How to match for file extension at end of path?

I have a website with Basic Auth enabled on the whole site. Now I want to add an exception to this for the path starting with /download OR ending with .(svg|css|js|png).

I tried a few variations of a rule like this:

      # using high priority to overrule default basic auth routes
      priority: 2585
      rule: "(Host(`some.domain.com`) && (PathPrefix(`/download`) || Path(`/.*(woff2|svg|css|js|png)$`)))"

The PathPrefix /download seems to work, but the file extension just does not match. Is it possible to match just the extension of a file in the path? I tried the regex with regex tester and it seems to be fine.
I also tried to split the rule in two separate routes both including Host which also does not work. It seems like matching the end of path does not work.

An example of such a request would be https://some.domain.com/icon.26e159f8.svg

Any general hints on how to debug such "Why does my route not match" issues would also be appreciated.

Many thanks!

Not sure if you need some special kind of regexp, examples from docs:

Path(`/path`, `/articles/{cat:[a-z]+}/{id:[0-9]+}`, ...)
PathPrefix(`/products/`, `/articles/{cat:[a-z]+}/{id:[0-9]+}`)

And your $ probably needs to be escaped as $$.