Mostly the fact you can check their validity without going to the database.

If you have one you can keep using it without extra network roundtrips as long as it doesn’t expire.

Only the validity of refresh tokens (for generating new access tokens) is checked.

That they've been around for long enough for proper implementations in all major languages to exist, their pitfalls being documented and a lot of devs have some familiarity with it.

With that they are a better choice than most homebrew/framework-specific solutions.

There are some other established (/"standardized") solutions, which might fit your use-case better though, but most of them lag behind JWT in implementations/dev familiarity.

JSON really is the worst serialization, except for all the others.

What's wrong with JSON?

It requires a complex scanner with a stack to track nested data structures.

Not good for security nor speed in the use-case of a auth token!

It doesn’t have a native date type. And you cannot have comments.