[Opendnssec-user] how to match/correlate key's CKA_ID & PUBKEY?

[PGNet Dev]

On 02/22/2017 10:44 AM, Jakob Schlyter wrote:
>> how do you find/export the public key for a specified CKA_ID?
> 
> You can't do that as each CKA_ID may be allocated to DNSKEY in different 
> zones.
> 
>      jakob

Then I'm missing something ...

How _do_ you manually clean up a mis-published key from both observer & its 'match' in the ods DB?

E.g., if @ an external observer, I identify a DNSKEY I want removed,

	dig DNSKEY example.com | grep 257
		example.com.             300     IN      DNSKEY  257 3 14 YJ9...
		example.com.             300     IN      DNSKEY  257 3 14 UWB...   <====== WANT TO PURGE THIS KEY

Which one of these

	ods-enforcer key list -d
			Keys:
			Zone:                           Key role:     DS:          DNSKEY:      RRSIGDNSKEY: RRSIG:       Pub: Act: Id:
			example.com                     KSK           unretentive  omnipresent  omnipresent  NA           1    1    d2f...
			example.com                     KSK           unretentive  hidden       hidden       NA           0    0    9f1...
			example.com                     KSK           unretentive  hidden       hidden       NA           0    0    50d...
			example.com                     KSK           unretentive  hidden       hidden       NA           0    0    f90...
			example.com                     KSK           unretentive  hidden       hidden       NA           0    0    4f8...
			example.com                     ZSK           NA           hidden       NA           hidden       0    0    081...
			example.com                     KSK           rumoured     omnipresent  omnipresent  NA           1    1    850...
			example.com                     ZSK           NA           omnipresent  NA           unretentive  1    0    b5f...
			example.com                     ZSK           NA           omnipresent  NA           rumoured     1    1    853...

do I delete/purge ?