diff --git a/changelogs/fragments/318-extension-value-note.yml b/changelogs/fragments/318-extension-value-note.yml
new file mode 100644
index 000000000..11ab62037
--- /dev/null
+++ b/changelogs/fragments/318-extension-value-note.yml
@@ -0,0 +1,6 @@
+breaking_changes:
+  - "get_certificate, openssl_csr_info, x509_certificate_info - depending on the ``cryptography`` version used,
+     the modules might not return the ASN.1 value for an extension as contained in the certificate respectively CSR,
+     but a re-encoded version of it. This should usually be identical to the value contained in the source file,
+     unless the value was malformed. For extensions not handled by C(cryptography) the value contained in
+     the source file is always returned unaltered (https://github.com/ansible-collections/community.crypto/pull/318)."
diff --git a/plugins/modules/get_certificate.py b/plugins/modules/get_certificate.py
index 2436917ba..fbc6e472a 100644
--- a/plugins/modules/get_certificate.py
+++ b/plugins/modules/get_certificate.py
@@ -99,7 +99,13 @@
         asn1_data:
             returned: success
             type: str
-            description: The Base64 encoded ASN.1 content of the extnesion.
+            description:
+              - The Base64 encoded ASN.1 content of the extension.
+              - B(Note) that depending on the C(cryptography) version used, it is
+                not possible to extract the ASN.1 content of the extension, but only
+                to provide the re-encoded content of the extension in case it was
+                parsed by C(cryptography). This should usually result in exactly the
+                same value, except if the original extension value was malformed.
         name:
             returned: success
             type: str
diff --git a/plugins/modules/openssl_csr_info.py b/plugins/modules/openssl_csr_info.py
index 4f78b476d..62527bc5a 100644
--- a/plugins/modules/openssl_csr_info.py
+++ b/plugins/modules/openssl_csr_info.py
@@ -103,7 +103,13 @@
             returned: success
             type: bool
         value:
-            description: The Base64 encoded value (in DER format) of the extension
+            description:
+              - The Base64 encoded value (in DER format) of the extension.
+              - B(Note) that depending on the C(cryptography) version used, it is
+                not possible to extract the ASN.1 content of the extension, but only
+                to provide the re-encoded content of the extension in case it was
+                parsed by C(cryptography). This should usually result in exactly the
+                same value, except if the original extension value was malformed.
             returned: success
             type: str
             sample: "MAMCAQU="
diff --git a/plugins/modules/x509_certificate_info.py b/plugins/modules/x509_certificate_info.py
index ae252df39..a666bb04b 100644
--- a/plugins/modules/x509_certificate_info.py
+++ b/plugins/modules/x509_certificate_info.py
@@ -147,7 +147,13 @@
             returned: success
             type: bool
         value:
-            description: The Base64 encoded value (in DER format) of the extension.
+            description:
+              - The Base64 encoded value (in DER format) of the extension.
+              - B(Note) that depending on the C(cryptography) version used, it is
+                not possible to extract the ASN.1 content of the extension, but only
+                to provide the re-encoded content of the extension in case it was
+                parsed by C(cryptography). This should usually result in exactly the
+                same value, except if the original extension value was malformed.
             returned: success
             type: str
             sample: "MAMCAQU="