--- a/cmd/octorpki/octorpki.go
+++ b/cmd/octorpki/octorpki.go
@@ -48,10 +48,10 @@ var (
 	AppVersion = "OctoRPKI " + version + " " + buildinfos
 
 	// Validator Options
-	RootTAL     = flag.String("tal.root", "tals/afrinic.tal,tals/apnic.tal,tals/arin.tal,tals/lacnic.tal,tals/ripe.tal", "List of TAL separated by comma")
+	RootTAL     = flag.String("tal.root", "/etc/tals/afrinic.tal,/etc/tals/apnic.tal,/etc/tals/arin.tal,/etc/tals/lacnic.tal,/etc/tals/ripe.tal", "List of TAL separated by comma")
 	TALNames    = flag.String("tal.name", "AFRINIC,APNIC,ARIN,LACNIC,RIPE", "Name of the TALs")
 	UseManifest = flag.Bool("manifest.use", true, "Use manifests file to explore instead of going into the repository")
-	Basepath    = flag.String("cache", "cache/", "Base directory to store certificates")
+	Basepath    = flag.String("cache", "/var/cache/octorpki/", "Base directory to store certificates")
 	LogLevel    = flag.String("loglevel", "info", "Log level")
 	Refresh     = flag.String("refresh", "20m", "Revalidation interval")
 
@@ -65,7 +65,7 @@ var (
 
 	// RRDP Options
 	RRDP         = flag.Bool("rrdp", true, "Enable RRDP fetching")
-	RRDPFile     = flag.String("rrdp.file", "cache/rrdp.json", "Save RRDP state")
+	RRDPFile     = flag.String("rrdp.file", "/var/cache/octorpki/rrdp.json", "Save RRDP state")
 	RRDPFailover = flag.Bool("rrdp.failover", true, "Failover to rsync when RRDP fails")
 	UserAgent    = flag.String("useragent", fmt.Sprintf("Cloudflare-RRDP-%v (+https://github.com/cloudflare/cfrpki)", AppVersion), "User-Agent header")
 
@@ -85,7 +85,7 @@ var (
 	// File option
 	Output   = flag.String("output.roa", "output.json", "Output ROA file or URL")
 	Sign     = flag.Bool("output.sign", true, "Sign output (GoRTR compatible)")
-	SignKey  = flag.String("output.sign.key", "private.pem", "ECDSA signing key")
+	SignKey  = flag.String("output.sign.key", "/etc/octorpki/private.pem", "ECDSA signing key")
 	Validity = flag.String("output.sign.validity", "1h", "Validity")
 
 	// Debugging options
