I assume that the only thing the server checks, is that wether the IP on the certificate matches the one for the current TCP/IP connection, …
That is very likely a thing the server does not check. Client certificates at least for HTTPS are usually not issued for a domain or IP, but for a user – because they are used to authenticate a user and not a system.
… that the certificate is signed by an authority the server trusts
This should be checked.
Additionally one might check for a specific subject of the certificate or the web application might decide based on the subject which user this is.