diff --git a/sort_certificate.py b/sort_certificate.py
index e476857..97ff0b8 100755
--- a/sort_certificate.py
+++ b/sort_certificate.py
@@ -193,13 +193,50 @@ def order_x509(x509_objects, root_issuers):
                                                 % bundle[0].get_subject())
     return bundle
 
+def load_root_issuers():
+    '''
+    Return the list of CA roots (RSA only)
+    '''
+    root_issuers = None
+
+    mozrootbundle_location = certifi.core.where()
+
+    with open(mozrootbundle_location, 'r') as fname_fh:
+        logging.info('Using %s for root ca bundle', mozrootbundle_location)
+        data = fname_fh.read()
+        matches = re.finditer(r'(-----BEGIN CERTIFICATE-----'
+                              '.*?'
+                              '-----END CERTIFICATE-----)',
+                              data, re.DOTALL)
+        root_certs = [crypto.load_certificate(crypto.FILETYPE_PEM,
+                                              match.group(1))
+                      for match in matches]
+
+        logging.debug('Loaded root certificates from bundle')
+
+        for root_cert in root_certs:
+            try:
+                logging.debug('subject=%s\n\tissuer%s\n\t'
+                              'expired=%s\n\tmodulus=%s',
+                              root_cert.get_subject(),
+                              root_cert.get_issuer(),
+                              root_cert.has_expired(),
+                              get_pub_modulus(root_cert))
+            except OnlyRSAKeyException as onlyrsa_exception:
+                logging.debug(onlyrsa_exception)
+                continue
+
+        root_issuers = [str(root_cert.get_subject())
+                        for root_cert in root_certs]
+        return root_issuers
+
+
 
 def main():
     '''
     main program start and argument parsing
     '''
 
-    mozrootbundle_location = certifi.core.where()
     parser = ArgumentParser(description='Reorder X509/RSA data for'
                                         ' hosting use')
 
@@ -253,30 +290,7 @@ def main():
     else:
         logging.basicConfig(level=logging.WARNING)
 
-    with open(mozrootbundle_location, 'r') as fname_fh:
-        logging.info('Using %s for root ca bundle', mozrootbundle_location)
-        data = fname_fh.read()
-        matches = re.finditer(r'(-----BEGIN CERTIFICATE-----'
-                              '.*?'
-                              '-----END CERTIFICATE-----)',
-                              data, re.DOTALL)
-        root_certs = [crypto.load_certificate(crypto.FILETYPE_PEM,
-                                              match.group(1))
-                      for match in matches]
-        logging.debug('Loaded root certificates from bundle')
-        for root_cert in root_certs:
-            try:
-                logging.debug('subject=%s\n\tissuer%s\n\t'
-                              'expired=%s\n\tmodulus=%s',
-                              root_cert.get_subject(),
-                              root_cert.get_issuer(),
-                              root_cert.has_expired(),
-                              get_pub_modulus(root_cert))
-            except OnlyRSAKeyException as onlyrsa_exception:
-                logging.debug(onlyrsa_exception)
-                continue
-        root_issuers = [str(root_cert.get_subject())
-                        for root_cert in root_certs]
+    root_issuers = load_root_issuers()
 
     for fname, data in list(load_data(args.x509files).items()):
         logging.debug('Processing %s', fname)