0D32B2;}
-		.d2-3019508570 .background-color-B2{background-color:#0D32B2;}
-		.d2-3019508570 .background-color-B3{background-color:#E3E9FD;}
-		.d2-3019508570 .background-color-B4{background-color:#E3E9FD;}
-		.d2-3019508570 .background-color-B5{background-color:#EDF0FD;}
-		.d2-3019508570 .background-color-B6{background-color:#F7F8FE;}
-		.d2-3019508570 .background-color-AA2{background-color:#4A6FF3;}
-		.d2-3019508570 .background-color-AA4{background-color:#EDF0FD;}
-		.d2-3019508570 .background-color-AA5{background-color:#F7F8FE;}
-		.d2-3019508570 .background-color-AB4{background-color:#EDF0FD;}
-		.d2-3019508570 .background-color-AB5{background-color:#F7F8FE;}
-		.d2-3019508570 .color-N1{color:#0A0F25;}
-		.d2-3019508570 .color-N2{color:#676C7E;}
-		.d2-3019508570 .color-N3{color:#9499AB;}
-		.d2-3019508570 .color-N4{color:#CFD2DD;}
-		.d2-3019508570 .color-N5{color:#DEE1EB;}
-		.d2-3019508570 .color-N6{color:#EEF1F8;}
-		.d2-3019508570 .color-N7{color:#FFFFFF;}
-		.d2-3019508570 .color-B1{color:#0D32B2;}
-		.d2-3019508570 .color-B2{color:#0D32B2;}
-		.d2-3019508570 .color-B3{color:#E3E9FD;}
-		.d2-3019508570 .color-B4{color:#E3E9FD;}
-		.d2-3019508570 .color-B5{color:#EDF0FD;}
-		.d2-3019508570 .color-B6{color:#F7F8FE;}
-		.d2-3019508570 .color-AA2{color:#4A6FF3;}
-		.d2-3019508570 .color-AA4{color:#EDF0FD;}
-		.d2-3019508570 .color-AA5{color:#F7F8FE;}
-		.d2-3019508570 .color-AB4{color:#EDF0FD;}
-		.d2-3019508570 .color-AB5{color:#F7F8FE;}.appendix text.text{fill:#0A0F25}.md{--color-fg-default:#0A0F25;--color-fg-muted:#676C7E;--color-fg-subtle:#9499AB;--color-canvas-default:#FFFFFF;--color-canvas-subtle:#EEF1F8;--color-border-default:#0D32B2;--color-border-muted:#0D32B2;--color-neutral-muted:#EEF1F8;--color-accent-fg:#0D32B2;--color-accent-emphasis:#0D32B2;--color-attention-subtle:#676C7E;--color-danger-fg:red;}.sketch-overlay-B1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B2{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B3{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-AA4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-N2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-N3{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N4{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N7{fill:url(#streaks-bright);mix-blend-mode:darken}.light-code{display: block}.dark-code{display: none}]]></style><style type="text/css">.d2-3019508570 .md em,
-.d2-3019508570 .md dfn {
-  font-family: "d2-3019508570-font-italic";
-}
-
-.d2-3019508570 .md b,
-.d2-3019508570 .md strong {
-  font-family: "d2-3019508570-font-bold";
-}
-
-.d2-3019508570 .md code,
-.d2-3019508570 .md kbd,
-.d2-3019508570 .md pre,
-.d2-3019508570 .md samp {
-  font-family: "d2-3019508570-font-mono";
+		.d2-399215133 .fill-N1{fill:#0A0F25;}
+		.d2-399215133 .fill-N2{fill:#676C7E;}
+		.d2-399215133 .fill-N3{fill:#9499AB;}
+		.d2-399215133 .fill-N4{fill:#CFD2DD;}
+		.d2-399215133 .fill-N5{fill:#DEE1EB;}
+		.d2-399215133 .fill-N6{fill:#EEF1F8;}
+		.d2-399215133 .fill-N7{fill:#FFFFFF;}
+		.d2-399215133 .fill-B1{fill:#0D32B2;}
+		.d2-399215133 .fill-B2{fill:#0D32B2;}
+		.d2-399215133 .fill-B3{fill:#E3E9FD;}
+		.d2-399215133 .fill-B4{fill:#E3E9FD;}
+		.d2-399215133 .fill-B5{fill:#EDF0FD;}
+		.d2-399215133 .fill-B6{fill:#F7F8FE;}
+		.d2-399215133 .fill-AA2{fill:#4A6FF3;}
+		.d2-399215133 .fill-AA4{fill:#EDF0FD;}
+		.d2-399215133 .fill-AA5{fill:#F7F8FE;}
+		.d2-399215133 .fill-AB4{fill:#EDF0FD;}
+		.d2-399215133 .fill-AB5{fill:#F7F8FE;}
+		.d2-399215133 .stroke-N1{stroke:#0A0F25;}
+		.d2-399215133 .stroke-N2{stroke:#676C7E;}
+		.d2-399215133 .stroke-N3{stroke:#9499AB;}
+		.d2-399215133 .stroke-N4{stroke:#CFD2DD;}
+		.d2-399215133 .stroke-N5{stroke:#DEE1EB;}
+		.d2-399215133 .stroke-N6{stroke:#EEF1F8;}
+		.d2-399215133 .stroke-N7{stroke:#FFFFFF;}
+		.d2-399215133 .stroke-B1{stroke:#0D32B2;}
+		.d2-399215133 .stroke-B2{stroke:#0D32B2;}
+		.d2-399215133 .stroke-B3{stroke:#E3E9FD;}
+		.d2-399215133 .stroke-B4{stroke:#E3E9FD;}
+		.d2-399215133 .stroke-B5{stroke:#EDF0FD;}
+		.d2-399215133 .stroke-B6{stroke:#F7F8FE;}
+		.d2-399215133 .stroke-AA2{stroke:#4A6FF3;}
+		.d2-399215133 .stroke-AA4{stroke:#EDF0FD;}
+		.d2-399215133 .stroke-AA5{stroke:#F7F8FE;}
+		.d2-399215133 .stroke-AB4{stroke:#EDF0FD;}
+		.d2-399215133 .stroke-AB5{stroke:#F7F8FE;}
+		.d2-399215133 .background-color-N1{background-color:#0A0F25;}
+		.d2-399215133 .background-color-N2{background-color:#676C7E;}
+		.d2-399215133 .background-color-N3{background-color:#9499AB;}
+		.d2-399215133 .background-color-N4{background-color:#CFD2DD;}
+		.d2-399215133 .background-color-N5{background-color:#DEE1EB;}
+		.d2-399215133 .background-color-N6{background-color:#EEF1F8;}
+		.d2-399215133 .background-color-N7{background-color:#FFFFFF;}
+		.d2-399215133 .background-color-B1{background-color:#0D32B2;}
+		.d2-399215133 .background-color-B2{background-color:#0D32B2;}
+		.d2-399215133 .background-color-B3{background-color:#E3E9FD;}
+		.d2-399215133 .background-color-B4{background-color:#E3E9FD;}
+		.d2-399215133 .background-color-B5{background-color:#EDF0FD;}
+		.d2-399215133 .background-color-B6{background-color:#F7F8FE;}
+		.d2-399215133 .background-color-AA2{background-color:#4A6FF3;}
+		.d2-399215133 .background-color-AA4{background-color:#EDF0FD;}
+		.d2-399215133 .background-color-AA5{background-color:#F7F8FE;}
+		.d2-399215133 .background-color-AB4{background-color:#EDF0FD;}
+		.d2-399215133 .background-color-AB5{background-color:#F7F8FE;}
+		.d2-399215133 .color-N1{color:#0A0F25;}
+		.d2-399215133 .color-N2{color:#676C7E;}
+		.d2-399215133 .color-N3{color:#9499AB;}
+		.d2-399215133 .color-N4{color:#CFD2DD;}
+		.d2-399215133 .color-N5{color:#DEE1EB;}
+		.d2-399215133 .color-N6{color:#EEF1F8;}
+		.d2-399215133 .color-N7{color:#FFFFFF;}
+		.d2-399215133 .color-B1{color:#0D32B2;}
+		.d2-399215133 .color-B2{color:#0D32B2;}
+		.d2-399215133 .color-B3{color:#E3E9FD;}
+		.d2-399215133 .color-B4{color:#E3E9FD;}
+		.d2-399215133 .color-B5{color:#EDF0FD;}
+		.d2-399215133 .color-B6{color:#F7F8FE;}
+		.d2-399215133 .color-AA2{color:#4A6FF3;}
+		.d2-399215133 .color-AA4{color:#EDF0FD;}
+		.d2-399215133 .color-AA5{color:#F7F8FE;}
+		.d2-399215133 .color-AB4{color:#EDF0FD;}
+		.d2-399215133 .color-AB5{color:#F7F8FE;}.appendix text.text{fill:#0A0F25}.md{--color-fg-default:#0A0F25;--color-fg-muted:#676C7E;--color-fg-subtle:#9499AB;--color-canvas-default:#FFFFFF;--color-canvas-subtle:#EEF1F8;--color-border-default:#0D32B2;--color-border-muted:#0D32B2;--color-neutral-muted:#EEF1F8;--color-accent-fg:#0D32B2;--color-accent-emphasis:#0D32B2;--color-attention-subtle:#676C7E;--color-danger-fg:red;}.sketch-overlay-B1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B2{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B3{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-AA4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-N2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-N3{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N4{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N7{fill:url(#streaks-bright);mix-blend-mode:darken}.light-code{display: block}.dark-code{display: none}]]></style><style type="text/css">.d2-399215133 .md em,
+.d2-399215133 .md dfn {
+  font-family: "d2-399215133-font-italic";
+}
+
+.d2-399215133 .md b,
+.d2-399215133 .md strong {
+  font-family: "d2-399215133-font-bold";
+}
+
+.d2-399215133 .md code,
+.d2-399215133 .md kbd,
+.d2-399215133 .md pre,
+.d2-399215133 .md samp {
+  font-family: "d2-399215133-font-mono";
   font-size: 1em;
 }
 
-.d2-3019508570 .md {
+.d2-399215133 .md {
   tab-size: 4;
 }
 
 /* variables are provided in d2renderers/d2svg/d2svg.go */
 
-.d2-3019508570 .md {
+.d2-399215133 .md {
   -ms-text-size-adjust: 100%;
   -webkit-text-size-adjust: 100%;
   margin: 0;
   color: var(--color-fg-default);
   background-color: transparent; /* we don't want to define the background color */
-  font-family: "d2-3019508570-font-regular";
+  font-family: "d2-399215133-font-regular";
   font-size: 16px;
   line-height: 1.5;
   word-wrap: break-word;
 }
 
-.d2-3019508570 .md details,
-.d2-3019508570 .md figcaption,
-.d2-3019508570 .md figure {
+.d2-399215133 .md details,
+.d2-399215133 .md figcaption,
+.d2-399215133 .md figure {
   display: block;
 }
 
-.d2-3019508570 .md summary {
+.d2-399215133 .md summary {
   display: list-item;
 }
 
-.d2-3019508570 .md [hidden] {
+.d2-399215133 .md [hidden] {
   display: none !important;
 }
 
-.d2-3019508570 .md a {
+.d2-399215133 .md a {
   background-color: transparent;
   color: var(--color-accent-fg);
   text-decoration: none;
 }
 
-.d2-3019508570 .md a:active,
-.d2-3019508570 .md a:hover {
+.d2-399215133 .md a:active,
+.d2-399215133 .md a:hover {
   outline-width: 0;
 }
 
-.d2-3019508570 .md abbr[title] {
+.d2-399215133 .md abbr[title] {
   border-bottom: none;
   text-decoration: underline dotted;
 }
 
-.d2-3019508570 .md dfn {
+.d2-399215133 .md dfn {
   font-style: italic;
 }
 
-.d2-3019508570 .md h1 {
+.d2-399215133 .md h1 {
   margin: 0.67em 0;
   padding-bottom: 0.3em;
   font-size: 2em;
   border-bottom: 1px solid var(--color-border-muted);
 }
 
-.d2-3019508570 .md mark {
+.d2-399215133 .md mark {
   background-color: var(--color-attention-subtle);
   color: var(--color-text-primary);
 }
 
-.d2-3019508570 .md small {
+.d2-399215133 .md small {
   font-size: 90%;
 }
 
-.d2-3019508570 .md sub,
-.d2-3019508570 .md sup {
+.d2-399215133 .md sub,
+.d2-399215133 .md sup {
   font-size: 75%;
   line-height: 0;
   position: relative;
   vertical-align: baseline;
 }
 
-.d2-3019508570 .md sub {
+.d2-399215133 .md sub {
   bottom: -0.25em;
 }
 
-.d2-3019508570 .md sup {
+.d2-399215133 .md sup {
   top: -0.5em;
 }
 
-.d2-3019508570 .md img {
+.d2-399215133 .md img {
   border-style: none;
   max-width: 100%;
   box-sizing: content-box;
   background-color: var(--color-canvas-default);
 }
 
-.d2-3019508570 .md figure {
+.d2-399215133 .md figure {
   margin: 1em 40px;
 }
 
-.d2-3019508570 .md hr {
+.d2-399215133 .md hr {
   box-sizing: content-box;
   overflow: hidden;
   background: transparent;
@@ -218,7 +218,7 @@
   border: 0;
 }
 
-.d2-3019508570 .md input {
+.d2-399215133 .md input {
   font: inherit;
   margin: 0;
   overflow: visible;
@@ -227,72 +227,72 @@
   line-height: inherit;
 }
 
-.d2-3019508570 .md [type="button"],
-.d2-3019508570 .md [type="reset"],
-.d2-3019508570 .md [type="submit"] {
+.d2-399215133 .md [type="button"],
+.d2-399215133 .md [type="reset"],
+.d2-399215133 .md [type="submit"] {
   -webkit-appearance: button;
 }
 
-.d2-3019508570 .md [type="button"]::-moz-focus-inner,
-.d2-3019508570 .md [type="reset"]::-moz-focus-inner,
-.d2-3019508570 .md [type="submit"]::-moz-focus-inner {
+.d2-399215133 .md [type="button"]::-moz-focus-inner,
+.d2-399215133 .md [type="reset"]::-moz-focus-inner,
+.d2-399215133 .md [type="submit"]::-moz-focus-inner {
   border-style: none;
   padding: 0;
 }
 
-.d2-3019508570 .md [type="button"]:-moz-focusring,
-.d2-3019508570 .md [type="reset"]:-moz-focusring,
-.d2-3019508570 .md [type="submit"]:-moz-focusring {
+.d2-399215133 .md [type="button"]:-moz-focusring,
+.d2-399215133 .md [type="reset"]:-moz-focusring,
+.d2-399215133 .md [type="submit"]:-moz-focusring {
   outline: 1px dotted ButtonText;
 }
 
-.d2-3019508570 .md [type="checkbox"],
-.d2-3019508570 .md [type="radio"] {
+.d2-399215133 .md [type="checkbox"],
+.d2-399215133 .md [type="radio"] {
   box-sizing: border-box;
   padding: 0;
 }
 
-.d2-3019508570 .md [type="number"]::-webkit-inner-spin-button,
-.d2-3019508570 .md [type="number"]::-webkit-outer-spin-button {
+.d2-399215133 .md [type="number"]::-webkit-inner-spin-button,
+.d2-399215133 .md [type="number"]::-webkit-outer-spin-button {
   height: auto;
 }
 
-.d2-3019508570 .md [type="search"] {
+.d2-399215133 .md [type="search"] {
   -webkit-appearance: textfield;
   outline-offset: -2px;
 }
 
-.d2-3019508570 .md [type="search"]::-webkit-search-cancel-button,
-.d2-3019508570 .md [type="search"]::-webkit-search-decoration {
+.d2-399215133 .md [type="search"]::-webkit-search-cancel-button,
+.d2-399215133 .md [type="search"]::-webkit-search-decoration {
   -webkit-appearance: none;
 }
 
-.d2-3019508570 .md ::-webkit-input-placeholder {
+.d2-399215133 .md ::-webkit-input-placeholder {
   color: inherit;
   opacity: 0.54;
 }
 
-.d2-3019508570 .md ::-webkit-file-upload-button {
+.d2-399215133 .md ::-webkit-file-upload-button {
   -webkit-appearance: button;
   font: inherit;
 }
 
-.d2-3019508570 .md a:hover {
+.d2-399215133 .md a:hover {
   text-decoration: underline;
 }
 
-.d2-3019508570 .md hr::before {
+.d2-399215133 .md hr::before {
   display: table;
   content: "";
 }
 
-.d2-3019508570 .md hr::after {
+.d2-399215133 .md hr::after {
   display: table;
   clear: both;
   content: "";
 }
 
-.d2-3019508570 .md table {
+.d2-399215133 .md table {
   border-spacing: 0;
   border-collapse: collapse;
   display: block;
@@ -301,20 +301,20 @@
   overflow: auto;
 }
 
-.d2-3019508570 .md td,
-.d2-3019508570 .md th {
+.d2-399215133 .md td,
+.d2-399215133 .md th {
   padding: 0;
 }
 
-.d2-3019508570 .md details summary {
+.d2-399215133 .md details summary {
   cursor: pointer;
 }
 
-.d2-3019508570 .md details:not([open]) > *:not(summary) {
+.d2-399215133 .md details:not([open]) > *:not(summary) {
   display: none !important;
 }
 
-.d2-3019508570 .md kbd {
+.d2-399215133 .md kbd {
   display: inline-block;
   padding: 3px 5px;
   color: var(--color-fg-default);
@@ -326,279 +326,279 @@
   box-shadow: inset 0 -1px 0 var(--color-neutral-muted);
 }
 
-.d2-3019508570 .md h1,
-.d2-3019508570 .md h2,
-.d2-3019508570 .md h3,
-.d2-3019508570 .md h4,
-.d2-3019508570 .md h5,
-.d2-3019508570 .md h6 {
+.d2-399215133 .md h1,
+.d2-399215133 .md h2,
+.d2-399215133 .md h3,
+.d2-399215133 .md h4,
+.d2-399215133 .md h5,
+.d2-399215133 .md h6 {
   margin-top: 24px;
   margin-bottom: 16px;
   font-weight: 400;
   line-height: 1.25;
-  font-family: "d2-3019508570-font-semibold";
+  font-family: "d2-399215133-font-semibold";
 }
 
-.d2-3019508570 .md h2 {
+.d2-399215133 .md h2 {
   padding-bottom: 0.3em;
   font-size: 1.5em;
   border-bottom: 1px solid var(--color-border-muted);
 }
 
-.d2-3019508570 .md h3 {
+.d2-399215133 .md h3 {
   font-size: 1.25em;
 }
 
-.d2-3019508570 .md h4 {
+.d2-399215133 .md h4 {
   font-size: 1em;
 }
 
-.d2-3019508570 .md h5 {
+.d2-399215133 .md h5 {
   font-size: 0.875em;
 }
 
-.d2-3019508570 .md h6 {
+.d2-399215133 .md h6 {
   font-size: 0.85em;
   color: var(--color-fg-muted);
 }
 
-.d2-3019508570 .md p {
+.d2-399215133 .md p {
   margin-top: 0;
   margin-bottom: 10px;
 }
 
-.d2-3019508570 .md blockquote {
+.d2-399215133 .md blockquote {
   margin: 0;
   padding: 0 1em;
   color: var(--color-fg-muted);
   border-left: 0.25em solid var(--color-border-default);
 }
 
-.d2-3019508570 .md ul,
-.d2-3019508570 .md ol {
+.d2-399215133 .md ul,
+.d2-399215133 .md ol {
   margin-top: 0;
   margin-bottom: 0;
   padding-left: 2em;
 }
 
-.d2-3019508570 .md ol ol,
-.d2-3019508570 .md ul ol {
+.d2-399215133 .md ol ol,
+.d2-399215133 .md ul ol {
   list-style-type: lower-roman;
 }
 
-.d2-3019508570 .md ul ul ol,
-.d2-3019508570 .md ul ol ol,
-.d2-3019508570 .md ol ul ol,
-.d2-3019508570 .md ol ol ol {
+.d2-399215133 .md ul ul ol,
+.d2-399215133 .md ul ol ol,
+.d2-399215133 .md ol ul ol,
+.d2-399215133 .md ol ol ol {
   list-style-type: lower-alpha;
 }
 
-.d2-3019508570 .md dd {
+.d2-399215133 .md dd {
   margin-left: 0;
 }
 
-.d2-3019508570 .md pre {
+.d2-399215133 .md pre {
   margin-top: 0;
   margin-bottom: 0;
   word-wrap: normal;
 }
 
-.d2-3019508570 .md ::placeholder {
+.d2-399215133 .md ::placeholder {
   color: var(--color-fg-subtle);
   opacity: 1;
 }
 
-.d2-3019508570 .md input::-webkit-outer-spin-button,
-.d2-3019508570 .md input::-webkit-inner-spin-button {
+.d2-399215133 .md input::-webkit-outer-spin-button,
+.d2-399215133 .md input::-webkit-inner-spin-button {
   margin: 0;
   -webkit-appearance: none;
   appearance: none;
 }
 
-.d2-3019508570 .md::before {
+.d2-399215133 .md::before {
   display: table;
   content: "";
 }
 
-.d2-3019508570 .md::after {
+.d2-399215133 .md::after {
   display: table;
   clear: both;
   content: "";
 }
 
-.d2-3019508570 .md > *:first-child {
+.d2-399215133 .md > *:first-child {
   margin-top: 0 !important;
 }
 
-.d2-3019508570 .md > *:last-child {
+.d2-399215133 .md > *:last-child {
   margin-bottom: 0 !important;
 }
 
-.d2-3019508570 .md a:not([href]) {
+.d2-399215133 .md a:not([href]) {
   color: inherit;
   text-decoration: none;
 }
 
-.d2-3019508570 .md .absent {
+.d2-399215133 .md .absent {
   color: var(--color-danger-fg);
 }
 
-.d2-3019508570 .md .anchor {
+.d2-399215133 .md .anchor {
   float: left;
   padding-right: 4px;
   margin-left: -20px;
   line-height: 1;
 }
 
-.d2-3019508570 .md .anchor:focus {
+.d2-399215133 .md .anchor:focus {
   outline: none;
 }
 
-.d2-3019508570 .md p,
-.d2-3019508570 .md blockquote,
-.d2-3019508570 .md ul,
-.d2-3019508570 .md ol,
-.d2-3019508570 .md dl,
-.d2-3019508570 .md table,
-.d2-3019508570 .md pre,
-.d2-3019508570 .md details {
+.d2-399215133 .md p,
+.d2-399215133 .md blockquote,
+.d2-399215133 .md ul,
+.d2-399215133 .md ol,
+.d2-399215133 .md dl,
+.d2-399215133 .md table,
+.d2-399215133 .md pre,
+.d2-399215133 .md details {
   margin-top: 0;
   margin-bottom: 16px;
 }
 
-.d2-3019508570 .md blockquote > :first-child {
+.d2-399215133 .md blockquote > :first-child {
   margin-top: 0;
 }
 
-.d2-3019508570 .md blockquote > :last-child {
+.d2-399215133 .md blockquote > :last-child {
   margin-bottom: 0;
 }
 
-.d2-3019508570 .md sup > a::before {
+.d2-399215133 .md sup > a::before {
   content: "[";
 }
 
-.d2-3019508570 .md sup > a::after {
+.d2-399215133 .md sup > a::after {
   content: "]";
 }
 
-.d2-3019508570 .md h1:hover .anchor,
-.d2-3019508570 .md h2:hover .anchor,
-.d2-3019508570 .md h3:hover .anchor,
-.d2-3019508570 .md h4:hover .anchor,
-.d2-3019508570 .md h5:hover .anchor,
-.d2-3019508570 .md h6:hover .anchor {
+.d2-399215133 .md h1:hover .anchor,
+.d2-399215133 .md h2:hover .anchor,
+.d2-399215133 .md h3:hover .anchor,
+.d2-399215133 .md h4:hover .anchor,
+.d2-399215133 .md h5:hover .anchor,
+.d2-399215133 .md h6:hover .anchor {
   text-decoration: none;
 }
 
-.d2-3019508570 .md h1 tt,
-.d2-3019508570 .md h1 code,
-.d2-3019508570 .md h2 tt,
-.d2-3019508570 .md h2 code,
-.d2-3019508570 .md h3 tt,
-.d2-3019508570 .md h3 code,
-.d2-3019508570 .md h4 tt,
-.d2-3019508570 .md h4 code,
-.d2-3019508570 .md h5 tt,
-.d2-3019508570 .md h5 code,
-.d2-3019508570 .md h6 tt,
-.d2-3019508570 .md h6 code {
+.d2-399215133 .md h1 tt,
+.d2-399215133 .md h1 code,
+.d2-399215133 .md h2 tt,
+.d2-399215133 .md h2 code,
+.d2-399215133 .md h3 tt,
+.d2-399215133 .md h3 code,
+.d2-399215133 .md h4 tt,
+.d2-399215133 .md h4 code,
+.d2-399215133 .md h5 tt,
+.d2-399215133 .md h5 code,
+.d2-399215133 .md h6 tt,
+.d2-399215133 .md h6 code {
   padding: 0 0.2em;
   font-size: inherit;
 }
 
-.d2-3019508570 .md ul.no-list,
-.d2-3019508570 .md ol.no-list {
+.d2-399215133 .md ul.no-list,
+.d2-399215133 .md ol.no-list {
   padding: 0;
   list-style-type: none;
 }
 
-.d2-3019508570 .md ol[type="1"] {
+.d2-399215133 .md ol[type="1"] {
   list-style-type: decimal;
 }
 
-.d2-3019508570 .md ol[type="a"] {
+.d2-399215133 .md ol[type="a"] {
   list-style-type: lower-alpha;
 }
 
-.d2-3019508570 .md ol[type="i"] {
+.d2-399215133 .md ol[type="i"] {
   list-style-type: lower-roman;
 }
 
-.d2-3019508570 .md div > ol:not([type]) {
+.d2-399215133 .md div > ol:not([type]) {
   list-style-type: decimal;
 }
 
-.d2-3019508570 .md ul ul,
-.d2-3019508570 .md ul ol,
-.d2-3019508570 .md ol ol,
-.d2-3019508570 .md ol ul {
+.d2-399215133 .md ul ul,
+.d2-399215133 .md ul ol,
+.d2-399215133 .md ol ol,
+.d2-399215133 .md ol ul {
   margin-top: 0;
   margin-bottom: 0;
 }
 
-.d2-3019508570 .md li > p {
+.d2-399215133 .md li > p {
   margin-top: 16px;
 }
 
-.d2-3019508570 .md li + li {
+.d2-399215133 .md li + li {
   margin-top: 0.25em;
 }
 
-.d2-3019508570 .md dl {
+.d2-399215133 .md dl {
   padding: 0;
 }
 
-.d2-3019508570 .md dl dt {
+.d2-399215133 .md dl dt {
   padding: 0;
   margin-top: 16px;
   font-size: 1em;
   font-style: italic;
-  font-family: "d2-3019508570-font-semibold";
+  font-family: "d2-399215133-font-semibold";
 }
 
-.d2-3019508570 .md dl dd {
+.d2-399215133 .md dl dd {
   padding: 0 16px;
   margin-bottom: 16px;
 }
 
-.d2-3019508570 .md table th {
-  font-family: "d2-3019508570-font-semibold";
+.d2-399215133 .md table th {
+  font-family: "d2-399215133-font-semibold";
 }
 
-.d2-3019508570 .md table th,
-.d2-3019508570 .md table td {
+.d2-399215133 .md table th,
+.d2-399215133 .md table td {
   padding: 6px 13px;
   border: 1px solid var(--color-border-default);
 }
 
-.d2-3019508570 .md table tr {
+.d2-399215133 .md table tr {
   background-color: var(--color-canvas-default);
   border-top: 1px solid var(--color-border-muted);
 }
 
-.d2-3019508570 .md table tr:nth-child(2n) {
+.d2-399215133 .md table tr:nth-child(2n) {
   background-color: var(--color-canvas-subtle);
 }
 
-.d2-3019508570 .md table img {
+.d2-399215133 .md table img {
   background-color: transparent;
 }
 
-.d2-3019508570 .md img[align="right"] {
+.d2-399215133 .md img[align="right"] {
   padding-left: 20px;
 }
 
-.d2-3019508570 .md img[align="left"] {
+.d2-399215133 .md img[align="left"] {
   padding-right: 20px;
 }
 
-.d2-3019508570 .md span.frame {
+.d2-399215133 .md span.frame {
   display: block;
   overflow: hidden;
 }
 
-.d2-3019508570 .md span.frame > span {
+.d2-399215133 .md span.frame > span {
   display: block;
   float: left;
   width: auto;
@@ -608,81 +608,81 @@
   border: 1px solid var(--color-border-default);
 }
 
-.d2-3019508570 .md span.frame span img {
+.d2-399215133 .md span.frame span img {
   display: block;
   float: left;
 }
 
-.d2-3019508570 .md span.frame span span {
+.d2-399215133 .md span.frame span span {
   display: block;
   padding: 5px 0 0;
   clear: both;
   color: var(--color-fg-default);
 }
 
-.d2-3019508570 .md span.align-center {
+.d2-399215133 .md span.align-center {
   display: block;
   overflow: hidden;
   clear: both;
 }
 
-.d2-3019508570 .md span.align-center > span {
+.d2-399215133 .md span.align-center > span {
   display: block;
   margin: 13px auto 0;
   overflow: hidden;
   text-align: center;
 }
 
-.d2-3019508570 .md span.align-center span img {
+.d2-399215133 .md span.align-center span img {
   margin: 0 auto;
   text-align: center;
 }
 
-.d2-3019508570 .md span.align-right {
+.d2-399215133 .md span.align-right {
   display: block;
   overflow: hidden;
   clear: both;
 }
 
-.d2-3019508570 .md span.align-right > span {
+.d2-399215133 .md span.align-right > span {
   display: block;
   margin: 13px 0 0;
   overflow: hidden;
   text-align: right;
 }
 
-.d2-3019508570 .md span.align-right span img {
+.d2-399215133 .md span.align-right span img {
   margin: 0;
   text-align: right;
 }
 
-.d2-3019508570 .md span.float-left {
+.d2-399215133 .md span.float-left {
   display: block;
   float: left;
   margin-right: 13px;
   overflow: hidden;
 }
 
-.d2-3019508570 .md span.float-left span {
+.d2-399215133 .md span.float-left span {
   margin: 13px 0 0;
 }
 
-.d2-3019508570 .md span.float-right {
+.d2-399215133 .md span.float-right {
   display: block;
   float: right;
   margin-left: 13px;
   overflow: hidden;
 }
 
-.d2-3019508570 .md span.float-right > span {
+.d2-399215133 .md span.float-right > span {
   display: block;
   margin: 13px auto 0;
   overflow: hidden;
   text-align: right;
 }
 
-.d2-3019508570 .md code,
-.d2-3019508570 .md tt {
+.d2-399215133 .md code,
+.d2-399215133 .md tt {
   padding: 0.2em 0.4em;
   margin: 0;
   font-size: 85%;
@@ -690,20 +690,20 @@
   border-radius: 6px;
 }
 
-.d2-3019508570 .md code br,
-.d2-3019508570 .md tt br {
+.d2-399215133 .md code br,
+.d2-399215133 .md tt br {
   display: none;
 }
 
-.d2-3019508570 .md del code {
+.d2-399215133 .md del code {
   text-decoration: inherit;
 }
 
-.d2-3019508570 .md pre code {
+.d2-399215133 .md pre code {
   font-size: 100%;
 }
 
-.d2-3019508570 .md pre > code {
+.d2-399215133 .md pre > code {
   padding: 0;
   margin: 0;
   word-break: normal;
@@ -712,17 +712,17 @@
   border: 0;
 }
 
-.d2-3019508570 .md .highlight {
+.d2-399215133 .md .highlight {
   margin-bottom: 16px;
 }
 
-.d2-3019508570 .md .highlight pre {
+.d2-399215133 .md .highlight pre {
   margin-bottom: 0;
   word-break: normal;
 }
 
-.d2-3019508570 .md .highlight pre,
-.d2-3019508570 .md pre {
+.d2-399215133 .md .highlight pre,
+.d2-399215133 .md pre {
   padding: 16px;
   overflow: auto;
   font-size: 85%;
@@ -731,8 +731,8 @@
   border-radius: 6px;
 }
 
-.d2-3019508570 .md pre code,
-.d2-3019508570 .md pre tt {
+.d2-399215133 .md pre code,
+.d2-399215133 .md pre tt {
   display: inline;
   max-width: auto;
   padding: 0;
@@ -744,8 +744,8 @@
   border: 0;
 }
 
-.d2-3019508570 .md .csv-data td,
-.d2-3019508570 .md .csv-data th {
+.d2-399215133 .md .csv-data td,
+.d2-399215133 .md .csv-data th {
   padding: 5px;
   overflow: hidden;
   font-size: 12px;
@@ -754,38 +754,38 @@
   white-space: nowrap;
 }
 
-.d2-3019508570 .md .csv-data .blob-num {
+.d2-399215133 .md .csv-data .blob-num {
   padding: 10px 8px 9px;
   text-align: right;
   background: var(--color-canvas-default);
   border: 0;
 }
 
-.d2-3019508570 .md .csv-data tr {
+.d2-399215133 .md .csv-data tr {
   border-top: 0;
 }
 
-.d2-3019508570 .md .csv-data th {
-  font-family: "d2-3019508570-font-semibold";
+.d2-399215133 .md .csv-data th {
+  font-family: "d2-399215133-font-semibold";
   background: var(--color-canvas-subtle);
   border-top: 0;
 }
 
-.d2-3019508570 .md .footnotes {
+.d2-399215133 .md .footnotes {
   font-size: 12px;
   color: var(--color-fg-muted);
   border-top: 1px solid var(--color-border-default);
 }
 
-.d2-3019508570 .md .footnotes ol {
+.d2-399215133 .md .footnotes ol {
   padding-left: 16px;
 }
 
-.d2-3019508570 .md .footnotes li {
+.d2-399215133 .md .footnotes li {
   position: relative;
 }
 
-.d2-3019508570 .md .footnotes li:target::before {
+.d2-399215133 .md .footnotes li:target::before {
   position: absolute;
   top: -8px;
   right: -8px;
@@ -797,40 +797,40 @@
   border-radius: 6px;
 }
 
