They will be able to view the public certificate but will not be able to sign or decrypt anything because they do not have the corresponding private key, which is never sent over the wire.
HTTPS protects against MITM attacks.
When the owner of the domain originally obtained a certificate, the obtained signed attestation from a trusted provider that they were able to field requests to that domain. Those requests can come from anywhere and are not possible to MITM. This attestation pertains to a public key/private key pair.
