Is there a way to determine the Support plan usage level of the organization's sub-accounts?

ATM There seems to be no CLi for checking support levels.

However, using a tip from this SO post https://stackoverflow.com/questions/54730858/can-the-aws-support-plan-be-changed-via-cli-api heres a Bash script you could run from the management account as long as you can assume a common role in each other account.

Requires jq, bash, cli and role in every sub account

#!/bin/bash
#User configurable variables
roletoassume="OrganizationAccountAccessRole"

accounts=$(aws organizations list-accounts --query "Accounts[*].Id")
account=$(aws organizations describe-organization |jq .Organization.MasterAccountId | tr -d '"')
masteraccount=$account


SUPPORT_STATUS=$(eval aws support describe-severity-levels --region us-east-1 2>&1)
    if [[ "$SUPPORT_STATUS" == *"SubscriptionRequiredException"* ]]; then
        echo $account,"No Support Enabled for account"
    elif [[ "$SUPPORT_STATUS" == *"AccessDeniedException"* ]]; then
        echo $account,"Access denied or roles not properly setup"
    elif [[ "$SUPPORT_STATUS" == *"critical"* ]]; then
        echo $account,"Enterprise Support already enabled for account..."
    elif [[ "$SUPPORT_STATUS" == *"urgent"* ]]; then
        echo $account,"Only Business Level Support enabled for account..."
    elif [[ "$SUPPORT_STATUS" == *"high"* ]]; then
        echo $account,"Only Developer Level Support enabled for account..."
    fi

echo $accounts | jq -c .[]| while read i;
do
        account=$(echo $i | tr -d '"')
        if [[ "$account" != "$masteraccount" ]]
        then
                sts=$(aws sts assume-role --role-arn arn:aws:iam::${account}:role/${roletoassume} --role-session-name mysession)
                var=( $(echo $sts | jq '.[] | .AccessKeyId, .SecretAccessKey, .SessionToken') )

                export AWS_ACCESS_KEY_ID=$(echo ${var[0]} | tr -d '"')
                export AWS_SECRET_ACCESS_KEY=$(echo ${var[1]} | tr -d '"')
                export AWS_SESSION_TOKEN=$(echo ${var[2]} | tr -d '"')

                SUPPORT_STATUS=$(eval aws support describe-severity-levels --region us-east-1 2>&1)
                if [[ "$SUPPORT_STATUS" == *"SubscriptionRequiredException"* ]]; then
                        echo $account,"No Support Enabled for account"
                elif [[ "$SUPPORT_STATUS" == *"AccessDeniedException"* ]]; then
                        echo $account,"Access denied or roles not properly setup"
                elif [[ "$SUPPORT_STATUS" == *"critical"* ]]; then
                        echo $account,"Enterprise Support already enabled for account..."
                elif [[ "$SUPPORT_STATUS" == *"urgent"* ]]; then
                        echo $account,"Only Business Level Support enabled for account..."
                elif [[ "$SUPPORT_STATUS" == *"high"* ]]; then
                        echo $account,"Only Developer Level Support enabled for account..."
                fi

                unset AWS_ACCESS_KEY_ID
                unset AWS_SECRET_ACCESS_KEY
                unset AWS_SESSION_TOKEN

        fi
done