Hardware attestation includes pubkey used to sign firmware. Yours will obviously be different from Google's. (Note that Hardware Attestation doesn't in itself "pass" or "fails", it simply does a signed report of whether bl is locked or not, and which is the pubkey. It's really SafetyNet's server-side interpretation which fails)

SafetyNet is NOT meant to ensure your device is secure, but only to ensure that it is running the firmware Google certified the smartphone with (including its known flaws and malwares)