To ask someone to prove that he owns a specific address, you have several options.
Ask the wallet owner to send a transaction to your wallet with a random amount of your choice.
The risk of this method is that the verification will happen on-chain, publicly. Malicious actors could find a way to attack and exploit this process.
Another drawback of this method is that it will cost some XTZ tokens for transaction fees.
Choosing the data to sign
In the situation where sending a transaction is not possible, you can use the tezos-client for that. The first step is to pick the data we want the buyer owning the wallet to sign, it could be the ID of a Hic et Nunc NFT he owns, for example: OBJKT#63886
Converting the data to hexadecimal for the tezos-client