Instead of setting CAP_NET_RAW on the binary, why not have systemd give the service the capability at runtime? The blackbox exporter isn't something that you run from the CLI much anyway is it?
Here's what part of my service file looks like:
[Service]
User=blackbox_exporter
Group=blackbox_exporter
AmbientCapabilities=CAP_NET_RAW
ExecStart=/opt/blackbox_exporter/blackbox_exporter --config.file /opt/blackbox_exporter/config.yaml --log.level debug