Yubikey 4 comes with 5 programmable slots capable of holding X.509 certificates, together with it's accompanying private key. The other 20 remaining slots are used for Retired Key Management, which allows decryption of earlier encrypted documents or emails using retired keys.
Each slot has a predestined use case, including a default PIN and touch policy. However, these are merely indicative and may be overwritten.
Slot 9a: PIV Authentication
Authenticates the smart card and the cardholder (e.g. OS logins, ssh, WiFi, OpenVPN, curl, Android code, Mac code, automatic screen locking). By default, PIN is required once and may be re-used for subsequent operations.
Slot 9c: Digital Signature
Signs objects (Android codesign, Mac codesign, storing intermediate CA private key). By default, PIN is required for each signing operation.
Slot 9d: Key Management
Encrypts object for the purpose of confidentiality. By default, PIN is required once and may be re-used for subsequent operations.
Slot 9e: Card Authentication
Authenticates against physical access applications (e.g. door locks). By default, PIN is not required.
Slot f9: Attestation
Attests other slot keys were generated on the device.