Not certainly in that way. Actually you have a pair of keys. And with a private key it is technically possible to sign anything, even a different certificate. But the purpose of your key is not signing other keys, but SSL/TLS authentication. This is indicated in the certificate itself, which you received from the CA.
If a CA issued you a certificate with the purpose of "certificate signing" (and preferably "CRL signing"), then you could sign other certificates. But this is not possible for obvious reasons.
Another limitation that will prevent you from issuing certificates is the length of the validation path, which is also most likely specified in your certificate (or CA certificate). The certificate you issued is an end user certificate.
CAs issue only such certificates to clients. This is the essence of web trust.

I will answer myself.
As far as I understand, in order to generate an x509 client certificate, you need to sign the client key with a SA private key.
Because the authorization center gives me only a domain certificate and an open CA certificate, but it won’t give up its private key, then only the center can create a client certificate based on a valid domain certificate.
I'm left with the self-signed object scheme.
Correct me if I'm wrong.