Is there a way to know among all the LMP keys loaded via CAIRIM (the CAS9 procedure) which ones are valid and being used on the LPAR? 

Reviewing the output from the execution of the CAS9 procedure will reveal which LMP keys were valid for a particular LPAR. The keys that are valid will generate a "CAS9190I - PRODUCT (xx) KEY ACCEPTED" message. Invalid or expired keys will generate a message indicating such, and keys that are for a different CPU but otherwise "valid" will result in no message generated.

Also available is the CAIRIMU PROD command. This command can be issued from the TSO COMMAND line to get a list of valid LMP keys. 

To determine which KEYS are actually being used on a particular LPAR, the easiest method is to set LMPEXIT=YES in the CARIMPRM member referenced by the CAS9 procedure. By default, this "LMP Key check invocation exit" will generate a WTO each time a CA Product issues an LMP check. The WTO will read "WTO from CAS9FL00 - PRODCODE xx" where xx is the LMP product code for the CA product that issued the check. Keep in mind that each CA Product has their own method as to when checks are issued. Some issue only at startup, some whenever a program is used, some issue checks periodically.

There is one more tool available that can help determine what CA Software is being used on a particular system. Since CA product LMP key checks, by default, cause SMF 89 usage data records to be generated, the IBM usage data report utility IFAURP can be used to determine usage. Procedure CASMF89R of the CAI.CAW0PROC data set can be used to run the IBM usage data report utility IFAURP.

Additional Information:

You can find informational relating to the above in the CA Common Services Administration Guide.

https://support.ca.com/cadocs/0/CA%20Common%20Services%2014%201-z%20OS-ENU/Bookshelf.html