Unless you are an ISP, it makes zero sense to use (large) permanent blacklists. So, this is anything but a common use case for a SOHO device, no matter who you get it from.
However, you could get any Ubiquiti Edgerouter, including the similarly priced Edgerouter X. That has 256 MB NAND, full OpenVPN support, and much more advanced Active Queue Management like fq-codel (Fair Queuing with Controlled Delay) up to around 100-120 Mbit/s WAN-LAN - very useful to combat bufferbloat and acting as an efficient set-it-and-forget it QoS option. It is also much more user friendly for typical SOHO tasks than any Mikrotik and it is a relatively open platform so you can customize it more, if needed.
The Edgerouter X and X SFP, however, are limited to 1 Gbit/s aggregate, unlike hEX or hAP ac2.
Also, in the end you may sorely miss Winbox, especially the second you start doing any non-typical task.