Fun fact: The serial numbers are required to be random! They're unique, but random (since they are huge numbers there's no problem achieving both).

This is done because it reduces the danger from collision attacks of the sort which worked on MD5 and are likely to be possible for SHA-1. The random serial number makes it impossible to guess what the signature on the certificate you're getting will be before it's issued to you, so you can't use a collision attack (other types of attack could work, but those have never turned out to be practical on a modern crypto hash even when it's "broken" like MD5).

They chose to make the serial numbers random because that's near the start of the certificate document and collision attacks are only defeated by randomness that happens as early as possible in the document.