diff --git a/INITIAL-COMMANDS.md b/INITIAL-COMMANDS.md
index e033b576..1fa8513c 100644
--- a/INITIAL-COMMANDS.md
+++ b/INITIAL-COMMANDS.md
@@ -23,8 +23,7 @@ Run the complete base installation:
       :local CertFingerprint "e14ffcad5b0025731006caa43a121a22d8e9700f4fb9cf852f02a708aa5d5666";
 
       :local CertSettings [ /certificate/settings/get ];
-      :if (!((($CertSettings->"builtin-trust-anchors") = "trusted" || \
-              ($CertSettings->"builtin-trust-store") ~ "fetch" || \
+      :if (!((($CertSettings->"builtin-trust-store") ~ "fetch" || \
               ($CertSettings->"builtin-trust-store") = "all") && \
              [ :len [ /certificate/builtin/find where common-name=$CertCommonName ] ] > 0)) do={
         :put "Importing certificate...";
diff --git a/README.md b/README.md
index 02aab665..7458ca24 100644
--- a/README.md
+++ b/README.md
@@ -100,13 +100,11 @@ including demonstration recorded live at [MUM Europe
 The update script does server certificate verification, so first step is to
 download the certificates.
 
-> 💡️ **Hint**: RouterOS 7.19 comes with a builtin certificate store. You
+> 💡️ **Hint**: RouterOS comes with a builtin certificate store. You
 > can skip the steps regarding certificate download and import and jump
 > to [installation of scripts](#installation-of-scripts) if you set the
-> trust for these builtin trust anchors:  
-> `/certificate/settings/set builtin-trust-anchors=trusted;`  
-> With RouterOS 7.21 the functionality was changed. Set this at minimum,
-> but make sure not to drop other targets:  
+> certificates to be trusted my the `fetch` command at least. But make
+> sure not to drop other targets:  
 > `/certificate/settings/set builtin-trust-store=fetch;`
 
 If you intend to download the scripts from a
diff --git a/global-functions.rsc b/global-functions.rsc
index 8e04a9a7..5694bbfd 100644
--- a/global-functions.rsc
+++ b/global-functions.rsc
@@ -128,8 +128,7 @@
   }
 
   :local CertSettings [ /certificate/settings/get ];
-  :if ((($CertSettings->"builtin-trust-anchors") = "trusted" || \
-        ($CertSettings->"builtin-trust-store") ~ $UseFor || \
+  :if ((($CertSettings->"builtin-trust-store") ~ $UseFor || \
         ($CertSettings->"builtin-trust-store") = "all") && \
        [ :len [ /certificate/builtin/find where common-name=$CommonName ] ] > 0) do={
     :return true;
@@ -1015,32 +1014,9 @@
 
 # return an IPv6 netmask for CIDR
 :set NetMask6 do={
-  :local FuncName $0;
-  :local CIDR [ :tostr $1 ];
+  :local CIDR [ :tonum $1 ];
 
-  :global IfThenElse;
-  :global MAX;
-  :global MIN;
-
-  :global NetMask6Cache;
-
-  :if ([ :typeof ($NetMask6Cache->$CIDR) ] = "ip6") do={
-    :return ($NetMask6Cache->$CIDR);
-  }
-
-  :if ([ :typeof $NetMask6Cache ] = "nothing") do={
-    :set NetMask6Cache ({});
-  }
-
-  :local Mask "";
-  :for I from=0 to=7 do={
-    :set Mask ($Mask . \
-      [ :convert from=num to=hex (0xffff - (0xffff >> [ :tonum [ $MIN [ $MAX ($CIDR - (16 * $I)) 0 ] 16 ] ])) ] . \
-      [ $IfThenElse ($I < 7) ":" ]);
-  }
-  :set Mask [ :toip6 $Mask ];
-  :set ($NetMask6Cache->$CIDR) $Mask;
-  :return $Mask;
+  :return (((~::) << (128 - $CIDR)) & (~::));
 }
 
 # prepare NotificationFunctions array