diff --git a/pkg/cmd/attestation/verification/extensions.go b/pkg/cmd/attestation/verification/extensions.go
index ffbefb9d3..cadb2668f 100644
--- a/pkg/cmd/attestation/verification/extensions.go
+++ b/pkg/cmd/attestation/verification/extensions.go
@@ -10,7 +10,7 @@ func VerifyCertExtensions(results []*AttestationProcessingResult, owner string,
 		if owner != "" {
 			expectedSourceRepositoryOwnerURI := fmt.Sprintf("https://github.com/%s", owner)
 			sourceRepositoryOwnerURI := attestation.VerificationResult.Signature.Certificate.Extensions.SourceRepositoryOwnerURI
-			if !strings.EqualFold(expectedSourceRepositoryOwnerURI, sourceRepositoryOwnerURI) {
+			if sourceRepositoryOwnerURI != "" && !strings.EqualFold(expectedSourceRepositoryOwnerURI, sourceRepositoryOwnerURI) {
 				return fmt.Errorf("expected SourceRepositoryOwnerURI to be %s, got %s", expectedSourceRepositoryOwnerURI, sourceRepositoryOwnerURI)
 			}
 		}
@@ -18,7 +18,7 @@ func VerifyCertExtensions(results []*AttestationProcessingResult, owner string,
 		if repo != "" {
 			expectedSourceRepositoryURI := fmt.Sprintf("https://github.com/%s", repo)
 			sourceRepositoryURI := attestation.VerificationResult.Signature.Certificate.Extensions.SourceRepositoryURI
-			if !strings.EqualFold(expectedSourceRepositoryURI, sourceRepositoryURI) {
+			if sourceRepositoryURI != "" && !strings.EqualFold(expectedSourceRepositoryURI, sourceRepositoryURI) {
 				return fmt.Errorf("expected SourceRepositoryURI to be %s, got %s", expectedSourceRepositoryURI, sourceRepositoryURI)
 			}
 		}
diff --git a/pkg/cmd/attestation/verification/extensions_test.go b/pkg/cmd/attestation/verification/extensions_test.go
index 829ebb231..c04d29664 100644
--- a/pkg/cmd/attestation/verification/extensions_test.go
+++ b/pkg/cmd/attestation/verification/extensions_test.go
@@ -24,18 +24,27 @@ func TestVerifyCertExtensions(t *testing.T) {
 		},
 	}
 
-	err := VerifyCertExtensions(results, "owner", "owner/repo")
-	require.NoError(t, err)
+	t.Run("VerifyCertExtensions with owner and repo", func(t *testing.T) {
+		err := VerifyCertExtensions(results, "owner", "owner/repo")
+		require.NoError(t, err)
+	})
+	t.Run("VerifyCertExtensions with repo", func(t *testing.T) {
+		err := VerifyCertExtensions(results, "", "owner/repo")
+		require.NoError(t, err)
+	})
 
-	err = VerifyCertExtensions(results, "", "owner/repo")
-	require.NoError(t, err)
+	t.Run("VerifyCertExtensions with owner", func(t *testing.T) {
+		err := VerifyCertExtensions(results, "owner", "")
+		require.NoError(t, err)
+	})
 
-	err = VerifyCertExtensions(results, "owner", "")
-	require.NoError(t, err)
+	t.Run("VerifyCertExtensions with wrong owner", func(t *testing.T) {
+		err := VerifyCertExtensions(results, "wrong", "")
+		require.ErrorContains(t, err, "expected SourceRepositoryOwnerURI to be https://github.com/wrong, got https://github.com/owner")
+	})
 
-	err = VerifyCertExtensions(results, "wrong", "")
-	require.ErrorContains(t, err, "expected SourceRepositoryOwnerURI to be https://github.com/wrong, got https://github.com/owner")
-
-	err = VerifyCertExtensions(results, "", "wrong")
-	require.ErrorContains(t, err, "expected SourceRepositoryURI to be https://github.com/wrong, got https://github.com/owner/repo")
+	t.Run("VerifyCertExtensions with wrong repo", func(t *testing.T) {
+		err := VerifyCertExtensions(results, "", "wrong")
+		require.ErrorContains(t, err, "expected SourceRepositoryURI to be https://github.com/wrong, got https://github.com/owner/repo")
+	})
 }
diff --git a/pkg/cmd/attestation/verify/options_test.go b/pkg/cmd/attestation/verify/options_test.go
index a7430017e..aea131b27 100644
--- a/pkg/cmd/attestation/verify/options_test.go
+++ b/pkg/cmd/attestation/verify/options_test.go
@@ -70,7 +70,7 @@ func TestSetPolicyFlags(t *testing.T) {
 		opts.SetPolicyFlags()
 		require.Equal(t, "sigstore", opts.Owner)
 		require.Equal(t, "sigstore/sigstore-js", opts.Repo)
-		require.Equal(t, "^https://github.com/sigstore/sigstore-js/", opts.SANRegex)
+		require.Equal(t, "(?i)^https://github.com/sigstore/sigstore-js/", opts.SANRegex)
 	})
 
