Apply suggestions from code review

Co-authored-by: Jordan Liggitt <[email protected]>

Author: astraw99

content/en/docs/reference/access-authn-authz/certificate-signing-requests.md

@@ -67,10 +67,10 @@ Custom signerNames can also be specified. All signers should provide information
 This includes:
 
 1. **Trust distribution**: how trust (CA bundles) are distributed.
-1. **Permitted subjects**: any restrictions on and the behavior when a disallowed subject is requested.
+1. **Permitted subjects**: any restrictions on requested subjects, and the behavior when a disallowed subject is requested.
 1. **Permitted x509 extensions**: including IP subjectAltNames, DNS subjectAltNames, Email subjectAltNames, URI subjectAltNames etc, and the behavior when a disallowed extension is requested.
-1. **Permitted key usages / extended key usages**: any restrictions on and the behavior when usages different than the signer-determined usages are specified in the CSR.
-1. **Expiration/certificate lifetime**: whether it is fixed by the signer, configurable by the admin, determined by the CSR object etc, and the behavior when an expiration is different than the signer-determined expiration that is specified in the CSR.
+1. **Permitted key usages / extended key usages**: any restrictions on requested usages, and the behavior when usages different than the signer-determined usages are specified in the CSR.
+1. **Expiration/certificate lifetime**: whether it is fixed by the signer, configurable by the admin, determined by the CSR object etc, and the behavior when an expiration different than the signer-determined expiration is specified in the CSR.
 1. **CA bit allowed/disallowed**: the behavior if a CSR contains a request for a CA certificate when the signer does not permit it.
 
 Commonly, the `status.certificate` field contains a single PEM-encoded X.509