xorr0/riseupVPN.bat

## riseupVPN.bat
@ECHO off

rem.||(
** WINDOWS BATCH SCRIPT TO CONNECT TO RISEUP.NET VPN RED **
    https://riseup.net/en/vpn/vpn-red

    - my win10 x64 system wouldn't grab an IPv4 address upon the initial connection, so I forced this script to release and renew it's IPv4 address once the VPN was activated
    - also, my system would loose routes every so often, so I have an infinite loop at the end of this script that constantly adds the proper riseup.net VPN routes every 5 minutes.

    - to determine which ROUTES need to be implemented, watch when openvpn-gui connects and you will see a section like this -- which is where the routes are configured;

        Fri Sep 07 12:46:17 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
        Fri Sep 07 12:46:17 2018 C:\WINDOWS\system32\route.exe ADD 198.252.153.226 MASK 255.255.255.255 192.168.1.1
        Fri Sep 07 12:46:17 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
        Fri Sep 07 12:46:17 2018 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.0.1
        Fri Sep 07 12:46:17 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
        Fri Sep 07 12:46:18 2018 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.0.1
        Fri Sep 07 12:46:18 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem

    - so this is where you obtain the routes to "fix" things... as seen here, 3 lines are KEY
        C:\WINDOWS\system32\route.exe ADD 198.252.153.226 MASK 255.255.255.255 192.168.1.1
        C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.0.1
        C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.0.1
)

TITLE riseup-VPN
SETLOCAL EnableExtensions
SET EXE=openvpn-gui.exe
ECHO [+]  Riseup.net (open)VPN RED on Windows
ECHO [+]  Checking if openVPN is running.
FOR /F %%x IN ('tasklist /NH /FI "IMAGENAME eq %EXE%"') DO IF %%x == %EXE% GOTO DIE
GOTO LAUNCH
GOTO ROUTES

:DIE
ECHO [!]  Detected openVPN was running, killing task.
taskkill /im openvpn-gui.exe /f > nul 2> nul
taskkill /im openvpn.exe /f > nul 2> nul
ECHO [*]  Flushing DNS.
ipconfig /flushdns >nul

:LAUNCH
ECHO [+]  Launching openVPN, connecting to riseup.net VPN RED
cd "C:\Program Files\OpenVPN\bin"
start /min openvpn-gui.exe --connect "windows-riseup.ovpn"
TIMEOUT 1 >nul
ECHO [+]  Waiting 65 seconds
TIMEOUT 65 >nul
ECHO [*]  Flushing DNS.
ipconfig /flushdns >nul
ECHO [*]  Checking which Windows interface is a TAP adapter
FOR /F "USEBACKQ TOKENS=3 DELIMS=," %%A IN (`"WMIC NIC GET NETCONNECTIONID,Description /FORMAT:CSV | FINDSTR /I tap"`) DO (SET TAPinterface=%%~A)
ECHO [+]  Interface %TAPinterface% is the TAP adapter
ECHO [*]  Releasing IPv4 address on %TAPinterface%
ipconfig /release "%TAPinterface%" >nul
ECHO [+]  Waiting 5 seconds
TIMEOUT 5 >nul
ECHO [*]  Renewing IPv4 address on %TAPinterface%
ipconfig /renew "%TAPinterface%" >nul
TIMEOUT 1 >nul
::ipconfig /all | FINDSTR /I "IPv4 Address"* | FINDSTR 172
FOR /F "USEBACKQ TOKENS=3 DELIMS= " %%B IN (`"netsh interface ipv4 show addresses "%TAPinterface%" | findstr /I address"`) DO (SET TAPinterfaceIPv4=%%~B)
ECHO [+]  IPv4 address attached to %TAPinterface% is %TAPinterfaceIPv4%
TIMEOUT 1 >nul
::netsh interface IPv4 set dnsserver "WiFi" dhcp
ECHO [*]  Setup IPv4 riseup.net VPN routes
C:\WINDOWS\system32\route.exe ADD 198.252.153.226 MASK 255.255.255.255 192.168.1.1 > nul 2> nul
TIMEOUT 1 >nul
C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.0.1 > nul 2> nul
TIMEOUT 1 >nul
C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.0.1 > nul 2> nul

