diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 957d2f0f0..dca566ca2 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.171 2019/10/03 17:07:50 jmc Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.172 2019/10/22 08:50:35 jmc Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 3 2019 $
+.Dd $Mdocdate: October 22 2019 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -716,6 +716,7 @@ flag.
 The revocation file may be a KRL or a one-per-line list of public keys.
 Successful verification by an authorized signer is signalled by
 .Nm
+returning a zero exit status.
 .It Fl Y Cm check-novalidate
 Checks that a signature generated using
 .Nm
@@ -987,8 +988,8 @@ The principals field is a pattern-list (See PATTERNS in
 consisting of one or more comma-separated USER@DOMAIN identity patterns
 that are accepted for signing.
 When verifying, the identity presented via the
-.Fl I option
-must match a principals pattern in order for the corresponding key to be
+.Fl I
+option must match a principals pattern in order for the corresponding key to be
 considered acceptable for verification.
 .Pp
 The options (if present) consist of comma-separated option specifications.