+## What endpoints does this changes apply to

+This change doesn't affect all endpoints, which don't contain a policy parameter in the URL. They're accessed only with the Microsoft Entra ID's login.microsoftonline.com endpoints, and can't be used with the *b2clogin.com*, or custom domains. The following example shows a valid token endpoint of the Microsoft identity platform:

+* Update any **Allowed Origins** that you define in the CORS settings for [user interface customization](customize-ui-with-html.md).

+If you're using [MSAL.NET][msal-dotnet] v2 or earlier, set the **ValidateAuthority** property to `false` on client instantiation to allow redirects to *b2clogin.com*. Setting this value to `false` isn't required for MSAL.NET v3 and later.

+To enable your app to sign in with client credentials, then call a web API, you register two applications in the Azure AD B2C directory.

+In this step, you register the web API (**App 2**) with its scopes. Later, you grant your application (**App 1**) permission to those scopes. If you already have such an app registration, skip this step, then move to the next one, [Step 1.1 Define web API roles (scopes)](#step-11-define-web-api-roles-scopes).

+In this step, you configure the web API **Application ID URI**, then define **App roles**. The app *roles*, used by the OAuth 2.0 *scopes* and defined on an application registration representing your API. Your application uses the Application ID URI with the `.default` scope. To define app roles, follow these steps:

+a new GUID by running `new-guid`command in the Microsoft PowerShell, or an [online GUID generator](https://www.bing.com/search?q=online+guid+generator). The `value` property of each app role definition appears in the scope, the `scp` claim. The `value` property

+1. Select **App registrations**, and then select your existing app from the list.

+1. Record the secret's **Value**. You use this value for configuration in a later step.

+**Request**:

+grant_type=client_credentials

+&client_id=33333333-0000-0000-0000-000000000000

+&client_secret=FyX7Q~DuPJ...

+&scope=https%3A%2F%2Fcontoso.onmicrosoft.com%2Fapi%2F.default

+**Response**:

+Make sure you complete the section in which you [create a SendGrid API key](https://docs.sendgrid.com/for-developers/partners/microsoft-azure-2021#to-find-your-sendgrid-api-key). Record the API key for use in a later step.

+1. In the top-left corner of the Azure portal, choose **All services**, and then search for and select **Azure AD B2C**.

+1. To begin editing your new template, select the template that is, `Verification email`, then select **Add Version**.

+1. In the HTML editor, paste following HTML template or use your own. The `{{otp}}` and `{{email}}` parameters are replaced dynamically with the one-time password value and the user email address.

+1. Expand **Settings** menu, and for **Version Name**, enter a template version.

+1. Select **Save**.

+Next, you need a claims transformation to output a JSON string claim that forms the body of the request sent to SendGrid.

+A verification display control is used to verify the email address with a verification code that the user receives.

+1. Update your SendGrid template to use dynamic parameters in place of all the strings that Azure AD B2C localizes.

+- Find an example of [Custom email verification - DisplayControls custom policy](https://github.com/azure-ad-b2c/samples/tree/master/policies/custom-email-verifcation-displaycontrol/policy/SendGrid) on GitHub.

+- Learn how to use a custom REST API or any HTTP-based SMTP email provider, see [Define a RESTful technical profile in an Azure AD B2C custom policy](restful-technical-profile.md).

+Azure Active Directory B2C (Azure AD B2C) custom policy allows you to interact with application logic that you implement outside of Azure AD B2C. To do so, you make an HTTP call to an endpoint. Azure AD B2C custom policies provide RESTful technical profile for this purpose. By using this capability, you can implement features that aren't available within Azure AD B2C custom policy.

+In [Create branching in user journey by using Azure AD B2C custom policies](custom-policies-series-branch-user-journey.md), users who select *Personal Account* need to provide a valid invitation access code to proceed. We use a static access code, but real world apps don't work this way. If the service that issues the access codes is external to your custom policy, you must make a call to that service, and pass the access code input by the user for validation. If the access code is valid, the service returns an HTTP `200 OK` response, and Azure AD B2C issues JWT token. Otherwise, the service returns an HTTP `409 Conflict` response, and the user must reenter an access code.

+You need to deploy an app, which serves as your external app. Your custom policy then makes an HTTP call to this app.

+ 1. To make a POST request similar to the one shown in this example, you can use an HTTP client such as [Microsoft PowerShell](/powershell/scripting/overview) or [Postman](https://www.postman.com/):

+For your custom policy to reach your Node.js app, it needs to be reachable, so, you need deploy it. In this article, you deploy the app by using [Azure App Service](../app-service/overview-vnet-integration.md), but you use an alternative hosting approach.

+- The *PartnerClaimType* attribute in the `InputClaim` specifies how you receive your data in the API.

+1. Enter the rest of the details as required, and then select **Continue**. You see a new screen.

+1. For **Access Code**, enter *88888*, and then select **Continue**. After the policy finishes execution, you're redirected to `https://jwt.ms`, and you see a decoded JWT token. If you repeat the procedure, and enter a different **Access Code**, other than *88888*, you see an error, **The access code you entered is incorrect. Please try again.**

+1. [Test your custom policy](#step-4test-the-custom-policy). Make sure you use a wrong input for your **Access Code**. You see an error similar to the one shown in this screenshot:

+You can improve your productivity when editing or writing custom policy files by validating your files before you upload them. You can let Azure Active Directory B2C (Azure AD B2C) to validate the XML policy files when you upload them, but most errors cause the upload to fail. So, we recommend you validate your custom policy files before you upload them. An example of invalid policy file is improperly formatted XML.

+It's essential to use a good XML editor such as [Visual Studio Code (VS Code)](https://code.visualstudio.com/). We recommend using VS Code as it allows you to install XML extension, such as [XML Language Support by Red Hat](https://marketplace.visualstudio.com/items?itemName=redhat.vscode-xml). A good XML editor together with extra XML extension allows you to color-codes content, prefills common terms, keeps XML elements indexed, and can validate against an XML schema.

+- You must install [Visual Studio Code (VS Code)](https://code.visualstudio.com/) in your computer.

+- A custom policy file such as the one we use in [Validate user inputs by using Azure AD B2C custom policy](custom-policies-series-validate-user-input.md).

+Azure AD B2C extension allows you to understand the organization of your policy files easily. For example, the custom policy explorer allows you to see the custom policy elements you use and to move to them quickly.

+Custom policies are configuration files that define the behavior of your Azure Active Directory B2C (Azure AD B2C) tenant. While [user flows](user-flow-overview.md) are predefined in the Azure AD B2C portal for the most common identity tasks, an identity developer can edit custom policies to complete many different tasks.

+A custom policy is fully configurable and policy-driven. A custom policy orchestrates trust between entities in standard protocols. For example, OpenID Connect, OAuth, SAML, and a few nonstandard ones, for example REST API-based system-to-system claims exchanges. The framework creates user-friendly, white-labeled experiences.

+Azure AD B2C custom policy [starter pack](tutorial-create-user-flows.md?pivots=b2c-custom-policy#get-the-starter-pack) comes with several prebuilt policies to get you started quickly. Each of these starter packs contains the smallest number of technical profiles and user journeys needed to achieve the scenarios described:

+- **SocialAndLocalAccountsWithMFA** - Enables social, local, and multifactor authentication options.

+All relying party applications that use the same policy receives the same token claims, and the user goes through the same user journey.

+[User journeys](userjourneys.md) allows you to define the business logic with path through which user follows to gain access to your application. The user is taken through the user journey to retrieve the claims that are to be presented to your application. A user journey is built from a sequence of [orchestration steps](userjourneys.md#orchestrationsteps). A user must reach the last step to acquire a token.

+Within an Azure AD B2C custom policy, you can integrate your own business logic to build the user experiences you require and extend functionality of the service. We have a set of best practices and recommendations to get started.

+- Create your logic within the **extension policy**, or **relying party policy**. You can add new elements, which overrides the base policy by referencing the same ID. This approach allows you to scale out your project while making it easier to upgrade base policy later on if Microsoft releases new starter packs.

+- If you want to understand how custom policy is built from scratch, learn how to [Create and run your own custom policies in Azure Active Directory B2C how-to guide series](custom-policies-series-overview.md).

+- Certain browsers, such as Safari or Chrome in incognito mode, view Azure AD B2C session cookies within an iframe as third-party cookies. These browsers may block or clear these cookies, which can lead to a less than optimal user experience. To prevent this issue, make sure your application domain name and your Azure AD B2C domain have the *same origin*. To use the same origin, [enable custom domains](custom-domain.md) for Azure AD B2C tenant, then configure your web app with the same origin. For example, an application hosted on 'https://app.contoso.com' has the same origin as Azure AD B2C running on 'https://login.contoso.com'.

+- Your application must trust and own the URI.

+- The full URI of the web app must be specified. Wildcards aren't supported.

+In addition, we recommend that you also block your own domain name from being embedded in an iframe by setting the `Content-Security-Policy` and `X-Frame-Options` headers respectively on your application pages. This technique mitigates security concerns around older browsers related to nested embedding of iframes.

+With Azure AD B2C [user interface customization](customize-ui.md), you have almost full control over the HTML and CSS content that you present your users. Follow the steps for customizing an HTML page using content definitions. To fit the Azure AD B2C user interface into the iframe size, provide clean HTML page without a background and extra spaces.

+After the application receives and validates the ID token, it completes the authorization flow and recognizes and trusts the user. Because the authorization flow happens inside the iframe, you need to reload the main page. After the page reloads, the sign-in button changes to "sign out" and the username is presented in the UI.

+The following example shows how the sign-in redirect URI can refresh the main page:

+For a single-page application, you also need a second "sign-in" HTML page that loads into the iframe. This sign-in page hosts the authentication library code that generates the authorization code and returns the token.

+- [public/https://docsupdatetracker.net/index.html](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/public/https://docsupdatetracker.net/index.html)- The [bundling process](https://legacy.reactjs.org/docs/code-splitting.html) uses this file as a template and injects the React components into the `<div id="root">` element. If you open it directly in the browser, you see an empty page.

+ - The **App** component is the top level component of your app. It wraps everything between `MsalProvider` component. All components underneath MsalProvider have access to the PublicClientApplication instance via context and all hooks and components provided by MSAL React. The App component mounts the [PageLayout](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/components/PageLayout.jsx) and its [Pages](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/App.jsx#L18) child element.

+- [src/components/NavigationBar.jsx](https://github.com/Azure-Samples/ms-identity-javascript-react-tutorial/blob/main/3-Authorization-II/2-call-api-b2c/SPA/src/components/NavigationBar.jsx) - The app top navigation bar that has the sign-in, sign-out, edit profile and call REST API reset buttons.

+ - It uses the [AuthenticatedTemplate](https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-react/docs/getting-started.md#authenticatedtemplate-and-unauthenticatedtemplate), which renders its children only if a user is authenticated.

+After you [add the authentication components](#step-3-add-the-authentication-components), configure your React app with your Azure AD B2C settings. Azure AD B2C identity provider settings are configured in the *authConfig.js* file.

+For guidance, see [Configure your React app](configure-authentication-sample-react-spa-app.md#31-configure-the-react-sample).

+1. From Visual Studio Code, open a new terminal and run the following commands:

+To authorize access to a web API, you can serve only requests that include a valid access token that Azure Active Directory B2C (Azure AD B2C) issues. This article shows you how to enable Azure AD B2C authorization to your web API. After you complete the steps in this article, only users who obtain a valid access token will be authorized to call your web API endpoints.

+Token-based authentication ensures that requests to a web API includes a valid access token.

+The app completes the following steps:

+The web API completes the following steps:

+In the next sections, you create a new web API project. Select your programming language, ASP.NET Core or Node.js. Make sure you have a computer that's running either of the following software:

+Add the following JavaScript code to the *app.js* file. It's possible to [setup HTTP and HTTPS endpoints for the Node application](https://github.com/expressjs/express/wiki/Migrating-from-2.x-to-3.x#application-function).

+The initialized _GraphServiceClient_ is then used in _UserService.cs_ to perform the user management operations. For example, getting a list of the user accounts in the tenant:

+- For code samples in JavaScript and Node.js, please see: [Manage B2C user accounts with MSAL.js and Microsoft Graph SDK](https://github.com/Azure-Samples/ms-identity-b2c-javascript-nodejs-management)

+- Explore [Graph Explorer](https://aka.ms/ge) that lets you try Microsoft Graph APIs and learn about them.

+OpenID Connect also enables applications to securely acquire *access tokens*. You can use access tokens to access resources that the [authorization server](protocols-overview.md) secures. We recommend OpenID Connect if you're building a web application that you host on a server and accessed through a browser. For more information about tokens, see the [Overview of tokens in Azure Active Directory B2C](tokens-overview.md)

+- `90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6` with the app ID of an [application you registered in your tenant](tutorial-register-applications.md).

+- `{application-id-uri}/{scope-name}` with the Application ID URI and scope of an application that you registered in your tenant.

+GET /{tenant}.onmicrosoft.com/{policy}/oauth2/v2.0/authorize?

+Host: {tenant}.b2clogin.com

+| {policy} | Yes | The user flow or policy that the app runs. Specify the name of a user flow that you create in your Azure AD B2C tenant. For example: `b2c_1_sign_in`, `b2c_1_sign_up`, or `b2c_1_edit_profile`. |

+| scope | Yes | A space-separated list of scopes. The `openid` scope indicates a permission to sign in the user and get data about the user in the form of ID tokens. The `offline_access` scope is optional for web applications. It indicates that your application need a *refresh token* for extended access to resources. The `https://{tenant-name}/{app-id-uri}/{scope}` indicates a permission to protected resources, such as a web API. For more information, see [Request an access token](access-tokens.md#scopes). |

+| prompt | No | The type of user interaction that you require. The only valid value at this time is `login`, which forces the user to enter their credentials on that request. |

+| redirect_uri | Yes | The `redirect_uri` parameter of your application, where the server sends authentication responses to your application. It must exactly match one of the `redirect_uri` parameters that you registered in the Azure portal, except that it must be URL-encoded. |

+| response_mode | No | The method that is used to send the resulting authorization code back to your application. It can be either `query`, `form_post`, or `fragment`. We recommended you use the `form_post` response mode for best security. |

+| state | No | A value that you can include in the request that the authorization server returns in the token response. It can be a string of any content that you want. A randomly generated unique value is typically used for preventing cross-site request forgery attacks. The state is also used to encode information about the user's state in the application before the authentication request occurred, such as the page they were on. If you don't want to register multiple redirect URLs in your Azure portal, you can use the `state` parameter to differentiate responses in your application from Azure AD B2C service due to different requests.|

+| login_hint | No| Can be used to prefill the sign-in name field of the sign-in page. For more information, see [Prepopulate the sign-in name](direct-signin.md#prepopulate-the-sign-in-name). |

+After the user completes the user flow, a response is returned to your application at the indicated `redirect_uri` parameter, by using the method that you specify in the `response_mode` parameter. The response is the same for each of the preceding cases, independent of the user flow.

+Just receiving an ID token isn't enough to authenticate the user. Validate the ID token's signature and verify the claims in the token per your application's requirements. Azure AD B2C uses [JSON Web Tokens (JWTs)](https://self-issued.info/docs/draft-ietf-oauth-json-web-token.html) and public key cryptography to sign tokens and verify that they're valid.

+To determine which user flow was used to sign an ID token, you have two options. First, the user flow name is included in the `acr` claim in the ID token, see [claim representing user flow](configure-tokens.md#token-compatibility-settings). Your other option is to encode the user flow in the value of the `state` parameter when you issue the request, and then decode it to determine which user flow was used. Either method is valid.

+After you acquire the metadata document from the OpenID Connect metadata endpoint, you can use the RSA 256 public keys to validate the signature of the ID token. There might be multiple keys listed at this endpoint, each identified by a `kid` claim. The header of the ID token also contains a `kid` claim, which indicates which of these keys was used to sign the ID token.

+To verify the tokens from Azure AD B2C, you need to generate the public key using the exponent(e) and modulus(n). To do so, you need to learn how to generate the public key in a programming language of your choice. The official documentation on Public Key generation with the RSA protocol can be found here: https://tools.ietf.org/html/rfc3447#section-3.1

+After you validate the signature of the ID token, there are various claims that you need to verify. For instance:

+There are also several more validations that you should perform. The validations are described in detail in the [OpenID Connect Core Spec](https://openid.net/specs/openid-connect-core-1_0.html). You might also want to validate more claims, depending on your scenario. Some common validations include:

+- Ensure that the user/organization signed up for the application.

+- Ensure that the user has proper authorization/privileges.

+- Ensure that a certain strength of authentication has occurred, such as Microsoft Entra multifactor authentication.

+You can also request an access token for your app's own back-end Web API. In this case, you use the app's client ID as the requested scope, which results in an access token with that client ID as the "audience":

+grant_type=authorization_code

+&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6

+&scope=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6 offline_access

+&code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...

+&redirect_uri=urn:ietf:wg:oauth:2.0:oob

+| client_secret | Yes, in Web Apps | The application secret that was generated in the [Azure portal](https://portal.azure.com/). Client secrets are used in this flow for Web App scenarios, where the client can securely store a client secret. For Native App (public client) scenarios, client secrets can't be securely stored, therefore not used on this flow. If using a client secret, change it on a periodic basis. |

+| not_before | The epoch time at which the token becomes valid. |

+| scope | The valid scopes for the token. |

+| expires_on | The epoch time when the access token becomes invalid. |

+| refresh_token | An OAuth 2.0 refresh token. The application can use this token to acquire more tokens after the current token expires. Refresh tokens can be used to retain access to resources for extended periods of time. The scope `offline_access` must have been used in both the authorization and token requests in order to receive a refresh token. |

+After you successfully acquire an access token, you can use the token in requests to your back-end web APIs by including it in the `Authorization` header:

+Access tokens and ID tokens are short-lived. After they expire, you must refresh them to continue to access resources. When you refresh the access token, Azure AD B2C returns a new token. The refreshed access token will have updated `nbf` (not before), `iat` (issued at), and `exp` (expiration) claim values. All other claim values are similar to those in the previous access token.

+grant_type=refresh_token

+&client_id=90c0fe63-bcf2-44d5-8fb7-b8bbc0b29dc6

+&scope=openid offline_access

+&refresh_token=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrq...

+&redirect_uri=urn:ietf:wg:oauth:2.0:oob

+| client_secret | Yes, in Web Apps | The application secret that was generated in the [Azure portal](https://portal.azure.com/). Client secrets are used in this flow for Web App scenarios, where the client can securely store a client secret. For Native App (public client) scenarios, client secrets can't be securely stored, therefore not used on this call. If using a client secret, please change it on a periodic basis. |

+| not_before | The epoch time at which the token becomes valid. |

+| scope | The valid scopes for the token. |

+| {policy} | Yes | The user flow that you specify in the authorization request. For example, if the user signed-in with the `b2c_1_sign_in` user flow, specify `b2c_1_sign_in` in the sign-out request. |

+| post_logout_redirect_uri | No | The URL that the user should be redirected to after successful sign out. If it isn't included, Azure AD B2C shows the user a generic message. Unless you provide an `id_token_hint`, you shouldn't register this URL as a reply URL in your Azure AD B2C application settings. |

+| state | No | If you include a `state` parameter in the authorization request, the authorization server returns the same value in the response to the `post_logout_redirect_uri`. The application should verify that the `state` value in the request and response are identical. |

+After logout, the user is redirected to the URI you specify in the `post_logout_redirect_uri` parameter, regardless of the reply URLs that you specify for the application. However, if a valid `id_token_hint` is passed, and the **Require ID Token in logout requests** is turned on, Azure AD B2C verifies that the value of `post_logout_redirect_uri` matches one of the application's configured redirect URIs before performing the redirect. If no matching reply URL was configured for the application, an error message is displayed and the user isn't redirected.

+- Learn more about [Azure AD B2C session](session-behavior.md).

+ Title: Secure APIs used for API connectors in Azure AD B2C

+description: Secure your custom RESTful APIs used for API connectors in Azure AD B2C.

+# Secure APIs used for API connectors in Azure AD B2C

+When integrating a REST API within an Azure AD B2C user flow, you must protect your REST API endpoint with authentication. The REST API authentication ensures that only services that have proper credentials, such as Azure AD B2C, can make calls to your endpoint. This article explores how to secure REST API.

+Complete the steps in the [Add an API connector to a sign-up user flow](add-api-connector.md) guide.

+You can protect your API endpoint by using either HTTP basic authentication or HTTPS client certificate authentication. In either case, you provide the credentials that Azure AD B2C uses when it calls your API endpoint. Your API endpoint then checks the credentials and performs authorization decisions.

+HTTP basic authentication is defined in [RFC 2617](https://tools.ietf.org/html/rfc2617). Basic authentication works as follows:

+- Azure AD B2C sends an HTTP request with the client credentials (`username` and `password`) in the `Authorization` header.

+- The credentials are formatted as the base64-encoded string `username:password`.

+- Your API then is responsible for checking these values to perform other authorization decisions.

+It's recommended you set reminder alerts for when your certificate will expire. You need to generate a new certificate and repeat the steps above when used certificates are about to expire. To "roll" the use of a new certificate, your API service can continue to accept old and new certificates for a temporary amount of time while the new certificate is deployed.

+To upload a new certificate to an existing API connector, select the API connector under **API connectors** and click on **Upload new certificate**. The most recently uploaded certificate, which is not expired and whose start date has passed will automatically be used by Azure AD B2C.

+You can obtain an access token in one of several ways, for the [from a federated identity provider](idp-pass-through-user-flow.md), by calling a REST API that returns an access token, by using an [ROPC flow](../active-directory/develop/v2-oauth-ropc.md), or by using the [client credentials flow](../active-directory/develop/v2-oauth2-client-creds-grant-flow.md). The client credentials flow is commonly used for server-to-server interactions that must run in the background, without immediate interaction with a user.

+For a client credentials flow, you need to create an application secret. The client secret is also known as an application password. Your application uses the secret to acquire an access token.

+To support bearer token authentication in your custom policy, modify the REST API technical profile by using the following steps:

+1. Change or add the *UseClaimAsBearerToken* to *bearerToken*, as follows. The *bearerToken* is the name of the claim that the bearer token is retrieved from (the output claim from `REST-AcquireAccessToken`).

+1. Add the claim from the previous step as an input claim:

+After you update your policy, your technical profile should look similar to the following XML code:

+When a user signs in with a federated account, a session time window, also known as time-to-live (TTL), starts. If the user signs in to the same or a different app within this TTL, Azure AD B2C attempts to acquire a new access token from the federated identity provider. If the federated identity provider session is expired or invalid, the federated identity provider prompts the user for their credentials. If the userΓÇÖs session is ongoing, or if the user is signed in using a local account instead of a federated one, Azure AD B2C authorizes the user and prevents any further prompts.

+3. On the Azure AD B2C sign-up or sign-in page, the user chooses to sign-in with their Facebook account. The user is redirected to Facebook. If there's an active session at Facebook, the user isn't prompted to provide their credentials and is immediately redirected to Azure AD B2C with a Facebook token.

+An OAuth2 access token, ID token, or SAML token can protect a web, mobile, or single page application. When a user tries to access a protected resource on the app, the app checks whether there's an active session on the application side. If an app session does not exist or the session expires, the app directs the user to the Azure AD B2C sign-in page.

+ - **Absolute** - Indicates that the user is forced to reauthenticate after the time period specified.

+ - **Policy** - This setting allows you to maintain a user session exclusively for a user flow, independent of the applications using it. For instance, Azure AD B2C grants the user access to higher-security parts of multiple applications if the user has already signed in and completed a multifactor authentication (MFA) step. This access continues as long as the session associated with the user flow remains active.

+- KMSI is supported only for the **Recommended** versions of sign-up and sign-in (SUSI), sign-in, and profile editing user flows. If you currently have **Standard (Legacy)** or **Legacy preview - v2** versions of these user flows and want to enable KMSI, you need to create new, **Recommended** versions of these user flows.

+- KMSI isn't supported with password reset or sign-up user flows.

+- KMSI shouldn't be enabled on public computers.

+Users shouldn't enable this option on public computers.

+1. Open the extension file of your policy. For example, <em>`SocialAndLocalAccounts/`**`TrustFrameworkExtensions.xml`**</em>. This extension file is one of the policy files included in the custom policy starter pack, which you obtain in the prerequisite, [Get started with custom policies](tutorial-create-user-flows.md?pivots=b2c-custom-policy).

+ ```xml

+ <ClaimsProvider>

+ <DisplayName>Local Account</DisplayName>

+ <TechnicalProfiles>

+ <TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email">

+ <Metadata>

+ <Item Key="setting.enableRememberMe">True</Item>

+ </Metadata>

+ </TechnicalProfile>

+ </TechnicalProfiles>

+ </ClaimsProvider>

+ ```

+Update the relying party (RP) file that initiates the user journey that you created. The `keepAliveInDays` parameter allows you to configure how the long the keep me signed in (KMSI) session cookie should persist. For example, if you set the value to 30, then KMSI session cookie persists for 30 days. The range for the value is from 1 to 90 days. Setting the value to 0 turns off KMSI functionality.

+## Sign out

+When you want to sign the user out of the application, it isn't enough to clear the application's cookies or otherwise end the session with the user. You must redirect the user to Azure AD B2C to sign out. Otherwise, the user might be able to reauthenticate to your applications without entering their credentials again.

+ - OpenId Connect - If the identity provider well-known configuration endpoint specifies an `end_session_endpoint` location. The sign-out request doesn't pass the `id_token_hint` parameter. If the federated identity provider requires this parameter, the sign-out request fails.

+When you redirect the user to the [Azure AD B2C sign-out endpoint](openid-connect.md#send-a-sign-out-request) (for both OAuth2 and OpenID Connect) or send a `LogoutRequest` (for SAML), Azure AD B2C clears the user's session from the browser. However, the user might still be signed in to other applications that use Azure AD B2C for authentication. To sign the user out of all applications, which have an active session, Azure AD B2C supports *single sign-out*, also known as *Single Log-Out (SLO)*.

+When Azure AD B2C receives the logout request, it uses a front-channel HTML iframe to send an HTTP request to the registered logout URL of each participating application that the user is currently signed in to. Note, the application that triggers the sign-out request gets this log-out message. Your applications must respond to the sign-out request by clearing the application session that identifies the user.

+When Azure AD B2C notifies all applications about the sign-out, it proceeds to do one of the following:

+- For OpenID Connect or OAuth2 applications, it redirects the user to the requested `post_logout_redirect_uri` including the (optional) `state` parameter specified in the initial request. For example `https://contoso.com/logout?state=foo`.

+- For SAML applications, it sends a SAML logout response via HTTP POST to the application that initially sent the logout request.

+After logout, the user is redirected to the URI specified in the `post_logout_redirect_uri` parameter, regardless of the reply URLs that you specify for the application. However, if a valid `id_token_hint` is passed and the **Require ID Token in logout requests** is turned on, Azure AD B2C verifies that the value of `post_logout_redirect_uri` matches one of the application's configured redirect URIs before performing the redirect. If no matching reply URL was configured for the application, an error message is displayed and the user isn't redirected.

+- Use strong authentication for your emergency access accounts and make sure it doesnΓÇÖt use the same authentication methods as your other administrative accounts.

+- Make sure you [exclude at least one account from phone-based multifactor authentication](../active-directory/roles/security-emergency-access.md#exclude-at-least-one-account-from-phone-based-multi-factor-authentication)

+1. Once the deployment completes, select **Go to resource**.

+ * `ClientEnabled="true"` sends the ApplicationInsights client-side script for tracking page view and client-side errors. You can view this in the **browserTimings** table in the Application Insights portal. By setting `ClientEnabled= "true"`, you add Application Insights to your page script and you get timings of page loads and AJAX calls, counts, details of browser exceptions and AJAX failures, and user and session counts. This field is **optional**, and is set to `false` by default.

+There's a short delay, typically less than five minutes, before you can see new logs in Application Insights.

+Here's a list of queries you can use to see the logs:

+> Application Insights instrumentation key that your create earlier is used by Azure AD B2C to send telemetries to Application Insights. You use the instrumentation key only in your Azure AD B2C policy, not in the VS Code extension.

+1. Copy the **Key** before closing the Create API key blade and save it somewhere secure. If you lose the key, you need to create another.

+Now that you have Azure Application insights API ID and Key, you can configure the VS Code extension to read the logs. Azure AD B2C VS Code extension provides two scopes for settings:

+After you save the settings, the Application insights logs appear on the **Azure AD B2C Trace (App Insights)** window.

+To improve your production environment performance and better user experience, it's important to configure your policy to ignore messages that are unimportant. Use the following configuration in production environments and no logs are sent to your application insights.

+- A user policy uses the recommended [self service password reset (SSPR) experience](add-password-reset-policy.md#self-service-password-reset-recommended) with a consumer local account. The user selects the **Forgot your password?** link, and then selects **Cancel** button before the user flow experience completes. In this case, Azure AD B2C service returns error code `AADB2C90091` to your application.

+To diagnose problems with your custom policies, use [Application Insights](troubleshoot-with-application-insights.md). Application Insights traces the activity of your custom policy user journey. It provides a way to diagnose exceptions and observe the exchange of claims between Azure AD B2C and the various claims providers. The claims providers are defined by technical profiles, such as identity providers, API-based services, the Azure AD B2C user directory, and other services.

+> - There's a short delay, typically less than five minutes, before you can see new logs in Application Insights.

+> - The community has developed the Visual Studio Code extension for Azure AD B2C to help identity developers. The extension isn't supported by Microsoft and is made available strictly as-is.

+With the focus on the Azure AD B2C trace explorer, start to type the first digit of the correlation ID, or a time you want to find. You see a filter box in the top-right of the Azure AD B2C trace explorer showing what you have typed so far, and matching trace logs are highlighted.

+Hovering over the filter box and selecting **Enable Filter on Type** shows only matching trace logs. Use the **'X' Clear button** to clear the filter.

+Use **Run now** and `https://jwt.ms` to test your policies independently of your web or mobile application. This website acts like a relying party application. It displays the contents of the JSON web token (JWT) that your Azure AD B2C policy generates.

+The most common error in setting up custom policies is improperly formatted XML. A good XML editor is nearly essential. It displays XML natively, color-codes content, prefills common terms, keeps XML elements indexed, and can validate against an XML schema.

+Validation of the XML policy file is performed automatically on upload. Most errors cause the upload to fail. Validation includes the policy file that you want to upload. It also includes the chain of files the upload file refers to (the relying party policy file, the extensions file, and the base file).

+### ...was expected to have step with order "{number}", but it was not found...

+This type of error happens when your policy makes a reference to a claim that isn't declared in the [claims schema](claimsschema.md). Claims must be defined in at least one of the files in the policy.

+To fix this type of error, check whether the `ClaimTypeReferenceId` value is misspelled, or doesn't exist in the schema. If the claim is defined in the extensions policy, but it's also being used in the base policy. Make sure the claim is defined in the policy it's used in, or in an upper level policy.

+You sign in with an account from a tenant that is different than the policy you try to upload. For example, your sign in with admin@contoso.onmicrosoft.com, while your policy `TenantId` is set to `fabrikam.onmicrosoft.com`.

+In a relying party policy, you added an output claim, but the output claim isn't an output claim in any of the steps of user journey. Azure AD B2C can't read the claim value from the claims bag.

+In the following example, the *schoolId* claim is an output claim of the relying party's technical profile, but it isn't an output claim in any of the steps of *SignUpOrSignIn* user journey.

+Learn how to [Create user flows in Azure Active Directory B2C](tutorial-create-user-flows.md)

+ Title: Register a single-page application in Azure Active Directory B2C

+# Register a single-page application in Azure Active Directory B2C

+- If you don't have an [Azure AD B2C Tenant](tutorial-create-tenant.md), create one now. You can use an existing Azure AD B2C tenant.

+ The redirect URI is the endpoint to where authorization server (Azure AD B2C, in this case) sends the user after it completes its interaction with the user. Also, the redirect URI endpoint receives the access token or authorization code upon successful authorization. In a production application, it's typically a publicly accessible endpoint where your app is running, like `https://contoso.com/auth-response`. For testing purposes like this guide, you can set it to `https://jwt.ms`, a Microsoft-owned web application that displays the decoded contents of a token (the contents of the token never leave your browser). During app development, you might add the endpoint where your application listens locally, like `http://localhost:5000`. You can add and modify redirect URIs in your registered applications at any time.

+If youΓÇÖre using MSAL.js 1.3 or an earlier version with the implicit grant flow in your SPA app, or if you configure the [https://jwt.ms/](https://jwt.ms/) app for testing a user flow or custom policy, you need to enable the implicit grant flow in the app registration:

+1. Under **Implicit grant**, deselect both the **Access tokens** and **ID tokens** check boxes.

+Learn how to [Create user flows in Azure Active Directory B2C](tutorial-create-user-flows.md).

+description: Learn about the user resource type attributes that Azure AD B2C directory user profile supports. Find out about built-in attributes, extensions, and how attributes map to Microsoft Graph.

+Microsoft Graph API supports most of the attributes that you can use with Azure This article describes user profile attributes that Azure AD B2C supports. It also notes those attributes that Microsoft Graph doesn't support, and Microsoft Graph API attributes that Azure AD B2C shouldn't use.

+Azure AD B2C directory user profile supports the [user resource type](/graph/api/resources/user) attributes listed in the table below. It gives the following information about each attribute:

+|Name |Date type |Description|Available in Azure portal|Used in user flows|Used in custom policy|

+|city |String|The userΓÇÖs city of residence.. Max length 128.|Yes|Yes|Persisted, Output|

+|country |String|The userΓÇÖs country/region of residence.. For example: *US* or *UK*. Max length 128.|Yes|Yes|Persisted, Output|

+|otherMails |String collection|A list of other email addresses for the user. Example: ["bob@contoso.com", "Robert@fabrikam.com"]. NOTE: Accent characters aren't allowed.|Yes (Alternate email)|No|Persisted, Output|

+|preferredLanguage |String|The preferred language for the user. The preferred language format is based on RFC 4646. The name is a combination of an ISO 639 two-letter lowercase culture code associated with the language, and an ISO 3166 two-letter uppercase subculture code associated with the country or region. For example: *en-US*, or *es-ES*.|No|No|Persisted, Output|

+|refreshTokensValidFromDateTime (signInSessionsValidFromDateTime)|DateTime|Any refresh tokens issued before this time are invalid, and applications get an error when using an invalid refresh token to acquire a new access token. In this case, the application needs to acquire a new refresh token by making a request to the authorize endpoint. Read-only.|No|No|Output|

+|signInNames.userName ([Identities](#identities-attribute)) |String|The unique username of the local account user in the directory. Use this attribute to create or get a user with a specific sign-in username. Specifying this attribute in PersistedClaims alone during Patch operation removes other types of signInNames. If you would like to add a new type of signInNames, you also need to persist existing signInNames. NOTE: Accent characters aren't allowed in the username.|No|No|Input, Persisted, Output|

+|signInNames.phoneNumber ([Identities](#identities-attribute)) |String|The unique phone number of the local account user in the directory. Use this attribute to create or get a user with a specific sign-in phone number. Specifying this attribute in PersistedClaims alone during Patch operation removes other types of signInNames. If you would like to add a new type of signInNames, you also need to persist existing signInNames.|No|No|Input, Persisted, Output|

+|signInNames.emailAddress ([Identities](#identities-attribute))|String|The unique email address of the local account user in the directory. Use this attribute to create or get a user with a specific sign-in email address. Specifying this attribute in PersistedClaims alone during Patch operation removes other types of signInNames. If you would like to add a new type of signInNames, you also need to persist existing signInNames.|No|No|Input, Persisted, Output|

+|strongAuthentication AlternativePhoneNumber¹|String|The secondary telephone number of the user, used for multifactor authentication.|Yes|No|Persisted, Output|

+|strongAuthenticationEmailAddress¹|String|The SMTP address for the user. Example: "bob@contoso.com" This attribute is used for sign-in with username policy, to store the user email address. The email address then used in a password reset flow. Accent characters aren't allowed in this attribute.|Yes|No|Persisted, Output|

+|strongAuthenticationPhoneNumber²|String|The primary telephone number of the user, used for multifactor authentication.|Yes|No|Persisted, Output|

+|usageLocation |String|Required for users that are assigned licenses due to legal requirement to check for availability of services in countries/regions. Not nullable. A two letter country/region code (ISO standard 3166). For examples, *US*, *JP*, and *GB*.|Yes|No|Persisted, Output|

+In the Microsoft Graph API, both local and federated identities are stored in the user `identities` attribute, which is of type [objectIdentity](/graph/api/resources/objectidentity). The `identities` collection represents a set of identities used to sign in to a user account. This collection enables the user to sign in to the user account with any of its associated identities. The identities attribute can contain up to 10 [objectIdentity](/graph/api/resources/objectidentity) objects. Each object contains the following properties:

+|issuer|string|Specifies the issuer of the identity. For local accounts (where **signInType** isn't `federated`), this property is the local B2C tenant default domain name, for example `contoso.onmicrosoft.com`. For social identity (where **signInType** is `federated`) the value is the name of the issuer, for example `facebook.com`|

+For federated identities, depending on the identity provider, the **issuerAssignedId** is a unique value for a given user per application or development account. Configure the Azure AD B2C policy with the same application ID that the social provider or another application within the same development account assigns.

+For a federated (social) identity, the **passwordProfile** attribute isn't required.

+When using a phone for multifactor authentication (MFA), the mobile phone is used to verify the user identity. To [add](/graph/api/authentication-post-phonemethods) a new phone number programmatically, [update](/graph/api/phoneauthenticationmethod-update), [get](/graph/api/phoneauthenticationmethod-get), or [delete](/graph/api/phoneauthenticationmethod-delete) the phone number, use MS Graph API [phone authentication method](/graph/api/resources/phoneauthenticationmethod).

+Extension attributes [extend the schema](/graph/extensibility-overview#schema-extensions) of the user objects in the directory. The extension attributes can only be registered on an application object, even though they might contain data for a user. The extension attribute is attached to the application called `b2c-extensions-app`. Don't modify this application, as it's used by Azure AD B2C for storing user data. You can find this application under Microsoft Entra App registrations. [Learn more about Azure AD B2C](extensions-app.md) `b2c-extensions-app`.

+The **Application (client) ID** when used to create the name of the extension attribute doesn't include hyphens. For example:

+|DateTime | Must be specified in ISO 8601 format. The value is stored in UTC. |

+Studio also lets you set up a moderation workflow, where you can continuously monitor and improve content moderation performance. It can help you meet content requirements from all kinds of industries like gaming, media, education, E-commerce, and more. Businesses can easily connect their services to the Studio and have their content moderated in real-time, whether user-generated or AI-generated.

+Feel free to [contact us](mailto:contentsafetysupport@microsoft.com) if you need other regions for your business.

+| Pricing Tier | Requests per 10 seconds (RPS) |

+| F0 | 1000 |

+| S0 | 1000 |

+If you need a faster rate, please [contact us](mailto:contentsafetysupport@microsoft.com) to request.

+If you get stuck, [email us](mailto:contentsafetysupport@microsoft.com) or use the feedback widget on the upper right of any docs page.

+ Title: Azure OpenAI Service provisioned throughput

+description: Learn about provisioned throughput and Azure OpenAI.

+recommendations: false

+keywords:

+# What is provisioned throughput?

+The provisioned throughput capability allows you to specify the amount of throughput you require for your application. The service then provisions the necessary compute and ensures it is ready for you. Throughput is defined in terms of provisioned throughput units (PTU) which is a normalized way of representing an amount of throughput for your deployment. Each model-versions pair requires different amounts of PTU to deploy and provide different amounts of throughput per PTU.

+## What does the provisioned deployment type provide?

+- **Predictable performance:** stable max latency and throughput for uniform workloads.

+- **Reserved processing capacity:** A deployment configures the amount of throughput. Once deployed, the throughput is available whether used or not.

+- **Cost savings:** High throughput workloads will result in cost savings vs token-based consumption.

+An Azure OpenAI Deployment is a unit of management for a specific OpenAI Model. A deployment provides customer access to a model for inference and integrates additional features like Content Moderation ([See content moderation documentation](content-filter.md)).

+> [!NOTE]

+> Provisioned throughput units (PTU) are different from standard quota in Azure OpenAI and are not available by default. To learn more about this offering contact your Microsoft Account Team.

+## What do you get?

+|Topic | Provisioned|

+|||

+| What is it? | Provides guaranteed throughput at smaller increments than the existing provisioned offer. Deployments will have a consistent max latency for a given model-version |

+| Who is it for? | Customers who want guaranteed throughput with minimal latency variance. |

+| Quota | Provisioned-managed throughput Units |

+| Latency | Max latency constrained |

+| Utilization | Provisioned-managed Utilization measure provided in Azure Monitor |

+| Estimating size | Provided calculator in the studio & load test script |

+## Key concepts

+### Provisioned throughput units

+Provisioned throughput Units (PTU) are units of model processing capacity that customers you can reserve and deploy for processing prompts and generating completions. The minimum PTU deployment, increments, and processing capacity associated with each unit varies by model type & version.

+### Deployment types

+We introduced a new deployment type called **ProvisionedManaged** which provides smaller increments of PTU per deployment. Both types have their own quota, and you will only see the options you have been enabled for.

+### Quota

+Provisioned throughput quota represents a specific amount of total throughput you can deploy. Quota in the Azure OpenAI Service is managed at the subscription level meaning that it can be consumed by different resources within that subscription.

+Quota is specific to a (deployment type, mode, region) triplet and isn't interchangeable. Meaning you can't use quota for GPT-4 to deploy GPT-35-turbo. Customers can raise a support request to move the quota across deployment types, models, or regions but we can't guarantee that it will be possible.

+While we make every attempt to ensure that quota is always deployable, quota does not represent a guarantee that the underlying capacity is available for the customer to use. The service assigns capacity to the customer at deployment time and if capacity is unavailable the deployment will fail with an out of capacity error.

+ The language of the training data and the target language must both be one of the [languages that are supported](language-support.md?tabs=tts#custom-neural-voice) for cross lingual voice training. You don't need to prepare training data in the target language, but your test script must be in the target language.

+With the cross-lingual feature, you can transfer your custom neural voice model to speak a second language. For example, with the `zh-CN` data, you can create a voice that speaks `en-AU` or any of the languages with Cross-lingual support. For the cross-lingual feature, we categorize locales into two tiers: one includes source languages that support the cross-lingual feature, and the other tier comprises locales designated as target languages for cross-lingual transfer. Within the following table, distinguish locales that function as both cross-lingual sources and targets and locales eligible solely as the target locale for cross-lingual transfer.

+[managed-aad-migrate]: managed-azure-ad.md#migrate-a-legacy-azure-ad-cluster-to-integration

+ Title: Enable Managed Identity Authentication

+description: Learn how to enable Microsoft Entra ID on AKS with kubelogin. Connect your clusters to authenticate Azure users with credentials or managed roles.

+# Enable Azure Managed Identity authentication for Kubernetes clusters with kubelogin

+The AKS-managed Microsoft Entra integration simplifies the Microsoft Entra integration process. Previously, you were required to create a client and server app, and the Microsoft Entra tenant had to grant Directory Read permissions. Now, the AKS resource provider manages the client and server apps for you.

+Cluster administrators can configure Kubernetes role-based access control (Kubernetes RBAC) based on a user's identity or directory group membership. Microsoft Entra authentication is provided to AKS clusters with OpenID Connect. OpenID Connect is an identity layer built on top of the OAuth 2.0 protocol. For more information on OpenID Connect, see the [OpenID Connect documentation][open-id-connect].

+Learn more about the Microsoft Entra integration flow in the [Microsoft Entra documentation](concepts-identity.md#azure-ad-integration).

+## Limitations of integration

+Azure Managed ID on AKS has certain limits to account for before you make a decision.

+* The integration can't be disabled once added.

+* Downgrades from an integrated cluster to the legacy Microsoft Entra ID clusters aren't supported.

+* Clusters without Kubernetes RBAC support are unable to add the integration.

+## Before you begin

+There are a few requirements to properly install the aks addon for managed identity.

+* You have Azure CLI version 2.29.0 or later installed and configured. Run `az --version` to find the version. If you need to install or upgrade, see [Install Azure CLI](/cli/azure/install-azure-cli).

+* You need `kubectl` with a minimum version of [1.18.1](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.18.md#v1181) or [`kubelogin`][kubelogin]. With the Azure CLI and the Azure PowerShell module, these two commands are included and automatically managed. Meaning, they're upgraded by default and running `az aks install-cli` isn't required or recommended. If you're using an automated pipeline, you need to manage upgrades for the correct or latest version. The difference between the minor versions of Kubernetes and `kubectl` shouldn't be more than *one* version. Otherwise, authentication issues occur on the wrong version.

+* If you're using [helm](https://github.com/helm/helm), you need a minimum version of helm 3.3.

+* This configuration requires you have a Microsoft Entra group for your cluster. This group is registered as an admin group on the cluster to grant admin permissions. If you don't have an existing Microsoft Entra group, you can create one using the [`az ad group create`](/cli/azure/ad/group#az_ad_group_create) command.

+> [!NOTE]

+> Microsoft Entra integrated clusters using a Kubernetes version newer than version 1.24 automatically use the `kubelogin` format. Starting with Kubernetes version 1.24, the default format of the clusterUser credential for Microsoft Entra ID clusters is `exec`, which requires [`kubelogin`][kubelogin] binary in the execution PATH. There is no behavior change for non-Microsoft Entra clusters, or Microsoft Entra ID clusters running a version older than 1.24.

+> Existing downloaded `kubeconfig` continues to work. An optional query parameter **format** is included when getting clusterUser credential to overwrite the default behavior change. You can explicitly specify format to **azure** if you need to maintain the old `kubeconfig` format .

+<a name='enable-the-integration-on-your-aks-cluster'></a>

+## Enable the integration on your AKS cluster

+### Create a new cluster

+1. Create an Azure resource group using the [`az group create`][az-group-create] command.

+ ```azurecli-interactive

+ az group create --name myResourceGroup --location centralus

+ ```

+2. Create an AKS cluster and enable administration access for your Microsoft Entra group using the [`az aks create`][az-aks-create] command.

+ ```azurecli-interactive

+ az aks create -g myResourceGroup -n myManagedCluster --enable-aad --aad-admin-group-object-ids <id> [--aad-tenant-id <id>]

+ ```

+ A successful creation of an AKS-managed Microsoft Entra ID cluster has the following section in the response body:

+ ```output

+ "AADProfile": {

+ "adminGroupObjectIds": [

+ "5d24****-****-****-****-****afa27aed"

+ ],

+ "clientAppId": null,

+ "managed": true,

+ "serverAppId": null,

+ "serverAppSecret": null,

+ "tenantId": "72f9****-****-****-****-****d011db47"

+ }

+ ```

+### Use an existing cluster

+Enable AKS-managed Microsoft Entra integration on your existing Kubernetes RBAC enabled cluster using the [`az aks update`][az-aks-update] command. Make sure to set your admin group to keep access on your cluster.

+```azurecli-interactive

+az aks update -g MyResourceGroup -n myManagedCluster --enable-aad --aad-admin-group-object-ids <id-1>,<id-2> [--aad-tenant-id <id>]

+```

+A successful activation of an AKS-managed Microsoft Entra ID cluster has the following section in the response body:

+```output

+"AADProfile": {

+ "adminGroupObjectIds": [

+ "5d24****-****-****-****-****afa27aed"

+ ],

+ "clientAppId": null,

+ "managed": true,

+ "serverAppId": null,

+ "serverAppSecret": null,

+ "tenantId": "72f9****-****-****-****-****d011db47"

+ }

+```

+<a name='migrate-a-legacy-azure-ad-cluster-to-integration'></a>

+### Migrate legacy cluster to integration

+If your cluster uses legacy Microsoft Entra integration, you can upgrade to AKS-managed Microsoft Entra integration through the [`az aks update`][az-aks-update] command.

+> [!WARNING]

+> Free tier clusters may experience API server downtime during the upgrade. We recommend upgrading during your nonbusiness hours.

+> After the upgrade, the kubeconfig content changes. You need to run `az aks get-credentials --resource-group <AKS resource group name> --name <AKS cluster name>` to merge the new credentials into the kubeconfig file.

+```azurecli-interactive

+az aks update -g myResourceGroup -n myManagedCluster --enable-aad --aad-admin-group-object-ids <id> [--aad-tenant-id <id>]

+```

+A successful migration of an AKS-managed Microsoft Entra ID cluster has the following section in the response body:

+```output

+"AADProfile": {

+ "adminGroupObjectIds": [

+ "5d24****-****-****-****-****afa27aed"

+ ],

+ "clientAppId": null,

+ "managed": true,

+ "serverAppId": null,

+ "serverAppSecret": null,

+ "tenantId": "72f9****-****-****-****-****d011db47"

+ }

+```

+<a name='access-your-enabled-cluster'></a>

+## Access your enabled cluster

+1. Get the user credentials to access your cluster using the [`az aks get-credentials`][az-aks-get-credentials] command.

+ ```azurecli-interactive

+ az aks get-credentials --resource-group myResourceGroup --name myManagedCluster

+ ```

+2. Follow your instructions to sign in.

+3. Set `kubelogin` to use the Azure CLI.

+ ```azurecli-interactive

+ kubelogin convert-kubeconfig -l azurecli

+ ```

+4. View the nodes in the cluster with the `kubectl get nodes` command.

+ ```azurecli-interactive

+ kubectl get nodes

+ ```

+## Non-interactive sign-in with kubelogin

+There are some non-interactive scenarios that don't support `kubectl`. In these cases, use [`kubelogin`][kubelogin] to connect to the cluster with a non-interactive service principal credential to perform continuous integration pipelines.

+> [!NOTE]

+> Microsoft Entra integrated clusters using a Kubernetes version newer than version 1.24 automatically use the `kubelogin` format. Starting with Kubernetes version 1.24, the default format of the clusterUser credential for Microsoft Entra ID clusters is `exec`, which requires [`kubelogin`][kubelogin] binary in the execution PATH. There is no behavior change for non-Microsoft Entra clusters, or Microsoft Entra ID clusters running a version older than 1.24.

+> Existing downloaded `kubeconfig` continues to work. An optional query parameter **format** is included when getting clusterUser credential to overwrite the default behavior change. You can explicitly specify format to **azure** if you need to maintain the old `kubeconfig` format .

+* When getting the clusterUser credential, you can use the `format` query parameter to overwrite the default behavior. You can set the value to `azure` to use the original kubeconfig format:

+ ```azurecli-interactive

+ az aks get-credentials --format azure

+ ```

+* If your Microsoft Entra integrated cluster uses Kubernetes version 1.24 or lower, you need to manually convert the kubeconfig format.

+ ```azurecli-interactive

+ export KUBECONFIG=/path/to/kubeconfig

+ kubelogin convert-kubeconfig

+ ```

+> [!NOTE]

+> If you receive the message **error: The Azure auth plugin has been removed.**, you need to run the command `kubelogin convert-kubeconfig` to convert the kubeconfig format manually.

+>

+> For more information, you can refer to [Azure Kubelogin Known Issues][azure-kubelogin-known-issues].

+<a name='troubleshoot-access-issues'></a>

+## Troubleshoot access issues

+> [!IMPORTANT]

+> The steps described in this section bypass the normal Microsoft Entra group authentication. Use them only in an emergency.

+If you lack admin access to a valid Microsoft Entra group, you can follow this workaround. Sign in through the [Azure Kubernetes Service Cluster Admin](../role-based-access-control/built-in-roles.md#azure-kubernetes-service-cluster-admin-role) role and grant your group or tenant admin credentials to access your cluster.

+## Next steps

+* Learn about [Microsoft Entra integration with Kubernetes RBAC][azure-ad-rbac].

+* Learn more about [AKS and Kubernetes identity concepts][aks-concepts-identity].

+* Use [Azure Resource Manager (ARM) templates][aks-arm-template] to create AKS-managed Microsoft Entra ID enabled clusters.

+<!-- LINKS - external -->

+[aks-arm-template]: /azure/templates/microsoft.containerservice/managedclusters

+[kubelogin]: https://github.com/Azure/kubelogin

+[azure-kubelogin-known-issues]: https://azure.github.io/kubelogin/known-issues.html

+<!-- LINKS - Internal -->

+[aks-concepts-identity]: concepts-identity.md

+[azure-ad-rbac]: azure-ad-rbac.md

+[az-aks-create]: /cli/azure/aks#az_aks_create

+[az-aks-get-credentials]: /cli/azure/aks#az_aks_get_credentials

+[az-group-create]: /cli/azure/group#az_group_create

+[open-id-connect]:../active-directory/develop/v2-protocols-oidc.md

+[az-aks-update]: /cli/azure/aks#az_aks_update

+[cli-aad-upgrade]: managed-azure-ad.md#migrate-a-legacy-azure-ad-cluster-to-integration

+az aks update --resource-group myResourceGroup --name myAKSCluster --tier [free|standard] --k8s-support-plan KubernetesOfficial

+* For long running pods, you can configure the node drain timeout, which allows for custom wait time on the eviction of pods and graceful termination per node. If not specified, the default is 30 minutes.

+#### Set node drain timeout value

+When you have a long running workload on a certain pod, it may result in one of the following cases:

+- Your pod takes a long time to come up, such as when restoring a database.

+- Your pod uses graceful termination to take a long time to shut down.

+In these scenarios, you can configure a node drain timeout that AKS will respect in the upgrade workflow. If you prefer your upgrades to be fast and are confident in your pod startup/terminate times being fast, you may want to set a low drain timeout. Otherwise, higher drain timeouts will affect how long you wait before discovering an issue. If no node drain timeout value is specified, the default is 30 minutes.

+To set a node drain timeout for new or existing node pools using the [`az aks nodepool add`][az-aks-nodepool-add] or [`az aks nodepool update`][az-aks-nodepool-update] command:

+```azurecli-interactive

+# Set drain timeout for a new node pool

+az aks nodepool add -n mynodepool -g MyResourceGroup --cluster-name MyManagedCluster --drainTimeoutInMinutes 100

+

+# Update drain timeout for an existing node pool

+az aks nodepool update -n mynodepool -g MyResourceGroup --cluster-name MyManagedCluster --drainTimeoutInMinutes 45

+```

+The combination of [Planned Maintenance Window][planned-maintenance], [Max Surge](./upgrade-aks-cluster.md#customize-node-surge-upgrade), and [Pod Disruption Budget][pdb-spec], and [node drain timeout][drain-timeout] can significantly increase the likelihood of node upgrades completing successfully by the end of the maintenance window while also minimizing disruptions.

+* [Node drain timeout][drain-timeout] on the node pool allows configuring the wait time for eviction of pods and graceful termination per node during upgrades, typically applicable for long running workloads. When the node drain timeout is specified to an amount of time (in minutes), AKS honors waiting on pod disruption budgets. If not specified, the default is 30 minutes.

