Your ClientID doesn’t have authorisation to read subscription information for the requested broadcaster ID.
You need to do a user authentication flow for that broadcaster to obtain permission.
So: obtain a User Access Token with the relevant scopes via a normal oAuth (the discard it or keep it, I usually keep it so I can do “my service was down” catch ups and resyncs)
Then use your App Access Token (no user attached) to create the subscriptions
I wrote futher on the duality of EventSub here: