How to set RDP level2 without a password with STM32_Programmer_CLI

I am using NUCLEO-u5a5zj-q, I tried this:

sru@sru-pqs-dell:~/repos/pqkey$ STM32_Programmer_CLI --connect port=swd index=2 -halt --optionbytes displ -ob nSWBOOT0=0 nBOOT0=1 -lockRDP2 0xFFFFFFFF 0xFFFFFFFF
      -------------------------------------------------------------------
                        STM32CubeProgrammer v2.16.0                  
      -------------------------------------------------------------------

ST-LINK SN  : 004900253532510831333430
ST-LINK FW  : V3J15M6
Board       : NUCLEO-U5A5ZJ-Q
Voltage     : 3,28V
SWD freq    : 8000 KHz
Connect mode: Normal
Reset mode  : Software reset
Device ID   : 0x481
Revision ID : Rev X
Device name : STM32U5xx
Flash size  : 4 MBytes (default)
Start Address : 8000000
Device type : MCU
Device CPU  : Cortex-M33
BL Version  : 0x92
Debug in Low Power mode enabled

Core halted

UPLOADING OPTION BYTES DATA ...

  Bank          : 0x00
  Address       : 0x40022040
  Size          : 32 Bytes

[==================================================] 100% 

  Bank          : 0x01
  Address       : 0x40022068
  Size          : 8 Bytes

[==================================================] 100% 


OPTION BYTES BANK: 0

   Read Out Protection:

     RDP          : 0xAA (Level 0, no protection) 

   BOR Level:

     BOR_LEV      : 0x0 (BOR Level 0, reset level threshold is around 1.7 V) 

   User Configuration:

     TZEN         : 0x0 (Global TrustZone security disabled) 
     nRST_STOP    : 0x1 (No reset generated when entering Stop mode) 
     nRST_STDBY   : 0x1 (No reset generated when entering Standby mode) 
     nRST_SHDW    : 0x1 (No reset generated when entering the Shutdown mode) 
     SRAM1345_RST : 0x1 (SRAM1, SRAM3,SRAM4 and SRAM5 not erased when a system reset occurs) 
     IWDG_SW      : 0x1 (Software independent watchdog) 
     IWDG_STOP    : 0x1 (IWDG counter active in stop mode) 
     IWDG_STDBY   : 0x1 (IWDG counter active in standby mode) 
     WWDG_SW      : 0x1 (Software window watchdog) 
     SWAP_BANK    : 0x0 (Bank 1 and bank 2 address are not swapped) 
     DBANK        : 0x1 (Dual-bank Flash with contiguous addresses) 
     BKPRAM_ECC   : 0x1 (Backup RAM ECC check disabled) 
     SRAM3_ECC    : 0x1 (SRAM3 ECC check disabled) 
     SRAM2_ECC    : 0x1 (SRAM2 ECC check disabled) 
     SRAM2_RST    : 0x1 (SRAM2 is not erased when a system reset occurs) 
     nSWBOOT0     : 0x1 (BOOT0 taken from PH3/BOOT0 pin) 
     nBOOT0       : 0x1 (nBOOT0 = 1) 
     PA15_PUPEN   : 0x1 (USB power delivery dead-battery disabled/ TDI pull-up activated) 
     IO_VDD_HSLV  : 0x0 (High-speed IO at low VDD voltage feature disabled (VDD can exceed 2.5 V)) 
     IO_VDDIO2_HSLV: 0x0 (High-speed IO at low VDDIO2 voltage feature disabled (VDDIO2 can exceed 2.5 V)) 

   Boot Configuration:

     NSBOOTADD0   : 0x100000  (0x8000000) 
     NSBOOTADD1   : 0x17F200  (0xBF90000) 

   Write Protection 1:

     WRP1A_PSTRT  : 0xFF  (0x81FE000) 
     WRP1A_PEND   : 0x0  (0x8000000) 
     UNLOCK_1A    : 0x1 (WRP1A start and end pages unlocked) 
     WRP1B_PSTRT  : 0xFF  (0x81FE000) 
     WRP1B_PEND   : 0x0  (0x8000000) 
     UNLOCK_1B    : 0x1 (WRP1B start and end pages unlocked) 
OPTION BYTES BANK: 1

   Write Protection 2:

     WRP2A_PSTRT  : 0xFF  (0x83FE000) 
     WRP2A_PEND   : 0x0  (0x8200000) 
     UNLOCK_2A    : 0x1 (WRP2A start and end pages unlocked) 
     WRP2B_PSTRT  : 0xFF  (0x83FE000) 
     WRP2B_PEND   : 0x0  (0x8200000) 
     UNLOCK_2B    : 0x1 (WRP2B start and end pages unlocked) 

PROGRAMMING OPTION BYTES AREA ...
Warning: Option Byte: nboot0, value: 0x1, was not modified.

  Bank          : 0x00
  Address       : 0x40022040
  Size          : 32 Bytes



Reconnecting...
Reconnected !


UPLOADING OPTION BYTES DATA ...

