My use case is using EAP-TLS, and clients authenticating using X509 certificates.

I know that certificate authentication is bread and butter for Radius, but I have a more granular requirement.

The user certificates are setup according to different countries, and cities etc where the users are based, e.g. within the Subject field is an attribute C=GB or C=US etc.  
I need to be able to allocate US users to one range of IP addresses, and UK users to another range of IP addresses - based solely on those attributes.

Is this possible?  Can it be done in configuration, or would it require coding?

Many thanks

Janet