The opt-out page (simplified URL is https: //sellercentral.amazon.com/rafn/optout) shouldalways throw a 404 Error if the SoA Account is not enrolled, so your result is the expected behavior.
The “Invalid Access” blurb being added to that 404 page is almost undoubtedly due to this:
Indeed! This 040124 ‘compilation’ post to another SAS thread on the same subject explains the four most-important things to keep an eye on: