Thanks a lot @scelikok for letting me know about "mvexpand", its really helpful.
I am sorry earlier I forgot to mention one more field "certname" in this table. if I am adding this field now in this table, its showing 1 set of results for 1 date. Please help how to add certname field in this table?

You need to explain how the field field certname is matched with field t1 in raw data.  I assume that they come in the exact same order.  You also want to explain how you want the result presented, preferably with illustration.  Assuming that the base date is always "today", and you want to present data for each certname.

Now, if you run Splunk 8 and above, you can use JSON functions in mvexpand.

index="cds_prod_app" sourcetype=httpevent source="lambda:dip-prod-certs-validity-Splunk"
| table expiry certname
| eval idx = mvrange(0, mvcount(expiry))
| eval certexpiry = mvmap(idx, json_object("certname", mvindex(certname, idx), "expiry", mvindex(expiry, idx)))
| mvexpand certexpiry 
| eval expiry=strptime(json_extract(certexpiry, "expiry") "%d-%m-%Y")
| eval certname = json_extract(certexpiry, "certname")
| eval diff = round((expiry - now())/86400)
| eval todaydate=strftime(now(), "%d-%m-%Y")
| table certname expiry, todaydate, diff

If you use 7 or earlier, the traditional zip and split still works.

index="cds_prod_app" sourcetype=httpevent source="lambda:dip-prod-certs-validity-Splunk"
| table expiry certname
| eval certexpiry = mvzip(certname, expiry, ":zip:")
| mvexpand certexpiry
| eval certexpiry = split(certexpiry, ":zip")
| eval expiry=strptime(mvindex(certexpiry, 0) "%d-%m-%Y")
| eval certname = mvindex(certexpiry, 1)
| eval diff = round((expiry - now())/86400)
| eval todaydate=strftime(now(), "%d-%m-%Y")
| table certname expiry, todaydate, diff

thank @yuanliu its working. got to know new "json" functions. thanks for that.