RADIUS attribute from rfc5904


PKM-CA-Cert

The PKM-CA-Cert Attribute is variable length and MAY be
      transmitted in the Access-Request message.  The Value field is of
      type string and contains the X.509 certificate  used by
      the CA to sign the SS certificate carried in the PKM-SS-Cert
      attribute () in the same message.

      The minimum size of a CA certificate exceeds the maximum size of a
      RADIUS attribute.  Therefore, the client MUST encapsulate the
      certificate in the Value fields of two or more instances of the
      PKM-CA-Cert Attribute, each (except possibly the last) having a
      length of 255 octets.  These multiple PKM-CA-Cert Attributes MUST
      appear consecutively and in order within the packet.  Upon
      receipt, the RADIUS server MUST recover the original certificate
      by concatenating the Value fields of the received PKM-CA-Cert
      Attributes in order.

   A summary of the PKM-CA-Cert Attribute format is shown below.  The
   fields are transmitted from left to right.

                          1                   2
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
      |    Type       |      Len      |    Value...
      +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

   Type

      138 for PKM-CA-Cert

   Len

      > 2

   Value

      The Value field is variable length and contains a (possibly
      complete) portion of an X.509 certificate.