+[drain-timeout]: ./upgrade-aks-cluster.md#set-node-drain-timeout-value

+There are many inbound endpoints that are used to manage an ASE. The inbound management traffic can't be sent through a firewall device. The source addresses for this traffic are known and are published in the [App Service Environment management addresses](./management-addresses.md) document. There's also a Service Tag named AppServiceManagement, which can be used with Network Security Groups (NSGs) to secure inbound traffic.

+The ASE outbound dependencies are almost entirely defined with FQDNs, which don't have static addresses behind them. The lack of static addresses means that Network Security Groups can't be used to lock down the outbound traffic from an ASE. The addresses change often enough that one can't set up rules based on the current resolution and use that to create NSGs.

+Deploying an ASE with outbound traffic going through a firewall device requires changing routes on the ASE subnet. Routes operate at an IP level. If you aren't careful in defining your routes, you can force TCP reply traffic to source from another address. When your reply address is different from the address traffic was sent to, the problem is called asymmetric routing and it breaks TCP.

+- The traffic to Azure SQL, Storage, and Event Hubs aren't supported with use of a firewall device. This traffic must be sent directly to those services. The way to make that happen is to configure service endpoints for those three services.

+If your ASE subnet doesn't already have an NSG assigned to it, create one. Within the NSG, set the first rule to allow traffic from the Service Tag named AppServiceManagement on ports 454, 455. The rule to allow access from the AppServiceManagement tag is the only thing that is required from public IPs to manage your ASE. The addresses that are behind that Service Tag are only used to administer the Azure App Service. The management traffic that flows through these connections is encrypted and secured with authentication certificates. Typical traffic on this channel includes things like customer initiated commands and health probes.

+Your ASE must also allow inbound requests from the Load Balancer tag on port 16001. The requests from the Load Balancer on port 16001 are keep alive checks between the Load Balancer and the ASE front ends. If port 16001 is blocked, your ASE goes unhealthy.

+1. Enable service endpoints to SQL, Storage, and Event Hubs on your ASE subnet. To enable service endpoints, go into the networking portal > subnets and select Microsoft.EventHub, Microsoft.SQL and Microsoft.Storage from the Service endpoints dropdown. When you have service endpoints enabled to Azure SQL, any Azure SQL dependencies that your apps have must be configured with service endpoints as well.

+1. Create a route table with a route for the AppServiceManagement service tag with a next hop of Internet. This route table entry is required to avoid asymmetric routing problems. Add a Virtual Appliance route to your route table for 0.0.0.0/0 with the next hop being your Azure Firewall private IP address. You should use the service tag instead of the IP addresses to avoid having to update the route table when the management addresses change. However, if you need to use the management addresses, you can download the service tag reference file for the cloud you're using from [App Service Environment management addresses](./management-addresses.md) and create your routes from those.

+The steps to deploy your ASE behind a firewall are the same as configuring your existing ASE with an Azure Firewall except you need to create your ASE subnet and then follow the previous steps. To create your ASE in a pre-existing subnet, you need to use a Resource Manager template as described in the document on [Creating your ASE with a Resource Manager template](./create-from-template.md).

+The above steps allow your ASE to operate without problems. You still need to configure things to accommodate your application needs. There are two problems for applications in an ASE that is configured with Azure Firewall.

+When you know the address range that your application request traffic comes from, you can add that to the route table that is assigned to your ASE subnet. If the address range is large or unspecified, then you can use a network appliance like the Application Gateway to give you one address to add to your route table. For details on configuring an Application Gateway with your ILB ASE, read [Integrating your ILB ASE with an Application Gateway](./integrate-with-application-gateway.md)

+Azure Firewall can send logs to Azure Storage, Event Hubs, or Azure Monitor logs. To integrate your app with any supported destination, go to the Azure Firewall portal > Diagnostic Logs and enable the logs for your desired destination. If you integrate with Azure Monitor logs, then you can see logging for any traffic sent to Azure Firewall. To see the traffic that is being denied, open your Log Analytics workspace portal > Logs and enter a query like

+Integrating your Azure Firewall with Azure Monitor logs is useful when first getting an application working when you aren't aware of all of the application dependencies. You can learn more about Azure Monitor logs from [Analyze log data in Azure Monitor](../../azure-monitor/logs/log-query-overview.md).

+- Linux dependencies are only a concern if you're deploying Linux apps into your ASE. If you aren't deploying Linux apps into your ASE, then these addresses don't need to be added to your firewall.

+| Azure Event Hubs |

+| \*:12000 | This port is used for some system monitoring. If blocked, then some issues are harder to triage but your ASE continues to operate |

+With an Azure Firewall, you automatically get the following configured with the FQDN tags.

+When you want to use a third-party firewall in US Gov, you need to consider the following dependencies:

+Linux isn't available in US Gov regions and is thus not listed as an optional configuration.

+| Azure Event Hubs |

+| \*:12000 | This port is used for some system monitoring. If blocked, then some issues are harder to triage but your ASE continues to operate |

+The addresses in the AppServiceManagement service tag can be configured in a route table to avoid asymmetric routing problems with the management traffic. Where possible, you should use the service tag instead of the individual addresses. Routes act on traffic at the IP level and don't have an awareness of traffic direction or that the traffic is a part of a TCP reply message. If the reply address for a TCP request is different than the address it was sent to, you have an asymmetric routing problem. To avoid asymmetric routing problems with your ASE management traffic, you need to ensure that replies are sent back from the same address they were sent to. For details on how to configure your ASE to operate in an environment where outbound traffic is sent on premises, read [Configure your ASE with forced tunneling][forcedtunnel].

+If you need to see the IPs for the management addresses, download the service tag reference for your region to get the most up-to-date list of addresses. The App Service Environment management addresses are listed in the AppServiceManagement service tag.

+| Region | Service tag reference |

+| All public regions | [Azure IP Ranges and Service Tags ΓÇô Public Cloud](https://www.microsoft.com/download/details.aspx?id=56519) |

+| Microsoft Azure Government | [Azure IP Ranges and Service Tags ΓÇô US Government Cloud](https://www.microsoft.com/download/details.aspx?id=57063) |

+| Microsoft Azure operated by 21Vianet | [Azure IP Ranges and Service Tags ΓÇô China Cloud](https://www.microsoft.com/download/details.aspx?id=57062) |

+The management addresses can be placed in a route table with a next hop of internet to ensure that all inbound management traffic is able to go back through the same path. These routes are needed when configuring forced tunneling. When possible, use the AppServiceManagement service tag instead of the individual addresses. To create the route table, you can use the portal, PowerShell or Azure CLI. The commands to create a route table using Azure CLI from a PowerShell prompt are below.

+$sub = "subscription ID"

+az network route-table route create --subscription $sub -g $rg --route-table-name $rt -n 'AppServiceManagement' --address-prefix 'AppServiceManagement' --next-hop-type 'Internet'

+You can configure the application gateway to have a public IP address, a private IP address, or both. A public IP address is required when you host a backend that clients must access over the internet via an internet-facing virtual IP.

+Application Gateway v2 currently supports the following combinations:

+For more information, see [Frequently asked questions about Application Gateway](application-gateway-faq.yml#how-do-i-use-application-gateway-v2-with-only-a-private-frontend-ip-address).

+A public IP address isn't required for an internal endpoint that's not exposed to the internet. A private frontend configuration is useful for internal line-of-business applications that aren't exposed to the internet. It's also useful for services and tiers in a multitier application within a security boundary that aren't exposed to the internet but that require round-robin load distribution, session stickiness, or TLS termination.

+Only one public IP address and one private IP address are supported. You choose the frontend IP when you create the application gateway.

+> [!NOTE]

+> The Application Gateway front end supports dual-stack IP addresses (public preview). You can create up to four frontend IPs. Two are IPv4 addresses (public and private) and two are IPv6 addresses (public and private).

+- For a public IP address, you can create a new public IP address or use an existing public IP in the same location as the application gateway. For more information, see [Static versus dynamic public IP address](./application-gateway-components.md#static-versus-dynamic-public-ip-address).

+- For a private IP address, you can specify a private IP address from the subnet where the application gateway is created. For Application Gateway v2 SKU deployments, a static IP address must be defined when you add a private IP address to the gateway. For Application Gateway v1 SKU deployments, if you don't specify an IP address, an available IP address is automatically selected from the subnet. The IP address type that you select (static or dynamic) can't be changed later. For more information, see [Create an application gateway with an internal load balancer](./application-gateway-ilb-arm.md).

+A frontend IP address is associated to a *listener*, which checks for incoming requests on the frontend IP.

+You can create private and public listeners with the same port number. However, be aware of any network security group (NSG) associated with the Application Gateway subnet. Depending on your NSG's configuration, you might need an allow-inbound rule with **Destination IP addresses** as your application gateway's public and private frontend IPs. When you use the same port, your application gateway changes the **Destination** of the inbound flow to the frontend IPs of your gateway.

+ **Inbound rule**:

+- **Source**: According to your requirement

+- **Destination**: Public and private frontend IPs of your application gateway.

+- **Destination port**: According to configured listeners

+- **Protocol**: TCP

+**Outbound rule**:

+- No specific requirement

+> The default domain name behavior for v1 SKU:

+>

+> - Deployments before May 1, 2023: These deployments will continue to have the default domain names like \<label>.cloudapp.net mapped to the application gateway's public IP address.

+> - Deployments after May 1, 2023: For deployments after this date, there will *not* be any default domain name mapped to the gateway's public IP address. You must manually configure using your domain name by mapping its DNS record to the gateway's IP address.

+The Azure Application Gateway infrastructure includes the virtual network, subnets, network security groups (NSGs), and user-defined routes (UDRs).

+An application gateway is a dedicated deployment in your virtual network. Within your virtual network, a dedicated subnet is required for the application gateway. You can have multiple instances of a specific Application Gateway deployment in a subnet. You can also deploy other application gateways in the subnet. But you can't deploy any other resource in the Application Gateway subnet. You can't mix v1 and v2 Application Gateway SKUs on the same subnet.

+Azure also reserves five IP addresses in each subnet for internal use. They're the first four addresses and the last IP addresses. For example, consider 15 Application Gateway instances with no private frontend IP. You need at least 20 IP addresses for this subnet. You need 5 for internal use and 15 for the Application Gateway instances.

+Consider a subnet that has 27 Application Gateway instances and an IP address for a private frontend IP. In this case, you need 33 IP addresses. You need 27 for the Application Gateway instances, one for the private frontend, and 5 for internal use.

+Application Gateway (Standard or WAF SKU) can support up to 32 instances (32 instance IP addresses + 1 private frontend IP configuration + 5 Azure reserved). We recommend a minimum subnet size of /26.

+Application Gateway (Standard_v2 or WAF_v2 SKU) can support up to 125 instances (125 instance IP addresses + 1 private frontend IP configuration + 5 Azure reserved). We recommend a minimum subnet size of /24.

+To determine the available capacity of a subnet that has existing application gateways provisioned, take the size of the subnet and subtract the five reserved IP addresses of the subnet reserved by the platform. Next, take each gateway and subtract the maximum instance count. For each gateway that has a private frontend IP configuration, subtract one more IP address per gateway.

+- **Gateway 1**: Maximum of 10 instances. Uses a private frontend IP configuration.

+- **Gateway 2**: Maximum of 2 instances. No private frontend IP configuration.

+- **Gateway 3**: Maximum of 15 instances. Uses a private frontend IP configuration.

+- **Subnet size**: /24

+ - Subnet size /24 = 256 IP addresses - 5 reserved from the platform = 251 available addresses

+ - **251**: Gateway 1 (10) - 1 private frontend IP configuration = 240

+ - **240**: Gateway 2 (2) = 238

+ - **238**: Gateway 3 (15) - 1 private frontend IP configuration = 222

+> Although a /24 subnet isn't required per Application Gateway v2 SKU deployment, we highly recommend it. A /24 subnet ensures that Application Gateway v2 has sufficient space for autoscaling expansion and maintenance upgrades.

+>

+> You should ensure that the Application Gateway v2 subnet has sufficient address space to accommodate the number of instances required to serve your maximum expected traffic. If you specify the maximum instance count, the subnet should have capacity for at least that many addresses. For capacity planning around instance count, see [Instance count details](understanding-pricing.md#instance-count).

+The subnet named `GatewaySubnet` is reserved for VPN gateways. The Application Gateway v1 resources using the `GatewaySubnet` subnet need to be moved to a different subnet or migrated to the v2 SKU before September 30, 2023, to avoid control plane failures and platform inconsistencies. For information on changing the subnet of an existing Application Gateway instance, see [Frequently asked questions about Application Gateway](application-gateway-faq.yml#can-i-change-the-virtual-network-or-subnet-for-an-existing-application-gateway).

+> IP addresses are allocated from the beginning of the defined subnet space for gateway instances. As instances are created and removed because of creation of gateways or scaling events, it can become difficult to understand what the next available address is in the subnet. To be able to determine the next address to use for a future gateway and have a contiguous addressing theme for frontend IPs, consider assigning frontend IP addresses from the upper half of the defined subset space.

+>

+> For example, if the subnet address space is 10.5.5.0/24, consider setting the private frontend IP configuration of your gateways starting with 10.5.5.254 and then following with 10.5.5.253, 10.5.5.252, 10.5.5.251, and so forth for future gateways.

+It's possible to change the subnet of an existing Application Gateway instance within the same virtual network. To make this change, use Azure PowerShell or the Azure CLI. For more information, see [Frequently asked questions about Application Gateway](application-gateway-faq.yml#can-i-change-the-virtual-network-or-subnet-for-an-existing-application-gateway).

+### DNS servers for name resolution

+The virtual network resource supports [DNS server](../virtual-network/manage-virtual-network.md#view-virtual-networks-and-settings-using-the-azure-portal) configuration, which allows you to choose between Azure-provided default or custom DNS servers. The instances of your application gateway also honor this DNS configuration for any name resolution. After you change this setting, you must restart ([Stop](/powershell/module/az.network/Stop-AzApplicationGateway) and [Start](/powershell/module/az.network/start-azapplicationgateway)) your application gateway for these changes to take effect on the instances.

+> If you use custom DNS servers in the Application Gateway virtual network, the DNS server must be able to resolve public internet names. Application Gateway requires this capability.

+### Virtual network permission

+The Application Gateway resource is deployed inside a virtual network, so we also perform a check to verify the permission on the provided virtual network resource. This validation is performed during both creation and management operations.

+Check your [Azure role-based access control](../role-based-access-control/role-assignments-list-portal.md) to verify that the users (and service principals) that operate application gateways also have at least **Microsoft.Network/virtualNetworks/subnets/join/action** permission on the virtual network or subnet. This validation also applies to the [managed identities for Application Gateway Ingress Controller](./tutorial-ingress-controller-add-on-new.md#deploy-an-aks-cluster-with-the-add-on-enabled).

+You can use the built-in roles, such as [Network contributor](../role-based-access-control/built-in-roles.md#network-contributor), which already support this permission. If a built-in role doesn't provide the right permission, you can [create and assign a custom role](../role-based-access-control/custom-roles-portal.md). Learn more about [managing subnet permissions](../virtual-network/virtual-network-manage-subnet.md#permissions).

+> [!NOTE]

+> You might have to allow sufficient time for [Azure Resource Manager cache refresh](../role-based-access-control/troubleshooting.md?tabs=bicep#symptomrole-assignment-changes-are-not-being-detected) after role assignment changes.

+#### Identify affected users or service principals for your subscription

+By visiting Azure Advisor for your account, you can verify if your subscription has any users or service principals with insufficient permission. The details of that recommendation are:

+#### Use temporary Azure Feature Exposure Control (AFEC) flag

+As a temporary extension, we introduced a subscription-level [Azure Feature Exposure Control (AFEC)](../azure-resource-manager/management/preview-features.md?tabs=azure-portal). You can register for the AFEC and use it until you fix the permissions for all your users and service principals. Register for the feature by following the same steps as a [preview feature registration](../azure-resource-manager/management/preview-features.md?#required-access) for your Azure subscription.

+> We suggest using the AFEC provision only as interim mitigation until you assign the correct permission. You must prioritize fixing the permissions for all the applicable users (and service principals) and then unregister this AFEC flag to reintroduce the permission verification on the virtual network resource. We recommend that you don't depend on this AFEC method permanently because it will be removed in the future.

+Azure Virtual Network Manager is a management service that allows you to group, configure, deploy, and manage virtual networks globally across subscriptions. With Virtual Network Manager, you can define network groups to identify and logically segment your virtual networks. After that, you can determine the connectivity and security configurations you want and apply them across all the selected virtual networks in network groups at once.

+Security admin rule configuration in Azure Virtual Network Manager allows you to define security policies at scale and apply them to multiple virtual networks at once.

+> [!NOTE]

+> Security admin rules of Azure Virtual Network Manager apply to Application Gateway subnets that only contain application gateways that have [Network Isolation](Application-gateway-private-deployment.md) enabled. Subnets that have any application gateway that doesn't have [Network Isolation](Application-gateway-private-deployment.md) enabled won't have security admin rules.

+You can use NSGs for your Application Gateway subnet, but be aware of some key points and restrictions.

+> These NSG limitations are relaxed when you use [Private Application Gateway deployment (preview)](application-gateway-private-deployment.md#network-security-group-control).

+To use an NSG with your application gateway, you need to create or retain some essential security rules. You may set their priority in the same order.

+#### Inbound rules

+**Client traffic**: Allow incoming traffic from the expected clients (as source IP or IP range), and for the destination as your application gateway's entire subnet IP prefix and inbound access ports. For example, if you have listeners configured for ports 80 and 443, you must allow these ports. You can also set this rule to `Any`.

+After you configure *active public and private listeners* (with rules) *with the same port number*, your application gateway changes the **Destination** of all inbound flows to the frontend IPs of your gateway. This change occurs even for listeners that aren't sharing any port. You must include your gateway's frontend public and private IP addresses in the **Destination** of the inbound rule when you use the same port configuration.

+**Infrastructure ports**: Allow incoming requests from the source as the **GatewayManager** service tag and **Any** destination. The destination port range differs based on SKU and is required for communicating the status of the backend health. These ports are protected/locked down by Azure certificates. External entities can't initiate changes on those endpoints without appropriate certificates in place.

+- **V2**: Ports 65200-65535

+- **V1**: Ports 65503-65534

+**Azure Load Balancer probes**: Allow incoming traffic from the source as the **AzureLoadBalancer** service tag. This rule is created by default for [NSGs](../virtual-network/network-security-groups-overview.md). You must not override it with a manual **Deny** rule to ensure smooth operations of your application gateway.

+You can block all other incoming traffic by using a **Deny All** rule.

+#### Outbound rules

+**Outbound to the internet**: Allow outbound traffic to the internet for all destinations. This rule is created by default for [NSGs](../virtual-network/network-security-groups-overview.md). You must not override it with a manual **Deny** rule to ensure smooth operations of your application gateway. Outbound NSG rules that deny any outbound connectivity must not be created.

+## Supported user-defined routes

+Fine-grain control over the Application Gateway subnet via route table rules is possible in public preview. For more information, see [Private Application Gateway deployment (preview)](application-gateway-private-deployment.md#route-table-control).

+With current functionality, there are some restrictions:

+> Using UDRs on the Application Gateway subnet might cause the health status in the [backend health view](application-gateway-backend-health.md) to appear as **Unknown**. It also might cause generation of Application Gateway logs and metrics to fail. We recommend not using UDRs on the Application Gateway subnet so that you can view the backend health, logs, and metrics.

+- **v1**: For the v1 SKU, UDRs are supported on the Application Gateway subnet if they don't alter end-to-end request/response communication. For example, you can set up a UDR in the Application Gateway subnet to point to a firewall appliance for packet inspection. But you must make sure that the packet can reach its intended destination after inspection. Failure to do so might result in incorrect health-probe or traffic-routing behavior. Learned routes or default 0.0.0.0/0 routes that are propagated by Azure ExpressRoute or VPN gateways in the virtual network are also included.

+- **v2**: For the v2 SKU, there are supported and unsupported scenarios.

+### v2 supported scenarios

+> [!WARNING]

+> An incorrect configuration of the route table could result in asymmetrical routing in Application Gateway v2. Ensure that all management/control plane traffic is sent directly to the internet and not through a virtual appliance. Logging, metrics, and CRL checks could also be affected.

+**Scenario 1:** UDR to disable Border Gateway Protocol (BGP) route propagation to the Application Gateway subnet

+Sometimes the default gateway route (0.0.0.0/0) is advertised via the ExpressRoute or VPN gateways associated with the Application Gateway virtual network. This behavior breaks management plane traffic, which requires a direct path to the internet. In such scenarios, you can use a UDR to disable BGP route propagation.

+To disable BGP route propagation:

+1. Create a route table resource in Azure.

+1. Disable the **Virtual network gateway route propagation** parameter.

+1. Associate the route table to the appropriate subnet.

+Enabling the UDR for this scenario shouldn't break any existing setups.

+**Scenario 2:** UDR to direct 0.0.0.0/0 to the internet

+You can create a UDR to send 0.0.0.0/0 traffic directly to the internet.

+**Scenario 3:** UDR for Azure Kubernetes Service (AKS) with kubenet

+If you're using kubenet with AKS and Application Gateway Ingress Controller, you need a route table to allow traffic sent to the pods from Application Gateway to be routed to the correct node. You don't need to use a route table if you use Azure Container Networking Interface.

+To use the route table to allow kubenet to work:

+1. Go to the resource group created by AKS. The name of the resource group should begin with `MC_`.

+1. Find the route table created by AKS in that resource group. The route table should be populated with the following information:

+

+ - Address prefix should be the IP range of the pods you want to reach in AKS.

+ - Next hop type should be virtual appliance.

+ - Next hop address should be the IP address of the node hosting the pods.

+1. Associate this route table to the Application Gateway subnet.

+### v2 unsupported scenarios

+**Scenario 1:** UDR for virtual appliances

+Any scenario where 0.0.0.0/0 needs to be redirected through a virtual appliance, a hub/spoke virtual network, or on-premises (forced tunneling) isn't supported for v2.

+- [Learn about frontend IP address configuration](configuration-frontend-ip.md)

+- [Learn about private Application Gateway deployment](application-gateway-private-deployment.md)

+ # Retrieve the Azure Storage Account information

+$storageAccount = Get-AzStorageAccount -ResourceGroupName acctest5097 -Name centraluseuaptclogs

+# Initialize arrays to store metric and log settings

+$metric = @()

+$log = @()

+# Configure metric settings

+$metric += New-AzDiagnosticSettingMetricSettingsObject -Enabled $true -Category AllMetrics -RetentionPolicyDay 30 -RetentionPolicyEnabled $true

+# Configure log settings

+$log += New-AzDiagnosticSettingLogSettingsObject -Enabled $true -CategoryGroup allLogs -RetentionPolicyDay 30 -RetentionPolicyEnabled $true

+# Create a new diagnostic setting for the specified resource

+New-AzDiagnosticSetting -Name 'AppGWForContainersLogs' -ResourceId "/subscriptions/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/resourceGroups/acctest5097/providers/Microsoft.ServiceNetworking/trafficControllers/myagfc" -StorageAccountId $storageAccount.Id -Log $log -Metric $metric

+From **31 October 2024**, all agent-based and extension-based User Hybrid Runbook Workers, Webhooks, and DSC nodes using Transport Layer Security (TLS) 1.0 and 1.1 protocols would no longer be able to connect to Azure Automation. All jobs running or scheduled on Hybrid Workers using TLS 1.0 and 1.1 protocols would fail.

+|Using agent-based Hybrid Runbook Workers.| Use [extension-based Hybrid Runbook Workers](./extension-based-hybrid-runbook-worker-install.md).|

+|Using Azure Update Manager |Use [Azure Update Manager](../update-manager/overview.md)|

+## Prerequisites

+- Finish the [Quickstart: Add feature flags to an ASP.NET Core app](./quickstart-feature-flag-aspnet-core.md).

+- Update the `Microsoft.FeatureManagement.AspNetCore` package to version **2.6.0** or later.

+> [Feature management overview](./concept-feature-management.md)

+To learn how to update your AKS workloads to dynamically refresh configuration, continue to the next tutorial.

+> [!div class="nextstepaction"]

+> [Use dynamic configuration in Azure Kubernetes Service](./enable-dynamic-configuration-azure-kubernetes-service.md)

+ To run the app locally using the Windows command prompt, run the following command and replace `<app-configuration-store-connection-string>` with the connection string of your app configuration store:

+1. Print out the value of the environment variable to validate that it is set properly with the command below.

+ Using the Windows command prompt, restart the command prompt to allow the change to take effect and run the following command:

+ echo %AZURE_APPCONFIG_CONNECTION_STRING%

+1. After the environment variable is properly set, run the following command to run the app locally:

+ To run the app locally using the Windows command prompt, run the following command and replace `<app-configuration-store-connection-string>` with the connection string of your app configuration store:

+1. Print out the value of the environment variable to validate that it is set properly with the command below.

+ Using the Windows command prompt, restart the command prompt to allow the change to take effect and run the following command:

+ echo %AZURE_APPCONFIG_CONNECTION_STRING%

+|[Lenovo ThinkEdge SE455 V3](https://lenovopress.lenovo.com/lp1724-lenovo-thinkedge-se455-v3-server)|1.26.6|1.24.0_2023-10-10|16.0.5100.7246|Not validated|

+|Lenovo ThinkAgile MX1020 |1.26.6|1.24.0_2023-10-10 |16.0.5100.7246|Not validated|

+|Lenovo ThinkAgile MX3520 |1.22.6|1.10.0_2022-08-09 |16.0.312.4243| 12.3 (Ubuntu 12.3-1)|

+In order to upgrade Arc resource bridge, the appliance VM must be online, its status is "Running" and the [credentials in the appliance VM](maintenance.md#update-credentials-in-the-appliance-vm) must be valid.

+There must be sufficient space on the management machine (~3.5 GB) and appliance VM (35 GB) to download required images. For VMware, a new template is created.

+As a Microsoft-managed product, Arc resource bridges on a supported [private cloud provider](#private-cloud-providers) with an appliance version 1.0.15 or higher are automatically opted into cloud-manaaged upgrade. With cloud-managed upgrade, Microsoft will manage the upgrade of your Arc resource bridge to be within supported versions provided prerequisites are met. If prerequisites are not met, then cloud managed upgrade will fail.

+While Microsoft manages the upgrade of your Arc resource bridge, you are still responsible for checking that your resource bridge is healthy, online, in a "Running" status and within the supported versions. Disruptions could cause cloud-managed upgrade to fail and you should remain proactive on the health, version and status of your appliance VM. You can check on the health, version and status of your appliance by using the az arcappliance show command from your management machine or checking the Azure resource of your Arc resource bridge.

+Azure Arc VM management (preview) on Azure Stack HCI supports upgrade of an Arc resource bridge on Azure Stack HCI, version 22H2 up until appliance version 1.0.14 and `az arcappliance` CLI extension version 0.2.33. These upgrades can be done through manual upgrade. However, HCI version 22H2 will not be supported for appliance version 1.0.15 or higher because it is being deprecated. Customers on HCI 22h2 will receive limited support. To use appliance version 1.0.15 or higher, you must transition to Azure Stack HCI, version 23H2 (preview). In version 23H2 (preview), the LCM tool manages upgrades across all components as a "validated recipe" package. For more information, visit the [Arc VM management FAQ page](/azure-stack/hci/manage/azure-arc-vms-faq).

+For Arc-enabled System Center Virtual Machine Manager (SCVMM) (preview), the manual upgrade feature is available for appliance version 1.0.14 and higher. Appliances below version 1.0.14 need to perform the recovery option to get to version 1.0.15 or higher. Review the steps for [performing the recovery operation](/azure/azure-arc/system-center-virtual-machine-manager/disaster-recovery), then delete the appliance VM from SCVMM and perform the recovery steps. This deploys a new resource bridge and reconnects pre-existing Azure resources.

+

+ * Microsoft.AzureArcData (if you plan to Arc-enable SQL Server instances)

+> [Arc-enabled VMware vSphere](../vmware-vsphere/overview.md) supports vSphere environments anywhere, either on-premises as well as [Azure VMware Solution (AVS)](./../../azure-vmware/deploy-arc-for-azure-vmware-solution.md), VMware Cloud on AWS, and Google Cloud VMware Engine.

+ "uucp"

+- Check that the built-in role `Storage Table Data Contributor` is assigned with managed identity on the storage account.

+- Check that the built-in role `Azure Event Hubs Data Sender` is assigned with managed identity on the event hub instance.

+### How can I collect Windows security events by using Azure Monitor Agent?

+- You can use Azure Monitor Agent to natively collect Security Events, same as other Windows Events. These flow to the ['Event'](/azure/azure-monitor/reference/tables/Event) table in your Log Analytics workspace.

+### Does Azure Monitor Agent offer more granular event filtering options other than Xpath queries and specifying performance counters?

+For Syslog events on Linux, you can select facilities and the log level for each facility.

+### If I create data collection rules that contain the same event ID and associate them to the same VM, will events be duplicated?

+The User Flows tool starts from an initial custom event, exception, dependency, page view or request that you specify. From this initial event, User Flows shows the events that happened before and after user sessions. Lines of varying thickness show how many times users followed each path. Special **Session Started** nodes show where the subsequent nodes began a session. **Session Ended** nodes show how many users sent no page views or custom events after the preceding node, highlighting where users probably left your site.

+To begin answering questions with the User Flows tool, choose an initial custom event, exception, dependency, page view or request to serve as the starting point for the visualization:

+1. Select a custom event, exception, dependency, page view or request from the **Initial event** dropdown list.

+* Make sure the custom event, exception, dependency, page view or request you expect is set up to be collected by the Application Insights SDK in the source code of your site. Learn more about [collecting custom events](./api-custom-events-metrics.md).

+* [Adding custom events to your app](./api-custom-events-metrics.md)

+| [ASimFileEventLogs](/azure/azure-monitor/reference/tables/asimfileeventlogs) | |

+When you want to share a workbook or template, keep in mind that the person you want to share with must have permissions to access the workbook. They must have an Azure account, and **Monitoring Reader** permissions.

+[Azure Workbooks data sources](workbooks-data-sources.md)

+- Currently, AKS clusters using a Service Principal aren't supported. If your AKS cluster uses a Service Principal, you can [update your AKS cluster to use a System Identity](../aks/use-managed-identity.md#enable-managed-identities-on-an-existing-aks-cluster).

+- You can deploy the Backup Extension in the Ubuntu-based cluster nodes. AKS Clusters with the Windows-based nodes aren't supported by Azure Backup for AKS.

+ Title: Encryption of backup data in the Backup vault using customer-managed keys

+description: Learn how Azure Backup allows you to encrypt your backup data using customer-managed keys (CMK) in a Backup vault.

+# Encryption of backup data in the Backup vault using customer-managed keys (preview)

+Azure Backup allows you to encrypt your backup data using customer-managed keys (CMK) instead of using platform-managed keys, which are enabled by default. Your keys to encrypt the backup data must be stored in [Azure Key Vault](../key-vault/index.yml).

+The encryption key used for encrypting backups might be different from the one used for the source. The data is protected using an AES 256-based data encryption key (DEK), which in turn, is protected using your key encryption keys (KEK). This provides you with full control over the data and the keys. To allow encryption, you must grant Backup vault the permissions to access the encryption key in the Azure Key Vault. You can change the key when required.

+>[!Note]

+>Support for customer-managed keys configuration for Backup vault is in preview.

+## Support matrix

+### Supported regions

+CMK for Backup vault is currently available in the following regions: West Central US, Switzerland North.

+### Key Vault and managed HSM key requirements

+- **Encryption settings** use Azure Key Vault or Managed HSM Key and Backup vault's managed identity details.

+- The Backup vault's managed identity needs to have:

+ - Built-in [Crypto Service Encryption User role](/azure/role-based-access-control/built-in-roles#key-vault-crypto-service-encryption-user) assigned if your Key Vault is using IAM-based RBAC configuration.

+ - **Get**, **Wrap**, and **Unwrap** permissions if your Key Vault is using *Access Policies based configuration*.

+ - **Get**, **Wrap**, and **Unwrap** permissions granted via its Local RBAC on the key if you're using managed MSM.

+- Ensure that you've a valid (non-expired), enabled Key Vault Key. Don't use disabled or expired key as it can't be used for encryption at rest and will lead to backup and restore operation failures. Key Vault term also indicates Managed HSM if you haven't noted earlier.

+- Key Vault must have Soft Delete and Purge Protection enabled.

+- Encryption settings support Azure Key Vault RSA and RSA-HSM keys only of sizes 2048, 3072, and 4096. [Learn more about keys](/azure/key-vault/keys/about-keys). Before you consider Key Vault region for encryption settings, see [Key Vault DR scenarios](/azure/key-vault/general/disaster-recovery-guidance) for region failover support.

+- Managed HSM uses Local RBAC to manage the keys permissions. [Learn more](/azure/key-vault/managed-hsm/overview).

+### Known limitations

+- If you remove Key Vault access permissions given to the managed identity, PostgresSQL backup or restore operation will fail with generic error.

+- If you remove Encryption Settings Key Vault permissions, disables System-assigned identity, or detaches/deletes the managed identity from the Backup vault being used for Encryption Settings, the background operations tiering and restore points expiry jobs will fail without surfacing errors to the Azure portal or other interfaces (REST API, CLI, and so on). These operations will continue to fail and incur cost until the required prerequisites and settings are restored.

+## Before you start

+- After you enable it for a Backup vault, encryption using customer-managed keys can't be reverted to use platform-managed keys (default). You can change the encryption keys, managed identity as per the requirements.

+- CMK is applied on the Azure Backup Storage Vault and Vault-Archive tiers, and not applicable for operational-tier.

+- Moving CMK encrypted Backup vault across Resource Groups and Subscriptions isn't currently supported.

+- User-assigned Manged Identity for Backup vault feature is currently in preview.

+- Ensure that you check the Key Vault Key requirements provided in [this section](#key-vault-and-managed-hsm-key-requirements).

+- Once you enable the encryption settings on the Backup vault, don't disable/detach the managed identity, or remove Key Vault permissions used for encryption settings. If you do these actions, it'll lead to failure of backup, restore, tiering, restore points expiry jobs, and will incur cost for the data stored in the Backup vault until:

+ - You can restore the Key Vault permissions.

+ - You reenable System Assigned identity, grant the Key Vault permissions to it and perform Encryption Settings update operation, if the System-assigned identity was used for encryption settings.

+ - You reattach the managed identity is reattached and has the required Key Vault permissions.

+ - You ensure that it has permissions to access the Key Vault and key to use new User-assigned identity.

+- Encryption settings use Azure Key Vault Key and Backup vault's managed identity details.

+ >[!Note]

+ >If the Key or Key Vault being used is deleted or access is revoked and can't be restored, you'll lose access to the data stored in the Backup vault. Also, ensure that you've appropriate permissions to provide/update managed identity, Backup vault, and Key Vault details.

+- Ensure that you've checked the [known limitations](#known-limitations) before you start using the encryption feature.

+- You can configure this feature via the Azure portal and REST APIs.

+## Enable encryption using customer-managed keys at vault creation

+When you create a Backup vault, you can enable encryption on the backups using customer-managed keys. Learn how to [create a Backup vault](create-manage-backup-vault.md#create-a-backup-vault).

+To enable the encryption, follow these steps:

+1. Next to the **Basics** tab, on the **Vault Properties** tab, specify the *encryption key* and the *identity* to be used for encryption.

+ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/backup-vault-properties.png" alt-text="Screenshot shows the Backup vault property." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/backup-vault-properties.png":::

+ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/add-key-uri.png" alt-text="Screenshot shows how to add key URI to the Backup vault." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/add-key-uri.png":::

+2. Select **Use customer-managed key** as the **Encryption type**.

+3. To specify the key to be used for encryption, select the appropriate option.

+4. Provide the *URI for the encryption key*.

+ You can also browse and select the key.

+5. To enable auto-rotation of the encryption key used for the Backup vault, click **Select from Key Vault** or run the *Version component* from the **Key URI** when you choose **Enter key URI**. [Learn more](encryption-at-rest-with-cmk.md#enable-autorotation-of-encryption-keys) about auto-rotation.

+6. Specify the *user-assigned managed identity* to manage encryption with *customer-managed keys*.

+7. Add **Tags** (optional) and continue creating the vault.

+## Update the Backup vault properties to encrypt using customer-managed keys

+To configure a vault, perform the following actions in the given sequence to achieve the intended results. Each action is discussed in detail in the sections below:

+1. Enable managed identity for your Backup vault.

+2. Assign permissions to the vault to access the encryption key in Azure Key Vault.

+3. Enable soft-delete and purge protection on Azure Key Vault.

+4. Assign the encryption key to the Backup vault.

+### Enable managed identity for your Backup vault

+Azure Backup uses system-assigned managed identities and user-assigned managed identities of the Backup vault to authenticate the vault to access encryption keys stored in Azure Key Vault. You've an option to use either system-assigned identity of Backup vault or user-assigned identity attached to Backup vault.

+To enable managed identity for your Backup vault, see the following sections.

+>[!NOTE]

+>- Once enabled, you must **not** disable the managed identity (even temporarily). Disabling the managed identity might lead to inconsistent behavior.

+>- Also, you can't update both Key Vault Key URI and managed identity in a single request due to security reasons. Please update one attribute at a time.

+### Enable system-assigned managed identity for the vault

+Follow these steps:

+1. Go to your *Backup vault* > **Identity**.

+ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/enable-system-assigned-managed-identity-for-vault.png" alt-text="Screenshot shows how to open Identity settings." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/enable-system-assigned-managed-identity-for-vault.png":::

+2. Select the **System assigned** tab.

+3. Change the **Status** to **On**.

+4. Select **Save** to enable the identity for the vault.

+An *Object ID* is generated, which is the system-assigned managed identity of the vault.

+>[!NOTE]

+>Disabling the managed identity might lead to inconsistent behavior.

+#### Assign user-assigned managed identity to the vault (in preview)

+To assign the user-assigned managed identity for your *Backup vault*, choose a client:

+1. Go to your *Backup vault* > **Identity**.

+ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/assign-user-assigned-managed-identity-to-vault.png" alt-text="Screenshot shows how to assign the user-assigned managed identity to the vault." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/assign-user-assigned-managed-identity-to-vault.png":::

+2. Select the **User assigned** tab.

+3. Select **+Add** to add a user-assigned managed identity.

+4. In the **Add user assigned managed identity** pane, select the *subscription for your identity*.

+5. Select the *identity* from the list. You can also filter by the *name of the identity* or the *resource group*.

+6. Select **Add** to finish assigning the identity.

+>[!Note]

+>- Vaults using user-assigned managed identities for CMK encryption don't support the use of private endpoints for Backup.

+>- Azure Key Vaults limiting access to specific networks aren't yet supported for use along with user-assigned managed identities for CMK encryption.

+### Assign permissions to the Backup vault to access the encryption key in Azure Key Vault

+You now need to permit the Backup vault to access the Azure Key Vault that contains the encryption key. This is done by allowing the Backup vault's managed identity to access the Key Vault.

+**Scenario: Key Vault having Access Control (IAM) access configuration enabled.**

+Follow these steps:

+1. Go to *Azure Key Vault* > **Access Control** > **Add Role Assignment**.

+2. Select **Key Vault Crypto Service Encryption User** role from **Job function** roles.

+3. Select **Next** > **Assign Access to** > **Managed Identity** > **Select Members**.

+4. Select your *Backup vault managed identity*.

+5. Select **Next** and assign.

+**Scenario: If your Key Vault has Access Policies configuration enabled**

+Follow these steps:

+1. Go to your *Azure Key Vault* > **Access Policies** > **+Create**.

+ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/access-policies.png" alt-text="Screenshot shows how to add Access Policies." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/access-policies.png":::

+ 2. Under **Key Permissions**, select **Get**, **List**, **Unwrap Key**, and **Wrap Key** operations. This specifies the actions on the key that will be permitted.

+ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/key-permissions.png" alt-text="Screenshot shows how to assign key permissions." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/key-permissions.png":::

+3. Select **Next** to go to **Select Principal** and search for your vault in the search box using its name or managed identity. Once it shows up, select the *vault* > **Next**.

+ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/select-principal.png" alt-text="Screenshot of Select principal in your Azure Key Vault." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/select-principal.png":::

+4. Once done, select **Add** to add the new access policy.

+5. Select **Save** to save changes made to the access policy of the Azure Key Vault.

+>[!NOTE]

+>- If you're using **user-assigned identities**, the same permissions must be assigned to the user-assigned identity.

+>- You can also assign an RBAC role to the Backup vault that contains the above mentioned permissions, such as the *[Key Vault Crypto Officer](../key-vault/general/rbac-guide.md#azure-built-in-roles-for-key-vault-data-plane-operations)* role. These roles might contain additional permissions other than the ones discussed above.

+### Enable soft-delete and purge protection on Azure Key Vault

+You need to **enable soft delete and purge protection** on your Azure Key Vault that stores your encryption key.

+You can do this from the Azure Key Vault UI as shown below. Alternatively, you can set these properties while creating the Key Vault. Learn more about these [Key Vault properties](../key-vault/general/soft-delete-overview.md).

+### Assign encryption key to the Backup vault

+Before proceeding further, ensure that all the steps mentioned above are completed successfully:

+- The Backup vault's managed identity is enabled and has been assigned the required permissions.

+- The Azure Key Vault has the soft-delete and purge-protection enabled.

+Once done, continue with selecting the encryption key for your vault.

+To assign the key and follow the steps, choose a client by following these steps:

+1. Go to your *Backup vault* > **Properties**.

+ 

+2. Select **Update** under **Encryption Settings (preview)**.

+ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/update-encryption-settings.png" alt-text="Screenshot shows how to update encryption settings." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/update-encryption-settings.png":::

+3. In the **Encryption Settings** pane, select **Use your own key** and continue to specify the key using one of the following ways.

+

+ *Ensure that you use an RSA key, which is in enabled and active state.*

+ 1. Enter the **Key URI** with which you want to encrypt the data in this Backup vault. You can also obtain this key URI from the corresponding key in your Azure Key Vault. Ensure the key URI is copied correctly. It's recommended that you use the **Copy to clipboard** button provided with the key identifier.

+ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/key-uri.png" alt-text="Screenshot of the key URI in your Backup vault." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/key-uri.png":::

+ >[!NOTE]

+ >When you try to update Encryption Settings but update operation fails due to internal error, the encryption setting is updated to **Inconsistent** and requires your attention.

+ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/encryption-key-with-full-key-uri.png" alt-text="Screenshot shows encryption key with full key URI." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/encryption-key-with-full-key-uri.png":::

+ >[!Note]

+ >When specifying the encryption key using the full Key URI with version, the key will not be autorotated, and you need to do key updates manually by specifying the new key or version when required. Alternatively, remove the Version component of the Key URI to get automatic rotation.

+ 

+ 2. Browse and select the key from the Key Vault in the **Key picker** pane.

+ >[!NOTE]

+ >When you specify the encryption key using the key picker pane, the key will be auto-rotated whenever a new version for the key is enabled. [Learn more](encryption-at-rest-with-cmk.md#enable-autorotation-of-encryption-keys) on enabling autorotation of encryption keys.

+ :::image type="content" source="./media/encryption-at-rest-with-cmk-for-backup-vault/key-vault-encryption.png" alt-text="Screenshot shows how to select key from Key Vault." lightbox="./media/encryption-at-rest-with-cmk-for-backup-vault/key-vault-encryption.png":::

+4. Select **Update**.

+5. **Tracking progress and status of encryption key update**: You can track the progress and status of the encryption key assignment under the Notifications. The encryption key updates are also logged in the vault's Activity Log under Backup Vault update (PATCH) operation.

+ 

+### Update encryption settings details

+You can update the encryption settings details anytime. Whenever you want to use a new key URI, ensure that your existing Key Vault still has access to the managed identity and the key is valid. Otherwise, the update operation will fail.

+>[!Note]

+>The managed identity that you want to use for encryption needs to have the required permission before you use.

+## Back up to a vault encrypted with customer-managed keys

+Before you configure protection, we recommend you to ensure that the following checklist is adhered.

+>[!IMPORTANT]

+> Before proceeding to configure protection, you must have **successfully** completed the following steps:

+>

+>1. Created a Backup vault.

+>2. Enabled the Backup vault's system-assigned managed identity or assigned a user-assigned managed identity to the vault.

+>3. Assigned permissions to your Backup vault (or the user-assigned managed identity) to access encryption keys from your Key Vault.

+>4. Enabled soft delete and purge protection for your Key Vault

+>5. Assigned a valid encryption key for your Backup vault

+>

+>If all the above steps are confirmed, only then proceed with configuring backup.

+The process to configure and perform backups to a Backup vault encrypted with customer-managed keys is the same as to a vault that uses platform-managed keys with **no changes to the experience**.

+## Troubleshoot Encryption Settings operations error

+### UserErrorCMKMissingMangedIdentityPermissionOnKeyVault

+**Error code**: UserErrorCMKMissingMangedIdentityPermissionOnKeyVault

+**Cause**: This error occurs when:

+- The managed identity being used for Encryption settings doesn't have the permissions to access the Key Vault. Also, the backup or restore jobs might fail with this error code if the access is removed after Encryption Settings are updated or managed identity is disable/detached from the Backup vault.

+- You're using non-RSA (EC Key URI).

+**Recommended action**: Ensure that the managed identity selected to use for encryption settings has the required permissions and the key is an RSA type, and then retry the operation.

+### UserErrorCMKKeyVaultAuthFailure

+**Error code**: UserErrorCMKKeyVaultAuthFailure

+**Cause**: Encryption Settings managed identity doesn't have the required permissions to access the Key Vault or key. Backup vault Managed identity (system or user assigned used for Encryption Settings) should have the following permissions on your Key Vault:

+- If Key Vault is using IAM ΓÇô RBAC then Key Vault Crypto Service Encryption User built-in role permissions on the Key Vault.

+- If you use *Access Policies*, **Get**, **Wrap** and **Unwrap** permissions are needed.

+**Recommended action**: Check the Key Vault access policies and grant permissions accordingly.

+## Next steps

+[Overview of security features in Azure Backup](security-overview.md).

+ - [Encryption using Customer Managed Keys for Backup vaults (preview)](#encryption-using-customer-managed-keys-for-backup-vaults-preview)

+## Encryption using Customer Managed Keys for Backup vaults (preview)

+Azure Backup Vault now allows you to encrypt your backup data using customer-managed keys (CMK) instead of using platform-managed keys, which are enabled by default. This feature enables you to control data access using the key and Key Vault you provide.

+For more information, see [Encryption of backup data in the Backup vault using customer-managed keys (preview)](encryption-at-rest-with-cmk-for-backup-vault.md).

+> [!div class="nextstepaction"]

+> [Configure Azure DDos protection for your virtual network](../ddos-protection/manage-ddos-protection.md)

+ "publisher": "microsoftcblmariner",

+ "offer": "cbl-mariner",

+ "sku": "cbl-mariner-2",

+ "nodeAgentSkuId": "batch.node.mariner 2.0",

+| **Name** | **Scope** | Limit |

+|--|--|--|

+|Default number of outbound concurrent calls |per Number | 2

+ Title: Connecting to Azure Communications Gateway

+description: Learn about connecting Azure Communications Gateway to your networks and the IP addresses and domain names you need to know.

+#CustomerIntent: As someone planning a deployment, I want to learn about my options for connectivity, so that I can start deploying

+# Connectivity for Azure Communications Gateway

+Each Azure region in your deployment connects to your core network. You need to choose the type of connection (for example, MAPS Voice or Express Route) and route traffic between your network and Azure Communications Gateway with specific IP addresses and domain names.

+This article describes:

+- The types of connection you can use.

+- The IP addresses and domain names you need to know about.

+- Your options for choosing domain names for Azure Communications Gateway.

+## Connecting to your network

+Azure Communications Gateway supports multiple types of connection to your network.

+- We strongly recommend using Microsoft Azure Peering Service Voice (also called MAPS Voice or MAPSV).

+- If you can't use MAPS Voice, we recommend ExpressRoute Microsoft Peering.

+The following table lists all the available connection types and whether they're supported for each communications service. The connection types are in the order that we recommend (with recommended services first).

+|Connection type | Operator Connect / Teams Phone Mobile | Microsoft Teams Direct Routing | Zoom Phone Cloud Peering | Notes |

+||||||

+| MAPS Voice |✅ |✅|✅|- Best media quality because of prioritization with Microsoft network<br>- No extra costs<br>- See [Azure Internet peering for Communications Services walkthrough](../internet-peering/walkthrough-communications-services-partner.md)|

+|ExpressRoute Microsoft Peering |✅|✅|✅|- Easy to deploy<br>- Extra cost<br>- Consult with your onboarding team and ensure that it's available in your region<br>- See [Using ExpressRoute for Microsoft PSTN services](/azure/expressroute/using-expressroute-for-microsoft-pstn)|

+|Public internet |❌|✅|✅|- No extra setup<br>- Not recommended for production|

+Set up your network as in the following diagram and configure it in accordance with any network connectivity specifications for your chosen communications services. Your network must have two sites with cross-connect functionality. For more information on the reliability design for Azure Communications Gateway, see [Reliability in Azure Communications Gateway](reliability-communications-gateway.md).

+## IP addresses and domain names

+Azure Communications Gateway (ACG) deployments require multiple IP addresses and fully qualified domain names (FQDNs). The following diagram and table describe the IP addresses and FQDNs that you might need to know about.

+|IP address or range on diagram | Description | Notes |

+||||

+| 1 | IP address range in operator site A for sending signaling traffic to ACG | Specify this information when you deploy ACG. |

+| 2 | IP address range or FQDN in site A for receiving signaling traffic from ACG | Specify this information when you deploy ACG. |

+| 3 | IP addresses or address ranges in operator site A for sending and receiving media traffic | Specify this information when you deploy ACG. |

+| 4 | IP address range in operator site B for sending signaling traffic to Azure Communications Gateway | Specify this information when you deploy ACG. |

+| 5 | IP address range or FQDN in operator site A for receiving signaling traffic from ACG | Specify this information when you deploy ACG. |

+| 6 | IP addresses or address ranges in operator site B for sending and receiving media traffic | Specify this information when you deploy ACG. |

+| 7 | ACG region 1 FQDN for receiving signaling traffic from operator network | Get the FQDN from the **Hostname** field for region 1 in the Azure portal. Configure your network to route calls to this FQDN. |

+| 8 | ACG region 1 IP addresses or address ranges for sending signaling traffic to your network | Ask your onboarding team for the values. Configure them in your network's access control lists (ACLs). |

+| 9 | ACG region 1 IP addresses or address ranges for media traffic between operator network and ACG | Ask your onboarding team for the values. Configure them in your network's access control lists (ACLs). |

+| 10 | ACG region 2 FQDN for receiving signaling traffic from operator network | Get the FQDN from the **Hostname** field for region 2 in the Azure portal. Configure your network to route calls to this FQDN. |

+| 11 | ACG region 2 IP addresses or address ranges for sending signaling traffic to your network | Ask your onboarding team for the values. Configure them in your network's access control lists (ACLs). |

+| 12 | ACG region 2 IP addresses or address ranges for media traffic between operator network and ACG | Ask your onboarding team for the values. Configure them in your network's access control lists (ACLs). |

+| 13 | ACG base domain providing the Provisioning API | Get the FQDN from the **Overview** field in the Azure portal. |

+| 14 | ACG region 1 IP addresses or address ranges for sending signaling traffic to communications services | - For Zoom Phone Cloud Peering, ask your onboarding team for this information and provide it to Zoom.<br>- Microsoft manages this information for other communications services. |

+| 15 | ACG region 1 FQDN or IP addresses for receiving signaling traffic from communications services | - For Zoom Phone Cloud Peering, ask your onboarding team for this information and provide it to Zoom.<br>- Microsoft manages this information for other communications services. |

+| 16 | ACG region 1 IP addresses or address ranges for media traffic between communications service and ACG | - For Zoom Phone Cloud Peering, ask your onboarding team for this information and provide it to Zoom.<br>- Microsoft manages this information for other communications services. |

+| 17 | ACG region 2 IP addresses or address ranges for sending signaling traffic to communications services | - For Zoom Phone Cloud Peering, ask your onboarding team for this information and provide it to Zoom.<br>- Microsoft manages this information for other communications services. |

+| 18 | ACG region 2 FQDN or IP addresses for receiving signaling traffic from communications services | - For Zoom Phone Cloud Peering, ask your onboarding team for this information and provide it to Zoom.<br>- Microsoft manages this information for other communications services. |

+| 19 | ACG region 2 IP addresses or address ranges for media traffic between communications service and ACG | - For Zoom Phone Cloud Peering, ask your onboarding team for this information and provide it to Zoom.<br>- Microsoft manages this information for other communications services. |

+| 20 | IP addresses or FQDNs used by communications services to receive signaling traffic | You don't need to manage this information. |

+| 21 | IP addresses or FQDNs used by communications services to send signaling traffic | You don't need to manage this information. |

+| 22 | IP addresses used by communications services to send and receive media traffic | You don't need to manage this information. |

+> [!TIP]

+> This diagram shows three sets of IP addresses for the communications service for simplicity. The details might vary for each communications service, but you won't need to manage the details because we manage the connection from Azure Communications Gateway to communications services.

+Each site in your network must send traffic to its local Azure Communications Gateway service region by default, and fail over to the other region if the local region is unavailable. For example, site A must route traffic to region 1, and, if it detects that region 1 is unavailable, reroute traffic to region 2. For more information on the call routing requirements, see [Call routing requirements](reliability-communications-gateway.md#call-routing-requirements).

+## Autogenerated domain names and domain delegation

+Azure Communications Gateway provides multiple FQDNs:

+* A _base domain_ for your deployment. This domain provides the Provisioning API. It's item 13 in [IP addresses and domain names](#ip-addresses-and-domain-names).

+* _Per-region domain names_ that resolve to the signaling IP addresses to which your network should route signaling traffic. These domain names are subdomains of the base domain. They're items 7 and 10 in [IP addresses and domain names](#ip-addresses-and-domain-names).

+You must decide whether you want these FQDNs to be `*.commsgw.azure.com` domain names or subdomains of a domain you already own, using [domain delegation with Azure DNS](../dns/dns-domain-delegation.md).

+Domain delegation provides topology hiding and might increase customer trust, but requires giving us full control over the subdomain that you delegate. For Microsoft Teams Direct Routing, choose domain delegation if you don't want customers to see an `*.commsgw.azure.com` in their Microsoft 365 admin centers.

+## Related content

+- Learn how to [route calls to Azure Communications Gateway](reliability-communications-gateway.md#call-routing-requirements).