-.d2-3019508570 .md .footnotes li:target {
+.d2-399215133 .md .footnotes li:target {
   color: var(--color-fg-default);
 }
 
-.d2-3019508570 .md .task-list-item {
+.d2-399215133 .md .task-list-item {
   list-style-type: none;
 }
 
-.d2-3019508570 .md .task-list-item label {
+.d2-399215133 .md .task-list-item label {
   font-weight: 400;
 }
 
-.d2-3019508570 .md .task-list-item.enabled label {
+.d2-399215133 .md .task-list-item.enabled label {
   cursor: pointer;
 }
 
-.d2-3019508570 .md .task-list-item + .task-list-item {
+.d2-399215133 .md .task-list-item + .task-list-item {
   margin-top: 3px;
 }
 
-.d2-3019508570 .md .task-list-item .handle {
+.d2-399215133 .md .task-list-item .handle {
   display: none;
 }
 
-.d2-3019508570 .md .task-list-item-checkbox {
+.d2-399215133 .md .task-list-item-checkbox {
   margin: 0 0.2em 0.25em -1.6em;
   vertical-align: middle;
 }
 
-.d2-3019508570 .md .contains-task-list:dir(rtl) .task-list-item-checkbox {
+.d2-399215133 .md .contains-task-list:dir(rtl) .task-list-item-checkbox {
   margin: 0 -1.6em 0.25em 0.2em;
 }
-</style><g id="title"><g class="shape" ></g><g><foreignObject requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" x="12.000000" y="130.000000" width="283" height="51"><div xmlns="http://www.w3.org/1999/xhtml" class="md"><h1>x509 RBAC Metadata</h1>
-</div></foreignObject></g></g><clipPath id="d2-3019508570-rbac"><path d="M 315.000000 27.000000 L 315.000000 27.000000 S 315.000000 12.000000 330.000000 12.000000 L 755.000000 12.000000 L 755.000000 12.000000 S 770.000000 12.000000 770.000000 27.000000 L 770.000000 285.000000 L 770.000000 300.000000 L 315.000000 300.000000Z 315.000000 12.000000" fill="none" /> </clipPath><g id="rbac" class="RBAC_TABLE"><g class="shape" ><rect x="315.000000" y="12.000000" width="455.000000" height="288.000000" rx="15.000000" ry="15.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="315.000000" y="12.000000" width="455.000000" height="36.000000" class="class_header fill-N1" clip-path="url(#d2-3019508570-rbac)" /><text x="325.000000" y="37.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">x509 Role based Access Control</text><text x="325.000000" y="71.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 10=x509 certs</text><text x="566.000000" y="71.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + DER Certs ]</text><text x="760.000000" y="71.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="315.000000" x2="770.000000" y1="84.000000" y2="84.000000" class=" stroke-N1" style="stroke-width:2" /><text x="325.000000" y="107.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 20=c509 certs</text><text x="566.000000" y="107.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + CBOR Certs ]</text><text x="760.000000" y="107.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="315.000000" x2="770.000000" y1="120.000000" y2="120.000000" class=" stroke-N1" style="stroke-width:2" /><text x="325.000000" y="143.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 30=public keys</text><text x="566.000000" y="143.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + Public Keys ]</text><text x="760.000000" y="143.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="315.000000" x2="770.000000" y1="156.000000" y2="156.000000" class=" stroke-N1" style="stroke-width:2" /><text x="325.000000" y="179.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 40=revocation set</text><text x="566.000000" y="179.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + Revoked Cert hash]</text><text x="760.000000" y="179.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="315.000000" x2="770.000000" y1="192.000000" y2="192.000000" class=" stroke-N1" style="stroke-width:2" /><text x="325.000000" y="215.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 50=DiD</text><text x="566.000000" y="215.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">DiD???</text><text x="760.000000" y="215.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="315.000000" x2="770.000000" y1="228.000000" y2="228.000000" class=" stroke-N1" style="stroke-width:2" /><text x="325.000000" y="251.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 51=Verifiable Credentials</text><text x="566.000000" y="251.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + VC??? ]</text><text x="760.000000" y="251.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="315.000000" x2="770.000000" y1="264.000000" y2="264.000000" class=" stroke-N1" style="stroke-width:2" /><text x="325.000000" y="287.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 100=Role Data Set</text><text x="566.000000" y="287.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + Role Data ]</text><text x="760.000000" y="287.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="330.000000" x2="755.000000" y1="300.000000" y2="300.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><clipPath id="d2-3019508570-role_data"><path d="M 539.000000 385.000000 L 539.000000 385.000000 S 539.000000 370.000000 554.000000 370.000000 L 1066.000000 370.000000 L 1066.000000 370.000000 S 1081.000000 370.000000 1081.000000 385.000000 L 1081.000000 571.000000 L 1081.000000 586.000000 L 539.000000 586.000000Z 539.000000 370.000000" fill="none" /> </clipPath><g id="role_data" class="RBAC_TABLE"><g class="shape" ><rect x="539.000000" y="370.000000" width="542.000000" height="216.000000" rx="15.000000" ry="15.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="539.000000" y="370.000000" width="542.000000" height="36.000000" class="class_header fill-N1" clip-path="url(#d2-3019508570-role_data)" /><text x="549.000000" y="395.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">Role Data</text><text x="549.000000" y="429.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">0=role number</text><text x="787.000000" y="429.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">uint</text><text x="1071.000000" y="429.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="539.000000" x2="1081.000000" y1="442.000000" y2="442.000000" class=" stroke-N1" style="stroke-width:2" /><text x="549.000000" y="465.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 1=role-signing-key</text><text x="787.000000" y="465.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Key Reference</text><text x="1071.000000" y="465.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="539.000000" x2="1081.000000" y1="478.000000" y2="478.000000" class=" stroke-N1" style="stroke-width:2" /><text x="549.000000" y="501.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 2=role-encryption-key</text><text x="787.000000" y="501.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Key Reference</text><text x="1071.000000" y="501.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="539.000000" x2="1081.000000" y1="514.000000" y2="514.000000" class=" stroke-N1" style="stroke-width:2" /><text x="549.000000" y="537.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 3=payment-key</text><text x="787.000000" y="537.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">OnChain Payment Key Reference</text><text x="1071.000000" y="537.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="539.000000" x2="1081.000000" y1="550.000000" y2="550.000000" class=" stroke-N1" style="stroke-width:2" /><text x="549.000000" y="573.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 10-99=Role Specific Data</text><text x="787.000000" y="573.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Variable per Role</text><text x="1071.000000" y="573.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="554.000000" x2="1066.000000" y1="586.000000" y2="586.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><g id="(rbac -&gt; role_data)[0]"><marker id="mk-3488378134" markerWidth="10.000000" markerHeight="12.000000" refX="7.000000" refY="6.000000" viewBox="0.000000 0.000000 10.000000 12.000000" orient="auto" markerUnits="userSpaceOnUse"> <polygon points="0.000000,0.000000 10.000000,6.000000 0.000000,12.000000" class="connection fill-B1" stroke-width="2" /> </marker><path d="M 772.000000 282.000000 L 800.000000 282.000000 S 810.000000 282.000000 810.000000 292.000000 L 810.000000 366.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-3019508570)" /></g><mask id="d2-3019508570" maskUnits="userSpaceOnUse" x="-89" y="-89" width="1271" height="776">
-<rect x="-89" y="-89" width="1271" height="776" fill="white"></rect>
-<rect x="12.000000" y="130.000000" width="283" height="51" fill="rgba(0,0,0,0.75)"></rect>
+</style><g id="title"><g class="shape" ></g><g><foreignObject requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" x="196.000000" y="-87.000000" width="442" height="79"><div xmlns="http://www.w3.org/1999/xhtml" class="md" style="font-size:25px"><h1>x509 RBAC Metadata</h1>
+</div></foreignObject></g></g><g id="a_block"><g class="shape" ><rect x="12.000000" y="12.000000" width="810.000000" height="602.000000" class=" stroke-B1 fill-B4" style="stroke-width:2;" /></g></g><clipPath id="d2-399215133-a_block.rbac"><path d="M 62.000000 77.000000 L 62.000000 77.000000 S 62.000000 62.000000 77.000000 62.000000 L 446.000000 62.000000 L 446.000000 62.000000 S 461.000000 62.000000 461.000000 77.000000 L 461.000000 263.000000 L 461.000000 278.000000 L 62.000000 278.000000Z 62.000000 62.000000" fill="none" /> </clipPath><g id="a_block.rbac" class="RBAC_TABLE"><g class="shape" ><rect x="62.000000" y="62.000000" width="399.000000" height="216.000000" rx="15.000000" ry="15.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="62.000000" y="62.000000" width="399.000000" height="36.000000" class="class_header fill-N1" clip-path="url(#d2-399215133-a_block.rbac)" /><text x="72.000000" y="87.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">x509 Role based Access Control</text><text x="72.000000" y="121.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 10=x509 certs</text><text x="257.000000" y="121.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + DER Certs ]</text><text x="451.000000" y="121.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="62.000000" x2="461.000000" y1="134.000000" y2="134.000000" class=" stroke-N1" style="stroke-width:2" /><text x="72.000000" y="157.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 20=c509 certs</text><text x="257.000000" y="157.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + CBOR Certs ]</text><text x="451.000000" y="157.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="62.000000" x2="461.000000" y1="170.000000" y2="170.000000" class=" stroke-N1" style="stroke-width:2" /><text x="72.000000" y="193.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 30=public keys</text><text x="257.000000" y="193.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + Public Keys ]</text><text x="451.000000" y="193.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="62.000000" x2="461.000000" y1="206.000000" y2="206.000000" class=" stroke-N1" style="stroke-width:2" /><text x="72.000000" y="229.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 40=revocation set</text><text x="257.000000" y="229.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + Revoked Cert hash]</text><text x="451.000000" y="229.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="62.000000" x2="461.000000" y1="242.000000" y2="242.000000" class=" stroke-N1" style="stroke-width:2" /><text x="72.000000" y="265.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 100=Role Data Set</text><text x="257.000000" y="265.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">[ + Role Data ]</text><text x="451.000000" y="265.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="77.000000" x2="446.000000" y1="278.000000" y2="278.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><clipPath id="d2-399215133-a_block.role_data"><path d="M 230.000000 363.000000 L 230.000000 363.000000 S 230.000000 348.000000 245.000000 348.000000 L 757.000000 348.000000 L 757.000000 348.000000 S 772.000000 348.000000 772.000000 363.000000 L 772.000000 549.000000 L 772.000000 564.000000 L 230.000000 564.000000Z 230.000000 348.000000" fill="none" /> </clipPath><g id="a_block.role_data" class="RBAC_TABLE"><g class="shape" ><rect x="230.000000" y="348.000000" width="542.000000" height="216.000000" rx="15.000000" ry="15.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="230.000000" y="348.000000" width="542.000000" height="36.000000" class="class_header fill-N1" clip-path="url(#d2-399215133-a_block.role_data)" /><text x="240.000000" y="373.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">Role Data</text><text x="240.000000" y="407.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">0=role number</text><text x="478.000000" y="407.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">uint</text><text x="762.000000" y="407.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="230.000000" x2="772.000000" y1="420.000000" y2="420.000000" class=" stroke-N1" style="stroke-width:2" /><text x="240.000000" y="443.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 1=role-signing-key</text><text x="478.000000" y="443.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Key Reference</text><text x="762.000000" y="443.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="230.000000" x2="772.000000" y1="456.000000" y2="456.000000" class=" stroke-N1" style="stroke-width:2" /><text x="240.000000" y="479.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 2=role-encryption-key</text><text x="478.000000" y="479.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Key Reference</text><text x="762.000000" y="479.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="230.000000" x2="772.000000" y1="492.000000" y2="492.000000" class=" stroke-N1" style="stroke-width:2" /><text x="240.000000" y="515.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 3=payment-key</text><text x="478.000000" y="515.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">OnChain Payment Key Reference</text><text x="762.000000" y="515.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="230.000000" x2="772.000000" y1="528.000000" y2="528.000000" class=" stroke-N1" style="stroke-width:2" /><text x="240.000000" y="551.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">? 10-99=Role Specific Data</text><text x="478.000000" y="551.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Variable per Role</text><text x="762.000000" y="551.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="245.000000" x2="757.000000" y1="564.000000" y2="564.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><g id="a_block.(rbac -&gt; role_data)[0]"><marker id="mk-3488378134" markerWidth="10.000000" markerHeight="12.000000" refX="7.000000" refY="6.000000" viewBox="0.000000 0.000000 10.000000 12.000000" orient="auto" markerUnits="userSpaceOnUse"> <polygon points="0.000000,0.000000 10.000000,6.000000 0.000000,12.000000" class="connection fill-B1" stroke-width="2" /> </marker><path d="M 463.000000 260.000000 L 491.000000 260.000000 S 501.000000 260.000000 501.000000 270.000000 L 501.000000 344.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-399215133)" /></g><mask id="d2-399215133" maskUnits="userSpaceOnUse" x="-89" y="-188" width="1012" height="903">
+<rect x="-89" y="-188" width="1012" height="903" fill="white"></rect>
+<rect x="196.000000" y="-87.000000" width="442" height="79" fill="rgba(0,0,0,0.75)"></rect>
 </mask></svg></svg>
diff --git a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl
index e0013a2004e..ceea0809365 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl
+++ b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl
@@ -20,8 +20,6 @@ x509-roles-v0-body = {
 	? c509-certs => [ + c509_cert ],
 	? pub-keys => [ + simple-public-key-type ],
 	? revocation-list => [ + revocation-set ],
-	? attached-did => dids,
-	? attached-vc => vcs,
 	? role-set => role-data-set,
 	? purpose-key-set => purpose-data-set,
 }
@@ -40,9 +38,17 @@ c509_cert = bytes .cbor any; A CBOR Encoded C.509 Certificate (binary)
 simple-public-keys = 30 ; Simple Public Keys
 
 simple-public-key-type = $simple-public-key-types
-$simple-public-key-types /= ed25519-public-key
+$simple-public-key-types /= undefined_key ; Key not defined in this array (use any previous definition)
+$simple-public-key-types /= deleted_key ; Key is to be deleted in any previously defined for this position.
+$simple-public-key-types /= ed25519-public-key ; ED25519 Public Key
+
+; Currently supported simple public key types
 ed25519-public-key = #6.32773(bstr .size 32) ; Simple public keys must be tagged to identify their type.
 
+; These entries come from https://github.com/svaarala/cbor-specs/blob/master/cbor-absent-tag.rst
+undefined_key = undefined ; No change to the key in this position of the array
+deleted_key = #6.31(undefined) ; delete the key (if any) at this position of the array
+
 ; x509/c509/simple key Revocation Lists
 ; Keys can only be revoked by the owner of the key or any issuer CA in the chain.
 ; Revocation becomes active AFTER certs in the same transaction are processed.
@@ -50,14 +56,6 @@ revocation-list = 40 ; Revocation List
 revocation-entry = bytes .size 16; A blake2b-128 hash of the certificate/public key to be revoked
 revocation-set = [ + revocation-entry ]
 
-; Digitial ID and Verifiable Credentials attached to this registration.
-
-attached-did = 50 ; DID/s attached to the certificates/on-chain identity
-attached-vc = 51 ; Verifiable Credentials attached to the certificates/on-chain identity
-
-dids = [ + bytes ] ; One or multiple DIDs
-vcs = [ + bytes ] ; One or multiple Verifiable Credentials
-
 ; Role Registrations
 
 role-set = 100
@@ -120,4 +118,4 @@ first-purpose-key = 200
 last-purpose-key = 299
 purpose-data-set = any
 
-; Note: any individual error in the role registration invalidates the entire registration.
\ No newline at end of file
+; Note: any individual error in the role registration invalidates the entire registration.

From 29042275038523b04d0d024c8fd681c690b07509 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 10 Apr 2024 10:21:21 +0700
Subject: [PATCH 52/66] fix(cips): rename RBAC definition CIP draft so its
 easier to identify

---
 .../x509-role-registration-metadata/{cip-xxxx.md => cip-509B.md}  | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/{cip-xxxx.md => cip-509B.md} (100%)

diff --git a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-509B.md
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-xxxx.md
rename to docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-509B.md

From 29fe657f79ba161182bf45fe49bcfb1e2341e7cb Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 10 Apr 2024 15:53:56 +0700
Subject: [PATCH 53/66] docs(cips): x509 certificate registration format fully
 defined

---
 .../x509-envelope-metadata/x509-envelope.cddl |   9 +-
 .../cip-509B.md                               | 192 ++++++++++++++++--
 .../x509-roles.cddl                           |  36 +++-
 3 files changed, 210 insertions(+), 27 deletions(-)

diff --git a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
index ff6b0abc292..759b43597d4 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
+++ b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
@@ -21,11 +21,15 @@ x509_envelope = $x509_envelope .within transaction_metadatum
 $x509_envelope /= {
 	0: purpose, ; What purpose does this metadata serve.
 	1: tx_inputs_hash, ; A hash of the `transaction inputs` field from the transaction the metadata is posted with.
-	?2: previous_transaction_id ; Previous transaction ID in the chain of registration updates for this user.
-	? chunk_type => [ + x509_chunk ] ; Chunked x509 role registration data.
+	? 2: previous_transaction_id ; Previous transaction ID in the chain of registration updates for this user.
+	chunk_type => [ + x509_chunk ] ; Chunked x509 role registration data.
 	99: validation_signature ; The signature of the x509 envelope plus all other auxiliary data.
 }
 
+; When a Role 0 certificate is replaced, the transaction MUST be signed by the previous certificate beign revoked
+; As well as the new certificate that is replacing it.
+certificate_replacement_signature = [ old: validation_signature, new: validation_signature ]
+
 ; hash of the previous transaction in the registration chain.
 ; There can only be one registration for a user for a purpose that does not have a previous transaction id.
 ; This would be the first.
@@ -43,6 +47,7 @@ $hash32 /= bytes .size 32
 ; However an application could choose to implement no compression or only one of either brotli/zstd.
 
 ; Chunk Types - Allows to identify how the chunk data is compressed to save on-chain space.
+
 chunk_types = (
 	raw: 10 ; Data is just chunked, not compressed (raw)
 	brotli: 11 ; Data is compressed with BROTLI and then chunked.
diff --git a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-509B.md b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-509B.md
index 868b488bddc..c856ab41e11 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-509B.md
+++ b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-509B.md
@@ -166,7 +166,8 @@ At a high level, Role registration will collect the following data:
 2. An [optional list](#x509-certificate-lists) of [CBOR Encoded X.509 Certificates][C509]
 3. An [optional list](#simple-public-keys) list of tagged simple public keys.
 4. An [optional certificate revocation](#certificate-revocation-list) set.
-5. An optional set of role registration data.
+5. An [optional set](#role-definitions) of role registration data.
+6. An [optional list] of purpose specific data.
 
 ### x509 Certificate Lists
 
@@ -193,6 +194,26 @@ By including the Signature in the transaction, we are able to make a verifiable
 off-chain certificate and the on-chain identity.
 This can not be forged.
 
+#### Plutus access to x509 certificates
+
+Plutus is currently incapable of reading any metadata attached to a transaction.
+This specification allows for C509 encoded certificates to be present in the datum output of the transaction itself.
+Any C509 certificates present in the metadatum of the transaction are considered to be part of the C509
+certificate list for the purposes of this specification.
+
+A C509 certificate in a metadatum that is to be included in the registration MUST be included in the C509 certificate list
+as a reference.
+
+The reference defines the metadatum the C509 certificate can be found in the transaction,
+and the offset in that metadatum where the certificate is located.
+The Certificates MUST be in the same transaction as the Metadatum, it is not possible to refer to a certificate
+embedded in metadatum in another transaction.
+
+Certificates in metadatum that are not linked in this way are ignored for the purpose of this specification.
+
+Transaction outputs at key 1 of the transaction can contain any number of arrays of certificates.
+This is only limited by the transaction itself.
+
 ### Simple Public Keys
 
 Rather than require full certificates, dApps can use simple public keys.
@@ -266,18 +287,26 @@ The validity of the registration is as per the rules for roles defined by the dA
 Role registration data is further divided into:
 
 1. [A Role number](#role-number)
-2. An Optional reference to the roles signing key
-3. An Optional reference to the roles encryption key
-4. An optional reference to the on-chain payment key to use for the role.
-5. And an optional dApp defined set of role specific data.
+2. An [Optional reference](#reference-to-a-role-signing-key) to the roles signing key
+3. An [Optional reference](#reference-to-a-role-encryption-key) to the roles encryption key
+4. An [optional reference](#on-chain-payment-key-reference) to the on-chain payment key to use for the role.
+5. And [an optional](#role-extended-data-keys) dApp defined set of role specific data.
 
 #### Role Number
 
 All roles, except for Role 0, are defined by the dApp.
 
-Role 0 is the primary role and is used to sign the metadata.
+Role 0 is the primary role and is used to sign the metadata and declare on-chain/off-chain identity linkage.
 All compliant implementations of this specification use Role 0 in this way.
 
+dApps can extend what other use cases Role 0 has, but it will always be used to secure the Role registrations.
+
+For example, in Catalyst Role 0 is a basic voters role.
+Voters do not need to register for any other role to have basic interaction with project Catalyst.
+
+The recommendation is that Role 0 be used by dApps to give the minimum level of access the dApp requires and
+other extended roles are defined as Role 1+.
+
 #### Reference to a role signing key
 
 Each role can optionally be used to sign data.
@@ -288,40 +317,167 @@ or one of the defined simple public keys.
 A dApp can define is roles allow the use of certificates, or simple public keys, or both.
 
 Role 0 MUST have a signing key, and it must be a certificate.
+Simple keys can not be used for signing against Role 0.
+
+The reason for this is the Role 0 certificate MUST include a reference to the on-chain identity/s to be bound to the registration.
+Simple public keys can not contain this reference, which is why they are not permissible for Role 0 keys.
 
 A reference to a key/certificate can be a cert in the same registration, or any previous registration.
 If the certificate is revoked, the role is unusable for signing unless and until a new signing certificate
 is registered for the role.
 
-### SubKey 100+ - dApp Defined Extended Metadata
+#### Reference to a role encryption key
+
+A Role may require the ability to transfer encrypted data.
+The registration can include the Public key use by the role to encrypt the roles data.
+Due to the way public key encryption works, this key can only be used to send encrypted data to the holder of the public key.
+However, when two users have registered public keys,
+they can use them off-chain to perform key exchange and communicate privately between themselves.
+
+The Role encryption key must be a reference to a key that supports public key encryption, and not just a signing key.
+If the key referenced does not support public key encryption, the registration is invalid.
+
+#### On-chain payment key reference
+
+Some dApps may require a user to register their payment key, so that they can be sent rewards,
+or native tokens or nft's or for other use cases.
+
+Registrations like CIP-15/36 for catalyst include a payment key.
+However, a fundamental problem with these metadata standards is there is no way to validate:
+
+1. The payment key declared is valid and capable of receiving payments.
+2. That the entity posting the registration actually owns the payment key registered.
+
+It is important that payment keys be verifiable and provably owned to the registrar.
+
+A Payment key reference in this CIP solves this problem by only allowing a reference to either a transaction input or output.
+
+The reference is a simple signed integer.
+If the integer is positive, then it is referencing the spent UTXO in the transaction Input at the same offset.
+Because its is required to prove one can spend a UTXO to post the transaction,
+the transaction itself proves that the Payment address being registered is both valid and owned by the registrar.
+
+If the reference is negative, then the payment key references a transaction output.  
+The value is negated to get the offset into the transaction output array.
+
+If the transaction output address IS also an input to the transaction,
+then the same proof has already been attached to the transaction.
+
+However, if the transaction output is not also an input, the transaction MUST include the output address
+in the required signers field, and the transaction must carry a witness proving the payment key is owned.
+
+This provides guarantees that the entity posting the registration has posted a valid payment address, and that they control it.
+
+If a payment address is not able to be validated, then the entire registration metadata is invalid.
+
+#### Role extended data keys
 
-Subkeys 100+ are available for dApp authors to add further metadata to registrations under this CIP.
-The dApp author should clearly document what this metadata is, how it is represented and formatted.
+Each dApp can declare that roles can have either mandatory or optional data items that can be posted with any role registration.
 
-It is valid for different extended metadata to be defined for different purposes for the same [dApp UUID][dApp-UUID].
+Each role can have a different set of defined role registration data.
+It is not required that all roles have the same data.
 
-Examples of extended metadata:
+As the role data is dApp specific, it is not detailed here.
+Each dApp will need to produce a specification of what role specific data it requires, and how it is validated.
 
-* Social Media contacts for a particular role.
-* A Description of the person or group covered by the registration.
-* Links to other systems with expanded information related to the registration.
+### dApp specific registration data
 
-The wallet when signing these registration transactions should not validate this metadata strictly.
-If the wallet believes it is invalid, it can warn the user, but should still allow it to be signed.
-This is because definition of this metadata is intentionally fluid to allow the dApp authors to add or remove optional metadata, and this should be able to occur without breaking supporting tooling.
+Each dApp can define data which is required for registration to the dApp.
+This data can be defined as required or optional by the dApp.
 
-### High level overview of the Role Registration witness data
+The data is global and applies to all roles registered by the same identity.
+
+This can include information such as ADA Handles, or reputation data associated with a registration.
+
+As this data is dApp specific it is not detailed here.
+
+### Registration validity
+
+Any registration metadata must be 100% valid, or the entire registration data set is rejected as invalid.
+
+For example, if three roles were registered, Role 0, 1 and 2.
+
+Role 0 is perfectly fine, as is Role 1.
+However Role 2 has an error with the payment key.
+None of the role registrations will take effect.
+
+### Optional fields
+
+As role registration is cumulative and each new registration for an entity on a dApp simply updates a previous
+registration, then all fields are optional.
+
+The individual posting the registration need ONLY post the data that has changed or is being added.
+This is intended to minimize the amount of on-chain data.
+It does mean that a registration state can only be known by collecting all registration for an individual from the chain.
+
+### First Registration
+
+The very first registration must have the following features:
+
+1. It MUST have a certificate that is appropriately issued (either self signed or issued by a trusted CA).
+   1. The certificate requirement is defined by each dApp.
+   2. The certificate MUST link to at least 1 on-chain identity.
+      dApps define what the required identities are.
+      It is valid for a dApp to require multiple on-chain identities to be referenced.
+      However, general validity can be inferred by the presence or lack of a referenced on-chain identity.
+      1. Either currently a Stake Address; or
+      2. Another on-chain identity key (such as dRep).
+   3. The transaction MUST be witnessed by ALL the Role 0 referenced on-chain identities.
+      1. If the address is not a natural address to witness the transaction, it MUST be included in the
+          required signers field of the transaction.
+          And it must appear in the witness set.
+2. It MUST have a Role 0 defined, that references the certificate.
+3. It must be signed by the Role 0 certificate.
+
+Once the Role 0 certificate is registered, the entity is registered for the dApp.
+Provided the dApp will accept the individuals registration.
+
+Other certificates DO NOT need to have references to the on-chain identity of the user.
+However, if they do, they must be witnessed in the transaction to prove they are validly held and referenced.
+
+### Deregistering
+
+Once a user has registered for Role 0, the only way they can de-register is to revoke their Role 0 key.
+If the Role 0 key is revoked, and is not replaced in the same transaction with a new key, then all
+registration data for that user is revoked.
+
+A user could then create a new registration with a new Role 0 certificate,
+but they would also need to register for any Roles again.
+
+This is because if the Role 0 certificate is not immediately rolled over, then all role registrations are deemed terminated.
+
+It is also possible for a de-registration to cause a linked registration to use a new on-chain identity.
+
+For example, if the current Role 0 registration referenced Stake address 123,  
+and a new registration is posted that revokes the old cert, and posts a new cert referencing Stake address 456,
+then the on-chain stake address identity will have changed from 123 to 456.
+
+Note: in the case of a CA revoked certificate,
+the subject must have registered a new Role 0 certificate before the issuer revokes it.
+
+Otherwise, they will become de-registered when the issuer revokes their certificate, and they must then completely re-register.
 
 ## Rationale: how does this CIP achieve its goals?
 
 ## Path to Active
 
+* All related CIP's are implemented in a MVP implementation for Project Catalyst.
+* All implementation details have been refined allowing unambiguous implementation for the MVP.
+* Appropriate community driven feedback has occurred to allow the specification to mature.
+
 ### Acceptance Criteria
 
 ### Implementation Plan
 
 ## References
 
+* [CC-BY-4.0]
+* [Apache 2.0]
+* [CBOR]
+* [CBOR - Core Deterministic Encoding Requirements]
+* [C509]
+* [CBOR Undefined/Absent Tags]
+
 ## Copyright
 
 This CIP is licensed under [CC-BY-4.0]
diff --git a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl
index ceea0809365..2a7ee4267f9 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl
+++ b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl
@@ -16,12 +16,12 @@ $x509_roles /= x509-roles-v0
 x509-roles-v0 = [ 0, x509-roles-v0-body ]
 
 x509-roles-v0-body = {
-	? x509-certs => [ + x509_der_cert ],
-	? c509-certs => [ + c509_cert ],
-	? pub-keys => [ + simple-public-key-type ],
-	? revocation-list => [ + revocation-set ],
-	? role-set => role-data-set,
-	? purpose-key-set => purpose-data-set,
+	? x509-certs => [ + x509_der_cert ], ; Unordered List of DER encoded x509 certificates
+	? c509-certs => [ + c509_cert ], ; Unordewed List of CBOR encoded C509 certificates (or metadatum references)
+	? pub-keys => [ + simple-public-key-type ], ; Ordered list of simple public keys that are registered.
+	? revocation-list => [ + revocation-set ], ; Revocation list of certs being revoked by an issuer.
+	? role-set => role-data-set, ; Set of role registration data
+	? purpose-key-set => purpose-data-set, ; Set of purpose specific data to be registered.
 }
 
 ; x509 Certificates
@@ -30,7 +30,29 @@ x509_der_cert = bytes ; A DER Encoded X.509 Certificate (binary)
 
 ; c509 Certificates
 c509-certs = 20 ; Unorderd bag of C509 CBOR Encoded certificates
-c509_cert = bytes .cbor any; A CBOR Encoded C.509 Certificate (binary)
+c509_cert = (
+  C509CertInMetadatumReference / ; A reference to a certificate encoded in a metadatum
+  C509Certificate ; An actual certificate.
+)
+
+; C509 Certificate from https://datatracker.ietf.org/doc/draft-ietf-cose-cbor-encoded-cert/09/
+C509Certificate = [
+	TBSCertificate: bytes .cbor any, ; A CBOR Encoded C.509 Certificate (binary)	issuerSignatureValue: any, ; The issuers signature (dependent on the signature algorithm used by the certificate)]
+
+; A reference to a C509 certificate held in a metadatum.
+; if there are multiple transaction outputs that contain certificates they need to be listed individually.
+C509CertInMetadatumReference = [
+	txn_output_field: uint, ; Currently this is always 1.  It references the key of the transaction outputs to use from the transaction.
+	txn_output_index: uint,  ; The specific transaction output to use in the list of transaction outputs.
+	cert_ref: C509CertInMetadatumReferenceOffset ; Reference to the certificates in the metadatum.
+]
+
+; Which certificate/s to reference
+C509CertInMetadatumReferenceOffset = (
+	null //  ; Reference is a single cert, or an array of certs, include them all, in order listed.
+	uint // ; Reference a single cert at this offset in a CBOR array, or at this key in a CBOR map.
+	[ + uint ] ; Reference multiple certs at these offsets in a CBOR array, or at these keys in a CBOR map, in the order listed.
+)
 
 ; Simple Public Keys
 ; These are just signing keys of the specified type, and are not true certs

From daf0b0ee4b85dcff51f5f76f9ac454ba2a0df4e0 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 10 Apr 2024 16:02:55 +0700
Subject: [PATCH 54/66] docs(cips): Document the restricted plutus subset.

