Ericsson have both their own PKI infrastructure[0], at least for software integrity checking (however that certificate is valid since March this year, and the CRL[1] it refers to is empty), in addition to using other certificate authorities for everything such as the hosting of websites to internal infrastructure[2]. I suspect it wasn't any of the above - rather it is the PKI that is used in running the IPSec networking done between carrier's RANs and other parts of core network[3], which is probably Ericsson's own internal CA.
Further expanding. GPRS Tunneling Protocol (GTP)[1] is what gets used to connected to the provider's data/voice network. This could be over any medium (wifi, GSM, UMTS, or LTE). It's likely this was the cert protecting GTP-C's ipsec tunnel[2] as without the ability to signal, pretty much everything on the network goes down.
[1] https://en.wikipedia.org/wiki/GPRS_Tunnelling_Protocol
[2] https://cyber-defense.sans.org/resources/papers/gsec/securin...