I want to understand my DMARC record. I've done some reading online but I don't understand why in the <policy_evaluated> tag , spf fails but after when they are detailed it actually passes.

<record>
    <row>
      <source_ip>2607:f8b0:400c:c05::230</source_ip>
      <count>1</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>pass</dkim>
        <spf>fail</spf>                           <-- here
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>xxxxx</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>xxxxx</domain>
        <result>pass</result>
        <selector>default</selector>
      </dkim>
      <spf>
        <domain>xxxxx</domain> 
        <result>pass</result>                     <-- here
      </spf>
    </auth_results>
  </record>

Also on a different record I have a soft fail :

<auth_results>
      <dkim>
        <domain>xxxxx</domain>
        <result>pass</result>
        <selector>default</selector>
      </dkim>
      <spf>
        <domain>xxxxx</domain>
        <result>softfail</result>                 <-- here
      </spf>
    </auth_results>

The probable cause of the discrepancy between <policy_evaluated><spf> & <auth_results><spf><result> is that your envelope "mail from" & your header "from" are not on the same domain. <policy_evaluated><spf> is the SPF alignment test, which verifies that both the "From" field in the message header & the RFC 5321 "MAIL FROM" are from the same domain, whereas <auth_results><spf><result> only tests whether or not the sending MTA is an authorised sender for the domain in the domain in the RFC 5321 "MAIL FROM".

There's a good answer here: DMARC -spf and DKIM record queries