diff --git a/docs/sudo.man.in b/docs/sudo.man.in
index 3364b4b17..eab53e209 100644
--- a/docs/sudo.man.in
+++ b/docs/sudo.man.in
@@ -25,7 +25,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.TH "SUDO" "@mansectsu@" "June 18, 2023" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "SUDO" "@mansectsu@" "August 9, 2023" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
 .nh
 .if n .ad l
 .SH "NAME"
@@ -582,11 +582,21 @@ and the security policy supports a verbose output format.
 .sp
 If a
 \fIcommand\fR
-is specified and is permitted by the security policy, the fully-qualified
-path to the
+is specified and is permitted by the security policy for the invoking
+user (or the,
+\fIuser\fR
+specified by the
+\fB\-U\fR
+option) on the current host,
+the fully-qualified path to the
 \fIcommand\fR
 is displayed along with any
 \fIarg\fRs.
+If
+\fB\-l\fR
+is specified more than once (and the security policy supports it),
+the matching rule is displayed in a verbose format along with the
+\fIcommand\fR.
 If a
 \fIcommand\fR
 is specified but not allowed by the policy,
@@ -601,9 +611,12 @@ Unlike the
 flag, existing cached credentials are used if they are valid.
 To detect when the user's cached credentials are valid (or when no
 authentication is required), the following can be used:
-.RS 14n
+.nf
+.sp
+.RS 12n
 sudo -Nnv
 .RE
+.fi
 .RS 8n
 .sp
 Not all security policies support credential caching.
diff --git a/docs/sudo.mdoc.in b/docs/sudo.mdoc.in
index 893bda214..9374f6c16 100644
--- a/docs/sudo.mdoc.in
+++ b/docs/sudo.mdoc.in
@@ -24,7 +24,7 @@
 .nr BA @BAMAN@
 .nr LC @LCMAN@
 .nr PS @PSMAN@
-.Dd June 18, 2023
+.Dd August 9, 2023
 .Dt SUDO @mansectsu@
 .Os Sudo @PACKAGE_VERSION@
 .Sh NAME
@@ -560,11 +560,21 @@ and the security policy supports a verbose output format.
 .Pp
 If a
 .Ar command
-is specified and is permitted by the security policy, the fully-qualified
-path to the
+is specified and is permitted by the security policy for the invoking
+user (or the,
+.Ar user
+specified by the
+.Fl U
+option) on the current host,
+the fully-qualified path to the
 .Ar command
 is displayed along with any
 .Ar arg Ns s.
+If
+.Fl l
+is specified more than once (and the security policy supports it),
+the matching rule is displayed in a verbose format along with the
+.Ar command .
 If a
 .Ar command
 is specified but not allowed by the policy,
@@ -578,7 +588,9 @@ Unlike the
 flag, existing cached credentials are used if they are valid.
 To detect when the user's cached credentials are valid (or when no
 authentication is required), the following can be used:
-.Dl sudo -Nnv
+.Bd -literal -offset 4n
+sudo -Nnv
+.Ed
 .Pp
 Not all security policies support credential caching.
 .It Fl n , -non-interactive