The txt records starting with ca3 are used for certificate validation. Cloudflare need to confirm to the Certificate Authority that they are authorised to issue certs, and that is now it is done.
Visit crt.sh and search for your domain names. See if any certs look wrong. It looks to me like you are issuing a Let’s Encrypt cert (possibly for your Origin), a cPanel cert for a mail server, and RSA and ECC certs for your Cloudflare account.
If you are concerned about Certificate mis-issuance, you should do two things.
- Create DNS CAA records.
- Subscribe to a Certificate Transparency Service. Cloudflare can do this, but with a lot of domains and a lot of certs it can get noisy. There are other tools available that can flag only those certs you don’t already know about.
Other than the TXT records, were there other things that make you think your account was compromised?