Is there a way to know among all the LMP keys loaded via CAIRIM (the CAS9 procedure) which ones are valid and being used on the LPAR? 

Release: CA90SV00200-12-Common Services-for z/OS
Component:

Reviewing the output from the execution of the CAS9 procedure will reveal which LMP keys were valid for a particular LPAR. The keys that are valid will generate a "CAS9190I - PRODUCT (xx) KEY ACCEPTED" message. Invalid or expired keys will generate a message indicating such, and keys that are for a different CPU but otherwise "valid" will result in no message generated.

Also available is the CAIRIMU PROD command. This command can be issued from the TSO COMMAND line to get a list of valid LMP keys. 

To determine which KEYS are actually being used on a particular LPAR, the easiest method is to set LMPEXIT=YES in the CARIMPRM member referenced by the CAS9 procedure. By default, this "LMP Key check invocation exit" will generate a WTO each time a Broadcom Product issues an LMP check. The WTO will read "WTO from CAS9FL00 - PRODCODE xx" where xx is the LMP product code for the Broadcom Product that issued the check. Keep in mind that each Broadcom Product has their own method as to when checks are issued. Some issue only at startup, some whenever a program is used, some issue checks periodically.

There is one more tool available that can help determine what Broadcom Software is being used on a particular system. Since Broadcom product LMP key checks, by default, cause SMF 89 usage data records to be generated, the IBM usage data report utility IFAURP can be used to determine usage. Procedure CASMF89R of the prefix.CAW0PROC data set can be used to run the IBM usage data report utility IFAURP.

Additional Information:

You can find informational relating to the above in the Common Services Administration Guide.

Common Services for z/OS Release 14.1.00 Bookshelf