+- Learn more about [planning an Azure Communications Gateway deployment](get-started.md)

+1. Configure your routers and peering connection to ensure all traffic to Azure Communications Gateway is through Azure Internet Peering for Communications Services (also known as Microsoft Azure Peering Service for Voice and MAPS Voice) or ExpressRoute Microsoft Peering.

+ - With MAPS Voice, BFD must bring up the BGP peer for each Private Network Interface (PNI).

+> Some steps in the deployment and integration process can require days or weeks to complete. For example, you might need to arrange Microsoft Azure Peering Service for Voice (MAPS Voice) connectivity before you can deploy, wait for onboarding, or wait for a specific date to launch your service. We recommend that you read through any documentation from your onboarding team and the procedures in [Deploy Azure Communications Gateway](#deploy-azure-communications-gateway) and [Integrate with your chosen communications services](#integrate-with-your-chosen-communications-services) before you start deploying.

+- [Connectivity for Azure Communications Gateway](connectivity.md) and [Reliability in Azure Communications Gateway](reliability-communications-gateway.md), to create a network design that includes Azure Communications Gateway.

+- If you're connecting to the public internet with Microsoft Azure Peering Service for Voice (MAPS Voice), you might need to pay a third party for the cross-connect at the exchange location.

+You need a Microsoft onboarding team to deploy Azure Communications Gateway. Azure Communications Gateway includes an onboarding program called [Included Benefits](onboarding.md). If you're not eligible for Included Benefits or you require more support, discuss your requirements with your Microsoft sales representative.

+Decide how Azure Communications Gateway should connect to your network. You must choose:

+- The type of connection you want to use (for example, MAPS Voice (recommended) or ExpressRoute).

+- The form of domain names Azure Communications Gateway uses towards your network: an autogenerated `*.commsgw.azure.com` domain name or a subdomain of a domain you already own (using [domain delegation with Azure DNS](../dns/dns-domain-delegation.md)).

+

+For more information about your options, see [Connectivity for Azure Communications Gateway](connectivity.md).

+## Configure MAPS Voice or ExpressRoute

+- To configure MAPS Voice, follow the instructions in [Azure Internet peering for Communications Services walkthrough](../internet-peering/walkthrough-communications-services-partner.md).

+- Learn about [connecting Azure Communications Gateway to your network](connectivity.md)

+* The Azure Regions in which you deploy Azure Communications Gateway.

+- We strongly recommend using Microsoft Azure Peering Service Voice (also called MAPS Voice or MAPSV).

+- If you can't use MAPS Voice, we recommend ExpressRoute Microsoft Peering.

+The following diagram shows an operator network using MAPS Voice or ExpressRoute (as recommended) to connect to Azure Communications Gateway.

+For more information, see:

+- [Connectivity for Azure Communications Gateway](connectivity.md), including details of the IP connectivity.

+- [Reliability in Azure Communications Gateway](reliability-communications-gateway.md), including application-level call routing requirements for failover.

+From September 2023, you can use ExpressRoute Microsoft Peering to connect operator networks to Azure Communications Gateway as an alternative to Microsoft Azure Peering Services Voice (also known as MAPS Voice). We recommend that most deployments use MAPS for voice unless there's a specific reason that ExpressRoute Microsoft Peering is preferable. For example, you might have existing ExpressRoute connectivity to your network that you can reuse. For details and examples of when ExpressRoute might be preferable to MAPS, see [Using ExpressRoute for Microsoft PSTN services](../../articles/expressroute/using-expressroute-for-microsoft-pstn.md).

+## STAC search for available imagery

+\ Where\ lat = The\ centroid's\ latitude\ from\ the\ provided\ geometry

+Alternately, you can also use the [EICAR](https://www.eicar.org/download-anti-malware-testfile/) test string to perform this test: Create a text file, paste the EICAR line, and save the file as an executable file to your machine's local drive.

+`curl -o ~/Downloads/eicar.com.txt`

+ isEnabled = false

+| **Defender for Endpoint integration** | Defender for Servers integrates with Defender for Endpoint and protects servers with all the features, including:<br/><br/>- [Attack surface reduction](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction) to lower the risk of attack.<br/><br/> - [Next-generation protection](/microsoft-365/security/defender-endpoint/next-generation-protection), including real-time scanning and protection and [Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/next-generation-protection).<br/><br/> - EDR, including [threat analytics](/microsoft-365/security/defender-endpoint/threat-analytics), [automated investigation and response](/microsoft-365/security/defender-endpoint/automated-investigations), [advanced hunting](/microsoft-365/security/defender-endpoint/advanced-hunting-overview), and [Endpoint Attack Notifications](/microsoft-365/security/defender-endpoint/endpoint-attack-notifications).<br/><br/> - Vulnerability assessment and mitigation provided by [Microsoft Defender Vulnerability Management (MDVM)](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-capabilities) as part of the Defender for Endpoint integration. With Plan 2, you can get premium MDVM features, provided by the [MDVM add-on](/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-capabilities#vulnerability-managment-capabilities-for-servers).| :::image type="icon" source="./media/icons/yes-icon.png" ::: | :::image type="icon" source="./media/icons/yes-icon.png"::: |

+| November 20|GA release: New autoprovisioning process for SQL Servers on machines plan|

+### GA release: New autoprovisioning process for SQL Servers on machines plan

+November 20, 2023

+In preparation for the Microsoft Monitoring Agent (MMA) deprecation in August 2024, Defender for Cloud released a SQL Server-targeted Azure Monitoring Agent (AMA) autoprovisioning process. The new process is automatically enabled and configured for all new customers, and also provides the ability for resource level enablement for Azure SQL VMs and Arc-enabled SQL Servers.

+Customers using the MMA autoprovisioning process are requested to [migrate to the new Azure Monitoring Agent for SQL server on machines autoprovisioning process](/azure/defender-for-cloud/defender-for-sql-autoprovisioning). The migration process is seamless and provides continuous protection for all machines.

+# Azure Event hubs as a handler destination in subscriptions to Azure Event Grid namespace topics (Preview)

+# Azure Event Grid namespaces - Push delivery (Preview)

+[Resource Graph portal page](https://portal.azure.com/#blade/HubsExtension/ArgQueryBlade).

+ Title: Subscribe to GitHub release notes repo

+description: Learn how to subscribe to HDInsight on AKS GitHub release notes repo

+# Subscribe to HDInsight on AKS release notes GitHub repo

+Learn how to subscribe to HDInsight on AKS release notes GitHub repo to get email notifications.

+## Prerequisites

+* You should have a valid GitHub account to subscribe to this HDInsight on AKS Release Notes notification. For more information on GitHub, [see here](https://github.com).

+## Steps to subscribe to HDInsight on AKS release notes GitHub repo

+1. Go to [HDInsight on AKS GitHub repository](https://github.com/Azure/HDInsight-on-aks).

+1. Click **watch** and then **Custom**

+1. Select **Releases** and click **Apply**

+ :::image type="content" source="./media/subscribe-to-release-notes-repo/github-subscription.png" alt-text="Screenshot showing how to subscribe to GitHub repo.":::

+ :::image type="content" source="./media/subscribe-to-release-notes-repo/subscribe-to-github-repo.png" alt-text="Screenshot showing how to select release option.":::

+Whenever a new Release Note is published, a notification will be sent to the subscribed e-mail ID.

+description: Track known issues for Azure HDInsight, along with troubleshooting steps, actions, and frequently asked questions.

+This article lists known issues for the Azure HDInsight service. Before you submit a support request, review this list to see if Microsoft is already aware of the issue that you're experiencing and is addressing it.

+For service-level outages or degradation notifications, check the [Azure Service Health status](https://azure.status.microsoft/status) page.

+## Summary of known issues

+| HDInsight component | Issue description |

+| Kafka | [Kafka 2.4.1 validation error in ARM templates](#kafka-241-validation-error-in-arm-templates) |

+| Spark | [Conda version regression in a recent HDInsight release](#conda-version-regression-in-a-recent-hdinsight-release)|

+| Platform | [Cluster reliability issue with older images in HDInsight clusters](#cluster-reliability-issue-with-older-images-in-hdinsight-clusters)|

+### Kafka 2.4.1 validation error in ARM templates

+**Issue published date**: October 13, 2023

+When you're submitting cluster creation requests by using Azure Resource Manager templates (ARM templates), runbooks, PowerShell, the Azure CLI, and other automation tools, you might receive a "BadRequest" error message if you specify `clusterType = "Kafka"`, `HDI version = "5.0"`, and `Kafka version = "2.4.1"`.

+When you're using [templates or automation tools](/azure/hdinsight/hdinsight-hadoop-provision-linux-clusters#cluster-setup-methods) to create HDInsight Kafka clusters, choose `componentVersion = "2.4"`. This value enables you to successfully create a Kafka 2.4.1 cluster in HDInsight 5.0.

+- [Create HDInsight clusters by using automation](/azure/hdinsight/hdinsight-hadoop-provision-linux-clusters#cluster-setup-methods)

+### Conda version regression in a recent HDInsight release

+**Issue published date**: October 13, 2023

+In the latest Azure HDInsight release, the conda version was mistakenly downgraded to 4.2.9. This regression is fixed in an upcoming release, but currently it can affect Spark job execution and result in script action failures. Conda 4.3.30 is the expected version in 5.0 and 5.1 clusters, so follow the steps to mitigate the issue.

+#### Recommended steps

+1. Use Secure Shell (SSH) to connect to any virtual machine (VM) in the cluster.

+2. Switch to the root user: `sudo su`.

+3. Check the conda version: `/usr/bin/anaconda/bin/conda info`.

+#### Resources

+- [Safely manage a Python environment on Azure HDInsight by using script actions](/azure/hdinsight/spark/apache-spark-python-package-installation)

+### Cluster reliability issue with older images in HDInsight clusters

+**Issue published date**: October 13, 2023

+As part of the proactive reliability management of Azure HDInsight, we recently found a potential reliability issue on HDInsight clusters that use images dated February 2022 or older.

+#### Issue background

+In HDInsight images dated before March 2022, a known bug was discovered on one particular Azure Linux build. The Microsoft Azure Linux Agent (`waagent`), a lightweight process that manages virtual machines, was unstable and resulted in VM outages. HDInsight clusters that consumed the Azure Linux build have experienced service outages, job failures, and adverse effects on features like IPsec and autoscale.

+#### Required action

+If your cluster was created before March 2022, we advise rebuilding your cluster with the latest HDInsight image. Support for cluster images dated before March 2022 ended on November 10, 2023. These images won't receive security updates, bug fixes, or patches, leaving them highly susceptible to vulnerabilities.

+> We recommend that you keep your clusters updated to the latest HDInsight version on a regular basis. Using clusters that are based on the latest HDInsight image ensures that they have the latest operating system patches, security patches, bug fixes, and library versions. This practice helps you minimize risk and potential security vulnerabilities.

+##### What happens if there's a VM outage in HDInsight clusters that use these affected HDInsight images?

+You can't recover such virtual machines through straightforward restarts. The outage could last for several hours and require manual intervention from the Microsoft support team.

+##### Is this issue rectified in the latest HDInsight images?

+Yes. We fixed this issue on HDInsight images dated on or after March 1, 2022. We advise that you move to the latest stable version to maintain the service-level agreement (SLA) and service reliability.

+##### How do I determine the date of the HDInsight image that my clusters are built on?

+The last 10 digits in your HDInsight image version indicate the date and time of the image. For example, an image version of 5.0.3000.1.2208310943 indicates a date of August 31, 2022. [Learn how to verify your HDInsight image version](/azure/hdinsight/view-hindsight-cluster-image-version).

+- [Create HDInsight clusters by using automation](/azure/hdinsight/hdinsight-hadoop-provision-linux-clusters#cluster-setup-methods)

+Select the title to view more information about that specific known issue. Fixed issues are removed after 60 days.

+| Issue ID | Area |Title | Issue publish date| Status |

+|Not applicable|Not applicable|Not applicable|Not applicable|Not applicable|

+- [Check Azure Service Health status](https://azure.status.microsoft/status)

+- [HDInsight cluster management best practices](cluster-management-best-practices.md)

+- [HDInsight 5.x component versions](hdinsight-5x-component-versioning.md)

+- [Create Apache Hadoop clusters in HDInsight by using Resource Manager templates](hdinsight-hadoop-create-linux-clusters-arm-templates.md)

+Authentication is done via Microsoft Entra ID. Authorization may be done via Azure role-based access control (Azure RBAC) or Key Vault access policy. Azure RBAC can be used for both management of the vaults and to access data stored in a vault, while key vault access policy can only be used when attempting to access data stored in a vault.

+### Identify model path with respect to `AZUREML_MODEL_DIR`

+When deploying your model to Azure Machine Learning, you need to specify the location of the model you wish to deploy as part of your deployment configuration. In Azure Machine Learning, the path to your model is tracked with the `AZUREML_MODEL_DIR` environment variable. By identifying the model path with respect to `AZUREML_MODEL_DIR`, you can deploy one or more models that are stored locally on your machine or deploy a model that is registered in your Azure Machine Learning workspace.

+For illustration, we reference the following local folder structure for the first two cases where you deploy a single model or deploy multiple models that are stored locally:

+#### Use a single local model in a deployment

+To use a single model that you have on your local machine in a deployment, specify the `path` to the `model` in your deployment YAML. Here's an example of the deployment YAML with the path `/Downloads/multi-models-sample/models/model_1/v1/sample_m1.pkl`:

+```yml

+$schema: https://azuremlschemas.azureedge.net/latest/managedOnlineDeployment.schema.json

+name: blue

+endpoint_name: my-endpoint

+model:

+ΓÇ» path: /Downloads/multi-models-sample/models/model_1/v1/sample_m1.pkl

+code_configuration:

+ΓÇ» code: ../../model-1/onlinescoring/

+ΓÇ» scoring_script: score.py

+environment:

+ΓÇ» conda_file: ../../model-1/environment/conda.yml

+ΓÇ» image: mcr.microsoft.com/azureml/openmpi4.1.0-ubuntu20.04:latest

+instance_type: Standard_DS3_v2

+instance_count: 1

+```

+After you create your deployment, the environment variable `AZUREML_MODEL_DIR` will point to the storage location within Azure where your model is stored. For example, `/var/azureml-app/azureml-models/81b3c48bbf62360c7edbbe9b280b9025/1` will contain the model `sample_m1.pkl`.

+Within your scoring script (`score.py`), you can load your model (in this example, `sample_m1.pkl`) in the `init()` function:

+```python

+def init():

+ model_path = os.path.join(str(os.getenv("AZUREML_MODEL_DIR")), "sample_m1.pkl")

+ model = joblib.load(model_path)

+```

+#### Use multiple local models in a deployment

+Although the Azure CLI, Python SDK, and other client tools allow you to specify only one model per deployment in the deployment definition, you can still use multiple models in a deployment by registering a model folder that contains all the models as files or subdirectories.

+In the previous example folder structure, you notice that there are multiple models in the `models` folder. In your deployment YAML, you can specify the path to the `models` folder as follows:

+```yml

+$schema: https://azuremlschemas.azureedge.net/latest/managedOnlineDeployment.schema.json

+name: blue

+endpoint_name: my-endpoint

+model:

+ΓÇ» path: /Downloads/multi-models-sample/models/

+code_configuration:

+ΓÇ» code: ../../model-1/onlinescoring/

+ΓÇ» scoring_script: score.py

+environment:

+ΓÇ» conda_file: ../../model-1/environment/conda.yml

+ΓÇ» image: mcr.microsoft.com/azureml/openmpi4.1.0-ubuntu20.04:latest

+instance_type: Standard_DS3_v2

+instance_count: 1

+```

+After you create your deployment, the environment variable `AZUREML_MODEL_DIR` will point to the storage location within Azure where your models are stored. For example, `/var/azureml-app/azureml-models/81b3c48bbf62360c7edbbe9b280b9025/1` will contain the models and the file structure.

+For this example, the contents of the `AZUREML_MODEL_DIR` folder will look like this:

+Within your scoring script (`score.py`), you can load your models in the `init()` function. The following code loads the `sample_m1.pkl` model:

+```python

+def init():

+ model_path = os.path.join(str(os.getenv("AZUREML_MODEL_DIR")), "models","model_1","v1", "sample_m1.pkl ")

+ model = joblib.load(model_path)

+```

+For an example of how to deploy multiple models to one deployment, see [Deploy multiple models to one deployment (CLI example)](https://github.com/Azure/azureml-examples/blob/main/cli/endpoints/online/custom-container/minimal/multimodel) and [Deploy multiple models to one deployment (SDK example)](https://github.com/Azure/azureml-examples/blob/main/sdk/python/endpoints/online/custom-container/online-endpoints-custom-container-multimodel.ipynb).

+> If you have more than 1500 files to register, consider compressing the files or subdirectories as .tar.gz when registering the models. To consume the models, you can uncompress the files or subdirectories in the `init()` function from the scoring script. Alternatively, when you register the models, set the `azureml.unpack` property to `True`, to automatically uncompress the files or subdirectories. In either case, uncompression happens once in the initialization stage.

+#### Use models registered in your Azure Machine Learning workspace in a deployment

+To use one or more models, which are registered in your Azure Machine Learning workspace, in your deployment, specify the name of the registered model(s) in your deployment YAML. For example, the following deployment YAML configuration specifies the registered `model` name as `azureml:local-multimodel:3`:

+```yml

+$schema: https://azuremlschemas.azureedge.net/latest/managedOnlineDeployment.schema.json

+name: blue

+endpoint_name: my-endpoint

+model: azureml:local-multimodel:3

+code_configuration:

+ΓÇ» code: ../../model-1/onlinescoring/

+ΓÇ» scoring_script: score.py

+environment:

+ΓÇ» conda_file: ../../model-1/environment/conda.yml

+ΓÇ» image: mcr.microsoft.com/azureml/openmpi4.1.0-ubuntu20.04:latest

+instance_type: Standard_DS3_v2

+instance_count: 1

+```

+For this example, consider that `local-multimodel:3` contains the following model artifacts, which can be viewed from the **Models** tab in the Azure Machine Learning studio:

+After you create your deployment, the environment variable `AZUREML_MODEL_DIR` will point to the storage location within Azure where your models are stored. For example, `/var/azureml-app/azureml-models/local-multimodel/3` will contain the models and the file structure. `AZUREML_MODEL_DIR` will point to the folder containing the root of the model artifacts.

+Based on this example, the contents of the `AZUREML_MODEL_DIR` folder will look like this:

+Within your scoring script (`score.py`), you can load your models in the `init()` function. For example, load the `diabetes.sav` model:

+```python

+def init():

+ model_path = os.path.join(str(os.getenv("AZUREML_MODEL_DIR"), "models", "diabetes", "1", "diabetes.sav")

+ model = joblib.load(model_path)

+```

+> `Standard_DS1_v2` and `Standard_F2s_v2` may be too small for bigger models and may lead to container termination due to insufficient memory, not enough space on the disk, or probe failure as it takes too long to initiate the container. If you face [OutOfQuota errors](how-to-troubleshoot-online-endpoints.md?tabs=cli#error-outofquota) or [ReourceNotReady errors](how-to-troubleshoot-online-endpoints.md?tabs=cli#error-resourcenotready), try bigger VM SKUs. If you want to reduce the cost of deploying multiple models with managed online endpoint, see [the example for multi models](how-to-deploy-online-endpoints.md#use-multiple-local-models-in-a-deployment).

+- Java Development Kit (JDK) versions that are [supported by the Azure SDK for Java](https://github.com/Azure/azure-sdk-for-jav).

+- Get started with Apache Kafka on Confluent Cloud - An Azure Native ISV Service on

+- Get started with Apache Kafka on Confluent Cloud - An Azure Native ISV Service on

+- Get started with Apache Kafka on Confluent Cloud - An Azure Native ISV Service on

+# What is Apache Kafka on Confluent Cloud - An Azure Native ISV Service?

+You can find Apache Kafka on Confluent Cloud - An Azure Native ISV Service in the [Azure portal](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Confluent%2Forganizations) or get it on [Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/confluentinc.confluent-cloud-azure-prod?tab=Overview).

+- Get started with Apache Kafka on Confluent Cloud - An Azure Native ISV Service on

+- Get started with Apache Kafka on Confluent Cloud - An Azure Native ISV Service on

+- You can have only one active migration or validation to your Flexible server.

+- The source and target server must be in the same Azure region. Cross region migrations are enabled only for servers in India, China and UAE as Flexible server may not be available in all regions within these geographies.

+This article applies to the AP5GC 2308 release (2308.0-9). This release is compatible with the Azure Stack Edge Pro 1 GPU and Azure Stack Edge Pro 2 running the ASE 2303 and ASE 2309 releases. It supports the 2023-06-01 and 2022-11-01 [Microsoft.MobileNetwork](/rest/api/mobilenetwork) API versions.

+With this release, there's a new naming scheme and Packet Core versions are now called ΓÇÿ2308.0-9ΓÇÖ rather than ΓÇÿPMN-2308.ΓÇÖ

+> For this release, it's important that the packet core version is upgraded to the AP5GC 2308 release before the upgrading to the ASE 2309 release. Upgrading to ASE 2309 before upgrading to Packet Core 2308.0.9 causes a total system outage. Recovery requires you to delete and re-create the AKS cluster on your ASE.

+| [Azure Web Application Firewall](../application-gateway/application-gateway-faq.yml?#how-do-i-achieve-a-disaster-recovery-scenario-across-datacenters-by-using-application-gateway) |

+Using the [Azure PowerShell](/powershell/module/az.workloads), [CLI](/cli/azure/workloads/sap-virtual-instance) and [REST API](/rest/api/workloads) interfaces, you can:

+Currently, you can initiate a soft stop operation from the Azure PowerShell, Azure Command-Line Interface (Azure CLI) and REST API interfaces. You must use the stop operation along with a soft stop timeout value in seconds to initiate a soft stop. Once you initiate soft stop on VIS and the operation is successfully triggered on the SAP system, then monitor the Health and Status of the VIS to check if the system has stopped.

+### Soft stop system in CLI

+Use the [az workloads sap-virtual-instance stop](/cli/azure/workloads/sap-virtual-instance#az-workloads-sap-virtual-instance-stop) command:

+```azurecli-interactive

+ az workloads sap-virtual-instance stop --id /subscriptions/sub1/resourceGroups/rg1/providers/Microsoft.Workloads/sapVirtualInstances/DB0 --soft-stop-timeout-seconds 300

+```

+You can soft stop a specific application server in Azure Center for SAP solutions using Azure PowerShell, CLI and REST API interfaces. Once you initiate soft stop on application server and the operation is successfully triggered, then monitor Health and Status of the application server instance to check if it has stopped.

+### Using CLI

+Use the [az workloads sap-application-server-instance stop](/cli/azure/workloads/sap-application-server-instance?view=azure-cli-latest#az-workloads-sap-application-server-instance-stop) command:

+```azurecli-interactive

+ az workloads sap-application-server-instance stop --id /subscriptions/Sub1/resourceGroups/RG1/providers/Microsoft.Workloads/sapVirtualInstances/DB0/applicationInstances/app0 --soft-stop-timeout-seconds 300

+```

+You can soft stop the HANA database so that the database stops gracefully after all running statements have finished. You can use the Azure PowerShell, CLI and REST API interfaces to soft stop database. Once you initiate soft stop on HANA database and the operation is successfully triggered on the database instance, then monitor the status of the database instance on the VIS to check if it has stopped.

+### Using CLI

+Use the [az workloads sap-database-instance stop](/cli/azure/workloads/sap-database-instance?view=azure-cli-latest#az-workloads-sap-database-instance-stop) command:

+```azurecli-interactive

+ az workloads sap-database-instance stop --id /subscriptions/Sub1/resourceGroups/RG1/providers/Microsoft.Workloads/sapVirtualInstances/DB0/databaseInstances/ab0 --soft-stop-timeout-seconds 300

+```

+Retrieval Augmentation Generation (RAG) is an architecture that augments the capabilities of a Large Language Model (LLM) like ChatGPT by adding an information retrieval system that provides grounding data. Adding an information retrieval system gives you control over grounding data used by an LLM when it formulates a response. For an enterprise solution, RAG architecture means that you can constrain generative AI to *your enterprise content* sourced from vectorized documents, images, audio, and video.

+Azure AI Search is a [proven solution for information retrieval](/azure/developer/python/get-started-app-chat-template?tabs=github-codespaces) in a RAG architecture. It provides indexing and query capabilities, with the infrastructure and security of the Azure cloud. Through code and other components, you can design a comprehensive RAG solution that includes all of the elements for generative AI over your proprietary content.

+ ¹ The generally available functionality of [vector support](vector-search-overview.md) requires that you call other libraries or models for data chunking and vectorization. However, [integrated vectorization (preview)](vector-search-integrated-vectorization.md) embeds these steps. For code samples showing both approaches, see [azure-search-vectors repo](https://github.com/Azure/azure-search-vector-samples).

+ Title: Enable enrichment widgets in Microsoft Sentinel

+# Enable enrichment widgets in Microsoft Sentinel

+Enrichment widgets are dynamic components that provide you with in-depth, actionable intelligence about entities. They integrate external and internal content and data from various sources, allowing you a better understanding of potential security threats.

+This article shows you how to enable the enrichment widgets experience, allowing you to take advantage of this new capability and helping you make better, faster decisions.

+- [Elevate your cybersecurity intelligence with enrichment widgets (Preview)](#elevate-your-cybersecurity-intelligence-with-enrichment-widgets-preview)

+<a name="visualize-data-with-enrichment-widgets-preview"></a>

+### Elevate your cybersecurity intelligence with enrichment widgets (Preview)

+Enrichment Widgets in Microsoft Sentinel are dynamic components designed to provide you with in-depth, actionable intelligence about entities. They integrate external and internal content and data from various sources, offering a comprehensive understanding of potential security threats. These widgets serve as a powerful enhancement to your cybersecurity toolkit, offering both depth and breadth in information analysis.

+This quickstart describes the steps for creating a service connection in Azure App Service with the Azure CLI.

+> [!TIP]

+> If you don't have a Blob Storage, run `az webapp connection create storage-blob --new --secret` to provision a new one and directly get connected to your App Service resource.

+> Using Managed Identity requires you have the permission to [Microsoft Entra role assignment](../active-directory/managed-identities-azure-resources/howto-assign-access-portal.md). Without this permission, creating a connection will fail. You can ask your subscription owner to grant you this permission or use an access key to create the connection.

+Use the Azure CLI [az webapp connection](/cli/azure/webapp/connection) command to create a service connection to a Blob Storage with a system-assigned Managed Identity, providing the following information:

+- The name of the resource group that contains the App Service

+- The name of the App Service

+- The name of the resource group that contains the storage account

+- The name of the storage account

+az webapp connection create storage-blob

+> If you don't have a Blob Storage, you can run `az webapp connection create storage-blob --new --system-identity` to provision a new Blob Storage resource and directly connected it to your App Service instance.

+Run the Azure CLI [az webapp connection](/cli/azure/webapp/connection) command to list connections to your App Service, providing the following information:

+- The name of the resource group that contains the App Service

+- The name of the App Service

+Follow the tutorials below to start building your own application with Service Connector.

+## Prerequisites

+* An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/).

+* Java 8 or a more recent version with long-term support (LTS) 1.

+1. Navigate into the following folder:

+1. Create a Kafka cluster with the following information:

+1. In **Cluster overview** -> **Cluster settings**, note the Kafka **Bootstrap server** URL.

+Create an instance of Azure Spring Apps by following [the Azure Spring Apps quickstart](../spring-apps/quickstart.md) in Java. Make sure your Azure Spring Apps instance is created in [a region that has Service Connector support](concept-region-support.md).

+1. Build the project using gradle.

+## Create a service connection using Service Connector

+* Replace *`<kafka-bootstrap-server-url>`* with your Kafka bootstrap server URL. For example: `pkc-xxxx.eastus.azure.confluent.cloud:9092`.

+* Replace *`<kafka-schema-registry-endpoint>`* with your Kafka Schema Registry endpoint. For example: `https://psrc-xxxx.westus2.azure.confluent.cloud`.

+> If you see the error message "The subscription is not registered to use Microsoft.ServiceLinker", please run `az provider register -n Microsoft.ServiceLinker` to register the Service Connector resource provider and run the connection command again.

+To disallow anonymous access for a storage account, set the account's **AllowBlobPublicAccess** property to **False**.

+> | Australia Central | ecdsa-sha2-nistp256 | 01/31/2024 | `m2HCt3ESvMLlVBMwuo9jsQd9hJzPc/fe0WOJcoqO3RA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBElXRuNJbnDPWZF84vNtTjt4I/842dWBPvPi2fkgOV//2e/Y9gh0koVVAYp6MotNodg4L9MS7IfV9nnFSKaJW3o=` |

+> | Australia Central | ecdsa-sha2-nistp256 | 01/31/2026 | `5Vot7f2reXMzE6IR9GKiDCOz/bNf3lA0qYnBQzRgObo=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLs9yqrEGdGvgdSWkAK5YkyazMWi30X+E6J/CiGpJwbuczVJwT/cwh+mxnE7DMTwhEo57jL7/wi/WT8CPfPpD4I=` |

+> | Australia Central | ecdsa-sha2-nistp384 | 01/31/2024 | `uoYLwsgkLp4D5diAulDKlLb7C5nT4gMCyf9MFvjr7qg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBARO/VI5TyirrsNZZkI2IBS0TelywsJKj71zjBGB8+mmki+mmdtooSTPgH0zmmyWb/z3iJG+BnEEv/58zIvJ+cXsVoRChzN+ewvsqdfzfCqVrzwyro52x5ymB08yBwDYig==` |

+> | Australia Central | ecdsa-sha2-nistp384 | 01/31/2026 | `adZj2DQSv+LtvnORWfJdnUJhVy/Tjck1AWxOwF5q4hU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKVV77ZE9HdETqzwJ+w71BdzF5+8T+LX6ZYvEpNkts6aNurkpH5jfl89Lb0GVeOxIfw6pi3TCiYiXysImBKTsMPQYJ+7jWgLMJEgKG6iDdo3Ust0iolueehHci2iMxPwEg==` |

+> | Australia Central | rsa-sha2-256 | 01/31/2024 | `q2pDjwwgUuAMU3irDl2D+sbH8wQpPB5LHBOFFzwM9Sk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDnqOrNklxmyreRYe7N72ylBCensxxPTBWX/CfbdbGfEbcGRtMGHReeojkvf4iJ7mDMZRzecgYxZ9o2bwTH9UImNkuZTsFNH6APuJ075WyxoDgdBX1UAQ3eE6BrCNI0BcwLakU9lq0rNhmxMpt/quBXxxWbRieKR9liTOg5CGSqoUPo7TpwaZQBltJCEf7rN5wGUlHV49iuiJIasSldYT6F1c3vS4bJb2sdIvVnKVLq+yTMzaPzWn34BD+KHx/pkB+s7/vQtdMfBBEdgEdPVvMPsyXtIKhx4Q79LnfZT19RDY8KW1mJrbPo67oEcjJYTXSZTKysjCUNmNNrnXvp6sHd` |

+> | Australia Central | rsa-sha2-256 | 01/31/2026 | `u2Lg2ZWkF2yQcm/gYtuy1pTIyY4zIhy4VRwZe2sJZYQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNKRFZfxWPzqUEPzS7ywkynUs3ZQuhmFOaPqgORDqDf/+OYRswOcNwu1LqH7Ait5ntwFu99AyleKGkdKvkEHDHfKI3dJIczV5OpxZ4m9hFuDa0pSwlyUSVQc+jDTbtrUSFtkAZDsmfbXR3UBikrwJmA+9IF5UWewTxqvZ894r1rSbLkaZpObu5Cq9MW15On/Aa4lpR4mtVtSLt/ww/qGXy0wQDgzItjQlU+VrhjTd7PrL7NVpSmGIQioFqJqNP4mp8aUU9jceAOCa4nJkfEJ3oQRYTs2M0wxTNdo1XR1NPju6vlU0fKBq9G+hssOSNPZFc2Mnz7ECnVgjASKn9B1hJ` |

+> | Australia Central | rsa-sha2-512 | 01/31/2024 | `+tdLVAC4I+7DhQn9JguFBPu0/Hdt5Ru2zjuOOat+Opw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCnd0ETMwpU8w7uwWu1AWDv6COIwLKMmxXu+/1rR429cNXuPrBkMldUfI7NKVaiwnu1kLPuJsgUDkvs/fc7lxx2l5i6mYBWJOXcWzAfXSBfB1a+1SK+2tDPYT3j4/W/KRW74DFPokWTINre22UVc+8sbzkmdtX/FzZdVcqI4+xJSjwdsp2hbzcsVWkxWhrFzKmBU40m5E/YwKQwAcbkzmX6AN5O8s66TQs2uPkRuTItDWI3ShW7QzW05jb6W8TeYdkouZ5PY0Yz/h3/oysFzo4VaUc0y3JP98KRWNXPiBrmvphpKnU1TQrjvVkYEsiCBHMOUnNVHdR1oIHd2zPRneK5` |

+> | Australia Central | rsa-sha2-512 | 01/31/2026 | `oOWjGbOjG/o5T4MRYnl2JmIWDQor5ScEXhbbNBsN07Q=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC4/SgLtX9IiVa6W6cqMTozxCEnv5OcjT9aohtlhd9ho4h4OI/m+vDXdxeSUcJE1vMK/mIpzqs402Gm4PB1Z667t6mhpj6ISPIp2WhPdbnBo1vqagMUWM3tHJjp4XlOyQW/dteQtqV32m5iBfCjEzCJt7aw93uWrMosB5q0j1mS0EdCFBWzLtaPPyaQnQ6Pm7KX/ZICzhEadU2tYC4alALfFvqn1HDUY+gyzE0/W3S+4+o9ds1uzG165c8hluYInsgTFAbHjVDAvy/5lG93tkNDh1qQu1m2bYnIoXzFg3ZYHrcvewbrHCPOH4/6TVItibspePHqM+cbRTuLd3oVzgh1` |

+> | Australia Central 2 | ecdsa-sha2-nistp256 | 01/31/2024 | `m7Go9P1bwcPHAcZzRSXdwYroDIdZzt0jhxkJW42YGKY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHp76felOL7GAHcJoW6vcCS83jkeR6RdFCwUk0Jf6v7SFoqYNZfTaryy2n0vwG1W1dAyHvOjB1+gzTZOkHN/cAI=` |

+> | Australia Central 2 | ecdsa-sha2-nistp256 | 01/31/2026 | `ljng4w6TbLQ8Gx6ZRiD3/IpPELeGqMF0LIPVWKPGwpE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOUs2ledPbnskBJiCxyvDDZ2UXJ0FX0A0orlg0thjLfu+wTyDzhkMENTwBFQcxbHUiF2si2EaGH24/vGbTIu4u0=` |

+> | Australia Central 2 | ecdsa-sha2-nistp384 | 01/31/2024 | `9Jc39OueTg3pQcq8KJgzsmPlVXxILG24Euw27on7SkY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEduOE61sSP2BozvJ6QLtRDZ7j0TenX7PjcpPVtYIQuKQ+h3qakXFwFnj8N3m8+LpTXYO41mgX7N02Rl12QvD7lDpUgHUChaNpUcMcSpm5qvguLyG6XZg2BDNd6pyx+fpw==` |

+> | Australia Central 2 | ecdsa-sha2-nistp384 | 01/31/2026 | `jm715CgIcCpPm/Lbc05DQGY/ruz1OqdM5jZa1I63W34=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLSDA7juMVxMlQQghLVwdkg87U1kE9P4ssrwt8k9Pts2vVSlG/iUYeCOBibjFljDnWkZXNiUzz008fAdNCfcjuwXbKwBXU/shP+Of11rCfTTu2hCE8KLU/Q3uKQyiGB3cQ==` |

+> | Australia Central 2 | rsa-sha2-256 | 01/31/2024 | `sqVq1zdzD3OiAbnDjs70/why2c3UZOPMTuk5sXeOu4Y=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDKNZVZ5RVnGa0fYSn+Nx3tnt526fmMf+VufOBOy5/hEnqV6mPKXMiDijx2gFhKY4nyy957jYUwcqp1XasweWX6ISuhfg4QWcygW0HgmVdlSDezobPDueuP0WdhVsG3vXGbEYnrZOUR5kQHagX/wWf6Diy1J5Cn2ojIKGuSuGY/9bu3bnZzKt08fj+gQCEd1GxpPoBUfjF/73MM57IRhdmv919rsGD5nsyZCBmqFoKlLH/gKYZ4B3hylqf/6gER7OeZmG2S/U/fRAN0hVK7RkHNf2CFoCmuxXS6r87BznT5vF3nmd7tsf0akaxLjfWRbKLMWWyZkzU4/jijpbDDuu1x` |

+> | Australia Central 2 | rsa-sha2-256 | 01/31/2026 | `Rtw7IkxA4khKCdOQRMby9qILYVL9Vjc2Mq0mEk1bZCs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDD9nOyOSgLGF2U3gtmh+5K4JLna7i0nySgGrhsmSvM7ZMP0csSpNGqgfluu1QPYgCQdYWZ249zF8VyOecMvZeWPevsnKGk31W19v5uw0XFZehN2otbeDYhrIH3qGoYckGZ53UWNpwjCS5tn9AnGzifk91mufUxahHCMvOYW/yXziOUZG6aIRmJXwTNO+6boe4r3E7jNhi7fNmoaxb6C6CfgzzOXEnXxOGOH5gbvxDo0w2kCIsN3HlR8FPXZEDVsxMpRfl+8WLVUk1ReJY8D3UiRF74f0QtzZofgW0dErbu1yS4+m8Pd76P9Dk7X+warYVWPOJB6fiaUuJGMNztNZxF` |

+> | Australia Central 2 | rsa-sha2-512 | 01/31/2024 | `p6vLHCTBcKOkqz7eiVCT6pLuIg7h4Jp41lvL/WOQLWM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDcqD2zICW1RLKweRXMG9wtOGxA5unQO/nd9yslfOIo54Ef0dlhAXGFPmCd3Yj60Gt/CIpqguzKLGm4D3nf19KjXE8V59cD7/lN6mVrFrm+6CU44JAzKN9ERUelxhSQKi/dsDR773wt4jsAt4SLBRrs19RC2fkYnxZgC/LzNZKXXY3FFb06uwheJjGOHyeQJbGpaV3hlelhOSV1UF2JAB8v6d8+9+S+b666EcpQ70JtxtA8h1s30hqhTKgYdRYMPfz7lqKXvact2NBXlqYRPod5cLW7lYBb2LzqTk1D44d8cwDknX2pYQJpgeFwJhB6SO9mF/Ot+jk+jV/CxUI55DPd` |

+> | Australia Central 2 | rsa-sha2-512 | 01/31/2026 | `jDCUSB/oiZWdbT9D0ut2YeWp4Tc9B2sRkLckc89GyOQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCxq8t20rSdPNg8/wq9IHPFWonfXAbJgiRtnBfsdXGq42Mecyx8CMm9i+TUbKdNq9JjEay4V7R6A41tpCDiAhKF8Lm0LbLU+xMti2VGudCBoxhLw2Zwhw0LDP4JO+S9gzh6eWeEkLZqQH8EyxQg0RghwumAyEFl3xkeAsM1lDMuKqVPPluc9x1j3vGU3C1UpUBNFSYs4BtgcqFRwnMS2P4bYXkT7HJFuXTIZDIcxMAAv9mF5nHw8xyzHcug88OW1cnqW0HLBDFpjE2FCAuStu5qIydSDf8+4WlgcaSfYHe4WM31fDMYARCm68qVhriMBvlByhlgJPjhP3kkNiCsxm35` |

+> | Australia East | ecdsa-sha2-nistp256 | 01/31/2024 | `s8NdoxI0mdWchKMMt/oYtnlFNAD8RUDa1a4lO8aPMpQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBKG2nz5SnoR5KVYAnBMdt8be1HNIOkiZ5UrHxm4pZpLG3LCuzLEXyWlhTm8rynuM/8rATVB5FZqrDCIrnn8pkw=` |

+> | Australia East | ecdsa-sha2-nistp256 | 01/31/2026 | `qLI4Er+3h7wEuAuMSWffpVJnckWm9egyz7ciWi4+GqI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJ5v4o12sOOmXEW0s7nd6hjm7s2R6psCu+J3XYYV90Kan31EIqQvLOVR+/ScRzR2ZWrglvHbZ0p3BIS9b+Qmuco=` |

+> | Australia East | ecdsa-sha2-nistp384 | 01/31/2024 | `YmeF1kX0R0W/ssqzKCkjoSLh3CciQvtV7iacYpRU2xc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFJi5nieNPCIxkYS7HKMH2fQgONSy2kGkViQucVhWrTJCEQMVz5peL2JZJFjf2a6zaB2olPaBNEkeuJRHxGyW0luTII9ZXXUoiGQH9l05B41mweVtG6pljHfuKQ4HzoUJA==` |

+> | Australia East | ecdsa-sha2-nistp384 | 01/31/2026 | `eHy1DetHa/RbyledxIW22WT8Da2fqrnO9QVvzA+1AlI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBPKT9YkKOum0fA9ys/jDM6EKMs3WZj4FEsizY+lCF15RNRP27pTeUeksBeiBVJLJNxpDkxealP4kKTDAN2rO5KMcIjrfcaNpBfnhgg5u0E8tPjZgKTsFiWW4bRCKQ4MBaQ==` |

+> | Australia East | rsa-sha2-256 | 01/31/2024 | `MrPZLU8llsG+SzgBN8eH702H4zuynyYgqqQLQmWGDEs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDsRwHZ+DKINZZNP0GO6l7mFIIgTRnJy7ikg07h54iuk+KStoB2Cwppj+ulPs0NiR2RgAsP5nchWRZQysjsfYDui8wha6JEXKvWPlQ90rEYEs96gpUcbVQesgfH8ILXK06Kn1xY/4CWAHEc5U++66e+pHQulkkFyDXTsRYHsjTk574OiUI1` |

+> | Australia East | rsa-sha2-256 | 01/31/2026 | `O4+QFg7TgHTwoZ1asStdM+7ASB0kZ7Hr2BrC3pmTwZc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDLZNGWVC23V6iawz7XwcbwH7OcxNCl5mMKrQQPQLBqsf6uWMcIA66tV+Gwy7mOVztGEa7qb29MUdjKeIXD1je1THq/usWe8XaXCvIH1YueWx21ANCuo9YGrpRQLHTIu01SBeiFMsS4ZdMcTn1R2wEwxRR9awZ5Z24/iScJE/38M7WO9LtttwpOcFE1E6BGbdAbBtvpB55/1pRhLV4InwKULagNHkys6vqZ0TawgU1Xnfmvd2VfXREDkVqEcYKt6o1fEyD2ietUOqU0WOsNDIgXq87xDfY/D9i+3RD/mwHM6OzOCTF9lJIjJxCNAqohnP9A6VyKyWO7vtFvhN774d6V` |

+> | Australia East | rsa-sha2-512 | 01/31/2024 | `jkDaVBMh+d9CUJq0QtH5LNwCIpc9DuWxetgJsE5vgNc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDFHirQKaYqkcecqdutyMQr1eFwIaIM/h302KjROiocgb4iywMAJkBLXmhJn+sSbagM5tzIk4K4k5LRjAizEIhC26sc2aa7spyvDu7+HMqDmNQ+nRgBgvO7kpxVRcK45ZjFsgZ6+mq9jK/eRnA8wgG3LnM+3zWaNLhWlrcCM0Pdy87Cswev/CEFZu6o6E6PgpBGw0MiPVY8CbdhFoTkT8Nt6tx9VhMTpcA2yzkd3LT7JGdC2I6MvRpuyZH1q+VhW9bC4eUVoVuIHJ81hH0vzzhIci2DKsikz2P4pJT0osg5YE/o9hVJs+4CG5n1MZN/l11K8lVb9Ns7oXYsvVdtR2Jp` |

+> | Australia East | rsa-sha2-512 | 01/31/2026 | `f5+TI5gN7KXS/ofLDLeS+6d7rzChq8SrZMKr3+ylPFQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCrhphicX/V87bso8jPZG016Hez0oNP7CvJXDlEZRIkuJlX0wRorD0u7iyyJSXbFZsSl20H6idsNae0ljy/MUfBfb6nV4LXdV8SRSY2QExrd6sMiMgESpfTaXIM8YI/2B9Kyrx6AJBTuNMQACvq8VoBziNGoWhhCO4Mj5fwhDB6vNF3A0Of3qvh/mmMBpY/B/Ud4SwaoGxrP6vwvoB1S7RLQSDdjR1aeGwtWrxOnx1ReD3TsV3FYoj1Ot3LLySkPYF8eDVrnz54U/XJocta+bWdpgyxne4cNULHAyxtuTdvNo3eoZszUdZ8h52dEckhva1ud2eAMvq4xDbaBSIfW0Hp` |

+> | Australia Southeast | ecdsa-sha2-nistp256 | 01/31/2024 | `4xc49pnNg4t/tr91pdtbZLDkqzQVCguwyUc16ACuYTc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCdswzJ+/Bw5ia/wRMaa0llZOjlz67MyZXkq7Ye38XMSHbS4k/GwM0AzdX+qFEwR00lxZCmpHH28SS+RyCdIzO0=` |

+> | Australia Southeast | ecdsa-sha2-nistp256 | 01/31/2026 | `ieme9KpUiNa0zSTmW/zlYeiyq3yu4GwD28n3Le+Fwpc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFbcds+lsX2tixQjy47ZumhpAIvp0ojjVEOTnyKgMRYBbT6AOyjrk5ECbK5s1W79bTtZQQt4xmnfUXUkm0JvB9I=` |

+> | Australia Southeast | ecdsa-sha2-nistp384 | 01/31/2024 | `DEyjMyyAYkegwLtMBROR/8STr1kNoQzEV+EZbAMhb1s=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJRZx6caZTXnbTW/zRzKfoKC4LGzvD5fnr2p8yGWxDq27CjUEMxkctWcT6XS3AstF2MLMTOFp/UkkSr8eP0vXI8g99YDeFGXtoBiFSIgYF2Aiu/kpfEu3feiIUl3SVzxKw==` |

+> | Australia Southeast | ecdsa-sha2-nistp384 | 01/31/2026 | `YinhhlbjexJimlqKzOetdTlg+oP7sDVf3pjBZcUMZlU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKvI6seG26Vpmcc2WksGHHKnp4JSeDVJ3UvN3j4QoLrBGzRe1qx6IAMQuygggVCU54cGxkiPzci+NV6fl3Nw6uXMdyR2AP76yWbsYvk1nUnhsG83oVjucz9WsXjsl/dDNg==` |

+> | Australia Southeast | rsa-sha2-256 | 01/31/2024 | `YafIMxux7NtoKCrjQ2eDxaoRKHBzpanatwsYbRhrDKQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC7omLu37G00gLoGvrPOJXpRcI5GTszUSldKjrARq0WeJIXEdekaSTz5qv2kSN/JaBDJiO9E4AJFI9q5AvchdmMVs4I59EIJ0bsR9lK+9eRP4071EEc8pb3u/EPFaZQ8plKkvINJrdK6p0R2FhlFxa7wrRlKybenF1v7aU3Vw79RQYYXaZifiNrIQFB8XQy3QQj2DcWoEEOjbOgZir9XzPBvmeR8LLEWPTLYangYd3TsQtybDpP6acpOKaGYDEyXiA8Lxv8O276LUBny6katPrNvfGZScxn6vbTEZyog+By8vyXMWKEbC1Qc/ecBBk5obFzbUnq3RP1VXLJspo99cex` |

+> | Australia Southeast | rsa-sha2-256 | 01/31/2026 | `xmdRGjdB8ODcmg68eG+/dplKKKfOSEAXtXAAXYaQxsk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCzYBSvVIo2FgllCfeH6xerVZf8jxxYsZiTcRvojdlB8b0/n2/BISx43EtAmFudQ3dJ3Phc+U81CSgfr3Y9dWbfXsbpF5G41hVrGjpmR7u8ZYx/u3B2t+ymMatNytsNpHiUqKf1TR55jQqjhIctbbn9poyb43H6MLsxsLxvmFN21jwp1N3uHuBJ4fHJraa+QOIfcdGw6hSCuSAXdlbUVVXiF8U+MB28wiXuKsv7TFPHsNOyslre2P0MxQt5E8w78bpx8DGor1yvvFo4qNcmXqrc3cZfmfEB8sMCRGqgWisieu+bAOtCkK8mMjopArQBYjuOLms0qpIKwG8m0jttQCuN` |

+> | Australia Southeast | rsa-sha2-512 | 01/31/2024 | `FpFCo9sNUkdnD1kOSkWDIfnasYhExvRr1pJlE631QrA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDmuW2VZAhR6IoIOr32WnLlsr/rt3y4bPFpFcNhXaLifCenkflj9BufX3lk5aEXadcemfKlUJJdwBTvTt1j4+X3P2ecCZX1/GSsRKSTuiivuOgkPxk3UlfggkgN9flE9EdUxHi/jN/OQ9CjGtHxxk72NJSMNAjvIe0Ixs7TfqqyEytYAcirYcSGcc0r70juiiWozflXlt+bS7mXvkxpqMjjIivX+wTAizzzJRaC6WcRbjQAkL2GP6UCFfBI1o9NBfXbz+qvs1KTmNA0ugRQ7g6MdiNOePHrvoF1JgTlCxEjy+/IqPiC8nNQUVCW6/gcATQoDQn0n9Lwm1ekycS35xEh` |

+> | Australia Southeast | rsa-sha2-512 | 01/31/2026 | `aJTfDB4bKb7ZXnNHf/rQpqn60uHNsDdaqrvsTqIK0wI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCfeIyKblF1xo44RVh/bFm1DYxI9l26h+tT5P7qBqZztZ2yT3tLUkru6dKbkT8epNhTP4e0NDZl/WlIsleCmzCRfHnFYit+riYnskJBP4wcBDkDmQLBQiKcPhMwwCXsijWisHsc0PrdfSwOAhGllsJTy7FsKfYyCRaeLEq8AszNSwfgjMlLxytTEyKNMRZhTq6udY+8u2OJZaOveiKCyw/PRD64kR6DONcHMc+y157UaDIfx6nZtQ4O8T0akM+s5J3xnhUOQH2J48+QBN8l4y/cX65quyW7zqN8pxR2N8CK498p6eWan94visO/evOhnlLPAMR1V+cd0soVxyKt5Qlp` |

+> | Brazil South | ecdsa-sha2-nistp256 | 01/31/2024 | `rbOdmodk5Aq+nxHt04TN7g6WyuwbW5o+sDbj86l6jp8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNFqueXBigofrM5Kp2eA4wd4XxHcwcNgNFWGgEd0EoNdKWt9NroU47bN43f79Y5vPiSa4prKW1ccMBl40nNN4S4=` |

+> | Brazil South | ecdsa-sha2-nistp256 | 01/31/2026 | `hKqaUmDSKTLOZ4e558z5EBbcsLClt6uZ9Gl5dNQD8X8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPoLBRafaKd+jqxNF+AygWL/E8CA7Bc398nruOHSyXLQEDRPvNbNzVEXeK4BbhuQxPZWZV8gtWcYcJjSGCRUX3g=` |

+> | Brazil South | ecdsa-sha2-nistp384 | 01/31/2024 | `cenQeg58JZ+Dvu3AC7P7lC/Jq7V3+YPaS37/BBn3OlQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBHBhfnlfXV9/m6ZgOoqmSgX3VPnRdTOraBhMv8v7lEN1lWwyBpiWepu52KS0jR1RhttfXB+n+p6i2+9djJ1zT7fHq4sNn/d/3k2J6IjJlymZ32GwPvDk+fGefupUtabvRQ==` |

+> | Brazil South | ecdsa-sha2-nistp384 | 01/31/2026 | `cMW9MxGhPxMZQj34L0PTuEcPUVds74cuC0rJ/nBv1hQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDb+/ZDeuja6wcxVJVSNMWylUTItczguOMOsqyVdhJp2A3AevWHCo7edA+7Hl8fHouzdGsamlxDOwv3/fvL/a3DLtNyr9q7/sEaEr5wll79PhKLgq4VqZzm91VXN3y9DJw==` |

+> | Brazil South | rsa-sha2-256 | 01/31/2024 | `qNzxx1kid41tZGcmbbyZrzlCIPJ9TFa20pUqvRbcjro=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC04g5K8emsS4NpL6jCT3wlpi6Msb5ax6QGlefO3IKp3wDKWAEqN+PvqBdrNp1PsitTKeyRSCLofq9k2wzeAMzV2n3UVqmUpNf9Q0Yd8SuXPhKG6VhqG2hL5+ztrlVTMI2Ak18SLaAEA1x7y9Z1lkEYGvCzJQaAw5EG8kd7XHGaI9nSCJ7RFOdJQF/40gq8z6E+bWW9Xs55JpWQ0i44i/ZvQUEiv5nyAa7D86y23wk1pTIFkRT99Kwdua0GtyUlcgCRDDTOzsCTn4qTo/MAF1Uq/ol4G0ZxwKnAEkazSZ1c+zEmh6GJNwT64nWBZ+pt5Rp3ugW+iDc/mIlXtxEV2k7V` |

+> | Brazil South | rsa-sha2-256 | 01/31/2026 | `XGzPXMnOOBOE6DKAtYZDL0J/p33FDBqYvtoI8d8iMo4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDQkgaV5fCbgfaq099rXhqysOfNdFgVqMpNPbaMVyuTrO3zu6TQ3qPUylUaihFK2EBtiIaTlnfqCg3lmdydojez4cJnRV1o9i72LnFTJm1bMVNYA5RtNrJUIZQ0dpCjlJHmsQnjTCC2nfaamR0vqA3u6/KTp8rMMA1eKkvPRWlcXo/7l+ZdPinrfpzZ1KL1F8RYv7wRzrEdFi+u1gmzw5a3X6R6W45r9R/nvj3xiEDr9D7NUAztCJZcIX6GPmInGNNA66q81cRmO3aaJj2LaYeXd9BLblvXcupaZYcV9//tLF3WL0JGu635O29JerlH8VHP7Q09PFQfSfRXR1KHQs49` |

+> | Brazil South | rsa-sha2-512 | 01/31/2024 | `KAmGT8A7nRdxxQD7gulgmGTJvRhRdWPVDdagGCDmJug=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC6W0FiaS21Dze6Sr6CTB8rLBu1T1Zej+11m7Kt283PSkQNYmjDDPUx0wSgylHoElTnFcXG+eFMznnjxDqkH+GnYBmlpW3nxxdTYD/MrdP4dX9ibPCFjDupIDJ4thv+9xWCw/0RpGc1NlUx2YmenDVMFJtYqjB1IDa2UUEeUHeQa1qmiBs1tbBQdlws1MCFnfldliB5H+cO4xnbAUjOlaa01k7GKqPf0H75+R83VcIcFw8hSuCvgMT+86H6jRRfqiIzE7WGbQBTPQs0rGcvxcGR3oGOmtB2UmOD232XTEk+sG3q2RxtPKWTz8wz1Tt2c1BOxmtuXTtzXnigZjB2t8y5` |

