There are two permissions available for granting the ability to create application registrations, each with different behavior.
microsoft.directory/applications/createAsOwner: Assigning this permission results in the creator being added as the first owner of the created app registration, and the created app registration counts against the creator's 250 created objects quota.
microsoft.directory/applications/create: Assigning this permission results in the creator not being added as the first owner of the created app registration, and the created app registration won't count against the creator's 250 created objects quota. Use this permission carefully, because there's nothing preventing the assignee from creating app registrations until the directory-level quota is hit. If both permissions are assigned, this permission takes precedence.
Microsoft Identity Platform
https://learn.microsoft.com/en-us/entra/identity-platform/v2-overview
Microsoft Azure RBAC documentation
https://learn.microsoft.com/en-us/azure/role-based-access-control/
Microsoft Entra roles documentation
https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/