 	t.Run("does not set SANRegex when SANRegex and Repo are provided", func(t *testing.T) {
@@ -99,7 +99,7 @@ func TestSetPolicyFlags(t *testing.T) {
 
 		opts.SetPolicyFlags()
 		require.Equal(t, "sigstore", opts.Owner)
-		require.Equal(t, "^https://github.com/sigstore/", opts.SANRegex)
+		require.Equal(t, "(?i)^https://github.com/sigstore/", opts.SANRegex)
 	})
 
 	t.Run("does not set SANRegex when SANRegex and Owner are provided", func(t *testing.T) {
diff --git a/pkg/cmd/attestation/verify/verify_test.go b/pkg/cmd/attestation/verify/verify_test.go
index f0cc21709..182a66012 100644
--- a/pkg/cmd/attestation/verify/verify_test.go
+++ b/pkg/cmd/attestation/verify/verify_test.go
@@ -76,7 +76,7 @@ func TestNewVerifyCmd(t *testing.T) {
 				Limit:            30,
 				OIDCIssuer:       GitHubOIDCIssuer,
 				Owner:            "sigstore",
-				SANRegex:         "^https://github.com/sigstore/",
+				SANRegex:         "(?i)^https://github.com/sigstore/",
 				SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
 			},
 			wantsErr: false,
@@ -91,7 +91,7 @@ func TestNewVerifyCmd(t *testing.T) {
 				Limit:            30,
 				OIDCIssuer:       GitHubOIDCIssuer,
 				Owner:            "sigstore",
-				SANRegex:         "^https://github.com/sigstore/",
+				SANRegex:         "(?i)^https://github.com/sigstore/",
 				SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
 			},
 			wantsErr: false,
@@ -105,7 +105,7 @@ func TestNewVerifyCmd(t *testing.T) {
 				OIDCIssuer:       GitHubOIDCIssuer,
 				Owner:            "sigstore",
 				Limit:            30,
-				SANRegex:         "^https://github.com/sigstore/",
+				SANRegex:         "(?i)^https://github.com/sigstore/",
 				SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
 			},
 			wantsErr: true,
@@ -133,7 +133,7 @@ func TestNewVerifyCmd(t *testing.T) {
 				Limit:            30,
 				OIDCIssuer:       GitHubOIDCIssuer,
 				Owner:            "sigstore",
-				SANRegex:         "^https://github.com/sigstore/",
+				SANRegex:         "(?i)^https://github.com/sigstore/",
 				SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
 			},
 			wantsErr: false,
@@ -147,7 +147,7 @@ func TestNewVerifyCmd(t *testing.T) {
 				OIDCIssuer:       GitHubOIDCIssuer,
 				Owner:            "sigstore",
 				Limit:            101,
-				SANRegex:         "^https://github.com/sigstore/",
+				SANRegex:         "(?i)^https://github.com/sigstore/",
 				SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
 			},
 			wantsErr: false,
@@ -161,7 +161,7 @@ func TestNewVerifyCmd(t *testing.T) {
 				OIDCIssuer:       GitHubOIDCIssuer,
 				Owner:            "sigstore",
 				Limit:            0,
-				SANRegex:         "^https://github.com/sigstore/",
+				SANRegex:         "(?i)^https://github.com/sigstore/",
 				SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
 			},
 			wantsErr: true,
@@ -176,7 +176,7 @@ func TestNewVerifyCmd(t *testing.T) {
 				OIDCIssuer:       GitHubOIDCIssuer,
 				Owner:            "sigstore",
 				SAN:              "https://github.com/sigstore/",
-				SANRegex:         "^https://github.com/sigstore/",
+				SANRegex:         "(?i)^https://github.com/sigstore/",
 				SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
 			},
 			wantsErr: true,
@@ -191,7 +191,7 @@ func TestNewVerifyCmd(t *testing.T) {
 				Limit:            30,
 				OIDCIssuer:       GitHubOIDCIssuer,
 				Owner:            "sigstore",
-				SANRegex:         "^https://github.com/sigstore/",
+				SANRegex:         "(?i)^https://github.com/sigstore/",
 				SigstoreVerifier: verification.NewMockSigstoreVerifier(t),
 			},
 			wantsExporter: true,