---
 .../cip-509C.md                               | 57 +++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/cip-509C.md

diff --git a/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/cip-509C.md b/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/cip-509C.md
new file mode 100644
index 00000000000..698044be7c8
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/cip-509C.md
@@ -0,0 +1,57 @@
+---
+CIP: /?
+Title: Restricted format for C509 compatibility with Plutus
+Category: MetaData
+Status: Proposed
+Authors:
+    - Steven Johnson<steven.johnson@iohk.io>
+Implementors: []
+Discussions:
+    - https://github.com/cardano-foundation/cips/pulls/?
+Created: 2023-10-24
+License: CC-BY-4.0
+---
+
+## Abstract
+
+Plutus can access metadatums that encode C509 certificates.
+This specification documents the restricted feature set of those certificates.
+
+## Motivation: why is this CIP necessary?
+
+In order to keep complexity low, this specification details a set of restriction
+on-top of a standard C509 certificate definition.
+These restrictions help plutus support the important features of
+x509 certificates in smart contracts on-chain.
+
+They also help reduce the amount of data stored on-chain.
+
+## Specification
+
+See [c509-cert-plutus-restricted.cddl](./c509-cert-plutus-restricted.cddl).
+This is the formal specification which describes the requirements of on-chain x509 certificates.
+ust include a CDDL schema in it's specification.-->
+
+## Rationale: how does this CIP achieve its goals?
+
+By clearly defining the feature set that plutus scripts can accept from C509 certificates it is easier for
+script writers and certificate creators to produce interoperable certificates.
+
+## Path to Active
+
+This draft CIP requires extensive collaboration with multiple parties in order to arrive at a
+correct and viable specification.
+
+It has been kept deliberately terse in order for that process to be as open and collaborative as possible.
+
+### Acceptance Criteria
+
+* General community consensus on the minimum standard needs to be agreed.
+
+### Implementation Plan
+
+## Copyright
+
+This CIP is licensed under [CC-BY-4.0]
+
+Code samples and reference material are licensed under [Apache 2.0]

From 3c3008ff993ab3313726971e2e100d64b186293b Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 10 Apr 2024 16:34:15 +0700
Subject: [PATCH 55/66] docs(cips): Add document detailing how CIP-30 is used
 to sign the transaction

---
 .config/dictionaries/project.dic              |   7 +-
 .../x509-rbac-signing-with-cip30/cip-x509D.md | 131 ++++++++++++++++++
 .../x509-rbac-signing-with-cip30/cip-xxxx.md  |  77 ----------
 .../images/cardano-transaction.d2             |   0
 .../images/cardano-transaction.svg            |   0
 5 files changed, 134 insertions(+), 81 deletions(-)
 create mode 100644 docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/cip-x509D.md
 delete mode 100644 docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/cip-xxxx.md
 rename docs/src/catalyst-standards/draft-cips/{ => x509-rbac-signing-with-cip30}/images/cardano-transaction.d2 (100%)
 rename docs/src/catalyst-standards/draft-cips/{ => x509-rbac-signing-with-cip30}/images/cardano-transaction.svg (100%)

diff --git a/.config/dictionaries/project.dic b/.config/dictionaries/project.dic
index fe2d4b39735..b93d260be5d 100644
--- a/.config/dictionaries/project.dic
+++ b/.config/dictionaries/project.dic
@@ -23,6 +23,7 @@ cfbundle
 chromedriver
 chrono
 ciphertext
+CIPs
 COCOAPODS
 codegen
 codepoints
@@ -45,7 +46,6 @@ earthfile
 Edgedriver
 encryptor
 endfunction
-endfunction
 fetchval
 fmtchk
 fmtfix
@@ -83,6 +83,7 @@ localizable
 loguru
 mdlint
 metadatum
+metamap
 mgrybyk
 mithril
 mitigations
@@ -117,6 +118,7 @@ pytest
 rapidoc
 redoc
 Replayability
+repr
 reqwest
 rfwtxt
 ripgrep
@@ -169,6 +171,3 @@ xctest
 xctestrun
 xcworkspace
 yoroi
-cbor
-metamap
-repr
\ No newline at end of file
diff --git a/docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/cip-x509D.md b/docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/cip-x509D.md
new file mode 100644
index 00000000000..232c5c476c6
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/cip-x509D.md
@@ -0,0 +1,131 @@
+---
+CIP: /?
+Title: Preparing and Signing x509 Metadata
+Category: MetaData
+Status: Proposed
+Authors:
+    - Steven Johnson<steven.johnson@iohk.io>
+Implementors: []
+Discussions:
+    - https://github.com/cardano-foundation/cips/pulls/?
+Created: 2023-10-24
+License: CC-BY-4.0
+--- 
+
+<!-- markdownlint-disable MD025-->
+# Role Based Access Control Registration
+
+## Abstract
+
+This document defines how a dApp will use the wallet connect interfaces of CIP-30 to produce and sign
+x509 registration transactions.
+
+## Motivation: why is this CIP necessary?
+
+The x509 certificate metadata CIPs are complex, and it is required to clearly document how they
+can be produced using standard tooling.
+
+The primary motivation is that the registration can be produced with existing interfaces.
+
+Wallets MAY OPTIONALLY detect this registration format and display it in a more meaningful way to users.
+But that is not required.
+
+The aim is to have broad interoperability with ALL wallets that already implement CIP-30.
+
+## Specification
+
+### Components of an individual transaction
+
+![Cardano Transaction Anatomy](./images/cardano-transaction.svg)
+
+### Creation and Signing procedure
+
+![Creation/Signing procedure](../x509-envelope-metadata/images/metadata-envelope-process.svg)
+
+### Wallet interaction
+
+CIP 30 defines two main functions.
+
+1. signData
+2. signTransaction
+
+We deliberately do NOT use signData.  
+The reason is signData has limitations, primarily it can ONLY sign data with a single key.
+
+it is also incapable of creating data that can not be replayed across transactions, which is a requirement.
+
+Accordingly, the entire transaction is produced using `signTransaction`.
+
+Following the procedure described above, the prepared transaction and complete metadata
+(which has been pre-signed with the role 0 keys of the user) are sent to the wallet to be signed.
+
+The Transaction MUST include where appropriate extra keys in `required signers` in the transaction to properly
+link the off-chain role keys with on-chain keys.
+
+The wallet DOES NOT need to know that the metadata has this requirement, it simply sees the keys it needs to witness
+the transaction with, and prompts the user to sign.
+
+#### Enhanced UX
+
+The Role registration metadata is general in form.
+
+A Wallet MAY elect to detect that it is signing a role registration and
+present the data in a form which is easier for the user to reason through.
+
+It may also be aware of key supported dApps and provide even further information.
+It can also perform both universal and dApp specific validity checks against the registration to ensure
+it is properly structured by the dApp.
+
+However, the Wallet should simply WARN the user if it detects a problem, and not prevent the user from
+signing the transaction.
+
+Once the wallet has signed the transaction, the dApp will have a fully signed role registration transaction and metadata.
+It will be impossible for the dApp or anyone else to separate the metadata from the transaction and retain its validity.
+It is impossible to replay the metadata on a new transaction and it retain validity.
+
+With the complete transaction properly signed, it can then be posted on-chain.
+
+### Posting the transaction
+
+Once the transaction has been properly constructed and signed, anyone with a copy of it can post it on-chain.
+
+it is recommended that dApps post the transaction to their own backend logic, which handles posting the data on-chain
+vs posting the data on-chain through the wallet.
+
+The reason for this, is this affords the dApp backend the opportunity to 
+validate the registration data in its entirety before posting it on-chain.
+
+It is preferable to inform a user their registration is invalid or has problems 
+BEFORE they spend the ADA required to post the transaction, 
+and the only authoritive way this can be achieved is through the dApp.
+
+having validated the registration would be valid if posted on-chain, it is then posted by the dapp on-chain.
+
+Once the dApp sees the registration appear in the ledger, 
+it is now confirmed that not only was the registration valid, but that the transaction itself was valid, 
+properly spent valid UTXOs, etc.
+
+The dApp may cache registration data it received from users, 
+but it should never act on it until it has been seen validly posted on-chain.
+
+## Rationale: how does this CIP achieve its goals?
+
+This CIP defines wallet interactions and how CIP-30 is used to create and 
+post transactions that conform to the x509 metadata specification.
+
+## Path to Active
+
+### Acceptance Criteria
+
+### Implementation Plan
+
+## References
+
+## Copyright
+
+This CIP is licensed under [CC-BY-4.0]
+
+Code samples and reference material are licensed under [Apache 2.0]
+
+[CC-BY-4.0]: https://creativecommons.org/licenses/by/4.0/legalcode
+[Apache 2.0]: https://www.apache.org/licenses/LICENSE-2.0.html
diff --git a/docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/cip-xxxx.md
deleted file mode 100644
index 3526b370cda..00000000000
--- a/docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/cip-xxxx.md
+++ /dev/null
@@ -1,77 +0,0 @@
----
-CIP: /?
-Title: Role based Access Control Registration
-Category: MetaData
-Status: Proposed
-Authors:
-    - Steven Johnson<steven.johnson@iohk.io>
-Implementors: []
-Discussions:
-    - https://github.com/cardano-foundation/cips/pulls/?
-Created: 2023-10-24
-License: CC-BY-4.0
---- 
-
-<!-- Existing categories:
-
-- Meta     | For meta-CIPs which typically serves another category or group of categories.
-- Wallets  | For standardization across wallets (hardware, full-node or light).
-- Tokens   | About tokens (fungible or non-fungible) and minting policies in general.
-- Metadata | For proposals around metadata (on-chain or off-chain).
-- Tools    | A broad category for ecosystem tools not falling into any other category.
-- Plutus   | Changes or additions to Plutus
-- Ledger   | For proposals regarding the Cardano ledger (including Reward Sharing Schemes)
-- Catalyst | For proposals affecting Project Catalyst / the Jormungandr project
-
--->
-
-<!-- markdownlint-disable MD025-->
-# Role Based Access Control Registration
-
-## Abstract
-<!-- A short (\~200 word) description of the proposed solution and the technical issue being addressed. -->
-
-## Motivation: why is this CIP necessary?
-<!-- A clear explanation that introduces the reason for a proposal, its use cases and stakeholders. 
-If the CIP changes an established design then it must outline design issues that motivate a rework. 
-For complex proposals, authors must write a Cardano Problem Statement (CPS) as defined in CIP-9999 
-and link to it as the `Motivation`. -->
-
-## Specification
-<!-- The technical specification should describe the proposed improvement in sufficient technical detail. 
-In particular, it should provide enough information that an implementation can be performed solely on the basis 
-of the design in the CIP. 
-This is necessary to facilitate multiple, interoperable implementations. 
-This must include how the CIP should be versioned. 
-If a proposal defines structure of on-chain data it must include a CDDL schema in it's specification.-->
-
-## Rationale: how does this CIP achieve its goals?
-<!-- The rationale fleshes out the specification by describing what motivated the design and what led to 
-particular design decisions.
-It should describe alternate designs considered and related work. 
-The rationale should provide evidence of consensus within the community and discuss significant objections 
-or concerns raised during the discussion.
-
-It must also explain how the proposal affects the backward compatibility of existing solutions when applicable. 
-If the proposal responds to a CPS, the 'Rationale' section should explain how it addresses the CPS, 
-and answer any questions that the CPS poses for potential solutions.
--->
-
-## Path to Active
-
-### Acceptance Criteria
-<!-- Describes what are the acceptance criteria whereby a proposal becomes 'Active' -->
-
-### Implementation Plan
-<!-- A plan to meet those criteria. Or `N/A` if not applicable. -->
-
-## References
-
-## Copyright
-
-This CIP is licensed under [CC-BY-4.0]
-
-Code samples and reference material are licensed under [Apache 2.0]
-
-[CC-BY-4.0]: https://creativecommons.org/licenses/by/4.0/legalcode
-[Apache 2.0]: https://www.apache.org/licenses/LICENSE-2.0.html
diff --git a/docs/src/catalyst-standards/draft-cips/images/cardano-transaction.d2 b/docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/images/cardano-transaction.d2
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/images/cardano-transaction.d2
rename to docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/images/cardano-transaction.d2
diff --git a/docs/src/catalyst-standards/draft-cips/images/cardano-transaction.svg b/docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/images/cardano-transaction.svg
similarity index 100%
rename from docs/src/catalyst-standards/draft-cips/images/cardano-transaction.svg
rename to docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/images/cardano-transaction.svg

From 2b6411f7f90ac3c93898d051d95501e8e4490245 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 10 Apr 2024 17:33:47 +0700
Subject: [PATCH 56/66] fix(cips): remove trailing spaces

---
 .../x509-rbac-signing-with-cip30/cip-x509D.md      | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/cip-x509D.md b/docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/cip-x509D.md
index 232c5c476c6..561d042f0cc 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/cip-x509D.md
+++ b/docs/src/catalyst-standards/draft-cips/x509-rbac-signing-with-cip30/cip-x509D.md
@@ -92,25 +92,25 @@ Once the transaction has been properly constructed and signed, anyone with a cop
 it is recommended that dApps post the transaction to their own backend logic, which handles posting the data on-chain
 vs posting the data on-chain through the wallet.
 
-The reason for this, is this affords the dApp backend the opportunity to 
+The reason for this, is this affords the dApp backend the opportunity to
 validate the registration data in its entirety before posting it on-chain.
 
-It is preferable to inform a user their registration is invalid or has problems 
-BEFORE they spend the ADA required to post the transaction, 
+It is preferable to inform a user their registration is invalid or has problems
+BEFORE they spend the ADA required to post the transaction,
 and the only authoritive way this can be achieved is through the dApp.
 
 having validated the registration would be valid if posted on-chain, it is then posted by the dapp on-chain.
 
-Once the dApp sees the registration appear in the ledger, 
-it is now confirmed that not only was the registration valid, but that the transaction itself was valid, 
+Once the dApp sees the registration appear in the ledger,
+it is now confirmed that not only was the registration valid, but that the transaction itself was valid,
 properly spent valid UTXOs, etc.
 
-The dApp may cache registration data it received from users, 
+The dApp may cache registration data it received from users,
 but it should never act on it until it has been seen validly posted on-chain.
 
 ## Rationale: how does this CIP achieve its goals?
 
-This CIP defines wallet interactions and how CIP-30 is used to create and 
+This CIP defines wallet interactions and how CIP-30 is used to create and
 post transactions that conform to the x509 metadata specification.
 
 ## Path to Active

From 5f68b88e3c857700efd6309dca070ecf8ac67e1f Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 10 Apr 2024 17:45:22 +0700
Subject: [PATCH 57/66] fix(cips): Fix line lengths

---
 docs/src/catalyst-standards/cbor_tags/ulid.md | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/docs/src/catalyst-standards/cbor_tags/ulid.md b/docs/src/catalyst-standards/cbor_tags/ulid.md
index 2ba79b7b635..eda17234842 100644
--- a/docs/src/catalyst-standards/cbor_tags/ulid.md
+++ b/docs/src/catalyst-standards/cbor_tags/ulid.md
@@ -2,23 +2,23 @@
 
 This document specifies a tag for ULIDs in Concise Binary Object Representation (CBOR) [1].
 
-    Tag: 32770
+    Tag: 32780
     Data item: byte string
     Semantics: Binary ULID (https://github.com/ulid/spec/tree/master)
     Point of contact: Steven Johnson <steven.johnson@iohk.io>
-    Description of semantics: https://github.com/input-output-hk/catalyst-voices/tree/main/docs/src/catalyst-standards/cbor_tags/ulid.md
+    Description of semantics: 
+    https://github.com/input-output-hk/catalyst-voices/tree/main/docs/src/catalyst-standards/cbor_tags/ulid.md
 
 ## Semantics
 
-Tag 32770 can be applied to a byte string (major type 2) to indicate that the byte string is a binary [ULID] as specified by the [ULID Binary Layout].
+Tag 32780 can be applied to a byte string (major type 2) to indicate that the byte string
+is a binary [ULID] as specified by the [ULID Binary Layout].
 
 ## References
 
-[1] C.
-Bormann, and P.
-Hoffman.
-"Concise Binary Object Representation (CBOR)".
-RFC 7049, October 2013.
+<!-- markdownlint-disable max-one-sentence-per-line -->
+[1] [C. Bormann, and P. Hoffman. "Concise Binary Object Representation (CBOR)". RFC 8949, October 2020.][RFC 8949]
+<!-- markdownlint-enable max-one-sentence-per-line -->
 
 [2] [Universally Unique Lexicographically Sortable Identifier][ULID]
 
@@ -26,5 +26,6 @@ RFC 7049, October 2013.
 
 Steven Johnson <steven.johnson@iohk.io>
 
+[RFC 8949]: https://datatracker.ietf.org/doc/html/rfc8949
 [ULID]: https://github.com/ulid/spec/blob/master/README.md
 [ULID Binary Layout]: https://github.com/ulid/spec/tree/master#binary-layout-and-byte-order

From 2a9114a66d0aeff1bf91adc2ee9d48b03c945656 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 10 Apr 2024 18:06:00 +0700
Subject: [PATCH 58/66] fix(cips): Correct spelling

---
 .config/dictionaries/project.dic                     |  5 +++--
 cspell.json                                          |  1 +
 .../c509-cert-plutus-restricted.cddl                 |  6 ++++--
 .../draft-cips/x509-envelope-metadata/cip-509A.md    |  2 +-
 .../x509-envelope-metadata/x509-envelope.cddl        | 10 +++++-----
 .../x509-role-registration-metadata/cip-509B.md      |  2 +-
 .../x509-role-registration-metadata/x509-roles.cddl  | 12 ++++++------
 7 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/.config/dictionaries/project.dic b/.config/dictionaries/project.dic
index f24d4ba871e..f822504d9f3 100644
--- a/.config/dictionaries/project.dic
+++ b/.config/dictionaries/project.dic
@@ -87,6 +87,7 @@ localizable
 loguru
 mdlint
 metadatum
+metadatums
 metamap
 mgrybyk
 mithril
@@ -161,10 +162,10 @@ Traceback
 TXNZD
 Typer
 unmanaged
-UTXO
 utxo
-Utxos
+UTXO
 utxos
+Utxos
 vite
 vitss
 vkey
diff --git a/cspell.json b/cspell.json
index b729343b8ba..c120639098a 100644
--- a/cspell.json
+++ b/cspell.json
@@ -175,5 +175,6 @@
         "web-components.min.js",
         "**/generated/**",
         "utilities/catalyst_voices_remote_widgets/example/**/**",
+        "**/*.svg"
     ]
 }
\ No newline at end of file
diff --git a/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl b/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl
index e4fe93fdb16..4967ed331e1 100644
--- a/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl
+++ b/docs/src/catalyst-standards/draft-cips/c509-plutus-restricted-certificate/c509-cert-plutus-restricted.cddl
@@ -3,7 +3,9 @@
 ; And is restricted/customized to better enable compatibility with Plutus scripts
 ; that would consume them, without loosing necessary features of x509
 ; Not all x509 features are supported and some fields have different semantics to improve
-; certificate size and processibility by Plutus Scripts.
+; certificate size and ability to be processed by Plutus Scripts.
+
+; cspell: words reencoded, biguint 
 
 C509CertificatePlutusRestrictedSubset = [ TBSCertificate, issuerSignatureValue: ed25519Signature, ]
 
@@ -44,7 +46,7 @@ Attribute = (
 
 subjectPublicKey = bytes .size (32..32); Ed25519 public key stored in bytes, adjust size of this if other key types are supported.  
 
-; This is a completely custom Attribute for the RelativeDistringuishedName which is only for use with Plutus scripts.
+; This is a completely custom Attribute for the RelativeDistinguishedName which is only for use with Plutus scripts.
 ; attributeType = The type of Cardano key we associate with this certificate.
 ; proof = Does the transaction require proof that the key is owned by the transaction signer?
 ; attributeValue = The Cardano public key hash of the attribute type
diff --git a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-509A.md b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-509A.md
index 54dac6ddffc..143bd2d645c 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-509A.md
+++ b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-509A.md
@@ -103,7 +103,7 @@ any actual role or certificate updates.
 The data required to register certificates or roles could be large.
 The [specification for the encoding of all Cardano metadata] also introduces difficulties in encoding x509 certificates.
 
-The contents of the x509 RABC Registration data stored in this key is documented separately.
+The contents of the x509 RBAC Registration data stored in this key is documented separately.
 Its exact contents are not important for this specification except to note, that it will always define at least:
 
 * 1 Role 0 signing key MUST always be defined.
diff --git a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
index 759b43597d4..03d26d1ddaf 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
+++ b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/x509-envelope.cddl
@@ -17,7 +17,7 @@
 ; The x509 envelope must be valid cardano metadata.
 x509_envelope = $x509_envelope .within transaction_metadatum
 
-; Strcuture of the x509 envelope itself.
+; Structure of the x509 envelope itself.
 $x509_envelope /= {
 	0: purpose, ; What purpose does this metadata serve.
 	1: tx_inputs_hash, ; A hash of the `transaction inputs` field from the transaction the metadata is posted with.
@@ -26,21 +26,21 @@ $x509_envelope /= {
 	99: validation_signature ; The signature of the x509 envelope plus all other auxiliary data.
 }
 
-; When a Role 0 certificate is replaced, the transaction MUST be signed by the previous certificate beign revoked
+; When a Role 0 certificate is replaced, the transaction MUST be signed by the previous certificate being revoked
 ; As well as the new certificate that is replacing it.
 certificate_replacement_signature = [ old: validation_signature, new: validation_signature ]
 
 ; hash of the previous transaction in the registration chain.
 ; There can only be one registration for a user for a purpose that does not have a previous transaction id.
 ; This would be the first.
-; Once that is posted, all updates must properly maintian the chain.
+; Once that is posted, all updates must properly maintain the chain.
 ; Dangling registrations for the same purpose are ignored.
 previous_transaction_id = $hash32
 $hash32 /= bytes .size 32
 
 ; x509 Role Registration data is chunked and optionally (preferably) compressed.
-; This enables the x509 registration data to have a strucutre not supported by the
-; underlying limitions of the on-chain metadatum implementation.
+; This enables the x509 registration data to have a structure not supported by the
+; underlying limitations of the on-chain metadatum implementation.
 ; As the x509 registration data may be large, compression is used to minimize on-chain space consumed.
 ; Best practice would be to compress the data with both brotli and zstd, and only store the 
 ; smallest data set. `raw` storage would only be used if compression did not yield any benefits.
diff --git a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-509B.md b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-509B.md
index c856ab41e11..a0ff97b6513 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-509B.md
+++ b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-509B.md
@@ -435,7 +435,7 @@ Provided the dApp will accept the individuals registration.
 Other certificates DO NOT need to have references to the on-chain identity of the user.
 However, if they do, they must be witnessed in the transaction to prove they are validly held and referenced.
 
-### Deregistering
+### De-registering
 
 Once a user has registered for Role 0, the only way they can de-register is to revoke their Role 0 key.
 If the Role 0 key is revoked, and is not replaced in the same transaction with a new key, then all
diff --git a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl
index 2a7ee4267f9..47c04265793 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl
+++ b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/x509-roles.cddl
@@ -1,5 +1,5 @@
 ; An envelope for Cardano metadata which holds the x509 metadata.
-; We do this so that the underlying metadata is not restircted to
+; We do this so that the underlying metadata is not restricted to
 ; Cardano ledger implementation.
 
 ; uses 
@@ -16,8 +16,8 @@ $x509_roles /= x509-roles-v0
 x509-roles-v0 = [ 0, x509-roles-v0-body ]
 
 x509-roles-v0-body = {
-	? x509-certs => [ + x509_der_cert ], ; Unordered List of DER encoded x509 certificates
-	? c509-certs => [ + c509_cert ], ; Unordewed List of CBOR encoded C509 certificates (or metadatum references)
+	? x509-certs => [ + x509_der_cert ], ; Un-ordered List of DER encoded x509 certificates
+	? c509-certs => [ + c509_cert ], ; Un-ordered List of CBOR encoded C509 certificates (or metadatum references)
 	? pub-keys => [ + simple-public-key-type ], ; Ordered list of simple public keys that are registered.
 	? revocation-list => [ + revocation-set ], ; Revocation list of certs being revoked by an issuer.
 	? role-set => role-data-set, ; Set of role registration data
@@ -25,11 +25,11 @@ x509-roles-v0-body = {
 }
 
 ; x509 Certificates
-x509-certs = 10 ; Unorderd bag of X509 DER Encoded certificates
+x509-certs = 10 ; Un-ordered bag of X509 DER Encoded certificates
 x509_der_cert = bytes ; A DER Encoded X.509 Certificate (binary)
 
 ; c509 Certificates
-c509-certs = 20 ; Unorderd bag of C509 CBOR Encoded certificates
+c509-certs = 20 ; Un-ordered bag of C509 CBOR Encoded certificates
 c509_cert = (
   C509CertInMetadatumReference / ; A reference to a certificate encoded in a metadatum
   C509Certificate ; An actual certificate.
@@ -123,7 +123,7 @@ key-hash = bytes .size 16
 
 ; Reference to a transaction input/output as the payment key to use for a role
 ; Payment key (n) >= 0 = Use Transaction Input Key offset (n) as the payment key
-; Payment key (n) < 0 = Use Transaction Output Key offstet -(n+1) as the payment key
+; Payment key (n) < 0 = Use Transaction Output Key offset -(n+1) as the payment key
 ; IFF a transaction output payment key is defined the payment address must also be in
 ; the required_signers of the transaction to ensure the payment address is owned and controlled
 ; by the entity posting the registration.

From 51c365efbb6e649bb3b161284d84c47e46605bc8 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 10 Apr 2024 18:10:30 +0700
Subject: [PATCH 59/66] fix(cips): spelling

---
 docs/src/catalyst-standards/cbor_tags/ulid.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/src/catalyst-standards/cbor_tags/ulid.md b/docs/src/catalyst-standards/cbor_tags/ulid.md
index eda17234842..5c9ac9b355f 100644
--- a/docs/src/catalyst-standards/cbor_tags/ulid.md
+++ b/docs/src/catalyst-standards/cbor_tags/ulid.md
@@ -17,6 +17,7 @@ is a binary [ULID] as specified by the [ULID Binary Layout].
 ## References
 
 <!-- markdownlint-disable max-one-sentence-per-line -->
+<!-- cspell: words Bormann -->
 [1] [C. Bormann, and P. Hoffman. "Concise Binary Object Representation (CBOR)". RFC 8949, October 2020.][RFC 8949]
 <!-- markdownlint-enable max-one-sentence-per-line -->
 

From 6312ba7348950a689c83879d13503a27c1d8bfcc Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 10 Apr 2024 18:36:31 +0700
Subject: [PATCH 60/66] fix(frontend): revert changes to flutter/dart versions

---
 .../packages/catalyst_voices_assets/example/pubspec.yaml      | 2 +-
 catalyst_voices/packages/catalyst_voices_assets/pubspec.yaml  | 2 +-
 catalyst_voices/packages/catalyst_voices_blocs/pubspec.yaml   | 2 +-
 .../packages/catalyst_voices_localization/pubspec.yaml        | 2 +-
 .../packages/catalyst_voices_repositories/pubspec.yaml        | 2 +-
 .../packages/catalyst_voices_services/pubspec.yaml            | 2 +-
 catalyst_voices/packages/catalyst_voices_shared/pubspec.yaml  | 4 ++--
 .../packages/catalyst_voices_view_models/pubspec.yaml         | 2 +-
 catalyst_voices/pubspec.yaml                                  | 4 ++--
 melos.yaml                                                    | 4 ++--
 utilities/catalyst_voices_remote_widgets/pubspec.yaml         | 2 +-
 11 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/catalyst_voices/packages/catalyst_voices_assets/example/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_assets/example/pubspec.yaml
index 7288ed22e5f..07900cac01c 100644
--- a/catalyst_voices/packages/catalyst_voices_assets/example/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_assets/example/pubspec.yaml
@@ -5,7 +5,7 @@ publish_to: none
 
 environment:
   sdk: ">=3.2.6 <4.0.0"
-  flutter: 3.19.0
+  flutter: 3.19.5
 
 dependencies:
   catalyst_voices_assets:
diff --git a/catalyst_voices/packages/catalyst_voices_assets/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_assets/pubspec.yaml
index 14a62462651..b658ab5e903 100644
--- a/catalyst_voices/packages/catalyst_voices_assets/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_assets/pubspec.yaml
@@ -5,7 +5,7 @@ publish_to: none
 
 environment:
   sdk: ">=3.2.6 <4.0.0"
-  flutter: 3.19.0
+  flutter: 3.19.5
 
 dependencies:
   flutter:
diff --git a/catalyst_voices/packages/catalyst_voices_blocs/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_blocs/pubspec.yaml
index 4a2086af4e0..40be3785b76 100644
--- a/catalyst_voices/packages/catalyst_voices_blocs/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_blocs/pubspec.yaml
@@ -5,7 +5,7 @@ publish_to: none
 
 environment:
   sdk: ">=3.2.6 <4.0.0"
-  flutter: 3.19.0
+  flutter: 3.19.5
 
 dependencies:
   bloc: ^8.1.2
diff --git a/catalyst_voices/packages/catalyst_voices_localization/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_localization/pubspec.yaml
index f84bee54adc..ec80ae6fb2f 100644
--- a/catalyst_voices/packages/catalyst_voices_localization/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_localization/pubspec.yaml
@@ -5,7 +5,7 @@ publish_to: none
 
 environment:
   sdk: ">=3.2.6 <4.0.0"
-  flutter: 3.19.0
+  flutter: 3.19.5
 
 dependencies:
   flutter:
diff --git a/catalyst_voices/packages/catalyst_voices_repositories/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_repositories/pubspec.yaml
index 1e63f864694..a2453a86a7f 100644
--- a/catalyst_voices/packages/catalyst_voices_repositories/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_repositories/pubspec.yaml
@@ -5,7 +5,7 @@ publish_to: none
 
 environment:
   sdk: ">=3.2.6 <4.0.0"
-  flutter: 3.19.0
+  flutter: 3.19.5
 
 dependencies:
   catalyst_voices_models:
diff --git a/catalyst_voices/packages/catalyst_voices_services/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_services/pubspec.yaml
index 2c0fdb4df4f..652bfad765c 100644
--- a/catalyst_voices/packages/catalyst_voices_services/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_services/pubspec.yaml
@@ -5,7 +5,7 @@ publish_to: none
 
 environment:
   sdk: ">=3.2.6 <4.0.0"
-  flutter: 3.19.0
+  flutter: 3.19.5
 
 dependencies:
   chopper: ^7.2.0
diff --git a/catalyst_voices/packages/catalyst_voices_shared/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_shared/pubspec.yaml
index 056d53e8fc5..83f33847d1e 100644
--- a/catalyst_voices/packages/catalyst_voices_shared/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_shared/pubspec.yaml
@@ -4,8 +4,8 @@ version: 0.1.0+1
 publish_to: none
 
 environment:
-  sdk: ">=3.3.0 <4.0.0"
-  flutter: 3.19.0
+  sdk: ">=3.3.3 <4.0.0"
+  flutter: 3.19.5
 
 dependencies:
   flutter:
diff --git a/catalyst_voices/packages/catalyst_voices_view_models/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_view_models/pubspec.yaml
index 247d5605d0f..1edc768165a 100644
--- a/catalyst_voices/packages/catalyst_voices_view_models/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_view_models/pubspec.yaml
@@ -5,7 +5,7 @@ publish_to: none
 
 environment:
   sdk: ">=3.2.6 <4.0.0"
-  flutter: 3.19.0
+  flutter: 3.19.5
 
 dependencies:
   equatable: ^2.0.5
diff --git a/catalyst_voices/pubspec.yaml b/catalyst_voices/pubspec.yaml
index a0c5b33fbb4..92a3915f1d0 100644
--- a/catalyst_voices/pubspec.yaml
+++ b/catalyst_voices/pubspec.yaml
@@ -4,8 +4,8 @@ version: 0.1.0+1
 publish_to: none
 
 environment:
-  sdk: ">=3.3.0 <4.0.0"
-  flutter: 3.19.0
+  sdk: ">=3.3.3 <4.0.0"
+  flutter: 3.19.5
 
 dependencies:
   animated_text_kit: ^4.2.2
diff --git a/melos.yaml b/melos.yaml
index 10efc047f87..c2bd1cb76a0 100644
--- a/melos.yaml
+++ b/melos.yaml
@@ -13,8 +13,8 @@ command:
     workspaceChangelog: true
   bootstrap:
     environment:
-      sdk: ">=3.3.0 <4.0.0"
-      flutter: 3.19.0
+      sdk: ">=3.3.3 <4.0.0"
+      flutter: 3.19.5
     dependencies:
       bloc_concurrency: ^0.2.2
       bloc: ^8.1.2
diff --git a/utilities/catalyst_voices_remote_widgets/pubspec.yaml b/utilities/catalyst_voices_remote_widgets/pubspec.yaml
index 76fa84e835e..ecad9b816a0 100644
--- a/utilities/catalyst_voices_remote_widgets/pubspec.yaml
+++ b/utilities/catalyst_voices_remote_widgets/pubspec.yaml
@@ -4,7 +4,7 @@ version: 0.1.0+1
 publish_to: none
 
 environment:
-  sdk: ">=3.3.0 <4.0.0"
+  sdk: ">=3.3.3 <4.0.0"
   flutter: 3.19.3
 
 dependencies:

From 26ad5028502cfabcfd02851a74c251718b7a8fb7 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 10 Apr 2024 18:39:25 +0700
Subject: [PATCH 61/66] fix(frontend): more flutter/dart version corrections

---
 .../catalyst_analysis/example/pubspec.yaml                    | 4 ++--
 catalyst_voices_packages/catalyst_analysis/pubspec.yaml       | 2 +-
 pubspec.yaml                                                  | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/catalyst_voices_packages/catalyst_analysis/example/pubspec.yaml b/catalyst_voices_packages/catalyst_analysis/example/pubspec.yaml
index ee9b9ad454c..f857ad549cb 100644
--- a/catalyst_voices_packages/catalyst_analysis/example/pubspec.yaml
+++ b/catalyst_voices_packages/catalyst_analysis/example/pubspec.yaml
@@ -4,8 +4,8 @@ description: A project that showcases how to enable the recommended lints for Ca
 publish_to: none
 
 environment:
-  sdk: '>=3.3.0 <4.0.0'
+  sdk: ">=3.3.3 <4.0.0"
 
 dev_dependencies:
   catalyst_analysis:
-    path: ../
\ No newline at end of file
+    path: ../
diff --git a/catalyst_voices_packages/catalyst_analysis/pubspec.yaml b/catalyst_voices_packages/catalyst_analysis/pubspec.yaml
index 15b868bf660..31a35c67c37 100644
--- a/catalyst_voices_packages/catalyst_analysis/pubspec.yaml
+++ b/catalyst_voices_packages/catalyst_analysis/pubspec.yaml
@@ -6,4 +6,4 @@ issue_tracker: https://github.com/input-output-hk/catalyst-voices/issues
 topics: [lints, analyzer, analysis]
 
 environment:
-  sdk: '>=3.3.0 <4.0.0'
+  sdk: ">=3.3.3 <4.0.0"
diff --git a/pubspec.yaml b/pubspec.yaml
index a6af3c302dd..c5e67b52d98 100644
--- a/pubspec.yaml
+++ b/pubspec.yaml
@@ -1,7 +1,7 @@
 name: catalyst_voices_workspace
 
 environment:
-  sdk: '>=3.3.0 <4.0.0'
+  sdk: ">=3.3.3 <4.0.0"
 
 dev_dependencies:
   melos: ^5.2.2

From b9ed28ecfbde824db360023eeb04fbaa24d834ce Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 10 Apr 2024 18:53:19 +0700
Subject: [PATCH 62/66] fix(frontend): Revert flutter files to same as main
 branch