:ROUTES
::INFINITE LOOP
ECHO [+]  Waiting 5 minutes
TIMEOUT 300 >nul
ECHO [*]  Correcting IPv4 routes
C:\WINDOWS\system32\route.exe ADD 198.252.153.226 MASK 255.255.255.255 192.168.1.1 > nul 2> nul
TIMEOUT 1 >nul
C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.0.1 > nul 2> nul
TIMEOUT 1 >nul
C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.0.1 > nul 2> nul
GOTO ROUTES

## windows-riseup.ovpn
##
## Riseup VPN RED - Configuration file.
##
## We recommend you create a dedicated password to use in this VPN service, here: https://account.riseup.net/passwords?view=services
##
## If you don't have account with us you can create one at: https://account.riseup.net/user/new
## but you will need an invite code from a current member to signup.
##
## Additional tips to improve privacy using this VPN:
## - Block IPv6 connection on your device before connect to the VPN Server,
## otherwise your device will leak your real IPv6 address. VPN Red does not support IPv6 yet.
## - set the hour in your device to UTC-08h00 (Pacific Time);
## - use a browser in United States of America English (EN-US) language;
## - Try to block WebRTC, Canvas fingerprinting, CSP reports and remote fonts on your browser. Normally you need to use some extension for that.
##
## More informations about benefits and limitations can be found at our web site: https://riseup.net/vpn/why-is-needed
##

client
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
cipher AES-256-CBC
auth SHA256

dev tun
#tun-mtu 1500

#dev tap
# if dev tun does not work: dev tap
proto udp
# alternately (try instead if udp doens't work):
#proto tcp

route-method exe
route-delay 2

##Riseup.net OpenVPN DNS server
#nameserver 172.27.100.1

dhcp-option DNS 172.27.100.1

##You can add the following to the client config file.
#dhcp-option DNS <dns_server_ip_address>
###
##On the server side it would have been :
#push "dhcp-option DNS <dns_server_ip_address>"


remote 198.252.153.226 443
#remote vpn.riseup.net 443
#remote seattle.vpn.riseup.net 443
#remote nyc.vpn.riseup.net 80

# other possibilities, if the above does not work:
#remote 198.252.153.226 80
#remote 198.252.153.226 1194
#auth-user-pass
auth-user-pass auth.txt
## auth-user-pass auth.txt <<< requires you to have a filename 'auth.txt' with your username on line#1, and your password on line#2
## ^^ so no interaction to input the user+pass when connecting to the riseupVPN

mute-replay-warnings

redirect-gateway
verb 4
block-outside-dns
# adjust this if your system does not support 1.2
tls-version-min 1.0

nobind
persist-tun
persist-key
resolv-retry infinite
remote-cert-tls server
remote-cert-eku "TLS Web Server Authentication"
verify-x509-name vpn.riseup.net name
#script-security 0
#script-security 2 system
script-security 2
####
#0 -- Strictly no calling of external programs.
#1 -- (Default) Only call built-in executables such as ifconfig, ip, route, or netsh.
#2 -- Allow calling of built-in executables and user-defined scripts.
#3 -- Allow passwords to be passed to scripts via environmental variables (potentially unsafe).
##
#up-delay

