Can't restrict subjectAltNames (SANs) emails in the PKI backend

I have the PKI backend enabled. I created this role:

{
  "allow_any_name": false,
  "allow_bare_domains": false,
  "allow_glob_domains": true,
  "allow_ip_sans": false,
  "allow_localhost": false,
  "allow_subdomains": false,
  "allow_token_displayname": false,
  "allowed_domains": [ "app*.cloud.*.example.com" ],
  "allowed_other_sans" : "email;UTF-8:*@example.com",  
  "enforce_hostnames": true,
  "ext_key_usage": [ "ServerAuth" ],
  "key_usage": [ "DigitalSignature", "KeyAgreement", "KeyEncipherment" ]
}

It has a funky glob syntax, but it works well using this certificate generation request:

{
    "ttl" : "2m",
    "common_name": "app.cloud.z.example.com",
    "alt_names":   "app5678.cloud.z.example.com, app9999.cloud.z.example.com"
}

But the request fails when I add an email as another altername name:

{
    "ttl" : "2m",
    "common_name": "app.cloud.z.example.com",
    "alt_names":   "app5678.cloud.z.example.com, app9999.cloud.z.example.com",
    "other_sans":   "email;UTF-8:requester-dude@example.com"
}

With the error : error marshaling other SANs: strconv.Atoi: parsing "email": invalid syntax. I think it’s looking for the RFC822 email OID but I don’t know what it is or how to write it in OID syntax.

How must I write the allowed_other_sans of the role or the other_sans of the request to accept only emails of the @example.com domain?