diff --git a/README.md b/README.md
index a505a201b..bcd470eec 100644
--- a/README.md
+++ b/README.md
@@ -131,7 +131,7 @@ Since version 2.50.0 `gh` has been producing [Build Provenance Attestation](http
 
 There are two common ways to verify a downloaded release, depending if `gh` is aready installed or not. If `gh` is installed, it's trivial to verify a new release:
 
-- **Option 1: Using `gh` if already installed:
+- **Option 1: Using `gh` if already installed:**
 
 ```shell
 $ % gh at verify -R cli/cli gh_2.62.0_macOS_arm64.zip
@@ -144,7 +144,7 @@ REPO     PREDICATE_TYPE                  WORKFLOW
 cli/cli  https://slsa.dev/provenance/v1  .github/workflows/deployment.yml@refs/heads/trunk
 ```
 
-- **Option 2: Using Sigstore [`cosign`](https://github.com/sigstore/cosign):
+- **Option 2: Using Sigstore [`cosign`](https://github.com/sigstore/cosign):**
 
 To perform this, download the [attestation](https://github.com/cli/cli/attestations) for the downloaded release and use cosign to verify the authenticity of the downloaded release: