diff --git a/lib/SimpleSAML/XML/Validator.php b/lib/SimpleSAML/XML/Validator.php
index 48d8e92e06fe9472a0724feaddb0028342dc1a4f..9cc839c4d08d06a670e7fa5c4c116fdea1195cc8 100644
--- a/lib/SimpleSAML/XML/Validator.php
+++ b/lib/SimpleSAML/XML/Validator.php
@@ -15,6 +15,12 @@ class SimpleSAML_XML_Validator {
 	 */
 	private $x509Fingerprint;
 
+	/**
+	 * This variable contains the X509 certificate the XML document
+	 * was signed with, or NULL if it wasn't signed with an X509 certificate.
+	 */
+	private $x509Certificate;
+
 	/**
 	 * This variable contains the nodes which are signed.
 	 */
@@ -77,11 +83,27 @@ class SimpleSAML_XML_Validator {
 		/* Extract the certificate fingerprint. */
 		$this->x509Fingerprint = $objKey->getX509Fingerprint();
 
+		/* Extract the certificate. */
+		$this->x509Certificate = $objKey->getX509Certificate();
+
 		/* Find the list of validated nodes. */
 		$this->validNodes = $objXMLSecDSig->getValidatedNodes();
 	}
 
 
+	/**
+	 * Retrieve the X509 certificate which was used to sign the XML.
+	 *
+	 * This function will return the certificate as a PEM-encoded string. If the XML
+	 * wasn't signed by an X509 certificate, NULL will be returned.
+	 *
+	 * @return The certificate as a PEM-encoded string, or NULL if not signed with an X509 certificate.
+	 */
+	public function getX509Certificate() {
+		return $this->x509Certificate;
+	}
+
+
 	/**
 	 * This function validates that the fingerprint of the certificate which was used to
 	 * sign this document matches the given fingerprint. An exception will be thrown if