+> | Brazil South | rsa-sha2-512 | 01/31/2026 | `c/BRQKWsx7emZMCDznUYFq4QgjqN3xY7oBdDXLbEFu4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCqu2gYqpE6pzLaaxbuN92SqpXcekRolPVC5BMFplaBVTfmyyw/SfaRbVQRAzXjjALjAxIrnPCAXOU1Za6FOwww6cUuex8F/5gIFIqPrQAKOqsOr6jj1cgS1BzvZyz8cbpL7Ovxf/hzmFl+SKoeDsPaLG6WcfitE13K9aPh0JacOSakTnPR82UpqWil3Dt24/gBUeKCUMTETaFK0N` |

+> | Brazil Southeast | ecdsa-sha2-nistp256 | 01/31/2024 | `dhADLmzQOE0mPcctS3wV+x2AUlv1GviguDQgSbGn/qs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPYuseeJN3CvtyPSKOz5FSu7PoNul+o6/LB62/MW9CUW+3AmqtVANVox1XQ8eX/YhL0a5+brjmveZPQS6M09YyQ=` |

+> | Brazil Southeast | ecdsa-sha2-nistp256 | 01/31/2026 | `waYY8zhE779/EFR8KCFsFx1by1jhT73Q4qfjLtfAZmU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHzDBumEcvBf0+y8zqSKlknaasOFOOPL+b8RSVycYmkR3CGsqb7QVRZGzhZnYOogynbbKlWtrGRiMMQNXp+FgeY=` |

+> | Brazil Southeast | ecdsa-sha2-nistp384 | 01/31/2024 | `mjFHELtgAJkPTWO4dc7pzVVnJ6WLfAXGvXN1Wq2+NPs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBIwFI6bRmgPe0tN7Qwc03PMrlpBn+wBChcuofyWlKVd/Ec6t2dxHr/0ev0dqyKS2nbK7CAOQxSrV1NVYnYZKql/eC2sPqI1oxz7DzUtRnNKrXcH714ViN3RIY3DZA6rJOw==` |

+> | Brazil Southeast | ecdsa-sha2-nistp384 | 01/31/2026 | `LAPvDR8i5PsVJPSiMYN0pSNFz1axBwiYl2rNaOPzB2o=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJ2ZemQNN0FTdJXTb/zbuN3FzRD0oTtP5cLvNoNc6FZ2cTwJRZOtMwOZYuSxEC1FQk6Hw+jWq+ZGz1nmu12ohCeuVZbKo6hvdzOS0WEzTJ0wjVPDG30a8iBV8yTZtw3Kkg==` |

+> | Brazil Southeast | rsa-sha2-256 | 01/31/2024 | `D+S7uHDWy0VPrRg9mlaK70PBPghBRCR1ru/KEsKpcjA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCz86hzEBpBBVJqClTRb7dNolds/LShOM4jucPRawZrlKGEpeKv70Khk8BdI4697fORKavxjWK0O9tQpAJHtVGSv3Ajwb9MB7ERKncBVx/xfdiedrJNmF0G+p97XlCiwkAqePT/9IFaMy1OFqwl6LF7p7I0iBKZX0UgePwdiHtJnK0foTfsASNY4AEVcXHEuaulLFJKUjrr6ootblEbPBnC6IxTPj9oD+Nm0rtlCeD5JtCRFgKUj3LWybEog/AnnMNQDQ+vMPbsCnfsW/J/HQc+ebx3NtcumL+PIxqJw2Pk6mRpDdL+vs2nw/PtnPkdJ7DjIQYLypBSi3AFIONSlO15` |

+> | Brazil Southeast | rsa-sha2-256 | 01/31/2026 | `TatDYCAIu5TTBVlcv3TcZgBQft07KeMzSxxXIAeMpQc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ9U3Bn/r8jYrJC+D0OVC8dK7+K1HVIaVqomWsXZv92iZC5xEuhnf9vQb0Qz+0vfWQn78G7pJ9O+HkEmx0TjSdHvA0rcXUDHoutJxry+OzDWPAoLnogkCs5EvqyQW8NAqZr69gYHLSx5aCV/ys7og7rmXD/mEylqfGc5BfEXDq+zfLVJZXtPta5D6/ZMH5YjggjHLNy1J0nw15/UMjt5KvhyIJS3jt3uYQymwvZBnNU33ZMPRm2lfpP+GGwDRBHv+/pA8ZaG1f5OHxJ2teEUXcQzL4jhWiIwAeeWlfD2JF1tZ2IlI1ei92Rtv0WyyZ64bqSW4E/eRew7p8slwMKzJJ` |

+> | Brazil Southeast | rsa-sha2-512 | 01/31/2024 | `C+p2eAPf5uec0yG+aeoVAaLOAAf0p8gbBNss3xfawPQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDV3WmETlQwzfuYoOsPAqfB9Z2gxsNecbpuwIBYwitLYKmJnT9Q3SNSgqnBiI1TKWyEweerdQaPnEvz9TeynGqSmLyGT0JJXQXFQCjTCgRHP4WD0Q+V7HWHnWYQ5c2e8tKEVA1jWt57dcrFlrGKEsywuMeEX21V13qQxK2acXVRWJPWgQCVwtiNpToc/cILOqL5XXKnSA81Ex7iRqw8QRAGdIozkryisucy+cStdJX6q+YUE5L62ENV8qMwJdwUGywEpKhXRg5VQKN0ciFqvyT/3cZQVF+NkUFGPnOi0bk4JzHxWxmQNTIwE7bmPsuniw5njD3ota/IPUHV2og190Xx` |

+> | Brazil Southeast | rsa-sha2-512 | 01/31/2026 | `QcySGI6X4F0GEHlkGj1MobZV+GGmy95/wYEYjyw0ORc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDwoCo/GZb1f/CnfvCBBuMODKxyPCmYM0wBafuKKKRrH+Jl1Ek0Qfgkuaa4GUYO+klyqxV5t+J6zVECEHQ6on6AXUJRO2/+zg2oYjLGSMQVvzE2pRj5+l2zOuZtu0p60MIYf49AZS7MDGRDBZBxcPxiNiUdKMD6D5h5zsMcNe28/CkRDdvOrORO8XPCKgNKFcGjSORKpRCuSn6NYQ6hx7lBuXnO6n5KfCjLH7+kRBx44kSBnHF7fEMhdzTh0tOdGJfRAl+YAK6T7m4FxwrJa1RaLyCKQXlK32y6h14WDRu2sHzfsJhTPuywJLvJvJ/ZzXtPKu/GGR+zR1RQiABc6krN` |

+> | Canada Central | ecdsa-sha2-nistp256 | 01/31/2024 | `HhbpllbdxrinWvNsk/OvkowI9nWd9ZRVXXkQmwn2cq4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBuyYEUpBjzEnYljSwksmHMxl5uoErbC30R8wstMIDLexpjSpdUxty1u2nDE3WY7m4W/doyXVSBYiHUUYhdNFjg=` |

+> | Canada Central | ecdsa-sha2-nistp256 | 01/31/2026 | `7QJ5hJsY84IxPMXFyL1NzG5OVNUEndWru1jNBxP26fI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAGEx7ZWe5opSy1zUn4PNfmAvWmTVRRTq2bwoQ5Dibfsr1byd7IIkhD5+0P5ybtq1dEdxh9oK2IjFSQWzj9jFPY=` |

+> | Canada Central | ecdsa-sha2-nistp384 | 01/31/2024 | `EjEadkKaEgaNfdwXtzlqanUbDigzsdzcZJeTzJfQXP0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBORAcpaBXKmSUyCLbAOzghHvH8NKzk0khR0QGHdru0kiFiE16uz9j07aV9AiQQ3PRyRZzsf+dnheD7zuEZAewRiWc54Vg8v8QVi9VUkOHCeSNaYxzaDTcMsKP/A7lR2AOQ==` |

+> | Canada Central | ecdsa-sha2-nistp384 | 01/31/2026 | `xqbUD0NAFshX0Cbq6XbxHOMB+9vSaQXCmv/mlHdUuiw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBmGFDJBLNDi3UWwk8IMuJQXK/927uHoYVK/wLH7zI7pvtmgb9/FdXa7rix8QVTsfk8uK8wxxqyIYYApUslOtUzkpkXwW9gx7d37wiZmTjEbsvVeHq+gD7PHmXTpLS8VPQ==` |

+> | Canada Central | rsa-sha2-256 | 01/31/2024 | `KOYkeGvx4egH9DTGgxiONDMvSlkEkoU8cXWnynOEQRE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC7jhZvp5GMrYyA2gYjbQXTC/QoSeDeluBUpji6ndy52KuqBNXelmHIsaEBc69MbixqfoopaFyJshdu7X8maxcRSsdDcnhbCgUO/MnJ+am6yb33v/25qtLToqzJRXb5y86o9/WtyA9DXbJMwwzQFqxIsa1gB` |

+> | Canada Central | rsa-sha2-256 | 01/31/2026 | `sjyXW72mkYFHJsn3kOW9jTj4eigLiltCg7gBzUC50F8=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDUSiEoTgcdpkDMTugT+lzCFwFIiwYocqCLxjr01TOHG4X1ieqOphVa0+ccHT5ptNZAc1Wj6Rtxl4XYeyW2Hsssd0fKY/S9z9tqbFf/j8M36/D3h+pns0e3qWZ9BQstKQryRgvVhok5Je9mPjv27nJD4kSzJcK8+APYMNwESXbLSeZ1llvvYgdrWmJ/aZhoNEVXfjMfwC0SgnhTO47977mBtxJXz6i0ApDa3Lc2xvIdMMsufjiqeLyQrjwFsMB09N43PanFKw/QL4xWaUygAlV5yEuMdKn4tY/yLETUiEliaIkNW2hoYFDLj+TeVtjgX2ToVSYJ+xik9XDimFmRW7I1` |

+> | Canada Central | rsa-sha2-512 | 01/31/2024 | `tdixmLr++BVpFMpiWyVkr5iAXM4TDmj3jp5EC0x8mrw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNMZwL0AuF2Uyn4NIK+XdaHuon2jEBwUFSNAXo4JP7WDfmewISzMWqqi1btip/7VwZbxiz98C4NUEcsPNweaw3VdpYiXXXc7NN45cC32uM8yFeV6TqizoerHf+8Hm8avWQOfBv17kvGihob2vx8wZo4HkZg9KacQGvyuUyfUKa9LJI9BnpI2Wo3RPue4kbaV3JKmzxl8sF9i6OTT8Adj6+H7SkluITm105NX32uKBMjipEeMwDSQvkWGwlh2oZwJpL+Tvi2G0hQ/Q/FCQS5MAW9MCwnp0SSPWZaLiA9EDnzFrugFoundyBa0vRjNGZoj+X4+8MVG2fYgOzDED1JSPB` |

+> | Canada Central | rsa-sha2-512 | 01/31/2026 | `z8Uq32MaJlqeL8bFNdJU55tq+gj6D9gwzQG1Cai1IHg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDs7iqGJ3oYF9ptVmzR5yQodggMFn7zAIu7XlZNqJk/BR3bQ/gG/ogtGg+893aQCcT8/6joGu7SUgFKJeS8L/N9fg+h0SCdq5Iu/p0kbURvtcR4+qyeH6WIaagAPNaPYf7p33QCzFvu0Izia5nleOfpnvTgGN0eVrDYmP4TemVHK/LJs3GB7U3YAztK9mDJtGjTjNnHYsxwlNvfZBr9eVNr1ebN/YvN9e9qSFAPdQnQa4bzEa2PeHYWVAvLjzPIHM3m0K+PxeWINSlZrLn2/RcjGV8F0jdUj3fGEohF9Ui4IPIDtP1WGx48Iw20DB5lERiOcWT2Ps9RPzC2gIY0OUl1` |

+> | Canada East | ecdsa-sha2-nistp256 | 01/31/2024 | `YPqDobCavdQ/zGV7FuR/gzYqgUIzWePgERDTQjYEE0M=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKlfnJ9/rlO5/YGeGle1K6I6Ctan4Z3cKpGE3W9BPe1ZcSfkXq47u/f6F/nR7WgrC6+NwJHaMkhiBGadEWbuA3Q=` |

+> | Canada East | ecdsa-sha2-nistp256 | 01/31/2026 | `ppta3xQWBvWxjkRy0CyFY6a+qB3TrFI1qoCnXnSk3cY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIb5mteX+Vk00D8pPmjYuYBqC9g1xdmN8e3apdsXBucC8qXx9qug7veSex0/NzkTu00kIVVtvW+4LFOvhbat5Y=` |

+> | Canada East | ecdsa-sha2-nistp384 | 01/31/2024 | `Y6FK9rWscBkyKN7mgPAEj0jKFXrv4mGNzoaZ9ttc4io=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDS8gYaqmJ8eEjmDF2ET7d2d6WAO7SgBQdTvqt6cUEjp7I11AYATKVN4Isz1hx8qBCWGIjA42X1/jNzk3YR7Bv/hgXO7PgAfDZ41AcT4+cJd0WrAWnxv0xgOvgLKL/8GYQ==` |

+> | Canada East | ecdsa-sha2-nistp384 | 01/31/2026 | `RQXlsP8rowi9ndsJe+3zOl87/O2OOpjXA/rasqLQOns=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBO3mWu+SY6u27HQuJq154HCTrGxVsy9axbwTdVXFvgV1h1uhpIdgAZDL55bDe7ZPmB0BPirPas/vUQyG8aGDNAZJn1iinq/umZegYb0BCDthR5bPi7SPb3h7Qf6FN4dXoA==` |

+> | Canada East | rsa-sha2-256 | 01/31/2024 | `SRhd9gnvJS630A8VtCYMqc4djz5R8EiG7spwAUCYSJk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQD2nSByIh/NC3ZHsjK3zt7mspcUUXcq9Y/jc9QQsfHXQetOH/fBalf17d5odCwQSyNY5Mm+RWTt+Aae5t8kGm0f+sKVO/4HcBIihNlAnXkf1ah5NoeJ+R0eFxRs6Uz/cJILD4wuJnyDptRk1GFhpAphvBi0fLEnvn6lGJbrfOxuHJSXhjJcxDCbmcTlcWoU1l+1SaYfOzkVBcqelYIimspCmIznMdE2D9vNar77FVaNlx4J9Ew+HQRPSLG1zAh5ae1806B6CHG1+4puuTUFxJR1AO+BuT6fqy1p0V77CrhkBTHs8DNqw9ZYI27fjyTrSW4SixyfcH16DAegeHO+d2YZ` |

+> | Canada East | rsa-sha2-256 | 01/31/2026 | `Xu6BiQYqbw7D0gTh+OZaARgIVYWTFlkIC+VNpuBOPF0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDCTQXQ0rFbmzK66YlBM5nA+413ZBtj5aWZBh9w1pPjmLRwuDtM+PgW6LSbWzC9TR0OkH0oinW4ARGTmECWs4oi5EZSwC9t45GUF3jYbsGfEzfOC51elTmYEA00IjAXVuBMQQ8/dZehuBXsGh6frtVpDus6f4lmfWLyrGGGo5gjrwzmQOw8lWXfMGohzM04qtqu2M18wNb17JraqrDQr6q7Nbpt/dRrjWmqpkOwCVALH27BiHPypCy7poCRyH1s5eakM20AC99Dl7XTDCGfaySPVIt0MdZDL59BHkyY55zjGaalQTxVXIISLg4kkdVMZ8iCvjFp39Ejy9j3oroQMSD1` |

+> | Canada East | rsa-sha2-512 | 01/31/2024 | `60yzcSSOHlubdGkuNPWMXB9j21HqIkIzGdJUv0J57iY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDDmA4meGZwkdDzrgA9jAgcrlglZro0+IVzkLDCo791vsjJ29bTM6UbXVYFoKEkYliXSueL0q92W91IaFH/NhlOdW81Dbjs3jE+CuE4OX5pMisIMKx45QDcYCx3MJxqZrIOkDdS+m8JLs6XwM07LxiTX+6bH5vSwuGwvqg5gpnYfUpN0U5o7Wq7H7UplyUN8vsiDvTux3glXBLAI3ugjn6FC/YVPwMOq7Luwry3kxwEMx4Fnewe6hAlz47lbBHW6l/qmzzu4wfhJC20GqPzMJHD3kjHEGFBHpcmRbyijUUIyd7QBrnfS4J0xPVLftGJsrOOUP7Oq8AAru66/00We501` |

+> | Canada East | rsa-sha2-512 | 01/31/2026 | `9WgdJJpcIgUfdOMQ0R9UCtYejScPaEk1/6mr0P/pirA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQD2M/EM3gDr5tFjQlc/Fe+cyJhu3c/oVT7HnpHVLHLeSMaT6QM9j6XX4kfH9Vwsv6FaOFjDBDTWTWF/UY1KrJJl3beUwNLeEIDs8TY8x/lPd6cjAVNanGmrqPgeErIfTxOS1cmAV6AamTJKgrRLJkpoqZcEZ1+1ZF+SoRTAyPG3BP8L8V9VQa8mnN6Wn+vPbTc1vxyx4jXLWyPmPjFXnOJW3l/gJUTEstDoDA1V85OAwVg9TTkfweT7DhnbrM5OjpG6VaTfFTivAwK+SLhyzKtLHoiMf9Ps1ufRVZJGj7NnLQrYALdOVVNRlRkYXxiwTeHIHYHDeZnorZwj3PJd8Tll` |

+> | Central India | ecdsa-sha2-nistp256 | 01/31/2024 | `zBKGtf770MPVvxgqLl/4pJinGPJDlvh/mM963AwH6rs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBjHx8+PF0VBspl6l9Xa3BGyJwSx2eDX0qTDnhrdayzHMWsHGX3vz0wr7oMeBVdQ26dOckExa6iPrEDSt8foV1M=` |

+> | Central India | ecdsa-sha2-nistp256 | 01/31/2026 | `rHRhvRfgmqyom1omCeSUGYj7WGA4YjMeFl+UqwAlaC0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDdtXYbiF9jmvUF2CCOoI5KbFNXpSvzLDN0onfcToVHqOg5UOiDng3KLU/CfPBKrnkpJSYwuAXMHkz6ZndjsZEU=` |

+> | Central India | ecdsa-sha2-nistp384 | 01/31/2024 | `PzKXWvO/DR/KnUElcVWIwSdabp6ZJqce37DJZzNl3Sk=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJwEy1f+GYN4rxhlCAkXGgqAU1S7ssI4JPEJs8z1mcs8dDAAVy1cqdsir9yZ9RSZzOz/BOIubZsG137G2+po0Pz0FfJ0jZVGzlx1UHXu7OMuKQ7d2+1TkPpBYFy6PiCa3w==` |

+> | Central India | ecdsa-sha2-nistp384 | 01/31/2026 | `r3wp9j9FCMQUljrxkegRavGW8rHGYWLrdnjhEvD+qX8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNtvF355mm7qAbl0aMHb8mDOj/4ZOw4DDyW5JXCW/+JTKMuRDY1IcYUx4BHV3F8C4nnFKvO5pPmUMmutQlPbnO7GLTGPbkkbTE97ukOnaE8zygggv2IL8o8ly+IScngaQg==` |

+> | Central India | rsa-sha2-256 | 01/31/2024 | `OcX6wPaofbb+UG/lLYr30CPhntKUXyTW7PUAhC6iDN0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDWuKbOJR8ZZqhE3k2HMBWO99rNWoHwUa+PVWPQHyCELyLR19hfrygNL9uugMQKTvPYPWx8VM6PrQBrvioifktc/HMNRsoOxlBifQETfRgBseXcIWorNlslfFhBnSn6ZGn8q4XICGgZ1hWUj9z1PUmcM2LZDjJS33LLzd23uIdLePizAliJAzlPyea8JNpCVjfmwnNwtuxXc48uAUXlmX+e0ZXRwuEGble8c1PbrWWTWU4xhWNJ+MInyvIGv9s6cGN7+fxAFaUAJS0wNEa3poCnhyNxrckvaqiI3WhPQ8Hefy2DpXTY03mdxCz8PZPcLWdQU3H5nmuAc/pypnc0Avax` |

+> | Central India | rsa-sha2-256 | 01/31/2026 | `i5Zac3+f2G320lSm0K8y+6viEGtsl6qCYMMpgVTcy64=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCjAJLsxbTma6wk7woZqkdhYdXNMI1HBklRHXXlgMdsu7wIOwlyzKAGRjFp5xG/FvWoGlJOUjd2xAg5zUS7CKRP9CHoKPfj+0M+LJUXKFabcIP3ibg2IWKiIVc3B+C76YUwz9J6vHrjinlVH7fJ3DU/71RcFwNTVS+MlWC+Z7rhZ3p/V7BGRXIA77lBvs4iXiXTmoIC4JqnscJqR/53zaCY0WbdDlaM1jfG1bxTGRSoJIoYoJwIled6fNKFdWscodjgT893mx19c6blfnVbohCWvvhXqmARoeoMFLqEhGitZgyEtW6Nrww+KnQsHt//6slBhkXYCF4t32Jan/Od4coJ` |

+> | Central India | rsa-sha2-512 | 01/31/2024 | `HSgc5u8s+QILdyBq6wGJkxRcK5nxj81gxvpkR5bcH6k=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDSO/R/yw8q33yLkSHOw0Bi2WKDWQPrll8skh3hdRUB6wtw9dvtQFEV3suvFJsTVvAbnGBe2Fjgi69X0zkIygxg74XuQsx7GZO6gyaKDwljyanFoCzer+OzFSpDcVJ0zOfhY99uHeYT6k4leb2ngABqjiqieDHMZ9JQX12KOK3cAks/oytrNUo9krGb1Nyv5BYu4dWXHmuFgtigDd043khaARfdWkg88lKgb6G9k+vQTGKphLnFMqhada/aP8GsaA2Dq5d/LH5P5CTU7MRPA8TuuyLOtbv8FtQ2TyaAXhYCplCQELtto1yXZ79WVjQE/uKuX8xK5M2rfOH+H5ck/Rxl` |

+> | Central India | rsa-sha2-512 | 01/31/2026 | `ayU+zBGAtHWl//+qIGkX+J2V9HmjLkrFIuouPXpHn3I=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCw2Cg206KXydbvcCXQnMUmF1cJX3duWHQ4tkToq9ne2C28+rb7tPNznxR1tyXEG/in6U7W24QvkwcRiq8yPOjgTOlDUVXyVp5g/JZyElVZkSh22/cOHjwpJyNvqXAW3/8Gy4umrbB+hZhloZVINswKn4H476z7y/bAqZ5xzpEjIoXUkGz3KJvFa6zbAyh4cK9P0BosnXT9CPQ6KEgUmW37HI2GbBfSgg1Oh+hTEWYVMUHQ6lRA+rGVtVo7dtF/Lcq+M2xw9` |

+> | Central US | ecdsa-sha2-nistp256 | 01/31/2024 | `qN1Fm+zcCQ4xEkNTarKiQduCd9S+Aq3vH8BlfCaqL74=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN6KpNy9XBIlV6jsqyRDSxPO2niTAEesFjIScsq8q36bZpKTXOLV4MjML0rOTD4VLm0mPGCwhY5riLZ743fowWA=` |

+> | Central US | ecdsa-sha2-nistp256 | 01/31/2026 | `qauInQWUECwYnaX7TZX3fiUK8Ik6JvqcHPiGZ3t2USE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNK4jYX7nbriJOOrDSuKDqRIplMn2QXJc1WjTu/nJWVP3Ajq+Q1GhtuFTnVGqTaqhrVnlqwr7z4aPTwb9SKcO3k=` |

+> | Central US | ecdsa-sha2-nistp384 | 01/31/2024 | `9no3/m09BEugyFxhaChilKiwyOaykwghTlV+dWfPT6c=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBCiEYrlw9pskKzDp/6HsA2g0uMXNxJKrO5n16cHwXS1lVlgYMK3mmQdA+CjzMdJflvVw7sZO2caApr+sxI3rMmGWCt5gNvBaU6E9oUN8kdcNDvsfFavCb3vguOgtgbvHTg==` |

+> | Central US | ecdsa-sha2-nistp384 | 01/31/2026 | `ZEDS1pjRAIEjCgX2QiX+rHtanf5xtfkfoa9bSqt7+PU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDsC/6PC62ViNxNREq5R7gDOijn6iff8JN0tAskmv/GnzOLePqF/h7XFllfUb8/cBO7912wagjKgl/o7t4oGCs2u4qIW5XkJROAM+lNgjBOb8B2GgxUGHThzbd0z70I2kg==` |

+> | Central US | rsa-sha2-256 | 01/31/2024 | `GOPn34T1cCkLHO0xjLwmkEphxKKBQIjIf9QE1OAk3lU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC9oA4N2MxbHjcdSrOlJOdIPjTB2LpQUMwJJj+aI2KEALYDGWWJnv0E14XjY1/M35jk8z0hX4MHGE/MEocSsTVdFRdWdW9CKTWT6eICpg9frTj6wfkB/Dxz/BAYb/YXq5OMrFlkFJUG8FMp9N80W6UWichcltmSrCpRi5N3ZGpVXEYhJF+I0mCH7Yheoq2KzIG2iWU/EJT5fui4t51wD8CQ1NWG8/THnNr0gjCr3AtB+ZPAl/6N7i2vO3FlZEHUj6BHoQ4dhIGjGCkgFDNU6RpdifqMJRihP9fSMOq4qksch1TE5sOnp0sOaP/RQvChb4oXB8Pru+j45RxPzIvzzOZZ` |

+> | Central US | rsa-sha2-256 | 01/31/2026 | `JfKCn0CJEScjYafW9PpANzQdTnOw/EdN3gJhbMI8gKs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCmhK7qQ1FcvmISoyHhnfTIiH+IelL9xqZaoojvmy0EVhra95YptGOMkTn0CDWICXmVynAE0nBd4MTkztJbp/m+FWyGzKRn/aA4AfAztQSngo0pJm/lFqRCEbVlqpVaYzuG7ev1OL3FFzJnVo5jYMUqfo8VsAC44JTLrDvCq/FLhAqUxfzzluqy5T9GqxvsnV4ghAN9iHpKF3evm0eZHgeqmmgNbNbUGJ5xcR2c1UJ/kuKL5gfiJaVQhBY9Ps7Hj4AmXfUkcKboPbfssmvrhsWnrHUFZV7zs2FHGpZJ+OYwKCnRkNhIcdfgA7qUhnFU6wR8Y/T0Cc1bPLmhqMQ++wsJ` |

+> | Central US | rsa-sha2-512 | 01/31/2024 | `VLhZbZjHzoNRMyRSa3GYvk2rgacjmldxQ2YNzvsMpZA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDPnuJixcZd6gAIifABQ377Mn0ZootRmdJs1J3R8/u7mbdfmpX2ItI0VfgMh4BzGEdgCqewx4BjADhfXRurfimuP8P9PLRq89AHX2V+IfeizLZkrnrxKiijjGEz640gORzzwIp2X+bmnBABWzEZjSNOeE3CKVr4ONvH80bYGFFqR4+arOelDqWEgxktM1QBlId7xR7efmtEGAuAhFbZVaqjBNsbqyiR/hlkMQfmWn1bjGSoenUoPojc7UAp9+Xf6ujkhCihRV/O4A69tVvp5E0Qv5MJ1Qj3kzAYbHQcIQ2l47MQq1wdZYxkYBHmH5leAjHgQbbccPalOLSbLRYjF169` |

+> | Central US | rsa-sha2-512 | 01/31/2026 | `32PYrgj4NuDRkmx8YFYsHltumXVt1latrxD0JFIA7/s=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDC93zGJh5WJUWl1b7kX89hUDhla14XyiWH5aSiBY39rm2spPCh9kaZZJ20wkLNkUoqKsc8UpD+c7rWlUWKsNlNVhJgTCuvH6CRpZD/BP1qZK0W9NHGDl2VwFdFiVUj0Q4RtI5KzZhY28zo5avq/9FHKEEq+eQxNGz/G9JXmm+R/HjfIF/wfk1MbtISvveCRMyv/6VDCWTlfy5Th25keC+HunvslAfHr+Z1EJp16pOjKWWmKzXyBAOuTPrp8nSjJA9PPBObxzkinBiLsVK7edL3Zej2HPdbqUb959dQtFRqmrG4MKhFcQ8yqBxR1NUoJSwt7sCI4DlBnBjhmJ7By6YV` |

+> | East Asia | ecdsa-sha2-nistp256 | 01/31/2024 | `/iq1i88fRFHFBw4DBtZUX7GRbT5dQq4g7KfUi5346co=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCvI7Dc7W3K919GK2VHZZkzJhTM+n2tX3mxq4EAI7l8p0HO0UHSmucHdQhpKApTIBR0j9O/idZ/Ew6Yr4nusBwE=` |

+> | East Asia | ecdsa-sha2-nistp256 | 01/31/2026 | `xwUJoTMUBmM81ZmYjjfxfgSE6Yks2woMI2hetcEfU4k=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNlFiBRJEgLR9csCbx7kXJ0G+bPbK0bW09CumJQtdTRVYWKxpMejRY5fY8prqtsQTJ7o5ec2O1Ym4nvjLo2okfA=` |

+> | East Asia | ecdsa-sha2-nistp384 | 01/31/2024 | `KssXSE1WC6Oca0dS2CNySgObkbVshqRGE2JcaNsUvpA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNEYGYGolx8LNs5TVJRF/yoxOCal3a4C0fw1Wlj1BxzUsDtxaQAxSfzQhZG+lFCF7RVQyiUwKjCxmWoZbSb19aE7AnRx9UOVmrbTt2PMD3dx8VmPj1K8rsPOSq+XX4KGdQ==` |

+> | East Asia | ecdsa-sha2-nistp384 | 01/31/2026 | `gSiSTfoGmkLGgcJ132d+URA3oQ2p/a3pnctN7BC+PJ4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBIbUwjm0IuyZV7515jFCyrIsM8KfyBEhT2ZuCASOnMlETbopf/IbFhU/aXkmvUVp81KbcoXQqAiYolDvcnC28HlsXLlYbEQNXVMMNBDJbVAAQv9Odx0+Wn23XHv1bZO6pQ==` |

+> | East Asia | rsa-sha2-256 | 01/31/2024 | `XYuEB+zABdpXRklca8RCoWy4hZp9wAxjk50MD9w6UjE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNKlaGhRiHdomU5uGvkcEjFQ0mhmNnWXsHAUNoGUhH6BU8LmsgWS61QOKHf1d3qQ0C9bPaRWMpemAa3DKGGqbgIdRrI2Yd9op+tqM+3hrZ8cBvBCgqKgaj4ZitoFnYm+iwwuReOz+x0I2/NmWUxuQlbiHTzcu8TVIln/5sj+n9PbwXC8Zk6vsCt6aon/P7hESHBJ4yf2E+Io30m+vaPNzxQGmwHjmBrZXzX8gAjGi6p823v5zdL4mq3tT5aPPsFQcfjkSMRDGq6yFSMMEA7i2dfczBQmTIJkYihdS8LBE0Ir5islJbaoPQxeXIrF+EgYgla505kJEogrLprcTGCY/t` |

+> | East Asia | rsa-sha2-256 | 01/31/2026 | `Av3JGShpQfhXUp9gKKTqBSVyHZw/+EuGP4Crz9hw1UY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC6MlC6jYSV8yPsEVEi3F15kFdLhcZL5s0LgkoNcNjWL/fEem4i2agaThOJRDI4BEHIsjlQvERxN1UPkQz20LJ208gSfE+VMHg/CbDqWZy2KLWDWF32+/1QizFVfsUv2KEMOce8FohMfqUOfEwrCpGAjvHM+0Fhb2XylELXSHzPntxEop3ZVRv+1HyGIPRF5H5i+FuO4XaWc8COZo6FTnXSeXt/f4nwztPo8pNV2/q3IQWDbQxyhfvmQj6p8ZJyvLZLHd33ouFSvGzYBZwFLzud0l+TMK8nbS1eI24D2GQwhZbdxo/W/X3qkDse2SM4+5VoFRn9w5i96fQ9NALuXX9l` |

+> | East Asia | rsa-sha2-512 | 01/31/2024 | `FUYhL0FaN8Zkj/M0/VJnm8jPL+2WxMsHrrc/G+xo5QM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC7x8s74EH+il+k99G2aLl1ip5cfGfO/WUd3foiwwq+qT/95xdtstPYmOP77VBQ4G6EnauP2dY6RHKzSM2qUdmBWiYaK0aaI/2lCAaPxco12Te5Htf7igWyAHYz7W99I2CfJCEUm1Soa0v/57gLtvUg/HOqTgFX44W+PEOstMhqGoU9bSpw2IKlos9ZP87C6IQB5xPQQ1HlnIQRIzluJoFCuT7YHXFWU+F4ZOwq5+uofNH3tLlCy7D4JlxLQ0hkqq3IhF4y5xXJyuWaBYF2H8OGjOL4QN+r9osrP7iithf1Q0EZwuPYqcT1QeIhgqI7OIYEKwqMfMIMNxZwnzKgnDC1` |

+> | East Asia | rsa-sha2-512 | 01/31/2026 | `R1a8tq1zGulHLnMhM6C4Ee4Db7s8hjYPeD/ofFLUAvk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCtcwGvbsP+jxy7gsdsXCX2ZAMLsTNE02dWWyFpJPd94BHS8QyU0PLG6iJdNKhhqjeqYVTDOlgSHW405/dl0WGEm7yTmHDR/F3/f/JzxIHNQbSbUJqsyNbWrYb2KMJ2+VEkgrvvkvOIrWafNEnv6gAlj86qNz+WU+ZnDIX48GOrZAKBxmEnv3SzSH/GdnmEcXuOMQlQIxe0JGEl576DHp5yByfzwFcSuwurm+VheWmP4xFihl0fhmeOuRxLO186ERXrqeyzufiRU03jRz4v/pEoh10/TX6A2YHC/kbtGe0KyEkz1l` |

+> | East US | ecdsa-sha2-nistp256 | 01/31/2024 | `ixDeCdmQOB9ROqdJiVdXyFVsRqLmJJUb2M4shrWj8gI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNrdcVT12fftnDcjYL8K3zLX3bdMwYLjNu2ZJ1kUZwpVHSjNc+1KWB2CGHca+cMLuPSao4TxjIX0drn9/o+GHMQ=` |

+> | East US | ecdsa-sha2-nistp256 | 01/31/2026 | `eMxQHe6f1/jYEKvKWMYQ28EUYrSF5e/km5Nw9mNY9Lc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGqgdtuQlZCFnVoC07xb1yCqS/6ncURKIwHuxgLGjrlXuGqgOwTu0AkfNIXtpe6JHcufVUO77r+KFYFblDfHDrU=` |

+> | East US | ecdsa-sha2-nistp384 | 01/31/2024 | `DPTC6EIORrsxzpGt6IZzAN67nlZUXzg5ANQ3QGz987Y=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEP3CUvPVWNVnFuojR43KRxTQt1xiClbgDzqN/s9F5luivP+Gh0QrK5UHf6diEju4ZQ9k2O10MEDs6c46g4fT56rY8CQkeBsaaBq8WYLRhSQsFZ6SZuw14oFNodniAO33g==` |

+> | East US | ecdsa-sha2-nistp384 | 01/31/2026 | `eZl4tJ/efkL0Z5yDapDrvQ6QbEfGWUeHhk4wtIQ0cd4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNPqgUMYmU95Jbd5LP9dBw1leS7Truvk/szkErBIrDH3eJT3AsEQG80Zbd/DysTwx/yRtUg1cmAhgh6GyCIKu842RaWRxeMOHAyOla9FLEEQ9kQdp6ugJed8JGVGi9mVAw==` |

+> | East US | rsa-sha2-256 | 01/31/2024 | `F6pNN5Py68/1hVRGEoCwpY5H7vWhXZM/4L442lY4ydE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDAiUB94zwLf0e/++OeiAjE0X7Od2nuqyLyAqpOb7nfQUAOWyqgRL04yaan6R2Ir2YtI0FRwA6yRETUBf2+NuVhIONgLNsgPw3RakL1BUqAEzZAyF4sOjWnYE5/s/1KmYOE052SefzMciqjgkBV2+YrPW1CLivNhL4d1vuQh05kADLgHJiAVD6BqSM7Z6VoLhW+hfP4JklyQAojCF6ejXW7ZGWdqQGKLCUhdaOPSRAxjOmr9gZxJ69OvdJT2Cy6KO1YQt2gY2GbPs+4uAeNrz40swffjut4zn1NILImpHi8PTM+wcGYzbW4Nn7t5lhvT9kmX9BkSYXLVTlI9p1neT9t` |

+> | East US | rsa-sha2-256 | 01/31/2026 | `ZuntI4L/vzc9NZ1djZKixk7/b/LBTS/QMTewKLlyTtE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCfGNZ6SmAifUduo3pwcbgv/7tDxxluqhIupm2kliXQjfgvQslVHxeBeYwmPk/bxoSRGybLnrIUUtYuxqIeVpWNi2VaFCn0gtcRlJdI8IhKP3d+fq8sw9/FfUQCh6pxvx+BczQSmsIPLGCiMknnSS5ffCtvk3rEYvOpH1T2tmJO6YDqsC1lcJbZPSI5kQttJXw++1xk/67/1KWHYyFTVlOXD4ikfvS7wTjIBbW+jVu2vFPzj+287Zo8oub2nN1HbUNOS1NdlhT1lv4Yg8c8eXyjmHTDanrR0ekjGkxGrnj5mv/GWC1kSzHwStOjip6fXaKFpBgV4iP2uLICLpeHWd7t` |

+> | East US | rsa-sha2-512 | 01/31/2024 | `MIpoRIiCtEKI23MN+S2bLqm5GKClzgmRpMnh90DaHx8=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Ut7Rq7Vak26F29czig5auq334N9mNaJmdtWoT32uDzWjZNw/N8uxXQS51oSeD7c0oXWIMBklH0AS8JR1xvMUGVnv5aRXwubicQ6z4poG5RSudYDA3BjMs61LZUKZH/DRj7qR/KUBMNieT1X+0DbopZkO9etxXdKx+VqJaK3fRC5Zflxj5Z9Stfx/XlaBXptDdqnInHZAUbZxnNziPYrBOuXYl5/Cd6W4lR7dBsMCbjINSIShvrhPpVfd3qOv/xPpU172nqkOx2VsV4mrfqqg62ZdcenLJDYsiXd/AVNUAL+dvzmj1/3/yVtFwadA2l83Em6CgGpqUmvK6brY3bPh` |

+> | East US | rsa-sha2-512 | 01/31/2026 | `VhbsPBUzLUym31p7u74czET3oer59WtFIIgfxFs5ppg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCxCnn/udlkksnGAo7oaReFeIadPCUA+edUXEf4Y/4sUafDdwYmxvm7ryS6DbpbDHDB53Z0iePiKjCuBDe75X7/qulFBx6XIWc9Y6orRaqCj1De7IEHuATyMXBcnY9XZyRvqupLX80nvWcwD4Iiep2DRt4uqP8aLrww3gUv88Oqozy52psmR0RR6p/f63CcuI5G/agD5QzjSKwNmkInelc64pfNJjgOnwOPESf7M9p+GV6xjoS0l9nHMyjz3vh5GXpfUuGtffrpjd8S53jtftloBqdGDT8FBKyP8eWhYj4m2Nb60VqgDUru2L6rkWriJ41wJ60yzy/3TyuJOswnTlal` |

+> | East US 2 | ecdsa-sha2-nistp256 | 01/31/2024 | `bouiC5HdtURUU19RJbym8R94fbMOTw/bUxFUkoAByoI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJshJI18IECu6neLrash/Q622MAXO07C+hbIOiVPC6M/ZIJM8HyYvQEh4DKI1CMEaeAIs/HA905QKeU/syvt7QI=` |

+> | East US 2 | ecdsa-sha2-nistp256 | 01/31/2026 | `yrYziYjpobvWek9eYu+D8L4hctcCq0VStKtzhB4aUck=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHVF9WzUs5VQm/gWREot7hIKhthQichwFg7TK0bk2itpGZTHZbih1Jq9yZbkWZ+aZdH3wP8DxKJB1W3zFAk3l6E=` |

+> | East US 2 | ecdsa-sha2-nistp384 | 01/31/2024 | `vWnPlGaQOY4LFj9XSQ2qN/NMF92+UOfKPjGNSPA2bOg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBByJNAblwxCNVqedg5FcdbdwiuzTMVEWj/uF3uzI8wp890Xv2M4H+aMTpeItxgQsuiQCptgITsO+XCf2dBTHOGWpd90QtvcznzHyy/FEWVAKWs9brvyaNVe82c4TOFqYRg==` |

+> | East US 2 | ecdsa-sha2-nistp384 | 01/31/2026 | `CAtRIpdqubfEKm6LDgMHmf70ID4gd6C/eBQ3WVIEdvA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBHynQxaZBSfmU3Irizom4OrhSxqjLn3v3aGqOob2wlqsvbyNQTwuLBvSjJUPLngsuUlQqfrDBTJknPD3VSc9XzNz3QuEcq8/7DfvKxikI4ZiVy1ET/uawH+zox1Y6LokFw==` |

+> | East US 2 | rsa-sha2-256 | 01/31/2024 | `K+QQglmdpev3bvEKUgBTiOGMxwTlbD7gaYnLZhPfe1c=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDOA2Aj1tIG/TUXoVFHOltyW8qnCOtm2gq2NFTdfyDFw3/C4jk2HHQf2smDX54g8ixcLuSX3bRDtKRJItUhrKFY6A0AfN1+r46kkJJdFjzdcgi7C3M0BehH7HlHZ7Fv2u01VdROiXocHpNOVeLFKyt516ooe6b6bxrdc480RrgopPYpf6etJUm8d4WrDtGXB3ctip8p6Z2Z/ORfK77jTeKO4uzaHLM0W7G5X+nZJWn3axaf4H092rDAIH1tjEuWIhEivhkG9stUSeI3h6zw7q9FsJTGo0mIMZ9BwgE+Q2WLZtE2uMpwQ0mOqEPDnm0uJ5GiSmQLVyaV6E5SqhTfvVZ1` |

+> | East US 2 | rsa-sha2-256 | 01/31/2026 | `RZPLfTsRLm+N/RPnXwxR1IFIu9Cv2tPnA9sMYdaOVVo=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCyiiKvJPcYD0JV+RSjmTSbsNlJbwtkJAhWlwsM4ENc2HyPVLtIWraA4QPSIo9Mrj4otUS8HXX/NMyCWpMScvZ5igCDcxMGATJo3GZTflAvzX6xomIPiSx+hVBOVUDlxWxoeebv8zqBBK9ZNDUMzZFlqI98X9SmgWGgSAWQLuBl7SamCoc86QlCMRguPEOmOs66tUlKzYL9IhWtKWCfCHYxO9GFQKkW2aVxdWXby8RDhRhtRvZKmU55701Cak9G7iVrdpzw/4jDodJzogjMUpU6dyAFJfDJoeaADnvCuem6LrNrLH/Dw5slOrluwtb7c+vBbPdYBRzh5r9w/gTEscsd` |

+> | East US 2 | rsa-sha2-512 | 01/31/2024 | `UKT1qPRfpm+yzpRMukKpBCRFnOd257uSxGizI7fPLTw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC/HCjYc4tMVNKmbEDT0HXVhyYkyzufrad8pvGb3bW1qGnpM1ZT3qauJrKizJFIuT3cPu43slhwR/Ryy79x6fLTKXNNucHHEpwT/yzf5H6L14N+i0rB/KWvila2enB2lTDVkUW50Fo+k5U/JPTn8vdLPkYJbtx9s0s3RMwaRrRBkW6+36Xrh0h7rxV5LfY/EI1331f+1bgNM7xD59D3U76OafZMh5VfSbCisvDWyIPebXkOMF/eL8ATlaOfab0TAC8lriCkLQolR+El9ARZ69CJtKg4gBB3IY766Ag3+rry1/J97kr4X3aVrDxMps1Pq+Q8TCOf4zFDPf2JwZhUpDPp` |

+> | East US 2 | rsa-sha2-512 | 01/31/2026 | `ZGPvMmPh7ifSqyxf1Tzbl7yT3oWby5SH5lUghRXwCKs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC/5VjuQpUIDk49mHD6UR4hPUrphDmpDxsWXNI70myr1ExXFPn7U2oTsLU2PXjsPwCt1PnJlNiVp9IsSF99FWyKAfdE13RjuWUckNl+ibYWEGK7JkxXFbWcZtGxUXPa4TopP3mDrOD3ag03uaTBHqJeHjVenLM0yy4uM7uQrrMc+sglGThJ7UNytz7jqS2ZGZ9OSxOFizw9aMc4sIVyqhcjouglrdv0Pp5s1kZ2uHHCf6q9Y67SuumgZ1BNSreSuINhmJsibIWhIaJxh3Z8Yaia6gt8rgVufFI2Xs7ift2QiJLMT4S8Z6stvRKv6sP0bad3jnlQ0nMFKmgOvbR+hBKN` |

+> | East US 2 EUAP | ecdsa-sha2-nistp256 | 01/31/2024 | `X+c1NIpAJGvWU31UJ3Vd2Os4J7bCfgvyZGh35b2oSBQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK+U6CE6con74cCntkFAm6gxbzGxm9RgjboKuLcwBiFanNs/uYywMCpj+1PMYXVx/nMM4vFbAjEOA20fJeoQtN8=` |

+> | East US 2 EUAP | ecdsa-sha2-nistp256 | 01/31/2026 | `V21Ku/gEEacUyR8VuG5WjVOgBfWdPVPD1KsgCpk8eqI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPd+eEm6eCdZCbpaVGZPvYmetmpOnrDsemOkj9KMmVimESN2k6I0sKNUhwntMTXGx0nPNeKWG3g/ETzKF3VsYn8=` |

+> | East US 2 EUAP | ecdsa-sha2-nistp384 | 01/31/2024 | `Q3zIFfOI1UfCrMq6Eh7nP1/VIvgPn3QluTBkyZ2lfCw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDWRjO+e8kZpalcdg7HblZ4I3q9yzURY5VXGjvs5+XFuvxyq4CoAIPskCsgtDLjB5u6NqYeFMPzlvo406XeugO4qAui+zUMoQDY8prNjTGk5t7JVc4wYeAWbBJ2WUFyMrQ==` |

+> | East US 2 EUAP | ecdsa-sha2-nistp384 | 01/31/2026 | `Yv87+z8s9fDkiluM3ZkbsgENLGe48ITr+fnuwoG2+kg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBAYVtgfJ36apFiv6gIxBa/q4n08flTyA0W0cGTsN0ot59nbl6pPCrRCfSByRtzgRY+id9ZOeuZTvN8VpPsZWOSfUOwxE0/GC2c9kS0F4SrFzTALaMY6pY3/GhMrQelAmFw==` |

+> | East US 2 EUAP | rsa-sha2-256 | 01/31/2024 | `dkP64W5LSbRoRlv2MV02TwH5wFPbV6D3R3nyTGivVfk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC3PqLDKkkqUXrZSAbiEZsI6T1jYRh5cp+F5ktPCw7aXq6E9Vn2e6Ngu+vr+nNrwwtHqPzcZhxuu9ej2vAKTfp2FcExvy3fKKEhJKq0fJX8dc/aBNAGihKqxTKUI7AX5XsjhtIf0uuhig506g9ZssyaDWXuQ/3gvTDn923R9Hz5BdqQEH9RSHKW+intO8H4CgbhgwfuVZ0mD4ioJKCwfdhakJ2cKMDfgi/FS6QQqeh1wI+uPoS7DjW8Zurd7fhXEfJQFyuy5yZ7CZc7qV381kyo/hV1az6u3W4mrFlGPlNHhp9TmGFBij5QISC6yfmyFS4ZKMbt6n8xFZTJODiU2mT1` |

+> | East US 2 EUAP | rsa-sha2-256 | 01/31/2026 | `0b0IILN+fMMAZ7CZePfSVdFj14ppjACcIl4yi3hT/Rc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDE45HQiHTS8Vxs6ktkHVrDoWFYnDzTOFzVF9IE0EZp/NMVIqRSnveYyFcgWtg7AfG648DiPsEar3lHmcGKT5OxGJ7KGP6Z8Nd1HxWC75j59GDadLfkuJyFLnWuSQIyiLV9nsDgl2e/BQ4owhHZhlSUCBlsWkECBaACptS5AvWG5CQN6AQnR2L0CEEjPPUSPh6YibqHCITsCAAduH1N8S2B+xj+OqPLpEqbIUpF6aEHggMrb9/CKBsaRzN9LXXIyJJ2Rovg54bkTUDhQO80JnGzCWQvqT1JX4KSQcr0KzkzoOoPLwuQ6w0FxP3UD+zPLYi2V8MNlW3Xp86bNHoUDfhR` |

+> | East US 2 EUAP | rsa-sha2-512 | 01/31/2024 | `M39Ofv6366yGPdeFZ0/2B7Ui6JZeBUoTpxmFPkwIo4c=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC+1NvYoRon15Tr2wwSNGmL+uRi7GoVKwBsKFVhbRHI/w8oa3kndnXWI4rRRyfOS7KVlwFgtb/WolWzBdKOGVe6IaUHBU8TjOx2nKUhUvL605O0aNuaGylACJpponYxy7Kazftm2rV/WfxCcV7TmOGV1159mbbILCXdEWbHXZkA3qWe4JPGCT+XoEzrsXdPUDsXuUkSGVp0wWFI2Sr13KvygrwFdv4jxH1IkzJ5uk6Sxn0iVE+efqUOmBftQdVetleVdgR9qszQxxye0P2/FuXr0S+LUrwX4+lsWo3TSxXAUHxDd8jZoyYZFjAsVYGdp0NDQ+Y6yOx5L9bR6whSvKE1` |

+> | East US 2 EUAP | rsa-sha2-512 | 01/31/2026 | `pv4MPlF/uF1/1qg6vUoCGCTrXyxwTvTJykicv0IIeZA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDu64NcnMdsh2vvxfC/2PtYXRYk5IoGB1PSXkrbqov5VllVbJAF9du9V4ccHoLVppux2W1jDlFQ7E+TdOT/hnwmnQurUTAvW355LPG0MtUFPcVCEfEPbxKuv7pxCPKZAWUpMX1aLbmEjt3CX157dtKMhmOkyExLRWu4Ua65LrqpGlKovg8Pzuxc/k6Bznxmj++G3XbHv82F3UXDsXJvUOxmF6DiuDuRWBUIwLGBNJOw2/ddyan34qK2fPBUP+lPSrucinG4b+X7aJHFhTt1E6h9XBs8fYp/9SIZ6c6ftQ/ZbET66NRSS7H7D72tSFJI5lhrKCeoKU/e0GAplSEiPNLR` |

+> | France Central | ecdsa-sha2-nistp256 | 01/31/2024 | `N61PH8SVCAXOq7Z7eIV4mRnotafmNoPrpc+TaLxtPX4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK3UBFa/Ke9y3aLs1q1b8gh/tXiS7lpOTzUiDFpXdbq00/V9Ag+v2z5MIaicFdum9Ih4fls1Mg07Ert16bi5M8E=` |

+> | France Central | ecdsa-sha2-nistp256 | 01/31/2026 | `p7eHtX2lbIqu06mDFezjRBf7SxlHokVOC+MdcpdO2bM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKtYOFWJFlknTvpl2XpxYMrkb0ULCF+ZfwVxwDXUY3zIMANy0hmbyZ73x15EwDP3DobilK149W570x3+TAdwE7o=` |

+> | France Central | ecdsa-sha2-nistp384 | 01/31/2024 | `/CkQnHA57ehNeC9ZHkTyvVr8yVyl/P1dau2AwCg579k=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBG/x6qX+DRtmxOoMZwe7d7ZckHyeLkBWxB7SNH6Wnw2tXvtNekI9d9LGl1DaSmiZLJnawtX+MPj64S31v8AhZcVle9OPVIvH5im3IcoPSKQ6TIfZ26e2WegwJxuc1CjZZg==` |

+> | France Central | ecdsa-sha2-nistp384 | 01/31/2026 | `kbK8Ld5FYOfa+r1PnKooDglmdzLVGBQWNqnMoYOMdGk=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBF8e5s445PAyVF3kgnPP6XoBlCUW+I6HCcQcC+xRti9OTciBAQReKX9c39J15Xoa6iSWuQ0ru9ER5UzXS+bjzhXBKXOmgAcR3/XEJMonjS2++XMldlGhgt1c4hEW3QQGVQ==` |

+> | France Central | rsa-sha2-256 | 01/31/2024 | `zYLnY1rtM2sgP5vwYCtaU8v2isldoWWcR8eMmQSQ9KQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDCmdsufvzqydsoecjXzxxL9AqnnRNCjlIRPRGohdspT9AfApKA9ZmoJUPY8461hD9qzsd7ps8RSIOkbGzgNfDUU9+ekEZLnhvrc7sSS9bikWyKmGtjDdr3PrPSZ/4zePAlYwDzRqtlWa/GKzXQrnP/h9SU4/3pj21gyUssOu2Mpr6zdPk59lO/n/w2JRTVVmkRghCmEVaWV25qmIEslWmbgI3WB5ysKfXZp79YRuByVZHZpuoQSBbU0s7Kjh3VRX8+ZoUnBuq7HKnIPwt+YzSxHx7ePHR+Ny4EEwU7NFzyfVYiUZflBK+Sf8e1cHnwADjv/qu/nhSinf3JcyQDG1lN` |

+> | France Central | rsa-sha2-256 | 01/31/2026 | `j6w0LC+jzdLP0PmukCCModkIXidTNnprrKSTOmTCtQg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCmTBRuLwUDIMWtwgvsmwymYlCEg3N/uO6OpXnLQe59W7zZ1FeMN5uifWGvykHyJnkg15MZyQOsWkzhE3ERijY+iuzAVz8gcYjTlXmKNr3nIqJpC1W8/2OH43zdsxss6qTi0IpOY4ZWKH9Y/tP5ebpT6nzF7n7ETqkvnuFmKtvZgYkbxV8IS65DsRVhaN4FOAR3lVdYyKgkPkxGOaucfR+KOstE48YU8270ivyu2P1cCy2WYXa9ensw8e0VKOyLjPaiK/hFpLreEFBAM37eFeHJui5qha0EWR7byDzo+DXpaKJTd/aIXxBn/alhMoqBYt6A2CeAYEjTEZcQ4tssJ7Ft` |

+> | France Central | rsa-sha2-512 | 01/31/2024 | `ixum/Dragma5DAMBzA/c5/MY02FjUBD/gI8+XQDzJvc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDjTJ9EvMFWicBCcmYF0zO2GaWZJXLc7F5QrvFv6Nm/6pV72YrRmSdiY9znZowNK0NvwnucKjjQj0RkJOlwVEnsq7OVS+RqGA35vN6u6c0iGl4q2Jp+XLRm8nazC1B5uLVurVzYCH0SOl1vkkeXTqMOAZQlhj9e7RiFibDdv8toxU3Fl87KtexFYeSm3kHBVBJHoo5sD2CdeCv5/+nw9/vRQVhFKy2DyLaxtS+l2b0QXUqh6Op7KzjaMr3hd168yCaqRjtm8Jtth/Nzp+519H7tT0c0M+pdAeB7CQ9PAUqieXZJK+IvycM5gfi0TnmSoGRG8TPMGHMFQlcmr3K1eZ8h` |

+> | France Central | rsa-sha2-512 | 01/31/2026 | `DbtqsAbpqaqaGigg2nSDFt0QvDIwOHh/xiu95Dm+Bu0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCmPUn9acrOhsAEukuCiq8WIJkEOJ/iOvaEvTzp4+UsqljpAgIYsUcPwkBQ3nd+nIcYDEEtzHt7/eHdYa5zETNXcz/EGQevQ2PXbwPB8dEN5L5whCqbwpmPDdLufunlwfV6g1Gkb+WmzNM88fYBObr6rf1xMtZy3mUFak4LH3umPmmMqhFnY9Efu8kP1MQYyZSLUNm0Zr3U8Werv+IJ8Ta2SBSpsoMZLCvuSbk4/o60J9n6XOpxNTitxoWea9lcjEO1TLqeU1G6MN7MpqDxVl21IuSeRS/b+62jYoCUtHxfjvT7Ha7lynJqZp9AzgGMSIS/RUbgToWUXUVbewdSMZN1` |

+> | France South | ecdsa-sha2-nistp256 | 01/31/2024 | `LHWlPtDIQAHBlMkOagvMJUO0Wr41aGgM+B/zjsDXCl0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHdj2SxQdvNbizz8DPcRSZHLyw5dOtQbzNgjedSmFwOqiRuZ2Vzu88m2v5achBwIj9gp0Ga14T7YMGyAm04OOA0=` |

+> | France South | ecdsa-sha2-nistp256 | 01/31/2026 | `+qtS9kC6bH8V11bQ1q9Zp9cr/gxuBNLenatWKZxOKEY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJS89KMD/L7ufMFlk+LJYWLUc6aHEv/QL3q8xUiqiHHy//Nh2wFyX8GYX0BnFQ3ayR5g6ImuL41up3ndHTWVHgc=` |

+> | France South | ecdsa-sha2-nistp384 | 01/31/2024 | `btqtCD/hJWVahHWz/qftHV3B+ezJPY1I3JEI/WpgOuQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBB2rbgGSTtFMciVSpWMvmGGTu8p1vGYfS2nlm+5pAM85A4Em1mYlgHfVZx+SdG5FSYcsX4vTWt4Yw2OnDmxV3W0ycrKBs4Bx3ASX4rx3oZezVafHsUUV0ErM+LmdmKfH8g==` |

+> | France South | ecdsa-sha2-nistp384 | 01/31/2026 | `wrbZPGvf6DwF56hIpZqZ90YJli1bTCMg9RgDC1VJtQ8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLkQCx9DbWnJKUN+D6Kw4IaX3bZX6+ggzWFOn+MTf5GI+9musoQOo9s3bpWkl10QJ3H3lwQTbXuYoV7e2m8ZeHwA7P6Ou/ta4TDV02L5lYErcXAbRh2ZtlhLPfHj4ZI65g==` |

+> | France South | rsa-sha2-256 | 01/31/2024 | `aywTR4RYJBQrwWsiALXc1lDDHpJ34jIEnq3DQhYny0g=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDELY4UcRAMkJpEBZT40Oh5TIxI6o6Enmlv+KxWkkcyFcNJlFtaF2Hl+afWlysrg+lB5Un4XpveWY64pl7a/dSju7aPfujcXowELIPqFSoWW7xQ+jkfJdyI0daa0l2h2oNCPqWnx8+04Vx5kcb2GktlNG4RMLx7Q6COJgQ3pGHtyfZ5fnmrWNBsuv4mvsXp0u1KGWX6s2LZtO+BpKE6DegSNLMVapAZ0ju8pagqtm6aeWEtqmkAvsI0U31qhL25FQX4DzjIbGzXd6I25AJcSXcpnwQefsaOwO/ztvIKeIf3i/h2rXdigXV1wyhvIdKm1uWwj6ph4XvOiHMZhsRUe02B` |

+> | France South | rsa-sha2-256 | 01/31/2026 | `FIwqrEbTl1XZIJ66T077NRnLmaQ0d8975yZvTmnjfco=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDN9ZUTUNi9mbqb2UVvOr/DtMiGx70OVWpoYa9jQ5hGklnqo4vy+Yoq3RFhNjHcI7u2jHG3hxvbl` |

+> | France South | rsa-sha2-512 | 01/31/2024 | `+y5oZsLMVG6kfdlHltp475WoKuqhFbTZnvY0KvLyOpA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDmsS9WimMMG95CMXFZiStR/peQU1VA6dklMbGmYwLqpxLNxxsaQuQi6NpyU6/TS8C3CX0832v1uutW38IfQGrQfcTGdAz+GjKverzaSXqZGgTMh/JSj06rxreSKvRjYae596aPdxX5P+9YVuTEeTMSdzeklpxaElPfOoZ7Ba5A2iCnB/5l/piHiN8qlXBPmfGLdZrTUFtgRkE4Ie4zaoWo19611XgUDMDX4N4be/qilb95cUBE73ceXwdVKJ3QVQinZgbwWFUq0fMlyd8ZNb9XN6bwXH7K6cLS6HYGgG6uJhkYSAqpAZK2pOFn3MCh8gw2BkM/Rg+1ahqPNAzGPVz9` |

+> | France South | rsa-sha2-512 | 01/31/2026 | `aYRboL5Mv0zr/aVeHgcc7NNL4uns0maI42L1dpJtEec=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDyPA0QlBL1HJuH6OlXJfJb9I5vZ3JIw9faZQaRs2PPuOJga53gfXGP04CFeRPcKcXF0lGeqEPOlRwYsZmZzla1+0BhSzuF5kVhMLAG4RCOJeBaQjvqZjud/NSGAoxdg5eB9KaSUTa7BREmErLBpdHQoLtDpD2/bTTKnOU+0tKR7xYlDZ9erHhMCCNYDOrNrTuN4eYldl11UJqUQbdXCXkaMzGVU6r2UmCuS9Iwcv5XywNa1Tz+ff7AjmkKBBwVF0SEvoYMnUIQdDWE/cZEIh21Skha6lXnzb6ll6ZufnXJNwu3i6Sg5tZZBDuB4Y7c2cRzJUqPpn8NrvOO53vdjAn5` |

+> | Germany North | ecdsa-sha2-nistp256 | 01/31/2024 | `F4o8Z9llB5SRp0faYFwKMQtNw/+JYFKZdNoIuO7XUU0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMoIo/OXMP7W5a5QRDAVBo+9YQg4YBrl3J7xM91PUGUiALDE1Iw8Uq4e1gLiSNA6A46om5yY/6oGj4iqEk8Ar8Y=` |

+> | Germany North | ecdsa-sha2-nistp256 | 01/31/2026 | `odPSs4vy9uet5z7+51SloNw0Ne6wtB3NkRVLjB8r1QM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBYiTtKvQ4VmbpcOL1hyuKJ/oaQc1OIL/OwkG1Gfud9jo47RIvSdykw/xecSuOTpOdTMQMd2gkifTfm8r3ZWLNU=` |

+> | Germany North | ecdsa-sha2-nistp384 | 01/31/2024 | `BgW5e9lciYG1oIxolnVUcpdh3JpN/eQxfOyeyuZ6ZjI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJ69kH0urhCdcMMaqpID2m+u8MECowtNlYjYXoSUn6oEhj7VPxvCRZi5R02vHrtrTJslsrbpgYHXz+/jSLplKpccQGJFaZso9WWgEJH1k7tJOuOv0NIjoBTv7fY5IxeAvQ==` |

+> | Germany North | ecdsa-sha2-nistp384 | 01/31/2026 | `9mA6c1xpgusDregeaAx1ih62qFnx0N2STx6xnfRjMZs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBIDOLp9njrEr4Ophu5Kr0wkUc+IZ/H0GOka9FHmVXALpHTuaquw3ZmRiiG/YjiqCBt6/CQFFvkPwsU1yBpLTKBKF15o+xa1d3wetb67W37UthzwrtIYiN8Z7mZmJT/R7rg==` |

+> | Germany North | rsa-sha2-256 | 01/31/2024 | `ppHnlruDLR73KzW/m7yc3dHQ0JvxzuC1QKJWHPom9KU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNNjCcDxjL3ess1QQEkb9n5bPYpxXpekd32ZX4oTcXXFDOu+tz/jpA8JZL8lOBAcBQ5n+mZF0Pot1o+B1JxQOHHiEZdcdKtLtPWrI2OQyxZnvo7sCBeSk+r/j3mjqpvq3+KpwoTZKpYF/oNRXVHU4VFs+MzvqWd6vgLXsDwtJrriojtkrWy0bTa4NjjN/+olsITxDmR0TGAu+epCJptdpKjTcgcn25QuIKy37/zVW8BJ5QsZmIRwvlCYxj11UOAoDcbapJcnzJYpOmQTNpdzkazjViX17DZW17Jmfhc6Dk3H+TEseilkbq1ZjsUyGBBxklWHid7+BgKVXOoIgG6+0x` |

+> | Germany North | rsa-sha2-256 | 01/31/2026 | `IUZdXfD1QRH4EQ9QaPlKrPd9/2TTJpPBQfBl4HUhn0g=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDIsaKq/gZdm+3+01ASAn7/TBEUkLGD54KRUjdVTcMwM+9i0s30YIC/ikNqoawIeWO7/DbU2DeL4cAarYR83X2QY51JCRVHQ1+jZ533EYcxRgqs5c1sDmIacfvzoingaRL4ZFwLJNkSY0zHfLnxVwm02qPexwTAmcHGqhYdO87uPjwni/sjL5SFnQV4hssBuEd0OFVzcNfkavkWXgLqT9yi8m/bsBVcS/L4slZkLpmgRI8PTdGoIwQGp3mUf81RFZpTm8l0SWQiNIN65a5rRY1nw4DhSlGSoiel0FRm0po7O6qG6MvRnkjj58zKUj0G+Ka19O5rj3/aCgRrT1+LBVLd` |

+> | Germany North | rsa-sha2-512 | 01/31/2024 | `m/OFTRHkc3HxfhCKk1+jY1rPJrT9t4FYtQ/Wmo3MOUE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDkN3CN1VITaHy/CduQaZIkuKSC/+oX19sYntRdgCblJlIzUBmiGlhmnKXyhA29lwWWAYxSbUu0jEJUZfQ6xdQ4uALOb815DLNZtVrxqSm4SjvP5anNa7zRyCFfo4V8M4i6ji6NB+u+PwH5DOhxKLu6/Ml9pF8hWyfLRft8cg4wORLLhwGt2+agizq7N7vF2nmLBojmS0MMmpH5ON/NFshYIDNKPEeK9ehpaARf4fuXm440Zqzy/FfpptSspJIhbY2zsg4qGQgYGZyuRxkLzYgtD/uKW5ieFwXPn+tvVeVzezZTmGMoDlkPX18HSsuNaRkdnwpX8yk1/uoBCsuOFSph` |

+> | Germany North | rsa-sha2-512 | 01/31/2026 | `KG2CjBBKyCg7Iur1Qt+7y33ELYfF0M6/uHbuuoAJ2YU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDQj4T+NzUUmIKF+N1tKsA44u+Bjsx4nIzwhAJPdq7YzbvtDyVD/Lkm7fCIsVMLcKzRCuIVM/5g+aer4LvfuHtR8jqtZNJvFAbwsBSOat18mzWS+KpB0G9iW8QQlXcCnXKgatUYhAoXabHQDF7Qbv5Ap/ImMyt4Y5wN8OnuSOBU3nPKnDYxt/kfxNoY5F8wVigcT399QwBUnr9l6+cuXJ3janPBfuf9/o1SPvBj4ePg7JoZ8EXM7q8ruRRXv52NmKytFJgntnJvH8nRq0Hz3D3IchXAHhhp1VlmphwVo79f4LWbZtb0dkcDDE9ZjqIX2ozt4jrd8/JiTL4/l8iy13yN` |

+> | Germany Westcentral | ecdsa-sha2-nistp256 | 01/31/2024 | `Ce+h+7thT5tt75ypIkWZ6+JnmQMZEl1N7Tt3Ldalb64=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBmVDE0INhtrKI83oB4r8eU1tXq7bRbzrtIhZdkgiy3lrsvNTEzsEExtWae2uy8zFHdkpyTbBlcUYCZEtNr9w3U=` |

+> | Germany Westcentral | ecdsa-sha2-nistp256 | 01/31/2026 | `xWozWbLHPncCcUxRb2j/u4l1LDno211Ajbqs0InLmdM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA8dcmahsTDwh9DKlrRp8FeSfkH9Y8RGKtqPrpog4plwRUJPcC8DUzSeZfYEvsgOTPfhvTIrj/jW+VZRjCQ9OPM=` |

+> | Germany Westcentral | ecdsa-sha2-nistp384 | 01/31/2024 | `hhQQi2iRjSX5d9c+4714hAFvTA3c63+TGknhuQi7Tss=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDlFF3ceA17ZFERfvijHkPI2Na1wuti9/AOY5E/bDvZfP08kkmYTb9Ma6omhB0dHR6e1CmRJfKmFXfTd81iVWPa7yXCxbS8yG+uNKCuHxuNv8hFhNM84h2727BSBHBBHBA==` |

+> | Germany Westcentral | ecdsa-sha2-nistp384 | 01/31/2026 | `xmc+FeL+8s6nBwqEwp5guKLSHYOaWzYvTslXXxUJzfU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNeYkR7pPXK9/7tOyoKEymkz4nGROeqyZN9hWAO/R+0GhTp202EGapq76jCfMx7hv4ZbtLXYjJSSkc+vgVNjCy7ZUy3DAa9j/yv94659nPpRnvJbOcW0F1QzXDS3luhD8w==` |

+> | Germany Westcentral | rsa-sha2-256 | 01/31/2024 | `0SKtGye+E9pp4QLtWNLLiPSx+qKvDLNjrqHwYcDjyZ8=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDsbkjxK9IJP8K98j+4/wGJQVdkO/x0Msf89wpjd/3O4VIbmZuQ/Ilfo6OClSMVxah6biDdt3ErqeyszSaDH9n3qnaLxSd5f+317oVpBlgr2FRoxBEgzLvR/a2ZracH14zWLiEmCePp/5dgseeN7TqPtFGalvGewHEol6y0C6rkiSBzuWwFK+FzXgjOFvme7M6RYbUS9/MF7cbQbq696jyetw2G5lzEdPpXuOxJdf0GqYWpgU7XNVm+XsMXn66lp87cijNBYkX7FnXyn4XhlG4Q6KlsJ/BcM3BMk+WxT+equ7R7sU/oMQ0ti/QNahd5E/5S/hDWxg6ZI1zN8WTzypid` |

+> | Germany Westcentral | rsa-sha2-256 | 01/31/2026 | `e4CL5Qok5VjcACFdiDXM39iG1fo44+YgnnMi3vEx2Yg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC/A1RmHi6Y4m61EAVN7piQKZVs0qvGc2bRd1rhm0ZyRpqYVuxYnHQplw+f2KVlUnceZJq2fd7X0riW8zjY7AU3Xltb7w2j2IRI26Zut/sIm3oFhhYO6mrceqRxTD4pJk9WwjQulrD4TUL8OB34t9Y4Y3Uqd2YPllBiWca3vQS5QWDN78xqZqYpOxqtGExJ87YvJjs0v0sqhsnfOioXhuuD1V6dFIgGG480lhqOX1WUTzF8kU1yOqanbCY4cyZht2++eBQ6OtF7k3fMLjJWxXSwhg5Qlzr0ickpi9mcDYEi6um0hHvI8J3U2vquT+9nMnln2BN7+q5v3TB1O41+QCxJ` |

+> | Germany Westcentral | rsa-sha2-512 | 01/31/2024 | `9OYO7Hn5p+JJeGGVsTSanmHK3rm+iC6KKhLEWRPD9ro=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCwrSTqa0GD36iymT4ZxSMz3mf5iMIHk6APQ2snhR5FUvacnqTOHt3xhMF+UwYmGLbQtmr4HdXIKd7Dgn5EzHcfaYFbaLJs2aDngfv7Pd6TyLW3TtSgJ6K+mC1MDI/vHzGvRxizuxwdN0uMXv5kflQvnEtWlsKAHW/H7Ypk4R8s+Kl2AIVEKdy+PYwzRd2ojqqNs+4T2tPP5Y6pnJpzTlcHkIIIf7V0Bk/bFG2B7r73DG2cSUlnJz8QW9pLXIn7268YDOR/5nozSXj7DinVDBlE5oeZh4qkdMHO1FSWynj/isUCm5qBn76WNa6sAeMBS3dYiJHUgmKMc+ZHgpu6sqgd` |

+> | Germany Westcentral | rsa-sha2-512 | 01/31/2026 | `sDXbCz8K9IsknWgFHjlZHmhB9ecW65qVdaXNK9Wd/lc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCYVSqdP8Q4I0uY0sNh8BXoB8bDmP5YKH3cfcssdgnB+hSyjVcEkCXWzs2uS36sKPmPSwcIj1jsE2W+r8YNdP8jid82PZYzufWf9WeVMM+vCT91m7Xkugla/pKsLzeua8ZmbBAqIIac7RsPDmNxhcvjNS+NCSzG/dr4y2YIpQ/nXM4w8e/MUqyJDaf8uMkE5/GFUN6l86miqUF4PQzvZlaxcsaB17TMa7y/01tLuHDlBzmnwBss4+5ZJut7qH5w9o2U+n06m6NB0wFpDEfXwPdREICDCBzyMtMeJ7i7Wraop3q2d1YRsjZNIskbbEIIwS/awHi9+6+tkZGOXbgqC6bB` |

+> | Japan East | ecdsa-sha2-nistp256 | 01/31/2024 | `IFt/j4bH2Jc0UvhUUADfcy3TvesQO+vhVdY4KPBeZY8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKVq+uiJXmIlYS367Ir9AFq/mL3iliLgUNIWqdLSh7XV+R8UJUz1jpcT1F6sJlCdGovM3R5xW/PrTQOr3DmikyI=` |

+> | Japan East | ecdsa-sha2-nistp256 | 01/31/2026 | `hNki347+AC3wa6Yp1qgRfxFQGku65fd3VM13B675RCA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJBYLB2TtVhVnWaLtOUts6Txhtle6v0ws60hXE3NvjFf+vHYh0yhDorQhiMHY6uDjXwS3TUOXQTcjLsBh7Ln9t0=` |

+> | Japan East | ecdsa-sha2-nistp384 | 01/31/2024 | `9XLsxg1xqDtoZOsvWZ/m74I8HwdOw9dx7rqbYGZokqA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFh7i1cfUoXeyAgXs+LxFGo7NwrO2vjDwCmONLuPMnwPT+Ujt7xelTlAW72G3aPeG2eoLgr6zkE48VguyhzSSQKy7fSpLkJCKt9s0DZg2w0+Bqs44XuB43ao6ZnxbMelJQ==` |

+> | Japan East | ecdsa-sha2-nistp384 | 01/31/2026 | `kQPmkwILyGO/5ejgfg+0D1WeI4Ax+e1UZ31+jKqxclg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGVsoOV31Dv/BYpp8cW+sReXE4nK84wSOhNmK6MmQyTgCSh5msHcnnPBQP0RpptaKUm+qtZSLPXJTEU7AteUm4UllN00YL2uOsgVWC3+oidsq4Tc6jRKp9shY4ivzCb+Cw==` |

+> | Japan East | rsa-sha2-256 | 01/31/2024 | `P3w0fZQMpmRcFBtnIQH2R88eWc+fYudlPy7fT5NaQbY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCZucqkz4UicI20DdIyMMeuFs+xUxMytNp7QaqufmA2SgUOoM387jesl27rwvadT6PlJmzFIBCSnFzjWe5xYy3GE59hv4Q3Fp3HMr5twlvAdYc5Ns5BEBEKiU0m88VPIXgsXfoWbF0wzhChx8duxHgG4Cm+F8SOsEw/yvl+Z/d42U9YzliQ1AafNj4siFVcAkoytxKZZgIqIL4VUI322uc93K5OBi9lgBqciFnvLMiVjxTWS/wXtVEjORFqbuTAu/gM4FuKHqKzD1o39hvBenyZF2BjIAfkiE6iYqROd75KaVfZlBSOOIIgrkdhvyj9IfaZFYs3HkLc7XgawYe6JVPR` |

+> | Japan East | rsa-sha2-256 | 01/31/2026 | `4NqHhLFmWOkUDU093AFLCRYxx1gp/wIIQQErFkfQuoE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDR8dvjRiVZYNYEemBmSWFdspEs5IwiZ7WB04o4XX8cgnvt0pb9tGxI+KypqcXnocBSZtSTC6dQ+kLVKJJ0AcL7WmCMk98biFj+E87/LQuEU2UifdYygwWqK+9oWtY4drFIPcU8GWWqxf/vhXUAwHf1mFiuEpbO4MHWGZfJTdbU2zlBt1nOj9mftl4s1SeoTzd3ndpja1wnK/wmPTDNbE77eSf6Y52W3p16BjdL76A/7IjZPufPbimNLzyKAkSlXiaZApHMxsb3+RmL9V93c2yGnbZAd27zT8UlDxXM1tIG1/TiKKQvU9ER5l0JU+YKRIMatr5rTOjeGO4ROrGap+El` |

+> | Japan East | rsa-sha2-512 | 01/31/2024 | `4adNtgbPGYD+r/yLQZfuSpkirI9zD5ase01a+G7ppDw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCjHai98wsFv0iy+RPFPxcSv8fvTs3hN/YnuPxesS21tUtf0j5t8BTZiicFg6MLOQJxT4jv5AfwEwlfTqvSj3db6lZaUf/7qs/X9aN1gSoQNnUvALgnQDYGjNYO8frhR7S0/D/WggQo2YKMAeNLRScT7Pg/MJaOI12UhoUloCXbTAP1c85hYx0TGKlGWpFjfen/2fwYEKR1vuqaQxj+amRatnG+k18KWsqvHKze8I2D19cn5fp2VkqXzh6zQ1s5AMc5B9qIF48NIec9FAemb9pXzOoYBDFna0qNT4dfeWOQK6tM/Ll10jafaw2P32dGBF8MQKXB2sxtcC0nU4EEtS5d` |

+> | Japan East | rsa-sha2-512 | 01/31/2026 | `Y4mVSJoE0kk6/kJ91yxyavlrDpMcB4pbRjk6yn/foHM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQClNQuyH42xrN5BODWQLLTmQZHQsQOqtAJtZ3sq6H/O1WgeFjCYAO0vxtTrtZlD6KO6NIssxZuspomQAcEkJ2mhc0dgtXNLlK2MLdqUElbb9knZR2+2K0+K9uehznRHCPiTxv9q3Dy3IzIb8zA0Ol4kIzo3Px+AkjfQLaLURLM+M5ZnL2CAiYQUrxBIxqO5mCwyLEWrJikwcI87WrkiZ8uorrXbE/ocMuCggTxuuuUUGuGWreHeNd7Cz6AAcdqz50cY7Yd5mm/9nnvpRdYmNjI/so6l9SzXqg6y7+tjEu2IEA4CyPKTg+qIm1tujFjbYs/JlTaOX0VP5fBs4qnED70B` |

+> | Japan West | ecdsa-sha2-nistp256 | 01/31/2024 | `VYWgC6A4ol1B7MolIeKuF2zhhgdzQAoGBj5WgnQj9XE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFLIuhTo1et/bNvYUj+sanWnQEqiqs9ArKANIWG19F9Db6HVMtX8Y4i7qX6eFxXhZL17YB2cEpReNSEjs+DcEw4=` |

+> | Japan West | ecdsa-sha2-nistp256 | 01/31/2026 | `ybrCO0nkrCspDE3iuezYA12jWmjgD72XcLDIlK3ejZY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNb8liGv9bPJAXwukCHD43nqpax24eQDM31YjEdJ7vhnvpBS3fvtfrth4FLspqGQcnWLZuyI8oZKHLrrg5pXMOE=` |

+> | Japan West | ecdsa-sha2-nistp384 | 01/31/2024 | `+gvZrOQRq3lVOUqDqgsSawKvj6v/IWraGInqvqOmC6I=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBD3ZiyS1p7F1xdf6sJ3ebarzA5DbQl1HazzLUJCqnrA84U8yliLvPolUQJw4aYORIb5pMgijsN3v9l0spRYwjGHxbJZY/V6tmcaGbNPekJWzgXA1DY35EbFYJTkxh/Yezw==` |

+> | Japan West | ecdsa-sha2-nistp384 | 01/31/2026 | `nC2vSR9tS0m6VM8HmfAYIGKLHHATc35MFKtFmqT3JPg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNY0L4vz17bEi6V5ww9oL2YVtJ2yov/xGhKXN7UCiGE+iivz0gkcsCmCgNjE/GjpJ6ClwvOTnKJihnq6n+NDVoshsFO+LfoorwdVMhszhH/fbIV4x09vrNZWl8twA8L5Iw==` |

+> | Japan West | rsa-sha2-256 | 01/31/2024 | `DRVsSje7BbYlVJCfXqLzIzncbVU4/ETFGzdxFwocl8E=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDl/rlTgQpomq4FmJKSR2fjgAklV818RcjR/e/C1VUJVpbntJoWUlBhKYDFPTVQaHXDTK5HyJU5APsdy6CJo8ia32qc2E/573LDNk4dgFFrh+KFRiD+ULt3IH15i1DieVw61MAVOvzh+DmTJHPLaTufXoQ62YACm3yC1st1kXv4bawfXs0ssmeqrBcCOQvMvW/DexnnGXO6QXYTcjUktNrO2h2dd355n5FP4fcsBEdGmfT79HYPM6ZoqkItRZEO6Nel65KxtenAwQub8SK3iJgFyJwd3zIH4OCHp3z4tcGXw5yNAX15dJMSnls0zvzhx0f4ThwfgB4t1g9jVb47Ig7B` |

+> | Japan West | rsa-sha2-256 | 01/31/2026 | `P1paDhO48HuP5smazNHhse4IOsvNbsXkiX0wCYy7FAE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC8we/tpjgMEjmd+iyVNJWErV69vABxcnEflMamhvyidR4XO1E0xVbCUzLkeMk0h2f6ICXCk6NRpY8A6lPp37QGYY+7gZqyNKXgOO5OBGVyTb1bzafP2q38lEi7LSkcA1fYXRfSlrGFktCFkCa5dpKzWxr3F8jvQPIukWUuvAVVbQpamL93jmlIIewNcqrom6oGgU8ehKPcnhONY84DNMJs0b3krksPOC1lk36QptpZtUCUA112X+XU62f7O+99PKrjVMGzjzrQkjs8dOyVUNc7LACafo9uslxZW8wsaKibuERWunDdXlC4S8pDlfwmXaoJMWlOZXJnUv1uwgc8SaJF` |

+> | Japan West | rsa-sha2-512 | 01/31/2024 | `yLl9t2jlkrTVWAxsZ59Wbpq+ZCnwHfdMW8foUmMvGwI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC9zrpnjY7c0dHpE1BMv+sUp+hmvkBl3zPW/uCInYM5SgtViSQqn/DowySeq+2qMEnOpHGZ8DnEjq55PmHEumkYGWUUAs38xVGdvRZk6yU7TxGU42GBz0fT/sdungPHLQ2WvqTZYOFqBeulRaWsSBgovrOnQEa2bNTejK9m353/dmAtKHfu68zVT+XYADrT3PY5KZ1tpKJA0ZO9/ScUvXEAYs20WSYRZBcNDoSC9xz4K8hv9/6w3O3k0LyBKMFM5ZW8WVDfpZx1X0GBCypqS+RNZuVvx81h3nxVAZSx80CygYcV4UHml7wtnWDYEIBSyVRsJWVNGBlQrQ4voNdoTrk5` |

+> | Japan West | rsa-sha2-512 | 01/31/2026 | `RWw7+FvEvquzP8KS0w1UrHkrNhmm9OKP12MujEWgpAU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDO3u8afk9VvwkvpebBX5yDl992D7SPS+4Pt5NreLgHY2UBvMEyx79PS9vuQXEE1Iv1dh3adbY15V50ZDEILbRe8DaIPNXRHVj0QK2AOIO3h8MJrsuGQk9c2p8LiJx+lCMzYf0xgD7gbffEwUfUG2d0qBcuomgfBzuX7i1kEJetliwOS79Df2OfeLlFfvPUMO5mSVkd2AF38jyl6aOqDu17yofQxDTHhUdaSpniT+tbc6IJin6WDZFHMipb6FQLmiQcJSbAxaQUzf1/XAbndz6qES5wThm+pg73nYhB6ynPqX5VOVOP/t0ZVkkv9rcQ94c7omY6hSrNhUXWq/VouJLt` |

+> | Jio India Central | ecdsa-sha2-nistp256 | 01/31/2024 | `zAZ0A1pk0Xz8Vr/DEf8ztPaLCivXxfajlKMtWqAEzgU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDow29ds+BRDNTZNW70CEoxUjLiUF+IHgaDRaO+dAWwxL13d+MqTIYY4I0D7vgVvh0OegmYLXIWpCdR8LvVT7zA=` |

+> | Jio India Central | ecdsa-sha2-nistp256 | 01/31/2026 | `F4I61T+soC7yfrE9ZUPLtRb2ZoQozdboHwP23xQ+Y5g=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJFSwEH2udhlvtUayxa++ajapReFdnuqtAzPVZtQa/LDt3Je5J3JW5GUqIUdO3GFAFXss32UAxYOC1teT5B1gew=` |

+> | Jio India Central | ecdsa-sha2-nistp384 | 01/31/2024 | `OTG7jxUSj+XrdL28JpYAhsfr6tfO7vtnfzWCxkC/jmQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJ/Bb3/3u/UIcYGRLSl7YvOObb43LO5Ksi0ewWJU+MPsPWZr7OTTPs76TdwXMvD8+QuY8U9JxgQQrNmvbpabmbGENkllEgjGlev5P2mHy/IZZAUQhAeeCinCRvTsiOOoLw==` |

+> | Jio India Central | ecdsa-sha2-nistp384 | 01/31/2026 | `HkXwB0/d+gziTWHE9tmdTeXqPOlGU5moOy24VZW/1R4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBMjje4Bvw0jMsOUEhkD6mhzaeQILgDpjjkoV/16gqMd+VaMVdMP4fDyBR7cfbTo2N+lZDmdIrbdHfLlKGrNOYoQlSBL/ANBQfpnfyzEX+Z9Bsz5jE7CyXML7SQAVm3YYhg==` |

+> | Jio India Central | rsa-sha2-256 | 01/31/2024 | `DmNCjG1VJxWWmrXw5USD0pAnJAbEAVonkUtzRFKEEFI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC/x6T0nye3elqPzK8IF+Q70bLn2zg4MVJpK3P6YurtsRH8cv5+NEHyP0LWdeQWqKa9ivQRIQb8mHS+9KDMxOnzZraUeaaJLcXI0YV512kqzdevsEbH6BSmy8HhZHcRyXqH0PjxLcWJ5Wn9+caNhiVC40Oks7yrrZpAVbddzD9y/eJfguMVWiu1c8iZpYORss1QYo7JqVvEB6pLY03NXWM+xti1RSs+C6IEblQkPvnT3ELni9T1eZOACi12KGZHVLU9n27Nyg/fPjRheYSkw/lkkKDG0zvIQ7jr/k8SCHGcvtDYwRlFErFdGYBlIE888le2oDNNoKjJuhzN6S7ddpzp` |

+> | Jio India Central | rsa-sha2-256 | 01/31/2026 | `fZEtfkvGAXf7QhIJWDZB37fRATEkjjebgGDdXZvJTr0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDRGylVPtL0MgUInVkEgS8017YRvo/59b9+Of1weYoOz9ICLlRSuk32X/r8tXnhmWPsai2H/DoLxMTzS/PlvQGJ8jO/46DmL3r8uwkgPR73J/KFMSkg8GDYAWjMRrDs4ezkB+RVgW9iO9R6o6Abqj6yXrhlZ1YRMXCHXrkuI8tDefh8TmV2quxNAn3HM+Q11WqUh9BS7hXcY2J+RUn0R` |

+> | Jio India Central | rsa-sha2-512 | 01/31/2024 | `m2P7vnysl2adTz/0P6ebSR7Xx8AubkYkex6cmD9C0ys=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDQHFDt8zTk+Hqh912v0U8CVTgAPUb8Kmuec+2orydM/InG+/zSuqQHsCZaD2mhEg8kevU8k2veF5z2sbko5TR/cghGg5dXlzz4YaKiNdNyKIGm2MdynXJofAtiktGhcB6ummctHqATfGSgkLJHtLvstzTVbVK1zgxXcB8hA52c2EPB1cN1TkAKEyiYNX7fKFe1EEPCxdx3fC/UyApKdD+D432HCW/g8Syj/n7asdB8EQqcoCT3ajh2wG2Qq0ZxjVbbrFImlr0VoTqLImJ4kZ9d2G7Rq2jqrlfESLAxKVDaqj+SjyWpzb3MHFSnwJZybCKXyTt+7BXpKeeGAcHpTs3F` |

+> | Jio India Central | rsa-sha2-512 | 01/31/2026 | `TqQRg3js6McwK8pLUIzXtCuCCoDkHFmOJkF0P5Qy2T0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC5gg7SwMc7NaBDbEk5LSHZnfE7mx1qOhs8G5G53lC7A7q8vUF4RzWP0BE9mhKb/Wbx3G5PwgXGqE4yP2J2ohNYRudzB7LJyGNaDSWRkx9n0tyfaza3FuUrUKUTu8UKrMJzsQYhR6/3bNZjFkDTMbrhFmKU9k8/9MmpfAKNt74rAHH9PBVyhXvsFEm84J4wDdfi46gzLksV5XKYEuEz7GpTK4QhdXAYUOq8OOvWiDa2pP/dEiE6DfpPYEMrKtFG58D6hhamXDxo5PK8V1R8NFPQ3VgWZuVhYYwnslDq8a/QhRq3Q8HPUSxRKrwCQ9zs7HZxAtofpE1HTHOD11rcZJG5` |

+> | Jio India West | ecdsa-sha2-nistp256 | 01/31/2024 | `mBx6CZ+6DseVrwsKfkNPh9NdrVLgwhHT4DEq9cYfZrg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPXqhYQKwmkGb8qRq52ulEkXrNVjzVU4sGEuRFn4xXK8xanasbEea3iMOTihzMDflMwgTDmVGoTKtDXy8tQ+Y8k=` |

+> | Jio India West | ecdsa-sha2-nistp256 | 01/31/2026 | `LKIwML4VmHO7WCRtLKz315NKhUsf3pn9q8UggCsT2ls=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLv40BCM762yvf6z/gbySSUjxvswA3Y4L4kDEENRBu4L/xju3kmN4BiuRVkCVioL4Z3qDRt97wSK4uyMi8E18wY=` |

+> | Jio India West | ecdsa-sha2-nistp384 | 01/31/2024 | `lwQX9Yfn7uDz/8gXpG4sZcWLCAoXIpkpSYlgh8NpK1E=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLKY2+wwHIzFOfiKFKFHyfiqjUrscm0qwYTAirNPE1GI6OwAjconeX072ecY3/1G0dE7kAUaWbCKWSO3DqM4r6O+AewzxJoey85zMexW23g2lXFH7HkYn9rldURoUdk31A==` |

+> | Jio India West | ecdsa-sha2-nistp384 | 01/31/2026 | `Oh8tm94RmBr3De3CtRgSNYFdCk4GuDu2YEupO+rXV+g=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBAAfMbIXcSz+/3ZUPhsmjFrdNZJRH5vV3zzAE/O/LEbTA8zZcOD04fhbyEmohk0z6qPQE0tVCp/Xi84gC0LMK7AuaFH4kJmuzh8tC2CbRlpBV0TWK5oVjRjBeLGj2gocTg==` |

+> | Jio India West | rsa-sha2-256 | 01/31/2024 | `hcy1XbIniEZloraGrvecJCvlw6zZhTOrzgMJag5b5DA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDOBU9e1Ae68+ScLUA5O1gaZ3eq0EGqBIEqL3+QuN8LYpF3Bi/+m43kgjhgiOx5imPK6peHHaaT/nEBQFJKFtWyn8q2kspcDy1xvJfG8Jaks1GQG33djOItiHlKjRWMcyWFvisFE2vVkp3uO0xG4nMDLM2rFazkax+6XA5cf2iW2SfL6Trs4v1waakU/jQLA7vsrx14S+wGEdVINTSPeh5DHqkLzTa3m2tpXVcUA4CG8uQZM8E/3/y0BuIW0Ahl/P6dx35W1Al7gnaTqmx7+idcc/YVe0auorZWWdyclf1sjnAw6U8uMhWmQ0dZgDehDtshlHyx84vvJ1JOJs0+6S2l` |

+> | Jio India West | rsa-sha2-256 | 01/31/2026 | `ZD5Vw+3ipQeZYOwHpwIrfJIDBfZcTpydzeq7HSNrmxw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDRX7fdrzYX7M8CRXXZG44+MRP30m42vmzSf0xwugiR05ECtD+rI1VNH4VwhviQ75st+lIU5DzkNzxInZiof0/MgfaOnjzjpHfVV+CERbmbawaMglAz4c5LA9k76TDemRl/367h3PizXW7zVyNj4MKoJLzn+FEq77f9Zeo6TnVW/ZDifsTSyAYfwgJKxRJCHoDi0XZVWpuuLJcV5k28tH4OTBWUE0+lPCuu3e2bPzNKXhm+XzFjShMWUv16pErxBFmkCaGSVpDbeW+I1nIkjQ02dsvrDxyYGOZEbd4cWJX2wgYSD+jt3oiEXCqG2VyX9uVRHCslXu2ezTDUIiCFLs01` |

+> | Jio India West | rsa-sha2-512 | 01/31/2024 | `LPctDLIz/vqg4POMOPqI1yD9EE9sNS1gxY6cJoX+gEY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDOH+IZFFfJN4lpFFpvp5x1lRzuOxLXs0WfpcCIACMOhCor2tkaa/MHlmPIbAqgZgth5NZIWpYkPAv7GpzPBOwTp3Bg5lUM7MXSayO/5+eJjMhB5PUCJ0We8Kfgf/U+vbaMIg9R8gJKutXrANd3sAWXMwWqKUw+ZX/AC7h58w04gb1s+lNOQbfhpqkw8+mrOj2eKH8zHYUJQBUYEyDHqirj565r7HhBtEZImn/ioJS+nYT5Zl/SNtW/ehhUsARG9p6O4wSy20Ysdk7b9Ur2YL0RyFa6QhWQeKktKPVFQuMMLRkYX7dv35uAKq8YN833lLjGESYNdCzYmGTJXk5KYZ8B` |

+> | Jio India West | rsa-sha2-512 | 01/31/2026 | `M/GmNpPBZHx9Gi6prlLDV5NZbknqFvdLPBt3WhGroH4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCaPoHixXf5KMFCIJx5ZIDymatZcqqC+YLz2DpXwvBFiHt2QYQA6w3ZkZNpimjtWJUPyXBLUABMMrnD5WbWfIgYZ/bIsZhsnzMJmcXejD+vOkCoI3iBh2SzlUJodpSj6ahX/9JmWqU8mRB1zITB7XWdvkyjAC3TS2ps6G7wcXHumk9MbuktrbPYNKHj8CBjrFfAEggG2IJ1YTHHmBqV3Gl7+JqFSH5VO+PFnvNSRb0ATurp4GLsOB7syr2hy0sdFG4lLcYSlIAbYgVvT4x2LEpq6HFxxPOCluSgu93Slg9ZBW/z47PSwdGMGkwENyy0Xdltae+OzTxZ4zoimSitRWOp` |

+> | Korea Central | ecdsa-sha2-nistp256 | 01/31/2024 | `XjVSEyGlBtkONdvdw11tA0X1nKpw5nlCvN/0vXEy1Gc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPYiomaLB3ROxZvdfqiilpZ+2XJiPDeIIv4/fnQRZxnCBCFrUm7ATB6bMBSUTd00WfMhnOGj4hKRGFjkE+7SPy4=` |

+> | Korea Central | ecdsa-sha2-nistp256 | 01/31/2026 | `9HlPpVNUWFMksQe7WrfMKiglruSK/KtPlEV4QgXBv2Y=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJF52Xf+DqG3cFdeTGRWzhKAd7wRrgOGs6++7K4spCmABa2thto/U1pZdyxZkq48+nk0U717raE4mgN5GkJpWxc=` |

+> | Korea Central | ecdsa-sha2-nistp384 | 01/31/2024 | `p/jQTk9VsbsKZYk09opQVQi3HzvJ/GOKjALEMYmCRHw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBN3NA7U4ZC576ibkC/ACWl6/jHvQixx+C6i2gUeYxp7Tq6k4YLn7Gr1GNr+XIitT6Jy5lNgTkTqmuLTOp7Bx9rGIw9Or37EGf7keUM42Urtd+9xF1dyVKbBw0pIuUSSy+w==` |

+> | Korea Central | ecdsa-sha2-nistp384 | 01/31/2026 | `vy9cmbZQT0EgwifI+RHoQnGbV3tAjUIFP1Bl8zyZxIU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBTAnIdrs0h9CFZhTOEXmo89VTCOtNl0kxnXGazFpBKAmtPu6TAvdEBlKA3xjppM74h2e7Jv/tnr/SsZJK98BOKrFCPwZC+oFNoZ1SdRYOuoqp9BoXVPS8pAcisS2eFTCQ==` |

+> | Korea Central | rsa-sha2-256 | 01/31/2024 | `Ek+yOmuAfsZhTF4w7ToRcWdOevgZPYXCxLiM10q44oA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCyUTae7QtAd3lmH+4lKJNEBNWnPUB+PELE9f4us5GxP8rGYRar1v3ZGXiP2gzPF1km1cGNrPvBChlwFMjW+O5HavIFYugVIe8NzfI7S3t+kgTylXegSo1cWen18MAZe6Q5vxqqFzfs+ZChWEa/P37lTXVkLVOYCe5NJUPm8Zvip7DHB2vk25Fk3HMHG9M50KNj1Hp4etPI7yiLNLNCh5V410mf3xhZChMUrH6PMl/A+sVv68ulcVeIZ68eMuQktxz1ULohBdSExZGmknVrwfF/fLTKWxHlVBjB3yDlLIJO3nTFKaQ4RzPa/0If+FcbY+hIdzSjIAK6W3fRlbVuWHYR` |

+> | Korea Central | rsa-sha2-256 | 01/31/2026 | `BWHK5p4dmTUH0NU99TJm/stulp/+yWT26EWaNYddwv0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCfRvjPUGmZEi/70Vl12uUsbpaPd0Rdh8vElRKFpp06Uy3tcYpUdfwHQC5djjBEuniiK6V3BkyZb6/LPwCrxbrwzuUcG7aP929DeSYoe86N5X6vTpU8tyffkotTDxhzXuu5WA11252rgtt3GIOYLOGHR1Itpcl+P4OZ4ELnMrsCXZcewD9YphNEVgi7Ez9yi4rdsulXTk7qdlTj07pOMO+CpTx9H9MHhw0v9JSy2LBxU9bmNFU+megWA9jTnLqSdO+xiLBmlbwEbrPBDuZybbM4Idz+DB45os+NsIbpFTB9XKZ/eP2ijtUoGagytX3yp1DDcdGDg+beOyI3gzxOvR7B` |

+> | Korea Central | rsa-sha2-512 | 01/31/2024 | `KAji7Q8E2lT3+lSe7h74L6rfPnLEfGVzYZ/xyM96//0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDxZYb5eIWhBmWSwNU6G9FFDRgqlZjYYorMSXJ4swHm4YYHKGZTf4JOE5d87MNtkVgKe2942TQxA1t2TaENlmNejeVG5QZ4to+nVnwsFov2iqAYChoI6GlhpwzyPsO0RkqLB8mvhoKMel1sNGfmxjxYVFt4OSPHDzNIU4XjGfW24YURx/xRkLU1M9zBNADDx+41EMNRT7aBXrKW9MzsxkfCM3bYwjdBbI2Yi2nUqARm+e/sBPLTqVfjuMFvosacYc43MqepFSQoZE5snwYxkLJzltAbxNUysJs277isnGgezh9p5T2MCxtCERU0lvp7M52hd1p75QEtNrdadfDprzT9` |

+> | Korea Central | rsa-sha2-512 | 01/31/2026 | `Lwixdb3Fx5yvcsFkjBMeAVLFTj4ihngqAUvMDKWLrx4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hp87cOOR8dC6B3tjUJIzLu6Ti4LB3jLep921EnhrXjEYwXWsWrEIyacsmoVxfbXJ2NZynzpInaKk2XiK1mQg2raLggao9yJ86NLQKZYQD8s8+74bO6gMoMgsGRRoPSRXv2iis/t5KEpKWAC+fC1qIQnwKOGscIgo5AWMDaWA98RoL+4HnRcQIzNvWwN14lebZ0H39Ijs/D6rMWIWibSXE3OWaJ7200lQ1+oVRmWT+mOo+QtQ0EVOKsFlynEkxgIysqEieED4dT8nE+bnAUrrOFGXjd0WpuHDaaEqldfHkmBX8FGLIei/1+KeVqIiKkeys/vbdyhjpQu5A2pdeDm1` |

+> | Korea South | ecdsa-sha2-nistp256 | 01/31/2024 | `XM5xNHAWcYsC5WxEMUMIFCoNJU/g90kjk/rfLdqK7aw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHTHpO85vgsI6/SEJWgEhP5VDTikLrNrSi6myIqoJvRx6x8+doTPkH87L/bOe/pTU/rCgkuPi1kXTC7iUTSzZYk=` |

+> | Korea South | ecdsa-sha2-nistp256 | 01/31/2026 | `fOxnPL6yD3NfoubIfYyPCT1/LShV6zOSx/2+swvo5Gc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAKFsE2xKTl5AhlcV7RaVykUTRz5zLNgQomLPNyQoAKrT4sEVUz36e5apDqquC0Xs83Jg3d2by4UQVmYEcSB7f8=` |

+> | Korea South | ecdsa-sha2-nistp384 | 01/31/2024 | `6T8uMI9gcG3HtjYUYqNNxi99ksghHvsDitIYpdQ4BL4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBAgPPIDWZqvB/kuIguFnmCws7F4vzb6QG7pqSG/L9E1VfhlJBeKfngQwyUJxzS2tCSwXlto/1/W302g0HQSIzCtsR4vSbx827Hu2pGMGECPJmNrN3g82P8M0zz7y3dSJPA==` |

+> | Korea South | ecdsa-sha2-nistp384 | 01/31/2026 | `WMARPBxgBRgT+w+qU1USQ7AJv0vVsqUkJl1uDqQ5sAQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBC+3iJNzYWq6KSjd72sIJYQfeoSxF70re24Ps2SLcDLXiK2sZ0qsDSrjG7Yk2qVXYKydLQbUZuokhfQyV5zKYjcNQ5VHIblwd+10GlvZeqyCZibOuoUsMNxhMx1eAlo8KA==` |

+> | Korea South | rsa-sha2-256 | 01/31/2024 | `J1W5chMr9yRceU2fqpywvhEQLG7jC6avayPoqUDQTXHtB2oTlQy2rQB` |

+> | Korea South | rsa-sha2-256 | 01/31/2026 | `sxw9cyrpek3T3ZcO0+ghUoNn+M9dZD72br4F1GXV3iQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQD5wHnNSXU7mmafdb4eSavGZiwaYIweYtGrLSj6IYxDafpk4+RwX9Grr7gG3yAG7wh/t9AzTt7Aj7mh5H2vNkJIkfS8efZgaW+BUJjatQAVu0pXUv0vAbIaioBvUJEeNlCYrOsSvfI+fLP+8JnZWPIkFi8jg/2cePOVFD/ZpTdq/d2b1ifOlEi2EtwkPK4U49asfwfogGpWShoRSufBiGdH5L3Sd157r2wJsUqUyO4x8CPLgT/cRR3HnQxWbGJOwalkb1Da1EX9gnHE639jTv5RPBUEbLA5JfAKWi6W7W4Wp91Se262Qva7fXeJv7lB1aPignIaI7XiZJYMITUAY2wh` |

+> | Korea South | rsa-sha2-512 | 01/31/2024 | `sHzKpDvhndbXaRAfJUskmpCCB3HgPbsDFI/9HFrSi3U=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCfGUmJIogHgbhxjEunkOALMjG77m+jgZqujO3MwTIQxQNd/mDeNDQaWDBVb2FJrw15TD3uvkctztGn2ear3lLOfPFt0NjYAaZ8u5g9JYCtdZUTo5CETQFU/sfbu2P2RJ/vIucMMg8HuuuIMO059+etsDZ5dZHu9cySfwbz/XtGA0jDaTlWG0ZDT+evOE0KmFABjgMFWyPnupzmSEXAjzlD/muGeeUhtXUB8F6HVUCXLz7ffzgYiYj+1OB0eZlG/cF8+aW7MOpnWvfpBxwm16soSE1gmZnXhPrz/KXlqPmEhgIhq7Cwk54r3rgfg/wCqFw+1JcbNOv5d4levu/aA7pt` |

+> | Korea South | rsa-sha2-512 | 01/31/2026 | `HKrQz+1svxtsfHSYoPt+DK7xN7zI8tCGKqcohLpKiFE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDXjEE9ikBQMHmepDgS7yNbQ7BUEHR/KB5xMUH3+bdmx/YctR0M1cVGKpRDlc6ME4F30cNDayAEwP3kgEUYD8nD8grJhIBg16zb3J3AJF1FaKBjdCG52Az+pbwywnanl+mG+vvvVS4m1gNc/f+blb3hNkgtE2Tk45jlHiPAD671Tj+E5HVZDYoiDaudk8IazT9JqUIKXMcw2HMG8YOwcap21gKedTQoBKGCfgYjrKapbwj8AXbR+TxZ/2fu2YtLk4MYsRxYK2BlgF3GqJKcrCT3FI2fW/1fnP8OI8XKd` |

+> | North Central US | ecdsa-sha2-nistp256 | 01/31/2024 | `6xMRs7dmIdi3vUOgNnOf6xOTbF9RlGk6Pj7lLk6z/bM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJw1dXTy1YqYLJhAo1tB+F5NNaimQwDI+vfEDG4KXIFfS83mUFqr9VO9o+zgL3+0vTrlWQQTsP/hLHrjhHd9If8=` |

+> | North Central US | ecdsa-sha2-nistp256 | 01/31/2026 | `s/ZY4uDhgUqq1e5mJuKJqnB2tWKrmCSxsDFUdI53crs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIIsskPKndr1JuwN+hz/5EY3EvGrDSbz8kQq+vlzYTm26jiS0Uw7OFBRhaZLMM4Cnh6qT7xQ5aNwnzuVFVCYitc=` |

+> | North Central US | ecdsa-sha2-nistp384 | 01/31/2024 | `0cJkHHeTNQpl7ewPTZwug5+/hfebiH6Yxl2rOTtYZQo=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBG8aqja46A9Q5PmhPzhxcklcJGp+CiC3MCjVR6Qdl9oQGMywOHfe+kCD72YBKnA6KNudZdx7pUUB/ZahvI5vwt4bi593adUMTY1/RlTRjplz6c2fSfwSO/0Ia4+0mxQyjw==` |

+> | North Central US | ecdsa-sha2-nistp384 | 01/31/2026 | `2vN+aOTY7FunWJ9DjrDCDWYxsr9Wme8hJ5w+Qx54624=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFcdbWr5Q3sOjz3ymMuUEN5W4FV8aYJxf/TeHm1nq2r3S79dX/QyQs2mDUGgkHlZW7oWB6rrDGXDkNI9ur0wMh1gKBS0JgkjzH/B3knAKiPNv8rPtxpI8aMY7RJy/pAGiw==` |

+> | North Central US | rsa-sha2-256 | 01/31/2024 | `9AV5CnZNkf9nd6WO6WGNu7x6c4FdlxyC0k6w6wRO0cs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDJTv+aoDs1ngYi5OPrRl1R6hz+ko4D35hS0pgPTAjx/VbktVC9WGIlZMRjIyerfalN6niJkyUqYMzE4OoR9Z2NZCtHN+mJ7rc88WKg7RlXmQJUYtuAVV3BhNEFniufXC7rB/hPfAJSl+ogfZoPW4MeP/2V2g+jAKvGyjaixqMczjC2IVAA1WHB5zr/JqP2p2B6JiNNqNrsFWwrTScbQg0OzR4zcLcaICJWqLo3fWPo5ErNIPsWlLLY6peO0lgzOPrIZe4lRRdNc1D//63EajPgHzvWeT30fkl8fT/gd7WTyGjnDe4TK3MEEBl3CW8GB71I4NYlH4QBx13Ra20IxMlN` |

+> | North Central US | rsa-sha2-256 | 01/31/2026 | `AT+uuHy3KWpXQX1o6xvepKloVxWW/hHclRucH3CQ8IU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC1etuSzvJZ1idzgvO4r8kZ0XqGM+AzonnYHMs3CyG9+IuBG4JPRq1cRvj3MkHLt+5V+RXp10c3TSyxit62awNjlWW1e6/v3R1IMjqBh85+biHDIJ7TtaNl8zBOvdzS7jVMXxcOI/2QySEFwZq0Kp19S6HBxVXNYDi0Imccxl6SpU/dLqJcJQpmJjGfOQamO0fVU5kEzNvTy6j1ivLQtdjwnbhJCzohplqMHVm2mzCr9Tl4YPHp2VRdrtH7vLpml/uu27sL9lZKzQMXDc6kQsDoORukblfu2CDhO3x+UL6+5fcbG4gYilt96JJy8JqIUc1FteR+BPpKHuUzM2LmLHb5` |

