Rotate access token with read_api scopes

Hello,

I try to renew an PAT with read_api scopes. What is the right permission to doing that ? I tried with 4 different perms and I've everytime an error message (scopes/role):

• read_api/guest (token owner)

{
  "error": "insufficient_scope",
  "error_description": "The request requires higher privileges than provided by the access token.",
  "scope": "api read_api"
}

• read_api/owner (token owner)

{
  "error": "insufficient_scope",
  "error_description": "The request requires higher privileges than provided by the access token.",
  "scope": "api read_api"
}

• api/maintainer

{
  "message": "401 Unauthorized"
}

• api/owner

{
  "message": "401 Unauthorized"
}

Ty