You can verify Warrant Canary status with this command on your system console

delv txt +short
dig txt +short (this will get you results without validating the DNSSEC is valid)

You would get a response of:
"version=canary1; warrants=0; date=20200922; expires=20210614;"

version= DNS Warrant Canary Version
warrants= number we have been issued
date= YYYYMMDD of when this was issued
expires= YYYYMMDD of when this expires, if expired then canary is dead

Running with +vtrace to validate the RRSIG:
delv txt +vtrace
; fully validated 3599 IN TXT "version=canary1; warrants=0; date=20200922; expires=20210614;" 3599 IN RRSIG TXT 8 3 3600 20210120222806 20201022222806 2106 MJlEZhdPQ0/ICg9UKy9D8NZNCvLrh9JjHcwsh1gFr1oEyIHBLSWPCbmq ffcohzzyrqZYdYTsAE90lZ27SLAjnvotgxbba59xqu2iFWTLYvDqeiEN QdEm+FrKXtLsjEhXNlEeOuGYsjvMpkUG3E0tMpzvB87sjE4gVhnJ59Nx Tr0=

Validate my identity on Keybase