+> | North Central US | rsa-sha2-512 | 01/31/2024 | `R3HlMn2cnNblX4qnHxdReba31GMPphUl9+BQYSeR6+E=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDeM6MOS9Av7a5PGhYLyLmT09xETbcvdt9jgNE1rFnZho5ikzjzRH4nz60cJsUbbOxZ38+DDyZdR84EfTOYR2Fyvv08mg98AYXdKVWMyFlx08w1xI4vghjN2QQWa8cfWI02RgkxBHMlxxvkBYEyfXcV1wrKHSggqBtzpxPO94mbrqqO+2nZrPrPFkBg4xbiN8J2j+8c7d6mXJjAbSddVfwEbRs4mH8GwK8yd/PXPd1U0+f62bJRIbheWbB+NTfOnjND5XFGL9vziCTXO8AbFEz0vEZ9NmxfFTuVVxGtJBePVdCAYbifQbxe/gRTEGiaJnwDRnQHn/zzK+RUNesJuuFJ` |

+> | North Central US | rsa-sha2-512 | 01/31/2026 | `KmGVFgihOp7BEJgoOQ28QGCVpivhWOUJVpoWSf1DzLY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNhjttgLAC1yCwlPWPS0Ts2kHQ7RuGvnbZ0yrCTB3URS4SeMSkrQP5H2lBqaj/ZygNeH1JPcy4rsDopP5g9S78tSVUSwwhd/TY1qw2yMQgQKBX2540h2ErLjnW1nqfUliLEGU6lxY2JEui9XfiFjS0ct2LdWzoWk/2rhDLl2CJej1j6u4gopjaLewhndd/yiIwM/tkcMmTUL4zV1X3esbDbKHCKVCOjeVK1KIB7eA6pg9HfBcIFacVUraTsn/curAgsi7Q/X5o7KVHcCGRWGyrHD2qjrPTbGOS9dIBq7hwpBGHi1estt1KiavuHNMCPvwKdhLmIYA+6raz9w4rOSwh` |

+> | North Europe | ecdsa-sha2-nistp256 | 01/31/2024 | `wUF5N8VjGTnA/PYBVzQrhcrMgHuCfAYL1tu+p6s28Ms=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCh4oFTmr3wzccXcayCwvcx+EyvZ7yANMYfc3epZqEzAcDeoPV+6v58gGhYLaEVDh69fGdhiwIvMcB7yWXtqHxE=` |

+> | North Europe | ecdsa-sha2-nistp256 | 01/31/2026 | `wnIXnbkmXRuxP+60TeN4mn0kplC2Lb+ohnlC9u4cZpk=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFIx6kxnNFhCoIC3SdEFUFNZlQA+2Pc1gMMAy59BkCIP7PWhEF8uejxGQOfxwQO17AW0o6anFFWhyWoxTI3vpXw=` |

+> | North Europe | ecdsa-sha2-nistp384 | 01/31/2024 | `w7dzF6HD42eE2dgf/G1O73dh+QaZ7OPPZqzeKIT1H68=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLgyasQj6FYeRa1jiQE4TzOGY/BcQwrWFxXNEmbyoG89ruJcmXD01hS2RzsOPaVLHfr/l71fslVrB8MQzlj3MFwgfeJdiPn7k/4owFoQolaZO7mr/vY/bqOienHN4uxLEA==` |

+> | North Europe | ecdsa-sha2-nistp384 | 01/31/2026 | `7YPYAsFrQ6BRtsVcL7zXP1IClrfuqi6ruN3w9ri6UmQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFxP4POMxrfU1ca7/LmaMlJY+6gtOGUupVmFj90ZFFGxXEccxknT18phpIy1zu1n+oh0kmyqE3JKac71Jbpt0ypM615lrnC5xH9Ayxvi05nFYA/gXAbC/oAqSMGNtuaNxg==` |

+> | North Europe | rsa-sha2-256 | 01/31/2024 | `vTEOsEjvg/jHYH1xIWf2rKrtENlIScpBx450ROw52UI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQChnfrsd1M0nb7mOYhWqgjpA+ChNf7Ch6Eul6wnGbs7ZLxXtXIPyEkFKlEUw4bnozSRDCfrGFY78pjx4FXrPe5/m1sCCojZX8iaxCOyj00ETj+oIgw/87Mke1pQPjyPCL29TeId16e7Wmv5XlRhop8IN6Z9baeLYxg6phTH9ilA5xwc9a1AQVoQslG0k/eTyL4gVNVOgjhz94dlPYjwcsmMFif6nq2YgQgJlIjFJ+OwMqFIzCEZIIME1Mc04tRtPlClnZN/I+Hgnxl8ysroLBJrNXGYhuRMJjJm0J1AZyFIugp/z3X1SmBIjupu1RFn/M/iB6AxziebQcsaaFEkee0l` |

+> | North Europe | rsa-sha2-256 | 01/31/2026 | `ai5VaZSIlMqnIjownVEFQqW9U8woOoBGFY3hSbrdnHg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDHFi3P1ykPMMhPNqYLM5l2tTOvC7UXCY635w5SrsL+8rOFTAqNFfwhZrccGgWhuzO0LNt7khMjHgYKn6yG67HyHvL9ZXC5rTS4mDALNDyPNCMzyAI3fuDZOWlGpDTzMhfzTeZzbK5x5T9MSGDfOlsdnQt8p5hEDCAnl5oSOze5k6ZUXV62LNXLEG5+xIYr64Raz3oaOsEVfhzZws18GgdMfCf0Syiw7rqjfPnPWmJnyxzuGvIGDEyitxi5y1WyzBe/Hwko0rFCQLwSFiEEm6ZAMJzvsDWzfKvIowZV8RVw/avN3Yvz6B6VBVbX1fHpMoVqzCdsS/38WwfGbdY0HoqJ` |

+> | North Europe | rsa-sha2-512 | 01/31/2024 | `c4FqTQY/IjTcovY/g7RRxOVS5oObxpiu3B0ZFvC0y+A=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCanDNwi72RmI2j6ZEhRs4/tWoeDE4HTHgKs5DRgRfkH/opK6KHM64WnVADFxAvwNws1DYT1cln3eUs6VvxUDq5mVb6SGNSz4BWGuLQ4onRxOUS/L90qUgBp4JNgQvjxBI1LX2VNmFSed34jUkkdZnLfY+lCIA/svxwzMFDw5YTp+zR0pyPhTsdHB6dST7qou+gJvyRwbrcV4BxdBnZZ7gpJxnAPIYV0oLECb9GiNOlLiDZkdsG+SpL7TPduCsOrKb/J0gtjjWHrAejXoyfxP5R054nDk+NfhIeOVhervauxZPWeLPvqdskRNiEbFBhBzi9PZSTsV4Cvh5S5bkGCfV5` |

+> | North Europe | rsa-sha2-512 | 01/31/2026 | `ralX3vX5MZc4oSa+vFRXYb57sOw4Q30iZ0jx+s1LbMs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC04Y+mJojbEI6L590NFYLYcWI6Zg+WCVIFSIz2ABoawbKHmQpEh6Gz56dcw8gbv6q9zNn8CVD+i4+k9QLycMhuxoR5kRJO6iJexoasY9W5v7nGnIpp/pg6IfOsQ97nwRtD0dOL3Rg3FuPqXLA9mckhc70gp2I8FK52sfeZvJEUfjRlYzgtsZbFVpj1mLnEr18eLZTUzVAPz2ABHhXNCuBft58iue5dO28a6boR0dVBPTy0wI1hJ3CyiFZj6EQKceK4kxv2b0TQ/H8E3PGb6wh1PoOel4IZ0CiKGCovJhOOfWZX5CYjNW34okNZONYWleI3yYFQetlGTXxvdMEV61sx` |

+> | Norway East | ecdsa-sha2-nistp256 | 01/31/2024 | `mE43kdFMTV2ioIOQxwwHD7z+VvI4lvLCYW8ZRDtWCxI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDWP6vJCbOhnvdmr7gPe8awR/E+Bx+c8fhjeFLRwp6/0xvhcywT9a1AFp7FdAhkVahNKuNMU1dZ0WTbOEhEGvdg=` |

+> | Norway East | ecdsa-sha2-nistp256 | 01/31/2026 | `LX3xXaXt8vEj9GexgUl5FQPn6kgHgqJyqbyKUUSXI6Y=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNfWlwwKQz69ViXpaEe923CbQgSMjpxCn0fMQDjdGz42v8mrwBLTNYP48c4pzLm8eiWtb5IU07Au7rl+h2OFAUY=` |

+> | Norway East | ecdsa-sha2-nistp384 | 01/31/2024 | `cKF2asIQufOuV0C/wau4exb9ioVTrGUJjJDWfj+fcxg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDGb8w8jVrPU1n68/hz9lblILow6YA9SPOYh5r9ClAW0VdaVvCIR/9cvQCHljOMJQbWwfQOcBXUQkO5yI4kgAN3oCTwLpFYcCNEK6RVug9Q5ULQh1MRcGCy3IcUcmvnYdg==` |

+> | Norway East | ecdsa-sha2-nistp384 | 01/31/2026 | `Y1NKi875wtm5Z8fto3UZft09cvoZIE/mbEvVbxEq69o=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBP+K8187kNSjyrGOu9exSmSvVDfRQDHoe7EOpD6JLOhDnT8/UeAQqzaviiVppMF1BqVuBplzNyV6NCQPxwqVlrJsXsvNOnneJOVJf+E4oNz2I6kF5rZbzc53cWUqnD4rAA==` |

+> | Norway East | rsa-sha2-256 | 01/31/2024 | `vmcel/XXoNut7YsRo79fP5WAKYhTQUOrUcwnbasj/fQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC4Y1b2Bomv8tc/JwPgW0jR5YQhF031XOk4G0l3FOdZWY31L8fLTW6rOaJdizOnWCvMwYQK39tyHe6deN9TZESobh0kVVuCWaZNI6NUR0PSHi0OfbUkuV0gm/nwtwJkH5G9QbtiJ5miNb4Ys3+467/7JkqFZmqN6vBLhL9RVInO00LPYkUGtGfTv+/hmsPDGzSAujNDCFybti4c+wMgkrIH6/uqenGfA1zW3AjBYN2bBBDZopzysLHNJYQi3nQHQSiD4Mdl7IGZtJQeC/tH9CKH5R4U4jdPN1TmvNMuaBR/Etw4+v0vrDALG1aTmWJ7kJiBXEZKoWq/vWRfLzhxd4oB` |

+> | Norway East | rsa-sha2-256 | 01/31/2026 | `+Bf5PY3s9YEjAx4iGC4T2qiuJSpfc+2j9cAH0oz2K+I=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDSpVn1Tw8w4zdnknXitlR2xjrMQzazRDf1PY+jvXUQNdgHBbH0fGE/MQwDQdejngoPijoXm8F43sl0DkEqLwDBDCjiTDBa7jaIZo4xlOBCJ5zmN9/I9rOJgYsk7wF5KHXBLkOXKWh460uerxUj4i9n+NTiJzoV+3x71pE6t7j5Q9TwYA6WlOm0m8ejtmMycuzlG76y5py0EMCF/t5RCk0UPn4PMMt/m+EOARXEv5A/JxSID+tk2xSOtO30PHtQFbKvEG0M4FuawlpWm5hvCT0V9VDRm/X7EH51ivKi2Xu9Hvec2FrIaMLy8a8buC0lhosyubpe9d/lMzs7VE81SPLl` |

+> | Norway East | rsa-sha2-512 | 01/31/2024 | `JZPRhXmx44tEnXp+wPvexDys1tSYq9EDkolj9k6nRCM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC11j19LeEqRzJOs8sWeNarue+bknE3vvkvSnsewApVMQH35t9kpqRGMSr6RTU2QCYDiQTCKI2vzLSTLGoizoPBiY/7lvdylDRCbeEpuFUkgvKZrapkJ6JqKOySPpFNhqCs27rdY5dJ2C7/nmTL/kvcyhXFXZT2lJaOIdRSKv/1Q3DAWQ9icNGbDokQDubF5etlkquqTV6r/ioFuh7hdKE+fJooyHa2oYTD+j5cNDKBxrJWBEidOe2HwplR4lYPggUcVtGu9aoSVIMmswztFF6+MNIdOT1kdvHewKLjkVB1hbIHl/E+uexsyMGcCg5fPy7dDIipFi1aED+6R7CnAynJ` |

+> | Norway East | rsa-sha2-512 | 01/31/2026 | `+FdWhzWXTs3opklJIbLQeXAWhB8m6SWWY7+FdMzFAiM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDN0QhSmq9RG/FDQu0OhXHP0CKQfR9XRLM+4sK78l8oHGZJUIGPfNuAM4a8rixwwQiJpJHpRTnhjG+8jogdwJaBx6HJIEJCUcorWr2QAwdGq01A4aLcDkhHka9Dw2GYiDCYtJDolSW4n0ir1oWSIetAv0sjkSFMob9AK33P5shQC7OjWBSSAZoDolkIxrLOFQy4KCl5YDO+heUTOaja0ymcCKrDVzWxYaQoonIznYwdzXC1T9YIYjR5FsDp/Wn5OvPFNCe4mdKLasU+pN+kV7oGrPMULvPbOvBzGb4I0ozfShbRMt0H8nPXLXG7+LkD8YM5NTFxiaKiZpNPdThycHQZ` |

+> | Norway West | ecdsa-sha2-nistp256 | 01/31/2024 | `muljUcRHpId06YvSLxboTHWmq0pUXxH6QRZHspsLZvs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOefohG21zu2JGcUvjk/qlz5sxhJcy5Vpk5Etj3cgmE/BuOTt5GR4HHpbcj/hrLxGRmAWhBV7uVMqO376pwsOBs=` |

+> | Norway West | ecdsa-sha2-nistp256 | 01/31/2026 | `nI5iKgzoS960Hf8VzZ+Z+qJqlhG3We9wUsisCqEv0HE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFYTmlTdycyDk8yLL3HRZFQtk3Zs8iG/IwJJO9LgpDAlr6oxTbHHyLBJnhvAgNl03EfMGMQs5Z0Vx7fcZOL0NzM=` |

+> | Norway West | ecdsa-sha2-nistp384 | 01/31/2024 | `QlzJV54Ggw1AObztQjGt/J2TQ1kTiTtJDcxxIdCtWYE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNYnNgJKaYCByLPdh21ZYEV/I4FNSZ4RWxK4bMDgNo/53HROhQmezQgoDvJFWsQiFVDXOPLXf26OeVXJ7qXAm6vS+17Z7E1iHkrqo2MqnlMTYzvBOgYNFp9GfW6lkDYfiQ==` |

+> | Norway West | ecdsa-sha2-nistp384 | 01/31/2026 | `9ElS1gKYvwii1fb2GffZ1OI8ge5TQiqAda/CL7N8vgY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBN8A1zgtX4PxY0zkK7YmA4vasazPyPhXMVsXz+bINiscC37R9xePSah2A18uIT8M1s96OMhukXKxQrrcWGAGYIIOlDQ8mjb/HsXu5HZsySTfb81bw0Fq6YVD/8u35ER7Ng==` |

+> | Norway West | rsa-sha2-256 | 01/31/2024 | `Ea3Vj3EfZYM25AX1IAty30AD+lhXYZsgtPGEFzNtjOk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDuxOcTdADdJHI8MFrXV00XKbKVjXpirS3ZPzzIxw0mIFxFTArJEpXJeRfb0OZzQ1IABDwoasp1u+IhnY1Uv2VQ8mYAXtC3He08+7+EXJgFU/xQ8qFfM4eioAuXpxR7M7qV/0golNT4dvvLrY4zHxbSWmVB7cYJAeIjDU8dKISWFvMYjnRuiI7RYtxh/JI5ZfImU65Vfxi26vqWm51QDyF5+FmmXLUHpMFFuW8i/g8wSE1C3Qk+NZ3YJDlHjYqasPm4QidX8rHQ1xyMX9+ouzBZArNrVfrA4/ozoKGnPhe4GFzpuwdppkP4Ciy+H6t1/de/8fo9zkNgUJWHQrxzT4Lt` |

+> | Norway West | rsa-sha2-256 | 01/31/2026 | `Ok1QW8mYdmM2ydj0kSV0q32mtjj9rWNVKU09EAAl9Tw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDcv8atttWdhSTVwpV6v61hhBlf85e+Uu3Qjpm0Fa09OuUrK69pggYU6JHHv1AHlMMCapuo2ReGc66tv4dmICijxRYuejZG56uproG4rARSK2JioXB4Yq1qTr35+uXaRj+w5G8/T0zxsvE6AliGBbZDoa07+R4ZQ4PLKcZnxdueHiDoNsZQOvfEtqtksK3LpDD4JU5/mzfDkyGaKejFWQ6DnnGxpE1cEnBdae9ETHOFWbbB0sYd3vMRMsyWlQWUX2MZ4NoacwnzMl2mqX3hDIbzlitxeZqRixJitnL0rX1gPpQg9n/RfCaeynsMjKXA0pprylHLywnKzpaj9UjMeGw1` |

+> | Norway West | rsa-sha2-512 | 01/31/2024 | `uHGfIB97I8y8nSAEciD7InBKzAx9ui5xQHAXIUo6gdE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDPXLVCb1kqh8gERY43bvyPcfxVOUnZyWsHkEK5+QT6D7ttThO2alZbnAPMhMGpAzJieT1IArRbCjmssWQmJrhTGXSJBsi75zmku4vN+UB712EGXm308/TvClN0wlnFwFI9RWXonDBkUN1WjZnUoQuN+JNZ7ybApHEgyaiHkJfhdrtTkfzGLHqyMnESUvnEJkexLDog88xZVNL7qJTSJlq1m32JEAEDgTuO4Wb7IIr92s6GOFXKukwY8dRldXCaJvjwfBz5MEdPknvipwTHYlxYzpcCtb9qnOliDLD2g4gm9d5nq3QBlLj/4cS1M9trkAxQQfUmuVQooXfO2Zw+fOW1` |

+> | Norway West | rsa-sha2-512 | 01/31/2026 | `4OjYruCQ3UATeLz7ZDyXumfZVCvED5stvmAbVeGhYFY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC5SJKaXLtWBtOxSti/Ag6KGC5Gyc2CQMj6lMl8qEUzChtvQrE4a05HNtudc8jS4zbkINtfdZHJ6MvsrhsrKOufTnNlNBbd75lG0KciYVWVXZudFxi9PITMV12lBGRNnKXR9YDY3sQsAF9xVitP8c3qOqX0r4/99KVx0uJg3YrcVmyLQR5it/QLYYV3XHuo1wo705f3EH/uAXrs03b3Mf03XUCk5HguAwyhvB0CIAgI4CALS6mCMKosZ+KVsV50GB9lWsh/bDpAGOLzBon9g/1nilgmL79EbnYtJ1H8Ia5CIjLtkS+qSTeycLjjmGa79Wh9ysWl5ek8WghcK1u+guVR` |

+> | Poland Central | ecdsa-sha2-nistp256 | 01/31/2024 | `aX1HJKXvnL8pJ1upt1OnBQT0vLbQXDrBeThar32gyEs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOTFAOA/iJnf5S+3tGqyGEpFspwR86HChkrkloJnehNvYhecP4tGhJx5Z15j9TJqHWEzpBFPIcxF+O9tStiv+oQ=` |

+> | Poland Central | ecdsa-sha2-nistp384 | 01/31/2024 | `jNH6sSVNE+1NhyZzA3tzk0RaJpZoLVZHd8yjQG64DDw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFoLS+6QCyjyibWZvldjErzY9ptf+LXhyeQQDu7K+UajFsLk7xzx4vIRLsPJ+UhRyu81Lwo/pxcgoDX6uyB2M82JfQAWF+jniU7RfC/QzO5Jxbsj4mlY1kVO+R7/vdLTyQ==` |

+> | Poland Central | rsa-sha2-256 | 01/31/2024 | `Ph2MhHZIZtRk76qOvea61JQGRMyxbHeYqbQYo1bDorc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCplMMhYJaBSEOXRYRvUACL1zoisjy7BRVdsKORsnqKtMimDqvl8UY304znr9Rn2DBT55EzRQIPs4V6tKwUMe4+FBm9Ef32/jxRdlJ7bM/eMRwFwmo4PxJ1pVpP8TYkpLcXXx5T+zCtphkSXUBHrZRas0OLJIw6ooj9rt60PeCvEIl9HBA8sMt8u7882KKGIZra7C1PK/0/rKub+7oRBEgXoxZxKYFmu72CJV4/4FmxQsYpqcwKaFgMnDYEzpJexL+XlGJ+GkeX8tngy38lwlwGdxi6s6w9e20TUSYtbfPJE8OBq08cHN1OhpbL3bS2Ynr5QkFwHIcwa0seSuXJCIj1` |

+> | Poland Central | rsa-sha2-512 | 01/31/2024 | `aSOu8q60R2fx2C9eoCX3ReG/wKQbXzHf5XoTaEww6GQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC4c5mGbfEkwSgXnhzF4zrguh9X1aHMn1p6pTwJhCjGTQ54ZIFYgfA294RXTYJdL84Xi++qCXHeENVeTWfD9dRlz+KDCOST4JpHauGKnKUF3udsHNNItai88CpDHj8JM6YYxfUR4/BHCNJQ8BrVnvrljWaj7SYJhyUuwChZkTeycZSQPOVJRoHKAnfI+KVZGfQp6dfJx1M11Ojz6a72E6cDDeu8YBNEGiWfYARTi0FJWpy36CsA6aLjXkWTLgM4ZD7vIhLOCLholei+zR43jpZUNKRe7Ym4nSliRsrlEsYkblxsIxotpLt9Al+ftn7GBAjU4HwhC13o8K3yWw0z3daR` |

+> | Qatar Central | ecdsa-sha2-nistp256 | 01/31/2024 | `QOdUXQx3Bi3ss/976Q0n+aIt/vkWjfmGH4fsgk1mBvw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJz1f9SCaXyUAatHKEr/sfY2uRJWtftsigePCckBp+l/VenEVY22vVwstmrIeu02JKz1+IfePfGQ2bWOprpodXA=` |

+> | Qatar Central | ecdsa-sha2-nistp256 | 01/31/2026 | `rHB1fi4XAuQvabHUxHlsdxtBgvZur4W5h4SDCM+OaZ4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMsNj0SFCAb8D5igdFlWaeZxYvP2fthgXjb+a+Fb3AcqPIjHFQPX3iImnBW8SHguqTOTi+x08P35/LjXzUSrZEE=` |

+> | Qatar Central | ecdsa-sha2-nistp384 | 01/31/2024 | `znqSno+29X1UUZV3ljgE7qSoYZtAybbH4dWNoSZIg6w=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKkIRyyU0RVr0/xTE1pce28UeVStaqyw0daAWkChabp9SQb9ONmJ5UFzZ0p3bvcy2ZWeYiJCvg63qKojPomVCwT8ZtRtgeewRMWPS6kKAJDQfzl8r05dNjwbd8Y+1BerHw==` |

+> | Qatar Central | ecdsa-sha2-nistp384 | 01/31/2026 | `HZrKR8HYd2G3Oz7inTYPi26qFPFJvCZLnW13V1U+kIo=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNWGC3x/5+z0aEkRJ7IM1Q1FU360gKtERjFSDiPejwsJVTuvSMrBTFTWYJXeaBoK2rcQUmMBE9KkhlCczQYVanCZc/+qeyuXhdVAsUiTK6Fsj/A/G6Fx26bUFaJ5M+4vEg==` |

+> | Qatar Central | rsa-sha2-256 | 01/31/2024 | `iHCboIvdshFEnYt/6+vvLQnjyUZQ550Pm7dkFX/Q43o=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDW+RNosbUkJxEwcZ0i22DPBTOgStdqEdaL+jRzzi8xs6n9hR2I8Mnv6PR+ujaejqAzXVmI5LLnMrQA9efsUR4F0Is5ruJgrK6f2ORiLsaYj7PgTOsoaItdjWxXHFQ7hZA1FmYLgody3Js68akvGkp8NwnW9goFq3qBrtpHRcvxFxWixeNTy4a4azVjmoN8SfZxiPa0mBT61fjpVttUrb+sJeZ3jo6Ox2ZQxc0My8kPY+8J1qNxjsoCUirHZsgsmYTM5F7lWSdszB7h2irIiMEi+cmcowhez6LJd3TcDxnElOz2Wva/wSNo0JJx/VLdZvP06hJTxIw2QsX2uwI7lyF1` |

+> | Qatar Central | rsa-sha2-256 | 01/31/2026 | `+MFJZug5lX4udxKKxlBnxX6E/bRmCHgCYX+1k0V7dHU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCtibZZg1XYG6nFP57oOWo75icpoDy8b72OwuCQh2asjrrTxNDpdJPsb8euQc3/p1TrWRR0FBiDB5Dp3uuC8aQKFFc9xfnbzGu+neofM9ndCfItKpJnS7+Hn64SEAowGyZ8PpdBIj5T8ZQ9TgQozWat/JEL0zvcHe6RAfCy17LYOt0VNaEjTN4LNu5NDsuSvdoAtnViLa7sW3bvd8tFrCIAyDfRC7cqsy2ZHQvVsMmj+uRroXFB03AnF0Pg/sUtjTYTWbxj++vxeI/PirKg7yGOawdmbCHka11wBRg4ELcN2I1E+0veXWJZwLJVloAsAnFB5vD7gt5WuntFKXI0HlAp` |

+> | Qatar Central | rsa-sha2-512 | 01/31/2024 | `EMxIi2rduXMod/OMKHrHRZKo9t9oYUdnw3sw8Txyaj8=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDqTnxkToyGf9z/+6fXJ+DvHvKqADITDu+JqvJX2kaPSbkxEBvR1uW/jFT3DD7SL8ZS8qm8HD1MYyoiHE6yvM+K9md83GMNqBiuxIceHH7uW5mEUt25j519R7a/fQUXApt5ZXZTG5e9eUSP0W9r/HvwA+LkE66gDwamPZrF6OkBQnu3DEK1AcZNufM31lnFBlu0yzdLMFZh/L6yXRi9sh0ATf7aZeR2lgGuTuoaOUAx3F2xTt5lRNGpy8O4HV8uZKW0EsEcGYANguOEqiNEgjiw1sHIZ4XPZSYe+sXAkafVl6X07nu9CpEncrRnTcQIfZXnwbneOetDWlhZH/vk38ZJ` |

+> | Qatar Central | rsa-sha2-512 | 01/31/2026 | `j1O37Xflf7LJS5OVx20MVukIxYI81OK8GkbYGVPWxEQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQD09DhL3Tj9xPjsKFpO4rAE50nVFvRQ53/a6jZO0mJd/6B6lQ7EiuXnIET/M8IKTzxchfc0CDcuhdVpYQ1oUgh7ZZSPYmdrTE8ouQnJuKhUPFINiARPm97i2huVFK6DNgb23k8N9/TpUN8adrD/jJo+4rwqBF0OBYpjSlzP7j8903FZ8GNvEEZKYVG5xR+73JVzwyBaIBX2Qoj3WnKyctH+XhF80oP/NaaNPpPvtT5YJuHCjgPGodUE9GEuAPGz0PYHKTvt9gFKA7ddKqDxcPZjIxPzjiby0aYbiKuIrkYGmehF+LIZeU4cfzhTA0sx7cKC67L/+1pTTFHvVnWUGrWx` |

+> | South Africa North | ecdsa-sha2-nistp256 | 01/31/2024 | `e6v7pRdZE0i1U2/VePcQLguy7d+bHXdQf3RZ4jhae+g=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIEQemJxERZKre+A+MAs0T0R7++E6XanZ7uiKXZEFCyDgqjVcjk8Xvtrpk5pqo4+tMWM7DbtE0sgm1XmKhDSWFs=` |

+> | South Africa North | ecdsa-sha2-nistp256 | 01/31/2026 | `x6Veo25rnI5ZSlKsrCCSCeY02mf+lAF8mutAOqmqoy8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEnfTZN+LkvW60gdn2uNROCvn1+GpFGTb9hcNha+WaweXzvxusSbpEn/R9BHb30J/LrwlBfxa5IsLXgXdprt2n8=` |

+> | South Africa North | ecdsa-sha2-nistp384 | 01/31/2024 | `NmxPlXzK2GpozWY374nvAFnYUBwJ2cCs9v/VEnk0N6Q=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKgEuS9xgExVxicW0HMK4RLO5ZC6S0ZyENe5XVVJY0WKZ5IfIXEhVTkYXMnbtrYIdfrTdDuHstoWY9uu4bS8PtFDheNn3MyNfObqpoBPAh1qJdwfJgzo5e7pEoxVORUMnw==` |

+> | South Africa North | ecdsa-sha2-nistp384 | 01/31/2026 | `SSsuQXpWj2Jd0k+pzB6g5Emxfms+/seJ6ONarTSgnL0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBOi9aODZI9qqXCcTq97tCNG/UEuGp1SOzq9zgGBw2dQKIjq+OGpWR5l4SGRHf1g+HYwD/I2pz4aZvGUSOPCi+wfPosbQuPdfCtg2+McgpK7m41/GzZBNYe0KClOaDClQdA==` |

+> | South Africa North | rsa-sha2-256 | 01/31/2024 | `qU1qry+E/fBbRtDoO+CdKiLxxKNfGaI9gAplekDpYvk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC2UBC1KeTx8/tQIxVEBUypcu/5n3B/g0zqE7tFmPYMFYngrXqEysIzgAdpiu2+ZX/vY8AF/0UkhYec/X/rwKQL8CCVwYqa2hufbSrX/qSuUHZd/95LFB2Nh+hJ23fn3EK8Gpgo/Xkmx9YVZoaQPGPsWVWVKjU6aVpM54cd6iuDT3y9SAnqbUMqgwwz3mK7bQGFPrbUVOUwVIcYKZD9HMNZhpo8HpjllKYIt1AFy4db8lSrLyuX8Nn/U7XAlPUndUCpKsAfWw8SemyuxSHziFDHF5xo8eLU+QYxdtzirgDAgEYWv9aa0TSx5Q2Mq8XJ7POffQxKj44ocHzmMGq/wPS1` |

+> | South Africa North | rsa-sha2-256 | 01/31/2026 | `8DyFjcm9czi/Sa7NNdtb112/PYMQ2HlSfKDNShkZbUA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDW5n33PoUfv3Jii4pNxQAdY1HdzeMbs0zlQUDKU+0c0QrCNHg9bnlJXW+wNVD91suKdy345m50TP+hDB5DbZACGgoAHiMHU/lBDrL1TIIVuQ13LbFx0jBL+SU1qqFwB3U/9ckNLlMe5qM4PB/eZr0tEVQhQL/melYMbyA6s4kX/NFozxiNNR+Yz5fhLjhHz6cwCGN7Zj0js2KLWbhyaKxmmdrv+YN4E0EZ6MYdZwy3iV/lrX/0OlORvOA/ImputAvxJgAxOFLQsbTuIiMm1ccHVRpzBxsslSlgss7GeRCceQl/Kgg9vnInptlD3uqlwWUfYmc6PfPcapn3diLzRVrV` |

+> | South Africa North | rsa-sha2-512 | 01/31/2024 | `1/ogzd+xjh3itFg3IpAYA2pwj1o3DprEabjObSpY/DY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDLAkEygbVyp189UwvaslGRgaqcGWXaYJVq+gUB0906xkkjGoJeqSgTW5C/77vOk0zBCZM3yBgtDFZL1d6lze1QJZ6kGGPynJa5SeyydAds9G745yaFFuE53zJUyMy+y5I1ytfx003PKvk8+fHZK3rPYYr+LKm2u+9BmnuDB/0t561oFg1ZiMCPgNnDdUwkya2EtsJAifkUaBlYmzBZAFbIYyGfb898utZHyI+ix2TrMS/RHEDIchG8qSBMpOPmcpa29ADVsmAQDd5ds5D7WjirfMXwBxgJTMyuy+N9rJRgHoqDnt/GsgI2GtoPM7YSET8uYug941hAvFm5TI/dW3YR` |

+> | South Africa North | rsa-sha2-512 | 01/31/2026 | `gEIAzMNxs3nDD8FVwhgZvCHxnJ7nGQqwjs0gpcA8fBI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCwaG+2gbF1WVAS14Uxhoq98wdp3U7hFbMnhdDrK4zxAMHojdiVvEj41m8EI1DcDjSRAi9/h7As7SIRQ9/bOXo6E5kiLl0kj4ao2KPtuTobAuj3IiN6iVHAtiCwIEG8I/mtAjGMLBtk3uplSJnCBRiMVduBsV3GpCJKdMkNuntbtzPCntEdpzqtOhxj3wftiaQq8aGomQjFRU6mKScqoDylnZPF19gw2f9XrUwElE4EoeE0V1izNtLmgxbDz2kwpt982fhuLUZgNIHxSU/1SVAwUX1qxH9aTFzjXc5dSFCQHsK4qnLRKNtlXmUosdwk7UjndL/nwUna8p3MuDm1gcZZ` |

+> | South Africa West | ecdsa-sha2-nistp256 | 01/31/2024 | `pr1KB8apI+FNQLKkzvUXx0/waiqBGZPEXMNglKimUwA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPvbvOfXQjT+/3+jQtW3FBAnPnaypYSUhZMkTTSfd7RQMmSxsLNmDooERhVuUTa7XCTlpDNTSPdnnaa6P1a+F6A=` |

+> | South Africa West | ecdsa-sha2-nistp256 | 01/31/2026 | `2EJmwCnQAIo392472FjThrwXmowmdeNnYZZZR7ttBVE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBGif4uCAd5hx/m9dqrLKCre1ns//8w2mT2i/v5dSu3m4xP9EvFq4FN3w6LlXQwov7BmJPMdZxoDByvQDT3QHO8=` |

+> | South Africa West | ecdsa-sha2-nistp384 | 01/31/2024 | `A3RfMOd6dGgUlcrkXL1YRKNXIdAB8M1lF9qwmy6PjFg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNaJmo4QGmo6pbLHOXh06Rz9inntdxmuOtVxlJBO1i/ZK5les/AuaILMW7oQCxOKvZs/xI+P0MWRfrNgWSSapy5hNuTkbl8IqO4pH/lO//zdaHmVBC1kPnujDM9znJs6Rg==` |

+> | South Africa West | ecdsa-sha2-nistp384 | 01/31/2026 | `4XfJaEuZWJlIfVh4fHn7UU4kOYA00wQo9HA0ngFYxic=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBK2ek0MyrQfjRM6UERylxjO47fmo91Xk++b4yQhi4BpiWe/7LtYKaz3ggX7OJp2Gjug2Yq53FGyCirfyJYiR0Pck5QNEqSUtH0kpg7E/ULd4HUoJ88zYac4eDQoE5O8fKA==` |

+> | South Africa West | rsa-sha2-256 | 01/31/2024 | `aMMzaNmXR+V1NrwLmovyvKwfbKQ6aAKYiA5n8ETYQmU=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDGhe98UTnljsYaeJwtP3ABvT/hZP6Mp1r5beyJ2SWpdqZSZaKC+UQlWLu6WhLxLZ+5snB+YAlC56u4qOdDHLoid6vbAR/FPIcJlvQfcFJD88nihv9sq1kUX3JXrh0ZUrl2/Zj71aNlM/RL1OnXK/Pg2E+wu4EfnQTrzlWMhR8bxlQA0jH1zmfFN/6BTwP2if29TNlQkWuW3uq3rccY1GA6n0QtlucanPNRzsBtAzsH5/oFuB5R4sD/Msw0itvWuQP4e0y+Vdov1My/rjK19xLce6AhWmmhwkn5qxHdIy158C4cWnSkQvkYzPnwsi7KT9WRH7vfr8qD9zlA5mO+IDxJ` |

+> | South Africa West | rsa-sha2-256 | 01/31/2026 | `pdygRGoDnYZwMvX3uxq02X9KIgrqWHBvkltuMpknXPA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDDDjYrrvYHkbn5zHGLiEv6DuzvK/1oKoRCxPPl35kFMhNAltRyACtvXBeeqxW7KYVLDu6pMSNvqtboaMcSIGxoEfjTsdQrBaZq8GWq7E9VIqXT9wOWLRUG5NnDbH4L47dLNuKQC4s/KBhUC3cF+yQGspK2v5wWHR2FwIhbB1otLcxkj0b2ufAe8FZiPxe/HoMXq36cJ+z/wgYwrB59ZGneJfNG9PVdmk8w+kHr6gqDCPOjU+SKcMNqqJ1PEk9B5b6om7RsInV3cKv6334+s4XYxh/+O3gP2qX9Bfsa7FVRhuGF3TLFJOQjCQ5nXjbFjofqpLnR6ReBdmqrj9aavdvx` |

+> | South Africa West | rsa-sha2-512 | 01/31/2024 | `Uc7QB0fT4NGyBp34GCAt8G4j1ZBXh/3Wa2YRlILu818=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCijtmaOHIcXjI07fVugz1M33+amlOEqdqtVgOlLmFRKSehPW2+6iGpAjQVwzsYOx32Hp5O07xj/PhiFsbBBqZXGHmuSIOJYa7tQSFvwclO+JW/kuoELXQLwnHxUfPyq4tYoj83GSZ5k/KRlEtbmjEwcozMQVya/7MzulAeV4nN6PDxoLjXlfGEQU2ZCGz2neeisQEM8+hZNuEH+O9O03g7CW8bwiI1Y70/bnNq95xJ5F7lRpwtJNWlx+kmUiNpfXOUPxZAUsny7z1Ka5XKEB1fDP8E/jAtrSWrRPDJew8lFpQeWukwB5tf3F3bh1SuSKaSQqKBArnSpJizWxp0brZZ` |

+> | South Africa West | rsa-sha2-512 | 01/31/2026 | `ojxv106v/Bu1Vkzi1Rp1dIgH66vthYrfAVL58OuYJ2o=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDKRZJEAOvsRRtNNHtloaHBkYpowhSbkUw2ldA4gLeSwScTbWk1vxUqlq5YbTtQRNomnvbMyTvgOItH28zALeooIreQVb4WhixabgI/kr9MY0eoSpK+Tmb6jbyLdNe3GEX6CcltaOpu/9+SvYmWUcet0AtuYo/lSNofEIjd5wFKCtddwXR+4fDHwOc19eXI0Ms1n9ZRtzxSMVf3ieXVnw+JrxC9iJLnHUiWYXNB+BZzVT3xYBFNIxqWAe9RneyP4fCzSL8CmUy/EWQ191kZhBnbBdyrxMJJ9ttb74NZRatSAh+KwlwUnaRu4SzMteLwXSdtQBirnzZyba2L86K1++HF` |

+> | South Central US | ecdsa-sha2-nistp256 | 01/31/2024 | `Wg9hTlPmrRH9aC9lTSf8hGFqa85AnW3jqvSXjmHAdg4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJnEz4iwyq7aaBNKiABce+CsVIUfiw9Jw3pp6pGbL6cUaJs9mEVg1RMLHgPg2I+7XV0doisYhYb/XtufxzGCe94=` |

+> | South Central US | ecdsa-sha2-nistp256 | 01/31/2026 | `3tB3bjGZghIljXt6ni3ZVBm2s8OyBi1LnsN2XQdWorw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNqW4dj8VbdJuw2hL2LSgU+Z9rIc1C3xD54bzL7+R2cplFQ0CCzvXlMk0lfHU7SFT8jikgvp/yZu2S5diUxA9Rw=` |

+> | South Central US | ecdsa-sha2-nistp384 | 01/31/2024 | `rgRhPelmxAix6TBDahmGqXnKjdImdI3MnDPVc6qhF2o=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKXGKbWfVe18G9gbCxFQiBGkGYM9LktSPKkRI18WRQ50qyuxVRXRDoV+iIEJyCQTpuFTPprQ6glQYeF+ztEb4MZaXpVrcs1/Og191dcEtty3UWuJBCrv/t1kezlwBWKyXg==` |

+> | South Central US | ecdsa-sha2-nistp384 | 01/31/2026 | `lUCcxfmejqKtJ5F/0KNyGGPOBCTjsARC76RwhwsIXE8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBOXYAeDTv4msUprW8sdbJKfJyUamYjzqw7Y22cmO7sqr+2kHAdGu8oB+geC7gpwLA9PEdZLNJZstAOFzkw5BERULmwb0/cQenJNRLeNk1HVXVGvPTAsm1RHMr2VI1ll3Sw==` |

+> | South Central US | rsa-sha2-256 | 01/31/2024 | `n7P8NrxY8pWNSaNIh8tSZxi9rXi11g3JuzWZF93Ws4g=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQD4PgB8PxPPpGfvrIUGSiiDFIfkRk2/u1DmhcoGoIfW+/KR8KC2JA0kY4Yj+AceGnDUiBbSPz7lcmy2eGATfCCL6fC5swgJoDoYDJiJoaKACuVA0Nk2y0OeO58kS6qVHGX/XHzx8+IkfGdlhUUttcga7RNeppT5iqSz49q9x6Ly42yrV3DIAkOgh+f9SsMMfR6dQQmvWN3HYDOtiO2DvVN+ZenViQVcsynspF3z4ysk53ZYw5YcLhZu8JFw4u0F6QJAznR6TfNqIlhSjR1ub8DiHvIwrmDNf8TgG5kPVGhIcibYPf+y0B0M8nr9OKCxZzUTlXX4Xcnx+VOQ1e1qGHvV` |

+> | South Central US | rsa-sha2-256 | 01/31/2026 | `3RetSIyPW4H3vczS8LcAfdVLTnnD+MATFZx0fs9vtnI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC6LnHbAg+pkIxYoEI/UIhC3ko98md1tB/moOLAOGEuZJ90V0DLuqSmp9txhA1/wVk0mepqjsOxtCui42+1iUk7T9ugH8LIFzpqEaBfRlTtjDfmgLcib7ufFBnbIYivdwMcuJtPYJCqtnmjNyehYOHuXbHjeHAeiGGJx4B7kiocYBZELvnIiJuD5hxXcc/t0mWXOI45qGM5eF2MgDiKDkvVdnUWXzHUCUM//OfiCYDZjm3TPRroDqoEJPuyIh1ltZoM6MMqUqhxViAghyDi+N9bh60fHVwbw6W9dZNBIotAruoN06+Z+aizHFTKElIoSopVkkKjXCPVBAwWIaw2kjDd` |

+> | South Central US | rsa-sha2-512 | 01/31/2024 | `B2oOtHpXzwezblrKxGcNBc3QJLQG/TiVgOjnmNorqkA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC+LJA8W3BcwITzJv6CAkx/0HBPdy3LjKPK2NQgV9mxSMw8mhz4Ere59u2vRsVFcdW6iAeGrH66VF6mJSCgUKiYnyZAfTp1O6p6DnUg4tktMQFo4BEwSz1S5SGDuRhpWvoKjzvljESf/vZBqgms7nMRWe3MGuvlUWBqB+2CnJ7bxhvGQCdBTQeoPO9EZKYKi/fPlcxBmLFGcZnRRpB6nu/Cxhhj1aHLJdjqCd+4ahtjBHeFrPxeQv9gTJ1B+EipJZu7WgPZOTI8iZaIcnCbhuGOy0iOFXeuexC9/ptHDW9UEgKVLyZ4UIPJkSLFVgW5NRujWyZ/thc5+EfHY9Db3UAl` |

+> | South Central US | rsa-sha2-512 | 01/31/2026 | `cQiVt8IzioXXFsxFZUCC1dGG/i2L6+uWgTxnEXI+ya0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDESCWljL0fUj9B5Bvb6kZCqvnOll5UHe2s0Z5rk/9kIOXACIcQ83SdeP/4jqllBFW+XmEp1hlR81BXlxCGYe2mpHWSI0Y2NH8HvUwvuRPX0wsOqNa6HcA27mefmTa+UahJfKRQe/0op/ydPAZ+JbTquEbUHOpnVr2eLmWEfQBGL5HfYdB1SF1ZBgN3Sb+v7SEKR5NYNBUuhMMyV5nK/1thkATxSc9RCvZp8fy5/EXoZshbnvSQ/zH5Y2ct9LCDLuXOx1DJxvCUNX24W8jTELwLqCNigZ21pA6Y0PUSGLWpBSerrBo18AGHh/b6wchuBspYGCuoGu+Me+ZRIu8O0HRJ` |

+> | South India | ecdsa-sha2-nistp256 | 01/31/2024 | `7PQhzR5S6sEFYkn2s3GxK6k8bwHgAy0000zb07YvI44=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLgZw/ouE23XQnzO8bBPSCJp/KR+N/xfuJS5QtWU/PzlNLmSYS20b65GRP6ThwZdaigMhwHOEc8twpJ7aA7LBu0=` |

+> | South India | ecdsa-sha2-nistp256 | 01/31/2026 | `7jiSfTGnIW0hqUqb/FPYtnriWukXLwTtp8qzMbZBG7k=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJBiyXxWm42lrf8j1/AcTOcpTjADDrckVLQOyM2VY0TNi01Mev+bOm5C3L5MFq1RB049AbponZwkNibyhq25me8=` |

+> | South India | ecdsa-sha2-nistp384 | 01/31/2024 | `sXR2nhTTNof58ne5K+Xjm9Pu8miEbKJn4Bo9NYoqQs4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLwbzUI8q9f5YTLIs6ddRTPlHdb35xrbsJeOQII/nEXhlNjzpdL9XnDJjQunQL2vg6XND1pfp3TNBJ9LF3mud442LbpwSt9B7EZD8tQ5u0+2NeNjn8JnCu6/tdvS+xoNiA==` |

+> | South India | ecdsa-sha2-nistp384 | 01/31/2026 | `rAy6sokWeYmursG9QRpffxof6p7MAoaxgi5WLvlShzc=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBAG0ZERy7D4X3KwanylXKnaKHs6Sj1mrAYKV7bEkvApUOk0Bxa8IXr43/UEN0G6fwMc9TLKPl1Q3c7Vp+PcEpKEB8MT5vMTLZM4oQjBPcrXuaWJ/HZb3Q1yObngMtbT6uw==` |

+> | South India | rsa-sha2-256 | 01/31/2024 | `5gFLJvQvQodZxKBi3DnGywpf9dliWguiMTqcgkTmtu8=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDlxVnaYnmg1cK+g/PI1jB1fgQQJiX39ZmfBss3mSW3kUxP3KWhm7lHBTkrbnfhVHnGpP6GcGFy09YBQa6UiyVpD8p8APtx0j9Jp8m3yhhgqOIjup0C7crl49NqMVryOZmCLOvA7KTyTxxV37GpRI+ffqQ8LOO+anWVWVaJlVCYBMct/OVhA7ePXblcbJg5eu5JjUiWW+cPdVqAqWojNHZzzprCFEBTCvYaZtzBx4kFGiipPmJSN6yvBPEfnA7Lzr/T9iXV/XkmI1txuJRBasoQMt+4jCZG25sCCN8y4iuUJCioUELr//TWaDyTsQAR4MbRW+L/GSIM9VUY4Uc+Impp` |

+> | South India | rsa-sha2-256 | 01/31/2026 | `ICVQTm1JPosrx78nPlaWgY0chlk7hIIdJddWAixH5is=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC1BCEpP8RbIYogWsgCEc7w9qkfdoTdVY+gdSYykIIL2qAw018POKZCztD5obn5Kgj3qkbWy7G9RH77Bmz6O1kgbAjReJw/r/NDRW3cb24K6dLem5aWQTTmUu9zk1W3hj7pdFOjXaju485O2G1YAyscE8Awc6mRwI9LJmm6eEBhfsFAKMEPf+TsZ/uxpqoMVk/2XP7GHe8zA2/X83F0wK8OBAW7ImjBEEx8peBY6Dh5LMD+HK//HdRKf+5MkQUGHxRfiWh0l0VItjVsD0tZ4ebyLAgzah0MtsqSj7DRb+HzIOMi/CoL7gPRixxcAPyUb/OO/301m0j0+aHahH5TN/8x` |

+> | South India | rsa-sha2-512 | 01/31/2024 | `T4mrHCEHbFNAQSng//m0Viu/hXfi11JMnyA0PqAuTtg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCz9tQa7D4dyrULCLH75yKwH27AQMRNWFUqgUQQXYHR1MYegLf7JEmFn126bxgEHPRO0bNwBM9S626Gcr1R1uDI/luL6uvG0Q57k+Pmv7HNQtv12J3fAuxuhSPcppE5IE5QR94Qgd1RzGXv954TK1Z+kCXHyLA583XTQ4btOEwqUo/16tSCqaoTSdyNp17q8BrOCPaTWMqT774lSGELIDc6RaGKHRu/Qa+F5FRMswdZt5YJDEKtlKdvbyIiSfIP2GZGhWBiSW2D6xpnzSjstR3LfRfFek/ryGkDPu5c5HNaVJwc1fatP6ggAbhVCcyDgWiCCpEBICV2wnPpGfDUdbRh` |

+> | South India | rsa-sha2-512 | 01/31/2026 | `ZhFwP+ZtMreoId+Hv8bje290LD9Zq3fLVLnbiIZ2gho=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDTIseic5715ZZm+KtkY2Rjre8E4jSuQKmCTwXhLB0psfOfPRMvZj+sMRdscEyMdathN0Lhte5jiHIVJFplDi0KbA/2PLNDh1kghiJLJUzaC0UHzOOiUgP394iDJhWgYMehdjGvcxE1+JDVtE63na6wKpXvl34lNBAaZ9Mk2lLbWe9iWvM8NZGP9oDqfVNc7+Sin5HfA8aksS8b0SwxdOLFox/4vTF2c9c5O0bhUKOQMYcY+OXMgYuPMpiA+A0GxwbPtFLZdmC2T5ufI2dO+EC0ixG0YXpi8jwgTauiTyf9aqVbdPmB06YQCGaMqLsQ7Qw6/M1oIVU/eckHj1L8IaKR` |

+> | Southeast Asia | ecdsa-sha2-nistp256 | 01/31/2024 | `q7OsE02p9SZ6E63b+Mxri1wbI5WfkdWcIJgAP2+WTg8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEbvjkwSA0RQuT2nQf8ABKc21s/kcC/7I5431oNEwQPZQ8S18RAKktv6ti19Ju8op6NOZZ3Up9lOn3iybxHgy+s=` |

+> | Southeast Asia | ecdsa-sha2-nistp256 | 01/31/2026 | `1KqLiMUAewB07jisgpX8wsiu9inheicc/vcvCamDupI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKt5joKBVS7qZwmxQfCxzVy1byjEUSGuaSGsqg/ijVOwPY1qKTe09C5c4VfLZs3c1RBNm63o6Nt8peMJaqjCzlI=` |

+> | Southeast Asia | ecdsa-sha2-nistp384 | 01/31/2024 | `HpneuSwbRG7eiqHGEAkSXF0HtjvccoT3OIgeQbPDzoE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBMGAMUN+0oyuXuf6rkS+eopeoISA2US3UrgAovMwoqAeYSPoHKy9n/WKczsHPy/G+FKsXM4VlMHtNhEAxYwjtueF0Sb2GRZFzngeXMfVZPVL5Twph/pT6ZJnUD8iloW0Mw==` |

+> | Southeast Asia | ecdsa-sha2-nistp384 | 01/31/2026 | `R3xeWj9DkW/6Dwxv3eMyraHhhZfoeQ1TODsts2gdM3s=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJBVL9OHUHPAQLDpUZk1cY6OAvATvWr834g83bx40mEHJfxALy1f/EnT5Ihw6r1YDlY4vfUBbm+KZz3MjOiHx4CNHCZc6qRGOUxGd2vWC3yVG5xkEIt3MaxnzDAyP2I4Ig==` |

+> | Southeast Asia | rsa-sha2-256 | 01/31/2024 | `f0cyRMVxUgtpsa9J6pwAMysk2MY/sybo5ioPjhy9LZk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDWPK6PAGMTdzNkwKZt+A3Dhbnete6jyLLboOXWdv/QdhvjR2pNCMhGuWUxadaiLUxzZM7IvugSLGexQlZi5aCJ06DpaVYqZk/Q8l+QUydp9TfNg/kP+0OJXCJ6XdsVggboDIfrEN8ku4nfasD4QTo2tnmqZhmbIDUr38SP16PsH2bQAi2lZKg4DfWgnSFyj5sbMSDLljBEY6JQkLGiPcbqlYEN4kjB5mudE9c/ts6Jn1fhizBwJY/pE3kOydq8dCMXYFMZ6NafPacCi7Pe5zcTKfi/daioVlSXQhWK3jNzCVENonF2xWSPH+1T5F2IOV0wb0HL2l8d02x5Bw2Su4aF` |

+> | Southeast Asia | rsa-sha2-256 | 01/31/2026 | `tHnkpkRSu9sLkbs3aUQcKYFKAnxRz0b9N8byIPvFjzw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDgvpfP6qoRNZ8FOuauaSDONsbEv4PE6T6EUMZOrCq2gLL64uan9reaYD1c1i52gD1Xyva8SOq4AYMEoCpBuDyVm9PsseuNXXDBH+I1NiKyid+E9UmANYS5a4cV5Eg1fIVyEOl9qDdMLQMXyAhPr1X7ol0/XDZ/CG1fclCKje3oIwLvlKXE/ZLylyKBGr1Kf6vqKVlbIXqhZ25jZ+iMU1w8YDyV5DpZBJFFNT2hitLPj4dKqy1QXkGT6VqZ0T8+q7hwBkS1tU/Ah84ddSuIpaHb4PPQiEtrw/GCTu625QHxAgabE6kuwCuCVRR0vBGss0xFdoJqIMSeivTq/t5DnDHx` |

+> | Southeast Asia | rsa-sha2-512 | 01/31/2024 | `vh8Uh40NCD3iHVh5KEcURUZrT3hictlF9pMDEoK5Rxk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCdL+E/W2RpmJiWMRg5EtMs0AE7BF2Qb5jnXXaIbwqr5/BGuUPLm43eVJJt5R0BmEJe2lYfYLAzinC9MhsxKSTHIt5u8QleyIAxI759M3DWZwFSKngjsHFRe/SvZOzc7gvtR7osdnVaXCTXY5NccLT34gDybEbjlmp+SEvSZZmXyy2wmUR3O022euBifKN0t9Tk1mkLYhbfRySQi0ZADWazjd7loM9ZHArVe8y9oDrs7QYX4eHIVRbgtsBbkR3g9zP3VWVMERFyi6cU0Dyvue8DCx9YzNsdmKjkB2dvYTMVcUkad81pbO81jpLb1wL25WPHIPHqTOLZhdn9JxLn245Z` |

