diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md
index bf57d9f..f22ff0c 100644
--- a/book/source/04-certificates.md
+++ b/book/source/04-certificates.md
@@ -30,7 +30,14 @@ An OpenPGP certificate (or "OpenPGP key") is a collection of an arbitrary number
 
 All elements of an OpenPGP certificate are structured around one central element: the *OpenPGP primary key*. The primary key acts as a personal CA for the key's owner: It can make cryptographic statements about subkeys, identities, expiration times, revocation, ...
 
-Note that OpenPGP certificates are typically long-lived and may be changed (typically by their owner), over time. Components can be added and invalidated, over the lifetime of a certificate
+```{figure} diag/OpenPGP\ Certificate.svg
+
+An OpenPGP certificate
+```
+
+```{note}
+OpenPGP certificates are typically long-lived and may be changed (typically by their owner), over time. Components can be added and invalidated, over the lifetime of a certificate
+```
 
 ### OpenPGP component keys