I don't have an answer for your question - but will need to handle this in a month or two myself.
If I understand, once the 'rogue' router links, you want to kick it out & change the Link Key by a broadcast push? Seems to me you'd not have any concrete way to confirm the 'rogue router' actually left ... plus you always have the problem of what happens if 1 or 2 valid nodes are offline during the key change? They then become orphaned. That will be fine on a school or science project, but in the field you may need to find another answer.
Could you just try to tell the 'rouge router' by unicast to change its own link key to some other value? Won't help if it is being malicious, but if the roguiness was innocent, it would then go off and be orphaned itself, without any network.