csaf_validator has an option:

  -o AMOUNT, --output=AMOUNT  If a remote validator was used, display the results in JSON format

AMOUNT:
all: Print the entire JSON output
important: Print the entire JSON output but omit all tests without errors, warnings and infos.
short: Print only the result, errors, warnings and infos.

So someone sees the reason if a validation fails, e.g.

~/csaf-3.3.0-gnulinux-amd64/bin-linux-amd64/csaf_validator  --validator=http://localhost:8082 -o important bsi-2022-0001_invalid.json 
"bsi-2022-0001_invalid.json" passes the schema validation.
2025/10/16 15:43:15 bsi-2022-0001_invalid.json: filename bsi-2022-0001_invalid.json does not match document/tracking/id "BSI-2022-0001".
isValid: false
tests:
  name: mandatoryTest_6_1_9
  isValid: false
  errors:
    instance path: /vulnerabilities/0/scores/0/cvss_v3/baseScore
    message: invalid calculated value
"bsi-2022-0001_invalid.json" does not pass remote validation.

Downloader and checker also should have such an option (hopefully with a better abbreviation as -o often gives the output file).
And the default should be "important" so that the reason for rejection is known.