The following worked :
create a file extKey.cnf with the extendedKeyUsage inside
extendedKeyUsage = critical,timeStamping
Add it when creating the request :
openssl x509 -req -days 730 -in tsa.csr -CA tsaroot.crt -CAkey tsaroot.key -set_serial 01 -out tsa.crt -extfile extKey.cnf