diff --git a/lib/services/csr.ex b/lib/services/csr.ex
index 13dc780..2612d19 100644
--- a/lib/services/csr.ex
+++ b/lib/services/csr.ex
@@ -22,6 +22,16 @@ defmodule CA.CSR do
       {ca_key, ca}
   end
 
+  def read_ca_public() do
+      {:ok, ca_bin} = :file.read_file "ca.pem"
+      list = String.split(ca_bin, "\n", trim: true)
+      list = :lists.reverse(tl(:lists.reverse(tl(list))))
+      bin  = :base64.decode(:erlang.iolist_to_binary(list))
+      :io.format '~p~n', [:asn1rt_nif.decode_ber_tlv bin]
+      {:ok, _cader} = :"DSTU-Cert".decode(:Certificate, bin)
+      bin
+  end
+
   def server(name) do
       {ca_key, ca} = read_ca()
       dn = "/C=UA/L=Київ/O=SYNRC/CN=" <> name
diff --git a/lib/services/http/get.ex b/lib/services/http/get.ex
index fbb2218..56e0811 100644
--- a/lib/services/http/get.ex
+++ b/lib/services/http/get.ex
@@ -1,5 +1,13 @@
 defmodule CA.EST.Get do
   import Plug.Conn
+  def get(conn, [], "Authority", [], "ROOT") do
+      body = :base64.encode(CA.CSR.read_ca_public())
+      conn |> put_resp_content_type("application/pkcs7-mime")
+           |> put_resp_header("Content-Transfer-Encoding", "base64")
+           |> put_resp_header("Content-Length", :erlang.integer_to_binary(:erlang.size(body)))
+           |> resp(200, body)
+           |> send_resp()
+  end
   def get(conn, [], "Authority", [], "ABAC") do
       body = :base64.encode(CA.EST.csrattributes())
       conn |> put_resp_content_type("application/csrattrs")
diff --git a/mix.exs b/mix.exs
index 1cc70d6..3af7b13 100644
--- a/mix.exs
+++ b/mix.exs
@@ -4,7 +4,7 @@ defmodule CA.Mixfile do
   def project() do
     [
       app: :ca,
-      version: "5.10.3",
+      version: "5.10.4",
       description: "CA  CXC 138 21 Certificate Authority",
       package: [
         name: :ca,
diff --git a/priv/kep/DSTU-Cert.asn1 b/priv/kep/DSTU-Cert.asn1
index 06dbd23..d96289a 100644
--- a/priv/kep/DSTU-Cert.asn1
+++ b/priv/kep/DSTU-Cert.asn1
@@ -46,12 +46,6 @@ DirectoryString ::= CHOICE {
 
 id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt (2) ds (5) 4}
 
-AlgorithmIdentifier ::= SEQUENCE {
- algorithm OBJECT IDENTIFIER,
- parameters ANY }
--- DEFINED BY algorithm OPTIONAL
-
-
 Validity ::= SEQUENCE {
  notBefore Time,
  notAfter Time}