Proxy ARP is simple. With config like yours, ISP has 184.108.40.206/28, then you have e.g. 220.127.116.11/28 on your router, and it's regular subnet and works well. If you want to route e.g. 18.104.22.168 further behind your router, you can easily do that using any of methods I listed. Your router won't have any problem with that, because it will know where 22.214.171.124 is. But ISP's router expects 126.96.36.199 to be directly reachable, same way as 188.8.131.52. But it isn't, so when ISP's router sends ARP request, nothing will respond and it will think that the address is unreachable. And that's what proxy ARP is for, it allows your router to respond and tell ISP's router that it has 184.108.40.206. It's not completely true, because it doesn't have it, but it knows where it is, so when ISP's router sends IP packet with destination 220.127.116.11 to yours, it will be correctly forwarded to real 18.104.22.168.
To enable it, you can either set arp=proxy-arp on interface connected to ISP's router (VLAN 10), or you can expose just a single address using:
add address=22.214.171.124 interface="VLAN 10" published=yes
Main difference between this and bridging client directly to ISP is that this is regular routing, so everything will be passing through firewall and you can easily block something, if needed. With bridging it's possible too, but it would be slightly different.