Not all asymmetric keys are certificates, but from what I've seen with HSMs, they use certificates, precisely because of the metadata of the expiration date. If that's documented elsewhere differently, that's fine, but all the AE docs reference certificates.
RSA was a poor choice, and actually might be correct. The documentation isn't clear here, but developers can write their own implementation of a key store, which could be an RSA key. As of this time, that's not an option that I know of, but I could be wrong.