+> | Southeast Asia | rsa-sha2-512 | 01/31/2026 | `PORwL5d763G7hlwniaxxWV2GnWBwiwvFoCof1ko/I0k=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDBsqpGatUt090vKyIFszT/yKjAkiB7JJ7S+6iHKn/t346XsnDGawWTJGnB7HypYGN5l6SniBlo/+z643xXiM2Z+l12XThuyB3mBRMuVzhaHL2PeJre+W0Usrqm6BkhRFy9x2fbgQjjtC+axGSXR1vfdYX7wELasmM/cxCbBk2o3kogx2WKPm7WMxHPw0yIr+QvDQX2zuNrtpq7GOeih5K6bGCFauB4f8+qEy4LTJC2tJJqposHqtF91O0HO+X3Ek6N2ktkexsmyibyO7QCDUrWZfeXZkPKHyDgk0U8NXEendG8xxGmAEdLh7177iq1BICYqE7MrI1DrnXEn/6/hT4l` |

+> | Sweden Central | ecdsa-sha2-nistp256 | 01/31/2024 | `6HikgYBMSL9VguDq9bmwRaVXdOIUKEQUf4hlOjfvv6I=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBErZhZNNmDhMKbSUXLB1VcTmR7pXcXWAqfFpdI81OP1FeCxBtpRNpIeWMyVoP3FeO3yWcODLm/ZkK7BICFpjleo=` |

+> | Sweden Central | ecdsa-sha2-nistp256 | 01/31/2026 | `xDz64cW31AuzMVItTp3uUcaBXsr1XHTyfebMvYL45AQ=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGA+cgwzZYKp/Y/kjwdKGWUmZN7wtzDettBJ4G1GfdVSUCvDuHbvdd2TAGOkHrKLtYH8GOzTlDxiZDr/fU2UhXE=` |

+> | Sweden Central | ecdsa-sha2-nistp384 | 01/31/2024 | `apRb96GLQ3LZ3E+rt2dyr9imMFDXYbaZERiireEO6ks=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBKA5kwsqDKzZWmQCjIFBBjZun3rjg62pv8BOULwvwImaPvMFuR2OipExQZIyKSbR7wS9HA4/QKVA5rLRrSGpYvOBG438/7fwVZy5rOj3GXq6X7Havr1ExRXwsw5rJ56acA==` |

+> | Sweden Central | ecdsa-sha2-nistp384 | 01/31/2026 | `N2hag9eHkJ2bNWMXAVEN9i+nuQtmdXgEcnOVGBltoNI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBJ5jrcbfIGsC3O38klFCtG8pdqRKfnScEZaTDZLC7QCSbxzHtr3AIiAESerQlsH9mixFZCoEUrqK4ThG5X4x72BQLqR3Y2ybVdN2Dk9y0CWbBS0nwPsqvoRo3E5TN+Wovg==` |

+> | Sweden Central | rsa-sha2-256 | 01/31/2024 | `feu0rEf3KhvHGfhxEjcuFcPtIl+f0ZVzOMXyxy+f8f4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDOimUzZHr0DxrjdWEPQqkrBudLW2P2dvPE9DoaXSNbehU13bxzsF6lzO65JBPh9rlNwwyt2yWtrR4XI0Qh/QSXmBntefOeH6BZVrN06aHrsd1dQBr4UFT5chCwy6Keu0ARW3fY8kO9lycTmMIeoiaYahicxyRRC8WLs0cSCH8tO0dA2aoaMxafBWqR6D5dNzu00rIcsCxvyjtN3Y8C4fw3YnNvPB/qWHdZ4aNcu7sQMRhCYVNPqX9UNGeXkbw8gHf9uL9dFu1c+P+VFIEs5bIecgT5HiGvtuXsWRdtEcM1v3mrRnNdmeWWQIqXzLrs5svipMIbnYXekhhLYHIlVo4d` |

+> | Sweden Central | rsa-sha2-256 | 01/31/2026 | `bUYNGSyu33/3FP/umDeNOjMyyWTH7cS9SN+uNEZAxFM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCiMXkqHOU3fEwKm+vTmV62p/Uougg69HEZGnywRuTjvSVgPOB++q6zPinJGox20fvK0Rbh1hlXw2uXKqv6pgsa/54Cey/IDa0V68+aSdKvT29WNynFw0s4Ba52t5S/GsbwzNxV1pxrXNuv+d9874GrPiOSysPLGJGO6qMZEETzkewhgY0Vx4iSZTclJJvWozfVX+o0NL09c5iTOl6WaHptAMnaQpuuZey1DFTOzLZjYvsXrJtBuSlR2aPfUDxZXZ9IHbaG1/XoDHaK9OLujauXubVWdiPCn2JAHyRn8RHeaQBMXKEIYBjHEdEqnqu2x3x/xgLtcMHvZNtMbSUYa2gp` |

+> | Sweden Central | rsa-sha2-512 | 01/31/2024 | `5fx+Ic5p/MMR6TZvjj2yrb4HMHwc1TgM4x1xQw4aD3Y=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC2nRaxWTg4KGLClTZLQ5QgPZPyQ/XYbH4prjhg1uK7m/JKlmJw5LjmIUVKnlXS38qTKpWpJZyGU/eBCa5FPQODvoAXfNncgtIQxd7j00P8aO2tho+uIxSgiTCte8sgrAyx22uIJlORJn2x1cBFBJrlgQDJOKEAs9IakMNdLvlfjJV405gk7pstF4eeIANRWC3eOTrMs0O1gCTt2rnWR5BNQJu8swj9FEWreNQ3PvUliM6Ig6u8b+4d8ryYGuzh5+E8wy/aNxlowkoCI4D/+dBnH43pSYyjhrVx966JMlrJZjDmbgtygkJI+FoEEfBoFlrpIGfisqIX41Np9ZRre4Ux` |

+> | Sweden Central | rsa-sha2-512 | 01/31/2026 | `S1u9eFkDBfG+Pi6EwEuXcjHaTKFj5OS5DoDlKMQQgeA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDInv9tOMOI0vEIHPDGgVAjNc6bndxrRCtHoScAiWNdgzUZvsilkiSLyoeQxrZ43yOIazCjjdDCffsGFchCParJeHtAibjuAU9mxPzJ/Bf423TUXpZ1Ue3jzNSGIwDSGT7Zx6FzI7ogAjoksTgbV6xPBs4eNhliYVTpXic7KWrnjIWz78IB0SgXs7QugVufsp0ujOqJAnIJg8WVLidQ7SZb60AeGQZD2WFrSGNBiMVJhv99krHRQav8L1aS9mGG0qJlopbEeaJLrAmuWX8vih2HVERSnZKBHK07L033NzEqKMINKdHsx9i7jjnhbawqVnVcIkFrbt5HsAOMPV5NJnB5` |

+> | Sweden South | ecdsa-sha2-nistp256 | 01/31/2024 | `8C148yiGdrJCGF6HpDzINhGkB5AAyWDqkauJClRqCZs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEREKXJT7obM0RXGFrUPmJOoEpJD8T+QT29UEt3/jZrUzVzqXLV/9+VK0xqv1suljhUoUoClBdKqx5E/Sv1kSV4=` |

+> | Sweden South | ecdsa-sha2-nistp256 | 01/31/2026 | `CFONQqzubENS+SkpKNt07pdZH4SQFBpSJBzl35MxCDI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDKUwlETDPLRZFPiecD8Ik+RS3gCySkM7xk5ntfBQ3QeKJ6dXZQK3OciXfLaBcX3Nh6kaMvF/lHP2Dxo40aj9oU=` |

+> | Sweden South | ecdsa-sha2-nistp384 | 01/31/2024 | `ra8+vb8aSkTBsO0KAxDrl2lN9p41BxymtRU6Seby83M=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBIMby6y3wzWnzE304DjregQcSqKTsoMx2vPGk7OlBtjFKoubZlBRQH4jQrtPbJv/Hpf8f+D0JmvPe5G75yZFG1BcP5eB4aonAr0NNCw+3sCb50JVpoT4yoT787KKYf+5qg==` |

+> | Sweden South | ecdsa-sha2-nistp384 | 01/31/2026 | `P63Jg3B8b/U+t8MjBWJjkeu0i9a1wB/ua4qSesCfIms=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBBXXSBA7P4mqOkXjec9XDJcOk+qS/pEIiAp2KRbHEZGGf0m4NzBGGZyzxSqSDzV4GGIgCvoFTKtYuEt+D5WGpoCmyslD1lSM+GAnLpwbJBnT/Uh8F/uiWuAdmT7RhyMqdg==` |

+> | Sweden South | rsa-sha2-256 | 01/31/2024 | `kS1NUherycqJAYe8KZi8AnqIQ9UdDbpoEpcdHlZ702g=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDJ+Imy6VuOvZsel9SCoMmej4kFvP8MDgDY9EdgfkgpjEfOSk+vmXBMCFtthI7sHRggkuXQE5v6OkOPwuWuVWjAWmclfFIz+TTNE5dUUY6L+UMipDEcwFxtufnY3AW0v2MW5lOFHWbx3w7605yb2AFQuZjvngkjdelhDpVpX9a0XdPa7zUYBwXdxWeteH+i4ZJ62sjlBGzYRjFhK/y1rUKR3BVR5xtP9ofzqE1n/TRLpViU8iy4bpsQntTWa71xVoTFtE29h3ESw4QG2lRCwk7NIf8efyNdR25+YpVGIysAxXG2smGAi2W/YXUjteCE7k3IU+ehHJdWKB3spUBSoF/V` |

+> | Sweden South | rsa-sha2-256 | 01/31/2026 | `jDAz2Lzm0DVWZUuijXfWc1pr7GWKY0Pj8VD/DDSxa5k=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDXFtDF2qY06eUHr2SSo8S6UFZ2X++ZCLn5d8P0q9S23k9bdwx1whNAAu2uqDEr2q4db+bKISHWlahb3dGDhi0FvXsOGTPWrWjjQ13IqyZR+vV/tKkz5ZZ/LKOgSMpNO/phJfToKqk0cF35Ai9L+Gg/vmnTzbaYmLBj0tKKq3d/DN2JX6Fb01mHedHvGLqaJryJX334ZR4QyiLn2Sr0Q9mTtqZibkl50dxYyJSXsHi/W8Sy/cPEpG2z7p/iUwnOzz0yXPR/EMkWwuU2RDWJDCNt4bXKRE6Ox1kbrF` |

+> | Sweden South | rsa-sha2-512 | 01/31/2024 | `G+oX014UJXR0t1xHrCi715XuoHBkBxJMdH8hmVMilJc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDCa5Ny0EUd8yLOgzczm6Zge+D39VY7hpG+et2ln0i/HdYLd1aijEiF/0RDgnJYxZM4RhPZHxrVZXJXLsLa2T+ud+cqifvsjudsUSCzWNY3pHAwKBTSuu8Po+TrJXx8b+ogg+EhTh1BZQzIVQbtLwqRFJ3beLtvhp+V1pPWOoXRiN6Rq+x6ciT37jOdp033rbEM3AtzWdRBvRxUiVxKoRXcDYwAAIb3joaZ26p69Vj7HpD0HAf7w9f70zIwIzqrW4RcHcP+RbDVzNukK8gWP66OgSKrAQgRmibS6SEJx4kgkaghiQfm1k1bXkTnlKlz956DHkTkpMQe21/eW1Prs+q1` |

+> | Sweden South | rsa-sha2-512 | 01/31/2026 | `anZywk1gGkJMWIN6REl6n2o+1gvpXzJ1tuqpCBi3eGM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDIld4L9tOAD8hutLCAQj5yhFN+01CDMlzAiGfDPZbcJ7Wewm+vSQkz8CDgqLxL6nS5PtCiDIdi66Ogluvh8vURfOOCMOd0FVzVblJnrvHAMp7gBqbSP94obGLNVlvQGMNrKSTr+PMXQ/acRaGgpw66sMx4s+mgkpym12jhHqQHTU2GUf1OQOUz8x6kr8iUr8gxM7u2kdb4JjMBqjp6MjRsC1MErDhP39tgsqa2YuZ1LWHsEApeuiA6OLFeGdt8mCnNqvs7oZSnZ0KgO2EgGYv7SJp/yaWVXV+M7HIKs6/re6KmrFQmLpsSPFaY7KuUE8rBsgwBNlW5anzX+8bZ7BEd` |

+> | Switzerland North | ecdsa-sha2-nistp256 | 01/31/2024 | `DfyPsw04f2rU6PXeLx8iVRu+hrtSLushETT3zs5Dq7U=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJICveabT6GPfbyaCSeU7D553Q4Rr/IgGjTMC8vMCIUJKUzazeCeS3q46mXL2kwnBLIge9wTzzvP7JSWf+I2Fis=` |

+> | Switzerland North | ecdsa-sha2-nistp256 | 01/31/2026 | `0pZsKdD8Mt2Ycp8eZQP3V7jE/KcVg0G9SHtKB9ZYtp4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMhtGLo1R2YN4YI0+cG7+lkfhsHiOohzccGbvAJL8GDsSQkGT37nv6v0UXwBOK05RqqYbXClQmVlzmeNEj6PlFQ=` |

+> | Switzerland North | ecdsa-sha2-nistp384 | 01/31/2024 | `Rw0TLDVU4PqsXbOunR2BZcn2/wqFty6rCgWN4cCD/1Y=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLLhGaEyHYvfVU05lmKV4Rnrl9YiuSSOCXjUaJjJJRhe5ZXbDMHeiC67CAWW3mm/+c5i1hoob/8pHg7vmeC+ve+Ztu/ww12JsC4qy/CG8qIIQvlnDDqnfmOgr0Svw3/Izw==` |

+> | Switzerland North | ecdsa-sha2-nistp384 | 01/31/2026 | `ooXk/r73YrYkElA/yhZktLu+jqjQ1h/Ph1QJGCl8Wwk=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGpDYh+kklKbttOEbLJcoclTpIbfybZH20LFSx98stuDwxl02ZMZ5kUR99icKv1a4rLVHE6jhMK7uOA9dpYUob7VOEb+BBNy7zCeEzY9gW6gYLbLx8KHsGVyYJOu0khvkw==` |

+> | Switzerland North | rsa-sha2-256 | 01/31/2024 | `4cXg5pca9HCvAxDMrE7GdwvUZl5RlaivApaqz8gl7vs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCqqSS6hVSmykLqNCqZntOao0QSS1xG89BiwNaR7uQvz7Y2H+gJiXhgot6wtc4/A5743t7svXZqsCBGPvkpK05JMNZDUy0UTwQ1eI9WAcgFAHqzmazKT1B5/aK0P5IMcK00dVap4jTwxaoQbtc973E5XAiUW1ZRt6YComeoZB6cFVX28MaE6auWOPdEaSg8SlcmWyw73Q9X5SsJkDTW5543tzjJI5hnH03LAvPIs8pIvqxntsKPEeWnyIMHWtc5Vpg8LB7CnAr4C86++hxt3mws7+AOtcjfUu2LmLzG1A34B1yEa/wLqJCz7jWV/Wm21KlTp1VdBk+4qFoVfy2IFeX9` |

+> | Switzerland North | rsa-sha2-256 | 01/31/2026 | `UJCUXnlP5GE7WdONurCmOsBT2dX4EvoNglb0SkNUGVc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDfokyfs8exkQ6lwYhndILtNfJzSgENTP15rxcJ7GUi+GtcwtCrg1SobyH/t2pAkc5NnLn/nc6CZO97+XGsDrNI/A9uyo2FzbUtbMc6orqyjBfmaOb5haoMrkOJ/HzcUBAzRfQgJyGZsjyvPAiG1xpRf7dFjKJ18D38FpJk7jpZTdEBdeMkFpvi509ASrn+htnOLLSkIDOJRinnMapp+g4dOa99+rQgmfOb0U/8FUuS68cBetbwbdRrQhxqwQleZ0F9wJM66slb4R3dXKr9uPZy5nNxXnxTicfZTgEUdcBxs0PfNVzJ9NS408aRftnxmBpE8vHO20fJpKW+VbAkkHfF` |

+> | Switzerland North | rsa-sha2-512 | 01/31/2024 | `E63lmwPWd5a6K3wJLj4ksx0wPab1lqle2a4kwjXuR4c=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCtSlbkDdzwqHy2C/pAteV2mrkZFpJHAlL05iOrJSFk0dhq8iwsmOmQiF9Xwth6T1n3NVVncAodIN2MyHR7pQTUJu1dmHcikG/JU6wGPVN8law0+3f9aClbqWRV5tdOx1vWQP3uPrppYlT90bWbD0IBmmHnxPJXsXm+7tI1n+P1/bKewG7FvU1yF+gqOXyTXrdb3sEZOD6IYW/PusR44mDl/rV5dFilBvmluHY5155hk1O2HBOWlCiDGBdEIOmB73waUQabqBCicAWfyloGZqB1n8Eay6FksLtRSAUcCSyBSnA81phYdLiLBd9UmiVKPC7gvdBWPztWB+2MeLsXtim9` |

+> | Switzerland North | rsa-sha2-512 | 01/31/2026 | `xqR6ZvYjMlFYY7lQWQSe+jVasTn/Z1dj1YZ1VVilPCo=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDI1WEVac58t60BTau8gagXm18Wsqdw58Qj9YIJ5FiREJVgNu77S94bdp8uDiHD5pcucMtf1piaExEhNj5cJccbz7ZsXyKpp3ElZIxQFofGKwwLbgeyAuNenufnGd+1deN3ubVFbcuV8Fzw8XlQUJt/2mFzWj+c9F4619XheailZGKnRdj+8vEaoAHlUGy0xeTqr09vDwNJrkJHksCdRK2+vu7OOGTY684oi1zEKXVZeMIuu0Aowk4Z8Uh+7emfq2MRCr+sjZreMdxcSbGqQAeIHGJQLtdnf89pEm6UrXDyzmQSD8WGlHkivICPGctKhNPsrgcC3oCMSD5vQUD/AECh` |

+> | Switzerland West | ecdsa-sha2-nistp256 | 01/31/2024 | `5MyZiuHQIMDh/+QEnbr3Zm6/HnsLpYT2GXetsWD6M8Q=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEj5nXHEjkVlLcf9R9fPQw9k2QGyUUP6NrFRj1gbxKzwHsgG2YKWDdOJiyguiro0xV9+JRdW3VC49/psIYUFDPA=` |

+> | Switzerland West | ecdsa-sha2-nistp256 | 01/31/2026 | `SrAdmOe1SSj0aFzfwLaLgRdqhkqk44Q3ffJ8Qv7dunI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAi1QaagaxBduq+yLgr68/MIwaYmaFzV84v5PyZfNP/MM3d2xCnY4w3FFxte1Np97D6f+J9bzufxzCxU/CVKZbg=` |

+> | Switzerland West | ecdsa-sha2-nistp384 | 01/31/2024 | `nS9RIUnm5ULmNIG+d7qSeIl/kNzuJxAX9/PcwfCxcB0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBB/Ps4Wp15xhNenavSHZijwVXdZcvhzVq8IcfHR3+Gz3tKLed36OdHRTdWpvjrg0mENw4L1mEZnHnDx96WMtA+FfagGWXMVMMfcyM4riIedemHsz45KAR2suqcdkNHfdVA==` |

+> | Switzerland West | ecdsa-sha2-nistp384 | 01/31/2026 | `3c8hd5migbtN7TxKAAcCvHZ0s/sB33vs9KZcUODIr/I=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBAcy8+3i9w8SPJfdqyxXrt4OuuQMkY9wUN1V1F9yDDt3HhOfZOUj5AHMnwRqC8qwkiC2QqQyx2JqugInqjxDEmTtE9x+Soaye38a/u7WjHIfr3gM5NvqnPy7sQ1ZlTdLAw==` |

+> | Switzerland West | rsa-sha2-256 | 01/31/2024 | `yoVjbjB+U4Cp/ZpMgKKuji9T2pIFtdeXnJudyeNvPs0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDFl9NO3CJyKTdYxDIgCjygwIxlT1ppJQm/ykv2zDz6C7mjweiuuwhVM3LRua3WyP5mbgl3qYm+PHlA7UyIMY5jtsg7GaSfhiBSGZAdfgfDgOp3qRkgyep84P69SLb2b0hwgsPVkx8eWLDDVbOEdQLLx7TVndyxtdw+X4bZs6UdEcLMvLUWl7v3SoD5oiuJN6vOJPQl0VBeEaK/uhujjFgnlEu7/31rYEKQ8vQBbx22a4kIyBtUSAGo/VfKGRWF9oXL7Umh2xHAPwNbGwP+DdCKUY27wWG7Qe18O+QS9AOu0yL4+MRIHZg8ODLQsk0Hp3q8Iw2JjohSkk4lcjHYgb69` |

+> | Switzerland West | rsa-sha2-256 | 01/31/2026 | `7ND7kGDrt9lN5QLEOCrZuRPh8QiKNaO3Up2yCU+8Q/I=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCiAmb+xePomfMqT6MLZxoPMxUL8dyXuF6JgF6QI0NC05tEilsv7og35mgLlDug+/QrAQVrNq9uFdVWA4YZgQXc8dY+QKHcv4PoDUnYKkRQLij1n9GttQPnAf+MOTrN4Ws07zeiespjsgjfpOz3LFS6GF8H/3qVWcFgAyiJqmV53dDvtFMQMYrek6scuVxOwZ2HP2U6KXjuBe+Xa8uifoLkLtxFcNivDxuDoMnch0d149HtMOwr98IjHCDbizUGvPObKQL9YLsFvk7IY11JB2jdX+I2So9bfOLvR64vC4NqXuI39VJUBQy4/devmY1+43GWqXCQ6YCIPjZJ1OM/kAoN` |

+> | Switzerland West | rsa-sha2-512 | 01/31/2024 | `UgWxFaVY0YYMiNQ82Wt3D1LDg3xta1DfRUUKWjZYllk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC6svukqfg7147raZZrA1bZFOO/EDFgi+WRsxoOfH/EEWGmZ89QQ5m855TpsTPZ5ZARQD9kxrYEtqefcSPuWgth4Ze5PNVwRfAwedsSfnYwHZqHRlRM54bOQ6Img7T292ERl4KNJUI7SLyF+kKB7eXqp5nMBrTZ4rSHXoeibv2yZAph0cyf4V/NnfRj6KZSf6YDs0LW1VuovWAC6S7mpBjwtabBmd1gIiJleWhB7Jj48yiyh0m7L9oIoR4NRiuFC535JwqCYhrgFwujuk6iIR9ScRdayEr6gVcv6tBms3MyR16ytA/MHRxYHfPKb1kHUrpFjDQZZZswoDJDnhQGOm8Z` |

+> | Switzerland West | rsa-sha2-512 | 01/31/2026 | `5vdBLwM+FAi6sDgIA9/k6uBRA8/XiMpD23sgxfHIILE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDBwwQq9f6JcSO8+03rBQlSswX4M5ZtoIdHvdPkSeUFm2hyZaDR4oEyI93ZupPDF6T7kq9z7WrjbrmgN8KmNP09fw3I9K750CETUSvB4tUgRNF0v9I15fdvvrTG28pQaxhYGcE7+WIOMvLpHmYQdLtgK5tmSPmivPJ8BkgVCMm+YDEJ8dWIx3sQUgk1Yn5LcBhPgmamQQZPbeOOL35MZVexKsePY2TzpQzSL3mWAxKvCzNY/lBogqPnOnoeziUYO0YXdnJTpPuCqt8odfapomRN8AGAt3uWANG/lxRYanFF1b7K8Z2ktjc9up9cx84WisD9f4FD3UTn2nlnxOYw3pj5` |

+> | UAE Central | ecdsa-sha2-nistp256 | 01/31/2024 | `P3KxgoZgjHHxid66gbkRETjPsHUsNiPt5/TFU0Kby6I=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOvHAXCWC9HGJnr5SRW8I1zZWsyHIczEdPpzmafrU8drYmhpRxlD6HlKnY7iXqfq8bOIK063tpVOsPbrVevAKPs=` |

+> | UAE Central | ecdsa-sha2-nistp256 | 01/31/2026 | `eLseSgVB/Uy8v71xNcS1RTPs3Dalv/NP94UqWiXArmg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNZ7GKKOuBg1epk1QSkoewctpPA9cJXwnEtHW6SOyJvXxdim3QhGDe35m8S2hXQftBAHKfvs234t10fWGHL75ls=` |

+> | UAE Central | ecdsa-sha2-nistp384 | 01/31/2024 | `E+jKxd6hnfVIXPQYreABXpZB7tppZnWUxAelvEDh874=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBMDLyroqceuIpmDQk/gvHHzFup7NZbyzjXMdGrkDvZDE2H+6XTthCGSVNVmwqdyHE4yGw88jgW1TfWTAZxCxTfXD+xF72iYyBAsejgiyYY/0x9NKM/lrtw8mnRtkZzLyrA==` |

+> | UAE Central | ecdsa-sha2-nistp384 | 01/31/2026 | `lO3lSaBB3hriPePQ3Gy/S5xoNrbw3tIjfFRIgogq+lU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNepTdgyzOXRje4JSY+mzB/k/HAmsKw8PyJFWR7tUdY5rPNghGg0pH9pos/CrynXq30lhBSS5bVA7Gy74AjjUQdWCM7/oOu97jJWkfYJzSvLIAJ8WN4H/PchBcKUex1Cpg==` |

+> | UAE Central | rsa-sha2-256 | 01/31/2024 | `GW5lrSx75BsjFe4y4vwJFdg454fndPjm4ez2mYsG3zs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDAQiEpj9zkZ8F3iDkDDbZV4A3+1RC/0Un6HZVYv5MCVYKqsVzmyn+7rbseUTkZMO/EqgF8+VWlwSU5C2JOesZtKXAgNzXBSOER3NbiucB5v1b1cC+8Qo4C2+iTHXyJSKxV0bTz55crCfhKO1KTQw3uZoYh6jE9xI1RzCI1J4qP+afZQQhn3H+7q+8kTMhmlQrfKuMWennoWZih+uTe9LPHjlvzwYiXkS2sOIlKtx8eLDJJg2ONl7YKSE4XVq7K33807Gz5sCD/ZV+Bn+NyP2yX14QKcyI97pkrFdcJf2DZi7LdTuEVPx3qK/rHzmzotwe6ne6sfV+FJpowUUTbKgT5` |

+> | UAE Central | rsa-sha2-256 | 01/31/2026 | `1CPpQFd1HDc1TVCnaktsKgKewrTBvoISkyDpte/rDOo=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDHSU17nm3EBbLChzISwQ6GhCNWyk7dxOYyLa8GUNLDRrlEkbEgcAPpfRosf/D60oCFCKRV9ZAKopiTN3ZFSyxmErzSB2+xxaC/P0OyIV6Iy+tJIhc6daNI0s1Dr02yideftrt7IOVegjhkkE26l7lcgrBoHjF5DFjJqJGD/f8fjtKeTJbsMUKAwPQZ7ZvRzoel6u4gDZcLS9HjekFAUWKakh0qsnajsmBK/wOd87eMYle6o0rVen8GbxvLpbjwW1ZqLYiKU6aNx8wSWA4Ax7N4DJXrd7Wq5sxYoS2HcLcEkZho6dk0S0Dn2jax7hDbHbj8EB3dbXhmAGgWFWqvW3CB` |

+> | UAE Central | rsa-sha2-512 | 01/31/2024 | `zflL4olL2bga9JCxPA/qfvT2jSYmIfr2RY6GagpUjkE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDAtxSG7lHzGFclWVuErRZZo6VG5uaWy1ikhb67rJSXdTLuSGDU+4Boj4wKxK0EyVKXpdQ3VrIwC4rOEy/lKAlnI2PrkrMjluau2aetlwW0hCBKAcgEOpMeMJJxCvv9EVatmEhvCe0ARyVM539058da9LzoZ2geFnFIbh3t8fNCaJZTNSS5PW1SLkspSqYXUYJWzu8Kx9l3LTzlmJT1DukKLIKj5ZDwuzOIN5m1ePYp4MzfIeBN6ys8df8HqXLoEXE+vOZWOzwkPVWoTsYvwB8j9+FHECAVf4Gcm8sPvRZA/RKDn1dGW2THzVw/VI/F87fFC7stLmZJ1v+a9TTFE649` |

+> | UAE Central | rsa-sha2-512 | 01/31/2026 | `gUrg5GpMevHc+oY/6e5zf3v/QAUs7LfQPDuJzPDvCj4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDAJnedb7pHRHXfKMPJvF8AwEydvhLJ/n7NNdxWEGM3LjKMehDVVthzt09Z2NUpw3oPBOq0D7onxohoxLVKuPPk7shs23fVV0lyBnTehYKHvVkLpTsBd2E6JEXzTRoT7LWJWJr5WWjnUagn8HprOiBLYo7kW8g0iidfzaYUSKvtz3j4iYCCogjqTgsxF1wBn/R8LM1kpZw75ym9VWmeP430ov7fyKxho+EG9Xf2ta0E1AKrkJoTo/I2PY6/44Uhxf65afApGGbQOnuAuJsSQRfTs4f1Potuv4leDo6p1awLbYAiDjdky7QNbjmznDu8J+O+F28HNI/E4WrMgmM9xsQZ` |

+> | UAE North | ecdsa-sha2-nistp256 | 01/31/2024 | `vAuGgsr0IQnOLUaWCCOBt+Jg0DV9C6rqHhnoJnwORM8=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEYpnxgANJNJ4IIvSwvrRtjgbejCpTc3D+l5iob7dBK4KQ7MB40rq+CtdBDGZ1J7d6oCevW6gb1SIxU/PxCuvMI=` |

+> | UAE North | ecdsa-sha2-nistp256 | 01/31/2026 | `CG5AfI2DZM9CuJahiKljc5R7r1fFuFk7on/fpxraX5k=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBND/xbpRM4gkyWzkPTqJ0gT43sKGDpboZnor6arGO19aT7rUvwvvrDavj6+tHQ4rspF61evvqNwgex2jXfjZl4c=` |

+> | UAE North | ecdsa-sha2-nistp384 | 01/31/2024 | `A5fa4Pzkdl0H2kVJxlNiEQkOhPzBYkrfQrcviQUUWUA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBOz4ENDgFpo0547D5XCRCJLg8brp+iUyId2IdEhZAhuNX9spxlVe6uSkiQbd+8D5hHPVNuLFTFx7v2wXObycM8tr/WGejn/934BvSUhM6lDpU+d5n+ZcxEEhp4gDiy1l+Q==` |

+> | UAE North | ecdsa-sha2-nistp384 | 01/31/2026 | `ZKSbth32z81WlOVHmZQXMgKKpZtoKM51iQlppBjIEsg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLVt41XkHBVdtvDrzNdTwH358z8nuYKXsbhOXSC5y5vO/G1lEnWXdpDhKMf6Gai0BDRkoiTg8UPeduAJhJMS5R0aptOVEHqcUoByQydX787Xzs1zkb7R9HroAQqxZkN76Q==` |

+> | UAE North | rsa-sha2-256 | 01/31/2024 | `Vazz+KIADh85GQHAylrlI1tTY8/ckoRqTe/kbLXPmd0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDRGQHLLR9ruI0GcNF2u3EpS2CbHdZlqcgSR1bkaOXA9ZufHyxuhIpzG2IgYQ8wrjGzIilYds6UIH7CAw9FApKLNpLR6qdm8qjM0tJiyHLm3KloU27FfjCQjE9JhmsbTWCRH3N52A9HXIdiVCE3BBSoXhg/mF+3cvm1JvabKr1twoyfbUgDFuF7fDyhSxJ/MTig8SpgzWqcd5J+wbzjXG0ob2yWVhwtrcB6k97g25p77EKXo3VhSs0jN7VR+SAHupVwWsUgx4fZzi2I5xTUTBdOXW+e3EiXytPL2N5N/MtFKVY/JVhFkKkcTRgeuOds51tkByteSkc32kakcUxw6CjJ` |

+> | UAE North | rsa-sha2-256 | 01/31/2026 | `xkPKadBhJcbriHJ7u9rysvVUYJJ3BgmJ/tVmZ6Pdh9E=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCg0BnGxp2p73iSfklsC7oXdXMSwwl6ZWBXRbLOb50Q+Be/SXFm8i5pbQCoWQTV02/5zQIRjyPhHNrDLGgQG3FqpTWMe47T1OdMMYvBIzaI2KFvSRnKWPy0dGw9nowmwDUsHPR+I/MO0D6x1NgYwNmcIPzMzN81XnXB+U9yBCIR/dwgaUrw2LHE1gL4JDhIXGM7dZWpnoWtLtjjqJuoTy0CgL+sxsexRDXmpE0LujyzA2xWNWo7suF1HZmVPI1cFa8+UC+o24BlBtd4IU7otIX2qgkXyeMIJuRnT+THbEAvz7U9/QH1+WDC4Jy+vlitlulz2VHyf37cXQaq949UO1VB` |

+> | UAE North | rsa-sha2-512 | 01/31/2024 | `NDeTZPUor2OuTdgSjLLhSaqJiTJUdfwTAzpkjNbNQUY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDAx9LfiyVmWwGD/rjQeHiHTMWYaE/mMP6rxmfs9/I4wEFkaTBbc4qewxUlrB1jd7Se2a0kljI3lqQJ9h+gjtH/IaVTZOKCOZD8yV9Dh4ZENRqH/TOVz6LCvZifVbjUtxRtbvOuh1lJIVBSBFciNr0HThFMnTEIwcs5V48EFIT6eS9Krggu+cWAX2RbjM0VQnIgkA5BeM33MjSjNz86zhO+e7e1lhflPKL5RTIswtWbwatgkyvfM33pJql/zJz+3/usSpIA/pgWw23c8WziYXiHPTShJXN+N+9iLKf9YUkpzQUZSaRw8XDPyjJNx327Lot0Bh4YLpe37R0SrOvitBsN` |

+> | UAE North | rsa-sha2-512 | 01/31/2026 | `WW8903bkfHA2Gn59xbpwus4rOy//t2ND6iarME8FoX8=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCnVyU5nye5iPn93/4jxtW2Jwjm4qtFZ3EfIuAOR9p59Td6f1uz4+TkTdernYFZFs+2VYJaniX1YiugyGhfNCcxjl3kdE3uRsaDUswKuTgwVbHdD1eatOC9dMKaFDMyuJ9l3GY31+hvurmOxSWAMbr4EVWBiHIJFhRcp6PXh8U3Q3TcSw+hf4+XM+9+ffChn7m6jxkb6hCmGWmQeSLz16hUCtt4QD5UrZ7kWlTWek0MDtCDVcds86CDACopkLUuSxc1l7KmESnV2zl5E4A337RWhSxueSEpO+pPaMEwLDySKy4QWpuD1A6lUWMjCrYY+enPNOqWZOmG4UHtRz3SuR2d` |

+> | UK South | ecdsa-sha2-nistp256 | 01/31/2024 | `weMVzOmQnlMdMp5XBoU9SdN5meBbx/8nvA8dB45w8Ck=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEnBllEm4/HsTP+ZMhlc8YnSAYWF23tibZDqGxf0yBRTU/ncuaavuQdIJ5TcJb0NcXG7skEmq3StwHT0FPMWN8Y=` |

+> | UK South | ecdsa-sha2-nistp256 | 01/31/2026 | `O/fVBsiwFR71jWIDIR8kY8UeT3NVfyr3F5O7Zgd9kwg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO1pIStRDeGkyH3Qx+A6Uyoknzu3miYLzYYgDlsByz3TfuLmEheHtD/QnBRvPWF5IqmLZn/dz3xUJQi04lwrfok=` |

+> | UK South | ecdsa-sha2-nistp384 | 01/31/2024 | `HpsZ8zoOCCsUbpD3nAOtxpuKIvn0L8KGyg1KMLuMUqU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGd/672brwX1kOhH31ZTdBRj+bcEmemcdmTEe0J88cJ3RRQy7nDFs25UrnR+h3P0ov9Uq24EJQS8auxRgNCUJ3i3ZH9QjcwX/MDRFPnUrNosH8NkcPmJ/pezVeMJLqs3Qw==` |

+> | UK South | ecdsa-sha2-nistp384 | 01/31/2026 | `2waT1L91yV7OgudDQ7yfA9sk9jSmqrSX3cy9uA6MahM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBETAKzK2eYy1m0LxYvnGtu564RmVIgkYBfY8aBSbHUUikdAQLdfEDbDO4CaReHGMJpZk3CY/gGMcSjxmazpJq0B9L56Hj/Kp8uRciVJq9wEeRUML2Mh8cuz/JBwX9eVdYA==` |

+> | UK South | rsa-sha2-256 | 01/31/2024 | `3nrDdWUOwG0XgfrFgW27xhWSizttjabHXTRX8AOHmGw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCdLm+9OROp5zrc6nLKBJWNrTnUeCeo8n1v9Y3qWicwYMqmRs/sS9t5V3ABWnus4TxH3bqgnQW3OqWLgOHse/3S+K1wGERmBbEdKOl7A7kQ9QgDkWEZoftwJ9hp+AMVTfCYhcOOsG+gW021difNx+WW2O5TldL31pk+UvdhnQKRHLX31cqx5vuUmiwq4mlbBx+rY8B/xngP2bzx/oYXdy1I9fZbWWAQ6FwJBav1sSWL0l7snRdOsy5ASeMnYollEw1IATwYeUv8g3PzrryZuru+7gu/Ku9w8d5jbFyI6Up4KLwjs/gZNuqQ5dif7utiQYbVe4L0TPWOmuLA25JJRZaF` |

+> | UK South | rsa-sha2-256 | 01/31/2026 | `Ntdjy7uYiI3L1G+QeDK2UhrsLj4H4cLEF5GPFzwqqQk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Z3tBtO24z3kg76jT+sS7Np6cmvcSFLFTyDO1z28Ury1cnIk5WK9OjRuwlDhIfnR4mSMmcA1OuPzIGK4jIdMuj/Hy+YUF2D+jR8oUBCqZocbUH0rYEOCEo9U1n2vly5oYGTU3COqHId67eCQOs3C0hXU0Dpso+cidX0QkLArvmYvErpmg8a9EG+2Sbl4DQjAXY3HYBafl/2jkOcIVPW5Fw7Pdql/fWRC6CsinobdCaoFuqR5+VwMQPftKdD+HfykV38gjvUaNVIRyEfFkbMo1HQ+vTU04Bw612ka+xTf/npu/1g3AV9Tb3Xlr0gqoU5p7W1hAqJAZ1td9oTgE247x` |

+> | UK South | rsa-sha2-512 | 01/31/2024 | `Csnl8SFblkdpVVsJC1jNVSyc2eDWdCBVQj9t6J3KHvw=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDIwNEfrP6Httmm5GoxwprQ57AyD6b3EOVe5pTGQWIOzxnrIw2KnDPL07KNa33xZOmtXro5PYyhr5eNXUkFiQMEe+RblilZSNAvc4MHbp2TVD0L9N7Pdy2SetoF4m5BCXdC48kZntqgkpzXoDbFiaAVln5zQCHB5fOuBPS1id8+k3zqG0o+K0MHb6qcbYV8gdQeOn/PlJzKE4M0Ie8na3aWHdGvfJjDdK/hNN0J+eUK8qIb9KCJkSMDj/l3rnue9L8XgeKKA2Pkvh3nch4VBXCcCsDVhgSf+aoiJ0Fy8GVOTk2s7QDMzD9y37D9V2OPl66q4pjFGOfK0mJmrgqxWNy5` |

+> | UK South | rsa-sha2-512 | 01/31/2026 | `tS7jt1nZRrT+zXYm2U5uftS9o5l/ca53XWBFHYJrLAA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDXaUQJ4GSVIs/tdFCts+bOmOBEeJ85bMAt3A3u3G4IKa1N7rrzZEJOS6MGluyX9ldjihwHLrOQsce8W5Mb/I2iv84ywo8sE+OlgArvpydO9TaSMQU0/pXgxRn9BP3cfUxyvl5RZw+54Y5rQpP/cQZFjC9OpBRZhiaq8GiNbWwrvk3Zwo1eT8B7BEs4pLPEQpnGnicAywY1Dyk3cBIRNR8FFlK1by1OXr+ZpTWx6RX4WxMvmg6EHNqOUvls0G3/1oDq8Ap55DwXFI1aNCTLevJrf+N61rlJrzF5vRj3OFL7JgPyafXPRmMlgRX81K6La9oFWOk9oPSLvW2XD7YcM/dV` |

+> | UK West | ecdsa-sha2-nistp256 | 01/31/2024 | `bNYdYVgicvl1yaOR/1xLqocxT8bamjezGFqFdO6Od0I=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKWKoJuxB3EO5bKjxnviF+QTv3PBSViD1SNKbfj0qYfAjObQKZuiqcFYeDoPrkhk9jfan2jU6oCEN4+KDwivz3k=` |

+> | UK West | ecdsa-sha2-nistp256 | 01/31/2026 | `Y+t6kUTkav589Ri4L1AVG64Ugkf2g0XnHAkkQFE6+0o=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOypY+rnYWZPtUYshSwOxCr/HO5f8FrTayhjuqu5SIr6beRrNmI/5mg5V7mK75rbxzkDQBtdOg0UY5afhd12VBI=` |

+> | UK West | ecdsa-sha2-nistp384 | 01/31/2024 | `6V8vLtRf6I5BjuLgToJ1cROM72UqPD+SC0N9L9WG6PA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBA+7R/5qSfsXACmseiErhfwhiE7Rref/TNHONqiFlAZq2KCW3w3u8+O4gpJEflibMFP/Mj5YeoygdPUwflFNcST9K+vnkEL3/lqzoGOarGBYIKtEZwixv3qlBR+KyoRUkw==` |

+> | UK West | ecdsa-sha2-nistp384 | 01/31/2026 | `js1uEKB1mrXNBzdNuMS5kdCxLpAkcmhNLhSxbboWey4=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBCDTQUgC8WbfDZYtQYBCwjcyw69DUduYXmedfRS1sEKfVvQ6WIC3NmimGQ0l3hZqykOVIYZSmpoKZgbsJwuTbVQE3M+vu9ZElhyrds8QWMm0iNVKZCJwn5oxdLk+KPEe+w==` |

+> | UK West | rsa-sha2-256 | 01/31/2024 | `2NQ5z6fQjt4SZKdViPS+I2kX7GoXOx3fVE81t8/BCVE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNq0xtA0tdZmkSDTNgA05YLH5ZuLFKD7RbruzuL4KVU2In0DQUtJkVqRXIaB3f+cEBTs9QrMUqolOdCCunhzosr5FvCO3I6HZ8BLnVNshtUBf2C1aT9yonlkdiIyc2pCHonds8vHKC4SBNu3Jr584bhyan8NuzJqzPCnKTdHwyWjf8m5mB4liK/ka4QGiaLLYTAjCCXmaXXOVZI2u0yDcJQXAjAP5niCOQaPHgdGk6oSjs0YKB29V+lIdB8twUnBaJA9jgECM2brywksmXrAyUPnIFD6AVEiFZsUH3iwgFAH7O6PLZTOSgJuu994CNwigrOXTbABfpH2YMjvUF///5` |

+> | UK West | rsa-sha2-256 | 01/31/2026 | `x3DuKaxnJ4GPXUY3+TS6U+Y4MwI/er1315Wtf+GSiYg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDD5+oajaLstTLolvR2fWrU57xcIE0Ho64SXtj5rWJZmk/BlSwwNOKwYiNSSDgcQFYxKc9F/zudD/o55qj6NqHUurwtsXBKzUWZpb02yYsSu0S9BMym205LUIH5zOe/+t9BiILkoATLjxOMWmp0TDIEHMky6WiUKaCQM7JPdOnp6xaAM4ZSJNe0ut0TPRgof4zD0QbQ58TpJ8bIdD2YDnAdSj697cmyNwt4gDMv3YunG1A5KDYNmZe+BVBO8m8sbL0RwZ4LwfCSkorTNyQlIG684K9v4Awx1k+VDoi9hOXyCT+IvyhkZBtljKWTnhPESiI/sjdpz6MVQK3HUw70pQsV` |

+> | UK West | rsa-sha2-512 | 01/31/2024 | `MrfRlQmVjukl5Q5KvQ6YDYulC3EWnGH9StlLnR2JY7Q=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQClZODHJMnlU29q0Dk1iwWFO0Sa0whbWIvUlJJFLgOKF5hGBz9t9L6JhKFd1mKzDJYnP9FXaK1x9kk7l0Rl+u1A4BJMsIIhESuUBYq62atL5po18YOQX5zv8mt0ou2aFlUDJiZQ4yuWyKd44jJCD5xUaeG8QVV4A8IgxKIUu2erV5hvfVDCmSK07OCuDudZGlYcRDOFfhu8ewu/qNd7M0LCU5KvTwAvAq55HiymifqrMJdXDhnjzojNs4gfudiwjeTFTXCYg02uV/ubR1iaSAKeLV649qxJekwsCmusjsEGQF5qMUkezl2WbOQcRsAVrajjqMoW/w1GEFiN6c70kYil` |

+> | UK West | rsa-sha2-512 | 01/31/2026 | `xS56JtktmsWJe9jibTzhYLsFeC/BlSt4EqPpenlnBsA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDE7OVjPPfsIrmrg/Ec0emRMtdqJQNQzpdX1e8QHKzjZKqELTDxZFoaa3cUCS/Y+y6c/xs/gZDv0TU/CLGxPCoOyz2OhhTQnzRuWQRzgsgpEipHXHbHp3/aL0I346MmsEx8KmrrIootcP+K5RLDKlRGb62tOCEX+rls4EjAbNZBOnFAytg9h5L6crV4iGeRf0tAxh0VzYze5QmelWBViVfejV99e091CAU7SnBX5FUvuvgil03sZQz4lH2qdOwKBEpVuzSkueJWMIm+EpWwVcfqoPnwB+J4Srr4qIPdJk9FkSGF5E+8VtqTGe8I+3sNxUg1iwpUOtq+G3q6ueb5h4M5` |

+> | West Central US | ecdsa-sha2-nistp256 | 01/31/2024 | `rkHjcTK2BvryQAFvjugTHdbpYBGfOdbBUNOuzctzJqM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKMjEAUTIttG+f5eocMzRIhRx5GjHH7yYPzh/h9rp9Yb3c9q2Yxw/j35JNWxpGwpkb9W1QG86Hjt4xbB+7q/D8c=` |

+> | West Central US | ecdsa-sha2-nistp256 | 01/31/2026 | `9LD9RF5ZMvHPpOVy6uQ8GjM7kze/yn9KL2StDZbbWQs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA3aUdy4Z/P7X+R+BxA6zbkO96cicb9n+CjhB+y12lmF8vRLxfX03+SmiCul6+TTyuQYaW0AN9bcKDK4udy/H2s=` |

+> | West Central US | ecdsa-sha2-nistp384 | 01/31/2024 | `gS9SYvaH6dCqyugArvFb13cwi8q90glNaK+fyfPie+Y=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBD0HqM8ubcDBRMwuruX5zqCWSp1DaLcS9cA9ndXbQHzb2gJ5bJkjzxZEeIOM+AHPJB8UUZoD12It4tCRCCOkFnKgruT61hXbn0GSg4zjpTslLRYsbJzJ/q6F2DjlsOnvQQ==` |

+> | West Central US | ecdsa-sha2-nistp384 | 01/31/2026 | `8+sQzfhwPUFU8FsRTXr94dU9+RQ1Y+WSsRnAW2avOlA=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBK5YEuLSqd+FiuaJDVa0+YvluAjxJGGy2hhcTaSQYXKUG6UMpBWgvYN3yf7wT7JetiUcLc/LcGe1/V2gtZHMCOpYABumkWXVOfl98UDfzyHh+p6yn872y6v9KuVJjN/LJA==` |

+> | West Central US | rsa-sha2-256 | 01/31/2024 | `aSNxepEhr3CEijxbPB4D5I+vj8Um7OO6UtpzJ/iVeRg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDDWmd8Zd7dCfamYd/c1i4wYhhRnaIgUmK7z/o8ehr4bzJgWRbjrxMtbkD2y7ImjE2NIBG5xglz6v9z4CFNjCKUmoUl7+Le3Rsc5sJ/JmHAmEXb0uiDMzhq9f6Qztp+Pb9uqLfsPmm6pt1WOcpu+KNpiGtPWTL21sJApv6JPKU+msUrrCIekutsHtW6044YPXNVOnvUXv08BaPFhbpeGZ4zkrji0mCdGfz2RNcgLw0y3ZzgUuv0Lw+xV0/xwanJu4IOFI1X9Ab7NnoGMkqN/upBLJ4lRhjYVTNEv01IX2/r5WZzTn4c38Nfw4Ma3hR0BiLMTFfklFVGg2R64Z7IILoB` |

+> | West Central US | rsa-sha2-256 | 01/31/2026 | `GOVwLTexmpNcGW0BJ5vXcM7K4Dy8OyLtFHEKSOFU2Vk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC12vm3S6iVMKIGxwRyaaEr5NI7EG5ttvB8gvq03LAs0WRXlSUxswM85GlbSS40OKZWe3SxEuu5uc9mL908ilVi7YQqw11ZK+7P+tljIMMmirFoeQlCdJzVjbhqgS/xe9tsKvDxOch2IBpJTEqbA6FgI2+kS0gVR1a4NehhWdm3wEcCsFEbe/tRAKrlWHPq2+bGyZIOQkArANX9CMkMUT0d2fORyl8eH0vU9w3Pg6RdHpRBPPgGcmHpv0cxE8l8rbGyM4+tx+stmnJpjF92HWPEDb1crtatPQvRkXeP+qJIHvUD1USdeEBo2bJBPpNfHqNZ/x+0TDanpYwdzFuc52zB` |

+> | West Central US | rsa-sha2-512 | 01/31/2024 | `vVHVYoH1kU1IZk+uZnStj3Qv2UCyOR9qVxJfmTc20jQ=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC9Q8Tvvnea8hdaqt+SZr4XN1JIeR43nX6vrdhcS6yyfRgaTcEdKbAKQbwj9Fu3kq80c4F+SNzh1KQWlqLu3MJHSaSdQLN9RaHO1Dd+iVK1WgZtsPM9+6U7wupMZq8Hdmao5sqaMT5lj7g+win2J+Wibz7t8YwS7g2Xi+ode8tFPFKduZ5WvKLjI0EiAS4mvcyWEWca142E8fxV9TobUjAICfgtL4vCpmLYKnSL/kUgplD0ow86k/MHp9zghDLVSVDj8MGMra+IJEpgHOUrFNnuyua2WSJVuXR2ITfaecRKrGg7Z4IJzExPoQzDIWdCHptiGLAqvtKT0NE2rPj9U4Rp` |

+> | West Central US | rsa-sha2-512 | 01/31/2026 | `105lnhGDVhkt7/KbNWNW1sMT6ezj6HYdGedf2a8tzLo=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDvHbPUEzQXOZzJI2lGWDKHXztBsdwleqeQKGKfJzPlZBDtfPakRWs5BhkXBYm6hqGDO4k1huAZKqS+C1Xv/rbaY+8NkC66NLw2VyhxRLzNvOAUWcEiMji6Q7mErii0cZsjNNtnsQZj36iFGHcSihjeU55EOPt1mvo8QquqNdvBKApQ96fqy0xLoQv1JVg/CgQxv4hVkq4/yPfHZWyU29EjhHZdYwIDU6DFn1UwQw0pixnB31sFTQhYnxpMAk1xj2qkh0UiNMZThRVy/giE3OzzVcDD7bH1bZmFSAX29f8EiUEMeisHEKsQsjjGyPSQD544U4vXIznbgdHKvHNhFluJ` |

+> | West Europe | ecdsa-sha2-nistp256 | 01/31/2024 | `0WNMHmCNJE1YFBpHNeADuT5h+PfJ/jJPtUDHCxCSrO0=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBANx85rJLXM8QZi33y8fzvUbH+O5Cujn0oJFDGQrwhGJQTHsjIhd5bhFFgDvJ64/4SGrtP1LHDKLwr9+ltzgxIE=` |

+> | West Europe | ecdsa-sha2-nistp256 | 01/31/2026 | `7Lrxb5z3CnAWI8pr2LK5eFHwDCl/Gtm/fhgGwB3zscw=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE/ewktdeHJc4bH41ytmxvMR3ch9IOR+CQ2i2Pejbavmgy6XmkOnhpIPKVNytXRCToDysIjWt7DLVsQ1EHv/xtg=` |

+> | West Europe | ecdsa-sha2-nistp384 | 01/31/2024 | `90g+JfQChjbb3OOV0YIGSVTkNotnefCV2NcSuMdPrzY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBNJgtrLFy2zsyhNvXlwHUmDBw1De++05pr1ZTxOIVnB17XZix0Euwq/wZTs0cE01c5/kYdAp+gQHEz594e7AQXBTCTqUiIS1a4+IXzfiCcShVfMsLFBvzjm9Yn8qgW9Ofg==` |

+> | West Europe | ecdsa-sha2-nistp384 | 01/31/2026 | `UpzudqPZw1MrBiBoK/HHtLLppAZF8bFD75dK7huZQnI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEDYr3fSaCAcTygFUp7MKpND4RghNd6UBjnoMB6EveRWVAiBxLTsRHNHaZ+jk3Q8kCHSEJrWKAOY4aZl78WtWcrmlWLH8gfLtcfG/sXmXka8klstLhmkCvzUXzhBclBy7w==` |

+> | West Europe | rsa-sha2-256 | 01/31/2024 | `IeHrQ+N6WAdLMKSMsJiML4XqMrkF1kyOiTeTjh1PFyc=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDZL63ZKHrWlwN8gkPvq43uTh88n0V6GwlTH2/sEpIyPxN56/gpgWW6aDyzyv6PIRI/zlLjZNdOBhqmEO+MhnBPkAI8edlvFoVOA6c/ft5RljQOhv+nFzgELyP8qAlZOi1iQHx7UeB1NGkQ5AIwNIkRDImeft9Iga+bDF6yWu60gY43QdGQCTNhjglNuZ6lkGnrTxQtPSC01AyU51V1yXKHzgaTByrA4tK6cGtwjFjMBsnXtX2+yoyyuQz/xNnIN63awqpQxZameGOtjAYhLhtEgl39XEIgvpAs1hXDWcSEBSMWP4z04U/tw2R5mtorL3QU1CmokWmuAQZNQcLSLLlt` |

