diff --git a/pkg/cmd/attestation/verification/policy.go b/pkg/cmd/attestation/verification/policy.go
index 395575574..4765a8672 100644
--- a/pkg/cmd/attestation/verification/policy.go
+++ b/pkg/cmd/attestation/verification/policy.go
@@ -65,15 +65,13 @@ The following policy criteria will be enforced against all attestations:
 	}
 
 	if c.Certificate.RunnerEnvironment == GitHubRunner {
-		info += "\n- Attestation must be signed by a certificate that was generated by a Action workflow executed in a GitHub hosted runner"
-	}
-
-	if c.SANRegex != "" {
-		info += fmt.Sprintf("\n- Attestation must be signed by a certificate with a Subject Alternative Name matching the regex %s", c.SANRegex)
+		info += "\n- Attestation's signing certificate must be generated by an Action workflow executed in a GitHub hosted runner"
 	}
 
 	if c.SAN != "" {
-		info += fmt.Sprintf("\n- Attestation must be signed by a certificate with a Subject Alternative Name matching the exact value %s", c.SAN)
+		info += fmt.Sprintf("\n- Attestation's signing certificate must have a Subject Alternative Name matching the exact value %s", c.SAN)
+	} else if c.SANRegex != "" {
+		info += fmt.Sprintf("\n- Attestation's signing certificate must have a Subject Alternative Name matching the regex %s", c.SANRegex)
 	}
 
 	return info