---
 .../example/pubspec.yaml                      |  2 +-
 .../catalyst_voices_assets/pubspec.yaml       |  2 +-
 .../catalyst_voices_blocs/pubspec.yaml        | 42 +++++++++----------
 .../catalyst_voices_services/pubspec.yaml     |  2 +-
 .../catalyst_voices_shared/pubspec.yaml       | 11 ++---
 5 files changed, 30 insertions(+), 29 deletions(-)

diff --git a/catalyst_voices/packages/catalyst_voices_assets/example/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_assets/example/pubspec.yaml
index 07900cac01c..40336f3b7ab 100644
--- a/catalyst_voices/packages/catalyst_voices_assets/example/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_assets/example/pubspec.yaml
@@ -14,4 +14,4 @@ dependencies:
     sdk: flutter
 
 flutter:
-  uses-material-design: true
+  uses-material-design: true
\ No newline at end of file
diff --git a/catalyst_voices/packages/catalyst_voices_assets/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_assets/pubspec.yaml
index b658ab5e903..1f15832aa5f 100644
--- a/catalyst_voices/packages/catalyst_voices_assets/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_assets/pubspec.yaml
@@ -43,4 +43,4 @@ flutter_gen:
     outputs:
       class_name: VoicesColors
     inputs:
-      - assets/colors/colors.xml
+      - assets/colors/colors.xml
\ No newline at end of file
diff --git a/catalyst_voices/packages/catalyst_voices_blocs/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_blocs/pubspec.yaml
index 40be3785b76..1a2d0d64f27 100644
--- a/catalyst_voices/packages/catalyst_voices_blocs/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_blocs/pubspec.yaml
@@ -8,27 +8,27 @@ environment:
   flutter: 3.19.5
 
 dependencies:
-  bloc: ^8.1.2
-  bloc_concurrency: ^0.2.2
-  catalyst_voices_models:
-    path: ../catalyst_voices_models
-  catalyst_voices_repositories:
-    path: ../catalyst_voices_repositories
-  catalyst_voices_services:
-    path: ../catalyst_voices_services
-  catalyst_voices_view_models:
-    path: ../catalyst_voices_view_models
-  collection: ^1.17.1
-  equatable: ^2.0.5
-  flutter:
-    sdk: flutter
-  formz: ^0.7.0
-  get_it: ^7.6.7
-  meta: ^1.10.0
-  result_type: ^0.2.0
+    bloc: ^8.1.2
+    bloc_concurrency: ^0.2.2
+    catalyst_voices_models:
+      path: ../catalyst_voices_models
+    catalyst_voices_repositories:
+     path: ../catalyst_voices_repositories
+    catalyst_voices_services:
+     path: ../catalyst_voices_services
+    catalyst_voices_view_models:
+     path: ../catalyst_voices_view_models
+    collection: ^1.17.1
+    equatable: ^2.0.5
+    flutter:
+      sdk: flutter
+    formz: ^0.7.0
+    get_it: ^7.6.7
+    meta: ^1.10.0
+    result_type: ^0.2.0
 
 dev_dependencies:
-  bloc_test: ^9.1.4
-  catalyst_analysis:
+   bloc_test: ^9.1.4
+   catalyst_analysis:
     path: ../../../catalyst_voices_packages/catalyst_analysis
-  test: ^1.24.9
+   test: ^1.24.9
diff --git a/catalyst_voices/packages/catalyst_voices_services/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_services/pubspec.yaml
index 652bfad765c..3594867114b 100644
--- a/catalyst_voices/packages/catalyst_voices_services/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_services/pubspec.yaml
@@ -22,4 +22,4 @@ dev_dependencies:
   chopper_generator: ^7.2.0
   json_serializable: ^6.7.1
   swagger_dart_code_generator: ^2.15.2
-  test: ^1.24.9
+  test: ^1.24.9
\ No newline at end of file
diff --git a/catalyst_voices/packages/catalyst_voices_shared/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_shared/pubspec.yaml
index 83f33847d1e..e9e7014efbf 100644
--- a/catalyst_voices/packages/catalyst_voices_shared/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_shared/pubspec.yaml
@@ -4,7 +4,7 @@ version: 0.1.0+1
 publish_to: none
 
 environment:
-  sdk: ">=3.3.3 <4.0.0"
+  sdk: '>=3.3.3 <4.0.0'
   flutter: 3.19.5
 
 dependencies:
@@ -13,8 +13,9 @@ dependencies:
   web: ^0.5.0
 
 dev_dependencies:
-  catalyst_analysis:
+   catalyst_analysis:
     path: ../../../catalyst_voices_packages/catalyst_analysis
-  flutter_test:
-    sdk: flutter
-  test: ^1.24.9
+   flutter_test:
+      sdk: flutter
+   test: ^1.24.9
+

From 1dc7ddfdd927ce359677bdff25cefe387a730b65 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 10 Apr 2024 19:13:11 +0700
Subject: [PATCH 63/66] fix(frontend): revert more flutter .yml files to those
 in main

---
 .../packages/catalyst_voices_view_models/pubspec.yaml     | 4 ++--
 catalyst_voices/pubspec.yaml                              | 8 ++++----
 .../catalyst_analysis/example/pubspec.yaml                | 4 ++--
 catalyst_voices_packages/catalyst_analysis/pubspec.yaml   | 2 +-
 melos.yaml                                                | 8 ++++----
 pubspec.yaml                                              | 2 +-
 utilities/catalyst_voices_remote_widgets/pubspec.yaml     | 2 +-
 7 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/catalyst_voices/packages/catalyst_voices_view_models/pubspec.yaml b/catalyst_voices/packages/catalyst_voices_view_models/pubspec.yaml
index 1edc768165a..c5cbffb382b 100644
--- a/catalyst_voices/packages/catalyst_voices_view_models/pubspec.yaml
+++ b/catalyst_voices/packages/catalyst_voices_view_models/pubspec.yaml
@@ -14,6 +14,6 @@ dependencies:
   formz: ^0.7.0
 
 dev_dependencies:
-  catalyst_analysis:
+   catalyst_analysis:
     path: ../../../catalyst_voices_packages/catalyst_analysis
-  test: ^1.24.9
+   test: ^1.24.9
\ No newline at end of file
diff --git a/catalyst_voices/pubspec.yaml b/catalyst_voices/pubspec.yaml
index 92a3915f1d0..8eb65dd770d 100644
--- a/catalyst_voices/pubspec.yaml
+++ b/catalyst_voices/pubspec.yaml
@@ -4,7 +4,7 @@ version: 0.1.0+1
 publish_to: none
 
 environment:
-  sdk: ">=3.3.3 <4.0.0"
+  sdk: '>=3.3.3 <4.0.0'
   flutter: 3.19.5
 
 dependencies:
@@ -44,9 +44,9 @@ dev_dependencies:
   build_verify: ^3.1.0
   catalyst_analysis:
     git:
-      url: https://github.com/input-output-hk/catalyst-voices.git
-      path: catalyst_voices_packages/catalyst_analysis
-      ref: 3431f7b
+        url: https://github.com/input-output-hk/catalyst-voices.git
+        path: catalyst_voices_packages/catalyst_analysis
+        ref: 3431f7b
   flutter_test:
     sdk: flutter
   go_router_builder: ^2.4.1
diff --git a/catalyst_voices_packages/catalyst_analysis/example/pubspec.yaml b/catalyst_voices_packages/catalyst_analysis/example/pubspec.yaml
index f857ad549cb..3b5ad986b44 100644
--- a/catalyst_voices_packages/catalyst_analysis/example/pubspec.yaml
+++ b/catalyst_voices_packages/catalyst_analysis/example/pubspec.yaml
@@ -4,8 +4,8 @@ description: A project that showcases how to enable the recommended lints for Ca
 publish_to: none
 
 environment:
-  sdk: ">=3.3.3 <4.0.0"
+  sdk: '>=3.3.3 <4.0.0'
 
 dev_dependencies:
   catalyst_analysis:
-    path: ../
+    path: ../
\ No newline at end of file
diff --git a/catalyst_voices_packages/catalyst_analysis/pubspec.yaml b/catalyst_voices_packages/catalyst_analysis/pubspec.yaml
index 31a35c67c37..302fabebba1 100644
--- a/catalyst_voices_packages/catalyst_analysis/pubspec.yaml
+++ b/catalyst_voices_packages/catalyst_analysis/pubspec.yaml
@@ -6,4 +6,4 @@ issue_tracker: https://github.com/input-output-hk/catalyst-voices/issues
 topics: [lints, analyzer, analysis]
 
 environment:
-  sdk: ">=3.3.3 <4.0.0"
+  sdk: '>=3.3.3 <4.0.0'
diff --git a/melos.yaml b/melos.yaml
index c2bd1cb76a0..ca213ddd4f9 100644
--- a/melos.yaml
+++ b/melos.yaml
@@ -13,7 +13,7 @@ command:
     workspaceChangelog: true
   bootstrap:
     environment:
-      sdk: ">=3.3.3 <4.0.0"
+      sdk: '>=3.3.0 <4.0.0'
       flutter: 3.19.5
     dependencies:
       bloc_concurrency: ^0.2.2
@@ -34,8 +34,8 @@ scripts:
     description: Run all static analysis checks.
 
   format:
-    run: melos exec dart format . --fix
-    description: Run `dart format` for all packages.
+      run: melos exec dart format . --fix
+      description: Run `dart format` for all packages.
 
   format-check:
     run: melos exec dart format . --set-exit-if-changed
@@ -77,4 +77,4 @@ scripts:
     run: flutter pub get
     exec:
       concurrency: 6
-    description: Install all dependencies
+    description: Install all dependencies
\ No newline at end of file
diff --git a/pubspec.yaml b/pubspec.yaml
index c5e67b52d98..1decd7e9e98 100644
--- a/pubspec.yaml
+++ b/pubspec.yaml
@@ -1,7 +1,7 @@
 name: catalyst_voices_workspace
 
 environment:
-  sdk: ">=3.3.3 <4.0.0"
+  sdk: '>=3.3.3 <4.0.0'
 
 dev_dependencies:
   melos: ^5.2.2
diff --git a/utilities/catalyst_voices_remote_widgets/pubspec.yaml b/utilities/catalyst_voices_remote_widgets/pubspec.yaml
index ecad9b816a0..76fa84e835e 100644
--- a/utilities/catalyst_voices_remote_widgets/pubspec.yaml
+++ b/utilities/catalyst_voices_remote_widgets/pubspec.yaml
@@ -4,7 +4,7 @@ version: 0.1.0+1
 publish_to: none
 
 environment:
-  sdk: ">=3.3.3 <4.0.0"
+  sdk: ">=3.3.0 <4.0.0"
   flutter: 3.19.3
 
 dependencies:

From fc7f4622a5dd640175888e951de01050d51fb0e9 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Wed, 10 Apr 2024 23:07:50 +0700
Subject: [PATCH 64/66] fix(cips): Fix links between files

---
 .../draft-cips/x509-envelope-metadata/cip-509A.md             | 2 +-
 .../draft-cips/x509-role-registration-metadata/cip-509B.md    | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-509A.md b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-509A.md
index 143bd2d645c..4094c25ec8b 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-509A.md
+++ b/docs/src/catalyst-standards/draft-cips/x509-envelope-metadata/cip-509A.md
@@ -219,7 +219,7 @@ Code samples and reference material are licensed under [Apache 2.0]
 <!-- References -->
 [CC-BY-4.0]: https://creativecommons.org/licenses/by/4.0/legalcode
 [Apache 2.0]: https://www.apache.org/licenses/LICENSE-2.0.html
-[x509 Metadata Envelope CDDL]: ./x509_envelope.cddl
+[x509 Metadata Envelope CDDL]: ./x509-envelope.cddl
 [specification for the encoding of all Cardano metadata]: https://github.com/IntersectMBO/cardano-ledger/blob/ab8d57cf43be912a336e872b68d1a2526c93dc6a/eras/conway/impl/cddl-files/conway.cddl#L511-L531
 [dCBOR]: https://datatracker.ietf.org/doc/draft-mcnally-deterministic-cbor/
 [Brotli]: https://github.com/google/brotli
diff --git a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-509B.md b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-509B.md
index a0ff97b6513..6d02b8142d7 100644
--- a/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-509B.md
+++ b/docs/src/catalyst-standards/draft-cips/x509-role-registration-metadata/cip-509B.md
@@ -78,7 +78,7 @@ and only on-chain interaction requires interaction with a Wallet.
 
 ## Specification
 
-Role registration is encapsulated inside a [x509 Envelope](../x509-envelope-metadata/cip-xxxx.md) metadata record.
+Role registration is encapsulated inside a [x509 Envelope](../x509-envelope-metadata/cip-509A.md) metadata record.
 This enables the data to both be compressed, saving on-chain space and also to have more expressivity and
 less restrictions vs raw on-chain metadata.
 
@@ -167,7 +167,7 @@ At a high level, Role registration will collect the following data:
 3. An [optional list](#simple-public-keys) list of tagged simple public keys.
 4. An [optional certificate revocation](#certificate-revocation-list) set.
 5. An [optional set](#role-definitions) of role registration data.
-6. An [optional list] of purpose specific data.
+6. An [optional list](#dapp-specific-registration-data) of purpose specific data.
 
 ### x509 Certificate Lists
 

From d4a2b689626bb12e6c1627cc95c45dfc98d80b89 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Thu, 11 Apr 2024 00:29:56 +0700
Subject: [PATCH 65/66] docs(cips): Add catalyst specific role registration
 documentation

---
 .../cip-catalyst-roles.md                     | 351 +++++++++++
 .../cip-xxxx.md                               |  69 ---
 .../images/certificate-chain.d2               |  10 +-
 .../images/certificate-chain.svg              | 574 +++++++++---------
 4 files changed, 643 insertions(+), 361 deletions(-)
 create mode 100644 docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/cip-catalyst-roles.md
 delete mode 100644 docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/cip-xxxx.md
 rename docs/src/catalyst-standards/draft-cips/{ => project-catalyst-x509-role-defintions}/images/certificate-chain.d2 (97%)
 rename docs/src/catalyst-standards/draft-cips/{ => project-catalyst-x509-role-defintions}/images/certificate-chain.svg (82%)

diff --git a/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/cip-catalyst-roles.md b/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/cip-catalyst-roles.md
new file mode 100644
index 00000000000..fb38bb3df52
--- /dev/null
+++ b/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/cip-catalyst-roles.md
@@ -0,0 +1,351 @@
+---
+CIP: /?
+Title: Project Catalyst Role Registrations
+Category: MetaData
+Status: Proposed
+Authors:
+    - Steven Johnson<steven.johnson@iohk.io>
+Implementors: []
+Discussions:
+    - https://github.com/cardano-foundation/cips/pulls/?
+Created: 2023-10-24
+License: CC-BY-4.0
+---
+
+## Abstract
+
+Project Catalyst requires better role registration and is utilizing x509 certificate RBAC for this purpose.
+This document defines how that standard is applied to Project Catalyst role registrations.
+
+## Motivation: why is this CIP necessary?
+
+As the project catalyst dApp grew,
+it became clear there was a need for an extensible and flexible Role based Access control system to support its needs.
+
+This CIP builds upon the x509 RBAC Specification CIPs and defines how they are used for Project Catalyst Roles.
+
+## Specification
+
+Project Catalyst defines 2 dApp ID's.
+
+| dApp ID | Role Group |
+| --- | --- |
+| `ca7a1457-ef9f-4c7f-9c74-7f8c4a4cfa6c` | Project Catalyst User Role Registrations |
+| `ca7ad312-a19b-4412-ad53-2a36fb14e2e5` | Project Catalyst Admin Role Registrations |
+
+User Roles are self registered by individual users.
+Admin roles are managed.
+
+We define these two RBAC Role Groups to allow them to be managed in an easier way.
+
+### Project Catalyst User Role Registrations
+
+The following user roles are defined:
+
+| Role ID | Role Description |
+| -- | -- |
+| 0 | Voter |
+| 1 | Delegated Representative |
+| 2 | Voter Delegation |
+| 3 | Proposer |
+
+Further User roles will be added to this specification as those roles are defined.
+
+#### Voter Role
+
+Voters are the most basic role within Project Catalyst.
+They can Vote and Comment on Proposals.
+They MAY earn rewards for their participation, and MAY earn reputation.
+
+X509 registrations require a Role 0 registration.
+Role 0 is the Basic Voter Role.
+
+The Role 0 registration certificate MUST be linked to AT LEAST ONE stake address on-chain.
+It can be linked to multiple stake addresses, but they must all be witnessed in the transaction to be valid.
+
+The Voters Role 0 signing key from their certificate is also used by the voter to:
+
+1. Establish their identity to backend systems (Decentralized Authorization).
+2. Sign votes in a Catalyst event.
+3. Witness Comments made on proposals.
+
+The Certificate MUST be self signed.
+Currently CA's are not supported for Catalyst User Roles.
+
+The Project Catalyst dApp generates a Public/Private key pair and creates the user Role 0 certificate,
+associates it with their on-chain stake address, and signs the certificate.
+
+This allows each user to have full custody of their own Catalyst voting identity.
+They may also change their Signing Key at any time by rolling their Role 0 certificate as described
+in the x509 metadata specifications.
+
+In the initial implementation the Signing key used in the certificate MUST BE an ED25519 certificate.
+No other kind of signature algorithm is allowed.
+
+#### Delegated Representative (dRep)
+
+A dRep is a registration that is made, which allows for voters to give their voting power to the dRep who
+then votes on their behalf.
+
+dReps must register a simple signing key, it must be referenced to the first signing key in the simple key array.
+dReps do not use certificates to manage their signing key.
+
+dReps may register a new Payment address, if they do not register a new payment address, the payment address
+registered to Role 0 will be used for the dRep rewards.
+
+dReps MAY attach extra information to their registration:
+
+| Data Key | Information |
+| -- | -- |
+| 10 | Name |
+| 11 | [ + URL Link to Profile ] |
+| 12 | ADA Handle |
+
+#### Voter Delegation
+
+A Voter Delegation role assigns a voters voting power to a registered dRep.
+
+The dRep, will use the voters voting power, pooled with other delegations to vote on behalf of the voter.
+
+Delegation does not define a signing key, not an encryption key.
+
+Delegation roles ONLY contain a dApp specific data as defined here:
+
+| Data Key | Information |
+| -- | -- |
+| 10 | `[ + Delegation Record] / undefined` |
+| 11 | Optional Time to live |
+| 12 | Optional fund id |
+| 13 | Optional purpose |
+
+##### Delegation Record
+
+Key 10 defines an array of Delegation records.
+
+The formal structure of the Delegation Record is defined as:
+
+```cddl
+delegation_registration = [ + delegation_record ] / undefined
+
+delegation_record = (
+    simple_delegation /
+    weighted_delegation
+)
+
+simple_delegation = drep_key_hash
+weighted_delegation = [ drep_key_hash, weight ]
+
+drep_key_hash = bytes .size 16
+weight = uint
+```
+
+* `delegation_registration` is either an array of delegation_records OR `undefined`.
+  `undefined` means that any previous delegation that was active is terminated.
+  The voter retains their voting power in this case.
+* An individual `delegation_record` can be either a `simple_delegation` or a `weighted_delegation`.
+* `simple_delegation` is just the hash of the drep voting key to be delegated to.
+  A weight of `1` is assumed if there are multiple delegations.
+* `weighted_delegation` allows the weight to be defined, it is a positive integer.
+  Weight apportions a voters voting power between all dReps delegated to.
+  
+Voting Power weighted apportionment is a function of the wights.
+The total of the weights is added to give `total_weight`.
+Each dRep get `voting power * (weight / total_weight)` worth of voting power from the delegation.
+In the event there is any residual voting power, it is assigned to the final dRep in the list.
+
+##### Optional Time To Live
+
+This is a unit, and is the time expressed as seconds since 1970 UTC.
+When this time is reached, the delegation is automatically cancelled, if it was not previously de-registered.
+
+Time To Live can be used to remove a delegation at any time.
+However, if the Delegation has been used to vote before the Time to Live expired, the voter may not ALSO Vote.
+
+This allows the TTL to act as a safety.
+For example, if the TTL is set to 10 days into a 15 day voting period,
+then the dRep MUST vote within the first 10 days, after which they lose the delegation.
+Having lost the delegation, the Voter may vote at any time in the final 5 days.
+If however, the dRep voted in the first 10 days, the Voter may not vote in the last 5.
+Even though they delegation expired.
+That is because it is only valid to vote once on a proposal during a fund and the voter
+already voted (via the valid, at the time, delegation).
+
+##### Optional Fund ID
+
+This is simply the ID of the fund.
+It is a `uint`.
+This defines the Fund for which the delegation is active.
+
+##### Optional Delegation Purpose
+
+This field can ONLY be defined if the `Fund ID` field is defined.
+
+The Purpose defines what the delegation is for.
+For example, in Catalyst it is defined as the number of the challenge or category in the fund the delegation is used for.
+The delegation in this case is only valid for this Purpose on the specified Fund.
+
+##### Multiple Delegations
+
+It is possible for a Voter to have multiple simultaneous delegations.
+In this case, the most specific delegation that has not expired is the one that is used.
+
+For example, IF there is a delegation for Fund 15, Challenge 3, and no other delegations.
+Then the voter can vote on every other challenge, except for Challenge 3 in that Fund.
+Challenge 3 can be voted on by the dReps that were delegated.
+
+In another example, if a voter has a general delegation, but also a specific delegation for Fund 15, Challenge 3.
+Then the general delegations can vote on behalf of the voter for any fund/challenge
+EXCEPT for Fund 15, Challenge 3.
+For Fund 15, Challenge 3 ONLY the specific delegations for the Challenge/Fund may vote for the voter.
+
+##### Validity
+
+The Fund may impose rules on the construction of a delegation.
+The delegation will not be valid if it does not conform to those rules.
+For example, the Fund can define that ALL delegations Must expire 10 days within a 15 day voting window.
+In which case, for a delegation to be valid, the TTL MUST be set appropriately.
+
+This allows for great flexibility in how delegations work, but also allows fund specific rules to be created.
+Without limiting the general usefulness of the registration format itself.
+
+#### Proposer Registration
+
+Registering as a proposer allows the registered entity to:
+
+1. Create and Edit their own proposals both anonymously and publicly.
+2. Jointly Edit proposals with other registered proposers.
+3. Respond to comments on public proposals.
+4. Sign a proposal either singly or jointly for submission and consideration in a Catalyst Fund.
+5. Be paid to a certified payment address if the proposal wins.
+
+Proposers MUST define a Proposers signature public key.
+It must be a simple public key of the type ED25519, and it must reference the second signing key in the simple key array.
+
+The proposer registration may OPTIONALLY define an encryption key.
+Currently only X25519 encryption is supported, and this must be a reference to the second or third key in the simple key array.  
+IF the key is an ED25519 key, the X25519 public key is derived from it.
+Otherwise if the key is an X25519 key, it is used as specified.
+
+This allows the Propers signing key to also be used as a public encryption key.
+
+A Proposer may ONLY work on private encrypted proposals if they have a published public encryption key.
+The proposer may change their public encryption key at any time by posting an update to their registration.
+
+Proposers MAY attach extra information to their registration:
+
+| Data Key | Information |
+| -- | -- |
+| 10 | Name |
+| 11 | [ + URL Link to Profile ] |
+| 12 | ADA Handle |
+
+If the proposers registration does not define a payment key,
+the Role 0 payment key is used for the proposers payment key.
+
+Because the purpose of a Proposer is to earn funding from the Catalyst Fund,
+A proposal registration is INVALID if it does not have an associated payment address.
+
+#### dApp purpsoe specific keys
+
+Project Catalyst defines the following data which can be declared globally in any registration.
+
+| Data Key | Information |
+| -- | -- |
+| 200 | Name |
+| 201 | [ + URL Link to Profile ] |
+| 202 | ADA Handle |
+
+If any of these data items is defined in a registration,
+they will be used if the matching key is absent in either a dRep or Proposer registration.
+
+This allows for an individual that is both a dRep and a Proposer to share the same extended data about their registration.
+
+### Project Catalyst Admin Role Registrations
+
+| Role ID | Role Description |
+| -- | -- |
+| 0 | General Admin Role |
+
+#### General Admin Role
+
+Project Catalyst will register on-chain a registration for it's CA.
+The CA will be associated with a known stake address.
+The assignment of the CA to the known catalyst stake address establishes trust in the
+Admin CA and ensures that other fraudulent CA's can not be registered.
+
+The Admin CA can then issue other certificates for admins.
+It may also revoke them.
+It can also create a 2nd layer of CA's to create Admin users.
+
+An example of the relationship between CA's and certificates is:
+
+![Certificate Chain](./images/certificate-chain.svg)
+
+The CA defined in this way, or the intermediate CA does not have any Admin privileges.
+
+Only End Entity Certificates have Admin privileges.
+Initially all registered project catalyst admins have all admin privileges in the system.
+
+However, if required, an extension within the Role 0 certificate.
+That is issued to theAdmin by the CA or intermediate CA.
+Can define restrictions to the Admin role.
+It is the responsibility of the CA to ensure the
+permissions encoded in the admins Role 0 certificate are correct.
+
+The CA or Intermediate CA may revoke an admins certificate at any time.
+They do so by publishing the Admins certificate hash in a revocation list signed by the CA.
+
+If an Admin user has their certificate revoked, they lose all Admin functionality.
+
+This system allows a trusted and verifiable CA to register administrators and prevents fraudulent admins being registered.
+
+Each Admin and CA must have a Stake Address associated with their registration certificate.
+
+Admins are Role 0, so their signing key is defined by their certificate.
+They may also register an Encryption key by referencing a key at index 0 of the simple key list.
+
+The encryption key must be an X25519 public key if registered.
+
+Admin users must NOT register a payment key, and they have no other data associated with their role registration.
+
+### Special Roles not defined by x509 certificates
+
+There is one special role within project catalyst which is not defined by the
+Role registration.
+
+An Unregistered Voter.
+
+#### Unregistered Voter
+
+Project Catalyst will have the concept of an UNREGISTERED voter.
+A Voter may sign a vote with either their registered Voting Key, OR
+They may sign it with their stake address.
+
+As long as the stake address is valid, then anyone with a wallet can vote.
+Even if they have not registered as a catalyst voter.
+
+Alternatively a Voter who has a faulty registration or has lost their private voting
+key may still vote in a fund with their Stake address signing their vote.
+This acts as a fail safe in these cases.
+
+Regardless of which key is used to sign the vote, a voter may ONLY vote once per fund per proposal.
+All possible voting signature keys are considered equivalent.
+
+Stake addresses may only be used for voting and can not be used for other functions assigned to Role 0.
+
+## Rationale: how does this CIP achieve its goals?
+
+## Path to Active
+
+### Acceptance Criteria
+
+### Implementation Plan
+
+## Copyright
+
+This CIP is licensed under [CC-BY-4.0]
+
+Code samples and reference material are licensed under [Apache 2.0]
+
+[CC-BY-4.0]: https://creativecommons.org/licenses/by/4.0/legalcode
+[Apache 2.0]: https://www.apache.org/licenses/LICENSE-2.0.html
diff --git a/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/cip-xxxx.md b/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/cip-xxxx.md
deleted file mode 100644
index 569f48955e3..00000000000
--- a/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/cip-xxxx.md
+++ /dev/null
@@ -1,69 +0,0 @@
----
-CIP: /?
-Title: Role based Access Control Registration
-Category: MetaData
-Status: Proposed
-Authors:
-    - Steven Johnson<steven.johnson@iohk.io>
-Implementors: []
-Discussions:
-    - https://github.com/cardano-foundation/cips/pulls/?
-Created: 2023-10-24
-License: CC-BY-4.0
----
-
-<!-- Existing categories:
-
-- Meta     | For meta-CIPs which typically serves another category or group of categories.
-- Wallets  | For standardization across wallets (hardware, full-node or light).
-- Tokens   | About tokens (fungible or non-fungible) and minting policies in general.
-- Metadata | For proposals around metadata (on-chain or off-chain).
-- Tools    | A broad category for ecosystem tools not falling into any other category.
-- Plutus   | Changes or additions to Plutus
-- Ledger   | For proposals regarding the Cardano ledger (including Reward Sharing Schemes)
-- Catalyst | For proposals affecting Project Catalyst / the Jörmungandr project
-
--->
-
-<!-- markdownlint-disable MD025-->
-# Role Based Access Control Registration
-
-## Abstract
-<!-- A short (\~200 word) description of the proposed solution and the technical issue being addressed. -->
-
-## Motivation: why is this CIP necessary?
-<!-- A clear explanation that introduces the reason for a proposal, its use cases and stakeholders. 
-If the CIP changes an established design then it must outline design issues that motivate a rework. 
-For complex proposals, authors must write a Cardano Problem Statement (CPS) as defined in CIP-9999 
-and link to it as the `Motivation`. -->
-
-## Specification
-<!-- The technical specification should describe the proposed improvement in sufficient technical detail. 
-In particular, it should provide enough information that an implementation can be performed solely on the 
-basis of the design in the CIP. 
-This is necessary to facilitate multiple, interoperable implementations. 
-This must include how the CIP should be versioned. 
-If a proposal defines structure of on-chain data it must include a CDDL schema in it's specification.-->
-
-## Rationale: how does this CIP achieve its goals?
-<!-- The rationale fleshes out the specification by describing what motivated the design and what 
-led to particular design decisions. 
-It should describe alternate designs considered and related work. 
-The rationale should provide evidence of consensus within the community and discuss significant 
-objections or concerns raised during the discussion.
-
-It must also explain how the proposal affects the backward compatibility of existing solutions when applicable. 
-If the proposal responds to a CPS, the 'Rationale' section should explain how it addresses the CPS, 
-and answer any questions that the CPS poses for potential solutions.
--->
-
-## Path to Active
-
-### Acceptance Criteria
-<!-- Describes what are the acceptance criteria whereby a proposal becomes 'Active' -->
-
-### Implementation Plan
-<!-- A plan to meet those criteria. Or `N/A` if not applicable. -->
-
-## Copyright
-<!-- The CIP must be explicitly licensed under acceptable copyright terms. -->
diff --git a/docs/src/catalyst-standards/draft-cips/images/certificate-chain.d2 b/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/images/certificate-chain.d2
similarity index 97%
rename from docs/src/catalyst-standards/draft-cips/images/certificate-chain.d2
rename to docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/images/certificate-chain.d2
index df7b931d270..409d7be0abd 100644
--- a/docs/src/catalyst-standards/draft-cips/images/certificate-chain.d2
+++ b/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/images/certificate-chain.d2
@@ -28,13 +28,13 @@ classes: {
 }
 
 title: |md
-  # Chaining Certificates
+  # Chaining Certificates.
 | {
-  # shape: text
+  shape: text
   near: top-center
-  # style: {
-  #  font-size: 8
-  # }
+  style: {
+    font-size: 25
+  }
 }
 
