diff --git a/src/keria/app/aiding.py b/src/keria/app/aiding.py
index 72a5285..8ef0b6c 100644
--- a/src/keria/app/aiding.py
+++ b/src/keria/app/aiding.py
@@ -1330,8 +1330,8 @@ def on_post(req, rep, name, aid=None, role=None):
         )
         try:
             agent.hby.rvy.processReply(rserder, tsgs=[tsg])
-        except kering.UnverifiedReplyError:
-            pass
+        except (kering.UnverifiedReplyError, kering.ValidationError):
+            raise falcon.HTTPBadRequest(description="unable to verify end role reply message")
 
         oid = ".".join([pre, role, eid])
         op = agent.monitor.submit(
diff --git a/tests/app/test_aiding.py b/tests/app/test_aiding.py
index c984c7a..841af2b 100644
--- a/tests/app/test_aiding.py
+++ b/tests/app/test_aiding.py
@@ -1373,6 +1373,16 @@ def test_oobi_ends(helpers):
         assert res.json == {'oobis': [], 'role': 'agent'}
 
         rpy = helpers.endrole(iserder.pre, agent.agentHab.pre)
+
+        # first try with bad signatures
+        sigs = helpers.sign(b'0123456789xyzxyz', 0, 0, rpy.raw)
+        body = dict(rpy=rpy.ked, sigs=sigs)
+        res = client.simulate_post(path=f"/identifiers/pal/endroles", json=body)
+        assert res.status_code == 400
+        assert res.json == {'description': "unable to verify end role reply message",
+                            'title': '400 Bad Request'}
+
+        # now with correct
         sigs = helpers.sign(salt, 0, 0, rpy.raw)
         body = dict(rpy=rpy.ked, sigs=sigs)
 
@@ -1389,6 +1399,7 @@ def test_oobi_ends(helpers):
         res = client.simulate_post(path=f"/endroles/pal", json=body)
         assert res.status_code == 404
 
+
         # must be a valid aid alias
         res = client.simulate_get("/identifiers/bad/oobis")
         assert res.status_code == 404