diff --git a/common/bolt11.c b/common/bolt11.c
index 509b5a7d195d..db9209fdaa2f 100644
--- a/common/bolt11.c
+++ b/common/bolt11.c
@@ -501,6 +501,9 @@ static const char *decode_r(struct bolt11 *b11,
 		if (!fromwire_route_info(&r8, &rlen, &ri)) {
 			return tal_fmt(b11, "r: hop %zu truncated", n);
 		}
+		if (!node_id_valid(&ri.pubkey)) {
+			return tal_fmt(b11, "r: hop %zu pubkey invalid", n);
+		}
 		tal_arr_expand(&r, ri);
 	} while (rlen);
 
diff --git a/common/test/run-bolt11.c b/common/test/run-bolt11.c
index 21af91890f2a..630536eeca89 100644
--- a/common/test/run-bolt11.c
+++ b/common/test/run-bolt11.c
@@ -731,6 +731,11 @@ int main(int argc, char *argv[])
 	assert(!bolt11_decode(tmpctx, "lnbc1pvjluezpp5qqqsyqcyq5rqwzqfqqqsyqcyq5rqwzqfqqqsyqcyq5rqwzqfqypqdqcgfskggz423rz6wp6yrc2pgpqcqpjmyveg8ccprmlssyae9l33an2m0qz3qcfcavt7wdzrdqyx5q7hqmp7ne08uvwlwaaqwt4lxgmjh5gce3hv0m8tzwkzfshpdv9d5p9pcsp5v86r0", NULL, NULL, NULL, &fail));
 	assert(streq(fail, "d: invalid utf8"));
 
+	/* Invalid private routes. */
+	/* Invalid route pubkey. */
+	assert(!bolt11_decode(tmpctx, "lnbc1qqygh9qpp50qzxqqqqqpqqrzjcqqqqqqqqqqqqqqqqqqqqqqqqqqcqpjqqqqqqrzjcqqqqqcqpjqqqqqqqqqqqqqqqqqqqqqqqqqcq9qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqdqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqlqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqlqqqqqqqqqqqqqqqqqqqqqqq4murj7", NULL, NULL, NULL, &fail));
+	assert(streq(fail, "r: hop 0 pubkey invalid"));
+
 	/* FIXME: Test the others! */
 	common_shutdown();
 }