I think you are a little confused. The answer to the question "How to correctly implement the distribution of the Internet to private ip?" will be - NAT, which is already there. You, as I understand it, want to understand how to distribute a white subnet to machines behind Mikrotik (formally, they are in a local, non-routable subnet).
Let's say that 10.10.10.0/28 is a white subnet from provider
1. Yes, this is not NAT and masquerading will not work.
In theory, the white subnet is routed quite easily:
It is necessary for the LAN interface of the Mikrotik, which is physically connected to the local network, to assign an address from the white subnet, let it be 10.10.10.1/28 without specifying a gateway.
It should now be accessible from the internet.
2. How to issue addresses is not the point, at least register with your hands. To distribute addresses, you need to assign any free IP from the white subnet to the end machine, let it be the next one - 10.10.10.2/28 and specify the Mikrotik interface (10.10.10.1) as the LAN gateway.
Now this machine should be available from the Internet.
PS: I don't know how to specifically implement it on Mikrotik. I hope the direction of thought is clear. Described more than once carried out on Linux.

You probably misunderstood me, the bottom line is that not all users need real ip, hence it follows that some of them will be on private ip, respectively, they need to be natted somehow, but I don’t know how to do it correctly on one piece of iron.

And if you use the netmap feature?