usages: "signing"|"digital signature"|"content commitment"|"key encipherment"|"key agreement"|"data encipherment"|"cert sign"|"crl sign"|"encipher only"|"decipher only"|"any"|"server auth"|"client auth"|"code signing"|"email protection"|"s/mime"|"ipsec end system"|"ipsec tunnel"|"ipsec user"|"timestamping"|"ocsp signing"|"microsoft sgc"|"netscape sgc"
Source
This information is immutable after the request is created.