--- a/cmd/octorpki/octorpki.go
+++ b/cmd/octorpki/octorpki.go
@@ -50,10 +50,10 @@ var (
 	AllowRoot  = flag.Bool("allow.root", false, "Allow starting as root")
 
 	// Validator Options
-	RootTAL       = flag.String("tal.root", "tals/afrinic.tal,tals/apnic.tal,tals/arin.tal,tals/lacnic.tal,tals/ripe.tal", "List of TAL separated by comma")
+	RootTAL       = flag.String("tal.root", "/etc/tals/afrinic.tal,/etc/tals/apnic.tal,/etc/tals/arin.tal,/etc/tals/lacnic.tal,/etc/tals/ripe.tal", "List of TAL separated by comma")
 	TALNames      = flag.String("tal.name", "AFRINIC,APNIC,ARIN,LACNIC,RIPE", "Name of the TALs")
 	UseManifest   = flag.Bool("manifest.use", true, "Use manifests file to explore instead of going into the repository")
-	Basepath      = flag.String("cache", "cache/", "Base directory to store certificates")
+	Basepath      = flag.String("cache", "/var/cache/octorpki/", "Base directory to store certificates")
 	LogLevel      = flag.String("loglevel", "info", "Log level")
 	Refresh       = flag.String("refresh", "20m", "Revalidation interval")
 	MaxIterations = flag.Int("max.iterations", 32, "Specify the max number of iterations octorpki will make before failing to generate output.json")
@@ -68,7 +68,7 @@ var (
 
 	// RRDP Options
 	RRDP         = flag.Bool("rrdp", true, "Enable RRDP fetching")
-	RRDPFile     = flag.String("rrdp.file", "cache/rrdp.json", "Save RRDP state")
+	RRDPFile     = flag.String("rrdp.file", "/var/cache/octorpki/rrdp.json", "Save RRDP state")
 	RRDPFailover = flag.Bool("rrdp.failover", true, "Failover to rsync when RRDP fails")
 	UserAgent    = flag.String("useragent", fmt.Sprintf("Cloudflare-RRDP-%v (+https://github.com/cloudflare/cfrpki)", AppVersion), "User-Agent header")
 
@@ -88,7 +88,7 @@ var (
 	// File option
 	Output   = flag.String("output.roa", "output.json", "Output ROA file or URL")
 	Sign     = flag.Bool("output.sign", true, "Sign output (GoRTR compatible)")
-	SignKey  = flag.String("output.sign.key", "private.pem", "ECDSA signing key")
+	SignKey  = flag.String("output.sign.key", "/etc/octorpki/private.pem", "ECDSA signing key")
 	Validity = flag.String("output.sign.validity", "1h", "Validity")
 
 	// Debugging options
