Rpt permissions only stack if resource is for the same audience (KC client). If you call 2 different APIs protected with 2 different KC clients, permissions in RPT do not stack.
When using entitelments API, this problem goes further and result in 403 from keycloak when trying to get the second entitelment. This makes me think this limitation is deliberate but I can't see any reason why that is.
In microservice world, this means API calls to different microservices result in RPT token permissions being flushed all the time, increasing number of calls, causing worse performance than necessary.