##
#log openvpn.log

<ca>
-----BEGIN CERTIFICATE-----
MIIF2jCCA8KgAwIBAgIIVogyQTSIzc8wDQYJKoZIhvcNAQELBQAwgYYxGDAWBgNV
BAMTD1Jpc2V1cCBOZXR3b3JrczEYMBYGA1UEChMPUmlzZXVwIE5ldHdvcmtzMRAw
DgYDVQQHEwdTZWF0dGxlMQswCQYDVQQIEwJXQTELMAkGA1UEBhMCVVMxJDAiBgkq
hkiG9w0BCQEWFWNvbGxlY3RpdmVAcmlzZXVwLm5ldDAiGA8yMDE2MDEwMjIwMjU0
MFoYDzIwMjYwMzMwMjAyNjAxWjCBhjEYMBYGA1UEAxMPUmlzZXVwIE5ldHdvcmtz
MRgwFgYDVQQKEw9SaXNldXAgTmV0d29ya3MxEDAOBgNVBAcTB1NlYXR0bGUxCzAJ
BgNVBAgTAldBMQswCQYDVQQGEwJVUzEkMCIGCSqGSIb3DQEJARYVY29sbGVjdGl2
ZUByaXNldXAubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw2VV
uoz4xqeB1ROIwXBRaj0prOqEFX89A7+2rslGRfjM8NPHyBLGleoHTK3DPwadtQeg
ulaEOAjM5EMXTEX/o9H46L6h729HUWPCwVssvvOjyxTyGJDf7Ihd/Ab7ODtlJSyc
g31aXMioA5pGz5QnS3VGz4nE9+NL+jobc/NbhaacsEPR/7xO7meRNu/1S+YiHK1y
BSVrfap3XItlcNHDGNQkPyyJbS3pAS1lQs2HCBTzcFCamCkDOC7cRh9wZ4GH8U2f
2s0mDD5zhRpheNW4gFBtGpqHiRXv7WJW612aaXzKQQoIq2loGNvOpnyBPKL3jjUT
Rxv5IzWMV0nAofMCy25u/S4J65uSEd9mLNXFJ3rl+cFaybcOUXktTbS7bZy6cMyf
/gO28bEXIWr5WfZf8jCbPyOVfExZquG3aS+0YPWmIJCheXQzgiwplZy93oND1GGQ
f+1R2F7GPwNXQdefv2xm7PTWhHbSWHHmeY89qYED+yFJrX5ChoFoBbYs1lMmdU/C
2MnQBFtvcVockXFAUONyMKiq8ZP6sQ1lu0rO9Bvkhx55sJLZOmjN3g4S1K97PbbI
5DzHKcR0JQSt8ZtCY/MuMbwvlNYo98bFWvlfKET0KPtogNNH0PNfJmStKR8jWGjE
HnUNXo7YDfK90iEKTjLz2K5CYzH5Dm6iYJNaaykCAwEAAaNGMEQwEgYDVR0TAQH/
BAgwBgEB/wIBADAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTGek7ebtq2Ibm+
2K6je1IMobvEkzANBgkqhkiG9w0BAQsFAAOCAgEAO2B3jnL+8LeoRkc282qUpHyu
xYj0Qd68l0CJ0FjfA2OCR/6h1W4gZVH+fTd/mhgrNXj28GRT53JEh1jdRC7ENTXu
W9O8I9gCbWQ6V4nkZ9lpq8UEmKTFGnngVu8VCmSDF+y0kFuEtmt0jyd2UkJfC/vy
Gh78OCHEdGAeOTYHXamiuA9Z7wMuncPjP476gSW2kfWTdxV25ad4tT5dA5d42xDm
YE2UKzHeB9amOmvyh08LPD0idT5oROCIHsHBhQC9oltJXO5j6GyHRg88C1inyv6R
xk+w9ek4wSBpoJg5t3hdbZr3JTUsuu4WPtAET0fMQpJC+niaBbegwtvdLZFM+d8x
ead3ZpMO+XrpazDFGtdPTQdi5EIYmr2RL9eTeQbVPwMB9TgFpBXP+iYIuTpNo8jn
8zS4EcPRmz6PQJVK4zkHczfvquyU9RuOwEgb8qN4tSNxF0Z94uSVUoXCG9WZLf8q
MfsGesYiR/qLnLn3MfAyWm3OVOUvGzczDE2T8VvY7rXc2+8ra5aK0TNAgEz9ey6D
/dGzM1JCCe1A08s+2+eRX//pmqmOCoGrY7zwIVS2T249h6iIMM9yT0C3ZXRoTnVN
osyidOkVuQr0YK6shJ0WaK4F1MktdjOZKPoIc9QLw+TrSU2hfyla36T0bNWMC/TJ
YtxDI+d1jIFZ7zMmts4=
-----END CERTIFICATE-----
</ca>
	@ECHO off

	rem.\|\|(
	WINDOWS BATCH SCRIPT TO CONNECT TO RISEUP.NET VPN RED
	https://riseup.net/en/vpn/vpn-red

	- my win10 x64 system wouldn't grab an IPv4 address upon the initial connection, so I forced this script to release and renew it's IPv4 address once the VPN was activated
	- also, my system would loose routes every so often, so I have an infinite loop at the end of this script that constantly adds the proper riseup.net VPN routes every 5 minutes.

