Configure PKI role to mark X509v3 Extended Key Usage: as critical?

How can we set X509v3 Extended Key Usage extension as “critical” in vault.
Using UI / API or CLI anything?