I think you'll more likely get answers in ePO so have moved it there.
Sadly, they were supposed to link the detected subnet to the sensor in the latest version but never did. Your best hint is to find the sensor(s) proving the coverage. But typically, those subnets are best ignored.
The detections could be dhcp or agent, neither of which will provide any insights.
In the past we have seen network provider equipement showing internal addresses intenally...
Any update on this? In some cases it is impossible to locate a detected rogue without knowing which detector found it.