+> | West Europe | rsa-sha2-256 | 01/31/2026 | `m/p8MR6TSI/yjFpm0REBHzb+8MtSOKLhqgijeVFKX54=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCdC6asS58EMYOBJe6HXlOIeVdKIQ0MI7ZxUVrFIc7wylNm5d0dEQUrg6hpq7m4jFPY08TptGf0AAd75JqDDyXeVv6p78NclbYiFESc8HsDhM5gc0Co+qjQRXzrfhFa4o/BJQ9V/MIo0Ir4RfFMkjFVrZSa/IS3DFvjZkmcP1oGumJ0re1pZK2dHoxH9foEbqG2j93XclQECm/RYmaobJ6DwXWhWuFTgu2C+GE2yvi3lP1NZPrROR2VVA3xRNfPeBSsxNyEVI5EpDfAIMfUGzB1uH6Hb4P2wQmTtiDOY4hBWYNzwJyllSiGNJ26ZETgK7uy6rwCPj75NnY1hFF7wM89` |

+> | West Europe | rsa-sha2-512 | 01/31/2024 | `7+VdJ21y+HcaNRZZeaaBtk1AjkCNK4weG5mkkoyabi0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDYAmiv6Tk/o02McJi79dlIdPLu1I5HfhsdPlUycW+t1zQwZL+WaI182G6SY728hJOGzAz51XqD4e5yueAZYjOJwcGhHVq6MfabbhvT1sxWQplnk3QKrUMRXnyuuSua1j+AwXsm957RlbW9bi1aQKdJgKq3y2yz+hqBS76SX9d8BxOHWJl5KwCIFaaJWb0u32W2HGb9eLDMQNipzHyANEQXI9Uq2qRL7Z20GiRGyy7VPP6AbPYTprrivo3QpYXSXe9VUuuXA9g3Bz3itxmOw6RV9aGQhCSp22BdJKDl70FMxTm1d87LEwOQmAViqelEeY+DEowPHwVLQs3rIJrZHxYV` |

+> | West Europe | rsa-sha2-512 | 01/31/2026 | `UOJXkaV/Dphq7zGqbzdcMhKBYg5PKVoDA9d3FKoxoWI=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDFkp12XZbCzf2hNsxHuiPErkpOaEy89scBSZWZqIQdh2oEXuIS5IgxLkgcZ1oYaNh8QCHiKFH1d8TkYn37OqGGeRhHeshiusU7e6e3az4vcotyYs9vgJIkLkH+lbPL1u6AbnrT58CP/3hAgRX9OAsQiyNcK+9zmlV0wNhp8HlLSpV7EkLcD4HGMsy8h+TIczzM3PA20aRQQH1pcF55u+oULVR4bETJ2ZjQgW/Op90oagdtvNGyIlEKzHD2O8i+mW0OuMoMq1lRUEsL436MZ5h1EnolstvFZqGo2SUM6LTyNHYVDAxuzBAqG11XymsGJSGah46HrHzEKDHALm2DT0X1` |

+> | West India | ecdsa-sha2-nistp256 | 01/31/2024 | `t+PVPMSVEgQ3FPNploXz7mO25PFiEwzxutMjypoA2DM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCzR5dhW3wfN5bRqLfeZ2hlj7iRerE4lF5jk+iQl6HJHKXIsH6lQ63Wyg7wOzF65jNnvubAJoEmzyyYig+D3A+w=` |

+> | West India | ecdsa-sha2-nistp256 | 01/31/2026 | `fqnnguov0esOCv5kzyNu+QB/OdgLfJRFQiX1ZcBL9zk=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJerCcVxwdgkwow5l62SLJdDGAkLU5274U+3Y0KXtn5jMffsvVPbYBp+xpzV7C/9hGvSjarTA2zZS+x9mmINLKs=` |

+> | West India | ecdsa-sha2-nistp384 | 01/31/2024 | `pLODd+3JNeLVcPYYnI0rSWoemhMWws0jLc3J8cV6+GU=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBL2PEknfZpPAT4ejqBJW8InHPELP1G7hGvroW5J3evJr8Qrr//voa6aH8ZF7Ak0HcVVOOCSzfjcEpZYjjrXrzuCOekU48DkSF8i1kKqV4iXejNNQ1ohDCbsiAyoxQMY9cA==` |

+> | West India | ecdsa-sha2-nistp384 | 01/31/2026 | `UjeoSwhOAV7RXh9oyGDVn9SLqKYkP7yeQR1V7uQozrg=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGs53qZH59WZCV1Cyk6qCHhGZOvwRLQxrl20t9D1Xit2dzM5LxJTmUHWx0iiCetUu2+btDi3QVoU4RjUkC6gVNV997fPhaCPwtskXVEfwUjGDn2lKo/5Zz6jg3hWbV4C2g==` |

+> | West India | rsa-sha2-256 | 01/31/2024 | `Fkh7r/tOJy1cZC6nI75VsO1sS3ugMvJ56U02uGGJHFo=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDHCzLI51bbBLWK7TcXvXvEHaLQMzuYKEwyoS1/oC5EN3NsLZl4BV5d2zbLETFDjsky/btWiAkCvHuzxealxGgzw69ll90aWSOEY/epaYJvueOTvGy4+rJY8Xyc64VdHml8n3EEZTQmBEi3Tn6bViLwvC0iT2/noLeYGXh0/NL0T3BeblwSm3cNXyemkBQO/zyYcchqRtKJu8w8brYVZYFINlTeBu4LyDP1k9DMtuewGoeH8SmvDxUmiIGh2VDlPmXe3IkMR0nSgz10jMl3F0fei7ZJ+8zdCVbBuIqsJf+koJa/q9npstWGMFddMX3nR0A3HnG4v5aCAGVmfl11iC0J` |

+> | West India | rsa-sha2-256 | 01/31/2026 | `6o6rED61qGbOmiYN+2ZwFqhKy7yYACvHKEchCDE5DQ0=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCpdKbl4v4dOTnRaSv/Y+d/yZVgg6841dCembUsn9SZ/oTGeNojSqf52qDYpeTosWBXzFBhVVldeXU8F6lEIMaHXmWMtqgcXkEGj/dteA+CNWiP96PFGp2Ea6YQk7EDanEeG8VJnCbdXuhMlx/f1+evZKAradA5tBQsx8o/KcqlVj7YRcwVcuT7uCd3E8IEqfUkxixP/60of7UrP1e5n8FW+7yN6BOW/DI8hXPEGt30xW1cb2m+sYY7wKbPElJ35XSwji2UOUrH0EQxCHvUiXi/y27Js7bB0iMb/acEUseEnewOWg24766FeGsI5hFI/gMEwmo7LOiIK48pbhrR0evh` |

+> | West India | rsa-sha2-512 | 01/31/2024 | `xDtcgfElRGUUgWlU9tRmSQ58WEOKoUSKrHFDruhgDIM=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCXehufp18nKehU4/GOWMkXJ87t22TyG5bNdVCPO2AgLJ88FBwZJvDurLgdPRDRuJImysbD7ucwk2WoDNC39q0TWtCRyIKTXfwvPmyG+JZKkT+/QfslMqiAXAPIQtVr2iXTeuHmn3tk+PksGXnTwb3oFV4wv40Wi1CbwvtCkUsBSujq4AR7BqksPnAqPrAyw+fFR3w4iD3EdtHBdIVULez3lkpMH/d04rf2bjh6lpI9YUdcdAmTGYeMtsf/ef8z0G2xpN2aniLCoCPQP85cooKq7YEhBDR8Lzem3vWnqS3gPc4rUrCJoDkGm0iL/4GCWRyG+RPi70WSdVysJ+HIm0Ct` |

+> | West India | rsa-sha2-512 | 01/31/2026 | `MhWWguOBOabnBUZj7sfAi/bjlt+FLnbpdveOo8a55RA=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDD/dgokjPgehyaJKnjsKwHVuiq6vAkdEYIhe4Ug7Cxw+yfSdH53mXZEtMHK8aCWqR1RDq9tJDlJMTIQbTJzRN0btX4uYT2UD4TU/nG3IpZhtebTFIbf6Gc76jN91jpkZhwQ9LBtf53KFwgHb1Ll2mwROVblDOmVN335kxyz1xTnHzNYZgMLxyIyihPlipbUkiAwXAm5Vsfpj/eHlcTINZUZUAP0bRTRrqWPpjJY92am0plMn0rqxhCeiUDApXzOSzxoFEqShcBGAEecR1DlvXTDwBLsY2ZAp2G52BhWzppHmfwzc0wH1O3QvzghwJ0erx4VatorLtUiSvq+Nc7caT5` |

+> | West US | ecdsa-sha2-nistp256 | 01/31/2024 | `peqBbfcWZRW4QzLi69HicUUTwdtfW7/E9WGkgRMheAo=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBcTos/zmSn15kzn1Lk8N8QQh9hzOwqOSOf/bCpu6AQbWJtvjf1pHMuZlS2PpIV7G+/ImxXGpqpHqQlcD+Lg8Ro=` |

+> | West US | ecdsa-sha2-nistp256 | 01/31/2026 | `wperGSrWWXuMxThLydo9c1vl9FBXDsJndwHu8x2qx+s=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKW5TfLgVBOzf/MlenMuKtG/Es1rejUEQr1OQqf/IrKUSt5dijkoCJpxlRupa8DTZHM+6SzUZ4DyHhi2KLXLr3E=` |

+> | West US | ecdsa-sha2-nistp384 | 01/31/2024 | `sg63Cc3Mvnn9hoapGaEuZByscUEMa+xgw/3ruz49szk=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBGzX2t9ALjFwpcBLm4B0+/D47PMrDya0KTva5w4E5GZNb5OwQujQvtUS2owd8BcKdMBeXx2S7qbcw6cQFffRxE+ZTr4J+3GoCmDM0PqraXxJHBRxyeK6vlrSR8ojRzIApA==` |

+> | West US | ecdsa-sha2-nistp384 | 01/31/2026 | `x7dfHFGCUko41YObPl0UTf11dd6rcl96gdzhBGsRqKI=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBMz4aRR1X8ft8T6/oUNuCRNXbajgaSyKxKOe3OlkHHWGxu1vP0h9I8dHPzlG/yB796xg2ygFe/h3TaFVujYZNmP4M5uWmhxahJ6hceYRQp7EKv4n3SR2kNGSngRkj3EdZw==` |

+> | West US | rsa-sha2-256 | 01/31/2024 | `kqxoK1j6vHU8o8XyaiV87tZFEX9nE6o/yU0lOR5S6lE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDAd7gh0mFw3iRAKusX3ai6OE0KO5O2CMlezvZOAJEH88fzWQ/zp0RZ1j7zJ8sbwslA6v3oRQ7Cx9ptAMTrL8SW4CZYcwETlfL3ZP39Llh+t7rZovIgvCDU0tijYvsa1W0T9XZgcwWEm6cWQzdm+i9U0KUdh7KgsubPAhGQ7xrOVEqgB9MYMofSSdIfKMt8K7xOSam6mhWiTSSIEGgeMTIZ9TgXkgAEJ8TNl3QHRoM8HxMnRFjtkXbT3EeSg6VOqi69Cei3hrmS64qvdzt2WwoTQwTFjxHocWGgA+Ow53wqWt8iYgOudpoB1neXiIcF4p0CN8zjvXNiRbZPg9lXFM9R` |

+> | West US | rsa-sha2-256 | 01/31/2026 | `/0XElvAnzA260jbgxbbbW4ZktmIJBTR/I/8r+ap7d5g=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDctdy9TQF` |

+> | West US | rsa-sha2-512 | 01/31/2024 | `/PP9B/9KEa+QUyump1Yt05Lfk0LY/eyQhHyojh5zMEg=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC8R8bFe8QSTYKK+4evMpnlB8y0rQCqikTyviqD4rva7i4f1f/JxmptJQ/wkipHPXk6E7Du6oK/iJaZ+wjZ03tNIWwAGn0SdlTvWuwQwigK9k3JRlLYO+Uj/SSnBQWf8Dmp+cA6RDalteHpM2KwaUK65BHYC75bWKHaNntadTIU4kQ0BvFzmNRcJWL6otd5RkdYXjJWHu21zcv4EpRHGmVCD0na+UWce6UGDbLDtsZVJd2Q7IyeTrXpWxEO0fFN2Gu9gINfWC1FpuffGaqWSa4nK69n39lUKz4PUdu6Owmd9aNbLXknvtnW4+xGbX6oQa8wYulINHjdNz8Ez6nOiNZ9` |

+> | West US | rsa-sha2-512 | 01/31/2026 | `SWWxUUOar1u0jPPi4XjB5Ml8LVRI8FWCMKVR+vN3uKs=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDWNjo16W9rd72PATIzhqQfGdzY/3YkuPRtmHa0VashniM2Edqmqtjn/8Z/CFmWA1wS0CulgqLvZ9UdtHUegiJdrrY++HBGCv4DC6YcXAMczhlYDB1qMap0ELFVjqVdGe1w8tzhO02q5hhn9LdaDkyGVuaEPkzVYbRoGEYpTszFcLUJ1isCDRX/41Ek7ELyHUgv8TEyMMZ5ndqB9xuA2BcwR+8U0+3iHY0JhwAQZvRyzeipUh0S3eEF96IraMvMCAg6hA5axlEZYC/t1ZoRnmdAuNpFwRCQTd0tNL8g+nTE1GK7SoITSl1/YVfTqtiisFCoDrEHWanrdFiBogZQB1mh` |

+> | West US 2 | ecdsa-sha2-nistp256 | 01/31/2024 | `rt5kaA0neIFDIWTP2MjWk9cOSapzEyafirEgPGt+9HM=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKEKP+1QZf3GfEvkNZtzoKr05iAwGq+yPhUsVdyA7uKnwvTwZAi7NBr4hMkGIIdgQlGrMNNXKS0V+rhMNI1sH48=` |

+> | West US 2 | ecdsa-sha2-nistp256 | 01/31/2026 | `68JQ/P3TUrEAk2hMHXUF12kiH+J1s4wNbw2QsGHiX6g=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKVvUWrwtZRU8DdawVrzYz6zLkmjC/I+chcu4KxSwUnHP/QyEcKJHbP45XU5dQ884MKKV4jo+8jXwjdzOx/f/kk=` |

+> | West US 2 | ecdsa-sha2-nistp384 | 01/31/2024 | `g0vDKd4G5MKnxWewbnCYahCv1lZgfnZeEXfPAhv+trs=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBB1+/Qu9Y1BqqV3seN0+0ITYCueuv0TFAnfG9z1Io8VYjmxLvdmaDvTi9kJ0ShjFJRKjbCfYKNekqYZDW4gBfmE9EyvMPI6VXPVLNY3TQ/z+Y7qO/oa28cSirW9fhp7vbA==` |

+> | West US 2 | ecdsa-sha2-nistp384 | 01/31/2026 | `uUGvuCxgDLpe1SHg7gwm98iqzdw3NBKcg2UWPhfZ5hE=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEYPlipfp0E7RMEm+82OTZDCRM2Ll7Ag9g0o/RFzNNs5KbSbwjfBFSq8W1+DM/m1s45I+LY12jxPNs+8tRbNMARl3rnG8ZC5oSDPtQNsedIhkNzFvaMl9DVSdfWJ/1nflg==` |

+> | West US 2 | rsa-sha2-256 | 01/31/2024 | `ktnBebdoHk7eDo2tvJuv36XnMtfauhvF/r0uSo6DBfk=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDoskHzExtM+YSXGK6cBgmnLlXsZLWXkEexPKC7wHdt0kSqkIk9F31wD+2LefZzaTGfAmY5/EWrOsyBJvIgOoksH+ZPMnE9+TOWqy6vsS+Ml/ITvUkWajS1bKDPDSoIrCM1rQ9PlbgMQFg4o0FfyxLVCP7hcgvHO+aycOxkiDqtvwANvIn2Qwt7xwpIv1Mnc4OpcBSxbigb7ISlrvR9XWivE/piWjXS3IEYkGv7VitAlmWEoTt9L7K94bYol2nCXSXJ33X6xVVwVNpdxVtnUQBIRinN+vkOccgG0jvWtWPtrMjyDg/lyvr6lBdO/CQy4VO4VrIBuL6pjsS8KfIfTxKd` |

+> | West US 2 | rsa-sha2-256 | 01/31/2026 | `WOdi+FVzlkWLhCdljVB8m5QUGP7i9BQv+TX5dRflO64=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC9FWlQHNtLZy21Wfi9I8t721lWp30x5TjvfmoMAO/wc/ktmoQySpUJltSgGTR+LCbCvgdKE98AxoRaJS/9x4HFW6/amYIy53F/YKgybul6udkoqWQ1mdul6y4BeLjKyZs6wW9H1NwCDIBApgVfQCpIbenZ7xeiz8z4lZeYxFcHWqR6FfrTztTwx+6cuwu0276piJ4TZCj4aCt8AZSR8nsQy6Plrcti1BMKzbkqSa5pwSIxiKyUATW2enQAVz6hINPw6tr/J7/IlW3612YwgnpR1/qedpUDkrYw34O2slfOXz4d7bSbWD+WoRXMT1bGuqXzgvtQH7MDrZ2q1w4nNfqZ` |

+> | West US 2 | rsa-sha2-512 | 01/31/2024 | `i8v3Xxh/phaa5EyZEr5NM4nTSC/Rz7Nz0KJLdvAL0Ls=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDOOo5f0ACypThvoDEokPfzGJUxbkyMoQKca9AgEb3YkQ/lsYCfLtfGxMr2FTOGQyx5wfhOrN0B2SpI4DBgF3B0YSLK0omZRY7fpVPspWWHrsbTOJm/Fn7bWCM+p63xurZ6RUPCA6J1gXd3xbdW7WQXLGBJZ6fjG7PbqphIOfFtwcs/JvjhjhvleHrXOtfGw9b4Jr8W1ldtgKslGCU1mnUhOWWXUi+AhwGFTI0G/AShlpX8ywulk2R+fxet3SNGNQmjydnNkcsrBI/EMytO1kwoJB3KmLHEeijaQzK7iJxRDZEHlHWos6G7jwaGPI4rV5/S1N+xnG+OhCDYAUbunp5R` |

+> | West US 2 | rsa-sha2-512 | 01/31/2026 | `tIgpJAxfZKsvi3k9uaw7+ZjBnjATmwh5gP4PEhv1/o4=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQCukOsbGJpfRbExD2qR7RjjSNYuN0gGKTT9bkFQ24zZ+rqNCpLbg6PDISfVbPGs6rC4nwL4IaUySgmN8F/8Im0A1czVtnSsL2k0kdpVCQAaH1E8fV1lqKphKayZ3b4zzfuA9+DKQ06yPr0PmO3mUOVAv/CCBxRNpVj92P9f/CTY9wQpBSsJhl5XTAQhgTlQLcPmP9JMrSavMCnx3ablh8xrAwGcsNUBHc43KmA3CMTD3+MF4eAWmWxvzdNzrSVu3pta2yz1N8vnP0WGUBM6kY8KB2KClKkzms2kIFx2Fe2pfn1LU/SYX0MGuhKc0n/CWhzmckSDIOyWcYsTpiqwsAoV` |

+> | West US 3 | ecdsa-sha2-nistp256 | 01/31/2024 | `j4NlZP/wOXKnM3MkNEcTksqwBdF0Z46+rdi2Ic1Oj54=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBETvvRvehAQ2Ol0FfTt649/4Xsd0DQQ7vyZ666B92wRhvyziGIrOhy8klXHcijmRYRz3EjTHyXHZ4W8kcSKB4Lo=` |

+> | West US 3 | ecdsa-sha2-nistp256 | 01/31/2026 | `6p/fmVisz/bHbuWC7UucbAnBdgK4WQVkw6zzhvFhHFY=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHpgzFgmBhkzPGtDbZDxFkPf5002g5lNWvDTlmwr0w9iFcZpFo3nmb7P8hwmM1fuIIY3TP975fdWQksb0BalCVQ=` |

+> | West US 3 | ecdsa-sha2-nistp384 | 01/31/2024 | `DkJet/6Pm6EXfpz2Ut6aahJ94OvjG3R7+dlK0H4O1ts=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEu+HpgDp0a02miiJjD5qVcMcjWiZg5iIExECqD/KQVkfyraJ3WZ8P28JwB+IYlEGa2SHQxScDjG2t3iOSuU9BtpA0KK5PGtu3ZxhN1UmZbQgz6ANov7/+WHChg7/lhK0Q==` |

+> | West US 3 | ecdsa-sha2-nistp384 | 01/31/2026 | `IOHDwYcDq5ViVX2BntqQIr97N4H2EHpnJj6VYSxvU/g=` | `AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBL2+D84rmQmiBXCyc3gEfLILeR1uZ47BSs0iPqr81qwVnbkhKgNu9yvBwEg+nzbNTK+po/3RSvHau3OGhkJpyP8V9WPPvSaJ/LwK7snZCxdP1ikGBD1sNlZuR/vjgFiVaw==` |

+> | West US 3 | rsa-sha2-256 | 01/31/2024 | `pOKzaf3mrTJhfdR/9dbodyNza30TpQrYRFwKAndeaMo=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQC0KEDBaFSLsI28jdc854Rq6AL9Ku8g8L+OWQfWvb1ooBChMMd/oqVvFF9hkLzJ8nFPQw7+esVKys5uFwRTpBNuobF/RVtY0zLsNd+jkPxoUhs7Yl0hI2XXAPdp3uCsID56O+OrB7XbOsPCrJ2aXfiaRheRQg84/92c357uQ/epsva8XCMjIIGOAyEL6d4mnCNJ2Y0mXPJT1lfswoC8i2GSUKdJZhTLCe9zVDvTCTWuZJSH3A8nM3RVtnNgMXfNjh2blwW9YFv5BrMOXA205fahuDcPjwvXo9OMfEneDsrODmiEGYzbYLby/5/KPzz5OVn7BDJma6HL0z07i3PmEzXN` |

+> | West US 3 | rsa-sha2-256 | 01/31/2026 | `WhO1GOFFnv576OFBhEkwtMbBgJdT3FYJeSJzkhEHk6c=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNFP6+UHbTOg4y0RuFS7R/Oqfag5Z7oWy5Q4//saANnPR7387auC1MGHuMAiP++LHlJTTL6/6nwL0gGnhE4ax6eOMj6TP+UnNfSgAmovhnBs0BULnIEpQkCBqawX5llUPYoG1mx9hXW+QPwpsEeK9USMz1uO2O3owTasnIhs0mJuEJVxRK+7bqDjY2+SsKnrMFO/nf62tHr/UfQ1bruCkznkpFctXbdCT6Tg8J2dO1KAIjqq2GiH/dtrS2hGTLdWgVZ1Pqt7b1Gebmeqm3jKK9Z2WaczhA+C3UF6MTCTsatf3Qv5mVnc8ZM5ggK3RsLQJ4zVxy+v7sqwSXjteVVIHN` |

+> | West US 3 | rsa-sha2-512 | 01/31/2024 | `KKcoWCeuJeepexnJCxoFqKJM88XrpsPKavXOoNFEGuY=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDNzhiVgDjCIarGEjKgmSxRh4vWjV6PxFbNK3cD0M4jWGlxPx/otJNEXCMee0hW29b7bwo2+aiyv3AEt7JYTeM/G9SHmenU6MTpqD/lC/LABtqTB7EV9FIFkc8MbbOvEkdTnRJw1d09MTqqwbkR9wq297AWggSzCuPDqMq+268UzsthMzODRVqW3yTr3M6vhlBCPfN5ptcvYwqRaa7Yhe4bdRZ+xYB5I2+ZMkalfn7SQiySSgAGjUJxrxK+LnJKSi32CfqTU8KjWNjCc40eAqexLFjg6AN9BtC0+ZYcD2KQmeqJ8oRCWw9r4CsaduSmcjc7XD75RKGdArjYzjeiVSlt` |

+> | West US 3 | rsa-sha2-512 | 01/31/2026 | `cscyajoE/dnuL7mKJItZIPne/VJeChRoNXKtt8pbniE=` | `AAAAB3NzaC1yc2EAAAADAQABAAABAQDMvb8yWNpx/F1X9ufh1kspD9nlNHJjx9KRbD5qNnk0g+dRgh0NurDdrP6GbEX+MtxbniVxyQd5lW97quIZWhsy94cWO7yAefJzH6LL5ZoBKftt24W/dRBAz6A2RNy5CcRD3H+5beTX3wiM5PaeTvPb2n3k3S/kv5dx3CDZyThKNQlWw957HrqWXBw5Y/urjaFoMc2zykbuYfHDWweD6XhsD+KHDUfvx6LyhrPy35Ur0dwS1V+2RQn9GK1cT7JhjTqLtH6LT9wvN223EwmmMR9MOzt0PFM82KPmTPAYgh0pYsiCyebm7D9lfEKCf2V53xzsfMd5PyNFLUwX3UtibfIh` |

+To learn about copying blobs using asynchronous APIs, see [Copy a blob from a source object URL asynchronously](#copy-a-blob-from-a-source-object-url-asynchronously).

+- To use asynchronous APIs in your code, see the requirements in the [Asynchronous programming](storage-blob-python-get-started.md#asynchronous-programming) section.

+## Copy a blob from a source object URL asynchronously

+The Azure Blob Storage client library for Python supports copying a blob from a source URL asynchronously. To learn more about project setup requirements, see [Asynchronous programming](storage-blob-python-get-started.md#asynchronous-programming).

+Follow these steps to copy a blob from a source object URL using asynchronous APIs:

+1. Add the following import statements:

+ ```python

+ import asyncio

+ from azure.identity.aio import DefaultAzureCredential

+ from azure.storage.blob.aio import BlobServiceClient, BlobClient

+ ```

+1. Add code to run the program using `asyncio.run`. This function runs the passed coroutine, `main()` in our example, and manages the `asyncio` event loop. Coroutines are declared with the async/await syntax. In this example, the `main()` coroutine first creates the top level `BlobServiceClient` using `async with`, then calls the method that copies a blob from a source URL. Note that only the top level client needs to use `async with`, as other clients created from it share the same connection pool.

+ :::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob-devguide-copy-put-from-url-async.py" id="Snippet_create_client_async":::

+1. Add code to copy a blob from a source URL. The following code example is the same as the synchronous example, except that the method is declared with the `async` keyword and the `await` keyword is used when calling the `upload_blob_from_url` method.

+ :::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob-devguide-copy-put-from-url-async.py" id="Snippet_copy_from_azure_put_blob_from_url":::

+With this basic setup in place, you can implement other examples in this article as coroutines using async/await syntax.

+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-copy-put-from-url.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-copy-put-from-url-async.py) code samples from this article (GitHub)

+To learn about deleting a blob using asynchronous APIs, see [Delete a blob asynchronously](#delete-a-blob-asynchronously).

+- To use asynchronous APIs in your code, see the requirements in the [Asynchronous programming](storage-blob-python-get-started.md#asynchronous-programming) section.

+## Delete a blob asynchronously

+The Azure Blob Storage client library for Python supports deleting a blob asynchronously. To learn more about project setup requirements, see [Asynchronous programming](storage-blob-python-get-started.md#asynchronous-programming).

+Follow these steps to delete a blob using asynchronous APIs:

+1. Add the following import statements:

+ ```python

+ import asyncio

+ from azure.identity.aio import DefaultAzureCredential

+ from azure.storage.blob.aio import BlobServiceClient

+ ```

+1. Add code to run the program using `asyncio.run`. This function runs the passed coroutine, `main()` in our example, and manages the `asyncio` event loop. Coroutines are declared with the async/await syntax. In this example, the `main()` coroutine first creates the top level `BlobServiceClient` using `async with`, then calls the method that deletes the blob. Note that only the top level client needs to use `async with`, as other clients created from it share the same connection pool.

+ :::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob-devguide-delete-blobs-async.py" id="Snippet_create_client_async":::

+1. Add code to delete the blob. The code is the same as the synchronous example, except that the method is declared with the `async` keyword and the `await` keyword is used when calling the `delete_blob` method.

+ :::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob-devguide-delete-blobs-async.py" id="Snippet_delete_blob":::

+With this basic setup in place, you can implement other examples in this article as coroutines using async/await syntax.

+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-delete-blobs.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-delete-blobs-async.py) code samples from this article (GitHub)

+To learn about downloading blobs using asynchronous APIs, see [Download blobs asynchronously](#download-blobs-asynchronously).

+- To use asynchronous APIs in your code, see the requirements in the [Asynchronous programming](storage-blob-python-get-started.md#asynchronous-programming) section.

+## Download blobs asynchronously

+The Azure Blob Storage client library for Python supports downloading blobs asynchronously. To learn more about project setup requirements, see [Asynchronous programming](storage-blob-python-get-started.md#asynchronous-programming).

+Follow these steps to download a blob using asynchronous APIs:

+1. Add the following import statements:

+ ```python

+ import asyncio

+ from azure.identity.aio import DefaultAzureCredential

+ from azure.storage.blob.aio import BlobServiceClient, BlobClient

+ ```

+1. Add code to run the program using `asyncio.run`. This function runs the passed coroutine, `main()` in our example, and manages the `asyncio` event loop. Coroutines are declared with the async/await syntax. In this example, the `main()` coroutine first creates the top level `BlobServiceClient` using `async with`, then calls the method that downloads the blob. Note that only the top level client needs to use `async with`, as other clients created from it share the same connection pool.

+ :::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob-devguide-download-async.py" id="Snippet_create_client_async":::

+1. Add code to download the blob. The following example downloads a blob to a local file path using a `BlobClient` object. The code is the same as the synchronous example, except that the method is declared with the `async` keyword and the `await` keyword is used when calling the `download_blob` method.

+ :::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob-devguide-download-async.py" id="Snippet_download_blob_file":::

+With this basic setup in place, you can implement other examples in this article as coroutines using async/await syntax.

+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-download.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-download-async.py) code samples from this article (GitHub)

+To learn about listing blobs using asynchronous APIs, see [List blobs asynchronously](#list-blobs-asynchronously).

+- To use asynchronous APIs in your code, see the requirements in the [Asynchronous programming](storage-blob-python-get-started.md#asynchronous-programming) section.

+## List blobs asynchronously

+The Azure Blob Storage client library for Python supports listing blobs asynchronously. To learn more about project setup requirements, see [Asynchronous programming](storage-blob-python-get-started.md#asynchronous-programming).

+Follow these steps to list blobs using asynchronous APIs:

+1. Add the following import statements:

+ ```python

+ import asyncio

+ from azure.identity.aio import DefaultAzureCredential

+ from azure.storage.blob.aio import BlobServiceClient, ContainerClient, BlobPrefix

+ ```

+1. Add code to run the program using `asyncio.run`. This function runs the passed coroutine, `main()` in our example, and manages the `asyncio` event loop. Coroutines are declared with the async/await syntax. In this example, the `main()` coroutine first creates the top level `BlobServiceClient` using `async with`, then calls the method that lists the blobs. Note that only the top level client needs to use `async with`, as other clients created from it share the same connection pool.

+ :::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob-devguide-list-blobs-async.py" id="Snippet_create_client_async":::

+1. Add code to list the blobs. The following code example lists blobs using a flat listing. The code is the same as the synchronous example, except that the method is declared with the `async` keyword and the `await` keyword is used when calling the `list_blobs` method.

+ :::code language="python" source="~/azure-storage-snippets/blobs/howto/python/blob-devguide-py/blob-devguide-list-blobs-async.py" id="Snippet_list_blobs_flat":::

+With this basic setup in place, you can implement other examples in this article as coroutines using async/await syntax.

+- View [synchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-list-blobs.py) or [asynchronous](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/python/blob-devguide-py/blob-devguide-list-blobs-async.py) code samples from this article (GitHub)

+You're charged for the monthly average number of index tags within a storage account. There's no cost for the indexing engine. Requests to Set Blob Tags, Get Blob Tags, and Find Blob Tags are charged at the current respective transaction rates. Note that the number of list transactions consumed when doing a Find Blobs by Tag transaction is equal to the number of clauses in the request. For example, the query (StoreID = 100) is one list transaction. The query (StoreID = 100 AND SKU = 10010) is two list transactions. See [Block Blob pricing to learn more](https://azure.microsoft.com/pricing/details/storage/blobs/).

+>[!NOTE]

+> Azure Stream Analytics does not support schema registry for Protocol Buffer (Protobuf) data formats.

+

+ In the Protobuf deserializer in the portal, the message type must be `Namespacetest.Volunteer` instead of the usual `Volunteer`.

+

+- If the original package or namespace is all uppercase or lowercase, the message type must include it with the first character of the package or namespace in uppercase. For example, if the namespace is `nameSpaceTest`, use `nameSpaceTest.Volunteer`. This rule applies to a message type without a namespace or package.

+- You must specify your message in your protobuf definition file without the `Optional` keyword. In Proto 3, all fields are optional. For example:

+ :::image type="content" source="./media/protobuf/proto-with-optional-keyword.png" alt-text="Screenshot that shows an example of a Protobuf definition file with optional keyword in the message." lightbox="./media/protobuf/proto-with-optional-keyword.png" :::

+ This Protobuf definition file shows a message that has `Optional` keyword. To deserialize correctly, you must remove the keyword:

+ :::image type="content" source="./media/protobuf/proto-without-optional-keyword.png" alt-text="Screenshot that shows an example of a Protobuf definition file without optional keyword in the message." lightbox="./media/protobuf/proto-without-optional-keyword.png" :::

+- When sending messages that were serialized via `google.protobuf`, the prefix type should be set to `base128` because that's the most cross-compatible type.

+ - **On Linux** - The software update scan is performed using the package manager that returns the missing updates as per the configured repositories.

+ - Select **Include KB ID/package** to include in the updates. You can add multiple KB IDs and package names. When you add KB ID/package name, the next row appears. The package can have both name and version. . For example, use `3103696` or `3134815`. For Windows, you can refer to the [MSRC webpage](https://msrc.microsoft.com/update-guide/deployments) to get the details of the latest Knowledge Base release. For supported Linux distros, you specify a comma separated list of packages by the package name, and you can include wildcards. For example, use `kernel*`, `glibc`, or `libc=1.0.1`. Based on the options specified, Update Manager shows a preview of OS updates under the **Selected Updates** section.

+ - To exclude updates that you don't want to install, select **Exclude KB ID/package**. We recommend selecting this option because updates that aren't displayed here might be installed, as newer updates might be available. You can excludedd multiple KB IDs and package names.

+For more information, see [service limits for scheduled patching](scheduled-patching.md#service-limits).

+ > [!NOTE]

+ > In the **Preview of machines based on above scope** page, you can view only the machines that don't have patch orchestration set to *Customer Managed Schedules*.

+> [!NOTE]

+> The schedules associated to dynamic scopes arenΓÇÖt displayed in the following two areas by design:

+>

+> - **Update manager** > **Machines** > **Associated schedules** column

+> - In your virtual machine home page > **Updates** > **Scheduling** tab.

+>

+> To view the VMs that are associated to the schedule, go to the existing schedule and view under **Dynamic scopes** tab.

+ * **Customer Managed Schedules**ΓÇöenables schedule patching on your existing VMs. The new patch orchestration option enables the two VM properties - **Patch mode = AutomaticByPlatform** and **BypassPlatformSafetyChecksOnUserSchedule = TRUE** on your behalf after receiving your consent.

+ * **Customer Managed Schedules (preview)**: Enables schedule patching on your existing VMs. The new patch orchestration option enables the two VM properties: `Patch mode = AutomaticByPlatform` and `BypassPlatformSafetyChecksOnUserSchedule = TRUE` on your behalf after receiving your consent.

+## Check support for customized images

+For more information, see the [service limits for Dynamic scope](dynamic-scope-overview.md#service-limits).

+> In Update Manager, you can initiate a software updates compliance scan on the machine to get the current list of operating system (guest) updates, including the security and critical updates. On Windows, the Windows Update Agent performs the software update scan. On Linux, the software update scan is performed using the package manager that returns the missing updates as per the configured repositories which are retrieved from a local or remote repository.

+ | Hibernate (preview) | Check the box to enable hibernate. Hibernate is only available for personal host pools. You will need to [self-register your subscription](../virtual-machines/hibernate-resume.md) to use the hibernation feature. For more information, see [Hibernation in virtual machines](/azure/virtual-machines/hibernate-resume). <br /><br />Note: We recommend users using Teams media optimizations to upgrade their host pools to WebRTC redirector service 1.45.2110.13001, learn more [here](whats-new-webrtc.md).|

+ | Hibernate (preview) | Check the box to enable hibernate. Hibernate is only available for personal host pools. You will need to [self-register your subscription](../virtual-machines/hibernate-resume.md) to use the hibernation feature. For more information, see [Hibernation in virtual machines](/azure/virtual-machines/hibernate-resume). <br /><br />Note: We recommend users using Teams media optimizations to upgrade their host pools to WebRTC redirector service 1.45.2110.13001, learn more [here](whats-new-webrtc.md).|

+description: How to customize RDP Properties for Azure Virtual Desktop (classic) with PowerShell cmdlets.

+# Customize Remote Desktop Protocol properties for an Azure Virtual Desktop (classic) host pool

+- [Connect with the web client](connect-web-2019.md)

+| Insider | 1.2.5018 | [Windows 64-bit](https://go.microsoft.com/fwlink/?linkid=2139233) *(most common)*<br />[Windows 32-bit](https://go.microsoft.com/fwlink/?linkid=2139144)<br />[Windows ARM64](https://go.microsoft.com/fwlink/?linkid=2139368) |

+## Updates for version 1.2.5018 (Insider)

+*Date published: November 20, 2023*

+Download: [Windows 64-bit](https://go.microsoft.com/fwlink/?linkid=2139233), [Windows 32-bit](https://go.microsoft.com/fwlink/?linkid=2139144), [Windows ARM64](https://go.microsoft.com/fwlink/?linkid=2139368)

+- Improved client logging, diagnostics, and error classification to help admins troubleshoot connection and feed issues.

+>This Insiders release was originally version 1.2.4675, but we made a hotfix for the vulnerability known as [CVE-2023-5217](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-5217).

+[Trusted Launch](trusted-launch.md): Not Supported - we are working to support for this feature. For now - please choose Standard security type when using this VM size) <br>

+[Trusted Launch](trusted-launch.md): Not Supported - we are working to support for this feature. For now - please choose Standard security type when using this VM size) <br>

+Currently, you can only migrate an existing disk to either an Ultra Disk or a Premium SSD v2 through snapshots stored on Standard Storage (Incremental Standard HDD Snapshot). Migration with snapshots stored on Premium storage and other options is not supported.

+[Trusted Launch](trusted-launch.md): Not Supported - we are working to support for this feature. For now - please choose Standard security type when using this VM size) <br>

+[Trusted Launch](trusted-launch.md): Not Supported - we are working to support for this feature. For now - please choose Standard security type when using this VM size) <br>

+This article assumes you already have an Azure Compute Gallery. If you don't already have a gallery, create one first. To learn more, see [Create a gallery for storing and sharing resources](create-gallery.md).

+ --app-version-ids /subscriptions/{subID}/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/galleries/myGallery/applications/myApp/versions/1.0.0 \

+ --treat-deployment-as-failure true

+```azurecli-interactive

+az vmss application set \

+ --resource-group myResourceGroup \

+ --name myVmss \

+ --app-version-ids /subscriptions/{subId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/myGallery/applications/myApp/versions/1.0.0 \

+ --treat-deployment-as-failure true

+az vmss application set \

+ --resource-group myResourceGroup \

+ --name myVmss

+ --app-version-ids /subscriptions/{subId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/myGallery/applications/myApp/versions/1.0.0 /subscriptions/{subId}/resourceGroups/myResourceGroup/providers/Microsoft.Compute/galleries/myGallery/applications/myApp2/versions/1.0.0 \

+ --treat-deployment-as-failure true

+```azurecli-interactive

+```azurepowershell-interactive

+$ids = az vmss list-instances -g myResourceGroup -n myVmss --query "[*].{id: id, instanceId: instanceId}" | ConvertFrom-Json

+$appVersion = Get-AzGalleryApplicationVersion `

+$packageId = $appVersion.Id

+$app = New-AzVmGalleryApplication -PackageReferenceId $packageId

+```azurepowershell-interactive

+$appVersion = Get-AzGalleryApplicationVersion `

+$packageId = $appVersion.Id

+$app = New-AzVmssGalleryApplication -PackageReferenceId $packageId

+Update-AzVmss -ResourceGroupName $rgName -VirtualMachineScaleSet $vmss -VMScaleSetName $vmssName

+```azurepowershell-interactive

+$resultSummary | ConvertTo-Json -Depth 5

+* Using CLI, when creating a subnet with [az network vnet subnet create](https://learn.microsoft.com/cli/azure/network/vnet/subnet?view=azure-cli-latest#az-network-vnet-subnet-create), use the `--default-outbound` option and choose "false"

+* Using an Azure Resource Manager template, set the value of `defaultOutboundAccess` parameter to be "false"

+ Title: 'About gateway SKUs'

+description: Learn about VPN Gateway SKUs.

+# About gateway SKUs

+When you create a VPN Gateway virtual network gateway, you specify the gateway SKU that you want to use. This article describes the factors that you should take into consideration when selecting a gateway SKU. If you're looking for information about ExpressRoute gateway SKUs, see [Virtual network gateways for ExpressRoute](../expressroute/expressroute-about-virtual-network-gateways.md). For Virtual WAN gateways, see [Virtual WAN gateway settings](../virtual-wan/gateway-settings.md).

+When you configure a virtual network gateway SKU, select the SKU that satisfies your requirements based on the types of workloads, throughput, features, and SLAs. The following sections show the relevant information that you should use when deciding.

+## <a name="benchmark"></a>Gateway SKUs by tunnel, connection, and throughput

+**Additional information**

+* The Basic SKU doesn't support IPv6 and can only be configured using PowerShell or Azure CLI. Additionally, the Basic SKU doesn't support RADIUS authentication.

+* These connection limits are separate. For example, you can have 128 SSTP connections and also 250 IKEv2 connections on a VpnGw1 SKU.

+* If you have numerous P2S connections, it can negatively impact your S2S connections. The Aggregate Throughput Benchmarks were tested by maximizing a combination of S2S and P2S connections. A single P2S or S2S connection can have a much lower throughput.

+* See the [Pricing](https://azure.microsoft.com/pricing/details/vpn-gateway) page for pricing information.

+* See the [SLA](https://azure.microsoft.com/support/legal/sla/vpn-gateway) page for SLA (Service Level Agreement) information.

+* All benchmarks aren't guaranteed due to Internet traffic conditions and your application behaviors.

+## <a name="performance"></a>Gateway SKUs by performance

+To help you understand the relative performance of SKUs using different algorithms, we used publicly available iPerf and CTSTraffic tools to measure performances for site-to-site connections.

+The table in this section lists the results of performance tests for VpnGW SKUs. A VPN tunnel connects to a VPN gateway instance. Each instance throughput is mentioned in the throughput table in the previous section and is available aggregated across all tunnels connecting to that instance. The table shows the observed bandwidth and packets per second throughput per tunnel for the different gateway SKUs. All testing was performed between gateways (endpoints) within Azure across different regions with 100 connections and under standard load conditions.

+* The best performance was obtained when we used the GCMAES256 algorithm for both IPsec Encryption and Integrity.

+* Average performance was obtained when using AES256 for IPsec Encryption and SHA256 for Integrity.

+* The lowest performance was obtained when we used DES3 for IPsec Encryption and SHA256 for Integrity.

+|**Generation**|**SKU** | **Algorithms<br>used** | **Throughput<br>observed per tunnel** | **Packets per second per tunnel<br>observed** |

+| | | | | |

+|**Generation1**|**VpnGw1**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 650 Mbps<br>500 Mbps<br>130 Mbps | 62,000<br>47,000<br>12,000|

+|**Generation1**|**VpnGw2**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 1.2 Gbps<br>650 Mbps<br>140 Mbps | 100,000<br>61,000<br>13,000|

+|**Generation1**|**VpnGw3**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 1.25 Gbps<br>700 Mbps<br>140 Mbps | 120,000<br>66,000<br>13,000|

+|**Generation1**|**VpnGw1AZ**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 650 Mbps<br>500 Mbps<br>130 Mbps | 62,000<br>47,000<br>12,000|

+|**Generation1**|**VpnGw2AZ**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 1.2 Gbps<br>650 Mbps<br>140 Mbps | 110,000<br>61,000<br>13,000|

+|**Generation1**|**VpnGw3AZ**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 1.25 Gbps<br>700 Mbps<br>140 Mbps | 120,000<br>66,000<br>13,000|

+| | |

+|**Generation2**|**VpnGw2**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 1.25 Gbps<br>550 Mbps<br>130 Mbps | 120,000<br>52,000<br>12,000|

+|**Generation2**|**VpnGw3**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 1.5 Gbps<br>700 Mbps<br>140 Mbps | 140,000<br>66,000<br>13,000|

+|**Generation2**|**VpnGw4**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 2.3 Gbps<br>700 Mbps<br>140 Mbps | 220,000<br>66,000<br>13,000|

+|**Generation2**|**VpnGw5**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 2.3 Gbps<br>700 Mbps<br>140 Mbps | 220,000<br>66,000<br>13,000|

+|**Generation2**|**VpnGw2AZ**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 1.25 Gbps<br>550 Mbps<br>130 Mbps | 120,000<br>52,000<br>12,000|

+|**Generation2**|**VpnGw3AZ**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 1.5 Gbps<br>700 Mbps<br>140 Mbps | 140,000<br>66,000<br>13,000|

+|**Generation2**|**VpnGw4AZ**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 2.3 Gbps<br>700 Mbps<br>140 Mbps | 220,000<br>66,000<br>13,000|

+|**Generation2**|**VpnGw5AZ**| GCMAES256<br>AES256 & SHA256<br>DES3 & SHA256| 2.3 Gbps<br>700 Mbps<br>140 Mbps | 220,000<br>66,000<br>13,000|

+## <a name="feature"></a>Gateway SKUs by feature set

+| **SKU**| **Features**|

+| | |

+|**Basic** (**) | **Route-based VPN**: 10 tunnels for S2S/connections; no RADIUS authentication for P2S; no IKEv2 for P2S<br>**Policy-based VPN**: (IKEv1): 1 S2S/connection tunnel; no P2S|

+| **All Generation1 and Generation2 SKUs except Basic** | **Route-based VPN**: up to 100 tunnels (*), P2S, BGP, active-active, custom IPsec/IKE policy, ExpressRoute/VPN coexistence |

+| | |

+(*) You can configure "PolicyBasedTrafficSelectors" to connect a route-based VPN gateway to multiple on-premises policy-based firewall devices. Refer to [Connect VPN gateways to multiple on-premises policy-based VPN devices using PowerShell](vpn-gateway-connect-multiple-policybased-rm-ps.md) for details.

+(\*\*) The Basic SKU is considered a legacy SKU. The Basic SKU has certain feature limitations. Verify that the feature that you need is supported before you use the Basic SKU. The Basic SKU doesn't support IPv6 and can only be configured using PowerShell or Azure CLI. Additionally, the Basic SKU doesn't support RADIUS authentication.

+## <a name="workloads"></a>Gateway SKUs - Production vs. Dev-Test workloads

+Due to the differences in SLAs and feature sets, we recommend the following SKUs for production vs. dev-test:

+| **Workload** | **SKUs** |

+| | |

+| **Production, critical workloads** | All Generation1 and Generation2 SKUs except Basic |

+| **Dev-test or proof of concept** | Basic (**) |

+| | |

+(\*\*) The Basic SKU is considered a legacy SKU. The Basic SKU has certain feature limitations. Verify that the feature that you need is supported before you use the Basic SKU. The Basic SKU doesn't support IPv6 and can only be configured using PowerShell or Azure CLI. Additionally, the Basic SKU doesn't support RADIUS authentication.

+If you're using the old SKUs (legacy), the production SKU recommendations are Standard and HighPerformance. For information and instructions for old SKUs, see [Gateway SKUs (legacy)](vpn-gateway-about-skus-legacy.md).

+## About legacy SKUs

+For information about working with the legacy gateway SKUs (Basic, Standard, and HighPerformance), see [Working with VPN gateway SKUs (legacy SKUs)](vpn-gateway-about-skus-legacy.md).

+## Specify a SKU

+You specify the gateway SKU when you create your VPN Gateway. See the following article for steps:

+* [Azure portal](tutorial-create-gateway-portal.md)

+* [PowerShell](create-routebased-vpn-gateway-powershell.md)

+* [Azure CLI](create-routebased-vpn-gateway-cli.md)

+## <a name="resizechange"></a>Change or resize a SKU

+> [!NOTE]

+> If you are working with a legacy gateway SKU and are using the classic deployment model (Service Management), the SKU rules are different. See [Working with legacy classic deployment model SKUs](vpn-gateway-about-skus-legacy.md).

+### Considerations

+There are many things to consider when moving to a new gateway SKU. This section outlines the main items and also provides a table that helps you select the best method to use.

+The following table helps you understand the required method to move from one SKU to another.

+## Next steps

+For more information about available connection configurations, see [About VPN Gateway](vpn-gateway-about-vpngateways.md).

+This tutorial helps you create and manage a virtual network gateway (VPN gateway) using the Azure portal. The VPN gateway is just one part of a connection architecture to help you securely access resources within a virtual network (VNet).

+* The left side of the diagram shows the VNet and the VPN gateway that you create using the steps in this article.

+> * Create a VNet

+## <a name="CreatVNet"></a>Create a VNet

+After you create your VNet, you can optionally configure Azure DDos Protection. Protection is simple to enable on any new or existing virtual network, and it requires no application or resource changes. For more information about Azure DDoS protection, see [What is Azure DDoS Protection?](../ddos-protection/ddos-protection-overview.md)

+A gateway can take 45 minutes or more to fully create and deploy. You can see the deployment status on the **Overview** page for your gateway. After the gateway is created, you can view the IP address that has been assigned to it by looking at the VNet in the portal. The gateway appears as a connected device.

+There are specific rules regarding resizing vs. changing a gateway SKU. In this section, we'll resize the SKU. For more information, see [Resize or change gateway SKUs](about-gateway-skus.md#resizechange).

+After you create your VNet, you can optionally configure Azure DDos Protection. Protection is simple to enable on any new or existing virtual network, and it requires no application or resource changes. For more information about Azure DDoS protection, see [What is Azure DDoS Protection?](../ddos-protection/ddos-protection-overview.md)

+There are specific rules regarding resizing vs. changing a gateway SKU. In this section, we'll resize the SKU. For more information, see [Resize or change gateway SKUs](about-gateway-skus.md#resizechange).

+The values in this article apply VPN gateways (virtual network gateways that use the -GatewayType Vpn). See the following articles for information regarding gateways that use these specified settings:

+* For Virtual WAN gateways, see [About Virtual WAN](../virtual-wan/virtual-wan-about.md).

+## <a name="vpntype"></a>VPN types

+## <a name="gwsku"></a>Gateway SKUs and performance

+See [About Gateway SKUs](about-gateway-skus.md) article for the latest information about gateway SKUs, performance, and supported features.

+Sometimes you need to modify the local network gateway settings. For example, when you add or modify the address range, or if the IP address of the VPN device changes. For more information, see [Modify local network gateway settings](vpn-gateway-modify-local-network-gateway-portal.md).

+# Connect a VPN gateway to multiple on-premises policy-based VPN devices

+This article helps you configure an Azure route-based VPN gateway to connect to multiple on-premises policy-based VPN devices leveraging custom IPsec/IKE policies on S2S VPN connections. The steps in this article use Azure PowerShell.

+**Policy-based VPN example**

+**Route-based VPN example**

+**Considerations**

+* To enable this connectivity, your on-premises policy-based VPN devices must support **IKEv2** to connect to the Azure route-based VPN gateways. Check your VPN device specifications.

+* The on-premises networks connecting through policy-based VPN devices with this mechanism can only connect to the Azure virtual network; **they cannot transit to other on-premises networks or virtual networks via the same Azure VPN gateway**.

+* The configuration option is part of the custom IPsec/IKE connection policy. If you enable the policy-based traffic selector option, you must specify the complete policy (IPsec/IKE encryption and integrity algorithms, key strengths, and SA lifetimes).

+The following diagram shows why transit routing via VPN gateway doesn't work with the policy-based option:

+As shown in the diagram, the Azure VPN gateway has traffic selectors from the virtual network to each of the on-premises network prefixes, but not the cross-connection prefixes. For example, on-premises site 2, site 3, and site 4 can each communicate to VNet1 respectively, but can't connect via the Azure VPN gateway to each other. The diagram shows the cross-connect traffic selectors that aren't available in the Azure VPN gateway under this configuration.

+## Workflow

+The instructions in this article follow the same example as described in [Configure IPsec/IKE policy for S2S or VNet-to-VNet connections](vpn-gateway-ipsecikepolicy-rm-powershell.md) to establish a S2S VPN connection. This is shown in the following diagram:

+To enable connectivity, use the following workflow:

+1. Create the virtual network, VPN gateway, and local network gateway for your cross-premises connection.

+1. Create an IPsec/IKE policy.

+1. Apply the policy when you create a S2S or VNet-to-VNet connection, and **enable the policy-based traffic selectors** on the connection.

+1. If the connection is already created, you can apply or update the policy to an existing connection.

+### Create the virtual network, VPN gateway, and local network gateway

+1. Connect to your subscription. If you're running PowerShell locally on your computer, sign in using the *Connect-AzAccount* cmdlet. Or, instead, use Azure Cloud Shell in your browser.

+1. Declare your variables. For this exercise, we use the following variables:

+1. Use the following example to create the virtual network TestVNet1 with three subnets, and the VPN gateway. If you want to substitute values, it's important that you always name your gateway subnet specifically 'GatewaySubnet'. If you name it something else, your gateway creation fails.

+### Create an S2S VPN connection with an IPsec/IKE policy

+ * To Enable

+ * To Disable

+Also review [Configure IPsec/IKE policy for S2S VPN or VNet-to-VNet connections](vpn-gateway-ipsecikepolicy-rm-powershell.md) for more details on custom IPsec/IKE policies.

+If you don't already have a virtual network, create one. When creating a virtual network, make sure that the address spaces you specify don't overlap any of the address spaces that you have on your on-premises network.

+> [!NOTE]

+> In order for this VNet to connect to an on-premises location, you need to coordinate with your on-premises network administrator to carve out an IP address range that you can use specifically for this virtual network. If a duplicate address range exists on both sides of the VPN connection, traffic does not route the way you might expect it to. Additionally, if you want to connect this VNet to another VNet, the address space cannot overlap with other VNet. Take care to plan your network configuration accordingly.

+Select one of the following examples. The values used in the examples are:

+**Single address prefix example**

+**Multiple address prefix example**

+* The *-GatewayType* for a site-to-site configuration is *Vpn*. The gateway type is always specific to the configuration that you're implementing. For example, other gateway configurations might require -GatewayType ExpressRoute.

+-VpnType RouteBased -GatewaySku VpnGw2

+* Once your connection is complete, you can add virtual machines to your virtual networks. For more information, see [Virtual Machines](../index.yml).

+> They are not recommended for [production workloads](about-gateway-skus.md#workloads).