Greg Rose writes:

You get the routers to create valid-looking certificates for the endpoints, to mount man-in-the-middle attacks.

This is relatively easy for home routers, since the self-signed certs they're configured with are frequently CA certs. In other words they ship from the factory in a MITM-ready state. Peter.