You can verify Warrant Canary status with this command on your system console

delv txt +short
dig txt +short (this will get you results without validating the DNSSEC is valid)

You would get a response of:
"version=canary1; warrants=0; date=20191122; expires=20200614;"

version= DNS Warrant Canary Version
warrants= number we have been issued
date= YYYYMMDD of when this was issued
expires= YYYYMMDD of when this expires, if expired then canary is dead

Running with +vtrace to validate the RRSIG:
delv txt +vtrace
; fully validated 5072 IN TXT "version=canary1; warrants=0; date=20191122; expires=20200614;" 5072 IN RRSIG TXT 10 3 86400 20200423000000 20200402000000 34464 lb3t68BeDxGIh+S3gLwfDEGSwd0Oay6OHh1pU/knEXuVX1AjiIaSU1gc XSQguJ0J/Xn/hzOXX2s3GyAZVFkvXFUe6wHHCWuVghSJtkqu+JEPxHJI dl/pwDfMfS0fJYHSkgX/sHWZfZHumlOvWeoCQUGnwpfUVxnFzRdX3U4c svmcdyHMR41BGuUcxTX0We2Ff4Jcu+uKgvkpZvmMF5Xa/1LnpmGwsfvc f99XVbFu2LVz6r7+8yvErUYpLwFNxukLUyHVSTYqXxT2VINd5lGjafi1 ce/hSh3J7LOjPu6wZkp6/ebVUTMM9M/YFmdjQFr2Nu1UKmGNrEFMY1+R E1xJ1g==

Validate my identity on Keybase