Reply to comment:

XioNoX
The chain of events is already above, the commands (it's really only openssl, webapp and then whois to verify). The openssl commands are well explained there: https://www.arin.net/resources/rpki/faq.html#keypairgeneration and https://www.arin.net/resources/rpki/faq.html#roarequestsigning Which should be the (quite) same process with RIPE. I also didn't have to look at the routers, as our public IP allocations are documented well enough.