diff --git a/INITIAL-COMMANDS.md b/INITIAL-COMMANDS.md
index 1fa8513c..31c58555 100644
--- a/INITIAL-COMMANDS.md
+++ b/INITIAL-COMMANDS.md
@@ -4,7 +4,7 @@ Initial commands
 [![GitHub stars](https://img.shields.io/github/stars/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=red)](https://github.com/eworm-de/routeros-scripts/stargazers)
 [![GitHub forks](https://img.shields.io/github/forks/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=green)](https://github.com/eworm-de/routeros-scripts/network)
 [![GitHub watchers](https://img.shields.io/github/watchers/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=blue)](https://github.com/eworm-de/routeros-scripts/watchers)
-[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.19-yellow?style=flat)](https://mikrotik.com/download/changelogs/)
+[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.21-yellow?style=flat)](https://mikrotik.com/download/changelogs/)
 [![Telegram group @routeros_scripts](https://img.shields.io/badge/Telegram-%40routeros__scripts-%2326A5E4?logo=telegram&style=flat)](https://t.me/routeros_scripts)
 [![donate with PayPal](https://img.shields.io/badge/Like_it%3F-Donate!-orange?logo=githubsponsors&logoColor=orange&style=flat)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)
 
diff --git a/README.d/00-builtin-trust-store.avif b/README.d/00-builtin-trust-store.avif
new file mode 100644
index 00000000..0693ee43
Binary files /dev/null and b/README.d/00-builtin-trust-store.avif differ
diff --git a/README.md b/README.md
index 7458ca24..7341d1aa 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ RouterOS Scripts
 [![GitHub stars](https://img.shields.io/github/stars/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=red)](https://github.com/eworm-de/routeros-scripts/stargazers)
 [![GitHub forks](https://img.shields.io/github/forks/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=green)](https://github.com/eworm-de/routeros-scripts/network)
 [![GitHub watchers](https://img.shields.io/github/watchers/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=blue)](https://github.com/eworm-de/routeros-scripts/watchers)
-[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.19-yellow?style=flat)](https://mikrotik.com/download/changelogs/)
+[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.21-yellow?style=flat)](https://mikrotik.com/download/changelogs/)
 [![Telegram group @routeros_scripts](https://img.shields.io/badge/Telegram-%40routeros__scripts-%2326A5E4?logo=telegram&style=flat)](https://t.me/routeros_scripts)
 [![donate with PayPal](https://img.shields.io/badge/Like_it%3F-Donate!-orange?logo=githubsponsors&logoColor=orange&style=flat)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)
 
@@ -50,7 +50,7 @@ temporarily.
 
 > 💡️ **Hint**: If in doubt have a look at the badge at the top of each
 > page showing the minimum version required:
-> ![required RouterOS version](https://img.shields.io/badge/RouterOS-7.19-yellow?style=flat)
+> ![required RouterOS version](https://img.shields.io/badge/RouterOS-7.21-yellow?style=flat)
 
 > ℹ️ **Info**: The `main` branch is now RouterOS v7 only. If you are still
 > running RouterOS v6 switch to `routeros-v6` branch!
@@ -59,7 +59,7 @@ temporarily.
 
 The
 [device-mode ↗️](https://help.mikrotik.com/docs/spaces/ROS/pages/93749258/Device-mode)
-is a mechanism to to lock down a device for security reasons, it gives
+is a mechanism to lock down a device for security reasons, it gives
 fine-grained control over what features are available. You need to enable
 `scheduler` and `fetch` at least, specific scripts may require additional
 features.
@@ -97,15 +97,26 @@ including demonstration recorded live at [MUM Europe
 
 ### The long way in detail
 
-The update script does server certificate verification, so first step is to
-download the certificates.
+The update script does server certificate verification, so first step is
+to establish trust.
 
-> 💡️ **Hint**: RouterOS comes with a builtin certificate store. You
-> can skip the steps regarding certificate download and import and jump
-> to [installation of scripts](#installation-of-scripts) if you set the
-> certificates to be trusted my the `fetch` command at least. But make
-> sure not to drop other targets:  
-> `/certificate/settings/set builtin-trust-store=fetch;`
+#### Builtin trust store
+
+RouterOS comes with a builtin trust store with several CA certificates.
+If you intend **not** to trust this store jump to
+[download and import certificate](#download-and-import-certificate) now.
+
+Select the `fetch` command to trust these builtin certificates at
+least, but make sure not to drop other targets:
+
+    /certificate/settings/set builtin-trust-store=fetch;
+
+![screenshot: builtin trust store](README.d/00-builtin-trust-store.avif)
+
+You can skip the steps regarding certificate download and import and jump
+to [installation of scripts](#installation-of-scripts) now.
+
+#### Download and import certificate
 
 If you intend to download the scripts from a
 different location (for example from github.com) install the corresponding
diff --git a/global-functions.rsc b/global-functions.rsc
index 5694bbfd..e6638154 100644
--- a/global-functions.rsc
+++ b/global-functions.rsc
@@ -4,7 +4,7 @@
 #                         Michael Gisbers <michael@gisbers.de>
 # https://rsc.eworm.de/COPYING.md
 #
-# requires RouterOS, version=7.19
+# requires RouterOS, version=7.21
 # requires device-mode, fetch, scheduler
 #
 # global functions