All the IPNs you have with SIGNERROR have -r0# suffix applied to response_order_id. I've no idea where that's coming from, but it's causing the verify signature to fail because it's expecting it to be the basket id only.
The way the signatures work is the basket data is MD5 encoded, sent with the purchase, and sent back with the response data. The response data is then passed through the same MD5 encoding and the 2 signatures are compared. If they're not exactly the same then the signature fails. In this case Moneris is altering the order id before sending it back resulting in the mismatch.
You'll notice all payments that came through successfully from Moneris do not have an altered response_order_id.
I've tried to reach their documentation, but it all just lands on non-existent pages (the CA documentation; the US documentation is login gated, but is irrelevant to the CA implementation). So I've no idea what to suggest at this point beyond contacting Moneris regarding the above findings.