 root-ca: "ROOT CERTIFICATE AUTHORITY (CA)" {
diff --git a/docs/src/catalyst-standards/draft-cips/images/certificate-chain.svg b/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/images/certificate-chain.svg
similarity index 82%
rename from docs/src/catalyst-standards/draft-cips/images/certificate-chain.svg
rename to docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/images/certificate-chain.svg
index fc5e0caef52..7563ab84e3c 100644
--- a/docs/src/catalyst-standards/draft-cips/images/certificate-chain.svg
+++ b/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/images/certificate-chain.svg
@@ -1,13 +1,13 @@
-<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" d2Version="v0.6.3-HEAD" preserveAspectRatio="xMinYMin meet" viewBox="0 0 1302 2542"><svg id="d2-svg" class="d2-1480995423" width="1302" height="2542" viewBox="-89 -160 1302 2542"><rect x="-89.000000" y="-160.000000" width="1302.000000" height="2542.000000" rx="0.000000" class=" fill-N7" stroke-width="0" /><style type="text/css"><![CDATA[
-.d2-1480995423 .text {
-	font-family: "d2-1480995423-font-regular";
+<?xml version="1.0" encoding="utf-8"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" d2Version="v0.6.3-HEAD" preserveAspectRatio="xMinYMin meet" viewBox="0 0 1302 2570"><svg id="d2-svg" class="d2-4033683774" width="1302" height="2570" viewBox="-89 -188 1302 2570"><rect x="-89.000000" y="-188.000000" width="1302.000000" height="2570.000000" rx="0.000000" class=" fill-N7" stroke-width="0" /><style type="text/css"><![CDATA[
+.d2-4033683774 .text {
+	font-family: "d2-4033683774-font-regular";
 }
 @font-face {
-	font-family: d2-1480995423-font-regular;
+	font-family: d2-4033683774-font-regular;
 	src: url("data:application/font-woff;base64,d09GRgABAAAAABNoAAoAAAAAHTQAAguFAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgXd/Vo2NtYXAAAAFUAAAA2wAAAT4HPAjfZ2x5ZgAAAjAAAAwnAAAQyKvd3LBoZWFkAAAOWAAAADYAAAA2G4Ue32hoZWEAAA6QAAAAJAAAACQKhAX/aG10eAAADrQAAADSAAAA9G0QDA1sb2NhAAAPiAAAAHwAAAB8hCCIiG1heHAAABAEAAAAIAAAACAAVQD2bmFtZQAAECQAAAMjAAAIFAbDVU1wb3N0AAATSAAAAB0AAAAg/9EAMgADAgkBkAAFAAACigJYAAAASwKKAlgAAAFeADIBIwAAAgsFAwMEAwICBGAAAvcAAAADAAAAAAAAAABBREJPAEAAIP//Au7/BgAAA9gBESAAAZ8AAAAAAeYClAAAACAAA3icjM/LLqMBHMbh52s7nUPbOXZmnJU6laKKauxEIqSRiIXECjchcVliJ44XIbF1FZVY/MWXxtq7fha/F4msBEW5pIm6ipyiiqppNfMWNLW0rduwZUfHngOHjhw7dRZBT8+kuvGuN23r2LXf0ydvOp6UFZTkZeIlnqMb3biPu7iNm7iOq7iMh3iMizhPuz6+xJqmVS3LGubU05pFSzKycj7J++yLr74pKCr57oeffvntjxVtZX/981+ffgMGDRk2YlTFmHFVEyZNpT9rZnkFAAD//wEAAP//aRMzAwB4nGxXfXAb9Zl+f7+VtUksx1rL8kq2PndtrSRLlqzVam19xrYky5+SJRt/JHa+nDhOSBqcK5mASehhPo6jnK4TBq4XGHrlBpiBox8zpBn+o4RzjwBtr0NLIRmmN+NjjtLe+Tw3B61XnV19xGn5Q7OanXff9/c+7/M+zy7UwSwAFvBlIGA3NEIT6AF4yk512DmOJUVeFFmaEDlEkbPoY6mI0FBQFQqpuvs/679w6RKauYgvb98dXltaur5w/rz0zY1PpQB671PAQABgMy7CbqAAdCTPORwcq1YTOl7Hciz5jvW6tcmmVTXafn1r4dZs/PcJ9LXFRfF0b+9paQ4Xt8+urwMAIAiWtnAbvgJmgDrG4RCCoRAfaKFJh4Nl1Gp9c0sLHwiJtFqN8vlvjIyuFaIHTN7Wfnd8ng/sj/uGrV3cEc3EM6dOPpPvtoVMTN+9+fyFficT9AYAAMMcAA7iIuySz8lTfKBF36xmOT4QEoIOlp174Znnnn1qauTcuXPnRnDx5SvP/kvyb1dXH1bONgeAbuEi1CuY6e16Xs/q7fo5dJ/04RdfoG5cTL83+LvBWuwvFDxux1JK5Jdf4mL6Vlr6dTUOB6o55UnwFEvZqbkC6p6clN7HRelzpNs+iwTpnWo8vIqLMt5y/FxBBq+SJ4GLoCnf5xFP6liC1M8VCEQtvPv5/Fv34KJ0FQ19KZ1EUw//tFr7AVyUseYpXtfSQvOhkKiTTxAMiSxJsATHtrToqbnFixpao9LoNavHxncRquCquBpUESQuSv/EpBgmxaCF7bNo2XOq8ynpFTT5VOcpj/R0rT8vLoKuXIPmHQ5B7rGa+a7PB1UEmb3rd4MqlZxv8bHAqSAqbJ9Fzz7afSIovQxY4cQxfAUa/4wV8ujUXCCkjI5RyIFG85cGBy/lCxczmYuFyLT/5MzMSf+MZvLby8tPT0w8vbz87cmhgQv5+5588r78hQGocaJemUFzhRMKKViKqtHijeEz8UfuvvvIXYXpuxZwsX0qs7Qo/RFl+tKDYi2HDRdhL9A7csgz2Jnm3YETkVzyxYXnzp8Zy+fHzuAiO5Ecnaek3yC99BmaTezrC5b3wF3aQr/HV8CrdMyJCu+FoMPBcV34zq2Q+6ZpC5bRQNrUvZ0B9iDflzF3WxesMZewEIkssl7LUJc4YA+0zjti7aFFjeAJd3gjfsZp2utqcPf7A1mvtz1ktgc9VldrvVPr7esOTgUAgQkA/REXgZS7YgW7nqV+8zb65G08nE5vv14+63RpC3fhoqwlynQonirvaUj5q1ajgYFT8YIr1elJu3Lxk5rQ6jL6hvRAdr/DsT+LHpIuLa+GACnDIHARGgB4YgcfiZ//fHa5qU2najJRy1M/xUXpufCxcPhYGB2RuV8qAaCbuAiNALxA8HTlQZEn9G9dn53SWrUqimmcnL4uoW9da093dKTbr0lnJGVuwdIW+j7ahFZoB6AZmVpiUIGV5BSQ9RQrCxkXCImCIkBvxib+7h+pTqd72GxjjoZnc0mSYCZa2Dh74XBAM9SXm6KsPaytubfFdXq/9EHY5O5nrI82Rn2uDsCQL22hP+B10IGtPFmWZCleT5ZrlflcpjOpb2lBLmbIRpD9eWzPOg8eiRxMR7ORlHUfa0to7OYAXn9zxsw9ck/h3nhqaS53lLGVTHR5Jl2lLfQa2pTn99U6WpXRpn0non2n4v6U0a33mT0prjDAhFva7TlNdCWXX4kydEhn8E31FJbMzaLZLmPmK22hD6s9lDFTknMCXwVLFGqF/n//mchh0R23qQpJkjCNGvdFrb0WLuFIax6+kD0Xt7QW3tju6TW5UgOSifYVeqaPAlbO/29oEwxgvaMDeansNRMg7ApUiO47GU8sivPHEJZ+VDedZiNtZmv2HaRK9PITmthKNrcSXz3RYNw9dkBPhZotyDE8llVwsgCgBP5F2QdZQRSCFZxYRq9o9qH+/tQQ7dY2tZmSS0vou/G6seHp3WRCszA2IM0DAAHekg39Fm1CN8RgrMYiwbHjoiTl9WxZs1iGK8+gMnMicFvCdBWtYBzlmP+bPeuwNxkZnYELTHY3tze8vEjR/lyAYxqaOroXpqaiZ0bdsWhnZzQWSk/yvsm9dm2rYeSTZMLa26Kqd5qsXQ2q5mSnMO4m6xJawRocdVH1bc20RYx5R33o+wlBiEYFISE9FnMwrSqVzq3nuhRs8gDol3i9oopVjsruoPCTyucJdiwwNpj3+DsiHXj9zUW77/C8dAO5knFHh/Q8lEqQAoAf4texA3oBQA3hVQAolUq/KnHwA+V+pHz/fqjV3MDrNR/TyT7Gkfr8BPH+/u9em3tyP16XLAh+LN38r5MPVp4pbcGv8Lq8/zL2ivxUCPJylyu/d7eKJOt3tWh6BXx8+7KOQiiuUpVr4f9Bm2BXasmaIU/pji7J2jWfJAnbaGdPotEx7hkZynu6Qsm8xxdKoo006+v2uILV1kek5yuXKoZos4JhpcZODJMkwY7XQFSS3YFhZRf+G21CI7R9pf/VuIMaI0uJxFIkejyROB5NjI0l4uPjlT2OruRzK9HkUmHyxInJwhIoWsSjP6DNyh7fPp3CUAdH63U7tUg+qT3buXAkcrCHGWDweUWKEu32+Lv4hz0m56P35O+NW1qnXkDqO7RI1gsefVitUyeISvraUog8RezUC/SIyjziLovGPjve1f9+TTDefXXG5FREw2zu2h5D6tuKUeXOAtqsvNmVu6koXhloY8ZlprWa5kbrgBFtzHSF9mRUqkBcqrx7mkpb6CG0CW6FRzs9V7HcP3PcsuH+LLjAumzJTr/fzrcx/e7ZrHfc5DSGbF2dFn8bm/S6shrOJBrtXquRofc02AVXJGujgzqD20Sb9fUNdrGL63cq9Q2lLZTCZ+Q3CIXHrCCKvCJCNT5/Nh7LjO5JPfSQ3d1g0WibfZq5DGqI1z322IC06e3erYqT9UqukdIWeg9tyLy7YyeoikR/MpYpdPodEUbGhRnVHJ5HQemXyTjXiWal1lGnH5C8g+hf0cZf+vEbr00dqKfrVfX0ngMTr6AN6bftGZbNtKNmqVV+ruRTnmvbiaMo3pFiL57TmjXaXc27XaHG+h9PHa031qvqm/dM565SvtTP1Ko+XBfxtqP/lP7XmmHsGRtq2N70j3plPnlKW+g6fhzqq0gFK7TduQtfHDp9+tDB06cP9iSTPT2plObV57/z0kvfef7V/ktPPHH//U88cUnBKQuAruKLit7I9iWEQqIsdtlv/ZWnrzWxlkQfCLto7fbbyTJH2gHQW/hxuTdeiOPKenC1xZFFktc7Dz2SjsacSZPPuT8+e3zg66OtPcZr3Yf+/uu8mPbafB5haSp6/6NZrBoEDP7SFvqJ0o8TADFqsko84i+d+/aLAqqzZiy7BmO+fZFgfDGc+loiONLWpeuxeId92JLjCkeDUyjj9MwfGUvEh6RXkn9z/MErg5yZp9v488c6Oo8eiR0IKv7lKm2hdfw4WMEjqzRdqbrDupTO9GXGEzvft4nKgiib+2V0QWRFCxvy5/nCYZOz2Ryw8fOUjQ0LnogrWdeT8me7HHxW480F3H3dWpUxE+gedh0atkd8jSqtJ9bpG/eiE+Z9rK+/x+cIsNLbiW5X0NFkTHuEVBn/vtIW/AhW5O+lnZN/wMiyRgPLatg2M8ua21jZe5RY9BHmwA+AlkEtXwFBDr0GL+EfQB2AjuN4kjyqJWYILXrtxQMHXgQELvgINaJW+RtLFHi9a+OjRAIUXv81+rR0Tb5PC3a9Bn18URQV/8mh3fhjeU/osunTCh70B/F0Os6He3vD3zt2c23t1qLh4M2VlZsHAYGjlIOblWc4BVF5T/TN6lklno+n09+rRBsWb62t3QQMLAD6d4V7VgBeZIXyjyeVn55VfqzIkjpeZOeMuemmqQO0QD9sEAwT8n+jYFgz2taa1m70Xg5fvXr1avhy740bN1DdZcWT4UEcQ4NEA5AQRY1Q82N4AW1UvzfzebQh73jpJ3gYRPy6PAdqxxwMVqvBYLXiYbPRYLEYjGYApHj9P6ONij9XdVX5NLC1dDRQuw0N7YZ89MNddXGijvdg8/Z/DM8AKt2DY9BDNMi1dZxI7302/E0c+wfxRfgTAAAA//8BAAD//96PpoAAAAEAAAACC4VHXmFHXw889QADA+gAAAAA2F2goQAAAADdZi82/jr+2whvA8gAAAADAAIAAAAAAAAAAQAAA9j+7wAACJj+Ov46CG8AAQAAAAAAAAAAAAAAAAAAAD14nCzNr0oEURzF8e85GywLNtmwLAO7COOfHcOgiBhETAblV8TrA5h9A4tYtNt9mTUbNPgM6gVZ13TFwfBp5/D1PefMwBU979H6kuRlkt5JviNpieRDkl9IviX5gdbbJO+SvMKaBwx9w5l7oLdStKB1TWjG1Os0+mSqCSMt2HRFMOeI7/KqD4JC9PYJjwmPun10nwtCjwwVDFxxrGf6ncyGMifKTJTZUqbmh4N/p9qh1hd9NYQaVpUZe8Q1cwLK018XytUvAAAA//8BAAD//1tVNmEAAAAAACwALABQAIAAngC0AMgA4ADsAQYBOAFaAYoBrAHUAhgCKgJOAmoCiALAAvQDIgNUA4gDqgQWBDgERARQBGoEhgS4BNoFBgU6BW4FjgXOBfQGFgYyBmIGiAagBsoHCgdgB3YHggeSB54HqgfEB94IDggYCCQIOghWCGQAAQAAAD0AjAAMAGYABwABAAAAAAAAAAAAAAAAAAQAA3icnJTdThtXFIU/B9ttVDUXFYrIDTqXbZWM3QiiBK5MCYpVhFOP0x+pqjR4xj9iPDPyDFCqPkCv+xZ9i1z1OfoQVa+rs7wNNqoUgRCwzpy991lnr7UPsMm/bFCrPwT+av5guMZ2c8/wAx41nxre4Ljxt+H6SkyDuPGb4SZfNvqGP+J9/Q/DH7NT/9nwQ7bqR4Y/4Xl90/CnG45/DD9ih/cLXIOX/G64xhaF4Qds8pPhDR5jNWt1HtM23OAztg032QYGTKlImZIxxjFiyphz5iSUhCTMmTIiIcbRpUNKpa8ZkZBj/L9fI0Iq5kSqOKHCkRKSElEysYq/KivnrU4caTW3vQ4VEyJOlXFGRIYjZ0xORsKZ6lRUFOzRokXJUHwLKkoCSqakBOTMGdOixxHHDJgwpcRxpEqeWUjOiIpLIp3vLMJ3ZkhCRmmszsmIxdOJX6LsLsc4ehSKXa18vFbhKY7vlO255Yr9ikC/boXZ+rlLNhEX6meqrqTauZSCE+36czt8K1yxh7tXf9aZfLhHsf5XqnzKufSPpVQmJhnObdEhlINC9wTHgdZdQnXke7oMeEOPdwy07tCnT4cTBnR5rdwefRxf0+OEQ2V0hRd7R3LMCT/i+IauYnztxPqzUCzhFwpzdymOc91jRqGee+aB7prohndX2M9QvuaOUjlDzZGPdNIv05xFjM0VhRjO1MulN0rrX2yOmOkuXtubfT8NFzZ7yym+ItcMe7cuOHnlFow+pGpwyzOX+gmIiMk5VcSQnBktKq7E+y0R56Q4DtW9N5qSis51jj/nSi5JmIlBl0x15hT6G5lvQuM+XPO9s7ckVr5nenZ9q/uc4tSrG43eqXvLvdC6nKwo0DJV8xU3DcU1M+8nmqlV/qFyS71uOc/ok0j1VDe4/Q48J6DNDrvsM9E5Q+1c2BvR1jvR5hX76sEZiaJGcnViFXYJeMEuu7zixVrNDocc0GP/DhwXWT0OeH1rZ12nZRVndf4Um7b4Op5dr17eW6/P7+DLLzRRNy9jX9r4bl9YtRv/nxAx81zc1uqd3BOC/wAAAP//AQAA//8HW0wwAHicYmBmAIP/5xiMGLAAAAAAAP//AQAA//8vAQIDAAAA");
 }
 @font-face {
-	font-family: d2-1480995423-font-semibold;
+	font-family: d2-4033683774-font-semibold;
 	src: url("data:application/font-woff;base64,d09GRgABAAAAABOAAAoAAAAAHWAAAguFAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgXqrWeWNtYXAAAAFUAAAA2wAAAT4HPAjfZ2x5ZgAAAjAAAAwPAAAQmKfqtR1oZWFkAAAOQAAAADYAAAA2FnoA72hoZWEAAA54AAAAJAAAACQKgQX9aG10eAAADpwAAADVAAAA9HCXCrpsb2NhAAAPdAAAAHwAAAB8gmqGwm1heHAAAA/wAAAAIAAAACAAVQD2bmFtZQAAEBAAAANOAAAIcCYSZQ5wb3N0AAATYAAAAB0AAAAg/9EAMgADAhoCWAAFAAACigJYAAAASwKKAlgAAAFeADIBJgAAAgsGAwMEAwICBGAAAvcAAAADAAAAAAAAAABBREJPAAAAIP//Au7/BgAAA9gBESAAAZ8AAAAAAesClAAAACAAA3icjM/LLqMBHMbh52s7nUPbOXZmnJU6laKKauxEIqSRiIXECjchcVliJ44XIbF1FZVY/MWXxtq7fha/F4msBEW5pIm6ipyiiqppNfMWNLW0rduwZUfHngOHjhw7dRZBT8+kuvGuN23r2LXf0ydvOp6UFZTkZeIlnqMb3biPu7iNm7iOq7iMh3iMizhPuz6+xJqmVS3LGubU05pFSzKycj7J++yLr74pKCr57oeffvntjxVtZX/981+ffgMGDRk2YlTFmHFVEyZNpT9rZnkFAAD//wEAAP//aRMzAwB4nIxXa3Ab13U+9y6IFUmI4gpYrPB+LLALvgAQC2D5Agi+CRCkSIKkRIgiGUqWZEomJT4kv5RWtupy5CnGaTNKrORH5c5YSZuqsX7I42md2pQ7tVuPO9bYTSPH+uGM28bsOM2EDeuOudvZXUAk2z/5sVhy595zzv3Od75zLpTBGADO4m8DAeVwAA4CDSBQHsov8DxLioIosgwh8ogix9B/SzfuNwV1oZAuGH678enFRZRbwN/ePjdw5uTJh9OTk9L1f/pQmkV/+iEAliUAHMYFKAcKwEgKPMfxrF5PGAUjy7Pkz5hbTLWjSrffsfHx2sdPCz8X0NTwcHQhLj4hnceF7aXXXgMAQNAob2IO3wA7QJmX42LReFyImBmS41ivXk+bzEIkLjJ6PTo6+sLhkbXR5KwraUlwsVxobrS+254MnDYMfefc2ZdHIp4Bq6t5PnP+9/zOdLARAEMOAKdwAfYpMQqUEDHTJj3LC5F4LMqxbO6vrv/g1T/uEE6cO3dCwIVXXvmzW9PLTz25oMaVA0D/hgtQqeJFe2iBZmkPnUPXpC82NpAbF+Zuzb0992jtQxWLnbVUDr0o/fLLL3Fh7o056Veldbi7ZFPJgkCxlIfKraDylRVpCxekrxC5vYS80sPSevh7XABCW59bUYAr2pnABTBo3wWjQBpZgqRzK8Qvr7y38fuvTeOC9FNUI0sXUHT1bx/5vo4L4FL3GM1mRojHRaMSQTQeF1mSYAmedWKayj2/UklX6CpNFReuni0jCV3sbM+5qI4gy3BBesvV4XZ3uFBqewnVudIZ53elB4j7rjOTdkkfl/wkcAGMmh9G4LiYck6CZ81mmspder9Lp6tc1F64IL30YuSiiOzbS+j8i9ElUfoMsMqJJXwDDoBtDyuU9Ol5LXtehRtoZPy5dPq58Qnld2JwampwcGrKkHt5fv768PD1+fmXc489v7Bw+fLCwvMlPjhV3ExFPqgWWZamhIhGiQ/SS52d5/umx18aSI/gAnc02z8d/E80eCkZUviq2WjBBagCZpcNBX+Woh4x69PuJ9r7Wr//3B+dPN7V19d1HBd84+mBKZP0KwQyoKlmsalB4z8nb6JtfAPq1JPyotmsGeH5IN5bDLTJbGYYLWR0sPOZUDebb2hqaa7PuxN884lU8zzX6uqpDTY7wrbJlkzT44ZI8LCnJsjV+Ix8VX13OJprbOAyVmeNz+JhKv2Wkb7Y0ZgSgxUA78MFIJUTsTEPzVI/fRN9+Saun5vb/kiLc1jexO24oOiHmhFKoExqrHH1T70e9Q+cT6x42vhAgl1sWzS0XT2LFqW1vhzL5vrQk9K3zl5tAyR/DYDtuAD7AQRiFw+Jd99/ZqraWq2jLAeOXfpHXJBeF081NZ0SUVrhvLIPfYULcABAiBECU9woCgT91jvP9lXZq3XVzqq+p/7uN+h7t/w9HNfjvyU99hs1ZyF5E91DW2ABFoDxKnQSVUhJXgWYplhFu/hIXIypmvNWauTadxAf8fV4amtOt0wdm9mn8wyQzkb7yaGAYTh1+Eg132w3DVq5J05Ln8btXN5hWdgv+D1O1V9a3sTleB0OglNBi2dJlhJoUvO1i8IkbTYjsTdFVBxbJlwZ/9SptpnDjZ2RpmiTVTCkonj97qjNu3Zh7FL7zEQuMyp+bjYquaiRN9FdtPV/qmOHJiXJNHedbe++0BHqtTUZA0zrQLrFIdAh75ghsTwyupxwMwOUMZ9J5y1U1ukEDHXyJtrA62BUVELDSTXMx4QSQmKs5OS/phZaZ2O1rXbd8sw+na3fIIYtEUuoq8Ww9tTwStJhOXxnOxmzcTPi58zB8cHDY1r9KLH/M9qCQ4qPvbVNesyl0AlBLXFk615IdZxp7soHy6R39w21ukUbz07ceRCJ1HUppxheSbY+3uMzdfQbqX7GicLNHe0aX20AKI8/0PodGxNj0SJGrJdW9fl4Z2f2iDVcbbbZkrOz6KWJMmHwRAU5YcjFjknnAYCAgMyj/0FbEIEkZFVEuFhUQUAhUGwHeIFmi0ri5XitaRUzTewSK2NRHLy88t9my/FYr9HioS18fFIw+Q/8OG+ojoxFq71U5X624cjksdTFDBtp9PkikXBrpqG2K2Djun9mb65L1OsMAacjdEBn7K5rHqohy8ar6qzxAU5PVpgo+lBzKnw4iN6MhoJCJBSKSoWwy2EiHT6PX8ElDYD+A68XFbBESqULqAVBpZd1rmzkcP+yr8bd6MLrd2ccDaeOS+8jfyLicko/BFmGJAC8i9/BHDQDAAkt8DyALMv35Qi8p35vLX6/CkWfGOP1R/1KVPoVT9LpC8Tdb/7gjcvfHMTrUt9n70qffnz0srJe3oTf4nWl1hUWqlJTJMYbCWG5ulxHkgcqXIZMCndv36UphCZ0es0PsQ9tgUf1o+iDkp09JyQfvdMz+3SudDDeQbGDwaHMip8LNi/7+WAz2ujyBEM1XKR07IT0w+KrhB/aKuJX9LEbP0Uqhh4BiDY63cE9+BVr4Gu09Tv0t4OJ+c7O+URS+U3Gk8l4PJEoVm9ieXRkOTGdT2fySg1rupPE5WirWL870RWZydDGXcKjnn8wMPVY24zoTjmJE5rw2CLr+C+jVm5taexS0mEZvYHoHelRNSKJNko+ymKiavpRIYgCRezSCPSkztbLqUJRk3IRFccelERi/eaoldWEwhnaziF6RyU0jC+hreLUpp2iqG4awNYMz9Km/eZqR4pBG0fCQsVJna6hSSr2qkPyJvoW2oKAyp+dnsppPXWPVjJOTJv09yMnfXFPpz/AucJWd3tgdjQ66oxZYw6/ry3gTdXNGXhHxuL0WmgbXWFgxZqOUR/Ta2RcjMNZZWCbgu2TgMAkb6I8vgBmjbcxNiaKgjo4mor0/e14X2+2avby5Z799gqTSTCcOPzFRNkLLxz7YoLUjZOVWvzd8ib6BdpQOLaH/1RRhj9R2BVwN9qXp8sJd9Zw6jiKSp8kIm4fGpbofi4ISKk11YbWZ3e1y9f/YnWoQpnv6IqhxVtoQ/ZlOC7jkyVa9W2Q4+o+627sRHGPCb1+3uSsokljOR8ylL+9Ol5JV+rKjeWZxTuuo/+g1+VxWcjvQp//2t3Hevs8v96Wc99QuBOQN9G/4DWoLPJeywVtUjiv5qc48psRnFhdPaE8rrDNFnY5w3Z72PCjmzdfffXmzR/lQ/P5/Jm6ujP5/HxIiTkDgN7Dz6r6orSqWDwuKuKWKayGep0Tl6fRK/3lloPbn01r+HoA0Ed4TYlCiCWxVm6lWcCk1yuiKNDc5JXeuOBPWFP10x1TT7Q/3m5pYb7fNfGHi+FIW60jFRLmJ5tWn+7CZXOAoV7eRJ+oZwsAIK+eLJGO+P+3mp1JABlsbbbyVDAgxgLJ+fa+pY6WMXuSEh2BzhrCnvXmTot5FPcExrPtLU3N0k86r5199uX+Wmcvbas/fZQNfONk+3RU7VU1RWztUAPxR6qyq0spUyqtSQwR35EYM1EsDRV5hJJzTb0NfiFyRJx4LO6q74zPMlZbpN4f8baWBVtreuqcfLehYSjaOnxIZ01HogO1M4OhLKOzZFONQ0G0bI07a8VgjbvOJX0o1LP1Hsrc5g+1qLi3y5vwEbyk3H+YXdm/5qqvd7lraw31Xm+98ig9Rl2L/hXzEAZAE6BX3oBgCK3BO/jHUAZg5HmBJM+YdRcJBq29fuHC64CgFu6jQ4hT7kxiTKBrv7w/Nqbx+hn07/Jbyncm5qEN6Od/0NMDCAblIWTBD5U6YTTIGBUJ5sNkb2+yvykeb7pz6uHVqw9PuWcfLCw8mAUEdfIQbBX38CqWSp3QJv2yur4/2dt7p7jare4FrEye6Bf4GtjUG5jIxrRHINWHZtWHFVnSKIjs0UOD49Ujx8w99CrTTQ9PVo9PM73M6iH3xeqL97JXsrdv376dvZK9d+8eOnAFlN4L8ziBBgkfkNCGDgKU+i78Ddoo3R/Ty2hDogHJf407oAe/o+SB2pUHF8e5XByHO3xOh8/ncPoAkNrTf4I2oHqPlmojv9fGV5kr6EoPs+Ls/mBf2QRR1lCH9dtfR0eVupSP4gS0Ej7Fv5EXGfznw3+CE9/L3ob/BQAA//8BAAD//9JootMAAAEAAAACC4UVitIdXw889QADA+gAAAAA2F2gqwAAAADYXhEz/jj+zwhuA90AAAADAAIAAAAAAAAAAQAAA9j+7wAACJj+OP44CG4AAQAAAAAAAAAAAAAAAAAAAD14nCzNvy5DYRzG8e/zkBJpYmBojqmk0qNNaVj9iZxIXkKa/EjcApvBdbBZxQ24ADdgMrgLk4VJ01d60uGzPU++fuaSd/AgT3zE0HeEC0ITwk+ECsJXhL8IPxJ+YegTwiPCbTa9TuEHRm7lsX7z2PNse5ekD0rv0dMfpfZZ8yJdD0hqcKCF/OklkpZJc2ck75Dcqfep/tyT9EpLN6y6T6VvmlMWXYtTi7ZF36LUCoczFzpmSz80VXGuip7FhjvcqkGC/DbtQr7+BwAA//8BAAD//3buK6IAAAAAAAAsACwAUAB+AJwAsgDGAN4A6gEEATgBWgGGAagB0AISAiQCSAJkAoICugLqAxYDSAN8A54ECAQqBDYEQgRaBHYEqATKBPYFKAVaBXoFtgXaBfwGGAZGBnIGiga0BvQHRgdcB2gHeAeEB5AHqgfEB/QH/ggKCCAIPghMAAEAAAA9AI4ADABkAAcAAQAAAAAAAAAAAAAAAAAEAAN4nJyUQW8bRRzFf2unNhUiKghFqYSqOYLUrpMoqdrmgkMa1SKygzcFcdzEa3sVe9faXSeEj8FH4MYX4MypH4EDRz4ABw6c0byZxHVAkEaVmreemTfv//5v/sBasEqdYOU+8AY8Dtjgjcc1VvnL4zrdYMXjlbf23GMQ9D1u8Dj42eMmvwS/e/we27UfPb7Peu1Xj99nq/aHxx/UTd14vMp243OPH/CoUXn8IQ8aPzgcwLOG5wwC1hu/eVzj48afHtdZazY8XmGt+YnH9/ioueVxg0fNfX7CsMUGm2xgeHL99QxDmwE5JyQYIi4pqUiYUmLokHFKTsFM/8daG2D4lDEVFTNe0KLFhf6FxNdsoU5OafEZjzFckFIxxtAnoSSh4NyzHZCTUWHoEjO1Wsw6ETlzCk5JzEPCt7+lNSaTyiMKcv1idaeckDNhoHtGzJkQU7BFyAbb7LBLm3326LG7xHnF6Pie/IPPneuxx0u+lv6SVMrNEvuYnErVZ5xj2NRaKPefs8uUmDMS7RqS8J3qsQw7hDxlhx2e8/SdtC17k8qXGEOlrg2027pwhiFneOe+p6rW9tGee02mrrq1iMrvdLdnDGjpvFGtY3lmxDxXvwtS7Q7vpOaIWN017BNieOVZb5/MiktmJBwz9p4tkhjJp4oL+bZwdUIqlzNl2NY9V6WutitnIjocYuiJP1tiPlxisG/jZpo2lRZb00LZ8r2LHp8TkyrjJ0y0snhpse5t85VwxQvMDXdKTtWFGZX6UIorlM8jWvQ44PCGkv/3aKC/rr8nzK8T4qqzybDvu02k7kbmIYY9fXeI5Mg3dDjmFT1ec6zvNn36tOlyTIeXOtujj+ELenTZ14mOsFs7UMq7fIvhSzraY7kT74/rmH1/M6kvpd3lNWXKTJ5b5aGfLsmdOmwYetars6XOnJIy1E6j/mWaVjEjn4qZFE7l5VU2Fi/LJWKqWmxvF+sjck3WQq/Tshou/XywaXWa3BSobtHV8E6Z+e9pfXN+HemmoVQXPi1tqbO5jik5c7khV30ZCWeURHKulK/2zPdiyDWLCr2MkdRbt9pMlETri5sh1st/+3UkfYX643httqzTk2tHh+Keu+T8DQAA//8BAAD//9kvXF8AAHicYmBmAIP/5xiMGLAAAAAAAP//AQAA//8vAQIDAAAA");
 }
 @keyframes dashdraw {
@@ -16,18 +16,18 @@
 	}
 }
 
