diff --git a/src/main/kotlin/tech/relaycorp/relaynet/DateTime.kt b/src/main/kotlin/tech/relaycorp/relaynet/DateTime.kt
deleted file mode 100644
index 621d34b2..00000000
--- a/src/main/kotlin/tech/relaycorp/relaynet/DateTime.kt
+++ /dev/null
@@ -1,8 +0,0 @@
-package tech.relaycorp.relaynet
-
-import java.time.ZoneId
-import java.util.Date
-
-internal fun dateToZonedDateTime(date: Date) = date.toInstant().atZone(
-    ZoneId.systemDefault()
-)
diff --git a/src/main/kotlin/tech/relaycorp/relaynet/ramf/RAMFMessage.kt b/src/main/kotlin/tech/relaycorp/relaynet/ramf/RAMFMessage.kt
index eff80dec..2d5c5d2c 100644
--- a/src/main/kotlin/tech/relaycorp/relaynet/ramf/RAMFMessage.kt
+++ b/src/main/kotlin/tech/relaycorp/relaynet/ramf/RAMFMessage.kt
@@ -1,7 +1,6 @@
 package tech.relaycorp.relaynet.ramf
 
 import tech.relaycorp.relaynet.HashingAlgorithm
-import tech.relaycorp.relaynet.dateToZonedDateTime
 import tech.relaycorp.relaynet.messages.InvalidMessageException
 import tech.relaycorp.relaynet.messages.payloads.Payload
 import tech.relaycorp.relaynet.wrappers.x509.Certificate
@@ -158,8 +157,7 @@ abstract class RAMFMessage<P : Payload> internal constructor(
         if (now < creationDate) {
             throw RAMFException("Creation date is in the future")
         }
-        if (creationDate < dateToZonedDateTime(senderCertificate.certificateHolder.notBefore)
-        ) {
+        if (creationDate < senderCertificate.startDate) {
             throw RAMFException("Message was created before sender certificate was valid")
         }
         if (expiryDate < now) {
diff --git a/src/main/kotlin/tech/relaycorp/relaynet/wrappers/x509/Certificate.kt b/src/main/kotlin/tech/relaycorp/relaynet/wrappers/x509/Certificate.kt
index 985a916c..5c6806c5 100644
--- a/src/main/kotlin/tech/relaycorp/relaynet/wrappers/x509/Certificate.kt
+++ b/src/main/kotlin/tech/relaycorp/relaynet/wrappers/x509/Certificate.kt
@@ -14,7 +14,6 @@ import org.bouncycastle.cert.X509v3CertificateBuilder
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder
 import tech.relaycorp.relaynet.BC_PROVIDER
-import tech.relaycorp.relaynet.dateToZonedDateTime
 import tech.relaycorp.relaynet.getSHA256Digest
 import tech.relaycorp.relaynet.getSHA256DigestHex
 import tech.relaycorp.relaynet.wrappers.generateRandomBigInteger
@@ -32,6 +31,7 @@ import java.security.cert.PKIXParameters
 import java.security.cert.TrustAnchor
 import java.security.cert.X509CertSelector
 import java.sql.Date
+import java.time.ZoneId
 import java.time.ZonedDateTime
 
 /**
@@ -147,6 +147,18 @@ class Certificate constructor(val certificateHolder: X509CertificateHolder) {
     val subjectPrivateAddress
         get() = "0" + getSHA256DigestHex(certificateHolder.subjectPublicKeyInfo.encoded)
 
+    /**
+     * The start date of the certificate.
+     */
+    val startDate: ZonedDateTime
+        get() = dateToZonedDateTime(certificateHolder.notBefore)
+
+    /**
+     * The expiry date of the certificate.
+     */
+    val expiryDate: ZonedDateTime
+        get() = dateToZonedDateTime(certificateHolder.notAfter)
+
     private val basicConstraints: BasicConstraints? by lazy {
         BasicConstraints.fromExtensions(certificateHolder.extensions)
     }
@@ -193,10 +205,10 @@ class Certificate constructor(val certificateHolder: X509CertificateHolder) {
 
     private fun validateValidityPeriod() {
         val now = ZonedDateTime.now()
-        if (now < dateToZonedDateTime(certificateHolder.notBefore)) {
+        if (now < startDate) {
             throw CertificateException("Certificate is not yet valid")
         }
-        if (dateToZonedDateTime(certificateHolder.notAfter) < now) {
+        if (expiryDate < now) {
             throw CertificateException("Certificate already expired")
         }
     }
@@ -289,4 +301,8 @@ class Certificate constructor(val certificateHolder: X509CertificateHolder) {
 
     private fun convertCertToJava(certificate: Certificate) =
         bcToJavaCertificateConverter.getCertificate(certificate.certificateHolder)
+
+    private fun dateToZonedDateTime(date: java.util.Date) = date.toInstant().atZone(
+        ZoneId.systemDefault()
+    )
 }
diff --git a/src/test/kotlin/tech/relaycorp/relaynet/wrappers/x509/CertificateTest.kt b/src/test/kotlin/tech/relaycorp/relaynet/wrappers/x509/CertificateTest.kt
index 69722db4..06b4de04 100644
--- a/src/test/kotlin/tech/relaycorp/relaynet/wrappers/x509/CertificateTest.kt
+++ b/src/test/kotlin/tech/relaycorp/relaynet/wrappers/x509/CertificateTest.kt
@@ -597,6 +597,32 @@ class CertificateTest {
             val expectedAddress = "0${sha256Hex(stubSubjectKeyPair.public.encoded)}"
             assertEquals(expectedAddress, certificate.subjectPrivateAddress)
         }
+
+        @Test
+        fun startDate() {
+            val startDate = ZonedDateTime.now()
+            val certificate = Certificate.issue(
+                stubSubjectCommonName,
+                stubSubjectKeyPair.public,
+                stubSubjectKeyPair.private,
+                stubValidityEndDate,
+                validityStartDate = startDate
+            )
+
+            assertEquals(startDate.withNano(0), certificate.startDate)
+        }
+
+        @Test
+        fun expiryDate() {
+            val certificate = Certificate.issue(
+                stubSubjectCommonName,
+                stubSubjectKeyPair.public,
+                stubSubjectKeyPair.private,
+                stubValidityEndDate
+            )
+
+            assertEquals(stubValidityEndDate.withNano(0), certificate.expiryDate)
+        }
     }
 
     @Nested