As someone who has done this I take issue with characterizing the certificates as stolen. I exploited a security vulnerability in the device's web UI to extract them, from a piece of equipment I paid for. Its my equipment the provider required me to buy it for service, I can do with it as I please.
I would be in agreement with it if we were using all this to steal service, we just don't want to use their unstable and unacceptable equipment.
Having recently cancelled AT&T fiber service, their router (Arris BGW210-700) was definitely still AT&T property and they seemed to have every intention of collecting it from me. They had been charging $10/mo "equipment rental" fees for the entire time.
When the prepaid shipping box never arrived, I called them and inquired. The representative told me that, since it was 5+ years old, they didn't want it and I should throw it out as e-waste. I still have it in a closet somewhere.
Might be a regional difference, but in my case I never felt that the box was mine.
I would be in agreement with it if we were using all this to steal service, we just don't want to use their unstable and unacceptable equipment.