Why ranges don't fit in one block
Firewalls, cloud security groups, route tables and ACLs speak CIDR; humans and abuse reports speak ranges ("block 203.0.113.5 through 203.0.114.80"). A CIDR block must be a power-of-two size and start on a boundary aligned to that size, so an arbitrary range rarely maps to a single block; it decomposes into several. This tool computes the provably minimal set: at each step it takes the largest block that both starts at the current address's alignment and fits inside the remaining range.
Reading the output
A perfectly aligned range collapses beautifully, 192.168.0.0–192.168.1.255 is exactly 192.168.0.0/23. An awkward one fragments: a range starting at .5 must begin with a /32, then a /31 aligned at .6, a /29 at .8, and so on, growing block sizes until the midpoint and shrinking again toward the end. If the output looks longer than you expected, that's not a bug; it's arithmetic. Nudging the range to friendlier boundaries (start at .0, end at .255) often halves the rule count, worth doing when you control the range definition.
Practical notes
Most firewalls handle a dozen rules without blinking, but some platforms cap entries per security group or per ACL, which is when minimality matters. Going the other direction (you have a CIDR and want the range) use the subnet calculator on this site. And when aggregating multiple ranges, watch for adjacency: 10.0.0.0/25 plus 10.0.0.128/25 is just 10.0.0.0/24, and collapsing such pairs keeps rulesets auditable.