diff --git a/credentials/generate_revocation_set.py b/credentials/generate_revocation_set.py
index 3765439e02ee97..afd69dcc1dd669 100755
--- a/credentials/generate_revocation_set.py
+++ b/credentials/generate_revocation_set.py
@@ -240,7 +240,13 @@ def generate_revocation_set_from_crl(crl_file: x509.CertificateRevocationList,
         except Exception:
             pass
 
-        serialnumber_list.append(bytes(str('{:02X}'.format(revoked_cert.serial_number)), 'utf-8').decode('utf-8'))
+        # Ensure the serial number is always a 2-byte aligned hex string.
+        # TestDACRevocationDelegateImpl encodes the serial number as an even-length hex string
+        # using BytesToHex in src/lib/support/BytesToHex.cpp.
+        # As the primary consumer of this data, we should use the same here.
+        serialnumber = '{:02X}'.format(revoked_cert.serial_number)
+        serialnumber = serialnumber if len(serialnumber) % 2 == 0 else '0' + serialnumber
+        serialnumber_list.append(serialnumber)
 
     entry = {
         "type": "revocation_set",
diff --git a/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json b/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json
index 6bf0d6f5ddd3c0..46c3c1b66cddd8 100644
--- a/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json
+++ b/credentials/test/revoked-attestation-certificates/revocation-sets/revocation-set-for-pai.json
@@ -4,7 +4,7 @@
         "issuer_subject_key_id": "63540E47F64B1C38D13884A462D16C195D8FFB3C",
         "issuer_name": "MD0xJTAjBgNVBAMMHE1hdHRlciBEZXYgUEFJIDB4RkZGMSBubyBQSUQxFDASBgorBgEEAYKifAIBDARGRkYx",
         "revoked_serial_numbers": [
-            "AB042494323FE54",
+            "0AB042494323FE54",
             "19367D978EAC533A",
             "2569383D24BB36EA"
         ],