diff --git a/tor-llcrypto/Cargo.toml b/tor-llcrypto/Cargo.toml
index 903b181b4..e13b9745d 100644
--- a/tor-llcrypto/Cargo.toml
+++ b/tor-llcrypto/Cargo.toml
@@ -27,6 +27,7 @@ sha-1 = "0.9.1"
 sha2 = "0.9.1"
 sha3 = "0.9.1"
 signature = "1.2.2"
+hex = "*"
 
 [dev-dependencies]
 hex-literal = "0.3.1"
diff --git a/tor-llcrypto/src/pk/rsa.rs b/tor-llcrypto/src/pk/rsa.rs
index 10218a989..4995de362 100644
--- a/tor-llcrypto/src/pk/rsa.rs
+++ b/tor-llcrypto/src/pk/rsa.rs
@@ -11,6 +11,8 @@
 use arrayref::array_ref;
 use subtle::*;
 use zeroize::Zeroize;
+use std::fmt;
+use hex;
 
 /// How many bytes are in an "RSA ID"?  (This is a legacy tor
 /// concept, and refers to identifying a relay by a SHA1 digest
@@ -19,7 +21,7 @@ pub const RSA_ID_LEN: usize = 20;
 
 /// An identifier for a Tor relay, based on its legacy RSA
 /// identity key.  These are used all over the Tor protocol.
-#[derive(Clone, Zeroize, Debug)]
+#[derive(Clone, Zeroize)]
 pub struct RSAIdentity {
     id: [u8; RSA_ID_LEN],
 }
@@ -38,6 +40,17 @@ impl std::hash::Hash for RSAIdentity {
 
 impl Eq for RSAIdentity {}
 
+impl fmt::Display for RSAIdentity {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(f, "${}", hex::encode(&self.id[..]))
+    }
+}
+impl fmt::Debug for RSAIdentity {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        write!(f, "RSAIdentity {{ ${} }}", hex::encode(&self.id[..]))
+    }
+}
+
 impl RSAIdentity {
     /// Expose and RSAIdentity as a slice of bytes.
     pub fn as_bytes(&self) -> &[u8] {