	- to determine which ROUTES need to be implemented, watch when openvpn-gui connects and you will see a section like this -- which is where the routes are configured;

	Fri Sep 07 12:46:17 2018 TEST ROUTES: 0/0 succeeded len=-1 ret=0 a=0 u/d=down
	Fri Sep 07 12:46:17 2018 C:\WINDOWS\system32\route.exe ADD 198.252.153.226 MASK 255.255.255.255 192.168.1.1
	Fri Sep 07 12:46:17 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
	Fri Sep 07 12:46:17 2018 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.0.1
	Fri Sep 07 12:46:17 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
	Fri Sep 07 12:46:18 2018 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.0.1
	Fri Sep 07 12:46:18 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem

	- so this is where you obtain the routes to "fix" things... as seen here, 3 lines are KEY
	C:\WINDOWS\system32\route.exe ADD 198.252.153.226 MASK 255.255.255.255 192.168.1.1
	C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.0.1
	C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.0.1
	)

	TITLE riseup-VPN
	SETLOCAL EnableExtensions
	SET EXE=openvpn-gui.exe
	ECHO [+] Riseup.net (open)VPN RED on Windows
	ECHO [+] Checking if openVPN is running.
	FOR /F %%x IN ('tasklist /NH /FI "IMAGENAME eq %EXE%"') DO IF %%x == %EXE% GOTO DIE
	GOTO LAUNCH
	GOTO ROUTES

	:DIE
	ECHO [!] Detected openVPN was running, killing task.
	taskkill /im openvpn-gui.exe /f > nul 2> nul
	taskkill /im openvpn.exe /f > nul 2> nul
	ECHO [*] Flushing DNS.
	ipconfig /flushdns >nul

	:LAUNCH
	ECHO [+] Launching openVPN, connecting to riseup.net VPN RED
	cd "C:\Program Files\OpenVPN\bin"
	start /min openvpn-gui.exe --connect "windows-riseup.ovpn"
	TIMEOUT 1 >nul
	ECHO [+] Waiting 65 seconds
	TIMEOUT 65 >nul
	ECHO [*] Flushing DNS.
	ipconfig /flushdns >nul
	ECHO [*] Checking which Windows interface is a TAP adapter
	FOR /F "USEBACKQ TOKENS=3 DELIMS=," %%A IN (`"WMIC NIC GET NETCONNECTIONID,Description /FORMAT:CSV \| FINDSTR /I tap"`) DO (SET TAPinterface=%%~A)
	ECHO [+] Interface %TAPinterface% is the TAP adapter
	ECHO [*] Releasing IPv4 address on %TAPinterface%
	ipconfig /release "%TAPinterface%" >nul
	ECHO [+] Waiting 5 seconds
	TIMEOUT 5 >nul
	ECHO [*] Renewing IPv4 address on %TAPinterface%
	ipconfig /renew "%TAPinterface%" >nul
	TIMEOUT 1 >nul
	::ipconfig /all \| FINDSTR /I "IPv4 Address"* \| FINDSTR 172
	FOR /F "USEBACKQ TOKENS=3 DELIMS= " %%B IN (`"netsh interface ipv4 show addresses "%TAPinterface%" \| findstr /I address"`) DO (SET TAPinterfaceIPv4=%%~B)
	ECHO [+] IPv4 address attached to %TAPinterface% is %TAPinterfaceIPv4%
	TIMEOUT 1 >nul
	::netsh interface IPv4 set dnsserver "WiFi" dhcp
	ECHO [*] Setup IPv4 riseup.net VPN routes
	C:\WINDOWS\system32\route.exe ADD 198.252.153.226 MASK 255.255.255.255 192.168.1.1 > nul 2> nul
	TIMEOUT 1 >nul
	C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.0.1 > nul 2> nul
	TIMEOUT 1 >nul
	C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.0.1 > nul 2> nul

