diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md
index c024a47..ea794d7 100644
--- a/book/source/04-certificates.md
+++ b/book/source/04-certificates.md
@@ -651,7 +651,30 @@ Now we'll look at a subkey in Alice's key. An OpenPGP subkey, when it is linked
 
 In this section, we'll use the files that contain individual packets of Alice's key, which we generated above. In this split representation of Alice's key, the encryption subkey happens to be stored in `alice.priv-4--SecretSubkey`, and the associated binding self-signature for the subkey in `alice.priv-5--Signature`.
 
-If we were looking at a regular (not split apart) OpenPGP key, we would look at the output of something like `$ sq packet dump --hex alice.priv`, and would be shown a longer series of packets. That series would contain the two packets we'll now look at, with the exact same content. They would just be slightly harder to locate, in the larger context of a full OpenPGP key.
+
+````{note}
+It's common to look at a packet dump for a full OpenPGP key (not split apart), like this:
+
+```text
+$ sq packet dump --hex alice.priv
+```
+
+That output shows a much longer series of packets (as shown in the diagram below). This output will contain the two packets we now look at, with the exact same data, but they would be a bit harder to locate visually.
+
+```{admonition} VISUAL
+:class: warning
+
+Show a very abstract diagram of packets in a typical full OpenPGP key:
+- Secret-Key packet
+- Direct Key Signature
+- User ID
+- Certifying self-signature for User ID
+- Secret-Subkey packet
+- Subkey binding signature
+- Secret-Subkey packet
+- Subkey binding signature
+```
+````
 
 #### Secret-Subkey packet