You state that the lookup matches on the longest netmask. In my testing this does not work.
If there are multiple CIDR networks matching there is no result.

Thanks for letting me know. The behaviour of CIDR lookups isn't clearly documented; through testing at the time of development this was the behaviour exhibited, so I suspect it may have been changed in recent versions of Splunk. Will investigate further.