  Bank          : 0x00
  Address       : 0x40022040
  Size          : 32 Bytes

[==================================================] 100% 

  Bank          : 0x01
  Address       : 0x40022068
  Size          : 8 Bytes

[==================================================] 100% 

OPTION BYTE PROGRAMMING VERIFICATION:

Option Bytes successfully programmed

Time elapsed during option Bytes configuration: 00:00:02.127

Lock RDP2 password successfully done
sru@sru-pqs-dell:~/repos/pqkey$ ./status-stm32u5a5 2
+ index=2
+ name=2
+ addr=0x08000000
+ STM32_Programmer_CLI --connect port=swd index=2 -halt --power off index=2 --power on index=2
      -------------------------------------------------------------------
                        STM32CubeProgrammer v2.16.0                  
      -------------------------------------------------------------------

ST-LINK SN  : 004900253532510831333430
ST-LINK FW  : V3J15M6
Board       : NUCLEO-U5A5ZJ-Q
Voltage     : 3,28V
SWD freq    : 8000 KHz
Connect mode: Normal
Reset mode  : Software reset
Device ID   : 0x481
Revision ID : Rev X
Device name : STM32U5xx
Flash size  : 4 MBytes (default)
Start Address : 8000000
Device type : MCU
Device CPU  : Cortex-M33
BL Version  : 0x92
Debug in Low Power mode enabled

Core halted
Power OFF...
Drives the target power pin out of the (onboard) ST-Link.
Info: Power ON/OFF maybe not available on your Board [also not available on standalone probes]
Power OFF the board finished with success !

Power ON...
Drives the target power pin out of the (onboard) ST-Link.
Info: Power ON/OFF maybe not available on your Board [also not available on standalone probes]
Power ON the board finished with success !

+ STM32_Programmer_CLI --connect port=swd index=2 -halt --optionbytes displ --blankcheck
      -------------------------------------------------------------------
                        STM32CubeProgrammer v2.16.0                  
      -------------------------------------------------------------------

ST-LINK SN  : 004900253532510831333430
ST-LINK FW  : V3J15M6
Board       : NUCLEO-U5A5ZJ-Q
Voltage     : 3,28V
SWD freq    : 8000 KHz
Connect mode: Normal
Reset mode  : Software reset
Device ID   : 0x481
Revision ID : Rev X
Device name : STM32U5xx
Flash size  : 4 MBytes (default)
Start Address : 8000000
Device type : MCU
Device CPU  : Cortex-M33
BL Version  : 0x92
Debug in Low Power mode enabled

Core halted

UPLOADING OPTION BYTES DATA ...

  Bank          : 0x00
  Address       : 0x40022040
  Size          : 32 Bytes

[==================================================] 100% 

  Bank          : 0x01
  Address       : 0x40022068
  Size          : 8 Bytes

[==================================================] 100% 


OPTION BYTES BANK: 0

   Read Out Protection:

     RDP          : 0xAA (Level 0, no protection) 

   BOR Level:

     BOR_LEV      : 0x0 (BOR Level 0, reset level threshold is around 1.7 V) 

   User Configuration:

     TZEN         : 0x0 (Global TrustZone security disabled) 
     nRST_STOP    : 0x1 (No reset generated when entering Stop mode) 
     nRST_STDBY   : 0x1 (No reset generated when entering Standby mode) 
     nRST_SHDW    : 0x1 (No reset generated when entering the Shutdown mode) 
     SRAM1345_RST : 0x1 (SRAM1, SRAM3,SRAM4 and SRAM5 not erased when a system reset occurs) 
     IWDG_SW      : 0x1 (Software independent watchdog) 
     IWDG_STOP    : 0x1 (IWDG counter active in stop mode) 
     IWDG_STDBY   : 0x1 (IWDG counter active in standby mode) 
     WWDG_SW      : 0x1 (Software window watchdog) 
     SWAP_BANK    : 0x0 (Bank 1 and bank 2 address are not swapped) 
     DBANK        : 0x1 (Dual-bank Flash with contiguous addresses) 
     BKPRAM_ECC   : 0x1 (Backup RAM ECC check disabled) 
     SRAM3_ECC    : 0x1 (SRAM3 ECC check disabled) 
     SRAM2_ECC    : 0x1 (SRAM2 ECC check disabled) 
     SRAM2_RST    : 0x1 (SRAM2 is not erased when a system reset occurs) 
     nSWBOOT0     : 0x0 (BOOT0 taken from the option bit nBOOT0) 
     nBOOT0       : 0x1 (nBOOT0 = 1) 
     PA15_PUPEN   : 0x1 (USB power delivery dead-battery disabled/ TDI pull-up activated) 
     IO_VDD_HSLV  : 0x0 (High-speed IO at low VDD voltage feature disabled (VDD can exceed 2.5 V)) 
     IO_VDDIO2_HSLV: 0x0 (High-speed IO at low VDDIO2 voltage feature disabled (VDDIO2 can exceed 2.5 V)) 

   Boot Configuration:

     NSBOOTADD0   : 0x100000  (0x8000000) 
     NSBOOTADD1   : 0x17F200  (0xBF90000) 

   Write Protection 1:

     WRP1A_PSTRT  : 0xFF  (0x81FE000) 
     WRP1A_PEND   : 0x0  (0x8000000) 
     UNLOCK_1A    : 0x1 (WRP1A start and end pages unlocked) 
     WRP1B_PSTRT  : 0xFF  (0x81FE000) 
     WRP1B_PEND   : 0x0  (0x8000000) 
     UNLOCK_1B    : 0x1 (WRP1B start and end pages unlocked) 
OPTION BYTES BANK: 1

   Write Protection 2:

     WRP2A_PSTRT  : 0xFF  (0x83FE000) 
     WRP2A_PEND   : 0x0  (0x8200000) 
     UNLOCK_2A    : 0x1 (WRP2A start and end pages unlocked) 
     WRP2B_PSTRT  : 0xFF  (0x83FE000) 
     WRP2B_PEND   : 0x0  (0x8200000) 
     UNLOCK_2B    : 0x1 (WRP2B start and end pages unlocked) 
Flash memory blank checking...

[==================================================] 100% 
Time elapsed during the blank check operation is: 00:00:00.015

Warning: Flash memory is not empty at 0x08000000.

As you can see, the RDP level is still 0 (and later on I could still dump all memories).

On the same board I have been able to set RDP level 2 without password using the GUI version (STM32CubeProgrammer), so the setup was right.