-.d2-1480995423 .text-bold {
-	font-family: "d2-1480995423-font-bold";
+.d2-4033683774 .text-bold {
+	font-family: "d2-4033683774-font-bold";
 }
 @font-face {
-	font-family: d2-1480995423-font-bold;
+	font-family: d2-4033683774-font-bold;
 	src: url("data:application/font-woff;base64,d09GRgABAAAAABNoAAoAAAAAHRQAAguFAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgXxHXrmNtYXAAAAFUAAAA2wAAAT4HPAjfZ2x5ZgAAAjAAAAwkAAAQkNWELmdoZWFkAAAOVAAAADYAAAA2G38e1GhoZWEAAA6MAAAAJAAAACQKfwX8aG10eAAADrAAAADUAAAA9HPxCYhsb2NhAAAPhAAAAHwAAAB8gfiGVG1heHAAABAAAAAAIAAAACAAVQD3bmFtZQAAECAAAAMoAAAIKgjwVkFwb3N0AAATSAAAAB0AAAAg/9EAMgADAioCvAAFAAACigJYAAAASwKKAlgAAAFeADIBKQAAAgsHAwMEAwICBGAAAvcAAAADAAAAAAAAAABBREJPACAAIP//Au7/BgAAA9gBESAAAZ8AAAAAAfAClAAAACAAA3icjM/LLqMBHMbh52s7nUPbOXZmnJU6laKKauxEIqSRiIXECjchcVliJ44XIbF1FZVY/MWXxtq7fha/F4msBEW5pIm6ipyiiqppNfMWNLW0rduwZUfHngOHjhw7dRZBT8+kuvGuN23r2LXf0ydvOp6UFZTkZeIlnqMb3biPu7iNm7iOq7iMh3iMizhPuz6+xJqmVS3LGubU05pFSzKycj7J++yLr74pKCr57oeffvntjxVtZX/981+ffgMGDRk2YlTFmHFVEyZNpT9rZnkFAAD//wEAAP//aRMzAwB4nIR3e2wb15X+uZePsWnqQZHDISm+R5whKYmSOByORFGiZJF6mRT1sB6OKcnWz/FLtuyfLa/UVG4KxE6xCdPsVqrjxG3TGjF2N0i6CIwusvWqiy1qeI16sQukWQOL1km6QdfbLBA10BZ5SMPFHVKy7P1j/xgOMbhzzj3f+b7v3AENDALgGbwCKtgNFVAFNIBg8Bh8As+zlCRIEsuoJB4ZqEFcJd94gw+oAwF10H3V9cz0NMpM4ZXNUwczMzN/nG5tlX/wtz+VX0LnfwqAC18C4C6ch91gADBSAs9xPKvVqoyCkeVZ6neVL1aUVZep9dYv771z73v+O37UH483zQmR0/JlnN+cv3YNAABBqLCOG/FVqAbQeDlOjESjQtjMUBzHerVa2mQWwlGJ0aLJ4RdGRl8aThzxDFgltq6vdqzXn7AMDOvT3z196tUhwTvFOMJTe4+crbHmDgGGDABO4zzoihULYbOZNmm1LC+Eo1ExwnEsm3n3yHeGBl8+VG9vHgmFRprtOJ98+ezZ7/Qs+HMDAwd8yv4yAOhTnIc9Cm60hxZolvbQGXRV/urBA1SB80vPff3K0vbahwomO9Zm0DX589/+FueXXlnahK11eHQrpkALomBgDawhs/zRyspHOP/VV5vzqFJe21oLH+I8qJS1hswyAa8U4xTOg774XDAKKiOroujMsvrn12//549eT+O8/N9oj7whLyLjkb/eyvs2zoNLecdoNjNCNCoZBQNLYJdYimJ5nnVims786ISuSqfWGXTHfvg8tVulFieHJiNq9S4K5+UH9nans92OvJvzn7qzg65rX3xxzTWYdX+6lYPgbizmYASOE0l9Kp41m2k688qbHWp1eZ7cNGU4L//dn0W+Gfvd5jxKfTu6FPsPAMAKJ76Br0LFE6xQOsiHSftYL+EGGpu4vG/f5Ynib9fAQFfXwIB++NWTs9/NZq+cPPnq8LPzMzNzczMz81DiRKOCmekxTrC0QQiToGzmw94L3d3zqaHexY54Euf5XDY90/AbNHxcCAJsxRjBeSgHZkcMipCeRIkWw3ySOpdMiCs3Lg6lY21tsTTO+yYGeicZ+atPPkGHmhobOYIVW1jHOnwVgkqVvGQ2FwPwfAg/LgTaZGaY4m6RqePZ8H52zB+qF2pHPXGu9USy+Wxwn7uD5+pbgvtbu2Nz+sbQ007O63A5qmrKG7obohORuuCktdpldzoNXsv+VDTXDAisANiI80CRSljRQ7OGezfRlzdx5dLS5lqRq32FdZzFeaJyjZcTDYJBkaTyR4sGnn1+JSZJ8W8/p7/yBpqSlw+l04fQafn6G1cAFb4AwALOQxmAoNrBN9XPbn9voIKpUJdbyjNXfoHz8r+IR6PRoyJqJNwufA6AaZyHCgBBVAlM6UVJUNGrt38QK7eVqcvtZa2v3X6I3rjiS3FcyndFzj1U+hMsrKNfoQ2wAgvAeAl1JAVCilcApQ0s8SkpHJVExV9+lhy8tIzZgKujRmyYjU0fXdSpXT27rD7jQNylH08MTFR4eAt92FEzd07+WLCz5xjjuK7WYWGUfJ2FdWzGq2AiqiJdZCnWINDUE4RlvRRtNqOUp8uh1p9fVjuS3vhEQ3x6gouO1QVMfr3HLeLVt9I2R/v/T49+LbHYnX6+/pdV5UoPagrraBVtgO1Jjywyo+iQWmRNnens/ZNkqMeeYt1iItFoCRljvjF924Xhkfk2JzPtSHd2ZOiKQ+7qIpf5wjrawKtgBPcWVkpgngh2G6UtAn6WO9M6HQk0W7XLizq1rRtb+CpjrYmNNuhf/NrQhXa7Jf1Xm11NNnbRZP1lVXlXT18KsLL3j9AGWEr47NQy5SGMJ3tXCYqkkavn3N6uU609kw1qLN/XdTeJ0SZu6rWbfJ03qm+fHx6aTyRmk0bf7qjgOWBzolhAbCjy1AKA5vFdcidclp7QD7Fiw1N799YMdrkildVlNn2188ABdPG0ploci+i1pzQaD+c8Lz8HoAJvoR5TaAMaoBX6FWQ4MUKAIGQSt0pgBJotGYiXV/pA6GXSalU7HMpYcgQvpyz5LDbV3GOsdltsgdiUWOf5SZbaHZmQHK4qb2Awdzi51O/geYeD5wPhDt4nWD366rb3bM11cb+6zO+qDleqq5K18axfP7vHa2rpr9FVmI1VrV3CUAjdDQb4gN8fCMrLNVamUqWyWO2OIjadpNkKR5V5Q20JwaDskjJ0LlP2feGhvmWH2+634NW3DlhrZyfle8gT9VsZ+R0oFEACgN/g9zAHLQBAQQxeACgUCv9UiMMHyvPW0vP8dk4nXt2eT5JAPJKiO19Wf/+HP771+tkEXpXnbt+Tf/0PPc+Q9YV1VIVXieaZHT5DyPGP6dZlw24Npa3S+/QH92F28z5ThdBpDVXMo3KgDfAoeYhPkK4/ViG1fe8k2u5uEjuNnv6mwX3LDrevkfw0oLUOV32t39u0VXaj/E7ptoUf2ijhV8qxE79Fndqd2QYQrSWc9Y/hV9SBwqn/e6aZE2eSyTOJxFwyOZeoD4XqQ/X1JQ23zY8MX2hbyHR0pomUi/7Ti81oA4zgBGAe7U6hJccztPGR/ZB9Ovr4p47Hp6PuuE2T5aJjtUGT/138l0029k/Pjy4mqq3ZP0c12+ZDPKIXbSjx3QAaUVLCbolLkASDaqdHoBNa615v0SjaidN9vG0S776StrgUo3C4mzYnUM0jlyjxBb2MNqDqsT4W1VtEuDrN0XadpcxaaW8zobXxcJNG86xaHQjLHwICurCOXkcbwCv8eTRLueIs3Q5GJqkT0ybte03HuL3ehMvjdIRszlb/idGWcddeW8TW0sK52wLH9ZwrZ61mjAazUaevaQmkxnjLhMnMW6zle9iWUNdkUVuGwjqaw/PkNEDmo8iKkiQoB79Hxgy5bDJteGZhgXXorTrGKOlPjt09rb106fydoE+rntXqi7HihXX0OVojPHtMA4aSHf/rUN+y023nzMuLe1Sufv3sJIrIH4gBmwP1ypUpXx0gojdUQGulmbtjdN78i5UOnVGn3m3Udb50Ha393pfh+Yzv93KlkltfaEebaI2w8xF+kvRYiHK8aPZU2KiqXT6/jvr7lZ49VTr1LsPu+EtvMc3Zn2vVZ5GmxmFD//6+t9vH9rDvy3vaR0vnJl9hHX2CvwV7Svwv9oQ2Ee4Xz+PF474Z7Tp68eJRcln9DOO3WvwWi1//5vXrN25cv/7mOd/U+HjO682Nj0/5yL67AdC/4a8rPkPGlhiNSsTkul9YiPR6Ty0soDMHdXbT5sZCEWMnAPoYfwvsZH07LsqudDZQVEPcUaB9Qxe7mwJeyTLYMJNMTImtuYglbv7m/szFE/UNTbwtGxbCB9vEM2eiKs0SqS9QWEf/pdTnB0BeLbVFQNX//qqhtiWKjFbBpGv2eBoanG1zqb4LXYmcM1Mp2dkYq7L2OYZnY9PI5/Dua2mKhoPyP3e+eGbhal+9a6Kq2jfe72ann947HQEys8i556FSFw+RbYd5NK2UeUsXS1Q9OZ84XsEeUYkjsUS9rzGSax0/GfaEOpqftvOBGkcwrvc1euN+2h7T12WFWL9Fbe8NR7PB6Wyox6y2DiTCgyH0jfpGX32Nj6+T3+f9dp/DYBQdwQZA0FZYh0/hbfK9w+zo/BVOEDhOEPQi7xdFPy+SOaOsRX/APDQCoCRoyR0QpNEMfIh/DBoAI88LFDXn0KxoHGjmzuXLdwBBLdxFHtREvpMkUaBr/3j3+PEir+fRw8Id8pwRPbQe/To/MgIIegsZ5McfEJ0wRagYBQPmXiKVSuSkcFi6eezBpUsPjnGH78+evD8DCBoLGVRZeodXWEt0Qpu0+VxzONycS6RSN7mZ+ydn7x/mlHcBgxcAfYZfgGrlq0tixeIlUMpFs8rFSixlFCR2zNw/Wp49SO83Haf3m7IHy/ZPM6PmY4z3WPnxW1NzUzdu3LgxNTd169YtZJ0DMn9hHMfRflUMKIgjM2zPe/gVWtv6ZuxcRmtyJaDC27gFRvB7pA+GHX3whUI+XyiEW4IsGyQXsRAy199Ha1D5mJ8qp35tjStQYdMZdQ5m2Z35xS7tKZWaD6A/yMboUxJ5txPHoV0VI/lVvMTofvL/XsPx7x/+G/gfAAAA//8BAAD//4mblmYAAQAAAAILheP3wvlfDzz1AAED6AAAAADYXaCEAAAAAN1mLzb+N/7ECG0D8QABAAMAAgAAAAAAAAABAAAD2P7vAAAImP43/jcIbQABAAAAAAAAAAAAAAAAAAAAPXicLI2xLkNhHEfP/yeRiCs+STUsHeqK6L0aG4l+w39pSPpPDEQ9AC9h8Ab2rmYWqxewmLyKgS6fVDqc7ZwcvXHJByiXucYM9UCoJlQReibsiNA9oTmhGaEXhroidEeoZU8tu5pxobb8aqP8aJOBMm5f1MocaJXartlRl77OcOtwYt3yqRq3Hr5yi2uEq/n3fdHYE27vbNsjWzplpHUqrVEpsa/EWImeEodKDKwlL5nYhMa+qWzKuU05VqKvhhvr4FBeF18o/gcAAP//AQAA///R/CjPAAAALAAsAFAAfACgALYAygDgAOwBBgE4AVoBhgGoAc4CDgIgAj4CWgJ4ArAC4gMOA0ADdAOaBAIEJAQwBDwEVARwBKIExATwBSAFVAV0BbAF1gX4BhQGRAZwBogGtAb0B0IHWAdkB3QHgAeMB6YHwAfwB/oIBggcCDoISAABAAAAPQCQAAwAYwAHAAEAAAAAAAAAAAAAAAAABAADeJyclM9uG1UUxn9ObNMKwQJFVbqJ7oJFkejYVEnVNiuH1IpFFAePC0JCSBPP+I8ynhl5Jg7hCVjzFrxFVzwEz4FYo/l87NgF0SaKknx37vnznXO+c4Ed/mabSvUh8Ec9MVxhr35ueIsH9RPD27TrW4arPKn9abhGWJsbrvN5rWf4I95WfzP8gP3qT4YfslttG/6YZ9Udw59sO/4y/Cn7vF3gCrzgV8MVdskMb7HDj4a3eYTFrFR5RNNwjc/YM1xnD+gzoSBmQsIIx5AJI66YEZHjEzFjwpCIEEeHFjGFviYEQo7Rf34N8CmYESjimAJHjE9MQM7YIv4ir5RzZRzqNLO7FgVjAi7kcUlAgiNlREpCxKXiFBRkvKJBg5yB+GYU5HjkTIjxSJkxokGXNqf0GTMhx9FWpJKZT8qQgmsC5XdmUXZmQERCbqyuSAjF04lfJO8Opzi6ZLJdj3y6EeFLHN/Ju+SWyvYrPP26NWabeZdsAubqZ6yuxLq51gTHui3ztvhWuOAV7l792WTy/h6F+l8o8gVXmn+oSSVikuDcLi18Kch3j3Ec6dzBV0e+p0OfE7q8oa9zix49WpzRp8Nr+Xbp4fiaLmccy6MjvLhrSzFn/IDjGzqyKWNH1p/FxCJ+JjN15+I4Ux1TMvW8ZO6p1kgV3n3C5Q6lG+rI5TPQHpWWTvNLtGcBI1NFJoZT9XKpjdz6F5oipqqlnO3tfbkNc9u95RbfkGqHS7UuOJWTWzB631S9dzRzrR+PgJCUC1kMSJnSoOBGvM8JuCLGcazunWhLClornzLPjVQSMRWDDonizMj0NzDd+MZ9sKF7Z29JKP+S6eWqqvtkcerV7YzeqHvLO9+6HK1NoGFTTdfUNBDXxLQfaafW+fvyzfW6pTzliJSY8F8vwDM8muxzwCFjZRjoZm6vQ1MvRJOXHKr6SyJZDaXnyCIc4PGcAw54yfN3+rhk4oyLW3FZz93imCO6HH5QFQv7Lke8Xn37/6y/i2lTtTierk4v7j3FJ3dQ6xfas9v3sqeJlZOYW7TbrTgjYFpycbvrNbnHeP8AAAD//wEAAP//9LdPUXicYmBmAIP/5xiMGLAAAAAAAP//AQAA//8vAQIDAAAA");
 }
-.d2-1480995423 .text-italic {
-	font-family: "d2-1480995423-font-italic";
+.d2-4033683774 .text-italic {
+	font-family: "d2-4033683774-font-italic";
 }
 @font-face {
-	font-family: d2-1480995423-font-italic;
+	font-family: d2-4033683774-font-italic;
 	src: url("data:application/font-woff;base64,d09GRgABAAAAABPUAAoAAAAAHjQAARhRAAAAAAAAAAAAAAAAAAAAAAAAAABPUy8yAAAA9AAAAGAAAABgW1SVeGNtYXAAAAFUAAAA2wAAAT4HPAjfZ2x5ZgAAAjAAAAyIAAARqDOmcDloZWFkAAAOuAAAADYAAAA2G7Ur2mhoZWEAAA7wAAAAJAAAACQLeAjhaG10eAAADxQAAADbAAAA9GlfB2lsb2NhAAAP8AAAAHwAAAB8ikaOwm1heHAAABBsAAAAIAAAACAAVQD2bmFtZQAAEIwAAAMmAAAIMgntVzNwb3N0AAATtAAAACAAAAAg/8YAMgADAeEBkAAFAAACigJY//EASwKKAlgARAFeADIBIwAAAgsFAwMEAwkCBCAAAHcAAAADAAAAAAAAAABBREJPAAEAIP//Au7/BgAAA9gBESAAAZMAAAAAAeYClAAAACAAA3icjM/LLqMBHMbh52s7nUPbOXZmnJU6laKKauxEIqSRiIXECjchcVliJ44XIbF1FZVY/MWXxtq7fha/F4msBEW5pIm6ipyiiqppNfMWNLW0rduwZUfHngOHjhw7dRZBT8+kuvGuN23r2LXf0ydvOp6UFZTkZeIlnqMb3biPu7iNm7iOq7iMh3iMizhPuz6+xJqmVS3LGubU05pFSzKycj7J++yLr74pKCr57oeffvntjxVtZX/981+ffgMGDRk2YlTFmHFVEyZNpT9rZnkFAAD//wEAAP//aRMzAwB4nHxXa3Ab13U+9y6IFSkQJLB4EBBIEFhglwTxIHYBLAgQIECQ4Avg+2WJpEi9LFGyTclmbUeS7YgeVVZqFfEo6rjjRGmddpL4j2unnVHqOlMnnWHsMtPOOK1TO+40TuhUamqbw3GTTLjb2QUIgspMfmAHA+w995zvfN937oUqcAHgh/FNIKAa6kAPRgCechAELwi0meBZliZJgaUo0nUFrV/5c1Xm8C9avv4br13V98VvDf3P4iv45s459Mz800+LR66dPDlz757oQf92DwAAS+8AoB/jAlSDDoAieZZhWFqtRoinaJYmP4p9v0ZVo1JZefGf0YnDuTH9L8+gJ1dWQsvRjgfFMVzYWdnYAEDQIW1jH34J7ABVToYJh5KY50xmkmFopxYbDSYTz0UEs1qNnEOnI+2HL+eiYw0RKsLEjna7nIPxlkwz7ZrXZJ4Yzt98vE/wtDaziRNPdMbnw82HOLtPzhVoABxRcqVkBHjOZDSo1TTLc5FIOMTQNL32heeen7r9yPT01KXMg8cjuPDHTz7+nZOpyVtL82fkepESox4X4KCCIekgeZImHSS9hpZrxY88n2k/4RGjxYX0j7s/7654v7rifaL0tu+z2k87cSH9827x33djn9mNzRMOiidoykHQa8NR1BLNrw13ie8lcUG8h4w7KygqrhfXwDYuAFFcQ68Nr8mglnOdwQXQFP/jEU9SNEGS9NpwmkADs59/Zeyp53y4IL6Ben4nnkPHrn5QXvcGLoBFWUeZeUHJJBIRaJKgCbm/JEGvzXeYVNnvz68N5aqtGtXIP3oTJpVae2AQF8SvXbuGju2soAve5bYXxG+guRe8Z7zijVLsU7hQ6gBl5iMRJXo56vAtj0qtrekdWsvfbFOp62qyuCDOPRd8iEdzOyvo5ef5ZU68rfSzU9rGC/glqIdmhTUl0piMBi1muSSWe1okD7I/vOqfXs0Ongz5px/LhGeSzsFh+Tmg+bNLQ4XV3p6LE0NfXu3NdB5b7VhajR9bjS3+UZkzPqUnhkrO0ATFc7ukuTN3YfCLk2dC6aMnl3P9J3FhcHr0waD4a9Q3OtLBQzkOiwtQC6a9OHI79kX6ztz5hycenTh3Qeg5vnBiqH8RF7ITRx7WiR8hk3gXTY1nI4EiDzXSNhLxS+ABMDsZVlD0EQ4xLCuLJxIpi0etNhpMZrNJyfvjzEpLR+OU0Dnmc+c88fBcPL5o5y1ZvzvcGHTlAqH4KU0s1tbG9URdnMlvHRC4cS7U4m9qtbcfYgImn61PiB0JAYJ5ABzGBSDlamjBQdLEX6++WYveqf3eKs5nMjuvF/MckbaVfptKHVK6Lacky1n+qkZNJ86qVYPDQ9Wp3uhh41hu3HZFc+aUMWBBK+JzPmc2P3cWvSCevfGkHG8cAKcVHIEneMpkKjEIPR8fOVR1gFBZwta/nRS/hQvizfBDkfAjIXROkQMgmADATbgAdXLOBG8uLRZ4RHyJPzvqq66rJszehksT4v+GEKDCP7h6GXef6w1xRVJ6yErb6NdoCwxyN81lvpl5gSdogVarWS4iCGXHej2V8w4u8GxCp6KSS10HVPSsnhlxeY2czZUJ24OaI1PZJ+f4FkdCtPa7Ayl/4CeM0zMwz3UlipyxS9voU7wORtnB5S7TJE3xJMkr7d3HcjVJmkx32YSOMHTdyLMm7Jr0KduHXZlwU3urc4z2G3hNiyOB199cbGw7PC1vnfIMzPPJhMf9MeMEBG5pG72GtsC2r7o9FpUc+L2RE978UtjbafJRTGP7dKQj1hwxOa15zan5nkenAk5Lu9nYs5Lpzlp1nMENu9hhtqKWPez+MHgxPVHP5Asl9Ibd96PHNh99cyd6P3xYqeV7aAus4K7cT1GdQ12eJgSvWL9c4c+nz/iG5tqFdJOmSvxBdXPG09hhbmoce1HChL6VDi9olpd6V8a9/lHOxmu7Rt0WHW+0I/fBhlpb0D4FCNoA0PP4XTArmujClSokFeNvm+o6mK6vG05YPfpDNYd0jtYDumOa41Pomx1VY4MTtQcFsoZrm0iKszJmSHKhLbQFdvBXqlwQ1Gp6P/vUamIfeq8Ep2mXrbclOai1MJOBxGjbwFyQSeoIqusU9WgHPeZsMwVtdJpvCnzANIbNzlzqNOOdnso89gAn85E4ego52jz/wjhbs7Pt8XhRP3YA9B5eL82FPR6SynAIh+QyCfuNfHu9qnXcmwwfSOY6Vap+W7+/F6/fS9CBdNTuEt9GXkND7ZDHL35TkuSY8Fv8GmagAwDUEOsHAEmSnpVY+D/l93jx9969HH6F18szjZJnGkuS9hv5Rfyb2bdWh+dXrHhdbEToHfEXv7pwERB4pW34LV4HvYxiOFS0HaOhRIGH0uqL+csI6Qg1iWpMmi6dBZ/d+TJZTegRjqtU5X3xXbQl+628Z7F0cwkA9T4EKsFY6iJVzAQTC1YFZt2JiEqVzCdUqj5jv7dXxiZr6m/rRZsDrqDQ4uXTUV2ToRKfvW97+KMtaKjM4X745R1bx/370Fd2uB/8si7R+2gL6qCxUidFcykei4rif3dkwTu4wI0c9Q4teHxjfISTH5rTR3ofnfIXn6nulZ7uvsxKT3dWORt+LvHoU7RV1DxZkbEW04qbkdQ+/6q53qUm3FN+Rfoc00lhvf2vKv1rA7+esvtKwrefvo1QycCYX7odu/Xwikcre1YJsrHcp5X9SkEORxN2z/orvfr67Uqj2bj9OBMoW/VOHqH9Rl3syyW0BfUVfTGTzG4/Dqoacz6L8VC91ZWzJ9DmvDdR3XOgKy5uAJJ+J22jy2gL2Pvn+P1jXJ7ixSH+cnDe0m5OMZ5Ea9Tf4R3w+gdtfop3MMFIczLUPq4JtTD2Fj9tZe3WZGtb2u1qajFYffYmRu/s9Pp63HLOndI2msXnyl4fEWTH4hWXqvD6O6mQCnX0Hcy50ocuai53EDan1npQVx/QdPnqrLVI31F19WpSvKvXNzXVVAlknRw7Km2jT9Cm7BPmvZlfUhxVsvtXymrob+zz9ubkAdkyqekWdHYKRcR3KYtMUzQrWgdpvqjBOAD6L7T5+7P/Sl/OpVKrVDoX9ad5cQdtih/TQ7RrwIUsolVZK70lBdBHaBOsAKSCs2Kk+6JosbqmWWvR691pi34ix8inCZ1b/yc58WeWeP+/kmRHdYKj0cfiJ448TeecSLfzWSDvLfLOI22jH+HroAOHUvUfOIyuc31uz8BimMu6WgeOBtlMqNHrV56a6PHkA39xqS92PHn46xeziZ7z13oyM73nr/V0zwCSc0fP4KeU+4Egn7oiAk/wpLX2S4vna6aE+GNXNCn0Iadx7ryVkmv+HAD9AF+X19FCkigJjS2LkHSQNQcWbywE+HBz2sl6Z9rHZz3jlyaQQeMfu3jsAb+302FvZ1of6AkvLK70d8t18tI2uoevQx14AQSFJyWTINUG876bm2wc5K5Dqi/GOaaT5jnLiAudiYy2+UYfSoV7DSFnJzfTpXVMOvqmhKNv904FBluEtDNw0Pyz6FLXsZcf7w42t8YyFycZ1+xwcjkFQIBD2kb/ga+DHdrkqVHcNRIRwmXNKJ5sbMLyxtRugkaDiShmy7CKpX3on4m29bC2ptAM1zrgzwqGFlvnUqO7M+rxZpNNrlRLa4blugc0roFocDCsU9nirJD3NKe51LRdVdsadcYmfOhkwyAXCMXDXFz8bmO0xc23Gm1DUSFR5KxZ2oZrcE7uWVELRTiyJgtrMzW4NTaT1dtosnhBkpR319FPMQvtkELnQQ3tSoxn0LfhM3wbqgAoQeBJ8hlz3RDlQd9+cW7uReVO9SGqQRb5Dij/TWver/2wNLOlD6Rn0avS38n/kYKDdB1EP6y5xHFK3LQ0imbw+/J52FyC0KxW7trmLzQ4hNODvuVz1Qbtq6mXx1d/+Pfzlqvif37Nf2qRkeO+K43C3dJaNqJXQBWK/oR8y2er9XWcHOJV61Xk+Grg1FGGSv3l+Orb35U51ACgcOiQ7Jy8QAvFD08qH5JWPrRAkxQv0Ex6pHbcP6qdjPOxy3E+NqId949pp1Kh9FOpsaf9T28It4Q7d+7cEW4JGxsbSHVLOT/Af+MY+ipRByR0wntQnuGwgTZ378r2pfwxtKkYBII+PASv4dfkPlEVfXqCaqLNhkYaD5lNFkeDydIMSDmb/AhtyrWTe6cyxeOCZlpnqTHU2xw1j+Qf0WZ+UlPdoSaDbdi189PsNCDQ4Rj8E1En50Cxgvkrz3ZfwLFvBP8G/h8AAP//AQAA//8C7MDZAAEAAAABGFEvc4ybXw889QABA+gAAAAA2F2gzAAAAADdZi83/r3+3QgdA8kAAgADAAIAAAAAAAAAAQAAA9j+7wAACED+vf28CB0D6ADC/9EAAAAAAAAAAAAAAD14nCzOsSuEcRzH8ffnc5lQZLhzyy99PfeUUwYLucUgI1E2u1Imi83gL/Cv+AeOSclmUVcemQwkw5Gu++mR4TN+er19yiK3oHG+c4d17xL6IvRI+IRgRHiF8DXhY8Jn9Nwh3CX0w5TGHPqIHX2wp3v2PU/pFklXFG5S6plCbbqeQ54k8UbiPV9oQOKb5UYieZrkBqWbeVj/dUDSZR5pi55nWFOfDfXzjSqWVNFWlYeqWFXFAp80/3euuuklDxRsqsgPeqLlCV7/TNiuXWD2FwAA//8BAAD//1JQOgAAAAAALgAuAFIAhACmAL4A1ADuAPwBGAFGAWwBngHCAeoCKgI+AmYChAKkAtwDFANCA3oDtAPcBCQETgRaBGYEgASiBOQFDgU8BXYFsAXOBgoGOAZkBoIGsgbkBvwHJgdoB74H1AfgB/AH/ggMCCoISAh6CIQIkgioCMYI1AABAAAAPQCMAAwAZgAHAAEAAAAAAAAAAAAAAAAABAADeJyclNtOG1cUhj8H2216uqhQRG7QvkylZEyjECXhypSgjIpw6nF6kKpKgz0+iPHMyDOYkifodd+ib5GrPkafoup1tX8vgx1FQSAE/Hv2OvxrrX9tYJP/2KBWvwv83ZwbrrHd/NnwHb5oHhneYL/5meE6Dxv/GG4waLw13ORBo2v4E97V/zT8KU/qvxm+y1b90PDnPK5vGv5yw/Gv4a94wrsFrsEz/jBcY4vC8B02+dXwBvewmLU699gx3OBrtg032QZ6TKhImZAxwjFkwogzZiSURCTMmDAkYYAjpE1Kpa8ZsZBj9MGvMREVM2JFHFPhSIlIiSkZW8S38sp5rYxDnWZ216ZiTMyJPE6JyXDkjMjJSDhVnIqKghe0aFHSF9+CipKAkgkpATkzRrTocMgRPcZMKHEcKpJnFpEzpOKcWPmdWfjO9EnIKI3VGRkD8XTil8g75AhHh0K2q5GP1iI8xPGjvD23XLbfEujXrTBbz7tkEzNXP1N1JdXNuSY41q3P2+YH4YoXuFv1Z53J9T0a6H+lyCecaf4DTSoTkwzntmgTSUGRu49jX+eQSB35iZAer+jwhp7Obbp0aXNMj5CX8u3QxfEdHY45kEcovLg7lGKO+QXH94Sy8bET689iYgm/U5i6S3GcqY4phXrumQeqNVGFN5+w36F8TR2lfPraI2/pNL9MexYzMlUUYjhVL5faKK1/A1PEVLX42V7d+22Y2+4tt/iCXDvs1brg5Ce3YHTdVIP3NHOun4CYATknsuiTM6VFxYV4vybmjBTHgbr3SltS0b708XkupJKEqRiEZIozo9Df2HQTGff+mu6dvSUD+Xump5dV3SaLU6+uZvRG3VveRdblZGUCLZtqvqKmvrhmpv1EO7XKP5Jvqdct5xGh4i52+0OvwA7P2WWPsbL0dTO/vPOvhLfYUwdOSWQ1lKZ9DY8J2CXgKbvs8pyn7/VyycYZH7fGZzV/mwP26bB3bTUL2w77vFyL9vHMf4ntjupxPLo8Pbv1NB/cQLXfaN+u3s2uJuenMbdoV9txTMzUc3FbqzW5+wT/AwAA//8BAAD//3KhUUAAAAADAAD/9QAA/84AMgAAAAAAAAAAAAAAAAAAAAAAAAAA");
 }]]></style><style type="text/css"><![CDATA[.shape {
   shape-rendering: geometricPrecision;
@@ -42,191 +42,191 @@
   opacity: 0.5;
 }
 
-		.d2-1480995423 .fill-N1{fill:#0A0F25;}
-		.d2-1480995423 .fill-N2{fill:#676C7E;}
-		.d2-1480995423 .fill-N3{fill:#9499AB;}
-		.d2-1480995423 .fill-N4{fill:#CFD2DD;}
-		.d2-1480995423 .fill-N5{fill:#DEE1EB;}
-		.d2-1480995423 .fill-N6{fill:#EEF1F8;}
-		.d2-1480995423 .fill-N7{fill:#FFFFFF;}
-		.d2-1480995423 .fill-B1{fill:#0D32B2;}
-		.d2-1480995423 .fill-B2{fill:#0D32B2;}
-		.d2-1480995423 .fill-B3{fill:#E3E9FD;}
-		.d2-1480995423 .fill-B4{fill:#E3E9FD;}
-		.d2-1480995423 .fill-B5{fill:#EDF0FD;}
-		.d2-1480995423 .fill-B6{fill:#F7F8FE;}
-		.d2-1480995423 .fill-AA2{fill:#4A6FF3;}
-		.d2-1480995423 .fill-AA4{fill:#EDF0FD;}
-		.d2-1480995423 .fill-AA5{fill:#F7F8FE;}
-		.d2-1480995423 .fill-AB4{fill:#EDF0FD;}
-		.d2-1480995423 .fill-AB5{fill:#F7F8FE;}
-		.d2-1480995423 .stroke-N1{stroke:#0A0F25;}
-		.d2-1480995423 .stroke-N2{stroke:#676C7E;}
-		.d2-1480995423 .stroke-N3{stroke:#9499AB;}
-		.d2-1480995423 .stroke-N4{stroke:#CFD2DD;}
-		.d2-1480995423 .stroke-N5{stroke:#DEE1EB;}
-		.d2-1480995423 .stroke-N6{stroke:#EEF1F8;}
-		.d2-1480995423 .stroke-N7{stroke:#FFFFFF;}
-		.d2-1480995423 .stroke-B1{stroke:#0D32B2;}
-		.d2-1480995423 .stroke-B2{stroke:#0D32B2;}
-		.d2-1480995423 .stroke-B3{stroke:#E3E9FD;}
-		.d2-1480995423 .stroke-B4{stroke:#E3E9FD;}
-		.d2-1480995423 .stroke-B5{stroke:#EDF0FD;}
-		.d2-1480995423 .stroke-B6{stroke:#F7F8FE;}
-		.d2-1480995423 .stroke-AA2{stroke:#4A6FF3;}
-		.d2-1480995423 .stroke-AA4{stroke:#EDF0FD;}
-		.d2-1480995423 .stroke-AA5{stroke:#F7F8FE;}
-		.d2-1480995423 .stroke-AB4{stroke:#EDF0FD;}
-		.d2-1480995423 .stroke-AB5{stroke:#F7F8FE;}
-		.d2-1480995423 .background-color-N1{background-color:#0A0F25;}
-		.d2-1480995423 .background-color-N2{background-color:#676C7E;}
-		.d2-1480995423 .background-color-N3{background-color:#9499AB;}
-		.d2-1480995423 .background-color-N4{background-color:#CFD2DD;}
-		.d2-1480995423 .background-color-N5{background-color:#DEE1EB;}
-		.d2-1480995423 .background-color-N6{background-color:#EEF1F8;}
-		.d2-1480995423 .background-color-N7{background-color:#FFFFFF;}
-		.d2-1480995423 .background-color-B1{background-color:#0D32B2;}
-		.d2-1480995423 .background-color-B2{background-color:#0D32B2;}
-		.d2-1480995423 .background-color-B3{background-color:#E3E9FD;}
-		.d2-1480995423 .background-color-B4{background-color:#E3E9FD;}
-		.d2-1480995423 .background-color-B5{background-color:#EDF0FD;}
-		.d2-1480995423 .background-color-B6{background-color:#F7F8FE;}
-		.d2-1480995423 .background-color-AA2{background-color:#4A6FF3;}
-		.d2-1480995423 .background-color-AA4{background-color:#EDF0FD;}
-		.d2-1480995423 .background-color-AA5{background-color:#F7F8FE;}
-		.d2-1480995423 .background-color-AB4{background-color:#EDF0FD;}
-		.d2-1480995423 .background-color-AB5{background-color:#F7F8FE;}
-		.d2-1480995423 .color-N1{color:#0A0F25;}
-		.d2-1480995423 .color-N2{color:#676C7E;}
-		.d2-1480995423 .color-N3{color:#9499AB;}
-		.d2-1480995423 .color-N4{color:#CFD2DD;}
-		.d2-1480995423 .color-N5{color:#DEE1EB;}
-		.d2-1480995423 .color-N6{color:#EEF1F8;}
-		.d2-1480995423 .color-N7{color:#FFFFFF;}
-		.d2-1480995423 .color-B1{color:#0D32B2;}
-		.d2-1480995423 .color-B2{color:#0D32B2;}
-		.d2-1480995423 .color-B3{color:#E3E9FD;}
-		.d2-1480995423 .color-B4{color:#E3E9FD;}
-		.d2-1480995423 .color-B5{color:#EDF0FD;}
-		.d2-1480995423 .color-B6{color:#F7F8FE;}
-		.d2-1480995423 .color-AA2{color:#4A6FF3;}
-		.d2-1480995423 .color-AA4{color:#EDF0FD;}
-		.d2-1480995423 .color-AA5{color:#F7F8FE;}
-		.d2-1480995423 .color-AB4{color:#EDF0FD;}
-		.d2-1480995423 .color-AB5{color:#F7F8FE;}.appendix text.text{fill:#0A0F25}.md{--color-fg-default:#0A0F25;--color-fg-muted:#676C7E;--color-fg-subtle:#9499AB;--color-canvas-default:#FFFFFF;--color-canvas-subtle:#EEF1F8;--color-border-default:#0D32B2;--color-border-muted:#0D32B2;--color-neutral-muted:#EEF1F8;--color-accent-fg:#0D32B2;--color-accent-emphasis:#0D32B2;--color-attention-subtle:#676C7E;--color-danger-fg:red;}.sketch-overlay-B1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B2{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B3{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-AA4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-N2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-N3{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N4{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N7{fill:url(#streaks-bright);mix-blend-mode:darken}.light-code{display: block}.dark-code{display: none}]]></style><style type="text/css">.d2-1480995423 .md em,
-.d2-1480995423 .md dfn {
-  font-family: "d2-1480995423-font-italic";
-}
-
-.d2-1480995423 .md b,
-.d2-1480995423 .md strong {
-  font-family: "d2-1480995423-font-bold";
-}
-
-.d2-1480995423 .md code,
-.d2-1480995423 .md kbd,
-.d2-1480995423 .md pre,
-.d2-1480995423 .md samp {
-  font-family: "d2-1480995423-font-mono";
+		.d2-4033683774 .fill-N1{fill:#0A0F25;}
+		.d2-4033683774 .fill-N2{fill:#676C7E;}
+		.d2-4033683774 .fill-N3{fill:#9499AB;}
+		.d2-4033683774 .fill-N4{fill:#CFD2DD;}
+		.d2-4033683774 .fill-N5{fill:#DEE1EB;}
+		.d2-4033683774 .fill-N6{fill:#EEF1F8;}
+		.d2-4033683774 .fill-N7{fill:#FFFFFF;}
+		.d2-4033683774 .fill-B1{fill:#0D32B2;}
+		.d2-4033683774 .fill-B2{fill:#0D32B2;}
+		.d2-4033683774 .fill-B3{fill:#E3E9FD;}
+		.d2-4033683774 .fill-B4{fill:#E3E9FD;}
+		.d2-4033683774 .fill-B5{fill:#EDF0FD;}
+		.d2-4033683774 .fill-B6{fill:#F7F8FE;}
+		.d2-4033683774 .fill-AA2{fill:#4A6FF3;}
+		.d2-4033683774 .fill-AA4{fill:#EDF0FD;}
+		.d2-4033683774 .fill-AA5{fill:#F7F8FE;}
+		.d2-4033683774 .fill-AB4{fill:#EDF0FD;}
+		.d2-4033683774 .fill-AB5{fill:#F7F8FE;}
+		.d2-4033683774 .stroke-N1{stroke:#0A0F25;}
+		.d2-4033683774 .stroke-N2{stroke:#676C7E;}
+		.d2-4033683774 .stroke-N3{stroke:#9499AB;}
+		.d2-4033683774 .stroke-N4{stroke:#CFD2DD;}
+		.d2-4033683774 .stroke-N5{stroke:#DEE1EB;}
+		.d2-4033683774 .stroke-N6{stroke:#EEF1F8;}
+		.d2-4033683774 .stroke-N7{stroke:#FFFFFF;}
+		.d2-4033683774 .stroke-B1{stroke:#0D32B2;}
+		.d2-4033683774 .stroke-B2{stroke:#0D32B2;}
+		.d2-4033683774 .stroke-B3{stroke:#E3E9FD;}
+		.d2-4033683774 .stroke-B4{stroke:#E3E9FD;}
+		.d2-4033683774 .stroke-B5{stroke:#EDF0FD;}
+		.d2-4033683774 .stroke-B6{stroke:#F7F8FE;}
+		.d2-4033683774 .stroke-AA2{stroke:#4A6FF3;}
+		.d2-4033683774 .stroke-AA4{stroke:#EDF0FD;}
+		.d2-4033683774 .stroke-AA5{stroke:#F7F8FE;}
+		.d2-4033683774 .stroke-AB4{stroke:#EDF0FD;}
+		.d2-4033683774 .stroke-AB5{stroke:#F7F8FE;}
+		.d2-4033683774 .background-color-N1{background-color:#0A0F25;}
+		.d2-4033683774 .background-color-N2{background-color:#676C7E;}
+		.d2-4033683774 .background-color-N3{background-color:#9499AB;}
+		.d2-4033683774 .background-color-N4{background-color:#CFD2DD;}
+		.d2-4033683774 .background-color-N5{background-color:#DEE1EB;}
+		.d2-4033683774 .background-color-N6{background-color:#EEF1F8;}
+		.d2-4033683774 .background-color-N7{background-color:#FFFFFF;}
+		.d2-4033683774 .background-color-B1{background-color:#0D32B2;}
+		.d2-4033683774 .background-color-B2{background-color:#0D32B2;}
+		.d2-4033683774 .background-color-B3{background-color:#E3E9FD;}
+		.d2-4033683774 .background-color-B4{background-color:#E3E9FD;}
+		.d2-4033683774 .background-color-B5{background-color:#EDF0FD;}
+		.d2-4033683774 .background-color-B6{background-color:#F7F8FE;}
+		.d2-4033683774 .background-color-AA2{background-color:#4A6FF3;}
+		.d2-4033683774 .background-color-AA4{background-color:#EDF0FD;}
+		.d2-4033683774 .background-color-AA5{background-color:#F7F8FE;}
+		.d2-4033683774 .background-color-AB4{background-color:#EDF0FD;}
+		.d2-4033683774 .background-color-AB5{background-color:#F7F8FE;}
+		.d2-4033683774 .color-N1{color:#0A0F25;}
+		.d2-4033683774 .color-N2{color:#676C7E;}
+		.d2-4033683774 .color-N3{color:#9499AB;}
+		.d2-4033683774 .color-N4{color:#CFD2DD;}
+		.d2-4033683774 .color-N5{color:#DEE1EB;}
+		.d2-4033683774 .color-N6{color:#EEF1F8;}
+		.d2-4033683774 .color-N7{color:#FFFFFF;}
+		.d2-4033683774 .color-B1{color:#0D32B2;}
+		.d2-4033683774 .color-B2{color:#0D32B2;}
+		.d2-4033683774 .color-B3{color:#E3E9FD;}
+		.d2-4033683774 .color-B4{color:#E3E9FD;}
+		.d2-4033683774 .color-B5{color:#EDF0FD;}
+		.d2-4033683774 .color-B6{color:#F7F8FE;}
+		.d2-4033683774 .color-AA2{color:#4A6FF3;}
+		.d2-4033683774 .color-AA4{color:#EDF0FD;}
+		.d2-4033683774 .color-AA5{color:#F7F8FE;}
+		.d2-4033683774 .color-AB4{color:#EDF0FD;}
+		.d2-4033683774 .color-AB5{color:#F7F8FE;}.appendix text.text{fill:#0A0F25}.md{--color-fg-default:#0A0F25;--color-fg-muted:#676C7E;--color-fg-subtle:#9499AB;--color-canvas-default:#FFFFFF;--color-canvas-subtle:#EEF1F8;--color-border-default:#0D32B2;--color-border-muted:#0D32B2;--color-neutral-muted:#EEF1F8;--color-accent-fg:#0D32B2;--color-accent-emphasis:#0D32B2;--color-attention-subtle:#676C7E;--color-danger-fg:red;}.sketch-overlay-B1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B2{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-B3{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-B6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-AA4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AA5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB4{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-AB5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N1{fill:url(#streaks-darker);mix-blend-mode:lighten}.sketch-overlay-N2{fill:url(#streaks-dark);mix-blend-mode:overlay}.sketch-overlay-N3{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N4{fill:url(#streaks-normal);mix-blend-mode:color-burn}.sketch-overlay-N5{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N6{fill:url(#streaks-bright);mix-blend-mode:darken}.sketch-overlay-N7{fill:url(#streaks-bright);mix-blend-mode:darken}.light-code{display: block}.dark-code{display: none}]]></style><style type="text/css">.d2-4033683774 .md em,
+.d2-4033683774 .md dfn {
+  font-family: "d2-4033683774-font-italic";
+}
+
+.d2-4033683774 .md b,
+.d2-4033683774 .md strong {
+  font-family: "d2-4033683774-font-bold";
+}
+
+.d2-4033683774 .md code,
+.d2-4033683774 .md kbd,
+.d2-4033683774 .md pre,
+.d2-4033683774 .md samp {
+  font-family: "d2-4033683774-font-mono";
   font-size: 1em;
 }
 
