I did some more digging and the reason for the attack is still unknown. The attacker tried to use ROAs to hijack routes unsuccessfully, which could have caused lots of bigger problems. In a detailed report by Doug Madory, he said the following:
I suspect, at first, the person was just seeing what they could do in the account. Maybe they assumed that it might be monitored and they would get kicked out after doing some innocuous things. But over time they got more daring until they decided to cause a major outage to get the provider’s attention about their poor security practices. I don’t think the objective was solely to cause an outage, but I’m really just speculating.
Some more news outlets covering the hack:
https://www.securityweek.com/ripe-account-hacking-leads-to-major-internet-outage-at-orange-spain/