With openssl 3.0.7 it was possible to create a X.509 Version 1 certificate.
With openssl 3.2.1 using openssl ca tool, when no -extensions option is specified or it points to an empty section, a version 3 certificate with X509v3 Subject Key Identifier and X509v3 Authority Key Identifier extensions is created.
When -extensions points to a section with:

subjectKeyIdentifier=none
authorityKeyIdentifier=none

then the certificate has no extensions but is still marked as version 3 x509 certificate. I see no other way to control certificate version when using the openssl ca tool.

I am aware of the openssl req -x509v1 option, but a). it creates self-signed version 1 certificates (so entirely unrealistic for a testing scenario given that v1 certs were always intended to be usable for end entities only), and it actually doesn't work, it produces a malformed version 3 certificate, where the extensions that are like this:

        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                
            X509v3 Authority Key Identifier: 
                0.
            X509v3 Basic Constraints: critical
                CA:TRUE

(this is using the openssl req -x509v1 -newkey rsa:2048 -keyout root.key -out root.crt -subj /CN=localhost -batch -nodes -days 36500 -sha256 command)

From reading the documentation, it appears that openssl ca intentionally creates Version 3 CA certificates, implying that the creation of older certificates was not meant to be supported.

Checking the req app, that does seem to be a bug, in that the creation of of a x509v1 certificate still includes v3 extenstions.