	:ROUTES
	::INFINITE LOOP
	ECHO [+] Waiting 5 minutes
	TIMEOUT 300 >nul
	ECHO [*] Correcting IPv4 routes
	C:\WINDOWS\system32\route.exe ADD 198.252.153.226 MASK 255.255.255.255 192.168.1.1 > nul 2> nul
	TIMEOUT 1 >nul
	C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 172.27.0.1 > nul 2> nul
	TIMEOUT 1 >nul
	C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 172.27.0.1 > nul 2> nul
	GOTO ROUTES
	##
	## Riseup VPN RED - Configuration file.
	##
	## We recommend you create a dedicated password to use in this VPN service, here: https://account.riseup.net/passwords?view=services
	##
	## If you don't have account with us you can create one at: https://account.riseup.net/user/new
	## but you will need an invite code from a current member to signup.
	##
	## Additional tips to improve privacy using this VPN:
	## - Block IPv6 connection on your device before connect to the VPN Server,
	## otherwise your device will leak your real IPv6 address. VPN Red does not support IPv6 yet.
	## - set the hour in your device to UTC-08h00 (Pacific Time);
	## - use a browser in United States of America English (EN-US) language;
	## - Try to block WebRTC, Canvas fingerprinting, CSP reports and remote fonts on your browser. Normally you need to use some extension for that.
	##
	## More informations about benefits and limitations can be found at our web site: https://riseup.net/vpn/why-is-needed
	##

	client
	tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA
	cipher AES-256-CBC
	auth SHA256

	dev tun
	#tun-mtu 1500

	#dev tap
	# if dev tun does not work: dev tap
	proto udp
	# alternately (try instead if udp doens't work):
	#proto tcp

	route-method exe
	route-delay 2

	##Riseup.net OpenVPN DNS server
	#nameserver 172.27.100.1

	dhcp-option DNS 172.27.100.1

	##You can add the following to the client config file.
	#dhcp-option DNS <dns_server_ip_address>
	###
	##On the server side it would have been :
	#push "dhcp-option DNS <dns_server_ip_address>"


	remote 198.252.153.226 443
	#remote vpn.riseup.net 443
	#remote seattle.vpn.riseup.net 443
	#remote nyc.vpn.riseup.net 80

	# other possibilities, if the above does not work:
	#remote 198.252.153.226 80
	#remote 198.252.153.226 1194
	#auth-user-pass
	auth-user-pass auth.txt
	## auth-user-pass auth.txt <<< requires you to have a filename 'auth.txt' with your username on line#1, and your password on line#2
	## ^^ so no interaction to input the user+pass when connecting to the riseupVPN

	mute-replay-warnings

	redirect-gateway
	verb 4
	block-outside-dns
	# adjust this if your system does not support 1.2
	tls-version-min 1.0

	nobind
	persist-tun
	persist-key
	resolv-retry infinite
	remote-cert-tls server
	remote-cert-eku "TLS Web Server Authentication"
	verify-x509-name vpn.riseup.net name
	#script-security 0
	#script-security 2 system
	script-security 2
	####
	#0 -- Strictly no calling of external programs.
	#1 -- (Default) Only call built-in executables such as ifconfig, ip, route, or netsh.
	#2 -- Allow calling of built-in executables and user-defined scripts.
	#3 -- Allow passwords to be passed to scripts via environmental variables (potentially unsafe).
	##
	#up-delay

