Client Certificate sr number validation - irule

Hi

I have a virtual server which has a client ssl profile to validate the client certificate (require), as an additional security, we want to allow a client with a specific serial number only to connect. I found below irule on devcentral and it is behaving in strange way -

when CLIENTSSL_CLIENTCERT { if {[SSL::cert 0] eq ""}{

     Reset the connection
    reject

}   else {
    log local0. "Certificate 1:  [X509::serial_number [SSL::cert 0]]"  
    set subject_sn [X509::serial_number [SSL::cert 0]]
    log "Client Certificate Received: $subject_sn"
    Check if the client certificate contains the correct serial_number
    if {$subject_sn equals "00:f3:f8:d0:2b:87:42:a1:05:4f:27:5f:dc:2c:41:66:c6"} {                                
                       Accept the client cert
        log "Client Certificate Accepted: $subject_sn"
    } else {
        log "No Matching Client Certificate Was Found Using: $subject_sn"
        reject
    }
}

}

irule seems to be fine but it is not working and giving below logs -

Dec 21 15:56:33 JUB-HQ-ASM-01 info tmm1[22672]: Rule /Common/Client-Cert-Validation : Certificate 1: f3:f8:d0:2b:87:42:a1:05:4f:27:5f:dc:2c:41:66:c6 Dec 21 15:56:33 JUB-HQ-ASM-01 info tmm1[22672]: 01220002:6: Rule /Common/Client-Cert-Validation : Client Certificate Received: f3:f8:d0:2b:87:42:a1:05:4f:27:5f:dc:2c:41:66:c6 Dec 21 15:56:33 JUB-HQ-ASM-01 info tmm1[22672]: 01220002:6: Rule /Common/Client-Cert-Validation : No Matching Client Certificate Was Found Using: f3:f8:d0:2b:87:42:a1:05:4f:27:5f:dc:2c:41:66:c6

any idea why it is not working????