You can verify diasp.org Warrant Canary status with this command on your system console

delv _canary.diasp.org txt +short
OR
dig _canary.diasp.org txt +short (this will get you results without validating the DNSSEC is valid)

You would get a response of:
"version=canary1; warrants=0; date=20190814; expires=20191214;"

Meaning:
version= DNS Warrant Canary Version
warrants= number we have been issued
date= YYYYMMDD of when this was issued
expires= YYYYMMDD of when this expires, if expired then canary is dead

Running with +vtrace to validate the RRSIG:
delv _canary.diasp.org txt +vtrace
; fully validated _canary.diasp.org. 74543 IN TXT "version=canary1; warrants=0; date=20190814; expires=20191214;" _canary.diasp.org. 74543 IN RRSIG TXT 10 3 86400 20191205000000 20191114000000 34464 diasp.org. vMDLav2OduxD2mY/0qDgf6Z+oyHA6wsPBGHvJjjq8z+8i88pycXrpJS8 K4kp9WHXpvTy/h7diGw+SegYkKxnWJzppJwqrBTIzd6sjLeQ1XTwNH7y p9UGQLTflj5qEhJD5zxRBvHTWlMu5Mt31gGjESX7RrQh3nH36sr9rJbN dEsBpjH00GU22RSTZLDWUEMjpbx3e5EVwcAyffEA55GS1oD7S2eP0Py7 QM4QiOeELQ9BG+q4M2lhZsxBtteRxoOGawcgoMCIfZtfEDcyeih0fMN1 LduYiAOC7XC+QKhsXatSqBLqeT+b/+XOa0VxN0Tr3wziObTPFsJc5Vxw cJWHeg==

Validate my identity on Keybase