As previous comment from @MichaelM explains, flow log tcp flags can be combined. It is really hard to parse numeric tcp flags, that's why I created my own tool to create and query flow logs, where I convert these numeric flags to actual tcp flags - https://github.com/pete911/flowlogs.

If you are not interested in the tool, this is the place where the parsing (from binary to flag) happens - https://github.com/pete911/flowlogs/blob/main/internal/aws/query/tcp.go#L37. Hopefully this helps to illustrate how it works and/or to create your own parser.