-.d2-1480995423 .md {
+.d2-4033683774 .md {
   tab-size: 4;
 }
 
 /* variables are provided in d2renderers/d2svg/d2svg.go */
 
-.d2-1480995423 .md {
+.d2-4033683774 .md {
   -ms-text-size-adjust: 100%;
   -webkit-text-size-adjust: 100%;
   margin: 0;
   color: var(--color-fg-default);
   background-color: transparent; /* we don't want to define the background color */
-  font-family: "d2-1480995423-font-regular";
+  font-family: "d2-4033683774-font-regular";
   font-size: 16px;
   line-height: 1.5;
   word-wrap: break-word;
 }
 
-.d2-1480995423 .md details,
-.d2-1480995423 .md figcaption,
-.d2-1480995423 .md figure {
+.d2-4033683774 .md details,
+.d2-4033683774 .md figcaption,
+.d2-4033683774 .md figure {
   display: block;
 }
 
-.d2-1480995423 .md summary {
+.d2-4033683774 .md summary {
   display: list-item;
 }
 
-.d2-1480995423 .md [hidden] {
+.d2-4033683774 .md [hidden] {
   display: none !important;
 }
 
-.d2-1480995423 .md a {
+.d2-4033683774 .md a {
   background-color: transparent;
   color: var(--color-accent-fg);
   text-decoration: none;
 }
 
-.d2-1480995423 .md a:active,
-.d2-1480995423 .md a:hover {
+.d2-4033683774 .md a:active,
+.d2-4033683774 .md a:hover {
   outline-width: 0;
 }
 
-.d2-1480995423 .md abbr[title] {
+.d2-4033683774 .md abbr[title] {
   border-bottom: none;
   text-decoration: underline dotted;
 }
 
-.d2-1480995423 .md dfn {
+.d2-4033683774 .md dfn {
   font-style: italic;
 }
 
-.d2-1480995423 .md h1 {
+.d2-4033683774 .md h1 {
   margin: 0.67em 0;
   padding-bottom: 0.3em;
   font-size: 2em;
   border-bottom: 1px solid var(--color-border-muted);
 }
 
-.d2-1480995423 .md mark {
+.d2-4033683774 .md mark {
   background-color: var(--color-attention-subtle);
   color: var(--color-text-primary);
 }
 
-.d2-1480995423 .md small {
+.d2-4033683774 .md small {
   font-size: 90%;
 }
 
-.d2-1480995423 .md sub,
-.d2-1480995423 .md sup {
+.d2-4033683774 .md sub,
+.d2-4033683774 .md sup {
   font-size: 75%;
   line-height: 0;
   position: relative;
   vertical-align: baseline;
 }
 
-.d2-1480995423 .md sub {
+.d2-4033683774 .md sub {
   bottom: -0.25em;
 }
 
-.d2-1480995423 .md sup {
+.d2-4033683774 .md sup {
   top: -0.5em;
 }
 
-.d2-1480995423 .md img {
+.d2-4033683774 .md img {
   border-style: none;
   max-width: 100%;
   box-sizing: content-box;
   background-color: var(--color-canvas-default);
 }
 
-.d2-1480995423 .md figure {
+.d2-4033683774 .md figure {
   margin: 1em 40px;
 }
 
-.d2-1480995423 .md hr {
+.d2-4033683774 .md hr {
   box-sizing: content-box;
   overflow: hidden;
   background: transparent;
@@ -238,7 +238,7 @@
   border: 0;
 }
 
-.d2-1480995423 .md input {
+.d2-4033683774 .md input {
   font: inherit;
   margin: 0;
   overflow: visible;
@@ -247,72 +247,72 @@
   line-height: inherit;
 }
 
-.d2-1480995423 .md [type="button"],
-.d2-1480995423 .md [type="reset"],
-.d2-1480995423 .md [type="submit"] {
+.d2-4033683774 .md [type="button"],
+.d2-4033683774 .md [type="reset"],
+.d2-4033683774 .md [type="submit"] {
   -webkit-appearance: button;
 }
 
-.d2-1480995423 .md [type="button"]::-moz-focus-inner,
-.d2-1480995423 .md [type="reset"]::-moz-focus-inner,
-.d2-1480995423 .md [type="submit"]::-moz-focus-inner {
+.d2-4033683774 .md [type="button"]::-moz-focus-inner,
+.d2-4033683774 .md [type="reset"]::-moz-focus-inner,
+.d2-4033683774 .md [type="submit"]::-moz-focus-inner {
   border-style: none;
   padding: 0;
 }
 
-.d2-1480995423 .md [type="button"]:-moz-focusring,
-.d2-1480995423 .md [type="reset"]:-moz-focusring,
-.d2-1480995423 .md [type="submit"]:-moz-focusring {
+.d2-4033683774 .md [type="button"]:-moz-focusring,
+.d2-4033683774 .md [type="reset"]:-moz-focusring,
+.d2-4033683774 .md [type="submit"]:-moz-focusring {
   outline: 1px dotted ButtonText;
 }
 
-.d2-1480995423 .md [type="checkbox"],
-.d2-1480995423 .md [type="radio"] {
+.d2-4033683774 .md [type="checkbox"],
+.d2-4033683774 .md [type="radio"] {
   box-sizing: border-box;
   padding: 0;
 }
 
-.d2-1480995423 .md [type="number"]::-webkit-inner-spin-button,
-.d2-1480995423 .md [type="number"]::-webkit-outer-spin-button {
+.d2-4033683774 .md [type="number"]::-webkit-inner-spin-button,
+.d2-4033683774 .md [type="number"]::-webkit-outer-spin-button {
   height: auto;
 }
 
-.d2-1480995423 .md [type="search"] {
+.d2-4033683774 .md [type="search"] {
   -webkit-appearance: textfield;
   outline-offset: -2px;
 }
 
-.d2-1480995423 .md [type="search"]::-webkit-search-cancel-button,
-.d2-1480995423 .md [type="search"]::-webkit-search-decoration {
+.d2-4033683774 .md [type="search"]::-webkit-search-cancel-button,
+.d2-4033683774 .md [type="search"]::-webkit-search-decoration {
   -webkit-appearance: none;
 }
 
-.d2-1480995423 .md ::-webkit-input-placeholder {
+.d2-4033683774 .md ::-webkit-input-placeholder {
   color: inherit;
   opacity: 0.54;
 }
 
-.d2-1480995423 .md ::-webkit-file-upload-button {
+.d2-4033683774 .md ::-webkit-file-upload-button {
   -webkit-appearance: button;
   font: inherit;
 }
 
-.d2-1480995423 .md a:hover {
+.d2-4033683774 .md a:hover {
   text-decoration: underline;
 }
 
-.d2-1480995423 .md hr::before {
+.d2-4033683774 .md hr::before {
   display: table;
   content: "";
 }
 
-.d2-1480995423 .md hr::after {
+.d2-4033683774 .md hr::after {
   display: table;
   clear: both;
   content: "";
 }
 
-.d2-1480995423 .md table {
+.d2-4033683774 .md table {
   border-spacing: 0;
   border-collapse: collapse;
   display: block;
@@ -321,20 +321,20 @@
   overflow: auto;
 }
 
-.d2-1480995423 .md td,
-.d2-1480995423 .md th {
+.d2-4033683774 .md td,
+.d2-4033683774 .md th {
   padding: 0;
 }
 
-.d2-1480995423 .md details summary {
+.d2-4033683774 .md details summary {
   cursor: pointer;
 }
 
-.d2-1480995423 .md details:not([open]) > *:not(summary) {
+.d2-4033683774 .md details:not([open]) > *:not(summary) {
   display: none !important;
 }
 
-.d2-1480995423 .md kbd {
+.d2-4033683774 .md kbd {
   display: inline-block;
   padding: 3px 5px;
   color: var(--color-fg-default);
@@ -346,279 +346,279 @@
   box-shadow: inset 0 -1px 0 var(--color-neutral-muted);
 }
 
-.d2-1480995423 .md h1,
-.d2-1480995423 .md h2,
-.d2-1480995423 .md h3,
-.d2-1480995423 .md h4,
-.d2-1480995423 .md h5,
-.d2-1480995423 .md h6 {
+.d2-4033683774 .md h1,
+.d2-4033683774 .md h2,
+.d2-4033683774 .md h3,
+.d2-4033683774 .md h4,
+.d2-4033683774 .md h5,
+.d2-4033683774 .md h6 {
   margin-top: 24px;
   margin-bottom: 16px;
   font-weight: 400;
   line-height: 1.25;
-  font-family: "d2-1480995423-font-semibold";
+  font-family: "d2-4033683774-font-semibold";
 }
 
-.d2-1480995423 .md h2 {
+.d2-4033683774 .md h2 {
   padding-bottom: 0.3em;
   font-size: 1.5em;
   border-bottom: 1px solid var(--color-border-muted);
 }
 
-.d2-1480995423 .md h3 {
+.d2-4033683774 .md h3 {
   font-size: 1.25em;
 }
 
-.d2-1480995423 .md h4 {
+.d2-4033683774 .md h4 {
   font-size: 1em;
 }
 
-.d2-1480995423 .md h5 {
+.d2-4033683774 .md h5 {
   font-size: 0.875em;
 }
 
-.d2-1480995423 .md h6 {
+.d2-4033683774 .md h6 {
   font-size: 0.85em;
   color: var(--color-fg-muted);
 }
 
-.d2-1480995423 .md p {
+.d2-4033683774 .md p {
   margin-top: 0;
   margin-bottom: 10px;
 }
 
-.d2-1480995423 .md blockquote {
+.d2-4033683774 .md blockquote {
   margin: 0;
   padding: 0 1em;
   color: var(--color-fg-muted);
   border-left: 0.25em solid var(--color-border-default);
 }
 
-.d2-1480995423 .md ul,
-.d2-1480995423 .md ol {
+.d2-4033683774 .md ul,
+.d2-4033683774 .md ol {
   margin-top: 0;
   margin-bottom: 0;
   padding-left: 2em;
 }
 
-.d2-1480995423 .md ol ol,
-.d2-1480995423 .md ul ol {
+.d2-4033683774 .md ol ol,
+.d2-4033683774 .md ul ol {
   list-style-type: lower-roman;
 }
 
-.d2-1480995423 .md ul ul ol,
-.d2-1480995423 .md ul ol ol,
-.d2-1480995423 .md ol ul ol,
-.d2-1480995423 .md ol ol ol {
+.d2-4033683774 .md ul ul ol,
+.d2-4033683774 .md ul ol ol,
+.d2-4033683774 .md ol ul ol,
+.d2-4033683774 .md ol ol ol {
   list-style-type: lower-alpha;
 }
 
-.d2-1480995423 .md dd {
+.d2-4033683774 .md dd {
   margin-left: 0;
 }
 
-.d2-1480995423 .md pre {
+.d2-4033683774 .md pre {
   margin-top: 0;
   margin-bottom: 0;
   word-wrap: normal;
 }
 
-.d2-1480995423 .md ::placeholder {
+.d2-4033683774 .md ::placeholder {
   color: var(--color-fg-subtle);
   opacity: 1;
 }
 
-.d2-1480995423 .md input::-webkit-outer-spin-button,
-.d2-1480995423 .md input::-webkit-inner-spin-button {
+.d2-4033683774 .md input::-webkit-outer-spin-button,
+.d2-4033683774 .md input::-webkit-inner-spin-button {
   margin: 0;
   -webkit-appearance: none;
   appearance: none;
 }
 
-.d2-1480995423 .md::before {
+.d2-4033683774 .md::before {
   display: table;
   content: "";
 }
 
-.d2-1480995423 .md::after {
+.d2-4033683774 .md::after {
   display: table;
   clear: both;
   content: "";
 }
 
-.d2-1480995423 .md > *:first-child {
+.d2-4033683774 .md > *:first-child {
   margin-top: 0 !important;
 }
 
-.d2-1480995423 .md > *:last-child {
+.d2-4033683774 .md > *:last-child {
   margin-bottom: 0 !important;
 }
 
-.d2-1480995423 .md a:not([href]) {
+.d2-4033683774 .md a:not([href]) {
   color: inherit;
   text-decoration: none;
 }
 
-.d2-1480995423 .md .absent {
+.d2-4033683774 .md .absent {
   color: var(--color-danger-fg);
 }
 
-.d2-1480995423 .md .anchor {
+.d2-4033683774 .md .anchor {
   float: left;
   padding-right: 4px;
   margin-left: -20px;
   line-height: 1;
 }
 
-.d2-1480995423 .md .anchor:focus {
+.d2-4033683774 .md .anchor:focus {
   outline: none;
 }
 
-.d2-1480995423 .md p,
-.d2-1480995423 .md blockquote,
-.d2-1480995423 .md ul,
-.d2-1480995423 .md ol,
-.d2-1480995423 .md dl,
-.d2-1480995423 .md table,
-.d2-1480995423 .md pre,
-.d2-1480995423 .md details {
+.d2-4033683774 .md p,
+.d2-4033683774 .md blockquote,
+.d2-4033683774 .md ul,
+.d2-4033683774 .md ol,
+.d2-4033683774 .md dl,
+.d2-4033683774 .md table,
+.d2-4033683774 .md pre,
+.d2-4033683774 .md details {
   margin-top: 0;
   margin-bottom: 16px;
 }
 
-.d2-1480995423 .md blockquote > :first-child {
+.d2-4033683774 .md blockquote > :first-child {
   margin-top: 0;
 }
 
-.d2-1480995423 .md blockquote > :last-child {
+.d2-4033683774 .md blockquote > :last-child {
   margin-bottom: 0;
 }
 
-.d2-1480995423 .md sup > a::before {
+.d2-4033683774 .md sup > a::before {
   content: "[";
 }
 
-.d2-1480995423 .md sup > a::after {
+.d2-4033683774 .md sup > a::after {
   content: "]";
 }
 
-.d2-1480995423 .md h1:hover .anchor,
-.d2-1480995423 .md h2:hover .anchor,
-.d2-1480995423 .md h3:hover .anchor,
-.d2-1480995423 .md h4:hover .anchor,
-.d2-1480995423 .md h5:hover .anchor,
-.d2-1480995423 .md h6:hover .anchor {
+.d2-4033683774 .md h1:hover .anchor,
+.d2-4033683774 .md h2:hover .anchor,
+.d2-4033683774 .md h3:hover .anchor,
+.d2-4033683774 .md h4:hover .anchor,
+.d2-4033683774 .md h5:hover .anchor,
+.d2-4033683774 .md h6:hover .anchor {
   text-decoration: none;
 }
 
-.d2-1480995423 .md h1 tt,
-.d2-1480995423 .md h1 code,
-.d2-1480995423 .md h2 tt,
-.d2-1480995423 .md h2 code,
-.d2-1480995423 .md h3 tt,
-.d2-1480995423 .md h3 code,
-.d2-1480995423 .md h4 tt,
-.d2-1480995423 .md h4 code,
-.d2-1480995423 .md h5 tt,
-.d2-1480995423 .md h5 code,
-.d2-1480995423 .md h6 tt,
-.d2-1480995423 .md h6 code {
+.d2-4033683774 .md h1 tt,
+.d2-4033683774 .md h1 code,
+.d2-4033683774 .md h2 tt,
+.d2-4033683774 .md h2 code,
+.d2-4033683774 .md h3 tt,
+.d2-4033683774 .md h3 code,
+.d2-4033683774 .md h4 tt,
+.d2-4033683774 .md h4 code,
+.d2-4033683774 .md h5 tt,
+.d2-4033683774 .md h5 code,
+.d2-4033683774 .md h6 tt,
+.d2-4033683774 .md h6 code {
   padding: 0 0.2em;
   font-size: inherit;
 }
 
-.d2-1480995423 .md ul.no-list,
-.d2-1480995423 .md ol.no-list {
+.d2-4033683774 .md ul.no-list,
+.d2-4033683774 .md ol.no-list {
   padding: 0;
   list-style-type: none;
 }
 
-.d2-1480995423 .md ol[type="1"] {
+.d2-4033683774 .md ol[type="1"] {
   list-style-type: decimal;
 }
 
-.d2-1480995423 .md ol[type="a"] {
+.d2-4033683774 .md ol[type="a"] {
   list-style-type: lower-alpha;
 }
 
-.d2-1480995423 .md ol[type="i"] {
+.d2-4033683774 .md ol[type="i"] {
   list-style-type: lower-roman;
 }
 
-.d2-1480995423 .md div > ol:not([type]) {
+.d2-4033683774 .md div > ol:not([type]) {
   list-style-type: decimal;
 }
 
-.d2-1480995423 .md ul ul,
-.d2-1480995423 .md ul ol,
-.d2-1480995423 .md ol ol,
-.d2-1480995423 .md ol ul {
+.d2-4033683774 .md ul ul,
+.d2-4033683774 .md ul ol,
+.d2-4033683774 .md ol ol,
+.d2-4033683774 .md ol ul {
   margin-top: 0;
   margin-bottom: 0;
 }
 
-.d2-1480995423 .md li > p {
+.d2-4033683774 .md li > p {
   margin-top: 16px;
 }
 
-.d2-1480995423 .md li + li {
+.d2-4033683774 .md li + li {
   margin-top: 0.25em;
 }
 
-.d2-1480995423 .md dl {
+.d2-4033683774 .md dl {
   padding: 0;
 }
 
-.d2-1480995423 .md dl dt {
+.d2-4033683774 .md dl dt {
   padding: 0;
   margin-top: 16px;
   font-size: 1em;
   font-style: italic;
-  font-family: "d2-1480995423-font-semibold";
+  font-family: "d2-4033683774-font-semibold";
 }
 
-.d2-1480995423 .md dl dd {
+.d2-4033683774 .md dl dd {
   padding: 0 16px;
   margin-bottom: 16px;
 }
 
-.d2-1480995423 .md table th {
-  font-family: "d2-1480995423-font-semibold";
+.d2-4033683774 .md table th {
+  font-family: "d2-4033683774-font-semibold";
 }
 
-.d2-1480995423 .md table th,
-.d2-1480995423 .md table td {
+.d2-4033683774 .md table th,
+.d2-4033683774 .md table td {
   padding: 6px 13px;
   border: 1px solid var(--color-border-default);
 }
 
-.d2-1480995423 .md table tr {
+.d2-4033683774 .md table tr {
   background-color: var(--color-canvas-default);
   border-top: 1px solid var(--color-border-muted);
 }
 
-.d2-1480995423 .md table tr:nth-child(2n) {
+.d2-4033683774 .md table tr:nth-child(2n) {
   background-color: var(--color-canvas-subtle);
 }
 
-.d2-1480995423 .md table img {
+.d2-4033683774 .md table img {
   background-color: transparent;
 }
 
-.d2-1480995423 .md img[align="right"] {
+.d2-4033683774 .md img[align="right"] {
   padding-left: 20px;
 }
 
-.d2-1480995423 .md img[align="left"] {
+.d2-4033683774 .md img[align="left"] {
   padding-right: 20px;
 }
 
-.d2-1480995423 .md span.frame {
+.d2-4033683774 .md span.frame {
   display: block;
   overflow: hidden;
 }
 
-.d2-1480995423 .md span.frame > span {
+.d2-4033683774 .md span.frame > span {
   display: block;
   float: left;
   width: auto;
@@ -628,81 +628,81 @@
   border: 1px solid var(--color-border-default);
 }
 
-.d2-1480995423 .md span.frame span img {
+.d2-4033683774 .md span.frame span img {
   display: block;
   float: left;
 }
 
-.d2-1480995423 .md span.frame span span {
+.d2-4033683774 .md span.frame span span {
   display: block;
   padding: 5px 0 0;
   clear: both;
   color: var(--color-fg-default);
 }
 
-.d2-1480995423 .md span.align-center {
+.d2-4033683774 .md span.align-center {
   display: block;
   overflow: hidden;
   clear: both;
 }
 
-.d2-1480995423 .md span.align-center > span {
+.d2-4033683774 .md span.align-center > span {
   display: block;
   margin: 13px auto 0;
   overflow: hidden;
   text-align: center;
 }
 
-.d2-1480995423 .md span.align-center span img {
+.d2-4033683774 .md span.align-center span img {
   margin: 0 auto;
   text-align: center;
 }
 
-.d2-1480995423 .md span.align-right {
+.d2-4033683774 .md span.align-right {
   display: block;
   overflow: hidden;
   clear: both;
 }
 
-.d2-1480995423 .md span.align-right > span {
+.d2-4033683774 .md span.align-right > span {
   display: block;
   margin: 13px 0 0;
   overflow: hidden;
   text-align: right;
 }
 
-.d2-1480995423 .md span.align-right span img {
+.d2-4033683774 .md span.align-right span img {
   margin: 0;
   text-align: right;
 }
 
-.d2-1480995423 .md span.float-left {
+.d2-4033683774 .md span.float-left {
   display: block;
   float: left;
   margin-right: 13px;
   overflow: hidden;
 }
 
-.d2-1480995423 .md span.float-left span {
+.d2-4033683774 .md span.float-left span {
   margin: 13px 0 0;
 }
 
-.d2-1480995423 .md span.float-right {
+.d2-4033683774 .md span.float-right {
   display: block;
   float: right;
   margin-left: 13px;
   overflow: hidden;
 }
 
-.d2-1480995423 .md span.float-right > span {
+.d2-4033683774 .md span.float-right > span {
   display: block;
   margin: 13px auto 0;
   overflow: hidden;
   text-align: right;
 }
 
-.d2-1480995423 .md code,
-.d2-1480995423 .md tt {
+.d2-4033683774 .md code,
+.d2-4033683774 .md tt {
   padding: 0.2em 0.4em;
   margin: 0;
   font-size: 85%;
@@ -710,20 +710,20 @@
   border-radius: 6px;
 }
 
-.d2-1480995423 .md code br,
-.d2-1480995423 .md tt br {
+.d2-4033683774 .md code br,
+.d2-4033683774 .md tt br {
   display: none;
 }
 
-.d2-1480995423 .md del code {
+.d2-4033683774 .md del code {
   text-decoration: inherit;
 }
 
-.d2-1480995423 .md pre code {
+.d2-4033683774 .md pre code {
   font-size: 100%;
 }
 
-.d2-1480995423 .md pre > code {
+.d2-4033683774 .md pre > code {
   padding: 0;
   margin: 0;
   word-break: normal;
@@ -732,17 +732,17 @@
   border: 0;
 }
 
-.d2-1480995423 .md .highlight {
+.d2-4033683774 .md .highlight {
   margin-bottom: 16px;
 }
 
-.d2-1480995423 .md .highlight pre {
+.d2-4033683774 .md .highlight pre {
   margin-bottom: 0;
   word-break: normal;
 }
 
-.d2-1480995423 .md .highlight pre,
-.d2-1480995423 .md pre {
+.d2-4033683774 .md .highlight pre,
+.d2-4033683774 .md pre {
   padding: 16px;
   overflow: auto;
   font-size: 85%;
@@ -751,8 +751,8 @@
   border-radius: 6px;
 }
 
-.d2-1480995423 .md pre code,
-.d2-1480995423 .md pre tt {
+.d2-4033683774 .md pre code,
+.d2-4033683774 .md pre tt {
   display: inline;
   max-width: auto;
   padding: 0;
@@ -764,8 +764,8 @@
   border: 0;
 }
 
-.d2-1480995423 .md .csv-data td,
-.d2-1480995423 .md .csv-data th {
+.d2-4033683774 .md .csv-data td,
+.d2-4033683774 .md .csv-data th {
   padding: 5px;
   overflow: hidden;
   font-size: 12px;
@@ -774,38 +774,38 @@
   white-space: nowrap;
 }
 
-.d2-1480995423 .md .csv-data .blob-num {
+.d2-4033683774 .md .csv-data .blob-num {
   padding: 10px 8px 9px;
   text-align: right;
   background: var(--color-canvas-default);
   border: 0;
 }
 
-.d2-1480995423 .md .csv-data tr {
+.d2-4033683774 .md .csv-data tr {
   border-top: 0;
 }
 
-.d2-1480995423 .md .csv-data th {
-  font-family: "d2-1480995423-font-semibold";
+.d2-4033683774 .md .csv-data th {
+  font-family: "d2-4033683774-font-semibold";
   background: var(--color-canvas-subtle);
   border-top: 0;
 }
 
-.d2-1480995423 .md .footnotes {
+.d2-4033683774 .md .footnotes {
   font-size: 12px;
   color: var(--color-fg-muted);
   border-top: 1px solid var(--color-border-default);
 }
 
-.d2-1480995423 .md .footnotes ol {
+.d2-4033683774 .md .footnotes ol {
   padding-left: 16px;
 }
 
-.d2-1480995423 .md .footnotes li {
+.d2-4033683774 .md .footnotes li {
   position: relative;
 }
 
-.d2-1480995423 .md .footnotes li:target::before {
+.d2-4033683774 .md .footnotes li:target::before {
   position: absolute;
   top: -8px;
   right: -8px;
@@ -817,42 +817,42 @@
   border-radius: 6px;
 }
 
-.d2-1480995423 .md .footnotes li:target {
+.d2-4033683774 .md .footnotes li:target {
   color: var(--color-fg-default);
 }
 
-.d2-1480995423 .md .task-list-item {
+.d2-4033683774 .md .task-list-item {
   list-style-type: none;
 }
 
-.d2-1480995423 .md .task-list-item label {
+.d2-4033683774 .md .task-list-item label {
   font-weight: 400;
 }
 
-.d2-1480995423 .md .task-list-item.enabled label {
+.d2-4033683774 .md .task-list-item.enabled label {
   cursor: pointer;
 }
 
-.d2-1480995423 .md .task-list-item + .task-list-item {
+.d2-4033683774 .md .task-list-item + .task-list-item {
   margin-top: 3px;
 }
 
-.d2-1480995423 .md .task-list-item .handle {
+.d2-4033683774 .md .task-list-item .handle {
   display: none;
 }
 
-.d2-1480995423 .md .task-list-item-checkbox {
+.d2-4033683774 .md .task-list-item-checkbox {
   margin: 0 0.2em 0.25em -1.6em;
   vertical-align: middle;
 }
 
