As @schoen mentioned, the IP addresses for validation requests are unpredictable by design in order to make it harder for an attacker to spoof the response, for example by hijacking specific routes, which becomes significantly harder once those routes are unpredictable. As an example, in the future, validation requests might be sent through Tor or a set of geographically diverse proxy servers. Offering any sort of API that returns those IP addresses would make this ineffective.
DNS-based validation via dns-01 would be a better fit for non-public/restricted networks, and can be automated fairly easily with many popular DNS providers (like Route 53 or Cloudflare).