It appears to be some kind of DNSSEC misconfiguration.
Whereas the root domain works OK: https://unboundtest.com/m/CAA/denhelderactueel.nl/QPXQMQ2F,
the www. variant does not validate: https://unboundtest.com/m/CAA/www.denhelderactueel.nl/CHDYDF7A
The error code meaning is as follows, but I am unsure on the exact implications. Perhaps somebody else can help here:
BOGUS means that the object (RRset or message) failed to validate (according to local policy), but should have validated.
I found a similar thread here: CAA SERVFAIL on subdomain - #10 by Jan-E but it did not have a positive resolution.