Proxy ARP is simple. With config like yours, ISP has 18.104.22.168/28, then you have e.g. 22.214.171.124/28 on your router, and it's regular subnet and works well. If you want to route e.g. 126.96.36.199 further behind your router, you can easily do that using any of methods I listed. Your router won't have any problem with that, because it will know where 188.8.131.52 is. But ISP's router expects 184.108.40.206 to be directly reachable, same way as 220.127.116.11. But it isn't, so when ISP's router sends ARP request, nothing will respond and it will think that the address is unreachable. And that's what proxy ARP is for, it allows your router to respond and tell ISP's router that it has 18.104.22.168. It's not completely true, because it doesn't have it, but it knows where it is, so when ISP's router sends IP packet with destination 22.214.171.124 to yours, it will be correctly forwarded to real 126.96.36.199.
To enable it, you can either set arp=proxy-arp on interface connected to ISP's router (VLAN 10), or you can expose just a single address using:
add address=188.8.131.52 interface="VLAN 10" published=yes
Main difference between this and bridging client directly to ISP is that this is regular routing, so everything will be passing through firewall and you can easily block something, if needed. With bridging it's possible too, but it would be slightly different.