Keep in mind the CLI is just a wrapper for API calls.
In general, the flow is something like this:
- Login, which gives you a session ID
- Perform tasks
- If edits/additions were made, then you must publish (or discard) those changes
- Logout, which clears the session
Other than the login, every call needs a session ID passed.
Or, if you're using the CLI from the Security Management server, you can avoid all that by using a -r true to the command instead 
To break down my command: mgmt_cli --session-id $SID --format json show group name group_name show-as-ranges true
- --session-id $SID says to use the session ID specified in the $SID shell variable (I had set this previously)
- --format json says to give JSON output
- show group name group_name show-as-ranges true shows the group group_name with the output in ranges (show-as-ranges true).
Unfortunately, that feature (show-as-ranges true) was added in API version 1.3, which corresponds to R80.20, not R80.10.
I should have checked that before providing you a solution, my apologies.
In any case, it's easy enough to get the members of a group using:
That will output (in JSON) the list of all objects in a group.
All groups are referred to by UID.
To parse that and get all the IPv4 and IPv6 addresses in said group:
Note this will be in the format IPv4 Address,IPv6 Address (an object can have both)
To get all the networks, we have to parse IPv4 and IPv6 networks and netmasks (output in this case is CSV format):
mgmt_cli -r true --format json --version 1.1 show group name test-group details-level full | jq -r '.members[] | select(.type=="network") | [.subnet4, ."mask-length4", .subnet6, ."mask-length6"] | @csv'
To get all the uids of the groups contained in my group (the API does not return names, only UIDs in this case):
Now you can repeat the above using the group(s) identified except you use "uid whatever" instead of "name test-group".
Hopefully that's enough to help you get started.
