I saw some unwanted logins and decided that I will block all traffic accept from my home and locations I trust. I'm using hosts.allow and hosts.deny to achieve this. I need to know the range of IP's that Digital Ocean may use to login to my droplet for maintenance reasons.
I do not think Digital Ocean needs to login to your droplet for any reason. They have access to the physical machines, which is as far as their maintenance goes.
You should consider spending a day getting to know IPTables, which will give you better control over this sort of thing.
With IPTables, you can lock down specific ports (like your ssh port) for only your IP, and leave your web ports (80 and 443) open for public (if you have a web-server)
It took me about a day to wrap my head around IPTables, but once I had the basic idea I have a much easier time locking my droplets.