	##
	#log openvpn.log

	<ca>
	-----BEGIN CERTIFICATE-----
	MIIF2jCCA8KgAwIBAgIIVogyQTSIzc8wDQYJKoZIhvcNAQELBQAwgYYxGDAWBgNV
	BAMTD1Jpc2V1cCBOZXR3b3JrczEYMBYGA1UEChMPUmlzZXVwIE5ldHdvcmtzMRAw
	DgYDVQQHEwdTZWF0dGxlMQswCQYDVQQIEwJXQTELMAkGA1UEBhMCVVMxJDAiBgkq
	hkiG9w0BCQEWFWNvbGxlY3RpdmVAcmlzZXVwLm5ldDAiGA8yMDE2MDEwMjIwMjU0
	MFoYDzIwMjYwMzMwMjAyNjAxWjCBhjEYMBYGA1UEAxMPUmlzZXVwIE5ldHdvcmtz
	MRgwFgYDVQQKEw9SaXNldXAgTmV0d29ya3MxEDAOBgNVBAcTB1NlYXR0bGUxCzAJ
	BgNVBAgTAldBMQswCQYDVQQGEwJVUzEkMCIGCSqGSIb3DQEJARYVY29sbGVjdGl2
	ZUByaXNldXAubmV0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAw2VV
	uoz4xqeB1ROIwXBRaj0prOqEFX89A7+2rslGRfjM8NPHyBLGleoHTK3DPwadtQeg
	ulaEOAjM5EMXTEX/o9H46L6h729HUWPCwVssvvOjyxTyGJDf7Ihd/Ab7ODtlJSyc
	g31aXMioA5pGz5QnS3VGz4nE9+NL+jobc/NbhaacsEPR/7xO7meRNu/1S+YiHK1y
	BSVrfap3XItlcNHDGNQkPyyJbS3pAS1lQs2HCBTzcFCamCkDOC7cRh9wZ4GH8U2f
	2s0mDD5zhRpheNW4gFBtGpqHiRXv7WJW612aaXzKQQoIq2loGNvOpnyBPKL3jjUT
	Rxv5IzWMV0nAofMCy25u/S4J65uSEd9mLNXFJ3rl+cFaybcOUXktTbS7bZy6cMyf
	/gO28bEXIWr5WfZf8jCbPyOVfExZquG3aS+0YPWmIJCheXQzgiwplZy93oND1GGQ
	f+1R2F7GPwNXQdefv2xm7PTWhHbSWHHmeY89qYED+yFJrX5ChoFoBbYs1lMmdU/C
	2MnQBFtvcVockXFAUONyMKiq8ZP6sQ1lu0rO9Bvkhx55sJLZOmjN3g4S1K97PbbI
	5DzHKcR0JQSt8ZtCY/MuMbwvlNYo98bFWvlfKET0KPtogNNH0PNfJmStKR8jWGjE
	HnUNXo7YDfK90iEKTjLz2K5CYzH5Dm6iYJNaaykCAwEAAaNGMEQwEgYDVR0TAQH/
	BAgwBgEB/wIBADAPBgNVHQ8BAf8EBQMDBwQAMB0GA1UdDgQWBBTGek7ebtq2Ibm+
	2K6je1IMobvEkzANBgkqhkiG9w0BAQsFAAOCAgEAO2B3jnL+8LeoRkc282qUpHyu
	xYj0Qd68l0CJ0FjfA2OCR/6h1W4gZVH+fTd/mhgrNXj28GRT53JEh1jdRC7ENTXu
	W9O8I9gCbWQ6V4nkZ9lpq8UEmKTFGnngVu8VCmSDF+y0kFuEtmt0jyd2UkJfC/vy
	Gh78OCHEdGAeOTYHXamiuA9Z7wMuncPjP476gSW2kfWTdxV25ad4tT5dA5d42xDm
	YE2UKzHeB9amOmvyh08LPD0idT5oROCIHsHBhQC9oltJXO5j6GyHRg88C1inyv6R
	xk+w9ek4wSBpoJg5t3hdbZr3JTUsuu4WPtAET0fMQpJC+niaBbegwtvdLZFM+d8x
	ead3ZpMO+XrpazDFGtdPTQdi5EIYmr2RL9eTeQbVPwMB9TgFpBXP+iYIuTpNo8jn
	8zS4EcPRmz6PQJVK4zkHczfvquyU9RuOwEgb8qN4tSNxF0Z94uSVUoXCG9WZLf8q
	MfsGesYiR/qLnLn3MfAyWm3OVOUvGzczDE2T8VvY7rXc2+8ra5aK0TNAgEz9ey6D
	/dGzM1JCCe1A08s+2+eRX//pmqmOCoGrY7zwIVS2T249h6iIMM9yT0C3ZXRoTnVN
	osyidOkVuQr0YK6shJ0WaK4F1MktdjOZKPoIc9QLw+TrSU2hfyla36T0bNWMC/TJ
	YtxDI+d1jIFZ7zMmts4=
	-----END CERTIFICATE-----
	</ca>