-.d2-1480995423 .md .contains-task-list:dir(rtl) .task-list-item-checkbox {
+.d2-4033683774 .md .contains-task-list:dir(rtl) .task-list-item-checkbox {
   margin: 0 -1.6em 0.25em 0.2em;
 }
-</style><g id="title"><g class="shape" ></g><g><foreignObject requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" x="418.000000" y="-59.000000" width="287" height="51"><div xmlns="http://www.w3.org/1999/xhtml" class="md"><h1>Chaining Certificates</h1>
-</div></foreignObject></g></g><g id="root-ca"><g class="shape" ><rect x="289.000000" y="12.000000" width="800.000000" height="595.000000" class=" stroke-B1 fill-B4" style="stroke-width:2;" /></g><text x="689.000000" y="45.000000" class="text fill-N1" style="text-anchor:middle;font-size:28px">ROOT CERTIFICATE AUTHORITY (CA)</text></g><g id="intermediate-ca"><g class="shape" ><rect x="281.000000" y="848.000000" width="831.000000" height="621.000000" class=" stroke-B1 fill-B4" style="stroke-width:2;" /></g><text x="696.500000" y="881.000000" class="text fill-N1" style="text-anchor:middle;font-size:28px">INTERMEDIATE CERTIFICATE AUTHORITY (CA)</text></g><g id="entity-cert"><g class="shape" ><rect x="12.000000" y="1660.000000" width="966.000000" height="621.000000" class=" stroke-B1 fill-B4" style="stroke-width:2;" /></g><text x="495.000000" y="1693.000000" class="text fill-N1" style="text-anchor:middle;font-size:28px">End-Entity Certificate</text></g><g id="root-ca.pad" style='opacity:0.000000' class="NONE"><g class="shape" ><rect x="339.000000" y="83.000000" width="71.000000" height="66.000000" class=" stroke-B1 fill-B5" style="stroke-width:2;" /></g><text x="374.500000" y="121.500000" class="text-bold fill-N1" style="text-anchor:middle;font-size:16px">pad</text></g><clipPath id="d2-1480995423-root-ca.key"><path d="M 635.000000 77.000000 L 635.000000 77.000000 S 635.000000 62.000000 650.000000 62.000000 L 838.000000 62.000000 L 838.000000 62.000000 S 853.000000 62.000000 853.000000 77.000000 L 853.000000 155.000000 L 853.000000 170.000000 L 635.000000 170.000000Z 635.000000 62.000000" fill="none" /> </clipPath><g id="root-ca.key" class="PRIVATE_KEY"><g class="shape" ><rect x="635.000000" y="62.000000" width="218.000000" height="108.000000" rx="15.000000" ry="15.000000" stroke="cornsilk" fill="wheat" class="shape" style="stroke-width:2;" /><rect x="635.000000" y="62.000000" width="218.000000" height="36.000000" fill="cornsilk" class="class_header" clip-path="url(#d2-1480995423-root-ca.key)" /><text x="645.000000" y="87.750000" fill="red" class="text" style="text-anchor:start;font-size:24px">Root CA&#39;s Key Pair</text><text x="645.000000" y="121.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">private</text><text x="724.000000" y="121.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Secret</text><text x="843.000000" y="121.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="635.000000" x2="853.000000" y1="134.000000" y2="134.000000" stroke="cornsilk" style="stroke-width:2" /><text x="645.000000" y="157.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">public</text><text x="724.000000" y="157.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Shared</text><text x="843.000000" y="157.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="650.000000" x2="838.000000" y1="170.000000" y2="170.000000" stroke="cornsilk" style="stroke-width:2" /></g></g><g id="root-ca.certificate"><g class="shape" ><rect x="490.000000" y="341.000000" width="439.000000" height="216.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="490.000000" y="341.000000" width="439.000000" height="36.000000" class="class_header fill-N1" /><text x="500.000000" y="366.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">Root Certificate (ROOT CA)</text><text x="500.000000" y="400.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s Name</text><text x="691.000000" y="400.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">ROOT CA Name</text><text x="919.000000" y="400.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="490.000000" x2="929.000000" y1="413.000000" y2="413.000000" class=" stroke-N1" style="stroke-width:2" /><text x="500.000000" y="436.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s PublicKey</text><text x="691.000000" y="436.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Public Key</text><text x="919.000000" y="436.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="490.000000" x2="929.000000" y1="449.000000" y2="449.000000" class=" stroke-N1" style="stroke-width:2" /><text x="500.000000" y="472.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Name</text><text x="691.000000" y="472.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">ROOT CA Name</text><text x="919.000000" y="472.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="490.000000" x2="929.000000" y1="485.000000" y2="485.000000" class=" stroke-N1" style="stroke-width:2" /><text x="500.000000" y="508.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Signature</text><text x="691.000000" y="508.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Signature</text><text x="919.000000" y="508.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="490.000000" x2="929.000000" y1="521.000000" y2="521.000000" class=" stroke-N1" style="stroke-width:2" /><text x="500.000000" y="544.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject Alt. Name</text><text x="691.000000" y="544.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">URI:S:ada:stake1vpu...p0u</text><text x="919.000000" y="544.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="490.000000" x2="929.000000" y1="557.000000" y2="557.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><clipPath id="d2-1480995423-intermediate-ca.key"><path d="M 691.000000 913.000000 L 691.000000 913.000000 S 691.000000 898.000000 706.000000 898.000000 L 983.000000 898.000000 L 983.000000 898.000000 S 998.000000 898.000000 998.000000 913.000000 L 998.000000 991.000000 L 998.000000 1006.000000 L 691.000000 1006.000000Z 691.000000 898.000000" fill="none" /> </clipPath><g id="intermediate-ca.key" class="PRIVATE_KEY"><g class="shape" ><rect x="691.000000" y="898.000000" width="307.000000" height="108.000000" rx="15.000000" ry="15.000000" stroke="cornsilk" fill="wheat" class="shape" style="stroke-width:2;" /><rect x="691.000000" y="898.000000" width="307.000000" height="36.000000" fill="cornsilk" class="class_header" clip-path="url(#d2-1480995423-intermediate-ca.key)" /><text x="701.000000" y="923.750000" fill="red" class="text" style="text-anchor:start;font-size:24px">Intermediate CA&#39;s Key Pair</text><text x="701.000000" y="957.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">private</text><text x="780.000000" y="957.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Secret</text><text x="988.000000" y="957.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="691.000000" x2="998.000000" y1="970.000000" y2="970.000000" stroke="cornsilk" style="stroke-width:2" /><text x="701.000000" y="993.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">public</text><text x="780.000000" y="993.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Shared</text><text x="988.000000" y="993.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="706.000000" x2="983.000000" y1="1006.000000" y2="1006.000000" stroke="cornsilk" style="stroke-width:2" /></g></g><g id="intermediate-ca.certificate"><g class="shape" ><rect x="414.000000" y="1167.000000" width="473.000000" height="252.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="414.000000" y="1167.000000" width="473.000000" height="36.000000" class="class_header fill-N1" /><text x="424.000000" y="1192.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">Intermediate Certificate (Intermediate CA)</text><text x="424.000000" y="1226.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s Name</text><text x="615.000000" y="1226.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Intermediate CA Name</text><text x="877.000000" y="1226.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="1239.000000" y2="1239.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="1262.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s PublicKey</text><text x="615.000000" y="1262.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Public Key</text><text x="877.000000" y="1262.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="1275.000000" y2="1275.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="1298.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Name</text><text x="615.000000" y="1298.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Root CA Name</text><text x="877.000000" y="1298.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="1311.000000" y2="1311.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="1334.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Signature</text><text x="615.000000" y="1334.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Signature</text><text x="877.000000" y="1334.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="1347.000000" y2="1347.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="1370.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject Alt. Name</text><text x="615.000000" y="1370.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">URI:S:ada:stake1ngf...8dy</text><text x="877.000000" y="1370.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="1383.000000" y2="1383.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="1406.000000" class="text fill-B2" style="text-anchor:start;font-size:20px" /><text x="615.000000" y="1406.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">URI:S:ada:cc_cold16cj..80v</text><text x="877.000000" y="1406.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="1419.000000" y2="1419.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><clipPath id="d2-1480995423-entity-cert.key"><path d="M 135.000000 1725.000000 L 135.000000 1725.000000 S 135.000000 1710.000000 150.000000 1710.000000 L 319.000000 1710.000000 L 319.000000 1710.000000 S 334.000000 1710.000000 334.000000 1725.000000 L 334.000000 1803.000000 L 334.000000 1818.000000 L 135.000000 1818.000000Z 135.000000 1710.000000" fill="none" /> </clipPath><g id="entity-cert.key" class="PRIVATE_KEY"><g class="shape" ><rect x="135.000000" y="1710.000000" width="199.000000" height="108.000000" rx="15.000000" ry="15.000000" stroke="cornsilk" fill="wheat" class="shape" style="stroke-width:2;" /><rect x="135.000000" y="1710.000000" width="199.000000" height="36.000000" fill="cornsilk" class="class_header" clip-path="url(#d2-1480995423-entity-cert.key)" /><text x="145.000000" y="1735.750000" fill="red" class="text" style="text-anchor:start;font-size:24px">Entities Key Pair</text><text x="145.000000" y="1769.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">private</text><text x="224.000000" y="1769.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Secret</text><text x="324.000000" y="1769.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="135.000000" x2="334.000000" y1="1782.000000" y2="1782.000000" stroke="cornsilk" style="stroke-width:2" /><text x="145.000000" y="1805.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">public</text><text x="224.000000" y="1805.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Shared</text><text x="324.000000" y="1805.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="150.000000" x2="319.000000" y1="1818.000000" y2="1818.000000" stroke="cornsilk" style="stroke-width:2" /></g></g><g id="entity-cert.certificate"><g class="shape" ><rect x="414.000000" y="1979.000000" width="473.000000" height="252.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="414.000000" y="1979.000000" width="473.000000" height="36.000000" class="class_header fill-N1" /><text x="424.000000" y="2004.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">Intermediate Certificate (Intermediate CA)</text><text x="424.000000" y="2038.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s Name</text><text x="615.000000" y="2038.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Entities Name</text><text x="877.000000" y="2038.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="2051.000000" y2="2051.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="2074.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s PublicKey</text><text x="615.000000" y="2074.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Public Key</text><text x="877.000000" y="2074.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="2087.000000" y2="2087.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="2110.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Name</text><text x="615.000000" y="2110.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Intermediate CA Name</text><text x="877.000000" y="2110.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="2123.000000" y2="2123.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="2146.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Signature</text><text x="615.000000" y="2146.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Signature</text><text x="877.000000" y="2146.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="2159.000000" y2="2159.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="2182.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject Alt. Name</text><text x="615.000000" y="2182.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">URI:S:ada:stake1ngf...v2q</text><text x="877.000000" y="2182.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="2195.000000" y2="2195.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="2218.000000" class="text fill-B2" style="text-anchor:start;font-size:20px" /><text x="615.000000" y="2218.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">URI:S:ada:drep1ayt..80v</text><text x="877.000000" y="2218.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="2231.000000" y2="2231.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><g id="root-ca.(key -&gt; certificate)[0]"><marker id="mk-3488378134" markerWidth="10.000000" markerHeight="12.000000" refX="7.000000" refY="6.000000" viewBox="0.000000 0.000000 10.000000 12.000000" orient="auto" markerUnits="userSpaceOnUse"> <polygon points="0.000000,0.000000 10.000000,6.000000 0.000000,12.000000" class="connection fill-B1" stroke-width="2" /> </marker><path d="M 633.500000 152.000000 L 460.500000 152.000000 S 450.500000 152.000000 450.500000 162.000000 L 450.500000 421.000000 S 450.500000 431.000000 460.500000 431.000000 L 486.500000 431.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1480995423)" /><text x="451.000000" y="225.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Published</text></g><g id="root-ca.(key -&gt; certificate)[1]" class="SIGN"><marker id="mk-354533580" markerWidth="10.000000" markerHeight="12.000000" refX="7.000000" refY="6.000000" viewBox="0.000000 0.000000 10.000000 12.000000" orient="auto" markerUnits="userSpaceOnUse"> <polygon points="0.000000,0.000000 10.000000,6.000000 0.000000,12.000000" fill="blueviolet" class="connection" stroke-width="2" /> </marker><path d="M 855.000000 116.000000 L 994.000000 116.000000 S 1004.000000 116.000000 1004.000000 126.000000 L 1004.000000 200.000000 S 1004.000000 210.000000 994.000000 210.000000 L 979.500000 210.000000 S 969.500000 210.000000 969.500000 220.000000 L 969.500000 493.000000 S 969.500000 503.000000 959.500000 503.000000 L 933.500000 503.000000" stroke="blueviolet" fill="none" class="connection animated-connection" style="stroke-width:2;stroke-dasharray:6.000000,5.919384;stroke-dashoffset:-119.193836;animation: dashdraw 2.959692s linear infinite;" marker-end="url(#mk-354533580)" mask="url(#d2-1480995423)" /><text x="970.000000" y="242.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Self Sign</text></g><g id="intermediate-ca.(key -&gt; certificate)[0]"><path d="M 690.000000 988.000000 L 374.000000 988.000000 S 364.000000 988.000000 364.000000 998.000000 L 364.000000 1247.000000 S 364.000000 1257.000000 374.000000 1257.000000 L 410.000000 1257.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1480995423)" /><text x="369.000000" y="994.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Published</text></g><g id="(root-ca.key -&gt; intermediate-ca.certificate)[0]" class="SIGN"><path d="M 855.000000 116.000000 L 994.000000 116.000000 S 1004.000000 116.000000 1004.000000 126.000000 L 1004.000000 200.000000 S 1004.000000 210.000000 1014.000000 210.000000 L 1028.500000 210.000000 S 1038.500000 210.000000 1038.500000 220.000000 L 1038.500000 692.000000 S 1038.500000 702.000000 1028.500000 702.000000 L 1028.500000 702.000000 S 1018.500000 702.000000 1018.500000 712.000000 L 1018.500000 793.000000 S 1018.500000 803.000000 1028.500000 803.000000 L 1028.500000 803.000000 S 1038.500000 803.000000 1038.500000 813.000000 L 1038.500000 1319.000000 S 1038.500000 1329.000000 1028.500000 1329.000000 L 890.500000 1329.000000" stroke="blueviolet" fill="none" class="connection animated-connection" style="stroke-width:2;stroke-dasharray:6.000000,5.919384;stroke-dashoffset:-119.193836;animation: dashdraw 2.959692s linear infinite;" marker-end="url(#mk-354533580)" mask="url(#d2-1480995423)" /><text x="1018.500000" y="711.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Sign</text></g><g id="(root-ca.certificate &lt;- intermediate-ca.certificate)[0]"><marker id="mk-2451250203" markerWidth="10.000000" markerHeight="12.000000" refX="3.000000" refY="6.000000" viewBox="0.000000 0.000000 10.000000 12.000000" orient="auto" markerUnits="userSpaceOnUse"> <polygon points="10.000000,0.000000 0.000000,6.000000 10.000000,12.000000" class="connection fill-B1" stroke-width="2" /> </marker><path d="M 933.000000 395.000000 L 1070.500000 395.000000 S 1080.500000 395.000000 1080.500000 405.000000 L 1080.500000 793.000000 S 1080.500000 803.000000 1070.500000 803.000000 L 1070.500000 803.000000 S 1060.500000 803.000000 1060.500000 813.000000 L 1060.500000 1283.000000 S 1060.500000 1293.000000 1050.500000 1293.000000 L 888.500000 1293.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-start="url(#mk-2451250203)" mask="url(#d2-1480995423)" /><text x="1060.500000" y="851.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">References</text></g><g id="(root-ca.certificate &lt;- intermediate-ca.certificate)[1]"><path d="M 680.250000 561.000000 L 680.250000 793.000000 S 680.250000 803.000000 670.250000 803.000000 L 660.500000 803.000000 S 650.500000 803.000000 650.500000 813.000000 L 650.500000 1165.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-start="url(#mk-2451250203)" mask="url(#d2-1480995423)" /><text x="650.500000" y="853.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Verifies</text></g><g id="entity-cert.(key -&gt; certificate)[0]"><path d="M 133.000000 1800.000000 L 105.000000 1800.000000 S 95.000000 1800.000000 95.000000 1810.000000 L 95.000000 2059.000000 S 95.000000 2069.000000 105.000000 2069.000000 L 410.000000 2069.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-1480995423)" /><text x="100.000000" y="2075.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Published</text></g><g id="(intermediate-ca.certificate &lt;- entity-cert.certificate)[0]"><path d="M 650.500000 1423.000000 L 650.500000 1977.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-start="url(#mk-2451250203)" mask="url(#d2-1480995423)" /><text x="650.500000" y="1705.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Verifies</text></g><g id="(intermediate-ca.key -&gt; entity-cert.certificate)[0]" class="SIGN"><path d="M 1000.500000 952.000000 L 1039.500000 952.000000 S 1049.500000 952.000000 1049.500000 962.000000 L 1049.500000 1605.000000 S 1049.500000 1615.000000 1039.500000 1615.000000 L 937.000000 1615.000000 S 927.000000 1615.000000 927.000000 1625.000000 L 927.000000 2131.000000 S 927.000000 2141.000000 917.000000 2141.000000 L 891.000000 2141.000000" stroke="blueviolet" fill="none" class="connection animated-connection" style="stroke-width:2;stroke-dasharray:6.000000,5.919384;stroke-dashoffset:-119.193836;animation: dashdraw 2.959692s linear infinite;" marker-end="url(#mk-354533580)" mask="url(#d2-1480995423)" /><text x="1049.500000" y="1608.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Sign</text></g><g id="(intermediate-ca.certificate &lt;- entity-cert.certificate)[1]"><path d="M 410.000000 1221.000000 L 384.000000 1221.000000 S 374.000000 1221.000000 374.000000 1231.000000 L 374.000000 2095.000000 S 374.000000 2105.000000 384.000000 2105.000000 L 412.000000 2105.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-start="url(#mk-2451250203)" mask="url(#d2-1480995423)" /><text x="374.500000" y="1669.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">References</text></g><mask id="d2-1480995423" maskUnits="userSpaceOnUse" x="-89" y="-160" width="1302" height="2542">
-<rect x="-89" y="-160" width="1302" height="2542" fill="white"></rect>
-<rect x="418.000000" y="-59.000000" width="287" height="51" fill="rgba(0,0,0,0.75)"></rect>
+</style><g id="title"><g class="shape" ></g><g><foreignObject requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility" x="331.000000" y="-87.000000" width="462" height="79"><div xmlns="http://www.w3.org/1999/xhtml" class="md" style="font-size:25px"><h1>Chaining Certificates.</h1>
+</div></foreignObject></g></g><g id="root-ca"><g class="shape" ><rect x="289.000000" y="12.000000" width="800.000000" height="595.000000" class=" stroke-B1 fill-B4" style="stroke-width:2;" /></g><text x="689.000000" y="45.000000" class="text fill-N1" style="text-anchor:middle;font-size:28px">ROOT CERTIFICATE AUTHORITY (CA)</text></g><g id="intermediate-ca"><g class="shape" ><rect x="281.000000" y="848.000000" width="831.000000" height="621.000000" class=" stroke-B1 fill-B4" style="stroke-width:2;" /></g><text x="696.500000" y="881.000000" class="text fill-N1" style="text-anchor:middle;font-size:28px">INTERMEDIATE CERTIFICATE AUTHORITY (CA)</text></g><g id="entity-cert"><g class="shape" ><rect x="12.000000" y="1660.000000" width="966.000000" height="621.000000" class=" stroke-B1 fill-B4" style="stroke-width:2;" /></g><text x="495.000000" y="1693.000000" class="text fill-N1" style="text-anchor:middle;font-size:28px">End-Entity Certificate</text></g><g id="root-ca.pad" style='opacity:0.000000' class="NONE"><g class="shape" ><rect x="339.000000" y="83.000000" width="71.000000" height="66.000000" class=" stroke-B1 fill-B5" style="stroke-width:2;" /></g><text x="374.500000" y="121.500000" class="text-bold fill-N1" style="text-anchor:middle;font-size:16px">pad</text></g><clipPath id="d2-4033683774-root-ca.key"><path d="M 635.000000 77.000000 L 635.000000 77.000000 S 635.000000 62.000000 650.000000 62.000000 L 838.000000 62.000000 L 838.000000 62.000000 S 853.000000 62.000000 853.000000 77.000000 L 853.000000 155.000000 L 853.000000 170.000000 L 635.000000 170.000000Z 635.000000 62.000000" fill="none" /> </clipPath><g id="root-ca.key" class="PRIVATE_KEY"><g class="shape" ><rect x="635.000000" y="62.000000" width="218.000000" height="108.000000" rx="15.000000" ry="15.000000" stroke="cornsilk" fill="wheat" class="shape" style="stroke-width:2;" /><rect x="635.000000" y="62.000000" width="218.000000" height="36.000000" fill="cornsilk" class="class_header" clip-path="url(#d2-4033683774-root-ca.key)" /><text x="645.000000" y="87.750000" fill="red" class="text" style="text-anchor:start;font-size:24px">Root CA&#39;s Key Pair</text><text x="645.000000" y="121.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">private</text><text x="724.000000" y="121.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Secret</text><text x="843.000000" y="121.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="635.000000" x2="853.000000" y1="134.000000" y2="134.000000" stroke="cornsilk" style="stroke-width:2" /><text x="645.000000" y="157.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">public</text><text x="724.000000" y="157.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Shared</text><text x="843.000000" y="157.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="650.000000" x2="838.000000" y1="170.000000" y2="170.000000" stroke="cornsilk" style="stroke-width:2" /></g></g><g id="root-ca.certificate"><g class="shape" ><rect x="490.000000" y="341.000000" width="439.000000" height="216.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="490.000000" y="341.000000" width="439.000000" height="36.000000" class="class_header fill-N1" /><text x="500.000000" y="366.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">Root Certificate (ROOT CA)</text><text x="500.000000" y="400.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s Name</text><text x="691.000000" y="400.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">ROOT CA Name</text><text x="919.000000" y="400.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="490.000000" x2="929.000000" y1="413.000000" y2="413.000000" class=" stroke-N1" style="stroke-width:2" /><text x="500.000000" y="436.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s PublicKey</text><text x="691.000000" y="436.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Public Key</text><text x="919.000000" y="436.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="490.000000" x2="929.000000" y1="449.000000" y2="449.000000" class=" stroke-N1" style="stroke-width:2" /><text x="500.000000" y="472.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Name</text><text x="691.000000" y="472.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">ROOT CA Name</text><text x="919.000000" y="472.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="490.000000" x2="929.000000" y1="485.000000" y2="485.000000" class=" stroke-N1" style="stroke-width:2" /><text x="500.000000" y="508.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Signature</text><text x="691.000000" y="508.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Signature</text><text x="919.000000" y="508.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="490.000000" x2="929.000000" y1="521.000000" y2="521.000000" class=" stroke-N1" style="stroke-width:2" /><text x="500.000000" y="544.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject Alt. Name</text><text x="691.000000" y="544.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">URI:S:ada:stake1vpu...p0u</text><text x="919.000000" y="544.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="490.000000" x2="929.000000" y1="557.000000" y2="557.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><clipPath id="d2-4033683774-intermediate-ca.key"><path d="M 691.000000 913.000000 L 691.000000 913.000000 S 691.000000 898.000000 706.000000 898.000000 L 983.000000 898.000000 L 983.000000 898.000000 S 998.000000 898.000000 998.000000 913.000000 L 998.000000 991.000000 L 998.000000 1006.000000 L 691.000000 1006.000000Z 691.000000 898.000000" fill="none" /> </clipPath><g id="intermediate-ca.key" class="PRIVATE_KEY"><g class="shape" ><rect x="691.000000" y="898.000000" width="307.000000" height="108.000000" rx="15.000000" ry="15.000000" stroke="cornsilk" fill="wheat" class="shape" style="stroke-width:2;" /><rect x="691.000000" y="898.000000" width="307.000000" height="36.000000" fill="cornsilk" class="class_header" clip-path="url(#d2-4033683774-intermediate-ca.key)" /><text x="701.000000" y="923.750000" fill="red" class="text" style="text-anchor:start;font-size:24px">Intermediate CA&#39;s Key Pair</text><text x="701.000000" y="957.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">private</text><text x="780.000000" y="957.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Secret</text><text x="988.000000" y="957.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="691.000000" x2="998.000000" y1="970.000000" y2="970.000000" stroke="cornsilk" style="stroke-width:2" /><text x="701.000000" y="993.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">public</text><text x="780.000000" y="993.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Shared</text><text x="988.000000" y="993.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="706.000000" x2="983.000000" y1="1006.000000" y2="1006.000000" stroke="cornsilk" style="stroke-width:2" /></g></g><g id="intermediate-ca.certificate"><g class="shape" ><rect x="414.000000" y="1167.000000" width="473.000000" height="252.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="414.000000" y="1167.000000" width="473.000000" height="36.000000" class="class_header fill-N1" /><text x="424.000000" y="1192.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">Intermediate Certificate (Intermediate CA)</text><text x="424.000000" y="1226.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s Name</text><text x="615.000000" y="1226.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Intermediate CA Name</text><text x="877.000000" y="1226.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="1239.000000" y2="1239.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="1262.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s PublicKey</text><text x="615.000000" y="1262.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Public Key</text><text x="877.000000" y="1262.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="1275.000000" y2="1275.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="1298.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Name</text><text x="615.000000" y="1298.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Root CA Name</text><text x="877.000000" y="1298.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="1311.000000" y2="1311.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="1334.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Signature</text><text x="615.000000" y="1334.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Signature</text><text x="877.000000" y="1334.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="1347.000000" y2="1347.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="1370.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject Alt. Name</text><text x="615.000000" y="1370.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">URI:S:ada:stake1ngf...8dy</text><text x="877.000000" y="1370.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="1383.000000" y2="1383.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="1406.000000" class="text fill-B2" style="text-anchor:start;font-size:20px" /><text x="615.000000" y="1406.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">URI:S:ada:cc_cold16cj..80v</text><text x="877.000000" y="1406.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="1419.000000" y2="1419.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><clipPath id="d2-4033683774-entity-cert.key"><path d="M 135.000000 1725.000000 L 135.000000 1725.000000 S 135.000000 1710.000000 150.000000 1710.000000 L 319.000000 1710.000000 L 319.000000 1710.000000 S 334.000000 1710.000000 334.000000 1725.000000 L 334.000000 1803.000000 L 334.000000 1818.000000 L 135.000000 1818.000000Z 135.000000 1710.000000" fill="none" /> </clipPath><g id="entity-cert.key" class="PRIVATE_KEY"><g class="shape" ><rect x="135.000000" y="1710.000000" width="199.000000" height="108.000000" rx="15.000000" ry="15.000000" stroke="cornsilk" fill="wheat" class="shape" style="stroke-width:2;" /><rect x="135.000000" y="1710.000000" width="199.000000" height="36.000000" fill="cornsilk" class="class_header" clip-path="url(#d2-4033683774-entity-cert.key)" /><text x="145.000000" y="1735.750000" fill="red" class="text" style="text-anchor:start;font-size:24px">Entities Key Pair</text><text x="145.000000" y="1769.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">private</text><text x="224.000000" y="1769.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Secret</text><text x="324.000000" y="1769.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="135.000000" x2="334.000000" y1="1782.000000" y2="1782.000000" stroke="cornsilk" style="stroke-width:2" /><text x="145.000000" y="1805.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">public</text><text x="224.000000" y="1805.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Shared</text><text x="324.000000" y="1805.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="150.000000" x2="319.000000" y1="1818.000000" y2="1818.000000" stroke="cornsilk" style="stroke-width:2" /></g></g><g id="entity-cert.certificate"><g class="shape" ><rect x="414.000000" y="1979.000000" width="473.000000" height="252.000000" class="shape stroke-N1 fill-N7" style="stroke-width:2;" /><rect x="414.000000" y="1979.000000" width="473.000000" height="36.000000" class="class_header fill-N1" /><text x="424.000000" y="2004.750000" class="text fill-N7" style="text-anchor:start;font-size:24px">Intermediate Certificate (Intermediate CA)</text><text x="424.000000" y="2038.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s Name</text><text x="615.000000" y="2038.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Entities Name</text><text x="877.000000" y="2038.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="2051.000000" y2="2051.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="2074.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject`s PublicKey</text><text x="615.000000" y="2074.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Public Key</text><text x="877.000000" y="2074.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="2087.000000" y2="2087.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="2110.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Name</text><text x="615.000000" y="2110.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Intermediate CA Name</text><text x="877.000000" y="2110.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="2123.000000" y2="2123.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="2146.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Issuer`s Signature</text><text x="615.000000" y="2146.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">Signature</text><text x="877.000000" y="2146.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="2159.000000" y2="2159.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="2182.000000" class="text fill-B2" style="text-anchor:start;font-size:20px">Subject Alt. Name</text><text x="615.000000" y="2182.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">URI:S:ada:stake1ngf...v2q</text><text x="877.000000" y="2182.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="2195.000000" y2="2195.000000" class=" stroke-N1" style="stroke-width:2" /><text x="424.000000" y="2218.000000" class="text fill-B2" style="text-anchor:start;font-size:20px" /><text x="615.000000" y="2218.000000" class="text fill-N2" style="text-anchor:start;font-size:20px">URI:S:ada:drep1ayt..80v</text><text x="877.000000" y="2218.000000" class="text fill-AA2" style="text-anchor:end;font-size:20px" /><line x1="414.000000" x2="887.000000" y1="2231.000000" y2="2231.000000" class=" stroke-N1" style="stroke-width:2" /></g></g><g id="root-ca.(key -&gt; certificate)[0]"><marker id="mk-3488378134" markerWidth="10.000000" markerHeight="12.000000" refX="7.000000" refY="6.000000" viewBox="0.000000 0.000000 10.000000 12.000000" orient="auto" markerUnits="userSpaceOnUse"> <polygon points="0.000000,0.000000 10.000000,6.000000 0.000000,12.000000" class="connection fill-B1" stroke-width="2" /> </marker><path d="M 633.500000 152.000000 L 460.500000 152.000000 S 450.500000 152.000000 450.500000 162.000000 L 450.500000 421.000000 S 450.500000 431.000000 460.500000 431.000000 L 486.500000 431.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-4033683774)" /><text x="451.000000" y="225.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Published</text></g><g id="root-ca.(key -&gt; certificate)[1]" class="SIGN"><marker id="mk-354533580" markerWidth="10.000000" markerHeight="12.000000" refX="7.000000" refY="6.000000" viewBox="0.000000 0.000000 10.000000 12.000000" orient="auto" markerUnits="userSpaceOnUse"> <polygon points="0.000000,0.000000 10.000000,6.000000 0.000000,12.000000" fill="blueviolet" class="connection" stroke-width="2" /> </marker><path d="M 855.000000 116.000000 L 994.000000 116.000000 S 1004.000000 116.000000 1004.000000 126.000000 L 1004.000000 200.000000 S 1004.000000 210.000000 994.000000 210.000000 L 979.500000 210.000000 S 969.500000 210.000000 969.500000 220.000000 L 969.500000 493.000000 S 969.500000 503.000000 959.500000 503.000000 L 933.500000 503.000000" stroke="blueviolet" fill="none" class="connection animated-connection" style="stroke-width:2;stroke-dasharray:6.000000,5.919384;stroke-dashoffset:-119.193836;animation: dashdraw 2.959692s linear infinite;" marker-end="url(#mk-354533580)" mask="url(#d2-4033683774)" /><text x="970.000000" y="242.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Self Sign</text></g><g id="intermediate-ca.(key -&gt; certificate)[0]"><path d="M 690.000000 988.000000 L 374.000000 988.000000 S 364.000000 988.000000 364.000000 998.000000 L 364.000000 1247.000000 S 364.000000 1257.000000 374.000000 1257.000000 L 410.000000 1257.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-4033683774)" /><text x="369.000000" y="994.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Published</text></g><g id="(root-ca.key -&gt; intermediate-ca.certificate)[0]" class="SIGN"><path d="M 855.000000 116.000000 L 994.000000 116.000000 S 1004.000000 116.000000 1004.000000 126.000000 L 1004.000000 200.000000 S 1004.000000 210.000000 1014.000000 210.000000 L 1028.500000 210.000000 S 1038.500000 210.000000 1038.500000 220.000000 L 1038.500000 692.000000 S 1038.500000 702.000000 1028.500000 702.000000 L 1028.500000 702.000000 S 1018.500000 702.000000 1018.500000 712.000000 L 1018.500000 793.000000 S 1018.500000 803.000000 1028.500000 803.000000 L 1028.500000 803.000000 S 1038.500000 803.000000 1038.500000 813.000000 L 1038.500000 1319.000000 S 1038.500000 1329.000000 1028.500000 1329.000000 L 890.500000 1329.000000" stroke="blueviolet" fill="none" class="connection animated-connection" style="stroke-width:2;stroke-dasharray:6.000000,5.919384;stroke-dashoffset:-119.193836;animation: dashdraw 2.959692s linear infinite;" marker-end="url(#mk-354533580)" mask="url(#d2-4033683774)" /><text x="1018.500000" y="711.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Sign</text></g><g id="(root-ca.certificate &lt;- intermediate-ca.certificate)[0]"><marker id="mk-2451250203" markerWidth="10.000000" markerHeight="12.000000" refX="3.000000" refY="6.000000" viewBox="0.000000 0.000000 10.000000 12.000000" orient="auto" markerUnits="userSpaceOnUse"> <polygon points="10.000000,0.000000 0.000000,6.000000 10.000000,12.000000" class="connection fill-B1" stroke-width="2" /> </marker><path d="M 933.000000 395.000000 L 1070.500000 395.000000 S 1080.500000 395.000000 1080.500000 405.000000 L 1080.500000 793.000000 S 1080.500000 803.000000 1070.500000 803.000000 L 1070.500000 803.000000 S 1060.500000 803.000000 1060.500000 813.000000 L 1060.500000 1283.000000 S 1060.500000 1293.000000 1050.500000 1293.000000 L 888.500000 1293.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-start="url(#mk-2451250203)" mask="url(#d2-4033683774)" /><text x="1060.500000" y="851.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">References</text></g><g id="(root-ca.certificate &lt;- intermediate-ca.certificate)[1]"><path d="M 680.250000 561.000000 L 680.250000 793.000000 S 680.250000 803.000000 670.250000 803.000000 L 660.500000 803.000000 S 650.500000 803.000000 650.500000 813.000000 L 650.500000 1165.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-start="url(#mk-2451250203)" mask="url(#d2-4033683774)" /><text x="650.500000" y="853.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Verifies</text></g><g id="entity-cert.(key -&gt; certificate)[0]"><path d="M 133.000000 1800.000000 L 105.000000 1800.000000 S 95.000000 1800.000000 95.000000 1810.000000 L 95.000000 2059.000000 S 95.000000 2069.000000 105.000000 2069.000000 L 410.000000 2069.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-end="url(#mk-3488378134)" mask="url(#d2-4033683774)" /><text x="100.000000" y="2075.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Published</text></g><g id="(intermediate-ca.certificate &lt;- entity-cert.certificate)[0]"><path d="M 650.500000 1423.000000 L 650.500000 1977.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-start="url(#mk-2451250203)" mask="url(#d2-4033683774)" /><text x="650.500000" y="1705.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Verifies</text></g><g id="(intermediate-ca.key -&gt; entity-cert.certificate)[0]" class="SIGN"><path d="M 1000.500000 952.000000 L 1039.500000 952.000000 S 1049.500000 952.000000 1049.500000 962.000000 L 1049.500000 1605.000000 S 1049.500000 1615.000000 1039.500000 1615.000000 L 937.000000 1615.000000 S 927.000000 1615.000000 927.000000 1625.000000 L 927.000000 2131.000000 S 927.000000 2141.000000 917.000000 2141.000000 L 891.000000 2141.000000" stroke="blueviolet" fill="none" class="connection animated-connection" style="stroke-width:2;stroke-dasharray:6.000000,5.919384;stroke-dashoffset:-119.193836;animation: dashdraw 2.959692s linear infinite;" marker-end="url(#mk-354533580)" mask="url(#d2-4033683774)" /><text x="1049.500000" y="1608.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">Sign</text></g><g id="(intermediate-ca.certificate &lt;- entity-cert.certificate)[1]"><path d="M 410.000000 1221.000000 L 384.000000 1221.000000 S 374.000000 1221.000000 374.000000 1231.000000 L 374.000000 2095.000000 S 374.000000 2105.000000 384.000000 2105.000000 L 412.000000 2105.000000" fill="none" class="connection stroke-B1" style="stroke-width:2;" marker-start="url(#mk-2451250203)" mask="url(#d2-4033683774)" /><text x="374.500000" y="1669.000000" class="text-italic fill-N2" style="text-anchor:middle;font-size:16px">References</text></g><mask id="d2-4033683774" maskUnits="userSpaceOnUse" x="-89" y="-188" width="1302" height="2570">
+<rect x="-89" y="-188" width="1302" height="2570" fill="white"></rect>
+<rect x="331.000000" y="-87.000000" width="462" height="79" fill="rgba(0,0,0,0.75)"></rect>
 <rect x="480.000000" y="17.000000" width="418" height="36" fill="rgba(0,0,0,0.75)"></rect>
 <rect x="433.500000" y="853.000000" width="526" height="36" fill="rgba(0,0,0,0.75)"></rect>
 <rect x="371.000000" y="1665.000000" width="248" height="36" fill="rgba(0,0,0,0.75)"></rect>

From cb687d0a938ba944895208aeb14d8b18d180d8c0 Mon Sep 17 00:00:00 2001
From: Steven Johnson <sakurainds@gmail.com>
Date: Thu, 11 Apr 2024 00:36:38 +0700
Subject: [PATCH 66/66] docs(spelling): fix spelling

---
 .../project-catalyst-x509-role-defintions/cip-catalyst-roles.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/cip-catalyst-roles.md b/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/cip-catalyst-roles.md
index fb38bb3df52..e953692dbc4 100644
--- a/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/cip-catalyst-roles.md
+++ b/docs/src/catalyst-standards/draft-cips/project-catalyst-x509-role-defintions/cip-catalyst-roles.md
@@ -245,7 +245,7 @@ the Role 0 payment key is used for the proposers payment key.
 Because the purpose of a Proposer is to earn funding from the Catalyst Fund,
 A proposal registration is INVALID if it does not have an associated payment address.
 
-#### dApp purpsoe specific keys
+#### dApp purpose specific keys
 
 Project Catalyst defines the following data which can be declared globally in any registration.