Meanwhile I found out there is probably no way of finding out which AWS ranges are actually used by Netflix, as they even don’t seem to know themselves (https://blog.thousandeyes.com/how-netflix-tracks-ip-addresses-within-aws/)
But I did find that this:
aws_ranges=$(curl -s https://ip-ranges.amazonaws.com/ip-ranges.json | grep ip_prefix | cut -d"\"" -f4 | sort -u)
contains ‘only’ 1045 ranges, and with those, Netflix still seems to work. Better, but still not satisfying…
If anyone knows of a method to call this script when Netflix plugin is started? please let me know. Then I may be able to add/remove those routes when starting/exiting the Netflix plugin.
For those interested, I updated my post [HowTo] Permanent NordVPN tunnel on OSMC to contain my findings on using the Netflix plugin in combination with a VPN.