diff --git a/src/rust/cryptography-keepalive/src/lib.rs b/src/rust/cryptography-keepalive/src/lib.rs
index 59b0c2678bbb..b367687912e2 100644
--- a/src/rust/cryptography-keepalive/src/lib.rs
+++ b/src/rust/cryptography-keepalive/src/lib.rs
@@ -20,8 +20,8 @@ pub unsafe trait StableDeref: Deref {}
 // slice returned by `deref` remains valid.
 unsafe impl<T> StableDeref for Vec<T> {}
 
-// SAFETY: `PyBackedBytes`'s data is on the heap, so as long as it's not mutated, the
-// slice returned by `deref` remains valid.
+// SAFETY: `PyBackedBytes`'s data is on the heap and `bytes` objects in
+// Python are immutable.
 unsafe impl StableDeref for PyBackedBytes {}
 
 #[allow(clippy::new_without_default)]
diff --git a/src/rust/src/x509/extensions.rs b/src/rust/src/x509/extensions.rs
index ce45968825d5..c1764d77434e 100644
--- a/src/rust/src/x509/extensions.rs
+++ b/src/rust/src/x509/extensions.rs
@@ -9,6 +9,7 @@ use crate::error::{CryptographyError, CryptographyResult};
 use crate::x509::{certificate, sct};
 use crate::{types, x509};
 use pyo3::prelude::PyAnyMethods;
+use pyo3::pybacked::PyBackedBytes;
 
 fn encode_general_subtrees<'a>(
     py: pyo3::Python<'a>,
@@ -51,14 +52,11 @@ pub(crate) fn encode_authority_key_identifier<'a>(
     } else {
         None
     };
-    let ka = cryptography_keepalive::KeepAlive::new();
+    let serial_bytes: PyBackedBytes;
     let authority_cert_serial_number =
         if let Some(authority_cert_serial_number) = aki.authority_cert_serial_number {
-            let serial_bytes = ka.add(py_uint_to_big_endian_bytes(
-                py,
-                authority_cert_serial_number,
-            )?);
-            Some(asn1::BigUint::new(serial_bytes).unwrap())
+            serial_bytes = py_uint_to_big_endian_bytes(py, authority_cert_serial_number)?;
+            Some(asn1::BigUint::new(&serial_bytes).unwrap())
         } else {
             None
         };