diff --git a/book/source/04-certificates.md b/book/source/04-certificates.md
index b59d709..a3edc11 100644
--- a/book/source/04-certificates.md
+++ b/book/source/04-certificates.md
@@ -249,6 +249,17 @@ As a starting point, a certificate has a set of preferences that apply generally
 
 Additionally, OpenPGP allows modeling User ID-specific preferences. The idea is that a user may prefer a different suite of algorithms on their private email account compared to their work email account. Such identity-specific preferences can be expressed on the certifying signatures that bind User IDs to a certificate.
 
+## A typical OpenPGP certificate, revisited
+
+Now that we've discussed how keys and identity components are linked together, we can have another look at the certificate from {numref}`fig-openpgp-certificate-components`. This time we include all of its binding signatures, as well as a direct key signature that contains metadata for the full certificate:
+
+```{figure} diag/OpenPGP_Certificate.png
+:name: fig-openpgp-certificate
+:alt: Depicts an OpenPGP certificate, including a set of components, binding signatures and a direct key signature on the primary key.
+
+A typical OpenPGP certificate, including binding signatures for all of its components, and a signature that associates metadata with the primary key
+```
+
 ## Revocations
 
 When a certificate owner needs to invalidate certain components of their certificate, or even the entire certificate, they accomplish this through "revocation." Revoking the primary key renders the entire certificate invalid.