To be more specific I have a request from a client to block China's IP range. I know how to do this. I would use the IPs from https://www.countryipblocks.net/e_country_data/CN_netmask.txt and make a ACL. Well if you take a look at that there are 3,412 networks I would have to block.
What I'm really asking is there a way around making a super large ACL? If it was contiguous IP space I could just supernet but that is not the case.
If a gigantic network object group is more to your liking than a gigantic ACL, then I guess that'd be the other option. It's the same level of ugly in the command line and in execution, but it'd make it prettier in ASDM, I suppose.
Be very careful of blanket blocks of countries; I've seen it cause some interesting issues. ("Why can't I get to Windows Update?" "Oh, you're hitting an Indonesian server, and someone blocked all of Asia")
I've created a script where all you have to do is choose an authority and it'll give you the configuration to drop into the ASA. It's incredibly accurate.
regional-asa
You can block or allow a specific region if you want. I'll be updating it soon to do specific countries but now it does authorities like ARIN, RIPE, APNIC, etc.