About 10 lines above the part you quoted, there is
struct {
opaque rsa_modulus<1..2^16-1>;
opaque rsa_exponent<1..2^16-1>;
} ServerRSAParams;
so the case=rsa
(which is actually only for rsa_export) of ServerKeyExchange
is really:
ServerRSAParams:
rsa_modulus -- opaque (really bigendian unsigned integer)
rsa_exponent -- ditto
Signature -- ditto
but this structuring doesn't affect the encoding, which contains only the three 'leaf' values, and whatever decode you are looking at (Wireshark?) doesn't bother to distinguish the two levels here.
Note digitally-signed struct ... Signature
does not mean the two hashes (md5 and sha1) are contained in the message; rather they are input to the applicable signature generation algorithm, in this case RSA 'block type 1' defined in PKCS1v1 (now retronymed RSASSA-PKCS1-v1_5 in PKCS1v2), and the output of the signature algorithm, for RSA a single integer encoded as bigendian unsigned fixed-length (see 'I2OSP' in any version of PKCS1), is what is placed in the message, with a 2-byte length prefix, as it if were declared opaque<?..2^16-1>
although I don't see this stated in RFC6101; TLS1.0 RFC2246 et succ does state it in 4.7.
(You might want to look at more/all of RFC2246; except for the PRF and key derivation, some alert codes and ciphersuites, the addition of extensions (of which RFC5746 Secure Renegotiation became pretty much mandatory) and of course the version number, to the best of my recollection TLS1.0 is technically the same as SSL3, but the document is more thorough, probably due to going through the IETF gauntlet^Wprocess.)