Fix ROA & MFT version check handling

Fix ROA & MFT version check handling

This check was incomplete: to correctly verify the ASN1 INTEGER holding
the version component, first the context specific explicit tag would need
to be checked.

However, the X.690 spec (section 11.5) states that if the one should not
encode a component if it is the default value. There are no RFCs specifying
new versions of ROA or MFT, so checking the content of the version component
should be skipped entirely.

Thus if the version component is present, something is wrong.