In short yes its fine.
You can probably just go to the host you're connecting to in your browser anyway and download that same certificate. It's a public piece of information, you pin the certificate to verify that no 3rd party has intercepted the request (effectively a man in the middle attack) and messed with the data - they would have to re-encrypt the data with a certificate that would be different from the one you were expecting. Your app would then see this and abort the request.
What you don't want to do it bundle the private key of the certificate (there might be a better name for it) as then an attacker could use this to resign any intercepted requests with your certificate/key and imitate your server.
The only down side is that when the certificate expires you'll need to update the app bundling the new certificate with it.