Ah, surely the output is wrong, as per the specifications:
The join-accept message itself is encrypted with the AppKey as follows:
aes128_decrypt(AppKey, AppNonce | NetID | DevAddr | DLSettings | RxDelay | CFList | MIC)
So, one will need the secret AppKey to properly decode a Join Accept. Your node should have the correct key, as it successfully created a Join Request with that:
The message integrity code (MIC) value [...] for a join-request message is calculated as follows:
cmac = aes128_cmac(AppKey, MHDR | AppEUI | DevEUI | DevNonce)
MIC = cmac[0..3]
If the AppKey in your node were wrong, then TTN would have rejected the MIC, and hence would have rejected the Join Request and would never have sent the Join Accept.
So, assuming the gateway transmitted the Join Accept, I guess the node somehow did not receive it.