We don’t publish a list of IP addresses we use to validate, because they may change at any time. In the future we may validate from multiple IP addresses at once.
HTTP-01 validation ultimately is not compatible with the practice of dropping traffic from hosts you consider malicious. In future Let's Encrypt will make simultaneous requests from multiple networks in order to defend against possible MITM attacks - so if you are blocking hosts for harmless (and easy to identify) automated traffic, it's not going to go well.