$ gpgsm --armor --output invalid.csr --gen-key
gpgsm (GnuPG) 2.4.2; Copyright (C) 2023 g10 Code GmbH
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
   (1) RSA
   (2) Existing key
   (3) Existing key from card
Your selection? 3
Serial number of the card: redacted
Available keys:
   (1) redacted OPENPGP.1 nistp521 (cert,sign)
   (2) redacted OPENPGP.2 nistp521 (encr)
   (3) redacted OPENPGP.3 nistp521 (sign,auth)
Your selection? 3
Possible actions for a RSA key:
   (1) sign, encrypt
   (2) sign
   (3) encrypt
Your selection? 1
Enter the X.509 subject name: O ="org", CN = "invalid"
Enter email addresses (end with an empty line):
>
Enter DNS names (optional; end with an empty line):
>
Enter URIs (optional; end with an empty line):
>
Create self-signed certificate? (y/N) n
These parameters are used:
    Key-Type: card:OPENPGP.3
    Key-Length: 1024
    Key-Usage: sign, encrypt
    Name-DN: O ="org", CN = "invalid"

Proceed with creation?
(y/N) y
Now creating certificate request.  This may take a while ...
gpgsm: about to sign the CSR for key: &redacted
gpgsm: certificate request created
Ready.  You should now send this request to your CA.