This is somewhat normal, as Windows systems always create a self-signed TLS certificate for Remote Desktop (unless they're on Active Directory with AD CS available, in which case they might use the domain's internal CA).

While it is possible to install a globally-trusted certificate, practically nobody does that, so on standalone systems you will nearly always see the "Not a trusted CA" warning, and you will end up ticking the box to remember this individual certificate instead.

Windows 10 systems also tend to regenerate their Remote Desktop certificate even if it hasn't expired yet – it most likely happens during full OS upgrade, i.e. the old certificate is probably discarded whenever a new Windows release is being installed.

You cannot view the previous certificate on your client, as it only remembers the SHA-1 fingerprint, not the complete certificate. Most likely you cannot view the old certificate on the server either, as the change is often caused by the old certificate having been discarded.

However, you can view the current certificate on the server by running certlm.msc (on the physical screen, of course, not via RDP) and compare its fingerprint to what's being shown by your RDP client.